Stealing data via a desktop telephone?

Data protection is a hot topic. In many countries worldwide new data protection laws are implemented. These laws are created to ensure that personal data as stored and processed by companies and organizations will be protected against theft and modification.

A well-known example is the General Data Protection Regulation (GDPR) as approved by the EU last year, which will become active in 2018. It will become law in all member countries. It is not a directive which can have different interpretations and timelines per country but will be the same law in all member states.

Data protection regulation is relevant when data can identify or provide information about a specific person. Personal data can be anything. Names, addresses, etc. of course. But also photos, financial documents or medical data. And – taking the European laws as an example – not just for the data owner, but also for third parties processing the data (e.g. cloud service providers) on his behalf. It also means that most regulation crosses international borders. The EU regulation applies to all companies who process personal data of European citizens.

What does data protection regulation cover? Typically, companies need to have a proper administration of which data are stored where (including local spreadsheets with customer data). They also should make it possible for customers to have their data erased and the design of their systems should guarantee data protection (called ‘privacy by design’). Finally, they have to inform the regulator and public about data breaches that occurred and penalties are increased to the level which can mean a serious financial risk for a company.

However, it is not just about your data infrastructure

Of course, everything is data nowadays. Also, voice telephony is a data service, and that is specifically the case for VoIP infrastructures and services as deployed in many companies and organizations. We noticed however that the key focus of many data protection projects is on traditional ICT infrastructures. VoIP is often a blind spot.

While…it is also about voice communications

Ignoring VoIP could mean a serious mistake, however. Let’s have a look for example at a medical institute. Patients definitely don’t like the idea that their information becomes public. Nevertheless, the phone can provide easy access to these data. First of all, a modern desktop telephone provides access to the complete contact list of the user of that extension. A customer list, or – in the medical institute – the list of patients for example. This is just a beginning. The desktop phone also gives direct access to the voicemail system, which may disclose some very sensitive information. For example, if one medical specialist shares his diagnosis with a colleague. The biggest risk is however that office phones are the perfect social engineering tool. If someone has unauthorized access to a business telephone, just his caller ID makes him a trusted person to other employees of the organization as well as staff from other organizations. This trusted personal contact is the best way to acquire sensitive information and other personal data.

So, are your business telephones secured?

Most people think that advanced business desktop telephones can be secured by a PIN or something similar. Which is true. However, this security is often not used. The security mechanism most of the time means that employees have to enter a username (for example an email address) and PIN via the very basic keypad of their telephone, which is a very inconvenient procedure. So in many occasions, once logged in, people keep their phones logged in as long as possible. Or the login mechanism is disabled completely. There are examples of professional service managers actually giving such advice to their end-users.

The impact is that many office telephones provide open access to private and other sensitive data. Not at a level that millions of customer or patient records can be downloaded at once. But still, via the telephone, private documents and other information can be stolen from your organization right now. Therefore, protecting your office telephones may be an essential step in your companies data security plans.

How To Encrypt Emails For Enhanced Security

Emails nowadays are a very common method of conveying messages. More importantly, when we try to have a private conversation and exchanging important files and information we try to use the method of email. But what about the security of this method?
As we think that the emails are a more secure form of a conversation between two or more parties but this might not be the case. The Invisible Web, Dark Internet, and Deep Web refer to the dark minds and criminals that are all over the internet, waiting to steal your information and corrupt your device.

This threat was always there but in the recent times, the scamming and criminal activities on the internet are more taken place through the emails. Therefore as a research, the user of email have more threat of stealing or corrupting the information than anyone else or any other method.

Who is the average email user?

According to the research the average internet and email users have not very much to worry about as they have not much to be stolen from. On the other hand, they can make their system more secure by using the regular internet protection system such as firewall, malware, hotspot etc.
Little efforts must be taken by the regular internet users to protect themselves from a major loss. But the scammers and hackers are indirectly affecting the regular users by targeting the Online shopping sites, Banks, online transaction etc. so that they can get valuable information as well as a monetary benefit which can involve your money or money related information.

What can be done to protect emails?

As a user, you cannot do much if the entire system is hacked but you can contribute a lot to your own safety and the safety of your emails and computers. Some of the security measures are listed as below;

1. Don’t open any unfamiliar email or link or attachment which you’re not sure of such as:

• Lottery offer
• Claim a winning price
• Get a free vacation
• Offers from any king from African country etc.

2. Don’t open and go after an endless link because it can have a potential virus. This email can be sound or seen familiar such as one from your contact, family or friend. Any social media pop up or any video or meme which is sent in an email and it is unnecessary to open must be avoided.

3. If you use your office files and documents from your own PC or laptop or use bank related work through it, invest a little on the security software which might charge a little but saves a lot of your information.

4. Try not to expose your security by using any free or public internet. A free or public internet is an open web which makes sure the person falls in.

5. If you are using any local internet services make sure to use a reliable one. Especially in case you are working on the international business and your internet connection is local, there are more chances of a security breach as the rules and laws do not apply to the local internet service provider.

How email encryption is beneficial for you?

The encryption is a method of converting the actual or original message having the regular text and changing into the encoded one. The format of the text is changed from the language such as English into the algorithm which is a type of formula.

Now, when the message is encrypted, it is least chances of the text to be converted to the actual text other than the person who has the authority or permission to decrypt. Decryption is a process of translating the encrypted code into the actual text. Therefore the information sent and received will remain in the safe hands and the scammers and hackers cannot do anything about it.

There are certain laws and rules applied to the delivery and receiving of mails of U.S. Postal Services and in case someone breaches it the law applies to him or her. But there are no rules and laws applied on the emails and that is why email scamming is very common these days.

Similarly, the emails are more vulnerable. Even in the cloud, when the senders send the email and the receiver has not opened it; the email sits on the cloud and waits to be opened. The changes or polluting can be done there as well.

A study shows that the emails are more likely to be attacked due to three major reasons:

1. Almost 20 to 25 percent of emails have attachments and these are about 98 percent of the email traffic volume.

2. The most importantly the users and employers think that the hard drive can be damaged or the data can be lost but the emails are safer. Therefore the emails mostly contain important stuff, especially the attached files.

3. The email attachments contain the 75% of the intellectual property of the organization.

How to secure emails?

On the other hand, there are some measures which must be applied in long term to avoid the hacking and encryption of the emails.
The emails can be secured to some extent by applying the following tips:

1. Use Virtual Private Network (VPN):
Avoid taking local internet; instead use VPN if the business is small. This will help the company move their data without the threat of hackers.

2. Use Outlook:
Outlook helps you defend your system from the unknown emails and attachment by doing simple setting you can stop seeing the emails of the unknown sender and unsafe attachments.

3. Encryption Software:
Some encryption software is available on the internet and it will help you secure the most important information and emails.

4. Use Secure Socket Layer (SSL) and Transport Layer Security (TLS):
The Microsoft Trust Center helps you secure your emails, links, and information more by applying simple tips and tricks.

This post was submitted by Muhammad Shoaib of Top10BestPro.

Tips And Tricks To Regain Your Stolen Identity

Stolen identity is a frightening experience, and it causes a lot of headaches and frustration. The trick is to stay protected whether you’re shopping online or simply giving out your credit card to a live cashier. If you’re already a victim of identity theft, here are a few tips and tricks for regaining your identity:

Understand Identity Theft

Identity theft is more than just a stolen credit card number. Many thieves are now using private information, such as your social security number, birthdate, and/or name to commit fraud, such as applying for loans or credit cards under your name. Approximately 9 million Americans are part of an identity scam, but most aren’t as extreme. Even mild cases of identity theft are difficult to resolve, but with the right support, financial experts can help.

Act Fast When Your Identity is Stolen

The first thing to do is contact each of the credit reporting agencies: TransUnion, Equifax, and Experian. They can put an alert on all of your open accounts, and can also freeze your social security number from any other accounts being opened or accessed. Next, utilize resources on the FTC website. Many of the forms available on this site will help expedite the process. Depending on the type of theft, you may choose to file a police report with your local precinct.

Keep Track of all Your Information

Next, close any fraudulent accounts and if there are suspicious charges on your own accounts, close them out too. You can do this by calling your banks, credit card companies, and any other businesses with which you have accounts. Keep detailed records of how much time you spend, because if the case ends up going to court, you can seek damages for these hours. Several months after the loss, obtain a credit report to make sure that all the fraudulent charges are gone. Once you complete these steps, your credit will return to its original status.

Learn to Prevent Future Identity Theft

You can also take preventive steps to avoid identity theft before it happens. One tip is to never carry your social security card. If you use a debit card, don’t keep the Personal Identification Number with it. Some experts recommend that you never use a debit card for online purchases. Since this links to your checking account, a thief can drain your bank account in just a few transactions. A credit card is much more secure, since it’s much easier to reverse a charge and issue a credit instead of trying to replace stolen money. Be cautious when using websites to shop, and make sure they have valid security and encryption.

Use Tools That Help

If you receive credit card applications, bank statements, or other personal documents by mail, make sure to shred them instead of tossing them in the trash. Keep careful track of your credit card and bank statements, and report any unauthorized activity immediately. Another great tool is LifeLock id protection, which helps monitor your patterns and alert you of any changes in spending.

With so many resources, identity theft becomes more manageable, and those affected can resolve the problems and return to financial freedom.

Symantec Releases Norton AntiVirus 2011 & Norton Internet Security 2011

Symantec has released the latest version of its antivirus software along with the new Internet Security product that is aimed at minimizing cybercrime. The popular security software provider has supplemented the launch with the release of its latest Cybercrime report where it claims that close to 65% of the global internet users have fallen prey to cybercrime – including online credit card theft, identity theft and computer viruses.

Speaking about the products itself, the new Norton Antivirus comes with features such as the Reputation service that instantly checks for the source of files, Pulse updates that dynamically updates the local virus database as well as a SONAR Behavioral protection system. The Internet Security 2011 software too comes with similar features in addition to the Download Insight that warns users of dangerous files before they are installed.

The two softwares are available on the Symantec website at an annual cost of $39.99 and $69.99 respectively.

Scan Your Mobile Phone For Virus From A Computer With PC2Mobile Scan

Earlier this week, an Android Trojan was discovered by Kaspersky labs and was traced to Russia. Just a day earlier, BBC had published a report on how easy it was to create spyware applications for smartphones. Now, if you are scared of having contracted a virus on a mobile phone and wondering how to remove it, the PC2Mobile scan should come of help.

Developed by India-based Quick Heal technologies, this is the first of its kind virus scanner that will let users scan their mobile phone for virus by connecting it to a computer via cable or Bluetooth. The application was launched in May this year and now supports close to 550 different mobile handsets made by Asus, Apple, Fujitsu, Nokia, Motorola, Sony Ericsson, Samsung, HTC, BlackBerry, etc.

The PC2Mobile scan software is available as part of Quick Heal’s Total Security 2010 suite that is priced at Rs. 2,000 ($43 apprx.)

“Creating Spyware Mobile Applications Easy”

There have not been too many instances of malware spread through mobile applications as yet. This is very unlike Microsoft’s experience in the PC market. One big reason for the presumably smaller number of malwares and spywares on smartphone platforms is because the marketplace owners still hold a significant control over the applications that are marketed through their application stores.

But, creating spyware mobile apps for smartphone platforms is not difficult. To measure the difficulty level, the BBC staff set about writing a crude gaming application that – besides letting the end user play a game – also sneakily stole contacts information, text messages and phone location and passed on the information to a specially set-up email address. BBC points out that a significant portion of the code was copied from various places on the internet and that the spyware took up almost 250 lines of the total app code length of 1500 lines. BBC also notes that all the information-stealing pieces of codes were infact legitimate pieces of code that were deliberately used with a malicious intent.

According to Wysopal from Veracode, this is not exactly a new discovery. He says,

“The face of the application, be it a game or a simple application that is for fun, can have behaviour that is not visible at the surface. There’s been cases of spyware being detected on the internet, downloaded even from application stores or from other websites. We’ve detected it out there. On the personal side there are cases of jilted lovers cyber-stalking their ex-boyfriend or ex-girlfriend through their phone.”

There are apparently not too many ways to be assured of a malware attack apart from say noticing a heavy battery drain overnight or strange subscriptions that you have not signed up to on your monthly bills.

Spam Producing Statistics – Countries With Maximum Zombie Computers

Zombie computers are those machines that are hacked by spammers with the help of computer virus so that they may be used as a host to send out thousands of spam messages. A study conducted by McAfee earlier this year showed that USA, Brazil and India are among the leading nations when it comes to […]

Zombie computers are those machines that are hacked by spammers with the help of computer virus so that they may be used as a host to send out thousands of spam messages. A study conducted by McAfee earlier this year showed that USA, Brazil and India are among the leading nations when it comes to producing spam. However, the report noted that China, USA and Brazil are countries that host the maximum number of zombie computers. India is nowhere in the top 10.

In a somewhat contrary note, CommTouch has come up with its latest quarterly security report where the researchers have noted that India has just overtaken Brazil as the country with the largest number of zombie computers. According to the report, here are the top ten countries and the percentage of zombie computer that they host.

1. India : 13%
2. Brazil : 11%
3. Vietnam : 6%
4. Germany : 5%
5. Russia : 5%
6. USA : 4%
7. Argentina : 3%
8. China : 3%
9. Saudi Arabia : 3%
10. Italy : 3%
11. Columbia : 2%
12. UK : 2%
13. Argentina : 2%
14. Romania : 2%
15. Poland : 2%

Penn State University Cyberattack Exposes Social Security Numbers

A cyberattack at the Penn State University – the third time in six months – has resulted in close to 15,000 social security numbers getting exposed. This comes just two weeks after a similar attack at PSU left close to 9,766 SSNs exposed. According to Geoff Rushton, a spokesperson of PSU, the institution is working with national and regional agencies to investigate the case. The names of these agencies have not been released due to confidentiality agreements.

The exposed individuals are noted to be students at the university prior to 2005. Since 2005, the institution has stopped using SSNs as a personal identifier. While the database of numbers have since then been removed, an archived copy of the same is reported to have remained undetected in the computer cache from where these numbers were exposed.

A similar attack in December last year is reported to have exposed close to 30,000 SSN numbers.

[via Pittsburg Live]

Stroz Friedberg To Look Into Google Wi-Fi Privacy Breach

There was a lot of brouhaha last month over reports that Google had been collecting  private data transmitted via unsecured wireless networks on the company’s Street View vehicles. While Google confessed that the company had indeed breached on private information, the company said that the data collection occurred unintentionally and there was a software error in the episode.

Following the breach and the negative publicity that followed, Google has now annouced that the company is hiring leading Internet security firm, Stroz Friedberg to look into the software issues that led to the private data to be collected in the first place.

A report is expected by the end of this week.

[via NASDAQ]

Security Issues : Microsoft Vs. Apple

Apple has always claimed that their computers are more secure than Microsoft’s. Naysayers have always cringed over such statements calling it a marketing strategy.

However, in a recent interview, the hacking wunderkid of yesteryears, Marc Maiffret, now a security guru has rubbished Apple’s claims saying Apple’s systems have always been more prone to security issues than Microsoft’s. He says,

“Oh yeah. It’s even a little scarier with them because they try to market themselves as more secure than the PC, that you don’t have to worry about viruses, etc. Anytime there’s been a hacking contest, within a few hours someone’s found a new Apple vulnerability. If they were taking it seriously, they wouldn’t claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don’t see more attacks out there compared to Microsoft is because their market share isn’t near what Microsoft’s is.”

However Marc has conceded that the Cupertino based company has taken a relook at the security as it has a potential to affect business. A case in point is the recent hiring of Window Snyder who had previously worked on security at Microsoft.

While this is a positive sign, Marc’s arguments are still note-worthy that Microsoft products are more secure than Apple’s at the moment.

[via CNET]