Posts Tagged ‘Prevent Hackers’

Are YOU Your Biggest Security Threat? 5 Ways to Close Holes that Hackers Can Easily Breach.

by FireHost Evangelist on June 22nd, 2010

If I wanted to hack your eCommerce business, I’d have your help. It’s a fact that no one runs a business from one location (or one computer) anymore. In today’s world work gets done everywhere – in offices, at home, in a hotel, at the airport, while sipping mocha and siphoning Internet connectivity from a coffee shop.

Security risks increase when your business moves outside of the safety net of your main workplace. Mobile executives carry sensitive data around with them, and often times open it up to vulnerabilities just for the sake of convenience.

It all seems perfectly innocent. Connecting to wireless Internet in your hotel room, or syncing up to free wi-fi in a restaurant just to get a little work done. Convenient? Yes. Necessary? Sometimes. Is working remotely a down trending habit? Absolutely not. And so, we must learn (and educate our workforce) about how to work remotely more safely.

Protecting your mobile workforce is essential to protecting your business. And it can be accomplished (or at least done more successfully) by following a few simple tips to help keep your business safe from hackers, no matter where you go:

Stay Off the Free, Open Wireless

More and more public places are providing free, or shared wireless Internet. These open networks are dangerous. They’re risky for personal communications, but they are absolutely not suitable for conducting business without protection.

When jumping on public shared wireless connections, it’s essential to do so using a secure VPN connection with the latest encryption methods. This will funnel all your online activities (email, surfing, chat, etc) through this secure connection so prying eyes can’t see what you’re doing. Several companies offer this service but we’ve heard good things about Anonymizer.

As an alternative, Verizon, Sprint, AT&T, and others have mobile broadband services available for a reasonable monthly subscription. Spring for the mobile Internet access card. It’s a small expense for what you get in exchange – the ability to conduct business more securely outside the office.

Bonus Tip – turn off your wireless connection at all times when not in use so you are 100 percent sure about when you are connected to the Internet. If you’ve previously connected to default network names (like Linksys) then anytime that network name reappears at another location, you will be automatically connected to the network opening you up for risks.

(more…)

Tags: , , , ,
Posted in: Security | 1 Comment »

Vulnerability Exploitation Trends: Web Applications Outpace Operating Systems

by FireHost Evangelist on September 18th, 2009

vulnerabilityTrendAccording to a report by SANS.org, OS vulnerabilities are patched more quickly than client-side vulnerabilities on average. In addition, some client-side software remains unpatched or is not updated throughout it’s lifespan. As a result, hackers have found exploiting popular client-side applications such as Adobe PDF Reader, QuickTime, Adobe Flash, and Microsoft Office to be quite lucrative.

Attacks against popular web applications such as these constitute more than 60% of all attacks on the internet, and some of the exploits don’t even require a user to open the downloaded document or file. Victims’ computers may be compromised by simply visiting an infected website masked with the perception of being a trustworthy, big, software brand.

Client-side vulnerabilities are so powerful because they give hackers a mask behind which to carry out exploits. Users feel confident downloading files from trusted sources or using tools and applications such as Microsoft SQL, FTP, and SSH that are perceived to be safe because of popularity and industry-wide user-acceptance.

(more…)

Tags: , ,
Posted in: Security | No Comments »

Social Networks Targeted by Hackers More Often than Government & Law Agencies in ’09

by FireHost Evangelist on August 21st, 2009

This year, social networking sites have become popular targets for cyber crime according to a study of hacking episodes by Web Hacking Incidents Database (WHID). This is a shift from 2008 when government and law enforcement agencies were the most enticing targets.

socialTargets

Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.

A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.

  • 36% of social networkers admit they don’t hide personal information
  • 33% admit to using the same password for all of their online accounts
  • 28% accept “friend requests” from strangers

With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.

(more…)

Tags: , , , ,
Posted in: Security | No Comments »

Top 10 Ways Hackers Obtain Confidential Data

by FireHost Evangelist on August 18th, 2009

top10Two and a half years after retail giant TJX Companies, Inc (parent company to TJ Maxx, Marshalls, and Home Goods) experienced one of the largest data breaches in history, the firm is still paying. This time, the settlement provides $9.7MM across 41 states to help protect consumers from payment card negligence. One quarter of those funds are devoted to creating a national fund that will investigate future data breaches.

In reality, the latest sum TJX has to pay is small potatoes compared to the capital outlay the retailer has made since 2007 to mitigate the security breach that exposed 45 million credit and debit card numbers. When the leak was discovered, TJX set aside $107MM to deal with the fallout and the expenditures to date are in that range. In two of the largest settlements, they’ve paid $24MM to MasterCard and $41MM to Visa banks. In addition, TJX has been ordered to undergo costly external audits every other year for 20 years by the FTC.

Is it 100% possible for companies to avoid costly and negative public facing situations such as this?

(more…)

Tags: , , , ,
Posted in: Security | No Comments »

Obama Administration Inviting Hackers to Help Fight Cybercrime

by FireHost Evangelist on July 14th, 2009

homelandThe US Department of Homeland Security is turning to hackers to help the 16-person advisory council (HSAC) obtain alternative viewpoints on cybercrime.

An article on FoxNews.com revealed the most recent committee member to be Jeff Moss, aka Dark Tangent. Mr. Moss is widely recognized as founder of the DefCon and Black Hat hackers’ conferences. He has worked in information security for accounting giant Ernst & Young and presently works as an independent cybersecurity consultant for a variety of corporations.

Mr. Moss looks forward to bringing  “a skeptical outsider’s view” to the HSAC, but admits he was surprised by President Obama’s invitation to join the council stating, “I always figured that because of my associations in the past that I would be kind of out of the running for anything like this.”

(more…)

Tags: , ,
Posted in: Security | No Comments »

As Mitnick Knows, Security Not Always in Your Control

by FireHost Evangelist on June 30th, 2009

Kevin Mitnick, the most well known hacker of the 1990′s had his personal and business websites compromised and defaced recently, and if you query Mitnick’s domain today, you still see remnants of the hack. Words like:mitnickHacked2

$ whois mitnicksecurity.com

MITNICKSECURITY.COM.HACKED.BY.NERD.FROM.WEB-HACK.COM
MITNICKSECURITY.COM

In a phone conversation today, Mitnick disclosed to FireHost’s Chief Security Officer that he was using secure hosting practices on his site, but the hackers got to his website through his hosting company’s DNS provider. They compromised the control panel for his domain names and redirected his site to a defaced version.

(more…)

Tags: , ,
Posted in: Security | No Comments »

Security Investments Top IT Budgets

by FireHost Evangelist on June 30th, 2009

Despite a challenging economy, many companies are making room in their budgets for investments in information security initiatives.

According to a survey by Robert Half Technology, seven out of ten CIOs interviewed reported their companies would be investing in new information technology initiatives over the next year. 43% of the respondents overall reported information security as a top priority, and in the budgetfinancial services and transportation sectors, information security was cited most often as the top priority.

“Although times are lean, many companies are finding that they can’t afford to postpone IT investments that lead to increased security, efficiencies or revenues,” stated Dave Willmer, Executive Director of Robert Half Technology. “Organizations also are trying to make sure they are prepared for growth when conditions improve, and enhancing their IT infrastructure is part of that process.”

Over the past year, there has been a significant rise in the number of malicious attacks on company websites. Symantec identified a 165% in malicious code signatures and cited that the explosive growth can be attributed to the professionalism of malicious code development, supporting the demand for goods and services that facilitate online fraud.

(more…)

Tags: , , ,
Posted in: Security | No Comments »

USA Today: “SQL Injection Attacks Hit 450,000 a Day”

by FireHost Evangelist on March 20th, 2009

Modern cybercriminals are out to do harm. Simple as that. They penetrate vulnerable websites, steal private customer information, and commit identity theft every day. Hacker tools and methods of attack have become more sophisticated and wider in scope in recent months.

USA Today reports:

SQL attacks take aim at the database layer of websites. They typically were manual attacks designed to pilfer customer data from merchant websites. But last June someone figured out how to automate the attacks, and use them to plant infections. By mid-June, daily attacks spiked to 25,000; by October they topped 450,000 a day.

Holly Stewart, IBM ISS threat response manager, says the infections take advantage of security flaws in cool website features, such as online-delivered video, music, photos, documents and work files.

Giant financial institutions and online merchants have put up strong defenses, says Phil Neray, vice president of security strategy at Guardium, a database security firm. “The same is not necessarily true of regional banks and credit unions, smaller online retailers and state government agencies.”

FireHost is in business to address website security needs of the “smaller guys” Mr. Neray mentions above. It’s imperative your company respond to the threat of cybercriminals swiftly and effectively because SQL attacks strike governments and credit card companies every day. FireHost can help your company avoid the negative spotlight.

SQL attacks are preventable when your website, email, databases, and other applications are hosted with a security-focused web hosting provider. We’ve taken industry-leading measures to make enterprise-level security attainable for every business because we know that the last thing you need to do with your time is mitigate a high-profile website attack on customer information.

Most hosting providers don’t invest the resources required to maintain a prevention-focused, secure hosting environment. If your company does business online however, you owe it to your customers and employees to make sure their most important information is protected.

Here’s just a sample of what puts FireHost secure web hosting in a class of its own:

Network Layer Security
FireHost runs dual Sonicwall internet security devices, providing firewall redundancy for every client. This layer safegaurds websites, emails, and databases from unauthorized intrusions, like SQL attacks.

Application Protection
We also run a web application firewall to close the holes within your website’s applications, the entry-point for SQL attacks.

Vulnerability Monitoring
FireHost partners with McAfee to provide you with web-based website vulnerability auditing and remediation mangement, completing scans every fifteen minutes.

Register here to have a FireHost Security Agent perform a vulnerability report for your website. We will contact you shortly with the eye-opening results.

Tags: , , , ,
Posted in: Security | No Comments »