Hackstorm

Hackstorm1

Hailstorms are a threatening phenomenon that can sometimes turn fatal. Hailstones can range from a ¼ of an inch to 7 inches in size, causing severe damage to anything in their path. Attacking hackers, in many ways, are like hailstorms when there is a breach in security, leaving extensive damage.

 

Lately, Cyber security has been on the minds of many people, and with many security breaches at major companies placing personal data at risk, it is no wonder. A recent study done by the Ponemon Institute surveyed CISOs and security technicians; according to SC Magazine.com, here is the feedback Ponemon received:

 

“It takes too long to detect a cyber attack.”

“We don’t have a way to prioritize incidents.”

“We receive too many alerts from too many point solutions.”

The inability to differentiate between serious attacks versus those that do not even penetrate the firewall creates mass confusion as to which attacks should receive priority and which ones should be left alone. Also, according Cruxialcio.com’s article on the survey, “74 percent said poor integration between security products, or none at all, negatively affected response to cyber attacks;” because of this low integration or lack thereof, the attacks are not addressed in a timely manner. This is a problem for CISOs and security technicians all over the world and places personal and corporate information at risk.

 

According to Ponemon in SC Magazine.com’s article, CISOs and security technicians “want information that’s timely and really accurate. Getting both is kind of a Nirvana state, but what they’re getting is slow moving and ‘maybe’ accurate.” Although the problem lies in a more accurate and faster detection of potentially dangerous hackers, many companies are strengthening security at the web application layer by deploying PortalGuard. Its multi-factor authentication and reporting capabilities help solidify the front door of your websites so your engineers can focus on the activities occurring in the more neglected areas of your network infrastructure.

 

 

http://www.cruxialcio.com/security-professionals-lack-compatible-tools-prevent-cyber-attacks-report-4572

 

http://www.scmagazine.com/study-finds-attack-detection-takes-too-long/article/333988/

Data Breach on Campus: Over 300,000 Exposed at University of Maryland

UMD

This week the University of Maryland came forth with an announcement that their campus data base had been breached, exposing sensitive information for over 300,000 students and faculty.  The data breach comes on the heels of many other similar data breaches at retailers across the US including Target, Neaman Marcus, and Michaels Craft Stores.

According to a letter from University of Maryland President, Wallace D. Loh on February 19, 2014; “A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students, and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised — no financial, academic, health, or contact (phone, address) information.”

Education Link Banner

Although the information was limited to the aforementioned personal information, those are almost all of the key things needed to steal someone’s identity.

Kudos to the University for being so forthcoming with information, some companies would rather sit on the information until they have investigated more into the cause, which could lead to more problems for all involved. I think that other companies should take note of the steadfastness that the University has shown, notifying those whose information has been exposed and providing them with the support that they need to curb their fears. The University provided all involved with tips on what to look for with possible cases of fraud that can be connected to such data breach. However, it has yet to be seen if the University will provide the 309,079 with the standard credit monitoring service that has been seen in other recent breaches of the same caliber.

President Loh also noted, “With the assistance of experts, we are handling this matter with an abundance of caution and diligence. Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach.”

Security breaches like these cannot always be prevented, but it is important to make sure that your campus or company is properly equipped to combat these types of attacks. There are a few ways to ensure that your data is being guarded from unauthorized users, this includes incorporating a two-factor solution where the person logging in would need to verify their identity by having to input a one-time use password that would be sent to a separate device like an enrolled cell phone. Many campuses and companies turn to authentication experts like PortalGuard to provide the authentication solutions that have been independently tested and proven to enhance security.  

Source: http://www.umd.edu/datasecurity/

Government Surveillance, Time to Reform?

Spying

There has been a recent push back against the government claiming that they are impeding on the privacy rights of users. Eight companies, including AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo, co-authored a letter to President Obama stating their concerns. In this letter, the major companies broached the issue of the global interference with users’ internet accounts and discussed the fact that governments do indeed need to protect their citizens but not at the cost of civil liberties. Along with the letter, www.reformgovernmentsurveillance.com was created to raise awareness and call the government to action.

Request for Transparency

One of the biggest requests in the letter was to create transparency. The website reformgovernmentsurveillance.com stated, “Governments should allow companies to publish the number and nature of government demands for user information.” Companies like Microsoft and Twitter recently announced steps that they are further taking to ensure that they are using the most advanced forms of encryption to ensure the security of their users’ information. Transparency from the government is a great concern for users and companies worldwide.

Request for Clearer Framework

Another major request the website reformgovernmentsurveillance.com brought to the forefront was the need for a “robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty, or ‘MLAT,’ processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.” For example, it is well known that in our country we have more freedom when it comes to internet use than other countries like China An agreed upon, transparent framework would avoid conflict between differing laws.

Request for Our Rights

The question that lies beneath all of this is at what point will the rights of internet privacy and our constitution be respected? The open letter to Obama on www.reformgovernmentsurveillance.com from the major companies states our constitutional right in regards to internet safety most accurately.

“We understand that governments have a duty to protect their citizens, but this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change.”

In the words of Francois-Marie Arouet, better known as Voltaire, later reiterated by Uncle Ben to a soon to be superhero, “with great power, comes great responsibility.”

 

Resources:

http://www.reformgovernmentsurveillance.com/#

http://www.scmagazine.com//leading-tech-companies-make-joint-call-for-surveillance-reform/article/324795/

To E-File or Not to E-File

Tax Fraud

While Shakespeare is better known as an excellent playwright, vivacious actor, and sublime constructor of the English language, he also has a not-so-well-known, historical record for tax evasion, hoarding, and the selling of grain at atrocious prices during years of famine. Although we are not here to discuss the moral ethics of Shakespeare, we should ask ourselves “to e-file or not to e-file.”

 As the season for filing your taxes approaches and with many already waiting for their returns, e-filing security is on the minds of many. According to WMBF News, in 2012 the Department of Revenue (DOR) was hacked, compromising millions of taxpayers’ personal information. Samantha Cheek, the spokesperson for the DOR, believes that for 2014 “e-filing is not only safe, it may be more secure than filing a paper return. Paper returns are handled by numerous people and can be stolen.” The DOR is now implementing Two-Factor Authentication (2FA) and monitoring their web activity closely. But how can you know that e-filing your taxes will keep your information safe from those that will be prowling the streets of the internet looking for their next e-filing victim? Below are a few things to keep in mind during tax season.

Beware of the Bait

By using “phishing emails,” the DOR hacker in 2012 was able to get access to the DOR system at any time causing the breech in security. Phishing baits are everywhere from emails to social media. Just be leery. They all promise different things, but they all want the same thing: your identity.

E-filing Into Fraud

E-filing is the most convenient way to file your taxes and the quickest way to get your return back. By e-filing your taxes, the IRS says you are entering into a world “where hackers have already proven they’re pretty savvy.” Another precaution you can take is being sure that your e-filing provider is using the latest in web application security by checking their security and privacy policies.

Use Caution

There are a few things you can do on your own that create a secure environment for e-filing. First, be sure that your computer and web browser are up to date. This will ensure that any simple holes that a hacker might use are patched. Also before working on your taxes, make sure your network’s wireless router’s security is enabled; along with that, never file your taxes from a public, wireless hot spot. And as always, choose a strong password that contains a variety of numbers, letters, and characters.

In closing, WMBF News states, “the bottom line is there’s no fool proof plan when a thief is on the prowl. That’s why experts say stay informed. Check your credit often. Make sure your preparer is a reputable person or firm and if you suspect something is amiss, report it immediately.”

http://www.scmagazine.com//irs-warns-phishing-attacks-are-among-dirty-dozen-tax-scams/article/286575/

http://www.wmbfnews.com/story/24634961/2014-tax-filing-season-raises-security-concerns

http://www.computerworld.com/s/article/9016362/10_security_tips_for_e_filing_tax_returns