China orders foreign computer security software out!
Posted by Daniel Snyder in My Thoughts, Security News on August 30, 2010
Communist China continues to go to extremes and has ordered its banks and other major companies to limit the use of computer security software developed outside of China. That means popular antivirus vendors will lose existing and potential business inside mainland China, and setting up an impending trade clash with the USA and Europe. Of course this is just like China as they continue to build up their own technology sector by hiding away from global competition. If you ask me, it seems pretty apparent that China is aggressively shutting out competition.
Considering the population of China software developers know that this is a very large viable market, and being shutout is definitely a frustration.
A manager of an inspection company said 10 to 20 per cent of enterprises that its technicians looked at in higher security tiers used technology from Cisco and other foreign providers. He said they were told to switch to or add Chinese-made firewalls or other technology.
“We asked clients to make changes and warned them they would fail to pass the inspection if they don’t,” said the manager at Guangdong Southern Information Security Industrial Base Co. He would give only his surname, Chen.
Essentially this Multi-Level Protection Scheme (MLPS), requires that core security software that is used by government and major companies that support major infrastructure (banks, transportation, airports etc…) must be provided by Chinese companies only. Foreign companies are being pushed to disclose encryption technology, which of course comes on the heels of some nations threatening to disable Blackberry service. So what does this make you think? Does this come as a surprise? I don’t think the majority of Westerners are at all surprised by a move like this. And it really isn’t a surprise since it’s been alluded to and in the works for over three years by the Chinese government. To what extent this may effect foreign developers we can only speculate. As I understand it many American and European firms were targeting China as a market that had the potential to pull them out of the recent recession. Now that they’ve been effectively shutout they’ll have to turn their attention elsewhere… but where?
Sources: Joe McDonald, Canadian Press Computer World, China Policy could force foreign security firms out.
ATM Biometrics Coming to a Corner Store Near You!
Posted by Daniel Snyder in Security News on August 24, 2010
Looks like ATM machines around North America are due for a security upgrade. This year Barnaby Jack demonstrated both local and remote ATM attacks at Black Hat 2010, and showed how easy it could be to hack an ATM and make it spit cash. Barnaby Jack also revealed a multi-platform ATM rootkit and discussed protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
Biometric Iris Scanners Coming to A Corner Store Near You!
One protection mechanism that we are now seeing become reality is biometrics. Although it has been in the works for years, it looks like all the futuristic spy movies we watched as kids are coming true as biometric iris scanning ATM machines are looming on the horizon, and in some parts of the world already in action. Of course you’re not likely to see one in your local corner store just yet, but they may well be coming soon! According to Jeff Carter of Global Rainmakers Inc. we’re all going to be connected to the iris system within the next decade.
The computer in a biometric ATM can identify a bank customer and scan their iris even from a distance of greater than three feet. The camera inside the machine takes a focused photo of the eye in black & white, while the system then measures the structure of the iris, and how light and dark areas fall upon it, a successful ID generates a code which is essentially the customers PIN. The latest method of biometrics is “finger vein” technology — an authentication system developed by Japanese tech giant Hitachi. Poland’s cooperative BPS bank says it’s the first in Europe to install a biometric ATM — allowing customers to withdraw cash simply with the touch of a fingertip. The company says that an infrared light is passed through the finger to detect a unique pattern of micro-veins beneath the surface – which is then matched with a pre-registered profile to verify an individual’s identity. “This is a substantially more reliable technique than using fingerprints,” Peter Jones, Hitachi’s head of security and solutions in Europe.
“Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,”
But what’s happening now is Global Rainmakers Inc. (GRI), based out of New York City, has announced that it will use iris scanning technology to begin creating what it claims will be “the most secure city in the world” in Leon, Mexico. The task is to hook up all of GRI’s city wide iris scanners to a massive database created with law enforcement authorities.
“In the future, whether it’s entering your home, opening your car, entering your workspace, getting a pharmacy prescription refilled, or having your medical records pulled up, everything will come off that unique key that is your iris,” Jeff Carter, CDO of GRI tells tech website FastCompany.com. Jeff Carter claims “Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,”.
You can read more about Global Rainmakers plans at Prison Planet, here.
Seems to me that things are changing so rapidly, the world around us is quickly become like that of every futuristic movie we’ve ever seen. Nothing is impossible anymore, and with creations and technology such as this the world is supposed to become a more secure place. Do you see this as a step forward, or do you have any objections to this kind of technology?
Sources: CNN World, "Biometric ATM gives cash via 'finger vein' scan." Prison Planet, "Biometric Iris Scanning Technology Rolled Out across entire city". Black Hat USA 2010 ATM Marketplace "Back to the Future: Biometrics Revisited"
Coca Cola takes facebook from virtual to reality seamlessly
Posted by Daniel Snyder in Facebook, social media on August 22, 2010
Technology, it’s an amazing thing. But when you combine incredible technology with amazing creativity and the bold world of social media the possibilities are limitless. With the boom of social networking over the past few years it is no surprise that the push is on to come up with creative ways of linking the social world online with the real world. Coca Cola Village in Israel partnered with facebook to seamlessly allow the teens enjoying themselves at Coca Cola Village to share their experience online. The now famous facebook “like” button became a real life reality as vacationing teenagers were given RFID (Radio Frequency Identification) bracelets which were encoded with their facebook user name and password. When the wristband was ‘swiped’ over top of the real life thumbs up box their facebook status was instantly updated with what they were doing at the village. In addition if photographed by one of the official village photographers, the RFID bracelet would tag everyone in the photo and upload it to facebook automatically.
The video below tells the story. But what’s accomplished by this? Ultimately this is Coke partnering with a company called Promarket and Publicis E Dologic to utilize social networking successfully and to the utmost extreme. The Coca Cola village holds 650 teens at one time, and in each cycle facebook was seeing about 35,000 posts! That means every teen was posting Coca Cola branded content just under 54 times on their facebook profile, to be seen and liked by all their friends and family.
The CEO of Edologic, Enon Landenberg, is quoted as saying, “We are continuously looking for ways to connect the physical world with the virtual world. The idea behind “The Like machine” is an ultimate solution. It is an innovative and pioneering method, and through it the possibility to involve your Facebook friends in events and experiences that are happening to you around the world becomes a very true reality.”
What are your thoughts? For me, it makes me wonder where this is headed next. I can see this technology (which isn’t too complex at all) being integrated into a lot of other aspects of our daily lives. Do you think that’s a good idea? Or, perhaps like the few people I discussed this with, that idea sounds scary. Share your thoughts!
Big Banks force Weak Security on Members
Posted by Daniel Snyder in Computer Security, Security News on August 17, 2010
Do you bank online? Your account may not be as secure as you’d like to think it is! The other day I was setting up my online account for my television cable provider and was asked to select a password. As I normally do I created a unique complex password for the site and stored it in a master database which is also password protected (by a different password of course!), my passwords are always complex and usually anywhere from 10 to 12 characters in length. I was frustrated when my cable provider rejected my 11 character password by notifying me that I was limited to a maximum of 8 characters and no special characters!
I have not found this uncommon either, I often find myself registering with websites that essentially force me into selecting a weak password. American Banks in particular have been under fire from security professionals for their current lack of strong security. A recent report by the OSCE which is of particular significance to U.S. banking customers reveals that “Bank network security, especially regarding log-on procedures, falls short of consumer expectations. Log-on protocols elsewhere utilize strong authentication. U.S. banks generally fail to meet that standard.” Read more about this on the E-Commerce News website, “Are Banks Short-Changing you on Security?“
Here are a few quick (and somewhat disturbing) facts about the current state of password security…
- 61% of passwords were either only lowercase letters or all digits (examples: iloveyou or 123456).
- 60% of web users only have one password that they use for all of their online accounts, including Facebook, PayPal, email, and banks, according to a recent study.
- An estimated 1 in 9 people use one of the Top 500 passwords posted on WhatsMyPass.com
A study by Trusteer Inc. a New York based online security vendor found that 73% of bank customers use their Internet banking password to access non-financial — and less secure — websites. While Forty-seven percent use both their online banking user ID and password on other websites.
Security Expert Bruce Schneier wrote an article about a British Bank (Lloyd’s) that rejected a man’s password because they felt it was “not appropriate”. The article though not directly applicable to what we are discussing today, does conclude by mentioning that at least that bank allowed more than four characters in their password. Albeit stopping the customer at six characters (which honestly, isn’t any more secure.) You can read all of Bruce’s article here.
How quickly can you be hacked?
Spend a few minutes at the Online Password Generator, and you can find out just how quickly your password could be hacked by brute force. A four character password no matter what special characters or numbers are used can be hacked in less than one second (if unlimited attempts were possible). Add two more simple characters and the time only increases to 53 seconds on a Intel® Core™2 Duo E4500. An eight character password utilizing numbers and letters will take about 19 hours, 19 minutes. Punch in a twelve character password that utilizes upper and lower case, numbers and special characters and it will take a whopping 377283354 years, 7 months to crack.
Not as Secure as the Bank would have you believe
In summary, online banking is simply not yet as secure as banks would like you to believe. Internet Criminals are aggressive and use many methods to steal information which include database hacks, brute force attacks and phishing scams. The majority of these attacks will be performed on social networking sites such as facebook or twitter where the stolen information can then be turned around and used on banks. If you are one of the 47% that uses the same information on a social networking site as you do at your bank, then consider yourself seriously warned. If on the other hand your bank allows complex passwords (like the one mentioned in the above paragraph), and has a secure (HTTPS) login, well then… bank online at your own risk!
Read more on password security as well as some interesting facts at the infocarnivore password archive.
Sandbox technology, what is it?
Posted by Daniel Snyder in Computer Security, Security Terms on August 16, 2010
Sandbox technology is something that is getting more and more publicity lately, but still many individuals and particularly your average home user don’t really know much about it. Since the infocarnivore blog focuses on the simpler side of security with the aim of assisting individuals who aren’t computer security experts I thought I’d write a brief post outlining sandbox technology.
What is it?
Today’s Sandbox technology as it relates to computer security is simply put a method of separating running programs from each other. It’s not to be confused with the Sandbox Effect related to search engines, or Sandbox Technique used by software development companies. A security sandbox is essentially a virtual environment where programs can run safely without having an effect on the overall system. This is especially useful when browsing the web or testing an untrusted program from perhaps an unknown or untrusted source.
Sandboxie
A popular program that is available in a free version is Sandboxie which creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. The below image from the sandboxie website gives a perfect visual of sandbox technology when used in the context of browsing the web.
VMWare
Another solution is VMWare which utilizes the same technology but is a little more advanced in features than Sandboxie, and is more of an enterprise or corporate solution as they have sandbox technology features for creating virtual desktops, virtual servers, and other management solutions.
For You, the Home User
The simplest way of defining a sandbox is that new data (which could potentially include malicious threats) is separated from your critical system files and stored in the ‘sandbox’ where it can be dealt with appropriately. If there is a threat it is isolated from making any destructive changes to your system. Perhaps now you can see how this technology can be useful. In the corporate and enterprise environment there are many other applications and uses for sandbox technology, but for You, the home user the most basic of solutions is protecting you from online threats such as malware, spyware, rogue antivirus products, or potentially malicious web links.
Now that you know do you think you’d give Sandbox technology a try? Leave a comment with your experiences or thoughts.
Kaspersky agrees, here comes Microsoft
Posted by Daniel Snyder in Computer Security, Security News on August 9, 2010
In my most recent post: “MSE about to become major player in Antivirus solutions“, I discussed the looming changes that are taking place in the antivirus industry as Microsoft Security Essentials begins to gain recognition and prominence. Shortly after writing that post I got some feedback as well as stumbled upon a few new articles and it looks as though Eugene Kaspersky agrees the anivirus industry is undergoing some big changes right now and in the near future. The information security specialist and founder of Kaspersky Labs is anticipating several big changes that will force antivirus vendors to adapt and one of the biggest changes is that software giant Microsoft is making a push to grab a big portion of the antivirus industries market share.
More criminals on the web
The changes that are taking place in the antivirus industry are not sudden or unexpected, malware writers are getting increasingly more creative and aggressive. The internet grows and therefore the number of criminals on it grows also. Governments and law enforcement agencies are struggling to come to terms with the cyber security plans and security jobs are in high demand and expected to only increase. In years back security vendors had only to focus on viruses and early trojans, malware did not exist for criminal intent until more recently. Now that there are huge profits to be made, malware writers focus their energy more on stealing confidential information and using it to make a profit instead of focusing on notoriety as they once did. Viruses are no longer developed for the express purpose of destroying data or crashing computers as they once were. Major threats today include keyloggers, rogue products, phishing attacks, worms and adware (among many others).
Microsoft seriously focused on security solutions
Along comes Microsoft, Kaspersky acknowledges “Microsoft is going to be seriously focusing on the security solutions market; this will include developing antivirus solutions.” Enter, Microsoft Security Essentials. Kaspersky goes on to say “The software giant’s entry will undoubtedly have an impact on the best-known industry players and the current market share of antivirus companies is likely to change radically. Naturally, each company will be affected in a different way. For some, it will come as a heavy blow, while others will barely be affected and yet others will welcome Microsoft’s arrival on the market.” Companies will adapt of course and pursue different technologies as they continue to compete, as sandbox technology becomes more popular we are likely to see it breaking into mainstream as well. Everything changes and marketing still plays a huge role in who’s product is most popular. People are naturally brand loyal, so we will see what the future holds.
For myself I found it initially hard to trust a product like Microsoft Security Essentials since security has not been one of Microsoft’s strengths in the past. However this is clearly changing as we see endless positive reviews of MSE and the integrity and strength of Windows 7 are clearly strengthening Microsoft’s reputation in this area. If you’d like to read more about Eugene Kaspersky’s anticipated changes in the antivirus industry (which are happening now) you can read his article here.
Perhaps you have an opinion or observation about the current changes that the antivirus industry is undergoing, feel free to share your opinion openly here, your comments are appreciated.
MSE about to become major player for AV Solutions
Posted by Daniel Snyder in Antivirus reviews, Computer Security on August 8, 2010
I write a lot about Antivirus solutions and I’m a big fan of free alternatives to the big name expensive products. My favorite free products being discussed here (Top free antivirus picks) so be sure to read up on them. Lately I’ve been hearing a lot of positive response on Microsoft’s Security Essentials so I thought I’d look into it a little further and let you know what’s going on. It appears to me that Microsoft is positioning themselves in such a way that they are about to become a major player in the Antivirus industry, looks like they want to give Norton some competition. I’ve always chuckled over Norton’s claim to fame that they are the biggest selling antivirus solution in the world, it should come as no surprise that this is only a result of successful marketing and not because they have the best product. After all, doesn’t it seem that half the computers in the world that a purchased out of a box come pre-loaded with a free trial of Norton?
Amazing Reviews
MSE was released on September 29, 2009 and since then has received amazing reviews. I for one am all too aware of Microsoft’s notorious security problems which have haunted the company for years on their various operating platforms, but with Windows 7 and the release of Microsoft Security Eseentials it seems pretty apparent that Microsoft has turned a corner. The fact that they have determined to release MSE as a free solution for home users is what is definitely going to make it a major competitor in the antivirus industry. At this point in time there are very few solid free antivirus solutions, in fact off the top of my head I can count all the ones I would trust on one hand.
Quick Facts
- Free for home users
- Runs on Windows XP SP2 or SP3, Windows Vista and Windows 7 including Windows XP mode on both x86 and x64 PCs.
- Real-Time Protection
- Easy on system resources (does not slow down your system significantly)
- Simple and easy to use interface
- Full anti-malware solution (protection against viruses, spyware, adware, rootkits etc…)
- VB 100 certification (pretty important accolade)
Microsoft is capitalizing on their large customer base and inside knowledge of their consumers knowing that a large majority of home users are unwilling or unable to pay for antivirus solutions, by offering a free product they continue to establish their name as a global leader in technology. With the success of Windows 7 and the amazing improvements they made in terms of security with 7 people are soon to turn to trust in Microsoft for security solutions. Microsoft offers opportunities to OEMs and System Builders who can pre-install Microsoft Security Essentials on their consumer-bound PCs to provide quality malware protection to their customers out of the box and at no cost.
Read the MSE Press release.
So there you have it, I predict MSE could become a key player in the antivirus industry, if they’re not already. What do you think? Would you give MSE a try, or perhaps you’ve tried it already, leave a comment with your thoughts, I’ll be sure to reply!
sponsors & affiliates
Subscribe to info carnivore
