Archive for category Security News
Google Encrypts User Keywords
Posted by ThomasStone in Security News, SEO on November 3, 2011
In today’s Internet marketing world, companies must implement a broad portfolio of strategies to succeed online. Social media is rapidly accelerating in importance, while email marketing is still a reliable strategy. The huge industry that has developed around the online coupon craze –contenders like Groupon, Facebook Deals, and Google Offers–represents an increasingly effective way for small businesses to broadcast their brand across the online terrain. Pay-per-click (PPC) and Search Engine Optimization (SEO) practices can also extremely effective, but Google has recently made a move that affects several of these marketing strategies.
Citing user security concerns, Google decided to encrypt the key terms that deliver users to websites when these users are logged in to a Google account. Google has said this will affect a relatively small percentage of searches, but that percentage will likely grow as more people create Google accounts.
Previously, Google Analytics users could see the info surrounding the traffic flowing to their sites as well as the keywords people use to get there. With this information, website owners could build a strategy around those keywords. This made it fairly simple for users to consider where they should target their ads and how they could optimize for targeted keywords. Now that these queries are being concealed, website owners will be able to see that guests are coming to them from Google.com but not the keywords that brought them to their site.
PPC is another popular strategy to drive traffic and can be very effective when paired with other tools. With PPC, advertisers pay the website owner for every time someone clicks on their ad. The sponsored links that appear on sidebars and at the top of Google searches are another form of PPC. These companies pay Google directly. Google gets a lot of money through PPC and their decision to conceal queries will most likely be effective in directing more users toward PPC. It is not surprising that Google would strategize against companies championing methods used to capture organic search by legitimate means. Truthfully, it’s in Google’s best interest to not have the code of their search algorithm cracked. However, knowing the query terms that prompt a website to come up is just one of the many aspects of an SEO plan and this encryption of some keyword searches should do little to sway an overall SEO strategy.
Even though Google has made search queries harder to access, it is only a speed bump for SEO. Sure, some users who used to optimize themselves will find the process to be impossible without a roadmap. But any website that is using a professional SEO company shouldn’t experience too much of an effect.
Google’s move to encrypt search queries is certainly bold. It shows that Google isn’t afraid to flex its muscles under the guise of security concerns. While Google is not the only active search engine, it commands the highest market share by far. Despite Google’s disturbing move, smart companies can still succeed online using a comprehensive strategy that combines SEO, PPC, social media, online coupons and email marketing.
Place & Profit: Why would your movement profile be so valuable to companies like Google & Apple?
Posted by ThomasStone in Blogging, Security News on May 24, 2011
I remember the last week of October in 2010: there was a flurry around the office when we discovered that Google had merged place results with organic search results. I sat down and wrote an article about it right away. This change was actually really good news for our company and our clients—the more important that place becomes in search rankings, the easier it would be for us to help our local clients compete against big, national competitors. We were excited about it, and we immediately started rolling out maps optimization and other kinds of Local SEO campaigns to leverage these new opportunities.
I thought about that week driving home from work yesterday, listening to people on the radio talking about hearings that Congress is holding to investigate how Google and Apple are using the location-tracking data from smartphones that they (or other parties) might be collecting to build movement profiles of subscribers. I was floored. As place has become increasingly important in search over the past six months, Google has already been moving to capitalize on the SEO renovations that everyone’s been doing.
The Wall Street Journal summed up the mechanism at the heart of the matter succinctly, reporting that, “Android phones collect their location every few seconds and transmit the data to Google at least several times an hour…also transmitting the name, location and signal of any nearby Wi-Fi networks as well as a unique phone identifier.” There are different specs on how Apple would be able to collect location-data from iPhones, but the problem is essentially the same across the board.
If location can be tracked in real-time, marketing can happen in real-time. If movement profiles can be constructed of users there are possibilities for marketing that would resemble science fiction. If marketing companies know your route home from work or where you like to go on Wednesday night and they can toggle that with—say—information from your Facebook account, they’re going to be able to target you to sell you on deals in ways that would be more like telepathy than like Groupon or Facebook Ads. Marketing companies might end up knowing more about you than you know about yourself.
So there is pretty strong motivation for movement profiles to be built up for marketing purposes. Apple and Google assure Congress they’re not collecting location info for these purposes, and there is no evidence to the contrary at this point. However, it seems more or less inevitable that this is going to happen if the opportunity is there—whether Apple, Google, or the apps on your phone are collecting the information, somebody is going to be doing it. And, indeed, they probably already are. As the WSJ reports, “The Google and Apple[‘s Congressional hearings] follow… findings [from] last year that some of the most popular smartphone apps use location data and other personal information… more aggressively —in some cases sharing it with third-party companies without the user’s consent or knowledge.”
The question is: How concerned about this should we be? The IP address of the computer that you’re searching from already informs your search results, which—obviously—shapes the way that marketing forces are approaching you. If you live in Chicago, when you search for ‘Thai restaurants,’ both Google sponsored links and organic search results will be arranged in a manner that is more or less contingent on your location. As far as I know, there is no such thing as ‘pure’ or ‘objective global search results’ that can be accessed on any specific search engine portal accessed from any discrete IP. So there’s nothing new about this trend in marketing strategy. All search results are geographically contingent. The momentum that’s been growing around Place functionality over the past year would tend to indicate that, if anything, they will only become more so over time.
If anything, in the long term, the kinds of informational interactivity that movement profiles would open up would be likely to make local markets more efficient and productive. Social Media Marketing certainly takes location into account—and social media marketing is poised to become the supreme platform for marketing in the next decade. And that’s a good thing. It means that we’re having a conversation with the industries we’re buying from rather than just having commercials and products dumped on us. There will obviously need to be regulations about how this sort of location-tracking information can be used in court, and all of those questions will get hammered out in due time.
The jury is definitely still out on this question. I personally am still conflicted about whether this is going to be a good thing or a bad thing in the long run.
What do you think? Would movement profiles be an automatic negative, or could they make a contribution to market efficiency and adaptability? Please let me know what your thoughts on this subject are in the comment section.
Why would anyone want to hack my car?
Posted by Daniel Snyder in Computer Security, Security News on September 8, 2010
Your car could well be the next target for hackers… or is it? Why would anyone want to hack your car anyway? This past summer has seen numerous articles on the new threat of car hacking “the crime of the future”… The threat is simple, someone doesn’t like you, so they hack into your car from a distance taking control of it and causing it to crash, or perhaps they are not quite that malicious, so instead they remotely interfere with your cars normal systems in some way so as to become an annoyance.
Is this reality or still science fiction?
No, it is a reality, and this past summer at a security conference in California a man named Stefan Savage and his team presented their research and demonstrated how using a cars computer system they were able to break in and take control of the vehicle, doing things such as breaking and accelerating (all against the will of the driver). Now that we are seeing a lot more wireless access, the problem of car-hacking could be one anticipated to grow. In fact there has already been documented cases. In one case a car salesman in Texas remotely broke into vehicles of people who were late on their payments, he would do things such as honking their horn or disabling the car altogether. It is reported that up to 100 people found their cars inoperable after his hack. He was reportedly fired from the dealership.
Savage has been quoted as saying “To be fair, you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC,” [The New York Times].
Can car hacking be profitable for the perpetrator?
The majority of computer crime these days is taking place for one reason… money! And the things that are being pursued are primarily those that have the potential to reap large monetary rewards quickly. Is it possible to hack a car for profit? Yeah, probably in some kind of unusual way and obscure way, but probably not on any large scale. Does that mean we won’t see it happening? No, I’m certain this will be something that hackers want to play with a little, but probably won’t turn into any kind of major threat. You also have to consider that major auto manufacturers are not going to play around with their security. Just because up till now car security is no better than your average PC, doesn’t mean it is going to stay that way. Savage admits “I think at this point these attacks are much more fantastical than a real thing people need to be concerned about today.” I agree, I don’t anticipate we will be seeing much destructive car hacking action in the near future.
What are your thoughts? Are you concerned?
Sources:
Discover Magazine, Forget car-jacking, car-hacking is the crime of the future. CNET News
China orders foreign computer security software out!
Posted by Daniel Snyder in My Thoughts, Security News on August 30, 2010
Communist China continues to go to extremes and has ordered its banks and other major companies to limit the use of computer security software developed outside of China. That means popular antivirus vendors will lose existing and potential business inside mainland China, and setting up an impending trade clash with the USA and Europe. Of course this is just like China as they continue to build up their own technology sector by hiding away from global competition. If you ask me, it seems pretty apparent that China is aggressively shutting out competition.
Considering the population of China software developers know that this is a very large viable market, and being shutout is definitely a frustration.
A manager of an inspection company said 10 to 20 per cent of enterprises that its technicians looked at in higher security tiers used technology from Cisco and other foreign providers. He said they were told to switch to or add Chinese-made firewalls or other technology.
“We asked clients to make changes and warned them they would fail to pass the inspection if they don’t,” said the manager at Guangdong Southern Information Security Industrial Base Co. He would give only his surname, Chen.
Essentially this Multi-Level Protection Scheme (MLPS), requires that core security software that is used by government and major companies that support major infrastructure (banks, transportation, airports etc…) must be provided by Chinese companies only. Foreign companies are being pushed to disclose encryption technology, which of course comes on the heels of some nations threatening to disable Blackberry service. So what does this make you think? Does this come as a surprise? I don’t think the majority of Westerners are at all surprised by a move like this. And it really isn’t a surprise since it’s been alluded to and in the works for over three years by the Chinese government. To what extent this may effect foreign developers we can only speculate. As I understand it many American and European firms were targeting China as a market that had the potential to pull them out of the recent recession. Now that they’ve been effectively shutout they’ll have to turn their attention elsewhere… but where?
Sources: Joe McDonald, Canadian Press Computer World, China Policy could force foreign security firms out.
ATM Biometrics Coming to a Corner Store Near You!
Posted by Daniel Snyder in Security News on August 24, 2010
Looks like ATM machines around North America are due for a security upgrade. This year Barnaby Jack demonstrated both local and remote ATM attacks at Black Hat 2010, and showed how easy it could be to hack an ATM and make it spit cash. Barnaby Jack also revealed a multi-platform ATM rootkit and discussed protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
Biometric Iris Scanners Coming to A Corner Store Near You!
One protection mechanism that we are now seeing become reality is biometrics. Although it has been in the works for years, it looks like all the futuristic spy movies we watched as kids are coming true as biometric iris scanning ATM machines are looming on the horizon, and in some parts of the world already in action. Of course you’re not likely to see one in your local corner store just yet, but they may well be coming soon! According to Jeff Carter of Global Rainmakers Inc. we’re all going to be connected to the iris system within the next decade.
The computer in a biometric ATM can identify a bank customer and scan their iris even from a distance of greater than three feet. The camera inside the machine takes a focused photo of the eye in black & white, while the system then measures the structure of the iris, and how light and dark areas fall upon it, a successful ID generates a code which is essentially the customers PIN. The latest method of biometrics is “finger vein” technology — an authentication system developed by Japanese tech giant Hitachi. Poland’s cooperative BPS bank says it’s the first in Europe to install a biometric ATM — allowing customers to withdraw cash simply with the touch of a fingertip. The company says that an infrared light is passed through the finger to detect a unique pattern of micro-veins beneath the surface – which is then matched with a pre-registered profile to verify an individual’s identity. “This is a substantially more reliable technique than using fingerprints,” Peter Jones, Hitachi’s head of security and solutions in Europe.
“Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,”
But what’s happening now is Global Rainmakers Inc. (GRI), based out of New York City, has announced that it will use iris scanning technology to begin creating what it claims will be “the most secure city in the world” in Leon, Mexico. The task is to hook up all of GRI’s city wide iris scanners to a massive database created with law enforcement authorities.
“In the future, whether it’s entering your home, opening your car, entering your workspace, getting a pharmacy prescription refilled, or having your medical records pulled up, everything will come off that unique key that is your iris,” Jeff Carter, CDO of GRI tells tech website FastCompany.com. Jeff Carter claims “Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,”.
You can read more about Global Rainmakers plans at Prison Planet, here.
Seems to me that things are changing so rapidly, the world around us is quickly become like that of every futuristic movie we’ve ever seen. Nothing is impossible anymore, and with creations and technology such as this the world is supposed to become a more secure place. Do you see this as a step forward, or do you have any objections to this kind of technology?
Sources: CNN World, "Biometric ATM gives cash via 'finger vein' scan." Prison Planet, "Biometric Iris Scanning Technology Rolled Out across entire city". Black Hat USA 2010 ATM Marketplace "Back to the Future: Biometrics Revisited"
Big Banks force Weak Security on Members
Posted by Daniel Snyder in Computer Security, Security News on August 17, 2010
Do you bank online? Your account may not be as secure as you’d like to think it is! The other day I was setting up my online account for my television cable provider and was asked to select a password. As I normally do I created a unique complex password for the site and stored it in a master database which is also password protected (by a different password of course!), my passwords are always complex and usually anywhere from 10 to 12 characters in length. I was frustrated when my cable provider rejected my 11 character password by notifying me that I was limited to a maximum of 8 characters and no special characters!
I have not found this uncommon either, I often find myself registering with websites that essentially force me into selecting a weak password. American Banks in particular have been under fire from security professionals for their current lack of strong security. A recent report by the OSCE which is of particular significance to U.S. banking customers reveals that “Bank network security, especially regarding log-on procedures, falls short of consumer expectations. Log-on protocols elsewhere utilize strong authentication. U.S. banks generally fail to meet that standard.” Read more about this on the E-Commerce News website, “Are Banks Short-Changing you on Security?“
Here are a few quick (and somewhat disturbing) facts about the current state of password security…
- 61% of passwords were either only lowercase letters or all digits (examples: iloveyou or 123456).
- 60% of web users only have one password that they use for all of their online accounts, including Facebook, PayPal, email, and banks, according to a recent study.
- An estimated 1 in 9 people use one of the Top 500 passwords posted on WhatsMyPass.com
A study by Trusteer Inc. a New York based online security vendor found that 73% of bank customers use their Internet banking password to access non-financial — and less secure — websites. While Forty-seven percent use both their online banking user ID and password on other websites.
Security Expert Bruce Schneier wrote an article about a British Bank (Lloyd’s) that rejected a man’s password because they felt it was “not appropriate”. The article though not directly applicable to what we are discussing today, does conclude by mentioning that at least that bank allowed more than four characters in their password. Albeit stopping the customer at six characters (which honestly, isn’t any more secure.) You can read all of Bruce’s article here.
How quickly can you be hacked?
Spend a few minutes at the Online Password Generator, and you can find out just how quickly your password could be hacked by brute force. A four character password no matter what special characters or numbers are used can be hacked in less than one second (if unlimited attempts were possible). Add two more simple characters and the time only increases to 53 seconds on a Intel® Core™2 Duo E4500. An eight character password utilizing numbers and letters will take about 19 hours, 19 minutes. Punch in a twelve character password that utilizes upper and lower case, numbers and special characters and it will take a whopping 377283354 years, 7 months to crack.
Not as Secure as the Bank would have you believe
In summary, online banking is simply not yet as secure as banks would like you to believe. Internet Criminals are aggressive and use many methods to steal information which include database hacks, brute force attacks and phishing scams. The majority of these attacks will be performed on social networking sites such as facebook or twitter where the stolen information can then be turned around and used on banks. If you are one of the 47% that uses the same information on a social networking site as you do at your bank, then consider yourself seriously warned. If on the other hand your bank allows complex passwords (like the one mentioned in the above paragraph), and has a secure (HTTPS) login, well then… bank online at your own risk!
Read more on password security as well as some interesting facts at the infocarnivore password archive.
Kaspersky agrees, here comes Microsoft
Posted by Daniel Snyder in Computer Security, Security News on August 9, 2010
In my most recent post: “MSE about to become major player in Antivirus solutions“, I discussed the looming changes that are taking place in the antivirus industry as Microsoft Security Essentials begins to gain recognition and prominence. Shortly after writing that post I got some feedback as well as stumbled upon a few new articles and it looks as though Eugene Kaspersky agrees the anivirus industry is undergoing some big changes right now and in the near future. The information security specialist and founder of Kaspersky Labs is anticipating several big changes that will force antivirus vendors to adapt and one of the biggest changes is that software giant Microsoft is making a push to grab a big portion of the antivirus industries market share.
More criminals on the web
The changes that are taking place in the antivirus industry are not sudden or unexpected, malware writers are getting increasingly more creative and aggressive. The internet grows and therefore the number of criminals on it grows also. Governments and law enforcement agencies are struggling to come to terms with the cyber security plans and security jobs are in high demand and expected to only increase. In years back security vendors had only to focus on viruses and early trojans, malware did not exist for criminal intent until more recently. Now that there are huge profits to be made, malware writers focus their energy more on stealing confidential information and using it to make a profit instead of focusing on notoriety as they once did. Viruses are no longer developed for the express purpose of destroying data or crashing computers as they once were. Major threats today include keyloggers, rogue products, phishing attacks, worms and adware (among many others).
Microsoft seriously focused on security solutions
Along comes Microsoft, Kaspersky acknowledges “Microsoft is going to be seriously focusing on the security solutions market; this will include developing antivirus solutions.” Enter, Microsoft Security Essentials. Kaspersky goes on to say “The software giant’s entry will undoubtedly have an impact on the best-known industry players and the current market share of antivirus companies is likely to change radically. Naturally, each company will be affected in a different way. For some, it will come as a heavy blow, while others will barely be affected and yet others will welcome Microsoft’s arrival on the market.” Companies will adapt of course and pursue different technologies as they continue to compete, as sandbox technology becomes more popular we are likely to see it breaking into mainstream as well. Everything changes and marketing still plays a huge role in who’s product is most popular. People are naturally brand loyal, so we will see what the future holds.
For myself I found it initially hard to trust a product like Microsoft Security Essentials since security has not been one of Microsoft’s strengths in the past. However this is clearly changing as we see endless positive reviews of MSE and the integrity and strength of Windows 7 are clearly strengthening Microsoft’s reputation in this area. If you’d like to read more about Eugene Kaspersky’s anticipated changes in the antivirus industry (which are happening now) you can read his article here.
Perhaps you have an opinion or observation about the current changes that the antivirus industry is undergoing, feel free to share your opinion openly here, your comments are appreciated.
-
You are currently browsing the archives for the Security News category.
Welcome & About Info Carnivore
Top Commenters