The Heartbleed Bug - Part 3

Posted by Tobias Eichenseer Wed, 23 Apr 2014 14:13:00 GMT

While there has been much coverage online about the Heartbleed bug, it hasn’t been clear exactly which websites have been affected by the bug. Our friends at Mashable created a list of popular websites that may have been affected by the bug as well as feedback from representatives at those companies. See our abridged version of the list below.

Websites that highly suggest you change your password as soon as possible:

  • Facebook

  • Google

  • Gmail

  •  Yahoo

  • YouTube

  • DropBox

  • Wordpress

 Websites that don’t find it necessary to change your password:

  • LinkedIn

  • AOL

  • Hotmail

  • Amazon

  • eBay

  • Pandora

Many websites that suggest you change your password are unclear whether their site was affected or not, but still recommend that users create new and unique passwords. For example, a Facebook representative stated, "We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to .set up a unique password."Because the Heartbleed bug is still an unraveling mystery, we believe the mantra “better safe than sorry” properly applies here. We suggest changing your passwords for every site you have an account with.

We’ll continue to update our blog with any new information about the bug!

no comments |

HOB at @sLAN in Madrid!

Posted by Tobias Eichenseer Tue, 22 Apr 2014 09:37:00 GMT

After we have already been to trade shows in the USA, Germany and Australia during the past weeks, we are now going to present our connectivity solutions to the Spanish audience.

HOB will be an exhibitor at the @sLAN in Madrid, which will take place from April, 23 – 24, 2014.

In the fast-paced IT industry it is especially important to always be up to date. That’s why we at HOB try to be present at as many tradeshows as possible. Being on the @sLAN in Madrid allows us to inform ourselves about the newest trends and opinions of the international IT market, without having to rely on information from a third-party.

The Spanish IT congress will host numerous IT companies, which will be presenting their latest innovations and products. This year, HOB will also present itself to the Spanish market and try to convince the visitors of its superior remote access solutions. IT trends that will be the focus of this year’s tradeshow are Cloud Computing, IT Security, Mobility, Big Data and Virtualization.

The @sLAN will take place from April 23 until 24 at the exhibition area Ifema – Parque Ferial Juan Carlos I in Madrid. If you are planning to visit the trade show, you can find HOB at booth number 22. At our booth, we will be presenting exciting live demos of our software solutions and provide you with additional information. Also, we will be having great giveaways for you. A special highlight for HOB will be the presentation of International Account Manager José Antonio San Juan Sampron, who will be talking about “Going Mobile – New Trends in the Enterprise Mobility Market.” The presentation will be held April 23, at 10:20 am in Room N110 CANAL.

We are looking forward to welcoming you at our booth and hopefully having many interesting discussions with all of our visitors!

For all of you who can’t make it to Madrid to visit us personally: HOB provides several opportunities to stay up-to-date about the newest IT security trends. On our HOB Trendtalk Blog, as well as on Google+ and Facebook, you can find information on topics about Secure Remote Access, Mobile Working, Cloud Computing and IT Security. Videos about those topics can be watched on our YouTube channel. And for those who like it short and simple, follow us on Twitter.

no comments |

A New Security Heart Attack: Heartbleed

Posted by Tobias Eichenseer Mon, 14 Apr 2014 11:33:00 GMT

Like Cryptolocker, a new security culprit has been unleashed on the Internet. The Heartbleed bug is a vulnerability within the popular OpenSSL technology that allows hackers to easily steal a service’s encryption keys, thereby allowing them to steal other sensitive information including passwords and credit card numbers. This new bug was discovered by a team of security engineers at tech company Codenomicon and Neel Mehta of Google Security.

Fortunately, a fix has already been created. However, the onus is on the service provider to adopt the fix before they can be secure from hackers.

So what can you do to immediately protect your data?

Security researchers advise Internet users to first make sure that service providers have fixed the bug on their server—a new password for a service that has not installed the fix can easily be stolen. Then, change the passwords to all of your services, especially for sites that contain sensitive information like e-mail accounts and banking accounts.

Security researchers also recommend that users use highly secure passwords. Check out our previous blog, “The Importance of a Strong Password” for password strength suggestions.

no comments |

Scammers Use Missing Plane as Bait

Posted by Tobias Eichenseer Tue, 25 Mar 2014 15:04:00 GMT

Since March 8, a Malaysia Airlines jetliner has been missing with 239 people on board. The entire world has been following the search efforts to find the plane through news sites, blogs and social media.

According to an article by Computer World, people who search for news about the missing plane may come across a fake Facebook page dedicated to scamming users for their money.

The page has a share button as well as blue and white graphics—similar to a legitimate Facebook fan page. However, if a person clicks on the site, they will be presented with a link that claims to be a Yahoo! News article, then a YouTube video and a final lure designed to generate money for scammers. 

The idea of the lure is to generate more clicks as apart of a Cost Per Action (CPA) scam. This is when advertisers charge companies according to the amount of clicks their advertisements received online.

As hackers and scammers become more innovative with their attacks, it is important to be extra aware and careful in terms of IT security. Hackers are on the prowl for unsuspecting social media users, insecure Wi-Fi networks and security holes. 

We at HOB are appalled by the bad taste and brazenness of the scammers, and condemn their attempt to enrich themselves by abusing the sorrow of other people. Our thoughts are with the families of the missing persons and we hope that they will soon have certainty about the fate of their loved ones. 

Readers, what are your thoughts on scammers taking advantage of the missing Malaysia Airlines plane? Please share your thoughts in the comments below.

no comments |

The Cautionary Tale of Cyber Attacks Continues

Posted by Sabrina Sturm Mon, 04 Feb 2013 09:00:00 GMT

Another chapter in the cautionary tale of cyber security vulnerabilities opens this week with the hacking of two major US newspapers – the New York Times and Wall Street Journal. The lead article in the Wednesday, January 30 issue of the New York Times covers the attempts and methods used by the Chinese military to hack into the their network. Reportedly, the Chinese military’s primary motive was to uncover the sources of an October article reporting on the wealth accumulated by relatives of China’s premier, Wen Jiabao.

Meanwhile, the Wall Street Journal also experienced hacks with connections to the Chinese government. The Journal reports that the Chinese’s intention also was to monitor coverage of China in their newspaper and to trace the sources of that information. 

Products that feature secure remote access, strong encryption and reliable authentication methods may seem like an adequate solution for a company with vulnerable networks. However, the New York Times states that their own anti-virus capabilities did not dodge the attacks.  Furthermore, these espionages exemplify the vulnerability of networks and the necessity of comprehensive security measures to prevent attacks. 

In a ZDnet article covering hacker expertise, Hewlett Packard’s SVP of enterprise security products, Art Gilliland, explains the power of knowing a hacker’s next step and disrupting it rather than solely using security software to identify attacks. “This is a game of risk management,” Gilliland stated. “Companies need to be able to see and understand their exposure potential and prioritize what they respond to.” The New York Time’s security team followed a similar strategy by surreptitiously monitoring the moves of the hackers in order to determine more adequate defenses against them. Before the hackers could do any serious damage, the Time’s security expert team blocked the hackers from breaking back in.

Because hacks are inevitable, expansion of security policies and experienced security teams are necessary to prevent future opportunities for hackers. However, many companies do not have the budget or experience to create a team with a sophisticated attack strategy. This is when organizations that monitor cyber attacks may need to be brought in.

Has your business been a victim of cyber attacks? If so, did you have security technologies in place that allowed you to identify and thwart the attacks? How well did they work? Contemplate these questions now to prepare you for the very real risk of an attack in the future.

no comments |