Tag Archive | cybersecurity

With the Rise of Coding, Comes the Rise of Malware

I’m sure you might have read recent articles about how coding is going to be the ultimate skill in the coming years. Seems like this might as well be true, so it’s being pushed with the various online schools being developed (the list is getting exhaustive). With this huge rise of training comes a huge rise of smarter hackers and malware writers.

What is it about malware that seems so attractive? Money, fun, damage, etc.? We can get a glimpse of reality when we see the statistics on antivirus vendor websites, some say a million new samples are added weekly. Many of these issues arise out of the violence of society or the outward shame that is inflicted upon other people through the art of cyberbullying, hacking, and other threatening tasks.

What’s more is that when we study these aspects, we get a sense that most malware is targeting our wallets, stealing our identities. We need better protection. This is a call to someone who can make better, user friendly operating systems. If you know how to code or are training, please make sure to use it for good. You could in fact become a lot more rich making top security software than becoming a hacker – stealing and risking it all.

What’s better for you? Helping or hurting? Good wallet or prison time? Make your choice. Better humanity through an act of good will. Get out there and code for the good! Make a difference! BE THE DIFFERENCE!

Don’t be afraid to try new things. Set impossible goals. Shoot yourself into the future of technology and skyscrape the world over with your amazing new security software.

Something’s gotta give! And if something doesn’t happen soon, our threatening internet culture could begin to control us and steal our money. We’ll have a very unfair world by then. What if we impose CISPA? That’ll make a lot of people happy but also a lot of people mad.

What more can be helped for our cybersecurity problem? Feel free to comment and leave your suggestions.

Advertisements

RSA Conference Details Unfold in this Super Writeup!

The RSA conference is a yearly security conference where various internet security topics are discussed. Well, this year’s discussions are quite intense, and involve many of the latest problems.

  1. Security training is an important thing for any person. Teaching people about the seriousness of threats is highly important. Not just about some of the basics of threats, like an IP address, firewalls, or antivirus software. But, more than that, more focused on trends in computer security, social engineering, etc. With the increase of people using tablets, smartphones, etc., there is a big need for understanding cybersecurity. (Secure Connexion has their own ventured school, SecuSchool, hosted on a sister website.)
  2. Cybersecurity on Planet Earth is in big trouble! Experts state that the internet was designed to be build without security concerns. However, with password theft, business attacks, fraud, phishing, etc. – this makes internet security far more important. Problem is, attackers are also getting organized with their criminal activity. With that, there is a need for counterintelligence methods.
  3. “Too big to be good” is how most security companies are being stated as. By the time new businesses are started fighting new cyberthreats, criminals already have new plans being carried out.
  4. Free personal data (in numbers of petabytes) are out there in social media and analytics. Scams, fraud, and phishing scams can be built with the free information available online.
  5. Mobile malware on the rise. An apparent 30% of malware submissions (not necessarily new) are reported to come from mobile platforms.
  6. Cyberespionage is on the rise big time!  Governments are spying on each other, gathering information, stealing secrets, and preparing to construct cyberattacks.
  7. There are a lot of good security startups, which are making steady advances toward the future of cybersecurity. We’re just one of those startups.

Today, continuing in RSA, keynote speeches will be posed from Vint Cerf of Google, Philippe Courtot of Qualys with special guess John Pescatore of SANS Institute, Christopher Young of Cisco, Mike Fey of McAfee, and Jimmy Wales of Wikipedia.

Last year’s conference highlights were as follows:

  • Application, cloud, data, and mobile  security
  • Cryptography
  • Hacking and other threats
  • Governance & laws
  • Risk & compliance
  • Professional development
  • Strategy & architecture
  • Technology infrastructure

We will most likely have more details about RSA 2013 in the coming days. The conference runs from February 25-March 1 in San Francisco.

Windows 8 Security Features Explained (mini-whitepaper)

Windows 8 is apparently more secure than Windows 7. Perhaps this is true, and it is best to learn what security features there are for the new operating system. Some of these security features are verified to help out very well in the security of Windows 8, and some may not be in time, or lastly some may not work at all.

One of the most discussed security features is Secure Boot. Now, Secure Boot is a Unified Extensible Firmware Interface (UEFI) specified in the boot process to check cryptographic signatures of kernel-mode drivers, making sure they aren’t modified or corrupted. In other words, the boot process is now made to check if the operating system has been corrupted by malware or some other issue.

This is all part of a hardware restriction process called Hardware DRM. All non-ARM devices have the option to turn Secure Boot off, however ARM devices must keep it on. Experts state that it will be resistant to rootkits, since the MBR and BIOS cannot be accessed, unless if someone working on the computer penetrates it.

Next, Windows 8 features better built in antivirus software, with a much better improved Windows Defender. The software in Windows 8 is combined with the optional tool Microsoft Security Essentials. Now, with Windows Defender super-powered with MSE, it has much more anti-malware features.

With better anti-malware features, Internet Explorer is now made with better features as well. It has the ability to prevent zero-day exploits much greater than previous versions of Internet Explorer. With the challenges of exploiting Windows 7, there was the issue risen up again for Java and Flash Player, so hackers can gain control over the operating system. Those browser plugins are now easier to exploit than the Internet Explorer’s code.

A new application sandboxing environment called AppContainer provides the ability to run all apps in a controlled environment, where it controls how apps work. This prevents apps from disrupting the operating system. Of course, this is just supplemented by Internet Explorer’s SmartScreen filter, which prevents the download/install of known malicious software. However, Windows 8 now has SmartScreen available for any app, allowing even more prevention. Of course, this means Microsoft employees are going to increase in numbers, if they really want to keep up. Now that hackers know their new challenges, they will be relentless.

The questions are still played on whether Windows 8 will be a repeat of Vista or not. The reality of the situation, is if Windows 8 has big popularity, then the security issues will also light up big time. However, many will stick to Windows 7, so the security issues for Windows users are not close to be over. Feel free to take a look at related articles below for Symantec’s opinions, which aren’t too well on the new OS.

Added October 31, 2012: Trusted Platform Module, read more

Keep up with the latest security tips on our blog here. In addition, please donate to help us continue to write these awesome whitepapers.

Republican Senators Revise Cybersecurity Bill

Government Security

The cybersecurity bill discussed in congress earlier this Spring is now revised with newer details. The revision to the originally democratic bill is more based on disallowing the government to absolutely standardize new cybersecurity bills. The idea is for those with critical infrastructured networks get fully secure (as required). The new SECURE IT bill restricts the government from retaining and using information about cyberthreats.

According to Computer World: SECURE IT, backed by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.), will allow companies to legally share real-time cyberthreat information from their networks with other industry stakeholders, law enforcement agents and government officials.

The restriction of the use of such information about cyberthreats is to help combat the ability of hackers from discovering the information and getting quicker revision time for their threats.

The mere investment in to tools to combat cybersecurity threats is crucial to American infrastructure, and infrastructure all around the world even!

The biggest deal is watching how cyberthreat information is shared. Programs like CISPA are not going to function very well. Which means cyberthreat information should be held between private parties for a temporary time, and once a mitigation is made, destroy the data.

Corporate and government systems are not immune to cyberattacks by hackers.

 

%d bloggers like this: