-
What's in store for security in 2013?
Expect more of the same for 2013, and then some. Here are some of the top information security trends -- and vulnerability warnings -- that experts are calling out for the upcoming year:
1. Mainstream Cloud and Mobile Adoption Seeks Security
In 2013 more businesses than ever will look to cloud and mobile computing while also seeking security checks and balances to protect corporate data. "'Cloud' is finally getting over its hype curve," said Steve Robinson, vice president of security development, product management, and strategy at IBM, speaking by phone. "In the beginning of 2012, we were hearing more discussions about if the cloud is safe."
Going into 2013, however, more firms are now setting deployment timetables and talking security practicalities. "I've had a few CISOs tell me that the two platforms they're planning the most for now, looking five years out, are cloud and mobile," Robinson said. On the cloud front, he continued, "We're seeing cloud security being discussed in much more practical terms: what workloads do we put out there, and how do we protect it?"
For mobile devices, on the bring-your-own-device (BYOD) tip, many businesses are asking how to best mix corporate and personal information on smartphones. Interestingly, such questions were hardly ever asked about corporate-owned laptops or desktops, according to Robinson. As a result, he said, by 2014 "we think mobile is going to be as secure, or more secure, than many desktop environments."
2. Businesses Begin Sandboxing Smartphone Apps
One tool that could see widespread adoption in 2013 will be mobile app sandboxing. Indeed, as more employees examine how corporate data gets stored on myriad employee-owned devices, Jim Butterworth, CSO of security software and consulting firm HBGary, predicts that more businesses will turn to sandboxing technology on mobile devices to protect their data. Using a sandbox application to access corporate emails, for example, "that application is only resident on the machine while you're receiving emails -- but you can't copy out or in any attachments," said Butterworth, speaking by phone.
3. Cloud Offers Unprecedented Attack Strength
Just as there's a productivity upside to new technology or trends such as BYOD, so often there can be a potential security downside. In the case of cloud computing, notably, some security researchers have been warning that the sheer scale of the recent DDoS attacks against U.S. banks presages a future of Armageddon-style attacks in which hackers can overwhelm not just targeted websites with high-bandwidth attacks, but every intervening service provider.
In 2013, expect to see even bigger attacks launched from the cloud. "It used to be, to launch a massive denial of service attack, you had to build up your botnets so criminals would slowly and surely build up their army of hundreds of thousands of drones," said Harry Sverdlove, chief technology officer of security software vendor, speaking by phone. "Now, they can rent the equivalent of 100,000 processors. ... So just as legitimate companies are using the cloud to do great things, of course cyber attackers are taking notice as well -- and they can cause significant damage."
4. Post-Flashback, Cross-Platform Attacks Increase
Write once, infect anywhere? That's no doubt the attack goal of many a malware writer. But until recently the relatively scant install base of every operating system -- bar Windows -- led most malware writers to avoid bothering with Mac, Linux, Unix, Android, or other operating systems.
In 2012, however, malware authors altered their approach with the Flashback malware. "With the Flashback Trojan earlier this year, we saw estimates of over 600,000 Mac computers were infected," said Sverdlove, and it apparently earned attackers big bucks via click fraud. Since Flashback, more than one attack has targeted multiple operating systems via cross-platform vulnerabilities present in Java and Flash, and no doubt that targeting those plug-ins for financial gain in 2013 will continue. "With the prevalence of Macs in the workplace and the number of mobile devices, this is becoming a much more lucrative target," he said.
5. Destructive Malware Targets Critical Infrastructure
In 2012, the Shamoon malware was notable for what it apparently wasn't, which was a state-sponsored attack. Instead, Middle Eastern hacktivists have taken credit for disrupting Saudi Aramco -- the state-owned national oil company of Saudi Arabia and the world's largest exporter of crude oil. To do this, they didn't build a Stuxnet-style cyber-weapons factory, but rather gleaned some tricks from previously launched attack code, such as the U.S. government-created Flame malware. The result was Shamoon, which infected and begin erasing the hard drives of 30,000 Saudi Aramco workstations.
Moving into 2013, said Sverdlove, "the trend of hacktivists, combined with a rise in sophistication, will lead to much more destructive attacks on infrastructure." Already, Shamoon has shown that the barrier to entry for launching malware attacks against critical infrastructure systems continues to decrease and that attackers no longer have to be malware experts. Accordingly, people with a grudge may add them to their attack toolkit, next to website defacements, Twitter account takeovers, and DDoS attacks.
"Hacktivists represent the unpredictable factor," said Sverdlove. "All it takes is a few individuals with an agenda or an ax to grind, and they now have the tools to launch distributed denial-of-service attacks or attacks to wipe out data. It makes for a much more dangerous combination."
6. Hackers Target QR Codes, TecTiles
One of the more innovative -- as well as simple and inexpensive -- attacks to emerge over the past year involves fake QR codes, which attackers have printed out and used to cover up real QR codes on advertisements -- especially for financial services firms. "Banks have been battling fake QR codes as a method of doing cross-site scripting attacks on mobile phones," said HBGary's Butterworth. "It's scary: [attackers] use open-source QR generators, then they put these things on billboards or ATM machines, promising $100 if you open a new account -- and it's all just to exploit [consumers]." Alternately, attackers could use fake QR codes on bank advertisements to send consumers to fake versions of their bank's website, then steal their access credentials.
Banks are now also exploring Samsung TecTiles, which are Android apps that let you read and write near field communication (NFC) tags, as a way to let people make payments. But according to Butterworth, with near field communications comes a huge amount of risk. Enterprising attackers could create their own TecTiles that redirect to malicious websites, or even launch phishing attacks.
Attacks using QR and TecTiles target consumers. "It's a problem more, I think, for personal banking and the threat of people getting their money stolen than for some state-sponsored entity trying to find their way in," said Butterworth.
7. Digital Wallets Become Cybercrime Targets
Expect any combination of smartphones, payment capabilities, or credit card data to draw attackers' interest. On a related note, Google, Apple, Verizon, T-Mobile, AT&T and others are now moving into the electronic wallet and digital wallet space. But storing gifts cards and credit cards on a smartphone and allowing consumers to make payments via NFC -- simply waving a smartphone near a payment terminal to begin a transaction -- will make digital wallets a big target for criminals, said Bit9's Sverdlove.
It's virtually guaranteed, furthermore, that every last potential attack vector or exploitable vulnerability hasn't yet been worked out of such systems. "Like any new technology, convenience always precedes security ... and we'll see some elevation in the number of attacks on e-wallets or digital wallets," Sverdlove said. "It will serve in the long run to strengthen security."
But in the short term: come 2013, watch your digital wallet. -
It is that time of year which everybody loves. It is the holiday season and you will start to see a lot more people express good attitudes and wish everyone else a happy new year. As a matter of fact it may be hard to think that with all of this much goodwill in the air there is someone out there who is trying to take advantage of that. But the fact is no matter what time of year it is there are always going to be bad guys around every corner and they will try to stalk their prey at anytime. It does not matter what time of year it is, the bad guys like to work all year round and you always have to be on the lookout for them.As a matter of fact this time of year is a very good time when it comes to black hat hackers. This is because there are so many people online around this time and they are looking for a bunch of deals for their Christmas shopping. The retailers really go full throttle around this time of year and they want to be able to make as much money as they can. This time of year may be known as the holidays to most people but to people in the financial industry it is known as the fourth quarter and it is the most important quarter of the year. They want to be able to make as much money as they can throughout this time period so they will offer deep discounts wherever they can.And since you have so many people online trying to advantage of these deep discounts that are being offered, it is the perfect time for a black hat hacker to try and strike. With so many emails and so much different types of information being sent back and forth it is hard for the average person to be able to discern what is real and what is not. They do not know which emails are really offering a real deal and which ones are fake and trying to get something out of you. Normally you would tell a person that if a deal seems to be too good to be true that it probably is and there are some bad guys behind the offer. But at this time of year all of the deals seem too good to be true and it is hard to tell which one is a bad deal and which on is a good deal.That is why as a consumer, you have to keep a more vigilant eye out than you normally would. Yes, the bad guys are going to be out there in full force and you have to make sure you are more prepared than ever. When you go to visit websites you have to make sure that the domain is correct and that it matches the website that you thought you were going to. If it does not match the domain that you thought you were going to then you should leave right away without clicking on anything. And if you get an offer in your email account then you should not click the link in the email. What you should do is type the website in directly and go to it that way. You never know where a link in your email account is going to take you. So make sure that you do it the right way so that you know where you are going.
Happy Holidays -
It’s been a great and interesting year so far. A year filled with many happy moments, not also forgetting the sad moments. A year with several ups and downs.We’ve witnessed several Organization and Government bodies around the globe punished and suffered under the hands of some powerful hackers. We’ve witnessed good and bad times this 2012, and so, it’s a mix of sweet & sour, combo of smooth and rough.But all in all, we are alive today, healthy and hearty, though, some of us might complain of the lack of funds to celebrate during this festive season; but you should know that as long as we are alive and breathing, there is hope, hope for a better tomorrow, hope for a beautiful future.Look back from January till date, count your blessings one by one, there are numerous reasons to be happy, excited and thankful to God.Christmas is about love, redemption, a raising of one’s spirit and reconciliation. It should be about love and how much of it we can all share; it should be about redeeming those values that might have been lost in the course of the year; it should be about reminding ourselves of what Jesus Christ really stands for, came to do on earth and commanded us to do, and not just some celebration whose meaning is lost on a huge majority of the celebrants.So today, be happy regardless of your state of mind, health or finance. Show some love, to your family; friends, neighbors, strangers and every living creature around you. Let them know how much you appreciate them.Smoke less, drink little (alcohol), act reasonably, drive safe, eat more, laugh and dance a lot, with plenty of hugs and kisses. Merry it up!Happy Christmas to everyone, and a prosperous 2013 in advance.Wishing you all a smooth sailing into the New Year.Cheers……….. -
Cloud: security threat or solution?
- Cloud-based intelligence databases
- Customised risk tolerance
- Signature approach combined with local behavioral analysis
- Protecting systems offline
- File-scanning misses the big picture
- Read more about cloud and security
Security continues to hinder organisations in adopting cloud computing, at least for mission-critical or sensitive data applications. Concerns about sensitive data sitting on infrastructure shared with competitors continue to linger, but the power of cloud computing is now being put forward as an effective way of dealing with increasingly dynamic and advanced threats.
Some security suppliers are even looking at cloud computing to give them the competitive edge in detecting and mitigating previously unknown threats in near real time.
For quite some time security researchers have been saying signature-based technologies can no longer cope with the latest threats. Because attacks are so frequently updated, by the time something is recognised as a threat, a new variant has been released rendering any signature-based security systems impotent.
Research by security firm Imperva has shown that less than 5% of the top 40 anti-virus systems are able to detect previously non-catalogued viruses initially.
The research, which used more than 80 previously non-catalogued viruses, also showed many systems took up to a month or longer, following the initial scan, to update their signatures.
“Enterprise security has drawn an imaginary line with its antivirus solutions, but the reality is that every single newly created virus may subvert these solutions,” said Amichai Shulman, CTO, Imperva.
“We do not believe enterprises are achieving the value of the investment of billions of dollars in anti-virus solutions, especially when certain freeware solutions in our study outperformed paid solutions,” Shulman said.
Cloud-based intelligence databases
In the light of this and other similar studies, those at the forefront of security research agree the time has come for a different approach. Organisations need to detect new threats quickly and mitigate them before too much damage is done, but is cloud computing the answer?
At the very least, Security firm Webroot believes cloud computing is key to the future of defences against malware.
Only by using cloud infrastructure is it possible to scan, analyse and compare unknown software with a variety of malware databases, according to George Anderson, Webroot’s senior enterprise product marketing manager.
Rather than put a comprehensive malware signature file on each endpoint, malware intelligence and assessments are conducted in Webroot’s cloud environment.
Because the software client does not have to receive and process signature files, the software client has a much smaller footprint than traditional software clients.
A cloud-based approach, Webroot claims, means there is no need for continual updates of the software client, faster scans, low impact on system resources and improved effectiveness.
Webroot backs up the low performance impact claim with benchmark tests by PassMark software in which the security supplier scored 78 out of 80 or 97.5%, compared with the 55 out of 80 or 69% scored by its closest competitor.
Customised risk tolerance
According to Forrester Research, the move to using a cloud-based intelligence database to deliver real time threat protection is an established trend with most of the major security players making investments in this area.
Security firms have realised that, by leveraging their install base, they can collect information about file behaviour and start to make trust-based decisions.
This encompasses the simple white- and black-listing of files, yet steps beyond this, allowing users to define their own level of risk tolerance for unknown files, said Andrew Rose, principal analyst in security and risk at Forrester Research.
However, he said, although the cloud-based solution has many benefits, he has some concerns.
“Relying entirely on cloud leaves the endpoint to fend for itself when it is offline. Although sandboxing may offer some assistance, I would be seeking assurances that the local security agent would be sufficiently resilient and flexible to enable sophisticated functionality and ensure protection in an operating system built for collaboration, rather than segmentation,” said Rose.
Signature approach combined with local behavioral analysis
Similarly, he said, the level of protection relates directly to the strength of the provider's intelligence network and this is an area where the established players, such as Symantec and McAfee, have a significant advantage - with billions of existing file trust records and a growth rate of 10s of millions each week.
“Although a cloud-based solution has lots of value, I am still drawn to the hybrid approach, where expansive cloud intelligence networks are supplemented with local behavioural analysis of files, local file activity restrictions and resilient local sandboxing,” said Rose.
This is where Webroot seeks to differentiate itself from traditional signature-based systems as well as other security firms that have seen the potential of cloud-based security intelligence.
Webroot’s systems focus on the behaviour of files that try to execute on a system, regardless of whether or not Webroot has seen that file previously and have a cloud-based signature for it.
Any unknown file is monitored and its behaviour recorded as it tries to execute, said Webroot’s George Anderson.
“Once it is deemed malicious, it is placed in a sandbox on the client for isolated execution and deeper behaviour analysis, while any actions the file may have taken are automatically rolled back to return the system to the last known good state, reversing only the changes that the suspicious file made,” he said. This means that even while unknown malware is active, systems are protected.
Protecting systems offline
Webroot seeks to address the concern about protection while offline by using offline heuristics tuned to the endpoint’s pre-offline software profile to identify and block threatening behaviours from a new software program introduced while the device is offline.
The Webroot client also records changes to files, registry keys and memory locations associated with new software introduced while the device is offline. This process is beneficial if the heuristics did not trigger blocking but the new software is, in reality, malware.
Once the endpoint is back online, a threat assessment is conducted in the Webroot cloud. If the program is determined to be malware, the malicious file is removed and Webroot returns the endpoint back to its last known good state. However, this is possible only with some behavioural analysis capability.
While cloud computing does appear to have the potential to tackle new and emerging cyber threats, it also appears that this alone will not be enough and needs to be paired with a comprehensive behavioural analysis capability to deal with zero-day threats and any periods where systems are offline.
File-scanning misses the big picture
Despite confirming the trend identified by other similar studies, Rik Ferguson, research director at security firm Trend Micro, believes the methodology of the Imperva research is flawed.
“Simply scanning a collection of files – no matter how large or how well sourced – misses the point of security software entirely; the actual file, the payload is simply one link in a long chain of events, and one that is pretty much towards the end of that chain,” said Ferguson.
The Imperva study, he contends did not expose the security products to threats in the way that they would be exposed in the wild.
“Where was the email with the malware attached, or the included URL, an email that could have been blocked based on its source IP, thereby breaking the chain? If it were a URL, then where was the analysis of the content at the URL, looking for malicious JavaScript, shell code, redirects, exploits or even simply a malicious history? Again an area for successfully stopping a threat even before the file arrives. Where was the analysis of the behaviour of the file in the system and on the network?”
According to Ferguson, to decide whether or not a threat would be blocked, it must be processed in a test in the same way it would be delivered to the victim.
“File reputation only represents one layer of security, one interlinked technology among many in any security solution worthy of the name,” he said. -
First fake-installer Trojan for OS X spotted in the wild
Indeed, upon receiving the code by SMS users will be able to ‘activate’ the software and finish the installation, or in some cases the installer might not work at all. In either case what they’ll find out later is that messages will keep coming on a regular basis and a fee will be debited each time from their mobile phone accounts.
The attack in question is dubbed Trojan.SMSSend.3666 and is being distributed under a rogue affiliate program known as ZipMonster that helps fraudsters craft fake installers and monetize their attacks.
Though it may be obvious to anyone who knows its way around a computer, the best defense from these types of scams is to always download software only from trusted sources or from the developers themselves. There’s no mention of whether Lion and Mountain Lion’s Gatekeeper is able stop the installer in its tracks, though it should be the case with the default setting preventing unsigned code from being executed. -
Microsoft Has Been Watching, and It Says You’re Getting Used to Windows 8.
Data collected from some users of the operating system suggest people are adjusting well to the radical departure from previous designs, says the company.
New era: Windows 8 is designed to be operated by touch as well as with a mouse and keyboard.
“So far we’re seeing very encouraging things,” Larson-Green says of the large volume of data that Microsoft receives every day from people using Windows 8 who have chosen to join the company’s “customer experience improvement program.” All users are invited to enroll in that program when they first log into the new operating system. If they do so, anonymized information about how they are using the operating system is sent to Microsoft. Referring to complaints from some quarters, Larson-Green says: “Even with the rumblings, we feel confident that it’s a moment in time more than an actual problem.”
Windows 8 is a radical departure from previous versions of the operating system now used by around 1.3 billion people. Instead of the Start button and menu in use since 1995, it features a “Start screen,” a colorful display of tiles that function as shortcuts to programs and also display notifications—an environment optimized for touch computing. There are also two versions of many software programs—one for the regular desktop interface and one for the new tile-oriented one.
Although some new users will struggle to figure out these features, Larson-Green says that 90 percent of them need just one session to discover the two that are most crucial to the interface design. Those are the Start screen and “Charms,” a menu that offers shortcuts to be summoned by a mouse or finger gestures.
The data collected by Microsoft also show that people are becoming more familiar with the new features over time, says Larson-Green. She previously led a redesign of the Microsoft Office interface that, in 2007, replaced text-based menus with a more visual “ribbon interface,” an initially controversial change that is now widely accepted as an example of good design. “Two days to two weeks is what we used to say in Office, and it’s similar in Windows 8,” she says.
The findings suggest that even those who initially stick to the parts of Windows 8 that resemble previous Windows desktops eventually loosen up, says Larson-Green: “There’s a cutover point, around six weeks in, where you start using the new things more than the things you’re familiar with.” She adds that the lack of tutorials or detailed instructions on how to adjust to Windows 8—something that has attracted complaints—is a deliberate choice. Tests have shown that although people find tutorials “comforting,” they don’t retain much information from them, she says, making them a waste of time.
Larson-Green’s claims diverge dramatically with the opinions of many technology journalists and bloggers. They also run counter to the results of a small research study conducted by the influential usability consultant Jakob Nielsen, who asked 12 people to spend an hour with Windows 8. On the basis of their experience and his own expertise, he concluded that it offers “disappointing usability to both novice and power users.”
Nielsen says that Larson-Green’s indicators may not capture the real problem with Windows 8. “It sounds plausible that people can learn to use Windows 8 to a level where they aren’t constantly stumped after two weeks,” he says. “The real question is whether they will then have reached a higher level of productivity than they had before.”
Nielsen thinks that even once Windows 8’s features become familiar, the operating system still asks more of users than previous versions did: they must remember how to operate both a familiar desktop environment and the new Start screen and related apps, which function very differently. The upshot, he says, is that home users may be tempted to switch to an alternative, such as an Apple computer, while workers will simply achieve less. “My estimate is that power users will not have higher productivity with Windows 8 than they did with Windows 7,” he says. “I fear that they will have lower productivity.”
Elizabeth Mynatt, director of the Institute for People and Technology at Georgia Tech and a researcher in human-computer interaction, says that one of the most important measures of usability in a new computing interface is how people progress over time from their first impression—something Nielsen and other independent reviewers have not yet measured.
“We look to see that people are going to stumble forward rather than end up going down the wrong track,” she says. “None of that will come out in a ‘Wow, this looks different’ review.” Making crucial features “invisible” by hiding them beneath slick design is a common pitfall that prevents progress, she adds.
Larson-Green’s data suggest that Microsoft has at least managed to make features such as the Start screen and Charms visible to most people. But as Nielsen points out, that doesn’t mean everyone will find the work involved in discovering and mastering them worth it.
The real question, Nielsen says, is “how long it takes them to make up for the two weeks spent on that initial learning curve.” -
Office 2013, which was released to manufacturing back in October with retail launch is expected soon, is now available for download as a 60 day trial. Office Professional Plus 2013 is the "future of productivity" as Microsoft puts it and can finally be downloaded for those wishing to try it out before purchasing.
On the 24th of October, Microsoft released Office 2013 RTM to those who had a TechNet or MSDN subscription. Now, those wishing to try out Office 2013 Pro Plus for 60 days can now do so at TechNet. Office Professional Plus 2013 comes with Word, PowerPoint, Excel, Outlook, OneNote, Access, Publisher, and Lync. Office 2013 features integration with Windows 8 and is now touch-friendly as well as cloud-centered. Find below a roundup of Office 2013 and its new features or simply hit the source link below to download the 60-day trial.
Office at Its Best on Windows 8
- Touch everywhere. Office responds to touch as naturally as it does to keyboard and mouse. Swipe your finger across the screen or pinch and zoom to read your documents and presentations. Author new content and access features with the touch of a finger.
- Inking. Use a stylus to create content, take notes and access features. Handwrite email responses and convert them automatically to text. Use your stylus as a laser pointer when presenting. Color your content and erase your mistakes with ease.
- New Windows 8 applications. OneNote and Lync represent the first new Windows 8 style applications for Office. These applications are designed to deliver touch-first experiences on a tablet. A new radial menu in OneNote makes it easy to access features with your finger.
- Included in Windows RT. Office Home and Student 2013 RT, which contains new versions of Word, Excel, PowerPoint and OneNote applications, will be included on ARM-based Windows 8 devices, including Microsoft Surface.
Office Is in the Cloud
- SkyDrive. Office saves documents to SkyDrive by default, so your content is always available across your tablet, PC and phone. Your documents are also available offline and sync when you reconnect.
- Roaming. Once signed in to Office, your personalized settings, including your mostrecently used files, templates and even your custom dictionary, roam with you across virtually all of your devices. Office even remembers where you last left off and brings you right back to that spot in a single click.
- Office on Demand. With a subscription, you can access Office even when you are away from your PC by streaming full-featured applications to an Internet-connected Windows-based PC.
- New subscription services. The new Office is available as a cloud-based subscription service. As subscribers, consumers automatically get future upgrades in addition to exciting cloud services including Skype world minutes and extra Sky Drive storage. Subscribers receive multiple installs for everyone in the family and across their devices.
Office Is Social
- Yammer. Yammer delivers a secure, private social network for businesses. You cansign up for free and begin using social networking instantly. Yammer offers integration with SharePoint and Microsoft Dynamics.
- Stay connected. Follow people, teams, documents and sites in SharePoint. View and embed pictures, videos and Office content in your activity feeds to stay current and update your colleagues.
- People Card. Have an integrated view of your contacts everywhere in Office. The People Card includes presence information complete with pictures, status updates,contact information and activity feeds from Facebook and LinkedIn accounts.
- Skype. The new Office comes with Skype. When you subscribe, you get 60 minutes of Skype world minutes every month. Integrate Skype contacts into Lync and call or instant message anyone on Skype.
Editions
- Office 365 Home Premium — designed for families and consumers. This service also includes an additional 20 GB of SkyDrive storage and 60 minutes of Skype world minutes per month.
- Office 365 Small Business Premium — designed for small businesses. This service also includes business-grade email, shared calendars, website tools and HD web conferencing.
- Office 365 Pro Plus — designed for enterprise customers who want advanced business capabilities and the flexibility to deploy and manage in the cloud.
The download is available in 32- and 64-bit flavors from Microsoft's TechNet Evaluation Center. You’ll need to login with your Microsoft credentials, fill in a form with your name and country of residence, and choose the desired version and language, before being served with a download link and a product key to activate the trial.
Instead of an installer, Microsoft decided to release the software as a disc image. Windows 8 offers native support for .img files, so users already running the latest version of the operating system will be able to access the installer with a simple double-click. Everyone else will need third-party software like ImgBurn or Daemon Tools, both available for free, to either burn it into a disc or mount it as a virtual drive.
Microsoft Office 2013 requires Windows 7, Windows 8, Windows Server 2008 R2, or Windows Server 2012 to run -- Windows XP holdouts are out of luck. Standalone versions will be available at $139.99 for the Home & Student Edition, $219.99 for Home & Business and $399.99 for Office 2013 Professional. The suite will also be available as part of an Office 365 subscription package for either $99.99 or $149.99 per year.
Download: Microsoft Office Professional Plus 2013 Trial
-
Cloud computing can provide your company with an array of benefits. As you move forward with your business initiatives and try to increase your revenue, it’s important to stay on the cutting-edge to be competitive. With cloud computing, you’ll not only be utilizing the latest technology, but you’ll be doing so in a cost-effective way. Cloud computing streamlines everyday business processes by organizing and tracking information, and maintaining it in an easily accessible location so that all employees have access to the same reliable, timely data whenever and wherever they need it.
It may be helpful to have a basic understanding of the cloud computing paradigm, so that you can better understand its relevance to the enterprise world. Cloud computing is simply the online storage and processing of data, in comparison to first-generation computing, which takes place on individual PCs, servers or mainframes. In this style of computing, not only was it necessary to purchase, install and maintain this cumbersome and expensive hardware, but it was also necessary to purchase multiple copies of software, or software licenses, in order to make sure that all employees had access to the programs.
Cloud computing has evolved from the Internet, and is familiar in such popular online services as wikis, photo storage and sharing Web sites, social media and message forums, and peer-to-peer file-sharing networks. Anyone who utilizes Gmail, Yahoo!, or Hotmail is using the cloud not only for sending E-mails and attachments, but also for storing these documents and files online. That’s cloud computing.
On the enterprise level, cloud-based business applications can provide a wealth of services. The entire customer information database, including statistics, contact information, purchase patterns and trends, and target market information, can be stored in a shared data center and easily accessed by anyone who needs it – whether a sales rep out on a call, the manager back in the home office, or an executive in the boardroom.
These applications can also analyze data, so that sales representatives no longer need to use software programs and their valuable time to generate reports. All they have to do is input the data, and it’s analyzed and reported automatically. This means that the entire pipeline is made much more efficient. Cloud computing updates all applications and data in real-time, so there are no more delays, and everyone is assured that they have the most reliable, up-to-date information possible.
Marketing and upper-level management can use this information to formulate strategies, plan products and promotional campaigns, and keep an eye on their sales team’s performance. Call centers can also have access to timely and accurate information, which empowers them to better serve the customer and to serve more customers, since each call will take less time when they have the information they need at their fingertips.
The best part about Web-based business applications? They’re as easy to use as a Web site, and each user can individually customize his or her interface to their own preferences. This means that the programs will be quickly and readily adopted across the board, and it also eliminates the training and lengthy rollouts associated with conventional software programs. Cloud computing is cost-effective, too, because it’s billed on a per-use basis, instead of requiring high upfront capital investments in hardware infrastructure.
When you look at all the benefits that cloud computing can provide, it’s easy to see why moving your company into the cloud can increase productivity, grow revenue, encourage customer satisfaction, and lower costs – thereby improving your company’s bottom line.
How Then Can Cloud Computing Benefit My Business?
Cloud computing is important to your business especially when it comes to customer relationship management. There are many different descriptions for cloud computing, but contrary to popular thought, it is not something new. Cloud computing is something that’s been around for a long time. In fact, you’re probably already using it right now within your business organization.
Cloud computing is simply a term that is used to describe services that are provided to you via the Internet. While these services can include something as simple as email, cloud computing can also include more complex tasks like accounting,forecasting and tracking. Cloud computing services are provided to you through a remote server. This means that you can just conveniently log in from any Internet location to access and utilize them. You can use them from any computer, not just your own.
This is why the term cloud is used. The services are up in the air, accessible to everyone. Of course this doesn’t mean that the services are not secure. They are usually secured with a user name and password, and sometimes greater security measurements are taken.
You are probably wondering what other cloud computing applications besides email can improve your business and customer relationship management. Besides email, when it comes to business, Internet telecommunications have increased the professionalism of many small businesses.
Because of cloud computing, you can now meet with your clients from all over the world in real time via video and webinars. You could put together professional presentations from your basement if you wanted to and emergency meetings are simple to organize when using the internet.
In addition to all of the exciting functionality within cloud computing, these services are very affordable and accessible to most, if not all businesses. There are some services that offer professional services like this for free. Internet telecommunications applications are extremely important cloud tools when it comes to customer relationship management.
Cloud computing can also be used for additional storage. Expensive hard drives are not needed, as you will store your files in an off-site location. This can increase your office space and hard drive space while helping you to organize data. At the same time, your data can be accessed remotely and quickly whenever necessary. This means a lot to clients. It makes them feel important when you have their information right at hand.
There are now more and more online backup corporations that are popping up to provide companies and individuals with backup storage in case of emergencies and for convenience.
Cloud computing has applications that can help with your accounting needs, contact lists and customer lists. Your client lists and business contact lists are the most important lists you will have in business, and anything that makes accounting easier is very helpful to resource for every user.
Cloud computing accounting software in fact has eliminated the expense of a professional accountant from the budget of many small businesses. The software is often so complete and user-friendly, that a professional accountant has become absolutely unnecessary.
Cloud computing offers so many advantages to the modern business person. In the past, many of these small businesses would never exist because they wouldn’t have had the seed money to start. Cloud computing provides professional business services that can help any business grow for free or at a very low cost price point. There are also some cloud computing services that cost a bit more, so it is wise to shop around. In many instances you can start a successful online business or brick and mortar cloud computing supported business for less than $200.
So as you can see, cloud computing is an institution on the internet that has been around for many years. You are probably already familiar with some of the most popular elements of cloud computing, like email, and enjoy utilizing them in your personal and business life. Now that you know some of the other cloud computing applications that are available to you, you can branch out and improve your business even more.
-
Anonymous vs Wikileaks:
THE END OF A SOLID ALLIANCE.
Hacktivism is considered one of the main cyber threats and its operations have created serious problems to private businesses and governments, for this reason security expert all over the world are trying to deeply analyze the different movements of dissent and their mutual relationship. In the collective, the term hacktivist is immediately associated to names of group such as Anonymous and Wikileaks, two groups that in more than one occasion have operated together for a common intent. We must specify that the two souls of the hacktivism are very different for organization and modus operandi, Anonymous collective hasn’t a leader such as Assange for Wikileaks and it doesn’t have an organic structure, but consists of a multitude of cells that sometimes have moved in a manner dissonant. Other deep difference is in the way to move the protest, Anonymous hackers usually choose a target and try to attack it in various ways, Wikileaks follows whistleblowing strategy using information acquired from third parties. The two organization are complementary and have demonstrated that joining their force could represents a serious menace.
In 2010, Anonymous organized different attacks against the sites of MasterCard, Visa and Paypal to protest against the refusal of these companies to send customer donations to WikiLeaks, don’t forget also the collaboration in the case of Stratfor hack.
But what has happened to the solid alliance?
A deep crack seems to threaten the relationship between the two groups, recently Anonymous collective, at least in some of its current, has released many announcements and posted many tweets to express disappoint against the policy of Wikileaks.
“The end of an era. We unfollowed @Wikileaks and withdraw our support. It was an awesome idea, ruined by Egos. Good Bye,” said a tweet from Anonymous IRC.
In the following picture other messages from collective.
The fracture occurred this week because Wikileaks organization added an overlay donation page that popped up when user visited the web site’s Global Intelligence Files.
The web site propose the millions of emails leaked from intelligence company Stratfor and stolen by Anonymous with a clamorous hack to the web site of the company, that’s why the collective hasn’t accepted the decision of Wikileaks to request a donation for the precious contents.
“The information must to be free, it hasn’t owners” that’s is the thought of Anonymous that interpreted donation page as a “paywall” and an unacceptable affront.
The page seems to be related to a fundraising campaign pro Assange announced on Oct.3. WikiLeaks confirmed that the banner is financially necessary during the US election campaign which will expire on Election Day. Assange asking for donations, in the ad he suggests the support to “vote with their wallet” this election season.
“We call on @WikiLeaks to change their current set up to force donations. #InformationWantsToBeFree,” states a tweet.
“WikiLeaks faces unprecedented costs due to involvement in over 12 concurrent legal matters around the world, including our litigation of the US military in the Bradley Manning case. Our FBI file as of the start of the year had grown to 42,135 pages,”
A note positioned at the bottom of the WikiLeaks page, however, says the banner only appears once a day for each user.
WikiLeaks was surprised by the reaction of Anonymous and in a first moment defended its initiative leaving the page, but later it removed it.
WikiLeaks tweeted the following reply to the group of hacktivist:
“A tweet, share, wait or donate campaign is not a ‘paywall,’”
Is it possible that the split is triggered by the single published web page? What is changed in the relationship between the groups?
According the declarations of Anonymous the recent evolution of Wikileaks are too different from its original motivations, today it appears to concentrate on preserving its leader Julian Assange from the extradition in the Sweden to face rape charge. Once in Sweden the government could send Assange to U.S. to face charges for publishing secret documents leaked by Army analyst Bradley Manning, but Washington considers him a danger for homeland security exactly like Al-Qaeda.
A statement published on pastebin.com states that Anonymous cannot support the “One Man Julian Assange show,” adding that the collective continues to support the principles behind WikiLeaks.
“We have been worried about the direction Wikileaks is going for sometime now,” “In the past year, the focus has moved away from actual leaks and the fight for freedom of information and concentrated more and more on Julian Assange and a rabid scrounging for money.”
I think what happened is another demonstration of the heterogeneity Anonymous group that does not seem to be compact on this occasion. This is the greatest limit of the collective, it’s hasn’t a unique soul and this characteristic is penalizing it’s possibility to influence worldwide policy.
“Anonymous turns it’s back on WikiLeaks,”
“WikiLeaks has with its actions this past 48 hours betrayed Anonymous, and thus has lost its biggest and most powerful supporter.”
Certainly some currents within the group are contrary to the policy of Wikileaks but many other faces were not expressed in a manner so hard against the group of Assange.
But reading these press release with such contrasting springs to mind another idea:
And if someone was deliberately introducing elements of disorder in the dialogue between the two organizations. The absence of a leader in Anonymous, again, may be the weak point of the collective, a multitude of uncoordinated groups move too simple to operate on some of them feeding the clutch with Wikileaks.
Who would want that?
Surely governments, but also some intelligence organizations who fear the collaboration between Wikileaks and Anonymous.
For many experts in our sector, the whistleblowing and the hacktivism in general represents an evolution of ordinary protest through the new media, while condemning some sensational initiatives many believe that the revelations of some of the burning truth has contributed to a change, but these contrasts represent a dangerous evolution of the phenomenon.
Assange has become a leader in a cage, an icon of a movement that has to live its own life.
Just as I imagine he desires, you can condemn a man but not wipe out an ideology.
What's your take on this? -
SECURITY THROUGH OBSCURITY:
How to cover your tracks online
From Tor to steganography, these six techniques will help obscure the data and traces you leave online
Security through obscurity: How to cover your tracks online
Thinking about the bits of data you leave behind is a one-way ticket to paranoia. Your browser? Full of cookies. Your cellphone? A beacon broadcasting your location at every moment. Search engines track your every curiosity. Email services archive way too much. Those are just the obvious places we're aware of. Who knows what's going on inside those routers?
The truth is, worrying about the trail of digital footprints and digital dustballs filled with our digital DNA is not just for raving paranoids. Sure, some leaks like the subtle variations in power consumed by our computers are only exploitable by teams of geniuses with big budgets, but many of the simpler ones are already being abused by identity thieves, blackmail artists, spammers, or worse.
Sad news stories are changing how we work on the Web. Only a fool logs into their bank's website from a coffee shop Wi-Fi hub without using the best possible encryption. Anyone selling a computer on eBay will scrub the hard disk to remove all personal information. There are dozens of sound, preventative practices that we're slowly learning, and many aren't just smart precautions for individuals, but for anyone hoping to run a shipshape business. Sensitive data, corporate trade secrets, confidential business communications -- if you don't worry about these bits escaping, you may lose your job.
Learning how best to cover tracks online is fast becoming a business imperative. It's more than recognizing that intelligent traffic encryption means not having to worry as much about securing routers, or that meaningful client-based encryption can build a translucent database that simplifies database management and security. Good privacy techniques for individuals create more secure environments, as a single weak link can be fatal. Learning how to cover the tracks we leave online is a prudent tool for defending us all.
Each of the following techniques for protecting personal information can help reduce the risk of at least some of the bytes flowing over the Internet. They aren't perfect. Unanticipated cracks, even when all of these techniques are used together, always arise. Still, they're like deadbolt locks, car alarms, and other security measures: tools that provide enough protection to encourage the bad guys to go elsewhere.
Online privacy technique No. 1: Cookie management
The search engines and advertising companies that track our moves online argue they have our best interests at heart. While not boring us with the wrong ads may be a noble goal, that doesn't mean the relentless tracking of our online activities won't be used for the wrong reasons by insiders or websites with less esteemed ideals.
The standard mechanism for online tracking is to store cookies in your browser. Every time you return to a website, your browser silently sends the cookies back to the server, which then links you with your previous visits. These little bits of personalized information stick around for a long time unless you program your browser to delete them.
Most browsers have adequate tools for paging through cookies, reading their values, and deleting specific cookies. Cleaning these out from time to time can be helpful, although the ad companies have grown quite good at putting out new cookies and linking the new results with the old. Close 'n Forget, a Firefox extension, deletes all cookies when you close the tab associated with a site.
Standard cookies are just the beginning. Some ad companies have worked hard on burrowing deeper into the operating system. The Firefox extension BetterPrivacy, for example, will nab the "supercookies" stored by the Flash plug-in. The standard browser interface doesn't know that these supercookies are there, and you can delete them only with an extension like this or by working directly with the Flash plug-in.
There are still other tricks for sticking information in a local computer. Ghostery, another Firefox extension, watches the data coming from a website, flags some of the most common techniques (like installing single-pixel images), and lets you reverse the effects.
Online privacy technique No. 2: Tor
One of the simplest ways to track your machine is through your IP address, the number the Internet uses like a phone number so that your requests for data can find their way back to your machine. IP addresses can change on some systems, but they're often fairly static, allowing malware to track your usage.
One well-known tool for avoiding this type of tracking is called Tor, an acronym for "The Onion Router." The project, developed by the Office of Naval Research, creates a self-healing, encrypted supernetwork on top of the Internet. When your machine starts up a connection, the Tor network plots a path through N different intermediate nodes in the Tor subnet. Your requests for Web pages follow this path through the N nodes. The requests are encrypted N times, and each node along the path strips off a layer of encryption like an onion with each hop through the network.
The last machine in the path then submits your request as if it were its own. When the answer comes back, the last machine acting as a proxy encrypts the Web page N times and sends it back through the same path to you. Each machine in the chain only knows the node before it and the node after it. Everything else is an encrypted mystery. This mystery protects you and the machine at the other end. You don't know the machine and the machine doesn't know you, but everyone along the chain just trusts the Tor network.
While the machine acting as your proxy at the other end of the path may not know you, it could still track the actions of the user. It may not know who you are, but it will know what data you're sending out onto the Web. Your requests for Web pages are completely decrypted by the time they get to the other end of the path because the final machine in the chain must be able to act as your proxy. Each of the N layers was stripped away until they're all gone. Your requests and the answers they bring are easy to read as they come by. For this reason, you might consider adding more encryption if you're using Tor to access personal information like email.
There are a number of ways to use Tor that range in complexity from compiling the code yourself to downloading a tool. One popular option is downloading the Torbutton Bundle, a modified version of Firefox with a plug-in that makes it possible to turn Tor on or off while using the browser; with it, using Tor is as simple as browsing the Web. If you need to access the Internet independently from Firefox, you may be able to get the proxy to work on its own.
Online privacy technique No. 3: SSL
One of the easiest mechanisms for protecting your content is the encrypted SSL connection. If you're interacting with a website with the prefix "https," the information you're exchanging is probably being encrypted with sophisticated algorithms. Many of the better email providers like Gmail will now encourage you to use an HTTPS connection for your privacy by switching your browser over to the more secure level if at all possible.
An SSL connection, if set up correctly, scrambles the data you post to a website and the data you get back. If you're reading or sending email, the SSL connection will hide your bits from prying eyes hiding in any of the computers or routers between you and the website. If you're going through a public Wi-Fi site, it makes sense to use SSL to stop the site or anyone using it from reading the bits you're sending back and forth.
SSL only protects the information as it travels between your computer and the distant website, but it doesn't control what the website does with it. If you're reading your email with your Web browser, the SSL encryption will block any router between your computer and the email website, but it won't stop anyone with access to the mail at the destination from reading it after it arrives. That's how your free Web email service can read your email to tailor the ads you'll see while protecting it from anyone else. The Web email service sees your email in the clear.
There are a number of complicated techniques for subverting SSL connections, such as poisoning the certificate authentication process, but most of them are beyond the average eavesdropper. If you're using a local coffee shop's Wi-Fi, SSL will probably stop the guy in the back room from reading what you're doing, but it may not block the most determined attacker.
Online privacy technique No. 4: Encrypted messages
While Tor will hide your IP address and SSL will protect your bits from the prying eyes of network bots, only encrypted mail can protect your message until it arrives. The encryption algorithm scrambles the message, and it's bundled as a string of what looks like random characters. This package travels directly to the recipient, who should be the only one who has the password for decrypting it.
Encryption software is more complicated to use and far less straightforward than SSL. Both sides must be running compatible software, and both must be ready to create the right keys and share them. The technology is not too complicated, but it requires much more active work.
There's also a wide range in quality of encryption packages. Some are simpler to use, which often makes for more weaknesses, and only the best can resist a more determined adversary. Unfortunately, cryptography is a rapidly evolving discipline that requires a deep knowledge of mathematics. Understanding the domain and making a decision about security can require a doctorate and years of experience. Despite the problems and limitations, even the worst programs are often strong enough to resist the average eavesdropper -- like someone abusing the system admin's power to read email.
Online privacy technique No. 5: Translucent databases
The typical website or database is a one-stop target for information thieves because all the information is stored in the clear. The traditional solution is to use strong passwords to create a wall or fortress around this data, but once anyone gets past the wall, the data is easy to access.
Another technique is to only store encrypted data and ensure all the encryption is done at the client before it is shipped across the Internet. Sites like these can often provide most of the same services as traditional websites or databases while offering much better guarantees against information leakage.
Many databases offer other encryption tools that can provide some or all of the benefits, and it's easy to add other encryption to the Web clients.
In the best examples, the encryption is used to obscure only the sensitive data, leaving the rest in the clear. This makes it possible to use the non-personal information for statistical analysis and data-mining algorithms.
Online privacy technique No. 6: Steganography
One of the most elusive and beguiling techniques is steganography, a term generally applied to the process of hiding a message so that it can't be found. Traditional encryption locks the data in a safe; steganography makes the safe disappear. To be more accurate, it disguises the safe to look like something innocuous, such as a houseplant or a cat.
The most common solutions involve changing some small part of the file in a way it won't be noticed. A single bit of a message, for instance, can be hidden in a single pixel by arranging the parity of the red and green components. If they're both even or both odd, then the pixel carries the message of 0. If one is even and one is odd, then it's a 1. To be more concrete, imagine a pixel with red, green and blue values of 128, 129, and 255. The red value is even, but the green value is odd, meaning the pixel is carrying the message of 1.
A short, one-bit message can be hidden by taking a file, agreeing upon a pixel, and making a small change in either the red or green value so that the pixel carries the right message. A one-bit change will be tiny and almost certainly not visible to the human, but a computer algorithm looking in the right place will be able to find it.
You needed to send only one bit, but you may need to send more. If this technique is repeated long enough, any amount of data can be hidden. An image with 12 megapixels can store a message with 12Mb, or 1.5MB, without changing any pixel by more than one unit of red or green. Judicious use of compression can improve this dramatically. A large message like this article can be snuck into the corners of an average photo floating around the Internet.
Tweaking pixels is just one of the ways that messages can be inserted in different locations. There are dozens of methods to apply this approach -- for example, replacing words with synonyms or artfully inserting slight typographical mistakes into an article. Is that a misspelling or a secret message? All rely on inserting small, unnoticeable changes.
Steganography is not perfect or guaranteed to avoid detection. While the subtle changes to values like the red and green component may not be visible to the naked eye, clever algorithms can sometimes find the message. A number of statistical approaches can flag files with hidden messages by looking for patterns left behind by sloppy changes. The glare off of glass or chrome in a picture is usually stuffed with pixels filled with the maximum amount of red, green, and blue. If a significant number of these are just one unit less than the maximum, there's a good chance that a steganographic algorithm made changes.
These detection algorithms also have limits, and there are a number of sophisticated approaches for making the hidden messages harder to find. The scientists working on detection are playing a cat-and-mouse game with the scientists looking for better ways to hide the data.
Subscribe to:
Comments (Atom)