Monday, August 18, 2014
The statistics for cybercrime, online fraud and data theft make for disturbing reading. The Federation of Small Businesses (FSB) reckons the cost to each business is £4,000 per year, with around a third of FSB members falling victim to online crimes such as malware infections, hacking attacks or full-on data breaches. For the small- to medium-sized-business (SMB) owner especially, the impact of such attacks go beyond the immediate financial loss and disruption to the daily working schedule – there’s the loss of reputation and customer trust to factor in, too. Despite this, it’s SMBs that have the most difficulty finding affordable and doable security measures. This can lead to substandard protection or – worse still – no security at all. To help solve the problem, here are ten simple ways to make your business more secure.
Saturday, August 16, 2014
SuperValu has confirmed that is has, indeed, suffered a data breach. The supermarket company stated that what it calls a "criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores" may have resulted in "the theft of account numbers, and in some cases also the expiration date, other numerical information and/or the cardholder’s name, from payment cards used at some point of sale systems at some of the Company’s owned and franchised stores."
Monday, August 11, 2014
Thursday, August 07, 2014
An interesting post appeared yesterday in the official Google Online Security and Webmaster Central blogs which confirms that in an effort to "make the Internet safer" it has been testing a system which looks at "whether sites use secure, encrypted connections as a signal in our search ranking algorithms." This follows calls for HTTPS everywhere at the recent Google I/O a few months back. Google says is has seen positive results, and is now actually using HTTPS as a ranking signal albeit a "very lightweight" one which only impacts
A notice appeared on the Paddy Power corporate website at the end of last week, which confirmed details of a “historical data breach”. It boldly stated that no financial information or customer passwords were accessed during the breach, and a full investigation had revealed no adverse impact upon customer accounts. So that's cool then, right? Well not really, Paddy. The clue is in the use of the word 'historical' which could easily be replaced by hysterical were this actually not at all funny. You see, as IT Pro reported, the breach itself took place in 2010.
Wednesday, August 06, 2014
A report from Hold Security claims that one of the biggest ever online heists has been committed by a Russian crime gang. It would appear that the data theft includes, wait for it, no less than 1.2 billion (yes billion) username and passwords along with around half a billion email addresses obtained from more than 400,000 websites. In total, Hold Security says, the stolen data amounts to some 4.5 billion items.
Sunday, August 03, 2014
Every week, Stephen Coty writes about interesting exploits that have caught his attention as chief security evangelist at Alert Logic. This last week (in a currently password protected posting) he mused about a 'JournalCtl and Syslog Terminal Escape Injection' zero day which could be of interest to the Linux gurus here on DaniWeb.
Thursday, July 31, 2014
Yesterday, Tor issued a security advisory which revealed that a group of relays had been discovered on July 4th which looked like they "were trying to deanonymize users." The advisory states that the attack "involved modifying Tor protocol headers to do traffic confirmation attacks" with the relays having joined the network at the start of the year. This means they were potentially deanonymizing users between January 30th and July 4th when they were finally removed. A Tor spokesperson says that they know the attack "looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic" so no details of pages visited or whether hidden services searched for were actually visited at all for that matter. The big question, though, is whodunnit?
Wednesday, July 30, 2014
Security vendor Sophos published details of a 'trustworthy browser poll' last week, with a headline proclaiming Firefox "slams Chrome again" in the results. Indeed it did, with 48 per cent of the 3,400 participants trusting it most. This compared with 27 per cent for Chrome, eight per cent for Safari, 7.4 per cent for Internet Explorer and just five per cent for Opera. The remaining 4.6 per cent trusted browser clients such as Tor, Comodo Ice, Chromium and even Lynx, for those of you with a really long memory that stretches back as far as the text-only world wide web. This last percentage group of stragglers also included the client we should all trust the most: none.