Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Is Changing Your Password Often A Good Idea?

August 15, 2016 by  
Filed under Security

Comments Off on Is Changing Your Password Often A Good Idea?

Carnegie Mellon University professor Lorrie Cranor, who is the US FTC’s technology guru, has debunked a myth that it is a good idea to change your password often.

Talking to Ars Technica she said that while frequent password changes can lock hackers out they make make security worse.

She told the BSides security conference in Las Vegas that frequent password changes do little to improve security and very possibly make security worse by encouraging the use of passwords that are more susceptible to cracking.

A study published in 2010 by researchers from the University of North Carolina at Chapel Hill more or less confirmed her views. The researchers obtained the cryptographic hashes to 10,000 expired accounts that once belonged to university employees, faculty, or students who had been required to change their passcodes every three months. Researchers received data not only for the last password used but also for passwords that had been changed over time.

By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1″, for instance (excluding the quotation marks) frequently became “tArheels#1″ after the first change, “taRheels#1″ on the second change and so on. Or it might be changed to “tarheels#11″ on the first change and “tarheels#111″ on the second. Another common technique was to substitute a digit to make it “tarheels#2″, “tarheels#3″, and so on.

“The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation. They take their old passwords, they change it in some small way, and they come up with a new password.”

The researchers used the transformations they uncovered to develop algorithms that could predict changes with great accuracy.

A separate study from researchers at Carleton University showed that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.

Courtesy-Fud

Has The Smartphone Bubble Busted?

June 22, 2016 by  
Filed under Smartphones

Comments Off on Has The Smartphone Bubble Busted?

After sliding its slide-rules, flicking its abacus, and counting its toes, the bean counters at Gartner have decided that the smartphone business bubble has burst splattering in the face of those who depend on it.

Big G says the market will shrink from 14.4 per cent growth in 2015 to just 7 per cent in 2016 — with only 1.5 billion smartphone units being shipped globally this year. Compair this with 2010, when Gartner notes the market grew 73 per cent.

However the signs have been obvious for about a year. Mature Western markets saturated, China’s growth engine slowing as demand has topped out and other markets unable to afford the higher margin gear. The smartphone has come to the end of its ability to provide new technology too with companies only able to offer incremental upgrades. Carriers are moving away from subsidizing upgrades which means that them wasting their own profits to prop up the likes of Apple are over.

In emerging markets it says the average lifetime of premium phone is between 2.2 and 2.5 years, while basic mobiles have an average lifetime of three years and up.

Gartner sees the biggest remaining opportunity for smartphone growth in India, noting that sales of feature phones — aka dumbphones — accounted for a majority (61 per cent) of total mobile device sales last year, leaving plenty of scope for upgrades as smartphones continue to become more affordable.

It is estimating 139 million smartphones will be sold in India this year, growing 29.5 per cent year-over-year. It notes the average selling price of mobiles in the country remains below $70, and it expects smartphones priced under $120 to continue to contribute around half of overall smartphones sales there this year.  Apple’s hope that it can save its flailing business numbers by selling into India show the complete lack of understanding of how that market is working. It is tending to favor small local smartphone makers like Intex.

China is going to offer Apple no help either Gartner is expecting “little growth” in the region in the next five years. IT says it is “saturated yet highly competitive” market. Smartphones represented 95 per cent of total mobile phones sales last year.

Gartner analyst Annette Zimmerman said that “non-traditional” vendors in China could do well and thinks that by 2018 at least one such phone maker will be among the top five smartphone brands in the country.

“Chinese internet companies are increasingly investing in mobile device hardware development, platforms and distribution as they aim to grow their user bases and increase user loyalty and engagement,” she said.

The Sub-Saharan African region is also couched as an attractive region for smartphone vendors, with smartphone sales only overtaking mobile phones sales there for the first time last year. Nokia brand licensee and newly formed smartphone OEM HMD will want to take note, given it has paid for the right to build feature phones (and smartphones) bearing the previously iconic Nokia brand name.

Courtesy-Fud

Are Teens Giving The CIA A Headache?

January 26, 2016 by  
Filed under Computing

Comments Off on Are Teens Giving The CIA A Headache?

Teenage hackers are making merry with the online world of CIA director of national intelligence James Clapper.

This is the second bout of attacks from the group of technology tearaways, according to Motherboard, which reports on the Clapper problem and its connection to a group known as Crackas With Attitude.

A member of the group, a young chap called Cracka, told Motherboard that access to a range of Clapper accounts had been seized, and that Clapper and the CIA haven’t a clue what’s going on.

“I’m pretty sure they don’t even know they’ve been hacked. You asked why I did it. I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine,” he said.

The claims were supported by the Office of the Director of National Intelligence, which confirmed that something has happened and that the authorities are looking into it.

“We’re aware of the matter and we reported it to the appropriate authorities,” said spokesman Brian Hale, before going mute.

Cracka, representing himself on Twitter as @dickreject, is less quiet. He has tweeted a number of confirmatory and celebratory messages that are not particularly flattering about the CIA and its abilities.

This is the group’s second bite at the CIA cherry. The teenagers walked into the personal email account of CIA director John Brennan last year and had a good look around. Some of the impact of this was washed away when it was discovered that Brennan used an AOL account for his communications.

“A hacker, who describes himself as an American high school student, has breached the CIA boss’s AOL email account and found a host of sensitive government files that one assumes a government official shouldn’t be sending to his personal email address,” said security comment kingpin Graham Cluley at the time.

“I’m not sure what’s more embarrassing. Being hacked or having an AOL email account.”

Courtesy-TheInq

Can Corporations Be Easily Hacked?

December 18, 2015 by  
Filed under Security

Comments Off on Can Corporations Be Easily Hacked?

Hacking a major corporation is so easy that even an elderly grannie could do it, according to technology industry character John McAfee.

McAfee said that looking at the world’s worst hacks you can see a common pattern – they were not accomplished using the most sophisticated hacking tools.

Writing in IBTImes said that the worst attack was in 2012 attack on Saudi Aramco, one of the world’s largest oil companies. Within hours, nearly 35,000 distinct computer systems had their functionality crippled or destroyed, causing a massive disruption to the world’s oil supply chain. It was made possible by an employee that was fooled into clicking a bogus link sent in an email.

He said 90 per cent of hacking was social engineering, and it is the human elements in your organization that are going to determine how difficult, or how easy, it will be to hack you.

The user is the weakest link in the chain of computing trust, imperfect by nature. And all of the security software and hardware in the world will not keep a door shut if an authorized user can be convinced to open it, he said.

“Experienced hackers don’t concern themselves with firewalls, anti-spyware software, anti-virus software, encryption technology. Instead they want to know whether your management personnel are frequently shuffled; whether your employees are dissatisfied; whether nepotism is tolerated; whether your IT managers have stagnated in their training and self-improvement.”

Muct of this information can be picked up on the dark web and the interernet underground, he added.

“”Are you prepared for a world where grandma or anyone else can quickly obtain, on the wide open web, all of the necessary information for a social engineering hack? Is your organization prepared.

 

Source- http://www.thegurureview.net/computing-category/can-corporations-be-easily-hacked.html

Was The Hilton Hotel Chain Hacked In April?

October 9, 2015 by  
Filed under Computing

Comments Off on Was The Hilton Hotel Chain Hacked In April?

The Hilton organization is reportedly trying to work out whether it has been hacked and, if so, what it should do about it.

We say reportedly as we have not been able to contact Hilton ourselves and can rely only on reports. They are pretty solid reports, however, and they concern a problem at the company that happened between 21 April and 27 July.

Brian Krebs, of KrebsOnSecurity, started this off with a report about a payment card breach. Krebs said that he had heard about the breach from various sources, and that Visa – the card provider – has mailed potentially affected parties with a warning, and the news that it is the fault of a bricks and mortar company.

Visa did not name the company, but affected parties, or banks to be more precise, have uttered it to Krebs. Its name is Hilton.

“Sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: they were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts,” he wrote.

“It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.”

Krebs has a statement from the Hilton organisation in which the firm defended its security practices, and revealed that it is aware of the potential problem and is looking into it. This is a common theme among the breached, and should soon become part of mission statements.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” said the company in the statement to Krebs.

“We have many systems in place and work with some of the top experts in the field to address data security. Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace. We take any potential issue very seriously, and we are looking into this matter.”

We have asked Visa and Hilton for their comments.

Source-http://www.thegurureview.net/computing-category/was-the-hilton-hotel-chain-hacked-in-april.html

Hackers Accessed 10M Records At Excellus

September 23, 2015 by  
Filed under Around The Net

Comments Off on Hackers Accessed 10M Records At Excellus

Hackers have penetrated the IT systems of U.S. health insurer Excellus BlueCross BlueShield and gained access to personal, financial and medical information of more than 10 million people, the company has disclosed.

The initial attack occurred in December 2013, but the company did not learn about it until Aug. 5. Since then it has been working with the FBI and cybersecurity firm Mandiant to investigate the breach.

The hackers may have had access to customer records which include names, addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, financial accounts and medical claims information.

Records may contain all or just some of that information, depending on the customer’s relationship with the company. The breach doesn’t affect just Excellus members, but also members of other Blue Cross Blue Shield plans who sought medical treatment in the upstate New York area serviced by the company.

The information was encrypted, but the attackers gained administrative privileges to the IT systems, allowing them to potentially access it, the company said on a website that was set up to provide information about the incident.

No evidence has been found yet that the data was copied or misused by the attackers.

Excellus will send breach notification letters via mail to all affected persons throughout the month and is offering free credit monitoring and identity protection services for two years through a partner.

The company will not contact affected individuals via email or telephone, so any emails or phone calls claiming to be from the company in regard to this attack should be ignored as they are probably scams.

The incident comes after three other Blue Cross Blue Shield health insurers — Anthem, Premera and CareFirst — announced large data breaches this year as a result of cyberattacks.

Excellus said that it doesn’t have sufficient information about the Anthem, Premera and CareFirst investigations in order to comment about possible connections between those attacks and the one against its own systems.

Source-http://www.thegurureview.net/aroundnet-category/hackers-accessed-10m-records-at-excellus.html

Darkode Hacking Forum Shut Down

July 29, 2015 by  
Filed under Computing

Comments Off on Darkode Hacking Forum Shut Down

Law enforcement agencies from 20 countries collaborated to cripple a major computer hacking forum, and U.S. officials filed criminal charges against a dozen people associated with the website, the U.S. Department of Justice announced.

Darkode.com on is displaying a message saying the site and domain had been seized by the FBI and other law enforcement agencies.

Darkode, a password-protected online forum for criminal hackers, represented one of the gravest threats to the integrity of data on computers across the world, according to David Hickton, U.S. attorney for the Western District of Pennsylvania. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”

Five of the defendants face charges in Hickton’s district.

Darkode allowed hackers and other cybercriminals to sell, trade and share information and tools related to illegal computer hacking, the law enforcement agencies alleged.

Before becoming a member of Darkode, prospective participants were allegedly vetted through a process that included an invitation by a member, the DOJ said in a press release. The prospective member then pitched the skill or products he or she could bring to the forum.

Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware, the DOJ said.

The takedown of the forum and the charges announced Wednesday came after the FBI’s infiltration of Darkode’s membership.

Source

Anthem Gets Hacked

February 17, 2015 by  
Filed under Computing

Comments Off on Anthem Gets Hacked

Health insurer Anthem Inc, which has nearly 40 million U.S. customers, has confirmed that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.

The No. 2 health insurer in the United States said the breach did not appear to involve medical information or financial details such as credit card or bank account numbers.

The information accessed during the “very sophisticated attack” did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.

Anthem said that it immediately made every effort to close the security vulnerability and reported the attack to the FBI. Cybersecurity firm FireEye Inc FEYE. said it had been hired to help Anthem investigate the attack.

The company did not say how many customers and staff were affected, but the Wall Street Journal earlier reported it was suspected that records of tens of millions of people had been taken, which would likely make it the largest data breach involving a U.S. health insurer.

Anthem had 37.5 million medical members as of the end of December.

“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” U.S. Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday.

Source

Silk Road 2.0 Shutdown

November 20, 2014 by  
Filed under Computing

Comments Off on Silk Road 2.0 Shutdown

U.S. governmnent authorities said they have shut down the successor website to Silk Road, an underground online drug marketplace, and charged its alleged operator with conspiracy to commit drug trafficking, computer hacking, money laundering and other crimes.

Blake Benthall, 26, was arrested last Wednesday in San Francisco and was expected to make an initial court appearance in federal court there later on Thursday.

The charges against Benthall carry a maximum sentence of life in prison.

A lawyer for Benthall could not immediately be identified.

Silk Road 2.0 was launched late last year, weeks after authorities had shuttered the original Silk Road website in October and arrested its alleged owner, Ross Ulbricht, who went by the online alias, Dread Pirate Roberts.

“Let’s be clear – this Silk Road, in whatever form, is the road to prison,” Manhattan U.S. Attorney Preet Bharara, whose office is prosecuting both cases, said in a statement.

Benthall, known as “Defcon” online, became the operator of Silk Road 2.0 in December, one month after an unnamed co-conspirator launched the site, according to prosecutors.

Silk Road 2.0 provided an online bazaar where users across the world could buy and sell drugs, computer hacking tools and other illicit items, using the digital currency Bitcoin as payment, authorities said.

As of September, the site was generating at least $8 million a month in sales, they said.

The government’s investigation included an undercover agent who was able to infiltrate the administrative staff of the website and interact directly with Benthall, prosecutors said.

Ulbricht, 30, has pleaded not guilty and is scheduled for trial in New York in January.

Source

PoS Cyber Attacks Up In 2013

June 4, 2014 by  
Filed under Around The Net

Comments Off on PoS Cyber Attacks Up In 2013

A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.

Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.

E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.

According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.

In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”

However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.

Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.

Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.

Source

Next Page »