Nov 06

Privacy Leakage Bursts, Self-protection is in Need

Recently, many issues about information leakage have burst on the Internet, such as Paypal password hacking and the Prism. In these incidents, the consumer’s personal information was intentionally or unintentionally leaked and led to great loss to consumers, such as privacy theft, unauthorized use of funds. Due to network services still has many security risks, consumers must be aware of the importance of personal information in network service process and shall use privacy protection function in information security products to ensure personal information secure.

Privacy disclosure event arises one after another in recent years, in January 2012, e-commerce site Zappos was hacked, 24 million users’ e-mail, password and other information have been stolen. In July 2012, accumulated over 8,000,000 users’ information of Jingdong, Yahoo and many other sites have been leaked. With more and more people’s personal information was transferred to the Internet, the risk of information leakage is still expanding.

Because a lot of network services connected to each other, a single information leakage may produce ‘ chain reaction ‘, which leads to other more important information can be leaked. For example, in Paypal funds theft incident, the criminals will be able to get Paypal password by stealing customers’ phone. And criminals can also obtain access permissions to relevant network system by stealing the victims’ identity information, which allows the criminals to cause worse damage.

Even though consumers can not directly improve the level of safety and security of the network service provider, but you can take more prudent measures to prevent personal information from being disclosed, which includes:

  1.  Lower the relevance between various network services account, try not to set the same password for several account, or do not set one single verification method for many accounts. When your relevant information is leaked, you must move quickly to change passwords and other remedial measures to prevent harm to further expand. 
  2. When you use network services, consumers need to pay more attention to security of personal information, in particular, try your best to minimize the spread scale of identity information to prevent criminals’ targeted attacks. 
  3. Use file or folder encryption program to enhance the security of personal information stored in PC or cell phone. You can never ensure your PC will not be invaded by unauthorized access, or your portable storage flash drives won’t lose. Once you conduct mistakes as above, you will also confront great loss, including data loss and financial loss. In order to prevent the data and information stored in your PC or other flash drives falling into wrong hands, you had better lock the files in it with password, so that others who have no correct password can’t access to your data.access to your data.
Oct 28

HP: Cyber Crime Attacks Lead to Rising Costs and Increasing Defense Time

Hewlett-Packard Company recently released results of a global survey conducted by the Ponemon Institute; it shows that the costs frequency and defense time incurred by cyber attacks have been upward for four consecutive years.

Actual costs incurred for network attacks

The cyber crime that cause highest costs includes denial of service, malicious insiders and internal network attacks, which account for more than 55% of the total cost generated from cybercrime of average annual per enterprise.

Information theft is still the highest external costs, followed by business interruption. In 2013, information loss accounts for 43% of total external costs that is less than that of 2012 by 2%. Business interruption or loss of production capacity accounted for 36% of external costs, compared with 2012 increased by 18%.

Recovery and detection are the most costly internal activities. Last year, the costs of recovery and detection of internal activities account for 49% of total costs, most of which is in cash and labor expenses.

Cybercrime generated costs are different due to company size, but per capital cost in small companies per capita is much higher than that of large companies.

The costs caused by cybercrime in financial services, defense, energy and utilities companies are much higher than the costs incurred in the retail, hospitality and consumer products industry enterprises.

Security intelligence solutions and governance practices are essential

Using secure intelligence technology will be more effective in the detection and containment of network attacks, the average annual cost savings is of nearly $ 4 million, rate of return on investment is higher than that of other types of technical by 21%.

Adoption of enterprise security governance practices can reduce cybercrime incurred costs, including investment of appropriate resources, the appointment of executives and hiring security staff and certified experts, which can help companies to save nearly average $ 1.5 million every year.

“Information is a powerful weapon for enterprise to ensure network security.” the chairman and founder of Ponemon Institute, Dr. Larry Ponemon said: “Through practical experience and in-depth interview to more than 1,000 worldwide security professionals, the survey of cybercrime incurred costs provides us with valuable information about the causes and costs of network attacks. This survey is designed to help companies make low-cost, high-yield decisions to minimize the company’s risk as far as possible. ”

For individual and groups that want to defend against cybercrimes, password protection for files and folders is an extra security solution for data security. Comprehensive protection for confidential data and information is necessary for individuals and groups to decrease the cybercrime incurred costs.

Oct 21

Establish Email Communication Network to Enhance Information Security

For the countries, the impacts caused by the issue of prism finally gradually emerged, and as a former world power, Germany finally plans to take actions on the information security aspect.

“Close the door on the U.S. National Security Agency!” German “Focus” magazine said on the 14th, the Germany’s largest telecommunications operator Deutsche Telekom Group appealed to set up a domestic email communication network to prevent foreign spies and hackers monitoring Germany local e-mail.

There’s report that since the United States the “prism” scandal disclosed, transnational Internet information and communication security has been questioned by various sectors. So far, the contents of emails transferred between Germany local users have to be sent to the destination by passing the server set in the United States or the UK. Therefore, Deutsche Telekom expressed the hope that in conjunction with other network operators to establish domestic mail communications network.

The director of Deutsche Telekom data confidentiality affairs-Mel Klein said that by this, e-mail communications between users in Germany has no need to pass the international focal point, but to restrict the data in the territory, which ensures that Germany data will not be monitored by the third party.

Deutsche Telekom has taken a step for the establishment of domestic e-mail communications network. The group has come to an agreement about providing a more secure email services framework with the German mail carrier Wed.de and GMX.de. Three companies employ more secure e-mail technology “Email – Made in Germany” to ensure that e-mail message sent by the user will be transferred with encryption technology. Moreover, all data of three carriers will only be stored on a server in Germany.

Allegedly, Deutsche Telekom has set an ambitious goal. In addition to the immediate objectives of establishment of the e-mail communications network in Germany outside, Deutsche Telekom is also proposed to extend the network to the European Schengen countries. Of course, this does not include the United Kingdom, one reason is that the UK is not a Schengen country, and the other reason is that there’s a complex relationship between the United Kingdom and the United States. Mel Klein said now all aspects have been matured, what we need is the consent of the German government and support of the network operator. But Deutsche Telekom’s competitor broadband network operators QSC said it’s impossible to determine that data is transferred through domestic or international routes.

Since there had been a history of monitoring people during the period of East Germany and Hitler’s Nazi, acts of government surveillance is a very sensitive topic in Germany. If establish a domestic e-mail communications network, the German intelligence agency may still monitor domestic data and telephone communication ​​under existing laws. Currently, the German government is authenticating on this proposal, many people expressed support.

Since the expansion of the prism’s impacts, countries are bound to introduce their own information security measures to deal with the problem, and as us, using file encryption software for data security protection is a must.

Oct 09

The Ban on Samsung Smartphone Import Is in Effect

According to the news, the U.S. Trade Representative’s office (USTR) said on Thursday that the ban on importing Samsung smartphones proposed by U.S. International Trade Commission (hereinafter referred to as “ITC”) will come into effect.

The earlier report said that owing to the absence of a veto by the United States President Barack Obama, the ban on imports of Samsung smartphones ruled by ITC is already in force.

However, the ITC’s ruling has to be handed over to U.S. President Barack Obama for considering, Obama has 60 days to give the final result of this ruling. If Obama does not veto the ITC ruling, the ruling will come into effect. Several media reports said, now 60 days time has passed, and Obama did not veto the decision.

ITC’s decision does not clearly indicate which devices of Samsung infringe, but has been determined that, Galaxy S 4G, Fascinate and Galaxy Tab these old models are infringing.

In sharp contrast, Apple has had a similar experience, but the result was the opposite. In June this year, ITC has ruled that some old products of Apple has infringed the patent of data transferring of Samsung’s products and ban the import or sale of AT & T version of the iPhone 4, iPhone 3GS, iPad (3G version) and iPad2 (3G version). But in August this year, the Obama government has rejected ITC’s ruling.

Nowadays, innovations in the field of IT usually rely on many small improvements involving numerous technologies, which means the patent is not always clear precisely. The open secret is that everyone infringes others’ patents in some way.

The battles of patent between companies are continuing, the fights of copyright are also continuous. If you operate a business and your company specializes in selling created videos or documents to customers, most companies tend to store the videos or documents into a USB and sell this USB to customers, but what can you do to protect your copyright from being breached by others? Here, I recommend you to use USB encryption solution to ensure the contents in your USBs will not be copied or transmitted by unauthorized users. You can use USB copy protection program to password protect the USB and configure access permissions to specific groups or individuals to allow them to access the contents in it and prevent other unauthorized access at the same time. Complete protection is the indispensable measure to ensure the security of companies’ wealth and inventions.

Sep 16

Reuters: “Prism” Scandal Propels the U.S. Technology Industry

Reuters published an article entitled “Despite fears, NSA revelations helping US tech industry” analyzing that after the exposure of monitoring project called “Prism” implemented by the National Security Agency, it’s widely believed that the scandal will have a serious impact on the image and income of U.S. technology companies in overseas markets. But it turns out, because demands of encryption and related security services rise in overseas markets, which actually allow some U.S. technology companies to benefit a lot from the “prism” scandal.

 

The following is parts of the article:

 

Prophesies of doom

 

Shortly after Snowden’s leaked documents detailed collaboration giving the NSA access to the accounts of tens of thousands of net companies’ users, the big Internet companies and their allies issued dire warnings, predicting that American businesses would lose tens of billions of dollars in revenue abroad as distrustful customers seek out local alternatives.

 

In a federal court filing last week, Google said that still-unfolding news coverage was causing “substantial harm to Google’s reputation and business”. The company said that could be mitigated if it were allowed to comment with precision about its intelligence dealings.

 

Likewise, last month, six technology trade groups wrote to the White House to urge reforms in the spy programs, citing what it called a “study” predicting a $35 billion cumulative shortfall by 2016 in the vital economic sector.

 

That number, it turns out, was extrapolated from a security trade group’s survey of 207 non-U.S. members – and the group, the Cloud Security Alliance, had explicitly cautioned that its members weren’t representative of the entire industry.

 

Boon for encryption sector

 

As for the upside, so far only a minority of people and businesses are tackling encryption on their own or moving to privacy-protecting Web browsers, but encryption is expected to get easier with more new entrants.

 

Snowden himself said that strong encryption, applied correctly, was still reliable, even though the NSA has cracked or circumvented most of the ordinary, built-in security around Web email and financial transactions.

 

Some early adopters of encryption have senior jobs inside companies, and they could bring their habits to the office and eventually change the technology habits of the whole workplace, in the same way that executive fondness for iPhones and iPads prompted more companies to allow them access to corporate networks.

 

A week ago, Google said it had intensified encryption of internal data flows after learning about NSA practices from Snowden’s files, and consultants are urging other big businesses to do the same.

 

Stiennon said that after more companies encrypt, the NSA and other agencies will spend more to break through, accelerating a lucrative cycle. “They will start focusing on the encrypted data, because that’s where all the good stuff is,” Stiennon said.

 

Just as Snowden said, correctly applied strong encryption is still reliable. Correctly applied file encryption, folder encryption and USB encryption will useful and reliable for ordinary people and enterprise to protect their important or even confidential data. Data security isn’t a dispensable problem that we can ignore any more, for data loss and data leakage have retaliated back a bitter lesson. Complete data security management should be established in every enterprise and effective data protection should be paid more attention by individuals.

Sep 10

Google data center will fully encrypt data

Because of the data monitoring scandal of the U.S. National Security Agency (hereinafter referred to as “NSA”), Google has started a project that it will encrypt data transmitted between every data center.

 

“Washington Post” reported that Google has made this plan last year. But under the influence of “prism” incident of the NSA, Google is now ready to accelerate the implementation of the plan, in order to defend the company’s reputation for data protection. The vice president of Information Security Engineering of Google, Eric Grosse said: “This is an arms race, we see that the government sector is the most powerful race participants.”

 

On last Thursday, a report said that the U.S. government is seeking encryption keys to crack various forms of encryption solutions. Privacy protection and information security researcher, Ashkan Soltani said that government departments have a set of incredible keys, but they may be not applicable to this plan of Google.

 

Google’s plan does not have any influence on the legal requirements that this company need to meet. According to the Government’s request, Google still need to provide data for NSA or other departments. But Google has accelerated the deployment of this program, ensuring the program would begin in the coming months.

 

At present, the email transmitted from a Gmail account to another account email has been encrypted by “Transport Layer Security” encryption technology during the transmission. According to the plan, in the future the other data Google data center sends to others, such as the contents in Google Drive cloud storage service will be encrypted.

 

Google has not disclosed more information of the plan, such as how much it will cost Google, how many center centers it may refer to, and what encryption method it will use. Google said that this project will use end-to end encryption technology, which means that the data stored in the server and data in the transmission will be encrypted. It’s just like the folder protection on LAN which is used in our daily life, all the data will be conveyed to others via the Internet will be encrypted, which is a complete protection for the data. As the data leakage and data breach, we can’t pay too much attention to data security. As for us, individuals who are living in the real life and the network at the same time, we should take measures to password protect folder in the case of data being stolen.

Sep 02

The U.S. Launched Network Attacks to Several Countries in 2011

Top-secret documents “Washington Post” recently received shows that in 2011, U.S. intelligence agencies had implemented 231 network attacks to other countries which include Iran, Russia, China and North Korea and other countries.

This news is from funding budget documents provided by the former employee Edward Snowden of the U.S. National Security Agency (hereinafter referred to as “NSA”), which is also the evidence that the Obama government infiltrate and sabotage the foreign computer networks through cyber attacks.

 

Furthermore, according to another code-named “GENIE” secret plan, the U.S. computer experts also invade foreign computer network, placing it under the secret control of the U.S. Documents show that the project of $ 652 million budget inserts a large number of malware into tens of thousands of computer equipment every year, and plans to expand to several million units.

According to budget documents provided by Snowden, and the news disclosed by the former U.S. officials in an interview, the scope and scale of the computer intrusion implemented by the Obama administration are far more than outsiders imagine. Obama administration takes all network attacks as confidential action, and never publicly acknowledged.

The scope and scale of network attacks show that the United States has undergone tremendous changes, in the past the U.S. government sought to maintain international standards and against the intrusion actions via cyberspace, because at that time the U.S. economic and military force are very dependent on computer networks.

 

U.S. Deputy Defense Secretary William J. Lynn III Lynn said: “The guidance of policy debate has produced a change, attacking options now increasingly prevail, I think, more and more cases show that cyber attacks have been an important part for the United States to curb some of the enemy’s action.”

 

The budget documents disclosed by Snowden show that the U.S. government among the 231 network attacks implemented be the U.S. government since 2011, nearly three-quarters of which aimed at the highest priority targets, according to the former U.S. government officials, these targets includ Iran, Russia, China and North Korea, etc.. But budget documents provided little detailed information about these operations.

In 2009 and 2010, the United States and Israel allegedly jointly developed Stuxnet worm, which has destroyed Iran’s uranium enrichment facility’s computer system in the network attack. This event is often considered as a vivid case that the United States uses weapons to attack enemy networks.

According to presidential directive the U.S. government announced in October 2012, U.S. intelligence agencies define network attacks as “an activity of manipulate, destruct, destroy the information stored in your computer or computer network.” Therefore, folder encryption and file protection solution to network attacks now are widely used for data security. Most networks attacks will produce a direct impact on enemy computer system’s data or normal use of computer, such as network connection speed down and so on.

Aug 26

the Guardian, Cooperate with the New York Times Reports “Prism”

The British “Guardian” announced on Friday that it has agreed to let the “New York Times” see partial disclosure of confidential files that Edward Snowden disclosed in “prism” issue.

 

Before two sides reached a cooperation, the British government has threatened that unless the “Guardian” abandon or destroy the relevant documents about country’s Government Communications Department (hereinafter referred to as “GCHQ”), or it would commence legal action.

 

Informed sources said that the cooperate agreement has been reached as early as a few weeks ago, editor Jill Abramson of “New York Times” have been involved in negotiations.

 

According to the U.S. news website Buzzfeed reports, Scott Shane who is responsible for national security and intelligence news report, “New York Times” is now writing a series of reports which are expected to be released next month.

 

“The Guardian” said, the cooperation with “New York Times” makes it possible to continue to expose massive surveillance program of GCHQ besides its government duties in Snowden documents. ”

 

Allegedly, Snowden has gained temporary asylum from Russia and he has been informed of this cooperation agreement.

 

“The Guardian” editor, Alan Rusbridger disclosed earlier this week, under the supervision of GCHQ agents, “The Guardian” employees destroyed the computer devices contained Snowden’s documents earlier this month. Before that, the British government officials also threatened that they are likely to take legal action to “The Guardian”.

 

Luz Bridge said he had warned the British government officials, although those original materials have been destroyed but a copy was sent to the outside of British government jurisdictions.

 

British officials said they detained David Miranda briefly and had a questioning in London Heathrow Airport; and there will be a criminal investigate on this week. Miranda is the native British partner of Glenn Greenwald who is a reporter of “Guardian” in Brazil, Greenwald is the person who is in charge of the file disclosed by Snowden, what’s more, he also could directly contact Snowden.

 

British government officials said the disclosed information from Snowden has seriously undermined the UK’s national security, if there is more confidential disclosure, which can lead to a lot of people’s lives at risk.

 

For the issue of “Prism”, now more and more people are focusing on the data security, especially some enterprise and groups. Both individuals and groups are searching for a effective method to protect their files contained important and confidential data, of course, comprehensive protection for data will decrease many concerns and potential losses for us.

Aug 19

The Little-Known Serious Facet of Google

According to foreign media reports, people always have the impression that Google is a relaxed, laid-back, highly creative technology company. But when you get a really in-depth understanding, you will find the serious facet of Google – in order to protect user information, it has its own rigorous, thorough security policy.

 

All along, Google likes to portray itself as a highly innovative and flexible technology company with relaxed atmosphere. No matter the circular bike used for group meetings, or the easing policy that allows taking pets to work, and even the ubiquitous bright sofa cushions, which all make this company more interesting and charming.

 

However, the chief information officer of Google, Ben Fried, shows totally different feeling to people.

 

Google has been visited by network hackers regularly – from mid 2009 to the end of last year, this company suffered spate of attacks of Operation Aurora and individual hackers, hacker team.

 

Clearly, Google is not the only one targeted by hackers, however, in January 2010, Google responded and promised to improve the company’s safety and to better protect users’ data. Fried explains, “Security issues are the things IT departments need to spend most time thinking about.”

 

Now the problem lies in that the traditional security methods big companies like Google used before have been quickly eliminated. In the past, employees were given full trust in the company’s internal network. “We authorize Google employees just because there are their IP addresses in the internal network.”

 

At the same time, we believe that the Internet is an open network, where we cannot give any trust. Two networks are regarded as two completely separate entities, like a hard shell and a soft inside.

 

People think the Internet is too broad and difficult to control; while for the relatively small private corporate networks, it is manageable, because it has clear boundary, investigating misconduct is easier.

 

The problem is that now Google employees can’t work without the Internet, regardless of whether they use the company’s internal network, they will access to the World Wide Web. The only way to ensure Google data security is to limit the operations in the trusted network. But Fried admitted that the result of this is alienating our employees.

 

Although some people think, increasingly powerful firewall to protect Google corporate network, Friedrich has pointed out that this is only a very minor part of the puzzle.

 

Google are in a dilemma. In order to make services more intelligent, more effective, they need more user data. While more responsibilities will go along with more data. This means that the possibility that Google became target of cyber attacks also increase accordingly.

 

As for the data security, we have talked too much and there is always corresponding solution but not perfect solution to this problem. For us, we can password protect files to avoid data breaches and the anti-virus program is always the indispensable tool for PC users. Although we cannot eliminate data breaches thoroughly, we can still apply relative secured protection for our data.

Aug 12

Google are Developing New Security Authentication Products

According to foreign media reports, the world’s largest search engine Google ( microblogging ) is currently developing a new security authentication technology, the use of the technology may be able to make use of jewelry and other users Jewelry login account, instead of entering tedious password.

 

Google’s announcement about this experiment was appeared in a scholarly articles published in January. The goal of this development is to produce a small “USB key”, the user can use this key to entered all verified information into the computer. In addition, Google also mentioned that the embedded smart chip ring will be expectedly produced.

 

Last month, in RSA security conference hold in San Francisco, an engineer of Google who specializes in charge of security, Mayank Upadhyay, has a public speech for this technology. He said that the use of personal hardware to password login accounts can prevent from re-use or being copied. He also said that the people are familiar with this technology. “Everyone is very familiar with the ATM, why not use the computer in the same way?”

 

Upadhyay said that Google is developing a small USB key, when the key is inserted into the computer, the user can be authenticated through the network. The key is also built non-contact chip, which can be used on a mobile device.

 

Secret security token like that Google is developing does not contain a static password that can be replicated. Each encryption keys and devices are matched with each other; built-in data will never be transmitted to the outside world. When the key is connected, the key will make the right answer to the question the web site set up to ensure that the same information will not land again.

 

After the meeting, Upadhyay said that Google will also produce a ring which can replace cryptographic token, but he did not disclose the details of their work. “Some people may feel uncomfortable on the USB cryptographic token.”

 

From the development of Google, the personal security has become one of heated topic nowadays, for the science and technology have rapidly advanced, personal data and information are equal to fortune for all of us and the tricks of data theft have been more and more excellent. For people who are accustomed to storing personal data or information in PC or USB, the data security is the most important thing that will annoy them. I recommend Folder locker or USB locker to keep the data in the PC or USB more secure.