Aug 25

Top 10 Security Issues Revealed in 2014 Blackhat Conference (2)

6. Insecure family router

In-Q-Tel’s CISO (Chief Information Security Officer) Dan Geer said in hacker conference that the home router was most likely to be invaded. These routers could be easily found through a network scan, which usually contained the default login information, and most people never thought of upgrading their router firmware to the latest version. Perhaps in 2014 family network security will be a hotspot for hacker attack.

7. NAS with numerous loopholes

Storage devices connected to the network even have more loopholes. A security analyst at an Independent Security Evaluators agency Jacob Holcomn said the topic at this year’s hacker conference theme is NAS network storage.

He said there’s no one device that he cannot get, at least half of the device he could intrude without authentication. Through invading NAV devices, attackers could hijack other devices’ traffic on the same network, using the sniffing technology similar to ARP. “Jacob Holcomb said in a hacker conference.

More alarming is that, loopholes Jacob Holcomb showed in hacker conference had been submitted to the NAS manufacturers, but these loopholes had not been fixed yet. And the NAS patches usually take a few months to reach users.

8. Network management procedure

Do you remember Carrier IQ that develops smart phone hidden tracking program and the chaos caused by it? In fact the original intention of this phone app was just monitoring the phone flow, and it’s just a network performance diagnose tool. However, phones that install this diagnostic tool are vulnerable to attacks. Just like Mathew Solnik and Marc Blanchou from said in hacker conference, this vulnerability could be used to execute remote code, and bypass the local protection mechanism of operating system.

The researchers said that about 70% to 90% of mobile phones sold worldwide were equipped with device management program. Some other devices, such as notebook computers, wireless devices and networking equipment hotspots, etc., were facing risks from the “Open Mobile Alliance Device Management Protocol” (OMA-DM) contained loopholes.

9. Cheap picklock

Qualsy company’s researchers Silvio Cesare demonstrated how to use cheap and easy to get components to patchwork a tool, and then use it to get a car with smart system.

Cesare said this tool can be used to open the car door, and opened the trunk. But it takes implementers 2 hours to stay in the vicinity of the car, so now the car thieves still not abandon the rowbar and turn to computers.

10. Invade Hotel

The loophole mentioned by Security consultant Jesus Molina in hacker conference is more practical. Molina had lived in five-star hotels St. Regis Shenzhen, China Shenzhen, at that time Molina cracked iPad app “ digital butler” the hotel offered for customers through reverse engineering and used protocol vulnerabilities in KNX / IP router successfully control the hall way lights. In addition to lighting, television, temperature, music in room, and even the window-blinds in more than 200 rooms in the hotel were all in control. More exaggerated, the hacker who controlled all of this even had no need stay in China.

If you need more information about individual data protection and enterprise file management, you can visit Kakasoft.

Oct 09

The Ban on Samsung Smartphone Import Is in Effect

According to the news, the U.S. Trade Representative’s office (USTR) said on Thursday that the ban on importing Samsung smartphones proposed by U.S. International Trade Commission (hereinafter referred to as “ITC”) will come into effect.

The earlier report said that owing to the absence of a veto by the United States President Barack Obama, the ban on imports of Samsung smartphones ruled by ITC is already in force.

However, the ITC’s ruling has to be handed over to U.S. President Barack Obama for considering, Obama has 60 days to give the final result of this ruling. If Obama does not veto the ITC ruling, the ruling will come into effect. Several media reports said, now 60 days time has passed, and Obama did not veto the decision.

ITC’s decision does not clearly indicate which devices of Samsung infringe, but has been determined that, Galaxy S 4G, Fascinate and Galaxy Tab these old models are infringing.

In sharp contrast, Apple has had a similar experience, but the result was the opposite. In June this year, ITC has ruled that some old products of Apple has infringed the patent of data transferring of Samsung’s products and ban the import or sale of AT & T version of the iPhone 4, iPhone 3GS, iPad (3G version) and iPad2 (3G version). But in August this year, the Obama government has rejected ITC’s ruling.

Nowadays, innovations in the field of IT usually rely on many small improvements involving numerous technologies, which means the patent is not always clear precisely. The open secret is that everyone infringes others’ patents in some way.

The battles of patent between companies are continuing, the fights of copyright are also continuous. If you operate a business and your company specializes in selling created videos or documents to customers, most companies tend to store the videos or documents into a USB and sell this USB to customers, but what can you do to protect your copyright from being breached by others? Here, I recommend you to use USB encryption solution to ensure the contents in your USBs will not be copied or transmitted by unauthorized users. You can use USB copy protection program to password protect the USB and configure access permissions to specific groups or individuals to allow them to access the contents in it and prevent other unauthorized access at the same time. Complete protection is the indispensable measure to ensure the security of companies’ wealth and inventions.

Mar 15

Samsung Galaxy S4 Finally Comes out and Within Reach of People

For years, in the market of smartphone, Apple and Samsung have been competing with each other for the market share. Ever since the release of Galaxy S3, Samsung has made Android phone more adorable than any other phone could. On March 15, 2013, Radio City Hall was filled with people, at the same time at the heart of New York City in Times Square an even larger crowd waiting there. At the beginning of the release conference, a piece of video which is about the company’s Unpacked Event campaign, and people are wondering about what it is in the little boy’s box.

Samsung made a perfect secret keeping job before the real release of Galaxy S4, so that it left much more space for all kinds of guesses and rumors and made it the most awaited phone of Samsung. Recently, with the popularity of all kinds of smartphones, tablets and ultrabooks, people enjoy more freedom in data on the removable devices, while USB security issues or folder protection case becomes more and more important at the same time.

Finally, when the box was opened and all guesses and anticipated come into the eye of all people. It is proved that Samsung S4 deserves a highly praise whit its strong and powerful hardware and featured new features. It sports a larger 5-inch 1080p Full HD Super AMOLED display and come with a much smaller bezel, has 441 ppi. Other specs include a 13MP rear-facing camera and 2MP for front camera, 2600mh battery and thinner body.

Apart for the improved hardware, the highlighted features of S4 lie in the brand new updated user experience. Sound Shot, Drama Shot, Eraser, Air Views, S Translate, Adapt Display, Story Album, Home Sync, S Voice Drive, Smart Switch, Group Play, Air Gesture and other special features make Galaxy S4 a perfect smartphone also brings people more convenience in use.  There are more chance for people to access the digital files on phone or computer, which also pose your files and folders to dangers and risks of data leakage, therefore, you need to lock files on your smartphone or PC.

Also, some people think that S4 is much like the previous S3 in appearance. There are a large amount of people talking about the disappointment about the new Samsung phone. But there are still space for improvement. We cannot deny that the development of technology keeps presenting surprise and changes to people’s life, from the original computers, phones to the recent advanced software and apps, such as USB flash drive copy protection application. Maybe this time you are not so satisfied with a single technology, more or less time will tell you about the reality. We can just anticipate for the next new product or new invention to enter our life.

Mar 13

How to deal with password leakage and breach in the current world?

The revealing of one of the Weird’s reporter’s most precious password was hacked by complex social exploits and t soon arouse people’s attention for the possibility of breach of their password for important accounts. Passwords are confidential personal information needs people’s special attention and it equals the urgency of USB security and folder encryption for files with valuable data on USB drive disks or a computer.

In June of 2012, hackers breached 6.5 million LinkedIn passwords and revealed them on a website, which surprised the ordinary users and made people realized that some sites that they usually visit with simple password may pose their information in danger. Some people also think that some sites should take higher level of security protection for their account and data. Although people find many problems about the current password and authentication system, there is no a better one can replace it in the current platform of Internet.

It is said that Google is working on find a substitution for password may be a USB device or a piece of jewelry. Till now this is just a concept that hasn’t turned into reality, so we cannot count on this completely new technology to save us out of the trouble now. Some people with confidential information or files still use password to protect folder on their computer or secure USB drive with USB security applications, but for these protecting methods, passwords is a must.  

There is still a little hope for ordinary people to fight with hackers and other cyber- criminals on the Internet and prevent them from getting your account and password easily. That is people need to make their password stronger, for example choose both numbers and characters and a proper length for your password, or abandon specific words or names in the password will increase the security strength more or less.  

There are more things to do if you want to password protect USB drive or other important files. For all people live in the digital world, they encounter passwords in all webs and social networking sites. Hackers may aim at the weak password, but the root of the problem is people attention and minding of the password as well as the information. As long as people concentrate and care about their password they can protect their data better.

Mar 07

Microsoft: who is peeping on users’ privacy in e-mails?

According to the report of some international media, that “Scroogled” campaign, which is advocated by Microsoft has moved on from sniping at Google Shopping to charge Gmail with invading its users’ privacy for it peeps e-mail for keywords that can be used for advertising purpose. It is said that Microsoft is planning to cease this campaign, but Microsoft said to Businessinsider that they will proceed on this campaign as long as Google peeps on users’ privacy.

Data protection and privacy security has long been a focused topic for people all around the world, if you think you lock file and folder on your computer with data security program is enough to safeguard your personal information, you are totally wrong. Files and documents in computer may have some of your information, however, how about the online world? People send and receive e-mails on the Internet from time to time, and they shop online and pay bills online too. Therefore these activities pose yourself to the danger and threat which may result in data leakage of your privacy and other information.

When Microsoft found that Google scan users’ Gmail and send them targeted advertise, they encourage users to abandon their Gmail accounts and take up accounts in Outlook.com which belongs to Microsoft in the first round of Scroogled campaign.  And then in the second Scroogled campaign which is advocated in the November of 2012, Microsoft built Scroogled.com and criticized Google adwords.

Privacy protection contains many contents such as USB copy protection and many other aspects, and people care about these topics very much. It is said that Microsoft will end their activity which aims at Google by changing the way used. They will give up using advertise to impact, while about the new measures and policies which they still keep in secret. But one thing can be sure is that no matter what measure Microsoft take to object Google, there is too soon to declare the end of it.

Actually, Microsoft also scans users’ emails in their Outlook mail service, but they said that they doing this just for the sake of preventing the invasion of spam and malware. It is hard to tell who people should believe and blame about the two giants. People need to pay attention for their privacy and protect personal information, or one day they may fall into endless trouble.

 

Mar 04

IT Security Problems Come from Internal Professionals

There are so many kinds of security dangers that threat the operation and protection of confidential information in a company or the enterprise. Hackers and phishers are not rare on the internet anymore and they plan attacks on website and servers all around the world. From time to time, USB security issue, leakage of personal information and other data breach from computer system of the company is worrying and drawing more attention from the public.

People who are very familiar with the inside operation and mechanism of a business is the biggest potential of data leakage and insider cracker for the whole company. Today, more and more people depend on online transaction and data exchange, which requires online account information very often for the whole business. And once these data fallen into the wrong hand, the coming consequence or loss is irrevocable.

Online privacy now is a vital concern for all people who use computer and rely on Internet to fulfill the need of data exchange. It is common that when people store some of the important files and folders on computer and usually they lock file and folder up to prevent the potential data breach and data leakage. While, this protective measure will not go for the business which contains many independent users.

The increasing number of identity theft posses more need and urgency for data protection for the data management of company. While, one thing for sure is that, the crime rate related to data protection inside the business gradually has a tendency of growing in recent years. The online world seems free and flexible, while there are also traps or even threats that hinder the integrity of people’s privacy, such as some targeted content or advertisement. For a browser, the inside plug-ins can track all activities of the user and send you ads and spam according to the account information and your surfing record.

It is reported that most of the data leakage related to personal information are come from the inside of the business or institution. Therefore, the situation is more serious for security professionals than normal attacks from online hackers and malware. In order to protect privacy and personal information from illegal breach and malicious attempt, people have to pay close attention on USB copy protection and file protection on computer or any other device.

There is no doubt that some big enterprises are gradually collecting information about their customers, in the online world, dangers and threats can be found everywhere. Most people haven’t realized the problem or they just have no choice to become the current situation for the Internet world.

Feb 19

Network Vulnerability: Thousands of Devices is Faced with Danger of Hacker Attack

Routers are one of the most widely used devices for people with the need of sharing their network and gain more convenience in using the network. Nowadays, routers and other network devices are the roots of attacks from hackers and other cyber criminals because of their adoption of Plug and play technology. As the occurrence of hacker attack and illegal use of the network people now value their privacy and folder encryption than they ever had.

According to a recent report from international media that network security software company Rapid7 is going to release a white paper which contains the content that most of the network technologies used in the market now leave networks vulnerable and then result in hacker attacks on thousands of personal computers, printers and storage devices in normal network environment. These attacks usually cause serious consequence for people’s private life and working staff. Comparing to USB security issues which are easy to control attacks from network devices are random and unpredictable so network vulnerabilities need more attention.

Computer routers and other network devices is the root for exposing users’ equipments to the danger of attacks from hackers and cyber criminals owing to the using of Universal Plug and Play, UPnP technology which enables the network to recognize and communicate external equipments faster, which save the time for network debugging greatly.

In this white paper, Rapid7 pointed out that their researchers have figured out 3 independent vulnerabilities from UPnP technology standard and these vulnerabilities result in 40 million to 50 million devices which include some well known brands such as Belkin, D-Link and Linksys etc. all around the world are vulnerable to attack.

If you want to make sure your sensitive files and folders in your computer or a USB drive disk free from the annoy of being breached or copied without any permission you can use a special data protection or USB copy protection software to safeguard your confidential information. But how about data protection threats result from vulnerabilities in network devices? According to the study of Rapid7, hackers may take advantages of the existing security vulnerability and get your highly classified documents, steal password, gain the total control of your PC or obtain remote control of the web cameras, printers and security systems.

Rapid7 recommended that if a company or consumer suspects his or her devices are at the danger of vicious attack then close the UPnP function in time and Rapid has released a tool on their web to help their customer to scan for potential security vulnerabilities in their routers and related devices and products.   

 

 

Jan 25

Privacy Leakage are Serious in Bank, Tenement and Telecom Area in Hong Kong

It is reported that according to Office of the Privacy Commissioner for Personal Data, Hong Kong with more and more residents attach more importance to privacy protection, these years the office has experienced a rising number of citizens who make queries to them. Last year alone, they received a total number of 19053 queries, which increased for 2 per cent. These complaints mainly involved in some private institutions, which refer to bank, tenement and telecom companies.

The fact is that, people now value their privacy more than they ever had before, that is not hard to tell from the number of people who using file and folder encryption and other data security software to safeguard their online and offline activities.

Last year the Office has received 1213 complaints, decreased about 18%, comparing to the former year (2011) which is 1486. Among all the complaints, the public or governmental organizations occupy about 1%, and the field that received the most complaints are police, housing, medical care and social welfare areas. There are about 50 privacy leakage relate to the government sectors incidences which more or less surprise the public.

About students in school, they often use USB drive disk to store files and studying materials, so that they value USB security very much, while how about the protection of personal information they put online. The fact is that, opening the searching site in Hong Kong, anyone can view and get information about students. According to the Office, these information include name, student number, their parents’ phone number and e-mail are put on the net by 11 education organizations, which will result in illegal use of the data by criminals.

Nowadays, data breach and data leakage of personal files are rampant, so it is urgent to take measures to protect private data. The worrying fact is that, the Office just revealed a very small part of the real situation. The privacy leakage affairs not only exist in the educational organizations, it goes for the commercial areas as well, although it is not so much obvious as the former one.

People can use some precaution method to prevent data losing and information leakage. First of all, when surfing the Internet, do not leave your private information in distrustful sites, and be alert about phishing webs. Next, you can password protect shared folder on the sharing network or LAN. Also do not forget strong anti-virus software and firewall, they are able to offer you a basic safe environment when you use the computer.   

 

Jan 22

Google May Abandon Password in the Future with Jewelry Replacing it

It is reported that an engineer from Google explained to international famous magazine Security and privacy that they think they’ve find the solution to annoying problem of forgetting or losing passwords. This engineer will explain explicitly about the reason about why they abandon the physical password, instead they choose a piece of jewelry, saying a ring for the future authentication tool.

In the modern days, as passwords becoming longer and longer and they are hard for ordinary people to memorize and faced with threats to get stolen. All of these problems have annoyed people from all around the world in using password protection or USB encryption method to secure their data and files on computer or other kind of storage devices. Google engineers write that the current security system and authentication system are insufficient to need people’s need of data security, partly due to the constant threats that exploit new bugs, what’s more, they say that simple token tools like passwords and coolies files are not secure enough anymore with the development of hacking techniques.

Google also emphasizes threats of phishing, in which hackers cheat on account owners by revealing sensitive information enter into a fake account log-in window, as one of the biggest security threats of today’s Internet data leakage and data breach.

Out of the purpose for more secure measures for information protection, Google designed a brand new system of authentication which allows users to log in a website quickly with the help of a mini USB disk. Using this method users are not required to install any software, although users may need to use browser which is required, according to Google. Comparing to folder encryption in the recent days, the registration and authentication protocols would be open and free, and this specially made USB device you can finish the authentication easily.

Of course, Google wish to find a simple plan for registration process, and it final target is to insert the security token into a ring or a smart phone at least. As long as people can keep their ring or the other carriers, they can make sure data security of their sensitive information.

It is said that Google now are testing YubiKey encryption card, which is much like a minimized USB disk. And in the future abandoning the current password is not very far away. Of course, all new technology need to experience thousands of testing before it really enter into the market and for sure it will crash the existing USB copy protection and folder protection method. Let’s just anticipate new technology will improve the authentication system and bring us more convenience in the future.