Jun 16

It’s time for you to abandon TrueCrypt

A series of aftermath of WindowXP end of support is gradually revealing. Currently open source TrueCrypt warn users of the tool’s security vulnerability on SourceForge official site; meanwhile, TrueCrypt also announced the termination of TrueCrypt development.

TrueCrypt warned on the official page with striking red font:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

TrueCrypt’s warning and development suspension caused uproar on social media, since in the past decade, TrueCrypt had always been a very popular cross-platform open-source encryption program, so it’d been first choice for users who had needs of data encryption.

For a long time, TrueCrypt are famous for excellent encryption performance and good safety record, TrueCrypt could create a virtual disk on your hard drive without needing to generate any file, the user can access in accordance with the drive, all files on virtual disk are automatically encrypted, which need password to be accessed. TrueCrypt offers a variety of encryption algorithms, including: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish, other features support FAT32 and NTFS partitions, hide labels, hot start and so on.

In 2009, the Brazilian Federal Police confiscated five hard drives in banker Daniel Dantas’s Rio de Janeiro apartment in the Satyagraha action launched in July 2008. These drives used two types of encryption programs, one of which is TrueCrypt, the other is unknown 256 AES encryption software. After the expert failed to crack the password, the Brazilian government asked the U.S. for help in the beginning of 2009, however, the United States federal police also failed to crack the encryption after one-year attempt, and returned the hard drive. This incident makes TrueCrypt famous.

In 2013, Snowden exposure NSA can decrypt most Internet encryption technology; TrueCrypt supporters raised a lot of money to audit TrueCrypt security. From the first phase of audit results, there has not been found security backdoors.

Johns Hopkins University professor Matthew Green participated in the TrueCrypt security audit, he said TrueCrypt official warning looks really, unlike the hacker’s prank, and he also contacted the TrueCrypt secret private developers, trying to get more details.

Whatever the truth, TrueCrypt users should enhance viligance, TrueCrypt is no longer the indestructible who should begin vigilant, TrueCrypt encryption is no longer the indestructible encryption software. And it’s time for you to consider using other file encryption software as an alternative. There’re many file encryption solutions on Google, you can try and choose most suitable one. If you need file/folder encryption solution for Windows computer, you can try Folder Protector.

May 19

Nine mistakes enterprise often commits after data leakage

In the recent International Association of Privacy Professional (IAPP), a data and privacy protection expert from Data Breach Resolution – Michael Bruemmer lists top nine common mistakes that enterprises commit after data leakage.

When the enterprise leak their data owing to being attacked , if the enterprise fails to handle the problem, the situation will become deteriorate, which may result in secondary attack on enterprise brand and performance and even involve the enterprise into legal troubles.

1. There is no external safety management services company to assist

When the severity of data leakage exceeds the company’s processing ability, it’s better for the enterprise to have the assistance of external security services team, which is called the incident response team, such as Verizon Business, Trustwave or IBM all can provide similar service. This kind of service should be considered when making out business continuity / incident response plan.

2. There’s no external legal counsel

Currently laws and regulations are unable to effectively cover all types of sensitive personal information, hence when serious data leak incidents happen, it’s necessary to commission an external data leak related experienced lawyer unless your company’s legal department well knows all data and privacy related laws.

3. There’s no sole decision maker

Data leakage often involves multiple departments in company, and every department has its head, which always leads to low efficiency in execution. Enterprise must assign a similar CISO position, which can play a planning and coordination role in promoting the overall issue response.

4. A lack of transparent communication mechanism

A lack of transparent communication mechanism will lead to troubles, and wrong communication message will cause wrong actions, which will delay the processing speed of the entire incident and make new confusion.

After the incident response team was established, every staff in this team should be definite and provide a complete contact list for external consultants.

5. There is no communication plan

Another problem in enterprise is a lack of communication plan to communicate with the p[ublick or the media.

Enterprise should prepare a detailed and feasible media communication plan for a data leak incident. Rapid and effective media communication can avoid spreading false reports.

6. Think and plan before things happen

Data leakage incident often needs you to make decision when holding incomplete information or information is changing fast, which is somewhat similar to a hospital emergency room. Enterprise must launch contingency processing flow while data leak incident happens. Waiting to grasp the full information and then taking action will miss the best opportunity.

7. A lack of rehabilitation and correction plan after the event happens

After handling the data leakage incident, enterprise should make out a rehabilitation and correction pan to maintain good communication with consumers and stakeholders, while avoiding this kind of events from happening again. It’s helpful for rebuilding the brand and retrieve trust of customers by sharing your investment in information security technology and services with your customers and investors.

8. Provide customers with no remedy

Consumers should always be the core of intrusion response, which means that companies should notify consumers through channels such as call center to take proper measures to protect personal privacy data after the data leakage incidents happen.

9. There’s no plan to execute

Incident response plan must be constantly updated and corrected, and its implementation needs a complete team to continue to advance.

For more information about data security, you can visit: www.kakasoft.com

May 05

The troubles from BYOD and corresponding solutions

When talking about BYOD, the best defense is attack, that is, through setting stratagem in advance to achieve the expected results and to avoid the potential risks. BYOD (Bring Your Own Device) has stirred all walks of business processes. Some enterprises are fully enjoying the convenience brought about by BYOD, while some enterprises are staying away from it. On the bright side, BYOD can potentially help companies save operating cost, help employees maintain happy moods and improve office efficiency. But on the other side, BYOD may also result in a series of problems and pitfalls in security and compatibility and other aspects. However, through education and planning, most of these problems and pitfalls will be avoided. Now let me show you the troubles result from BYOD and the corresponding solutions to the problems.

Data leakage: company’s sensitive data leakage is always one of the most concerned problems for companies. Employees bring their own devices into the company, which makes the concern of data leakage more serious. Employees may lose their smart phones or tablets, what’s more, these devices easily become targets of thieves. Once the mobile devices with company sensitive data get lost, the data may well fall into wrong hands. To avoid this situation, admin of the business should urge employees to encrypt all files relate to company with password, so the files are still under protection even if the device are stolen or missing.

Password leakage: just like we usually carry several keys, there will be several passwords that can be used to logon enterprise network or service applications on employees mobile devices. These passwords may be stored on mobile applications or directly on the memory of the mobile devices. Enterprise must establish a strategy to ensure the password won’t be stored on cache or applications on the mobile devices. An alternative strategy is to use special password storing application to properly store passwords if employees hope to save enterprise passwords on mobile devices.

Productivity decline: when employees begin bringing their own devices, they will spend much working time on the social networks, chatting with friends or behaving other things unrelated to work. How to solve this problem? In order to avoid this situation, all employees’ mobile devices should be connected to WiFi network provided by the enterprise. If employees are aware of the network they are connected now is within the enterprise, they will more beware of the online behaviors and don’t spend too much time on things unrelated to work.

Compatibility issues: BYOD will bring a lot of problems about devices and platforms. You hope company’s IT system and business process will support Android, IOS, OS X, Blackberry, Linux, Windows 8 and other mobile systems; while companies wish to support only one or two kinds of platforms, for the limited platform make the support from company to mobile devices easier.

Device Management: many companies are wondering how to manage a large number of mobile devices. Because of various types of devices and different operators, enterprise can hardly centrally manage all mobile devices. But companies can at least establish a set of network access control mechanism (NAC), such as PacketFence, and to control these devices via MAC address for each mobile device. Of course, this requires that employees agreed the enterprise to record the MAC address of their mobile device. But companies need to realize that it takes much time to manage all devices and activities of these devices.

Virus infection: compared with desktop, the risk of virus infection of mobile phone platforms is relatively less. Therefore, users of mobile devices must install anti-virus software for their devices. The enterprise should designate antivirus products for employees, and regularly remind staffs to upgrade software and virus database.

Compare all devices to human beings, the mobile device is like people in adolescence, and there always be many problems. Enterprise makes use of mobile devices to assist the business; it must face various potential problems. The best solution is to prepare in advance and then resolve the problems quickly and timely when they arise.

Apr 08

Computer Password Cracking Methods Conclusion (1)

The administrator always confront with problems about password forget or password missing, the followings are the collection of some methods of password cracking. Power-on password is the first one we’ll meet, so let’s star from CMOS password cracking.  

1.       CMOS cracking

Even though the types of CMOS are various, their encryption methods are basically the same. The general cracking methods start from “hard” and “soft” aspects.

1) “Hard” remove method

The principle of this method is to process the CMOSRAM on the motherboard with electro discharge treatment, which makes the contents lost owing to lack of normal power supply parameters stored in CMOSRAM lacks normal power supply, and thus to remove CMOS password. Some newspaper or sites make much introduction about how to crack CMOS password, and the operation is very easy. But we will introduce an alternative technique, which is the method that a number of computer users like to use. This method is also simple: open the case, and pull off the hard drive or CD-ROM, floppy drive data cable from the motherboard, and then start the computer, BIOS will report an error during self-test and then automatically enter CMOS, at this time you can reset the BIOS content.

2) “Soft” remove method

Strictly speaking, the “soft” remove method is not as thorough as hard remove method, but it’s also very effective. CMOS password according to need can be divided into common user password and super user level password. The former simply restrict the changes to the BIOS, but it allows to normal start computer and run other software; but the latter completely ban access to a computer and BIOS.

1> crack common user password

First of all, boost a computer with DOS, input debug and then press enter in dos command line, and then use the data of listed methods to remove the CMOS password, restart the computer, the system will tell you the CMOS parameter is missing and require you to reset CMOS parameters. After testing, this is a very effective method.

2> crack the super user password

Here we need to resort to external tools. We choose the most classic BiosPwds, a freeware, which is suitable for computer users who are not familiar with dos.

2.       Crack system password

System password is the password you use to log on the operating system, it provides protection for your computer and protect your computer from unauthorized users’ accesses, so as to ensure computer and confidential data security.

1. Windows98/ME system login password

1> cancel

The easiest way is to enter nothing when logging on the password, directly click on “cancel” to enter the operating system. But this way makes you can only access resources in local computer but can’t access the network resources if your computer is a part of LAN.

2> add users

When you are blocked from the system owing to the password, you may as well add a user for the system, and then log in. Click “Start”->”Settings”->”Control Panel”, and then double click on “user”, open the “User Properties” dialog box. Then, input user name, password and customized settings following the prompts, and then click on “Finish”.

3> delete “PWL” file

Delete the .PWL file under the Windows installation directory and all personal information files under Profiles subdirectory, and then re-boost Windows, the system will pop up a password setting box without user name. You don’t need to input any content, just click on “Ok” and tehn Windows password will be deleted.

4> modify the registry

Run the Registry Editor, open the registry database “HKEY_LOCAL_MACHINE \ Network \ Logon” and change “username” to “0″, then restart the system, which also allows you to remove the password.

2. Crack WindowsNT password

If you have normal user account, there’s a simple way to get NTAdministrator account: first rename the logon.scr under c: \ logon.scr winntsystem32 as logon.old for backup, and tehn rename usrm gr.exe as logon.scr and restart. logon.scr is a loaded program when starting system, after restarting, the computer won’t appear logon password interface, but the user manager, at this time you can add yourself into admin group.

3. Windows2000 password

Use boot disk to boot computer or enter another operating system (eg Windows98), find the folder “X:\DocumentsandSettings\Administrator” (X is the disk where Windows2000 is placed), delete “Cookies” folder under this folder and then restart the computer, so you can quickly logon Windows2000 without password.

The above methods are used by admin to cope with problems of forgetting password or missing password, they shouldn’t be used to break other people’s computer. And the computer users who are afraid other people will invade computers without authority and steal personal information should take extra protection for the confidential and sensitive files and documents, such as using file encryption solution to protect files and folders.

Apr 01

How to avoid failure of network security equipments deployment? (1)

The enterprise network is rapidly developing! Some of the groups began to clean up phone and tablet and refuse the internet connections from coffee shops and train connections (as a WAN link).

The concept of the extended enterprise brings about more and more severe problems to IT security portfolio, because their sensitive data and valuable data frequently flow out of the traditional network boundaries. In order to protect enterprise from the persistent threats of diverse and low-end low-speed adaptability, IT enterprises are deploying various new network security devices: the next generation of firewalls, IDS and IPS devices, security information event management (SIEM) systems and advanced threat detection system. Ideally, these systems will focus on management, following a centralized security policy, as a part of a universal protection strategy.

However, when deploying these devices, some common mistakes in enterprise will seriously affect their ability of universal protection. This article will introduce some problems which should be noted in the planning and deployment of new network security equipment, and how to avoid related problems that may lead to the failure of defense in depth.

A maximum error is assuming that the security device itself is secure. It’s apparently easy to understand, but we must insist on this footing. How secure is the so-called “enhanced” operating system? What’s its latest status? And how secure is hyper stable “Web server”?

Before starting any job, you must create a testing plan to verify all network security devices are really secure. The first is to start from some basic tests: do you timely upgrade, install patches and fix bugs on each device and their supporting network, server and storage infrastructure? In accordance with the currently known vulnerability information clearing-house you must be sure to regularly upgrade and install equipment patch.

Then, turn to aspects that are more difficult to handle: periodically assess potential weaknesses on multiple device configurations. The inappropriate dement sequence of encryption system and application delivery optimization (ADO) will also cause data leakage, even if various devices can operate properly. This process can be carried out in conjunction with penetration test.

For any safety equipment, management/control channel is most prone to have vulnerabilities. Therefore, the most important thing to note is how you need to configure and modify secure devices and who are allowed to carry out these configurations. If you are ready to access the secure system via a Web browser, the security device will run a Web server and allows Web traffic in and out. Are these flows encrypted? Whether it needs to use a standard port? Whether all the devices need to use the same port (so the intruder can easily guess)? Is it accessed by a common network or a separate management network connection? If it belongs to compile the connection, then any host that send traffics through this port may attack this device. If it’s on a managed network, you only need to worry about other devices on the network.

Best scenario is that if you can’t directly access the device, you need to ensure that all configuration changes must use encryption and multi-factor authentication. Moreover, it’s necessary to closely track and control identity information of equipment management to ensure that only authorized users can gain administrative privileges.

For more information about network and computer security information, please visit: www.kakasoft.com

Mar 24

How do individuals avoid NSA global network monitoring?

The massive surveillance data center built by NSA in Utah desert can screen and analyze most global network traffic from location, audio and video files, emails, social network and other digital documents. Of course, the organization that’s able to track our digital trail is not only NSA, at this privacy streaking era, all kinds of government agencies and commercial companies can master our words, conducts all the time. As a ordinary netizen, is there a reliable self-protective method?

Earlier this week, “Washington Post” has given five pieces of personal information security advice for escaping from NSA surveillance, including using Tor to surf the Internet, using Silent Circle to call. In fact, the Internet personal privacy problems are not limited to the NSA surveillance, in the past several years, the Chinese Internet companies user accounts massive disclosure and the threats to personal privacy and finance from Android phones’ malicious apps make customer privacy self-protective measures imperative.

At the age of anti-virus software is all free and invalid, everyone should understand the skills about personal privacy protection.

1. Use Firefox encryption plugin Tor to anonymously browse

To use Tor for anonymous browsing can prevent website browsing data from intercepted, so all kinds of insatiable Internet companies do not know what kind of ads should be pushed to you, NSA will also don’t know whom you are communication with. The whistleblower Snowden of NSA was photographed using Tor on the Internet.

Tor is a free Firefox anonymous browsing plugin, which’s able to encrypt network traffic data and can be used with Firefox browser on PC, Mac and Linux platforms. And encryption is at the expense of some of the browser’s speed.

It is noteworthy that Tor is not foolproof, for example in 2011 the hackers attacked Dutch certification authority NigiNotar, and created a lot of Facebook, Google, Skype and Tor fake digital certificates, the purpose was to monitor the Iranian Internet users. Similarly, according to Arstechnica reports, papers of USENIX Conference, the researchers also found that there are loopholes in Tor, which can be used to identify Bittorrent user’s identity.

2.  Use OTR app to encrypt chat

Snowden used a type of unknown OTR chat app when accepting the interview with the Guardian, this application can encrypt chat data, many free client support OTR, including Cryptocat and Adium of Mac OSX and IM+ for Android smart phone and iPhone.

3.  Use Silent Circle to encrypt voice and email, etc.

Silent Circle is a US native brand new personal communication encryption service, Silen Circle company announced that its four services would cut price while the NSA monitoring action burst, and these services include mobile phone voice encryption, text messaging encryption, VoIP voice and video call encryption and email encryption. This company claimed through an independent audit it ensured the services provided have no back door.

It is noteworthy that both the communicating parties must be users of Silent Circle if using Silent Circle encryption service. For those high-end business users who worry about information leakage, Silent Circle’s encryption service is very attractive.

4. Android mobile phone users use Redphone to encrypt calls and SMS

Android users are lucky, WhisperSystems company’s open-source software Redphone and TextSecure can provide security call and SMS encryption function. Similarly, both communicating parties must install Redphone clients. Thereinto TextSecure is used to encrypt text messages.

Redphone and TextSecure currently both have passed third-party audit to ensure that there is no back door.

5. Use PGP to encrypt data

PGP and the open source GPG that’s similar to PGP can be used to encrypt data and e-mail, these two software programs need a little bit knowledge to use, Snowden even had to make a teaching video for the Guardian reporter Greenwald.

6. Turn off phone, remove the battery

This approach sounds a bit radical, but this behavior when you don’t use mobile phone can prevent phone leaking your location information to mobile base station nearby. ACLU chief scientist Christopher Soghoian told the “Washington Post”: “laws of physics tell us that you cannot hide your location information to mobile operators.”

7. Stop using Windows and Mac OS operating systems

I believe that changing operating systems is a difficult decision, but considering that Microsoft has officially acknowledged having submitted global users data to NSA, the backdoor of operating system has become a real and serious problem. If you want to escape from “Matrix” and acquire free network user identity, you need to consider various versions of Linux including Ubuntu.

For ordinary computer users, information security including communication information and information placed in computer should be both considered. You need to try methods above to improve your information of communication security level, and for the information in computer, you can use third party tool file encryption program to set password to your folders.

Mar 11

The Global Economical Loss Caused by Cyber Crime Increased by 78%

Ponemon Institute recently released a research report entitled “2013 Cybercrime Cost”. The sponsoring companies for four consecutive years by the HP study estimated the economic impact caused by cybercrime. The report notes that the economic impacts caused by cybercrime in 2013 increased by 78% compared with the past four years, while in the past four years, in order to solve the problem the time cost increased by 130%. Average cost paid for per network attack is over $ 1 million.

In 2013, the frequency of attacks and damage has increased. Based on the sample of U.S. companies and the government, the loss caused by the network attacks is $ 11.56 million every year, which increased by 78% compared with that of the beginning of the study four years ago.

Although the network defense level is increasingly improving, while the cyber crime groups are also showing their strong ability of adapt and adjust facing the continuously improving network defense level.

Some important data in this report are summarized as below:

1) Every enterprise (organization) loss average $ 11.56 million owing to cyber crime every year, the loss range is from $ 1,300,000 to $ 58,000,000. Compared with the average level in 2012, it increases by $ 2.6 million, an increase of 26 %.

2) The fields of military, financial, energy, power industry suffered the largest loss caused by cyber attacks.

3) Data theft is a major factor causing the loss of cybercrime, which accounted for 43% of the total loss, loss of business caused by the shutdown accounted for 36 %.

4) The business or organization suffered 122 times successful network attacks weekly. In 2012 the figure was 102 times

5) The average time to resolve a cyber attack is 32 days; the average cost during this period was $ 1,035,000, which is about U.S. $ 30,002 thousand a day. And in 2012, the average time of solving every network attack is 24 days, the average cost’s $ 591,000.

6) The loss caused by DoS attacks, Web attacks and damage caused by the internal staffs accounted for 55% of enterprises cyber attacks losses.

7) For small businesses, the loss caused by network attacks in accordance with the average figure to every employee is much higher than that of large businesses.

8) For business, finding network attacks and recovery after the attacks was the most expensive two items.

This report also revealed the importance of necessary network defense mechanism and building network security awareness. Researchers also found that adopting security information and event management and Big Data Analytics can help mitigate the loss of network attacks.

For businesses especially the small business, enhancing employees’ data and information protection awareness and company’s data security system is imperative. In order to prevent unethical staffs stealing data and information, administrators can encrypt important folders in computer. For the important files shared with some employees, admin can password protect the shared folders and assign permissions to different users.

Feb 24

How Does NSA Almost Kill the Internet? (1)

《WIRED》 published a long article that tells the story that after the exposure of NSA massive surveillance activities, the Internet giants Google, Facebook, Microsoft and other technology giants have to confront with the government for their survive.

This is just a start of the chain reaction that will threaten the Internet industry basis. This topic has occupied headlines for months, and has become a hot topic of technology circles discussion. Over the years, technology companies’ privacy policies adopt subtle balance between maintaining the users’ privacy and providing personal data to government agencies. This field is new and is in controversy, sometimes it will erode the existing laws, while in the past, and these companies have made a difficult balance in the progress of promoting the policies. Technology companies suddenly find themselves caught into a fight which’s bigger than a battle involved in over share on Facebook or ads issues on Gmail. Over the past few months, they find that they have to fight with their governments for the future of the Internet.

Joe Sullivan, the Facebook’s security chief said, “We spent ninety minutes to respond.” Nobody’s heard of Prism project. And the worst is that Facebook and other technology companies are claiming to authorize the NSA to directly access to their server to get a huge amount of information, which seems completely wrong. CEO Mark Zuckerberg was shocked by the claim, and asked his executives whether this issue is true. They answered: NO.

Similar panic dialogue also occurs in Apple, Google and Microsoft. Google’s legal counsel Kent Walker said: “We are asked by the people around us: Is there any secret way to get information?” We said: NO.

Nevertheless, the Washington Post launched and described the Prism project. Technology Company quickly issued a statement to deny that they authorized the U.S. government directly into their user database. Because sometimes the secret court will order technology companies to participate in government projects, these projects require them to share data, but they are often reluctant to participate in, and the fact makes the technology’s statement complicated. Google and their partners did not talk about all the details of this issue, this is partly because the laws prevent them from full disclosure, and on the other hand, they don’t understand the government’s actual operational details of this project.

Before President Obama stepped in the issue, they have little time to plan out how to respond to Gellman’s allegations. President implied the Prism project when he responded to the leak problem, he said: “In terms of the Internet and e-mail, the matter did not involve U.S. citizens, nor people live in the United States.” The answer might alleviate some of the public outrage, but it did not play a helpful role for the IT industry. Most users of Apple, Facebook, Microsoft and Yahoo are non-US citizens. Now these users as well as regulatory agencies are directed to believe that using the services based on the United States means that their data will be directly sent to the NSA.

Technology giants spent years to establish trust which is now at the risk of bursting; however, they seem powerless to do anything for this. Legal restrictions makes them are not at liberty to provide complete documentation of their cooperation with the government, so they can only deny. However, even the most resolute denial – from Google CEO Larry Page and chief legal counsel David Drummond – cannot suppress the query for them. In the Q & A Drummond anticipates in on the Guardian website later this month, his questioner become more hostile:

“Whether this quiz is just a superficial after you are found the collusion with NSA?”

“If Google lies to us, then how can we say?”

“Google, you lost the trust we have given you for ten years.”

“I will stop using Google mail.”

Other companies are also facing such a siege. A company executive said:”Every time we talk about it, it seems that the things will be worse. We are more than not being trusted.”

Facebook’s global communications director Michael Buckley said:”The fact is that the government failed to turn the monsters back into the bottle, we can come up with any statement or statistics, like the government’s weekly routine disclosure, but the problem is that who will believe us? ”

In September last year, Facebook’s Zuckerberg expressed his disgust when attending a technology conference. He said “the government screwed up.” But the government’s actions, and after the world knew the wider information leakage, Zuckerberg, Page, Tim Cook, Marissa Mayer, Steve Ballmer and the other supervisors that have stored user information on their server are in trouble.

More than the revenue is at stake. The concept of maintaining the technology world is also at stake.  The Internet once came from a U.S. Department of Defense project, now it turned into World Wide Web that inspires a new era of civilization. Snowden’s leak questioned the Internet position that is characterized by free expression and authorization. If the network is regarded as an extension of the monitoring means, then the paranoid behavior brought about by it will affect the way people use the Internet. The countries that are angry for the U.S. intelligence agencies gathering information behavior have more reasons to use Snowden’s disclosed information to require U.S. government to stop collecting information, while the U.S. intelligence agencies will not easily give up collecting the information of these countries. Enterprises in the implementation of business activities will make the network Balkanization, destroy its open nature, and thus significantly improve operating costs.

For more information of data security and information protection, you can visit: www.kakasoft.com

Feb 17

Anti-Monitoring Battle is A Protracted War

The outbreak of the American “Prism” makes us know that we are living in a “monitored” era, and this monitoring action is s desecration of free network and absolute violation of the public information security. Monitoring of the information age is different from the traditional monitoring; the traditional monitoring refers to the fact that for some purpose, someone monitors somebody else through video surveillance or other camera recording methods, while the monitoring activity of the information age is equal to data theft, data monitoring or even data control.

Traditional monitoring is mainly caused by the distrust of individuals, businesses, and even government to some certain persons or groups. For the interests of certain groups, this behavior is understandable. But today’s network is a free world, there’s no individual, enterprise or even country that’s allowed to imprison its freedom. Anti-monitoring is the first step to confrontation.

The anti-monitoring battle at information age is actually a protracted war on information security, which needs people to know more about information defend technology, or even take measures to deal with the deteriorating International information security situation.

On the network, a serious network security error people most likely to commit is: Connect the public Wi-Fi and log on to your e –mail, bank account and other sensitive account information. If this situation is unavoidable – after all, you are in most of time in cafes, hotels, airports. You can consider buying a virtual private network; hence you can significantly improve the privacy protection when accessing the public network.

VPN, as an encrypted tunnel, can prevent bad guys from stealing your login information and other sensitive information.

Don’t put personal information in the cloud, and it should be encrypted even you must. The online file synchronization service like Dropbox, Google Drive and SkyDrive can be described as the best innovation of the Internet. However, when you conveniently view the latest photos stored on Dropbox, or easily find relevant text files on iCloud, you need to know that the data you stored on the server’s data is not encrypted.

This means that the relevant government law enforcement officials can readily obtain these data you stored. The hackers can also find security vulnerabilities on server suppliers.

For some sensitive data and information you need to synchronize across devices, the better choice is to use an encrypted cloud storage services. Of course, there is a more simple way- to find a file synchronization service with built-in storage encryption.

To ensure your online service security, you need to set a unique, random, tem or more-character password for every account. Don’t forget store them in a good password manager. For better security, please use the double-factor authentication provided by Google, Facebook and all the other services.

Double-factor authentication requests you in addition to enter the password, also need to enter a short numeric code. This code is usually from a physical FOB or smart phone app.

Dropbox, Evernote, Google, LastPass and Microsoft accounts adopt validators automatic work. And Facebook provides it owm code generator on its social network app, meanwhile, you can add Facebook code validator through Facebook account settings. In Facebook news feed page, click on the gear-shaped setting button on the top-right, and select account settings.

For the files stored in own computer or external storage devices, you mustn’t ignorance their security. They may be stolen or leaked to others even though you set boot password for your computer. To prevent the data stored in local computer and flash drives, you’d better lock files with password so unauthorized users can’t access without permissions.

At Information age, the value of the data will still be rising. As long as the mainstream of this era is still information and the Internet, the scramble for information resource won’t stop, the monitoring and the anti-monitoring won’t stop. In order not to damage their data security, it’s necessary to adopt targeted encryption software to guard the security bottom line.

Feb 10

Encryption Software Becomes Essential Factor for Future Information Security

In the day with rapid development, predicting the future based on the data analysis has become one of important reference for individuals and enterprises or even countries to formulate development plans. But there’s one thing that we cannot ignore. As the subject of this action, we need to pay attention to information protection. Once the information itself is wrong, the prediction definitely can’t be correct.

Security Situation – threats are increasingly targeted

In this informationization society, there’s no doubt that the most effective way to pry corporate secrets, to destruct the business’s normal operation or to steal enterprises’ funds is to invade the enterprise IT system. In order to avoid ulterior attacks and business confidential information stealing, more and more companies buy and install anti-virus, firewall and other information security protection products. Despite so, the security incidents are emerging endlessly.

In 2010, the U.S. Securities and Exchange organizations Nasdaq were repeatedly attacked; In 2011, RSA, Sony, U.S. digital certificate authority Comodo were hacked; In 2012, hackers used SQL injection to obtain 453400 users’ authentication information from Yahoo; In 2013, some banks and TV stations of Korea and some TV stations were attacked by hackers.

Do these companies not emphasize on information security? Nope. The companies listed above include not only the veteran IT enterprises and famous organizations but also the vedors that engaged in information security and financial organizations that highly valued information security.

For this reason, we can only conclude that information is now more and more targeted- Where there is value data, would be easy to burst a crisis.

What to do – informationization enterprises face unprecedented challenges

The development history of IT is accompanied by information security. After years of defense battles, current hackers have more specific target, more subtle method, and last longer, and there is a lot of means that can bypass conventional protective measures. Hackers cliques and ambushes the enterprise, they organized and premeditated to implement collaborative attacks. Moreover, with the improvement of the cost of crime, more and more attacks aimed at financial, securities, telecommunications and other industries that can bring high profits.

In 2013, some South Korean television stations and a number of banks were under attack, the cause is that hackers invaded anti-virus software vendors’ LANs and updated the virus database server, and then use the update mechanism to distribute malicious software to users’ computers.  The industry generally believed that in order to get these banks and television information, and to implement attack, the hacker is likely to have been dormant for a few months.

More frightening is that anti-virus software, as a corporate security “bodyguard”, has become hackers’ accomplice in this event. Traditional anti-virus, firewall and other security products are too dependent on the virus database to deal with unknown threats, various security products cannot coordinate with each other, etc. This is why so many large enterprises and security vendors will suffer hackers.

Whether for individuals or work groups, data security needs more attention. Effective precaution will be more useful than remedy measures, precaution of data and information security can reduce possibility of potential data leakage and data loss so as to decrease the financial and reputational loss caused by data loss.

For more information and data security solution, please visit: www.kakasoft.com