Week 3- New ‘Dexter’ malware strikes point-of-sale systems

Many of us use our credit and debit cards to make purchases at many stores to include hotels and we do so sometimes not really thinking about the risk associated with doing so.  We assume that point-of-sale systems are secure and safe and we don’t think about the fact that these systems can be attacked like any other system.  Why?  Because they contain credit and debit card data of every card that has been swiped for purchases.   According to an article titled “New ‘Dexter’ malware strikes point-of-sale systems” written by Charlie Osborne hundreds of POS systems have been affected with malware.  The malware called “Dexter” has affected systems in over 40 countries with 30% of the infections taken place in the US.  Dexter is designed to steal credit card numbers and data.  Dexter is designed to target POS systems by injecting itself into the iexplore.exe in Windows Server.  It then takes credit card data from the server and sends it back remotely.  At this point the hackers can produce fake credit cards using the credit card numbers retrieved from the server.  Majority of the operating systems infected have been Microsoft products with Windows XP being the most targeted.  So far the names of the business affected have not been released.  The article can be found at:  http://news.cnet.com/8301-1009_3-57559171-83/new-dexter-malware-strikes-point-of-sale-systems/

Week 2- Credible Sources

Not all web sites on the Internet are a credible source of information when it comes to threats, vulnerabilities, updates, and security news.  You can’t believe everything you read, watch, or hear on the Internet.  When there is a conflict within a source the best way to check it is to weight it against known reliable sources.  If the sources list vulnerabilities within specific software, the best way to check the source is to visit the venders’ web page.  This is true for patches as well.  In order to stay on the safe side I would recommend using governmental, libraries, known organizations, and universities as sources for information.  Vender sites are usually very helpful at providing credible information about securities issues associated with their products.  The following is a list of sites that consider to be credible sources because they are from professional organizations or have proven over the years to be credible sources for information.

·         Security Week  http://www.securityweek.com/virus-threats

·         CNET  http://news.cnet.com/security/

·         SC Magazine  http://www.scmagazine.com/

·         NIST  http://www.nist.org/news.php

·         NBC News  http://www.msnbc.msn.com/id/3033077/ns/technology_and_science-security

·         SANS  http://www.sans.org/

·         Bit Defender  http://www.bitdefender.com/security/

The sites listed above are just a few of the many sites that I think are credible sources.  If you stick to sites such as the ones listed above the information you receive should be reliable.  If you are unsure about a source you can also do some research on the author and check any references that he/she may have used in their article or document. 

Week 1 - Managing Threats in the Digital Age

The digital age has opened the door to more threats due to increased Internet usage.  We use the Internet to conduct business, work, education, travel plans, entertainment, and personal use.  The devices used to access the Internet have increased as well.  Not only do we connect to the Internet via desktops but we can also use our cellphones, iPods, iPads, notebooks, PDAs, and other mobile devices.  The use of these devices along with the increased use of the Internet has created many security challenges.  These challenges can be categorized into three categories and they are external threat, internal threats, and compliance requirements.   These challenges make managing threats a big priority especially for governmental and major organizations like financial institutes and hospitals.  They all collect and store a lot of sensitive, classified, or personal information that could cost them billions of dollars in losses.  These loses can range from ruined reputation, legal fees and penalties, and revenue due to system downtime.  I found this article titled “Managing threats in the digital age” that covers a lot of important information about managing threats.  The article talks about how you need to be proactive when it comes to security.  In other words when it comes to security organizations should implement real-time monitoring for identifying, tracking, and addressing threats.  This would include real-time audits and monitoring of employee usage.  I must say that I agree with the article.  Many security threats are usually detected after the fact and not during.  Most of the breaches are usually detected days or months after the breach.  It’s the same for monitoring employee actions.  It usually takes a few months or days before they discover that and employee was copying files.  It would be nice to be able to monitor employees for system misuse. 
The article can be found at: http://public.dhe.ibm.com/common/ssi/ecm/en/gbe03423usen/GBE03423USEN.PDF

Week 12- Blog Summary

First I would like to say that I had fun learning how to create a blog and add entries to it weekly.  The whole idea of having to find articles and create summary of them helped me become more aware of the different threats we face while utilizing the Internet.  We use the Internet for business and pleasure not realizing the potential threats that come along with using the internet.  Most of my blog topics consisted of a variety of topics such as system/software issues, user errors, security awareness, and threats.  When it came to deciding on what to blog about I just did a Google search on the latest security breaches.  I would also sometimes come up with a subject and then use Google to find articles that supported my subject.  I think security blogging is a great awareness tool that gives others the chance to read and apply their thoughts and comments to the subject matter.  It’s a great way to learn more about security.  

Week 11 Security Entry

In this week’s security blog I’m going to talk about an article that was written by Chris Poulin called “BTOD: Once Size Risks All”.  In this article Chris talks about how we as a people have become very reliant upon the Internet.  We as a people can access the Internet from just about anywhere we go.  Just to get our brain juices flowing think about all the places that offer Wi-Fi.  Just to name a few we have McDonalds, Wendy’s, Coffee shops, hotels, etc.  For those of us who have cell phones Internet access is located in our pockets.  With that said we can surf, shop, and conduct business and bank from anywhere.  This article focuses on the fact that work and personal devices should be separated.  In other words you should not use your business devices to surf the web, shop, bank, etc.  Personal devices should only be used to conduct personal business only.  Some companies allow their employees to use their own devices instead of company issued devices.  I must say that I agree with the author I think business and work should be separated as well.  If companies separate the two I think that it would limit the amount of threats they face daily.  If companies allow employees to use their own personal computers they compromise the security of the network.  Companies will have no way of determining what programs, software and data users may have stored on their computers. Are users required to have anti-virus software?  Are there any policies in place to dictate acceptable use?

Week 10- Automatic User Logins

According to Zack Whittaker a writer from ZDNet and CNET Facebook had a flaw that could have put over 1 million Facebook accounts at risk of unauthorized access.  This flaw would have allowed unauthorized users to login to others Facebook account without the use of a password.  The flaw was centered around a user’s e-mail address.  Facebook would e-mail links to users that when clicked would automatically give them access to that Facebook account without the need for a password.  There was also a flaw that allowed you to automatically access your Facebook account without a password if you were logged in to g-mail.  This can be a big issue and lead to many problems if your e-mail account was compromised in anyway.  If your e-mail account was compromised someone would automatically be able to access your Facebook account and any other accounts that are linked with goggle via your g-mail.  Many of my android apps are also automatically connected and liked with my g-mail as well.  I think this is a big issue because there are a lot of applications that are linked with Google that can be assessed with a single login.  Here are a few steps that should be taken each time you access a site or application that requires a login:

1.        Always log out of a system or website when you are done.

2.       If you are accessing a site from a public computer make sure you delete all cookies and browsing history. 

3.       Never click no or never when asked if you want the browser to save or store your login information. 

4.       Change all your passwords to social media, e-mail, banks, and e-commerce websites often.

5.       Use different hard to guess passwords for each account.

6.       Always make sure the “remember me” checkbox is unchecked.

Article can be found at:  http://news.cnet.com/8301-1009_3-57544933-83/facebook-password-bypass-flaw-fixed/

Week 9- Top Secret Service agent helps kick off cyber-crime campaign in South Florida

According to Ihosvani Rodriguez from Sun sentinel, South Florida is “leading the nation in identity theft” and in other cybercrimes.  Since 2010 identity theft in South Florida has increased 76%.  Listed amongst the other cybercrimes was credit and debit card theft via illegal devices such as card readers or skimming devices.  Skimming devices can be used to capture credit card numbers and pins.  These devices can be set up on ATM machines to read the magnetic strips and take pictures of pin numbers. 

Credit and debit cards are often used by many people as forms of payment for online and in store purchases and is something that we all should be concerned about.  We also use our debit and credit cards at payment terminals, gas pumps, car wash, red box (movie rental Kiosk), gift card kiosk, and any other vending machine that accepts credit and debit cards as forms of payment.  These are all systems that can be modified by criminals to steal our credit and debit card information to commit fraud.  Store employees have also been known to commit fraud by writing down or taking pictures of customers credit/debit card numbers. They have also been known to attach illegal devices to credit/debit card readers to steal information.  Once criminals obtain your credit card numbers and pin they can create fake cards with those numbers to make purchases and steal money.  Listed below are a few tips to remember the next time you use your debit and credit card especially during the Holiday Season:

1.        Check system for any signs to tampering before using.

2.       If you see anything unusual about a system, don’t use it.

3.       Check your statements often for unauthorized purchases.

4.       Never use your cards on unfamiliar sites.

5.       Be aware of online advertisements, SPAM, and phishing attempts.

Credit card fraud can be easily fixed if caught in time.  Debit card fraud cause more damage because a criminal can drain your bank accounts leaving you without any money.  The bank may or may not credit your money back to your account.  If they do it can take a long time before they replace it leaving you frustrated and without any money. 

Article can be found at:  http://articles.sun-sentinel.com/2012-10-11/news/fl-cyber-security-forum-20121010_1_identity-theft-cyber-crimes-south-florida

Week 8 White House Confirms Security Breach By Chinese Hackers (But It's Not As Bad As It Sounds)

Over the past few months there seem to be a lot of security breaches that stems from phishing attempts.  Business and organizations have been requiring that all employees take some form of security training on an annually basics. The training usually warns users of virus, phishing attempts and other information security aspects.  I’m just curious as to why users are still falling prey to phishing attempts especially those who are associated with the government or military.  About a month ago the white house suffered a breach on their unclassified network via a phishing e-mail.  As government employees you are constantly warned about phishing e-mails and yet there is a breach via outsider gathering information from a phishing e-mail.  Is there something wrong with the training? Does it need to be revamped? Or is it that users are just not thinking?  This is another example of an “insider threat”.  The article can be found at:  http://www.businessinsider.com/white-house-confirms-security-breach-by-chinese-hackers-2012-10#ixzz2A5hQ1lJA

Week 7- TD Bank data breach hits 260,000 customers

Another insider threat has occurred  at TD Bank in Jacksonville where unencrypted backup tapes have been misplaced affecting over 260,000 customers.  The backup tapes contained customers social security numbers and account information.  Incidents such as this make you wonder if your personal information really protected.  Not only do we have to worry about protecting our own information but we also have to worry about how business are protecting our information.  How do you misplace unencrypted tapes?  What kind of security procedures do they have in place to protect against this kind of incident? Do they contain measures for keeping and storing backup takes? The story can be found at: http://www.bizjournals.com/jacksonville/news/2012/10/15/td-bank-data-breach-hits-260000.html

Week 6- U of Pennsylvania Confirms Data Breach

It seems like the number of Universities being hacked are starting to climb the chart in data breaches.  So far about twelve schools have been breached where hackers have stolen data.  Hackers are starting to come together and create hacker groups.  Hacker groups are more effective at breaching systems than working alone.  The hacker group responsible for the University of Pennsylvania data breach is known as “Team GhostShell”.  They claim their motive was to show how changes made to the education system by politics have affected us as a whole.  They did not steal any data that could lead to identify theft.  They only stole data that shows student debt and posted it on a few websites.  My question is:  Is there such thing as a good hack?  Is this a justifiable hack?  Do these hacks show that there may be a security flaw in the Universities system?  Are hackers becoming smarter or is security software and hardware behind the curve?  These are just a few questions that ran across my mind as I read this article.  The article can be found at:  http://www.upi.com/Science_News/Technology/2012/10/04/U-of-Pennsylvania-confirms-data-breach/UPI-38071349378891/

New Threats

When it comes to protecting personal data we sometimes only think of protecting personal data on our home computers but we never stop and think about protecting our mobile devices.  Mobile devices are just as vulnerable to attacks as our personal computers.  Mobil devices can be used to do just about anything.  They can be used for online banking, check e-mail, shopping, booking flights, booking hotels and much more.  Malware can easily be downloaded to our mobile device via android apps or any other type of download.  Not only do we have to worry about computers and mobile devices but there has also been a huge increase in malware being found in external drives such as thumb drives.  Thumb drives/pen drives are known for carrying viruses and malware.  As users of these devices we need to mindful of the potential risk associated with each of these devices and protect ourselves.  Running virus scans on all external storage devices and installing virus software on our mobile devices will provide some level of protection.  McAfee released an article about a month ago titled “McAfee Threats Report Shows Largest Malware Rise in Four Years”.  This rise is due to thumb drives and mobile devices being infected with malicious software. The article can be found at:  http://www.mcafee.com/sg/about/news/2012/q3/20120904-01.aspx

 

When it comes to security most of the time we always think about keeping an unauthorized user out of the system.  We never really think about the internal threats to networks.  These threats consist of employees writing their passwords on their desk calendar or putting it on a sticky not and placing it under their keyboard.  They also consist of an employee or employees banding together to steal money, customer data, products, etc.  We also never think about employees bring in infected media and running it on company computers or the IT department cutting corners in security.  All these things can be damaging to a companies’ system.  I found this article titled “Security is not just external- Don’t Forget the “Other” Security”.  This article talks about a few security incidents that took place internally and not externally.  Most of the incidents noted in this article can be contributed to lack of awareness, bad judgment, and stupidity.  I must say that I agree with his article.  Most external hackers are usually after money.  What’s the different between them stealing data to commit fraud or to sell on the black market for money and an employee or employees banding together to steal thousands to millions of dollars from business. Employees steal from companies by taking products, customer records and company secrets to sell on the streets.  They also take from companies when they introduce infected e-mails or files to the organizations network.  Depending upon how bad the situation is, the company can lose money in downtime while the situation is being contained and cleaned-up.  I considered this to be bad judgment especially if your company has information awareness training and you choose to ignore it.  The article can be found at: http://www.securityweek.com/security-not-just-external-dont-forget-other-security

Miami Hospital Suffers Second Breach within a Year

The University of Miami Hospital suffered another patient breach this year where two of its employees are suspected of stealing patient data from the hospital.  The information stolen during the breach includes names, last four of socials, date of birth, addresses, insurance policy numbers, and medical history of each patient.  At this point they don’t know how many patients were affected by the breach. The hospital is also offering two free years of credit monitoring for all those who may have been affected.   This Miami hospital may want to consider employee screening before hiring and revamp their security policy.  Most of the times when we think about breaches you assume that someone from the outside has hacked into a system and caused harm.  We never think about a breach taken place from inside the company by employees who are authorized to view and handle your information.  It’s kind of scary when you think of all the places that have your information and all the different people that have access to it.  This article can be found at:  http://www.scmagazine.com/miami-hospital-hit-by-second-patient-breach-this-year/article/258895/

Gamecock Data Breach

University of South Carolina suffered a breach on June 6th that may have compromised about 34,000 students and staff personal information to include their socials.  The school is unsure when the breach took and place however they suspect that the breach originated overseas.  The article can be found at
http://threatpost.com/en_us/blogs/gamecock-data-breach-affects-34000-082212

Cancer Center Data Breach

A cancer center in Indianapolis had a laptop stolen from one of its employees vehicle containing 55,000 patients information.  The information stolen contained medical records, socials, insurance documents, and other patient information.  The laptop had not yet been recovered.  My question is what was the backup laptop containing that kind of information doing outside the facility? Article can be found at: http://threatpost.com/en_us/blogs/info-55k-patients-stolen-indianapolis-cancer-practice-083112