Archive | Facebook

Real Security Threats Facing Organizations Everywhere


In our day and age organizations of all sizes from large to small all face real security threats that are not to be taken lightly. Some of the more common everyday network threats network administrators’ deal with on a day to day basis are social engineering threats that are used to trick non technical computer users into downloading malware and other threats such as computer viruses. These threats are not new and are not going to go away. An alarming number of small and medium sized businesses not only in Orlando Florida but everywhere have fallen victim having their neglected computer network being compromised – hacked which leads to many dangerous activities such as data theft, computer network penetration and compromise which ultimately leads to having servers, desktop computers and other devices infected and potentially destroyed. One of the biggest problems I see is lax computer access by not having a computer / network policy in place which easily enables unauthorized users to access data that should be kept under lock and key and not available for all employees to have access to.

This is especially true for small and medium sized businesses in Orlando Florida that may not have the budget to hire a qualified network administrator on a full time basis which leads many small organizations to fall short of having a professional designed, build and properly maintained computer network.

Some other common computer, network, data theft and other cyber attacks are caused by:

Excessive Internal Data Access Privileges:
Employees with complete access to servers and data pose a tremendous internal threat if they turn against the company. So does anyone (including executives) who maintains inappropriate access rights to information after changing positions within a company.

Third Party Computer – Network Access:
Employees of third parties may have access to unencrypted data. Data stored in the cloud can be very dangerous especially for small and medium sized businesses.  If you are storing your data on a cloud do you know where your data is physically located and do you know who has access to your data? I promise you, you are not the only person to have access to your data if it is stored on a cloud. While the physical servers you rent or lease may be owned and operated by one cloud hosting company I can assure you the servers are likely to be housed in multiple data centers or facilities the United States and even overseas and are physically and virtually accessed by many other people which puts your data at risk of being seen, shared and or stolen from you. If you are going to use a cloud I highly recommend you get to know the company that will be hosting your cloud. Ideally if you can afford it would be in your best interest to own your own cloud and have it maintained by a local network administrator that you can meet in person and get to know.

Political Hactivism:
Political motivated hacking is on the rise, as illustrated by organizations such as Anonymous and Lulz-Sec. However, they assert that much of their success comes from finding easy targets, not because of any particular technical expertise. While you may or may not have control over whether you are hacked or not, you can make it far more difficult for an attacker to succeed.

Social Engineering:

Using lies, deception, manipulation and more to gain sufficient knowledge to dupe an unwary company (and any unintentionally yielding employee) is an age old technique. But it’s no longer limited to just the phone; it can be done over a social media network. Posting the details on FaceBook of every aspect of your upcoming “unplugged vacation” may just be the weak link of information that a scammer needs to take advantage of you and or your organization.

Internal Negligence:
Negligence is typically an offense committed by management when “they should have known better.”
Most successful data security breaches have some element of managerial negligence associated with them.

Lack of Transparency in Cloud Service Offering:
Never, never, never leave it up to blind trust that cloud service providers are implementing appropriate security measures and looking out for their customers.  Check cloud service providers thoroughly and as mentioned before, get to know whoever you are considering to be your cloud service provider.
As mentioned before, ideally if you can afford it would be in your best interest to own your own cloud and have it maintained by a local network administrator that you can meet in person and get to know.

Rogue Certificates:
Many whilelisting and application control systems depend on valid digital systems, which basically tell the systems, which basically tell the operating system, “You can trust me, because I am valid.” Using rogue or fake digital certificates that are in circulation, attackers and computer – network hackers can engage in almost undetectable attacks.

Mobile Devices in the Workplace:
A balancing act of convenience versus security, the growing use of personal mobile devices puts organizations at risk and leaves the company vulnerable to attacks. This is an especially sensitive area for companies that have yet to create and enforce a strong “Bring Your Own Devise” policy. Most have not.

Misuse (Malicious or Non malicious):
Misuse of entrusted organizational resources or privileges is exclusive to parties that are trusted by an organization, such as insiders and business partners. This also happens when policies are not clearly defined and enforced. Abuse flourishes when boundaries are not well established.

Physical Attacks:
Tampering, surveillance and a theft can be caused by a disgruntled former employee. Terminated employees who still have their security badges can easily gain access if the badge system was not updated upon termination.

Posted in Blogs, CLOUD Computing, Computer Viruses, Facebook, Malware, Security0 Comments

10 Things YOU should NEVER Put on Facebook!

Did you know facebook has more then 800 million active users with about 60% of those people visiting the website on any given day!

Before you log on to facebook and post your next status update, photo or update your facebook profile, check out the top 10 things you should NOT post on facebook.

#1
This may seem obvious but to many it is not. NEVER put your home address on your facebook profile under any circumstances. That is unless you welcome the idea of becoming another victim of identity theft.

#2
We have all had a bad day at work or have worked for bosses we hate. If you choose to post you hate your boss or your boss sucks or complain and whine about your colleagues and customers then there is a good chance your boss will find out and that is probably not a great idea.

#3
If you are involved in workplace romance that in itself is probably not a great idea. Posting it on Facebook is probably a great way to loose your job.

#4
HAPPY BIRTHDAY to you! Who does not like getting birthday wishes? Ok almost everybody would enjoy this but do NOT post the year you were born. If you choose to advertise to the whole world your complete birth date then you are inviting yourself to become another victim of identity theft.

#5
If you are one of those people who use the same easy password for everything then well that in itself if just a bad idea. Additionally NEVER provide password reminder clues in your facebook profile such as your favorite sports team, place of birth, mothers maiden name and so forth.

#6
Facebook users should avoid posting photographs of their home, especially of the inside of their homes which would likely show off your valuables to the entire world.

#7
Avoid posting photos of your vacation or weekend getaway while you are away from home. Don’t be an idiot and invite criminals into your home while by broadcasting that you are out of town. If you insist on posting photos of your vacation or trip away from home, have a little common sense and wait until you return home to post these kinds of photos.

#8
Likewise do NOT use your facebook profile to announce things such as “one more day until this or that concert or one more day until the beach”. This is like advertising and announcing hey everybody guess what? I wont be home all day Saturday so if you are a criminal come visit my home and burglarize my home while I am away enjoying the day at the beach or am rocking out at a concert or other event away from home.

#9
Insurance companies are like vampires and leaches. These bloodsucking money hungry crooks are increasingly turning to the world wide web to see which clients are putting their property or themselves at risk by suck activities as skydiving, racing cars, enjoying your dirt bike or other activities which insurance companies deem as dangerous.

#10
If you use another social media site like myspace, twitter, or linkedin, then use common sence if you decide to link your profiles together. An employer who sees your Linkedin profile may also visit your facebook or myspace profile if you advertise it. If you don’t want your company knowing about your personal life then don’t advertise it to them or make it easy for them to find. Instead keep your personal profiles locked down and not viewable by the general public and or by people you do not know and trust.

 

 

Posted in Facebook0 Comments

FACEBOOK VIRUS EMAIL WARNING

I have noticed people are receiving emails that attempt to trick facebook users into believing their facebook accountant is subject to an internet attack by hackers. DO NOT BELIEVE THIS.
This is an attempt to get people to download and install a computer virus to their computers.
Instead we recommend you delete such emails and DO NOT OPEN ANY ATTACHMENTS from sources you do not trust EVER.

Here is an actual email we have seen which is NOT FROM the REAL FACEBOOK.
NOTE: We made the fake email in RED text so you can clearly identify it.

Dear user!

Your account on the site Facebook.com was subjected to attack by third parties
at 21:13 March 25, 2011.
We stopped trying password guessing, using bruteforce.
And strongly recommend that you use complex passwords consisting of random
characters. In no case do not pass on suspicious links, where you are required
to enter a password. Always use antivirus software to avoid becoming a victim
of fraud by entering the password in the fake software.
We strongly recommend that you upgrade your system’s security policy.
We have generated for you patch, which allows the maximum secure your stay
at the Facebook.com.
Be sure to use it, so we can immediately return your page in case of theft
of a password.

Each copy of the patch has its own unique identifier.
And this patch is applicable only to your account.
Once installed, it automatically deleted.
Thus it is not possible to attempt to steal personal settings on your patch.


Sincerely,
Customer Support Facebook.com

Posted in Computer Viruses, Facebook, News, Security0 Comments


Advert