Monthly Archives: October 2014

AVG

Good News from the Government

With all the data breaches making headline news, and more importantly, affecting millions of Americans, the Obama administration announced a strong government plan to add security for debit cards that are used for federal benefits such as Social Security.

Specifically, in an executive order signed at the Consumer Financial Protection Bureau, President Obama ordered that government agencies that process payments employ enhanced security features.

Those measures include launching a chip and PIN initiative that the government has named “BuySecure” initiative. Chip and PIN means that secure information is embedded in a chip in a credit card and users must enter a PIN number in order to use the card, much like they currently do with a debit card. The President moved without Congress on this one, which if anything highlights the importance and the need for haste in this matter.

Chip and PIN reduces the chance of fraud, as I pointed out in an earlier post (see here).

The point is that smart cards are revamped credit cards with microchips that store your data on the card. Chips are better than magnetic strips because the strips use the same technology as a cassette tape (remember those?) and thus are easy to copy. But chips generate a unique code each time they are used. So, while criminals can still steal your card and still commit fraud and sell data, they can’t copy your card and create more fraudulent ones under your name. It’s a big step in the secure data direction.

The major catch with the chip cards, until now, is that most retailers don’t have the technology for them just yet. The main companies that have had breaches have announced plans to install the new technology (this includes Home Depot, Target, etc., and it is also interesting to note that Walmart was ahead of the curve on this one).

But no doubt with the government behind this movement, it’s going to push this technology and added security into the mainstream, essentially making it the new way of doing business via credit.

Thus far there has been some foot-dragging on chips, not just because retailers will have to upscale to the new technology, but also as banks and retailers have argued over who is in fact responsible for security. This should definitely speed up, and resolve, the process.

“There is a need to act and [to] move our economy toward stronger, more secure technologies that better secure transactions and safeguard sensitive data,” the White House said in a statement.

President Obama, speaking about the motivation behind the order, said, “Identity theft is now America’s fastest growing crime. These crimes don’t just cost companies and consumers billions of dollars every year; they also threaten the economic security of middle-class Americans who worked really hard for a lifetime to build some sort of security.”

AVG is glad that the government recognizes identity theft, cyber security, and data breaches as increasingly crucial problems. These are definitely issues that is not only a drag on the economy and businesses, but also affect peoples’ lives, and livelihood. I applaud the President’s bold move on chip and PIN.

Panda Security

Apple Pay: Apple’s new payment system.

iphone6

On September 9, Tim Cook gave us the lowdown on Apple’s latest innovations, among them, Apple Pay. For those who don’t know, this is an electronic payment system, a type of digital wallet, available for iPhone and Apple Watch and which will first begin to operate with partners such as Mastercard, Visa and American Express in October in the U.S. before  being extended to other countries.

This innovation will allow user to pay for goods in stores as well as through other applications. Many already wonder whether in the not too distant future this type of payment may become commonplace, and if so, whether it will be secure. Having your hard-earned money passed from one online digital application to another without ever physically having your hands on it is still a concept many of us are yet to feel entirely comfortable with. And with good reason, any cyber-criminal that accesses your device could have access to your money.

The experts however, believe that this could be a secure option for the transactions of the future. So what type of security does it use?

ApplePay

Apple Pay security methods

1. Tokens

Apple has explained that transactions with this system will be secure because it uses a method known as ‘tokenization’. This is a system often used by financial institutions because it replaces the traditional digits of credit and debit cards with a complex code (‘token’) generated at random, which only keeps that last four digits from the real number and is transmitted between devices.

The great advantage of these numbers is that on their own they are useless and they are only used once. Every time a payment is made a new number is generated. So even if they are intercepted, they can’t be used for anything. This means there is no trace of the data on the credit cards. Even the stores don’t save this data on their servers. The credit card number isn’t stored anywhere, rather the number is associated with a device ID that is saved on a chip inside the terminal.

The exchange of data required for the transaction is carried out with near-field communication (NFC) wireless technology. This is an open platform whose strong point is that it enables fast wireless communication over distances of less than 20cm. However, there are those who question its security: the data can be intercepted, although this is precisely the reason that there are stronger security measures.

apple-credit-card

2. Touch ID

The transaction is completed with Apple’s Touch ID fingerprint sensor. The user doesn’t have to enter a password: the payment process is completed when the user authorizes it by placing a finger on the iPhone ‘Home’ button.

3. CVV

Yet besides the ‘tokens’ and Touch ID, there’s another layer of security. Whenever a user goes to pay, their mobile device sends a CVV. This is normally the three-digit number found on the back of a credit card but this time it’s a number randomly generated by the payment application. Consequently, the device identifies itself to the receiver, which verifies that the ‘tokens’ have been created on the order of the card owner.

The way the application works is simple: All you need is one of the Apple devices mentioned above and to place it close to the store’s payment terminal.

The process is as follows: when the application is launched, the device connects securely to the payment system and selects a credit card stored on the chip integrated in the phone and whose number is associated to an identifier in the device.

The identifier is combined with the ‘token’ and then the application asks the user to identify themselves through the Touch ID fingerprint scanner. The information is then sent to the bank by the store and the transaction is confirmed. And that’s it. Secure transactions can be as simple as that.

The post Apple Pay: Apple’s new payment system. appeared first on MediaCenter Panda Security.

Avast

Avast 2015 protection expands to include your home router

Blog-2015-Launch

Our digital world has expanded from desktop to mobile and now increasingly to the Internet of Things. The gadgets we own and use every day are “smart” – from watches that track our fitness to TVs that know the types of shows we like to watch to digital thermostats that control the temperature in our homes.

This level of connectivity brings its own security risks. To keep our users ahead of the curve, all of Avast 2015 security solutions come with the only home-network security tool designed to identify vulnerable home networks. Our new Avast Home Network Security scans a user’s home network and routers for potential security issues that could allow a hacker attack.

“Security risks have expanded out from the PC to the home network as more devices than ever connect to the Internet via home routers. As a result, home networks have become the hub of personal computing,” said Avast Chief Executive Officer Vince Steckler. “Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers. Avast 2015 addresses these issues head-on with several important new features.”

Avast Home Network Security scans for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so users can make sure only their known devices are connected.

To help our users, we provide guidelines on how to fix vulnerabilities so they can be sure their network is fully protected.

Protection from DNS hijacking

One of the biggest risks users of vulnerable routers face is DNS hijacking. Cybercrooks use malware to redirect you from the site you want to visit, like your online bank, to one that looks like it, but is fake. You log in as usual and the bad guys now have your user name and password.

Avast SecureDNS encrypts Internet traffic between Avast-protected devices and Avast’s DNS server to prevent users from being directed to hijacked sites. Avast offers users SecureDNS as part of our Pro, Internet Security, and Premier products.

Avast 2015 is available now. Download it for your PC or Mac.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.