Security Bytes – February 2014 – Encryption Ransomware!
In a previous article, I talked about a new kind of Malware called Cryptolocker and how it can infect your machine and encrypt all data on your local machine as well as any network attached shares it can find. The really nasty part about Cryptolocker is that it will encrypt all the data on the drives and then it will notify you that you only have a certain period of time to respond to have the data decrypted or else the key used to encrypt your data will be destroyed within a certain period of time (Usually 72 hrs.) In exchange for decrypting your data, they demand that you pay a ransom ($300 as of this writing) to allow for decryption. Worse yet, if you have a backup solution in place and online at the time of the infection, your backup will also get encrypted eliminating the backup as a recovery option.
Security Bytes – February 2014 – My Credit Card was stolen again?!?.
Hello again readers! This month has been no less interesting than the past few months with more NSA introspection, more malware and now even a few more Dept. store credit card breaches to talk about. If you have been following the nightly news I am sure you have heard about the latest Target credit card breach that happened recently. The theft of information happened quite easily by taking advantage of the Windows XP based POS (Point of Sale) terminals used by Target. The perpetrators managed to get malware inside of Targets network and that malware set up its own network of nodes to harvest customer credit card information from all the POS terminals. What is amazing is how this “Malware” managed to do what it did undetected for so long! Only when it was too late was the malware discovered and it was uncovered that customer information was stolen. Granted this is not the first time that this kind of crime was committed, years ago TjMax was targeted, and several other similar breaches have happened in the years running up this current breach.
Security Bytes – December 2013 – Password conundrum.
I recently had some opportunities to train people on the use of passwords and I wish to share my results with all of you. In my previous articles I have talked about how to properly create and use passwords to properly safeguard oneself on the Internet. I wish to expand on that and to clarify some misconceptions about password use.
With all the news about the NSA and other agencies being able to snoop on our everyday traffic and analyze what we so it is more important then ever to ensure that we do our very best to try and keep our anonymity when online. In practice I have found that many people simply choose poor passwords and then re-use the same password over and over again in many places. I wish to re-iterate the need to use a proper password manager like ( Keepass, KeepassX, Lastpass, etc ) to assist with generating and maintaining a password database for you. By using a piece of technology, one can ensure that the passwords being used online are not only complex, but are NOT re-used over and over again at multiple sites. It is also important to remember that when
Security Bytes – January 2014 – Crypto-What?
Yet another year draws to a close and as usual there is always something new on the horizon that is worthy of attention. For the New Year it happens to be a rather interesting piece of ransomware called Cryptolocker. As of this writing it has hit millions of people and has cost people substantial sums of money to get their data back.
In a nutshell, Cryptolocker infects you machine with software that encrypts your valuable personal data silently and then informs you of the situation after it is done, instructing you to go to a website and pay to get your data back or else the encryption used to lock up your data will be destroyed with a 72 hour time limit. In many cases the cost to decrypt you data is about $350 based upon the exchange rate of Bitcoin to US dollars. (Bitcoin is a very volatile Internet crypto-currency that can vary greatly in price day to day). What is really disconcerting is that Cryptolocker does what it does very well. It uses a high level of encryption and does not leave any trace of the decryption key on your local computer, thereby eliminating the possibility of the end user decrypting the data by themselves. In many cases if the victim has not been proactively backing up their data to offline storage, they have NO other choice but to pay the ransom to get their data back.
Security Bytes – October 2013 – Privacy at the workplace.
In the past few weeks since the news reports about security and privacy, I have had a dramatic increase in questions regarding privacy at work and what are the guidelines to follow.
It is important to realize what potential rules may apply to you at work while using office resources and networks at your place of work. While each business may have their own specific set or rules to follow there are a few general rules that everyone should be aware of.
Most large enterprise organizations have formal job responsibilities and require all employees to sign off on the rules that are applicable to the position for which one is employed. What many people do not realize is that any activity using office equipment or resources may be randomly scrutinized by the employer and that no privacy should ever be assumed unless specifically granted by an employer in writing. Many people don't realize that their personal emails sent via their personal mail accounts while using office resources can by seen by their employer and possibly used against them if any action is taken by their employer. Many small businesses also may have written policy guidelines regarding acceptable use policy, however it is always best to assume that your information is being looked at.