Monthly Archives: March 2015

AVG

World Back Up Day: Five Tips for choosing a Cloud Storage Provider

Leave a comment

Billions of people use the Internet every day. We use it to work, play, create and share memories. World Back Up Day is an annual reminder to protect our most precious files from being lost forever.

After all, what would you miss if you lost everything?

Cloud based back up services are incredibly cost effective and most allow you to access your files from anywhere in the world.

So if you’re ready to celebrate World Back Up Day, I have five tips on how you can pick a secure cloud storage service.

Is it for business or personal use?

There are plenty of free options, before you trust a service with your personal or critical business files you should make sure it is reliable and secure.

What type of files are you storing and why?
Different cloud services offer various features and options that might suite your particular need. For example video or photos back up.

What level of encryption do they offer?

Does the cloud storage service offer encryption? If the provider is hacked, your data will be vulnerable. If the provider don’t provide encryption then you should consider encrypting it yourself before you upload.

Are there additional security features?
If possible, use additional security features like two-factor authentication and login notifications to help prevent unwanted breaches.

Do you have adequate backups?
Don’t rely on a single backup, especially for your critical files. You should also backup regularly.

 

Until next World Back Up Day, stay safe out there.

Security

DDoS Attack on GitHub Linked to Earlier One Against GreatFire.org

Leave a comment

The ongoing DDoS attack on GitHub, which has made the social coding site intermittently unresponsive since March 25, is essentially a side effect of an older operation from the Chinese government against a site run by the anti-censorship project GreatFire.org. Officials at GreatFire said that the attack on their infrastructure began on March 17 and involved […]

AVG

Heartbleed: One Year On

Leave a comment

When news of the Heartbleed vulnerability broke this time last year, it was a watershed moment for the Internet and especially for security.

OpenSSL, the fundamental layer of encryption used by major websites around the world, was found to be flawed. Through a specific type of attack, a victim’s personal data including passwords, financial credentials could be stolen.

While the discovery of a vulnerability in OpenSSL didn’t come as much of a surprise to those who work in the security industry – after all, completely secure code is a rarity. Instead, the shock was the extent of the vulnerability, with around 60% of the entire web at risk.

Now, a year on, I’d love to be able to say that we’ve learned many lessons from Heartbleed and that the web is now a more secure place. Sadly, it’s not as simple as that.

Public awareness remains a major issue for Internet security. Recent research from password security developer Dashlane indicates that a year on, 86% of American’s have not heard of Heartbleed.

Dashlane spoke to AVG’s Chief Strategy Officer, Todd Simpson, about their results.

Video

The State of Online Security One-Year After Heartbleed

 

However, awareness is just one issue. Months after Heartbleed broke, I wrote of several further vulnerabilities in OpenSSL that had also emerged. Although each vulnerability discovered is theoretically a vulnerability fixed, it highlights the fact that this is still much work to be done. This is particularly true of open source software.

Open source software has several major benefits and will be around for a long time yet, but vulnerabilities such as Heartbleed demonstrate that there is risk and responsibility for all of us to protect the systems we have come to rely on.

Why has there been so little progress in securing OpenSSL and similar open source systems since Heartbleed appeared?

In my opinion, the issue lies within the very nature of open source software. OpenSSL is incredibly useful and has been adopted throughout the world, but how many people pay for OpenSSL, or donate time and money to keep it functional and secure? Not so many.

The OpenSSL Project does a great job finding and fixing vulnerabilities when they appear but in order to truly move the dial for Internet security, we need more investment.

Right now, the hands of the world’s online safety is in the hands of only a few coders working in small teams. That simply won’t do.

In April last year I wrote a blog highlighting a number of ways that we can all work together to improve the security of open source software.

Ultimately, it comes down to the fact that vulnerabilities will always exist; it’s up to all of us to take responsibility for our security.