Oct 21

Establish Email Communication Network to Enhance Information Security

For the countries, the impacts caused by the issue of prism finally gradually emerged, and as a former world power, Germany finally plans to take actions on the information security aspect.

“Close the door on the U.S. National Security Agency!” German “Focus” magazine said on the 14th, the Germany’s largest telecommunications operator Deutsche Telekom Group appealed to set up a domestic email communication network to prevent foreign spies and hackers monitoring Germany local e-mail.

There’s report that since the United States the “prism” scandal disclosed, transnational Internet information and communication security has been questioned by various sectors. So far, the contents of emails transferred between Germany local users have to be sent to the destination by passing the server set in the United States or the UK. Therefore, Deutsche Telekom expressed the hope that in conjunction with other network operators to establish domestic mail communications network.

The director of Deutsche Telekom data confidentiality affairs-Mel Klein said that by this, e-mail communications between users in Germany has no need to pass the international focal point, but to restrict the data in the territory, which ensures that Germany data will not be monitored by the third party.

Deutsche Telekom has taken a step for the establishment of domestic e-mail communications network. The group has come to an agreement about providing a more secure email services framework with the German mail carrier Wed.de and GMX.de. Three companies employ more secure e-mail technology “Email – Made in Germany” to ensure that e-mail message sent by the user will be transferred with encryption technology. Moreover, all data of three carriers will only be stored on a server in Germany.

Allegedly, Deutsche Telekom has set an ambitious goal. In addition to the immediate objectives of establishment of the e-mail communications network in Germany outside, Deutsche Telekom is also proposed to extend the network to the European Schengen countries. Of course, this does not include the United Kingdom, one reason is that the UK is not a Schengen country, and the other reason is that there’s a complex relationship between the United Kingdom and the United States. Mel Klein said now all aspects have been matured, what we need is the consent of the German government and support of the network operator. But Deutsche Telekom’s competitor broadband network operators QSC said it’s impossible to determine that data is transferred through domestic or international routes.

Since there had been a history of monitoring people during the period of East Germany and Hitler’s Nazi, acts of government surveillance is a very sensitive topic in Germany. If establish a domestic e-mail communications network, the German intelligence agency may still monitor domestic data and telephone communication ​​under existing laws. Currently, the German government is authenticating on this proposal, many people expressed support.

Since the expansion of the prism’s impacts, countries are bound to introduce their own information security measures to deal with the problem, and as us, using file encryption software for data security protection is a must.

Oct 14

Source Code and Millions of Users’ Data of Adobe Were Stolen

According to Reuters, Adobe Systems said that hackers stole some of source code of its most popular software and millions of users’ data. Security experts worried about theft of the source code, because the confined review on the software will result in discovering new vulnerabilities that can be used to launch an attack difficult to detect.

Adobe said the hacker gained source code of Adobe Acrobat, ColdFusion and ColdFusion Builder. The company’s chief security officer Brad Arkin said that since the incident happened two weeks ago, they have been investigating the invasion , and there are no indications that hackers use the stolen source code to launch attacks.

Akin said that hackers stole 2.9 million Adobe customers’ information, including name, user ID and encrypted password, and payment card numbers. He believes that these attacks may be associated with each other. The company said it will reset passwords for customers worldwide who are affected by this issue, and to remind them to change the reusable passwords used on other sites. The response team of computer incident issue of US Department of Homeland Security said on Thursday, Adobe user should be careful not to be taken in.

Adobe said it is working with banks and federal law enforcement agencies to resist the invasion to customer accounts and to investigate the responsibility of these acts.

Large-scale disclosure of user information will cause more immediate threat on information security. Since this information including user names, bank card account numbers, passwords and other sensitive information. Therefore, in addition to the chance that real or virtual property will be stolen, they may be used to conduct phishing attacks which will cause more threats against users information security.

Users need to be aware of and guard against the threat caused by this issue, if you are a member of Adobe, please change your password. If you use the same password on other sites, you need to modify. If you use of login your credit or debit card in Adobe, please note whether there is unknown cards consumption.

Enterprises that hold customers personal information can’t pay too much attention to data security, since customers give their information to you out of trust, once you disclose the data to others and let the customers know that, they will never trust you. For enterprises which have customers’ information, complete data security solutions, such as server encryption, shared folder protection are necessary.

Sep 10

Google data center will fully encrypt data

Because of the data monitoring scandal of the U.S. National Security Agency (hereinafter referred to as “NSA”), Google has started a project that it will encrypt data transmitted between every data center.

 

“Washington Post” reported that Google has made this plan last year. But under the influence of “prism” incident of the NSA, Google is now ready to accelerate the implementation of the plan, in order to defend the company’s reputation for data protection. The vice president of Information Security Engineering of Google, Eric Grosse said: “This is an arms race, we see that the government sector is the most powerful race participants.”

 

On last Thursday, a report said that the U.S. government is seeking encryption keys to crack various forms of encryption solutions. Privacy protection and information security researcher, Ashkan Soltani said that government departments have a set of incredible keys, but they may be not applicable to this plan of Google.

 

Google’s plan does not have any influence on the legal requirements that this company need to meet. According to the Government’s request, Google still need to provide data for NSA or other departments. But Google has accelerated the deployment of this program, ensuring the program would begin in the coming months.

 

At present, the email transmitted from a Gmail account to another account email has been encrypted by “Transport Layer Security” encryption technology during the transmission. According to the plan, in the future the other data Google data center sends to others, such as the contents in Google Drive cloud storage service will be encrypted.

 

Google has not disclosed more information of the plan, such as how much it will cost Google, how many center centers it may refer to, and what encryption method it will use. Google said that this project will use end-to end encryption technology, which means that the data stored in the server and data in the transmission will be encrypted. It’s just like the folder protection on LAN which is used in our daily life, all the data will be conveyed to others via the Internet will be encrypted, which is a complete protection for the data. As the data leakage and data breach, we can’t pay too much attention to data security. As for us, individuals who are living in the real life and the network at the same time, we should take measures to password protect folder in the case of data being stolen.

Sep 02

The U.S. Launched Network Attacks to Several Countries in 2011

Top-secret documents “Washington Post” recently received shows that in 2011, U.S. intelligence agencies had implemented 231 network attacks to other countries which include Iran, Russia, China and North Korea and other countries.

This news is from funding budget documents provided by the former employee Edward Snowden of the U.S. National Security Agency (hereinafter referred to as “NSA”), which is also the evidence that the Obama government infiltrate and sabotage the foreign computer networks through cyber attacks.

 

Furthermore, according to another code-named “GENIE” secret plan, the U.S. computer experts also invade foreign computer network, placing it under the secret control of the U.S. Documents show that the project of $ 652 million budget inserts a large number of malware into tens of thousands of computer equipment every year, and plans to expand to several million units.

According to budget documents provided by Snowden, and the news disclosed by the former U.S. officials in an interview, the scope and scale of the computer intrusion implemented by the Obama administration are far more than outsiders imagine. Obama administration takes all network attacks as confidential action, and never publicly acknowledged.

The scope and scale of network attacks show that the United States has undergone tremendous changes, in the past the U.S. government sought to maintain international standards and against the intrusion actions via cyberspace, because at that time the U.S. economic and military force are very dependent on computer networks.

 

U.S. Deputy Defense Secretary William J. Lynn III Lynn said: “The guidance of policy debate has produced a change, attacking options now increasingly prevail, I think, more and more cases show that cyber attacks have been an important part for the United States to curb some of the enemy’s action.”

 

The budget documents disclosed by Snowden show that the U.S. government among the 231 network attacks implemented be the U.S. government since 2011, nearly three-quarters of which aimed at the highest priority targets, according to the former U.S. government officials, these targets includ Iran, Russia, China and North Korea, etc.. But budget documents provided little detailed information about these operations.

In 2009 and 2010, the United States and Israel allegedly jointly developed Stuxnet worm, which has destroyed Iran’s uranium enrichment facility’s computer system in the network attack. This event is often considered as a vivid case that the United States uses weapons to attack enemy networks.

According to presidential directive the U.S. government announced in October 2012, U.S. intelligence agencies define network attacks as “an activity of manipulate, destruct, destroy the information stored in your computer or computer network.” Therefore, folder encryption and file protection solution to network attacks now are widely used for data security. Most networks attacks will produce a direct impact on enemy computer system’s data or normal use of computer, such as network connection speed down and so on.

Aug 26

the Guardian, Cooperate with the New York Times Reports “Prism”

The British “Guardian” announced on Friday that it has agreed to let the “New York Times” see partial disclosure of confidential files that Edward Snowden disclosed in “prism” issue.

 

Before two sides reached a cooperation, the British government has threatened that unless the “Guardian” abandon or destroy the relevant documents about country’s Government Communications Department (hereinafter referred to as “GCHQ”), or it would commence legal action.

 

Informed sources said that the cooperate agreement has been reached as early as a few weeks ago, editor Jill Abramson of “New York Times” have been involved in negotiations.

 

According to the U.S. news website Buzzfeed reports, Scott Shane who is responsible for national security and intelligence news report, “New York Times” is now writing a series of reports which are expected to be released next month.

 

“The Guardian” said, the cooperation with “New York Times” makes it possible to continue to expose massive surveillance program of GCHQ besides its government duties in Snowden documents. ”

 

Allegedly, Snowden has gained temporary asylum from Russia and he has been informed of this cooperation agreement.

 

“The Guardian” editor, Alan Rusbridger disclosed earlier this week, under the supervision of GCHQ agents, “The Guardian” employees destroyed the computer devices contained Snowden’s documents earlier this month. Before that, the British government officials also threatened that they are likely to take legal action to “The Guardian”.

 

Luz Bridge said he had warned the British government officials, although those original materials have been destroyed but a copy was sent to the outside of British government jurisdictions.

 

British officials said they detained David Miranda briefly and had a questioning in London Heathrow Airport; and there will be a criminal investigate on this week. Miranda is the native British partner of Glenn Greenwald who is a reporter of “Guardian” in Brazil, Greenwald is the person who is in charge of the file disclosed by Snowden, what’s more, he also could directly contact Snowden.

 

British government officials said the disclosed information from Snowden has seriously undermined the UK’s national security, if there is more confidential disclosure, which can lead to a lot of people’s lives at risk.

 

For the issue of “Prism”, now more and more people are focusing on the data security, especially some enterprise and groups. Both individuals and groups are searching for a effective method to protect their files contained important and confidential data, of course, comprehensive protection for data will decrease many concerns and potential losses for us.

Aug 19

The Little-Known Serious Facet of Google

According to foreign media reports, people always have the impression that Google is a relaxed, laid-back, highly creative technology company. But when you get a really in-depth understanding, you will find the serious facet of Google – in order to protect user information, it has its own rigorous, thorough security policy.

 

All along, Google likes to portray itself as a highly innovative and flexible technology company with relaxed atmosphere. No matter the circular bike used for group meetings, or the easing policy that allows taking pets to work, and even the ubiquitous bright sofa cushions, which all make this company more interesting and charming.

 

However, the chief information officer of Google, Ben Fried, shows totally different feeling to people.

 

Google has been visited by network hackers regularly – from mid 2009 to the end of last year, this company suffered spate of attacks of Operation Aurora and individual hackers, hacker team.

 

Clearly, Google is not the only one targeted by hackers, however, in January 2010, Google responded and promised to improve the company’s safety and to better protect users’ data. Fried explains, “Security issues are the things IT departments need to spend most time thinking about.”

 

Now the problem lies in that the traditional security methods big companies like Google used before have been quickly eliminated. In the past, employees were given full trust in the company’s internal network. “We authorize Google employees just because there are their IP addresses in the internal network.”

 

At the same time, we believe that the Internet is an open network, where we cannot give any trust. Two networks are regarded as two completely separate entities, like a hard shell and a soft inside.

 

People think the Internet is too broad and difficult to control; while for the relatively small private corporate networks, it is manageable, because it has clear boundary, investigating misconduct is easier.

 

The problem is that now Google employees can’t work without the Internet, regardless of whether they use the company’s internal network, they will access to the World Wide Web. The only way to ensure Google data security is to limit the operations in the trusted network. But Fried admitted that the result of this is alienating our employees.

 

Although some people think, increasingly powerful firewall to protect Google corporate network, Friedrich has pointed out that this is only a very minor part of the puzzle.

 

Google are in a dilemma. In order to make services more intelligent, more effective, they need more user data. While more responsibilities will go along with more data. This means that the possibility that Google became target of cyber attacks also increase accordingly.

 

As for the data security, we have talked too much and there is always corresponding solution but not perfect solution to this problem. For us, we can password protect files to avoid data breaches and the anti-virus program is always the indispensable tool for PC users. Although we cannot eliminate data breaches thoroughly, we can still apply relative secured protection for our data.

Aug 12

Google are Developing New Security Authentication Products

According to foreign media reports, the world’s largest search engine Google ( microblogging ) is currently developing a new security authentication technology, the use of the technology may be able to make use of jewelry and other users Jewelry login account, instead of entering tedious password.

 

Google’s announcement about this experiment was appeared in a scholarly articles published in January. The goal of this development is to produce a small “USB key”, the user can use this key to entered all verified information into the computer. In addition, Google also mentioned that the embedded smart chip ring will be expectedly produced.

 

Last month, in RSA security conference hold in San Francisco, an engineer of Google who specializes in charge of security, Mayank Upadhyay, has a public speech for this technology. He said that the use of personal hardware to password login accounts can prevent from re-use or being copied. He also said that the people are familiar with this technology. “Everyone is very familiar with the ATM, why not use the computer in the same way?”

 

Upadhyay said that Google is developing a small USB key, when the key is inserted into the computer, the user can be authenticated through the network. The key is also built non-contact chip, which can be used on a mobile device.

 

Secret security token like that Google is developing does not contain a static password that can be replicated. Each encryption keys and devices are matched with each other; built-in data will never be transmitted to the outside world. When the key is connected, the key will make the right answer to the question the web site set up to ensure that the same information will not land again.

 

After the meeting, Upadhyay said that Google will also produce a ring which can replace cryptographic token, but he did not disclose the details of their work. “Some people may feel uncomfortable on the USB cryptographic token.”

 

From the development of Google, the personal security has become one of heated topic nowadays, for the science and technology have rapidly advanced, personal data and information are equal to fortune for all of us and the tricks of data theft have been more and more excellent. For people who are accustomed to storing personal data or information in PC or USB, the data security is the most important thing that will annoy them. I recommend Folder locker or USB locker to keep the data in the PC or USB more secure.

Aug 05

Several Details for Enterprise Security That Should Not Be Overlooked

We can’t put too much emphasize on enterprise network security and information security, because when you read this article, in the world, many companies are experiencing incidents huge economic losses or some even close down because of information leakage. This article hereby summarizes several protect information security have to pay attention to details, I hope you gain much after reading this article and become experts in information protection.

 

First of all, printer / fax machine is indispensable business office equipment. Printer / fax machine can bring convenience to the enterprise, but also can cause a fatal blow to the enterprise – the delay of printer / fax machine may cause confidential information leakage.

 

In a company, there is always the replacement of old and new employees. As a new employee, if he/she can browse resigned employee’s computer, and it is certainly of great benefit in understanding the new company. Such as the company’s customer records, rewards and penalties regulations, payroll, and even the important data which can only be known by specific individuals can also be seen. As business executive, network management, make sure whether there is any information that should not be known by new employees in the computer before turning over it to the new employees.

 

In addition, file sharing can greatly increase the efficiency for the staff. But someone will always carelessly disclose important information to each other when sharing files. Sometimes someone even snoop into the shared information. In order to avoid irrelevant people from peeping at the shared folder on the LAN, you can password protect the shared folder and then configure the relevant access permissions to specific people.

 

E-mail is a transit point for employees to steal information. The way of transferring company information by e-mail to steal company information accounts for 80% of information theft. Many companies do not install floppy, CD-ROM drive, USB port, but still cannot prevent employees stealing information by e-mail. Fortunately, there is a variety of e-mail monitoring software that can assist enterprise executive to monitor employees to send and receive e-mail. Therefore, in order to protect information security, and motivate employees to properly use e-mail, corporate should deploy e-mail monitoring software.

 

The data corrected by new employees in the first week is usually five times as many as which at the ordinary time. In this week, he/she can leave at anytime; he may crazily copy and transmit company’s data if he wanna steal these data for illegal purposes.

Jul 29

Automobile is Unsafe: the U.S. Hackers Will Publish Intrusion Method This Week

Two U.S. security researchers will announce the methods of network intrusion of the Toyota Prius and Ford Escape at Def Con hacker conference announced this week, hoping to attract more researchers to participate in the relevant projects.

 

Car hacking is not a new field, but the information has been kept secret to the outside. However, this situation may change, as Charlie Miller and Chris Valasek, these two well-known hacker said that they will release a detailed roadmap to facilitate outside to learn how to intrude Toyota Prius and Ford Escape critical systems through 100 pages of white paper.

 

Miller and Valasek are “white hat” hackers; their main purpose is to disclose the vulnerabilities before criminals make use of them. They will also release the software which can be used in this week’s Las Vegas Def Con hacker conference released for invasion of these two models of the software.

 

They said it has developed a number of ways to force the Toyota Prius to brake when it is in the speed of 80 miles (about 128 km), plays the steering wheel or the engine suddenly accelerates.

 

As the intelligence director of the security consulting firm, IOActive, Valasek is known to the public because he found out many loopholes of the Windows operating system. He referred to the two holes and said: “Think about it: If you are approaching to the crowd, what will happen.”

 

But the reality may be not so horrible as it sounds.

 

To exploit these vulnerabilities, these two researchers will be sitting in the car to directly connect to the network of car with a laptop computer. Therefore, the information they published won’t be used in remotely network intrusion, and this is major attacking method in the real world.

 

They hope their data to be released to encourage other white hat hackers continue to look for more car security vulnerabilities, and then fix them.

 

From the report above, we can realize how unsecure the electronic control is. Even though the electronic control can enhance the traffic safety and efficiency, it also brings about more challenges. Hackers will break in any computer as long as they master relevant skills. For almost all individuals and groups, one of the most important things is data and information, which can be considered as great fortune to people. So, try to password protect folder contained important and confidential data and information with encryption solution, and then you can add one more protection for your fortune. When you lock folder/file in your computer, you can be at ease even though hackers or malware intrude your computer.

Jul 22

Apple: Developer Center Downtime Results From Hacker Attacks

In July 22, Apple has just released a statement, explaining the Developer Center downtime events since last Thursday. The company said that its security system is compromised, the intruder may have stolen some of the developer’s name, mailing address and e-mail addresses and other personal information, but the user information is not stolen.

 

Apple is hoping to notice developers who may be affected. In addition, due to the intrusion event, Apple also decided to completely revised developer system, including updating the server software, and rebuilding the database and so on. This could also explain why the downtime lasted four days.

 

Apple expects the developer website will soon recover. The company’s statement reads as follows:

 

“Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed; however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around clock since then.

 

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.”

 

Apple’s subsequent verify to the IT website Macworld that the incident did not result in any disclosure of user information. The company spokesman said that all user information is securely encrypted; the intruder couldn’t come into contact with the application code or message server storage applications. But the company declined to reveal whether the government agencies are investigating this issue.

 

For every company or group, the company secrets or the confidential data and information are the most important fortune for them, so almost all companies or enterprises are focusing on data security, they choose to encrypt folders contained confidential and important data and information. Therefore, the data cannot be breached even though the computer is broken in by hackers or other malware or virus, for the folder is protected by the encryption resolution so nobody can access to it without correct password. Locking shared folder and configure different access permissions to different people can effectively protect shared data on the LAN.