Category Archives: Antivirus Vendors

Antivirus Vendors

Secure password: CyberVor hoard of 1.2 billion details ‘used in attack’

Hosting provider Namecheap has come under attack from hackers apparently using the “CyberVor” hoard of 1.2 billion usernames and passwords, and has warned that some accounts that had failed to use a secure password may have been compromised.

In a blog post entitled, “Urgent Security Warning”, the company said that some accounts had been compromised, but Computer World reports that the “vast majority” of login attempts had failed.

Namecheap said that it was now “aggressively blocking” the IP addresses that the attack appeared to have come from, and said that the logins appeared to come from the record-breaking hoard of passwords and usernames stolen by the gang known as “CyberVor”.

Secure password: Record-breaking hoard used in attack

Veteran security writer and researcher, and We Live Security contributor Graham Cluley said, “The gang, which has been dubbed “CyberVor” (“vor” means “thief” in Russian) by security researchers, is thought to be in possession of the largest known haul of stolen internet credentials – 1.2 billion usernames and passwords, together with 542 million email addresses. And the data has been stolen from some 420,000 different websites.”

Company officials did not reveal why they suspected the credentials being used in the attack were the ones from the Cybervor (“Vor” is Russian for “thief”) trove which was discovered online last month, with a mix of passwords, usernames and email addressses in one online cache, according to CIO magazine.

“Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. Upon investigation, we determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to Namecheap.com accounts,” Namecheap said, also offering advice for users on how to create a secure password for their accounts.

Fake browser used in mass attack

“The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts,” Namecheap said.

Veteran security writer and researcher, and We Live Security contributor Graham Cluley advises, “Whenever you create accounts online you are putting trust in the hands of web developers that they are properly securing your information. The very best you can do is enable additional security measures (such as multi-factor authentication when made available), and ensure that you never reuse the same password nor choose a password that is easy to guess or crack.

Because one thing is clear: The Russian CyberVor gang may or may not be sitting on one of the largest cybercriminal hauls in history, but unless we all work harder to keep our private information safe and secure, this is not going to be the last time that you’re waking up to newspaper headlines of stolen passwords.”

 

 

 

The post Secure password: CyberVor hoard of 1.2 billion details ‘used in attack’ appeared first on We Live Security.

Teaching cyber-security from school age

As the Internet increasingly becomes part of our everyday lives and we use new technologies in all areas of our life, there’s an ever greater need for professionals capable of guaranteeing our security in these areas.

However, in a field as new and complex as cyber-security there is still a lack of people prepared to work in it. As we saw recently, in the United States there is already a plan under way to tackle the situation: training army veterans to become cyber-warriors and consequently, helping them to adjust to civilian life again.

Yet this is only one of the solutions put forward, and there are others that take a longer view. To ensure the future of the profession, the only viable plan for the long term involves educating children in this area and stimulating their interest in computing in general and specifically in IT security.

Along such lines, countries like the USA and the UK have projects that will hopefully provide the cyber-warriors of the future.

cyber competition

The UK’s Cyber-Centurion challenge

In the UK in fact, an initiative called Cyber Centurion has been launched to get thousands of youngsters competing in teams in a cyber-security challenge.

The key to the initiative is that young people will be in direct contact with situations that a real cyber-security expert could encounter. In fact, the challenge, which is to be held in two rounds, involves downloading a virtual computer full of vulnerabilities that could present opportunities for a cyber-criminal. What the teams (comprising 4 to 6 youngsters and one adult) have to do is identify these vulnerabilities and patch them as soon as possible.

As this is the first edition of the challenge, there will first be a practice round in October before the two competition rounds. The top six teams will then battle it out in April 2015 in the Grand Final. The winners will be awarded a scholarship at Northrop Grumman, one of the largest defense contractors in the United States and maker of the B-2 stealth bomber who is funding this initiative with a view to uncovering future talents in IT security.

This however isn’t the only cyber-security initiative in the UK. The Cyber Centurion challenge is supported by Cyber Security Challenge UK , a platform funded by the British government that has organized other educational initiatives such as workshops and other challenges in schools, colleges and universities across the UK.

CyberPatriot

In fact, this exciting British initiative is really an adaptation of the US Cyber Patriot program, the National Youth Cyber Education Program. This program is now in its seventh edition and is also funded by Northrop Grumman, which claims to have already dramatically reduced America’s cyber-security talent shortage.

This search for US Cyber Patriots involves three programs:

  1. A competition among high school students similar to the one that will begin in a few months in the UK (where the teams have to identify and fix vulnerabilities in an operating system to prevent cyber-criminals from entering),
  2. A camp organized for the first time this summer and which aims to teach the principles of cyber-security in an entertaining way and
  3. An initiative that will take basic IT security knowledge to primary schools and teach children how to protect themselves on the Internet.

Internet competition

So why in the US and the UK is there so much interest in students learning firsthand what it takes to be a cyber-security professional and not any other job?

Basically, because the future (and the present) will require IT professionals dedicated to cyber-security. Moreover, international threats and attacks can now come across the Internet, so another profession of the (short-term) future will be cyber-warriors, who even now are being recruited by companies like Northrop Grumman. This will no doubt be the army of the future.

The post Teaching cyber-security from school age appeared first on MediaCenter Panda Security.

Labor Day Reflection: The 77% Rule and Women in Tech

You don’t have to be anti-man to be pro-woman.

–Jane Galvin Lewis

 

Yesterday while I was observing Labor Day, the day set aside to celebrate the social and economic advancement of the American worker in the U.S.— it provided some time to reflect and consider the topic of women in the workforce and specifically pay parity.

What if I gave you 77 cents for every dollar you earned? Would you feel fairly compensated? Unfortunately, that’s generally the wages the average working woman makes as opposed to her male counterparts.

The 77 cents for every dollar? That’s a generalization that averages in all jobs across the board.  The good news is that the tech industry is more progressive. Pay parity, according to various surveys, is equal in our industry as long as the job titles are the same.

Of course, the catch is that women aren’t as likely to have the top titles. (For a more in-depth look at this you can go to one survey at Dice.)

Nevertheless, I believe tech is a great place for women and has a rich tradition, from Ada Lovelace to Admiral Grace Hopper. When I began in tech, role models were few.  Today, if you look around today, there are a number of role models for women starting out: Marissa Mayer, Sheryl Sandberg, and Susan Wojcicki, to name a few. But the playing field is still far from level.

 

Where and how can we level the playing field?

Maybe online? As reported in a survey by freelance job site Elance, women in technology are finding more opportunities online than on-site. According to their survey of 7,000 global independent professionals, 80% of respondents also said they’re optimistic about the future of high-tech professions for women even though a majority still sees a lag in pay equality and encouragement from parents and/or teachers.

Fabio Rosati, CEO of Elance, noted,  “Online work provides an attractive avenue to neutralize gender discrimination around the world and create flexible professional opportunities not available in traditional job markets.”

That’s one solution. I think another has got to be education. Basically, education is a great lever to pay parity.  And, backing programs such as Girls Who Code is a great way to get young women engaged in technology.

Mentoring is also another great avenue. It’s something I’m proud to say I use to measure my success as well.

I hope to share more of my thoughts and experiences at SWXS this coming year as a featured speaker on the topic “Boardroom or Baby.” You can support me and continue to raise awareness for the issue by going here to vote for my presentation.  Voting closes Friday, Sept. 5th – so go check out the SXSW PanelPicker and vote today!

Jennifer Lawrence: Victim of a security hole in iCloud?

jennifer lawrence oscar

If you are on Twitter you may have noticed the actress Jennifer Lawrence has been ‘Trending Topic’ since yesterday afternoon.

jennifer lawrence twitter

 

The reason? The leak of nude photos of the 2013 Academy Award winner on the /b/ forum of 4Chan.

She has confirmed the story, although she is apparently not the only victim.

jennifer lawrence spokeman

 

Other models and actresses such as Kirsten Dunst, Kate Upton or Ariana Grande have also allegedly had pictures leaked, although not all these cases have been confirmed. Meanwhile, Mary E. Winstead has acknowledged the authenticity of the pictures that have been circulated, while Victoria Justice has denied that some photos allegedly of her are authentic.

It is still not clear how ‘Celebgate’ (as some are referring to this massive hacking) was carried out. Some sources have suggested a possible security breach in iCloud, Apple’s virtual data storage platform, though the company has yet to confirm this.

Until it is known how these images were stolen, the best anyone can do is apply common sense and ensure they use strong passwords to access their services. We also recommend that users check their Apple ID account.

 

 

 

The post Jennifer Lawrence: Victim of a security hole in iCloud? appeared first on MediaCenter Panda Security.

Cybercrime: Top experts to form international crook-hunting force

As many as 18 top cybercrime experts from around the world will form a new Joint Cybercrime Action Task Force based in the Hague, which will target “top-level criminals” far faster than any previous force, the Guardian reports. The Joint Cybercrime Action Task Force (J-CAT) said that the new entity would allow action against high-profile criminals to move more quickly than before, “It’s not a talk shop. This has to lead to more arrests,” said  Troels Oerting, head of Europol’s European Cybercrime Center, according to V3’s report. The unit will be headed by Britain’s Andy Archibald, head of the National Cyber Crime Unit,  according to The Parliament Magazine.

Cybercrime: “This will lead to more arrests”

“The J-CAT will operate from secure offices in Europol’s HQ, assisted by experts and analysts from the EC3. The aim is not purely strategic, but also very operational. The goal is to prevent cyber crime, to disrupt it, catch crooks and seize their illegal profits,” said Troels Oerting, head of Europol’s European Cybercrime Center, according to V3. “This is a first step in a long walk towards an open, transparent, free but also safe internet. The goal cannot be reached by law enforcement alone, but will require a consolidated effort from many stakeholders in our global village. But the J-CAT will do its part of the necessary ‘heavy lifting’ and that work started today. I am confident we will see practical tangible results very soon.” The Guardian pointed to some of the difficulties facing such organizations – such as the fact that criminals such as Evgeniy Bogachev remain at large, despite being accused of major cybercrimes.

“The goal is to prevent cybercrime”

Archibald, who will head the new organization, organized a major international operation to attack the command and control servers of the notorious banking malware Shylock/Win32/Caphaw. He says that cross-border cooperation is key to success against today’s cyber gangs. The new J-CAT organization will also deal with private-sector companies and computer-emergency teams from other EU organizations to ensure effective information sharing. Mr Archibald said: “There are many challenges faced by law enforcement agencies with regards to cyber criminals and cyber attacks. This is why there needs to be a truly holistic and collaborative approach taken when tackling them.” “The J-CAT will, for the first time, bring together a coalition of countries across Europe and beyond to coordinate the operational response to the common current and emerging global cyber threats faced by J-CAT members.” “This is a unique opportunity for international law enforcement agencies to collectively share our knowledge to defend against cyber related attacks, and the UK’s National Crime Agency is proud to be a founding member”.

The post Cybercrime: Top experts to form international crook-hunting force appeared first on We Live Security.

Wi-Fi password – “one second” hack allows attackers into many routers

A push-button function on many wireless routers designed to bypass the Wi-Fi password and provide quick access to the network could allow attackers to break in in just “one second”, reports have claimed. The Wi-Fi password flaw was found by Swiss security firm Oxcite, and allows hackers to bypass the security of Wi-Fi Protected Setup almost instantly, according to Engadget’s report. Rather than making thousands of guesses at the PIN code, the attackers make one guess, based on offline calculations. “It takes one second,” Dominique Brongard of Oxcite said. “It’s nothing. Bang. Done.”

Wi-Fi password: “It takes one second”

The attack is the latest in a series of weaknesses uncovered in popular models of routers – and affects routers using a chipset made by Broadcom and another , as yet unnamed, manufacturer. In both cases Oxcite claims, it would take roughly “one second” to guess the hotspot’s PIN code. The attack relies on poorly generated “random” numbers, and is not inherent to WPS itself, just the (as yet undisclosed) router models. The researchers believe, however, that the Wi-Fi password security flaw is relatively common, and advise users to switch off the WPS function (done from any router’s set-up page) until the problem is known to be solved. Research has shown that many popular router models ship with known Wi-Fi password vulnerabilities among others, which activist group Electronic Frontier Foundation attributes to the relatively low price of the devices, and the difficulty of budgeting for proper security updates. A We Live Security guide to keeping small-office and home routers as secure as possible can be found here.

“It’s nothing. Bang. Done.”

The Wi-Fi alliance said, speaking to Ars Technica, “A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices.” “It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings.”

The post Wi-Fi password – “one second” hack allows attackers into many routers appeared first on We Live Security.

Online dating is the latest trend – But is it also safe and secure?

The Internet is new territory, apparently. To government officials perhaps, but not when it comes to finding a partner. According to a study, 30% of relationships begin online[1]. And many of those are made to last offline: in 2013 16.4 % of all new partnerships in Germany began with the couples flirting online[2]. It’s great when things work out with the neighbor, but just as searching for a partner in the supermarket, bar or swimming pool isn’t without its risks, the online world has its pitfalls too. Take untruthful profiles for example. “Men make themselves taller, women younger”, that’s what a former product manager of Yahoo Dating said summarizing her experiences. These sorts of little white lies are relatively harmless as they’re easy to spot on the first date. It gets more difficult when something doesn’t add up about the job, and the chosen one doesn’t turn out to be a doctor after all, but unemployed, in debt, and on the hunt for some funding.

Cyber scammers have created an entire industry from people’s desire to be together. The “romance scammers” search the lonely hearts sites specifically for woman with whom they initially email and call for weeks at a time to establish trust only for them to then ask for money for medical treatment, medication for mom, a trip to their sweetheart’s country or whatever it may be. The meet-up itself isn’t risk-free either. Blackmail through secretly or openly filmed sex tapes has already happened more than once, just like alleged pregnancies which nobody will ever find out about if the victim contributes to the abortion costs. While this is dramatic, generally the worst thing those who flirt online have to fear is enduring an endlessly boring evening on the first date.

Here are a few simple tips that will help guard against both dangers – criminality and boredom. On the first date, meet in public and never at your home. Tell a friend, relative or your parents where you will be and arrange for them to call you at a set time so you can give them the all clear. By the way, you can also use the call to your advantage to fake an emergency and escape a boring date early.

Spam messages from those looking for love can also end up in your mailbox through no fault of your own, and people who date online are more likely to open the wrong attachment by mistake. Not every jpg image is what it appears to be, and those ominous-looking Word, PDF, and PowerPoint attachments from romance-seeking Natashas from Belarus are also best sent directly to the recycling bin. The latest version of a comprehensive antivirus software solution like Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus blocks viruses, worms and Trojans and, in the best case, also evaluates websites before you click them. This minimizes digital dangers and searching for a partner online doesn’t lead to additional risks.

You should, however, pay particular attention to potential risks posed by revealing personal information. Even if endlessly long email conversations over many weeks are rather counterproductive, you should not be forthcoming with your personal information. Before you give your address and telephone number to the person you’ve been messaging, you should be absolutely sure that you won’t regret it. It’s a good idea to have a throw-away email address you only use for dating purposes. Another good tip is to stay completely within the dating provider’s web environment as it usually doesn’t allow real identities to be inferred from online identities. Above all choose the dating provider cautiously. Services you pay for sort at least some chaff, in the form of joke or fake profiles, from the wheat. All the best for your next date ;-)

 

[1]German study “Online-Dating-Marktreport 2013/2014″ (“Online Dating Market Report 2013/2014″) – singleboersen-vergleich.de, 2014

[2]“Vom Online-Dating zum Traualtar” (“From Online Dating to the Alter”, German survey of 827 German registry offices – singleboersen-Vergleich.de, 2013

The post Online dating is the latest trend – But is it also safe and secure? appeared first on Avira Blog.

Are all data breaches created equal?

Companies both small and large have had to deal with a lot of hacker headaches recently, and for many people, news about these data breaches has caused them to change how they interact with the companies that have been affected. Not only is this bad for business for the companies, but it’s also embarrassing.

Even though revealing this information can make life difficult for the companies, it still makes sense that the public should always know about it, right? Well, maybe not. At least that’s what some executives have been saying lately.

It might come as no surprise that corporate executives would be the ones saying that not all data breaches need to be disclosed, but there are a couple different ways to look at this as a consumer that we’re going to focus on.

Tell me everything – In this situation, no matter what the hackers were able to get access to, you want to know about it. This could be sensitive data related to your password or credit card number, or it could be data about the company that’s not related to you.

Just tell me when it’s serious – Under this scenario, you’d only be notified when hackers access sensitive data about you that could be used to cause problems. Data breaches that don’t have a direct bearing on you or your privacy would not be publicly disclosed.

Which one of these options do you personally prefer? Disclosure might be the rule, but with the constant barrage of attacks that many companies have to deal with, some consumers might say that ignorance is bliss to some extent and the companies need to address their security issues privately unless there’s the chance that sensitive customer data has been compromised.

We’d love to hear your thinking on this matter in the comments section.

The post Are all data breaches created equal? appeared first on Avira Blog.

Eliminating file sharing security threats with subscription services

Quite frankly, it became an addiction. Active users accumulated thousands of songs, and before too long, this file sharing madness spread into other areas, such as movies and software.

Getting whatever content you want whenever you want it sounds great on paper, but these early networks made it extremely easy to share content illegally, and that’s what they became popular for. Even though the Napster of old and other similar applications don’t exist anymore, downloading content illegally is still a simple task thanks to torrent sites and other dark corners of the Internet.

Of course, it’s not a good idea to be involved in this sort of activity just because it’s easy. For one thing, you’re accessing content illegally, and additionally, hackers love to use interest in illegal files to spread malware. Not only do many of the files contain security threats, but the sites that are used to distribute them can also often be plagued with malware.

Thankfully, if you want to access content online in a legal and secure way, then you have plenty of options that didn’t exist in the early days of Napster. Sure, you can buy a song or movie individually, but the trend these days is focused on subscription services. Part of the appeal of file sharing services is that they can give you access to everything at once, and that’s exactly what subscription services can provide legally for a small monthly fee. There are services like Netflix for movies and television shows, Spotify for music, Kindle Unlimited for books, and the list goes on.

The truth is that many of the people who download files illegally don’t necessarily want to do it, but they feel forced to do it because they can’t access the content in the digital way that they’d like to. Affordable subscription services are turning these people into legal consumers of content, and that’s a better solution for them and the content creators. Not only is the overall quality and experience enhanced for the user, but they’ll also have a clean conscience and avoid the security threats that come along with illegal file sharing.

The post Eliminating file sharing security threats with subscription services appeared first on Avira Blog.

Back to school…for the rest of us

“You’ll never know everything about anything, especially something you love.”

–Julia Child

All across the nation, parents are breathing sighs of relief as their children head back to school.

But how about ourselves? As I’ve mentioned before, I’m a strong believer in lifelong learning. It keeps us focused, interested, and engaged. It helps our communities. And whether you want to teach or learn, there’s a place for you, either in person or online.

While I have the greatest respect for traditional universities and our wonderful community colleges, there are so many resources available online today that make it easy to stay active and engaged in learning. Back in the early 2000s when I started an early online learning company that did classes for consumers on all sorts of topics sponsored by major brands – we were a bit ahead of our time. Now technologies –specifically video applications- have evolved so much to support and make online classes truly visual, interactive and engaging.

Though we juggle our work, projects, kids and other commitments and it can be crazy, many of the online courses are self-paced, making them more manageable.  And BTW, a report by the U.S. Department of Education has found that classes with online learning (either solely or as a component) on average produce stronger student learning outcomes than do classes with solely face-to-face instruction – especially among older learners.

Here are some of the best distance learning apps and sites that I’ve come across. These can be used whether you want to share your knowledge or want to learn…or, ideally, both! Here are five I recommend, with a bonus thrown in for good measure!

 

Canvas

Canvas is an open source platform for online collaboration that’s designed to be easy to use. It’s free and used by more than 800 colleges and universities. A sampling of courses shows a wide range of diverse material from “The Great Depression to the War on Terror,” a history course presented by a Seattle Central Community College Professor, to “Parenting in the Digital Age,” a course by the director of technology from an Indiana school district. These self-paced courses include video lectures, discussion forums, group work and more. Canvas’ motto is Keep Learning, something I think we can all agree with!

Coursera

The Coursera online portal also hosts classes from major universities around the country and the world, basically providing a way for you to learn at your own pace or audit classes from the comfort of your desktop. It currently boasts 9 million students, 737 courses and 110 partners, with both free and paid courses. In its specialization area you can take a group of courses, for example, to earn a Cybersecurity Certificate from the University of Maryland (for a fee). They also offer financial aid, by the way!

ePals

ePals says it’s “where learners connect”. It maintains a community of collaborative classrooms engaged in cross-cultural exchanges, project sharing and language education. It’s a sharing site that offers a way for groups of students around the world to be matched up and paired with other classrooms, and allows teachers to create their own projects or collaborate on others. It’s all about learning through experience.  I think this site is what the future is going to look like…at its best: People all over the world sharing knowledge together.

edX

edX is one of the leading sites for accessing free, open online courses. Harvard and MIT founded this platform, and offers classes from those amazing institutions, as well as classes from a growing list of partners. One course coming this week that caught my eye is UT Austin’s course on “Ideas of the Twentieth Century.”

iTunes U

Apple’s site and app for online and connected learning, iTunes U provides thousands of audio and video courses on-demand and the world’s largest catalog of free education content. You can access learning and presentations from many top schools and universities worldwide, including Stanford, Harvard, MIT and more.

 

And now for the bonus…

Don’t have time to commit to a class this fall? There’s an awesome YouTube presentation featuring Carl Sagan, Arthur C. Clark and Stephen Hawking here about “God, The Universe, and Everything Else.” Now that’s education in less than an hour.

Happy back to school, everyone!