ReadersZone

Recently security service provider SecureWorks Inc.has published a report showing that United States of America was the top source of distributed attack traffic. These figures are based on Company’s 2,000 customers so far in 2008. According to SecureWorks, 20.6 million attacks originated from U.S. computers and 7.7 million from Chinese computers. Top 10 Source of Distributed Attack

Hunter King, a security researcher at SecureWorks, Said

It clearly shows that the United States and China have a lot of vulnerable computers that have been compromised and are being used as bots to launch cyberattacks. This should be a warning to organizations and personal computer users that not only are they putting their own computers and networks at risk by not securing them, they are providing these cybercriminals with a platform from which to compromise other computers.

Don Jackson, director of threat intelligence at SecureWorks, Said

These findings illustrate the ineffectiveness of simply blocking incoming communications from foreign IP addresses as a way to defend your organization from cyber attacks, as many hackers hijack computers outside their borders to attack their victims. The Georgia/Russia cyber conflict was a perfect example of this. Many of the Georgian IT staff members thought that by blocking Russian IP addresses they would be able to protect their networks, however, many of the Russian attacks were actually launched from IP addresses in Turkey and the United States so consequently they were hit hard. This was a perfect example where we saw Russian cyber criminals using compromised computers outside their borders. On the other hand, we have found that many of the Chinese hackers will compromise large networks within their own country and use them as bots to attack other organizations. For example, entire university networks in China will belong to local hacker groups China’s hackers do create botnets from spamming through email and blogs, but a relatively larger percentage of the compromised hosts under Chinese control are simply machines in schools, data centers, companies — in other words, on large networks — that are mostly unguarded and consequently are entirely controlled by hacker groups, as opposed to distributed bots harvested from widely distributed international spam runs And often the groups have an insider in the networks they own. We also see many local hacker groups in Japan and Poland compromise hosts within their own country to use in cyber attacks, so the Chinese hackers are not alone in using resources within their own borders.

Computer security can be greatly improved by keeping your web browser and operating system up to date, using the latest versions of antivirus and antispyware software, following safe computer practices such as being wary of the websites you visit, and not clicking on attachments and links within emails until verifying that the sender intentionally sent the enclosed link or attachment.

Source : Compromised US and Chinese Computers Launch Greatest Number of Cyber Attacks, according to SecureWorks’ Data

Share

Google teamed up with AARP to launch a new video series that provides AARP members with helpful, easy-to-understand tips on how to stay safe online. It includes pointers on how to set privacy controls in online photo-sharing sites, configure firewalls to protect your computer, select safe and secure passwords for your online accounts, shop safely online, and avoid phishing scams.

Safe Starts

Practicing password safety

Sharing your content safely online

Know what’s posted about you online

Shopping safely online

Avoid phishing scams

Share

Microsoft warning its Windows Live Hotmail users about the latest phishing scam. Attackers are sending E-Mail messages to Windows Live Hotmail user asking them to verify their E-Mail accounts and asking Their User Name, Password, Date of Birth and their Country. The Message looks like this.

From: @hotmail.com
Subject: Hotmail Warning (Verify Your Hotmail Account now To Avoid It Closed)‏‏
Date: Sun, 10 Aug 2008 19:28:54 +0000

Dear Account User

This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending you this email to so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.
Due to the congestion in all Hotmail users and removal of all unused Hotmail Accounts, Hotmail would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

* Username: …………………………

* Password: …………………………..

* Date of Birth: ……………………….

* Country Or Territory: …………….

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.

Sincerely,
The Windows Live Hotmail

As Microsoft warning its Windows Live Hotmail users about this scam but i have not get any such mail till the writing of this post.

What Microsoft say about this mail

Hey Folks,

Please be aware that a new phish message is being sent stating that it is from the Hotmail team.  This is not a legitimate mail and you should not respond.

Remember, we will never ask you to verify your account in this manner.

Source : Windows Live Hotmail Technical Support Blog

Share

As technology is moving towards advancement the hacking movements are also.As business grows very high & gets more dependent on technology, it becomes more highlighted and easier target for hackers and others on the prowl for vulnerabilities. Data security attacks are basically done for three purposes :

1. By a person who just want the challenge of breaking into a system.
2. Most attacks have more malicious intent such as stealing credit card numbers, social security numbers or other personal data for immediate financial gain.
3. Corporate intellectual property theft is also done by hackers to resell the information or on behalf of competitors.

Must have tools and procedures for the protection of your highly sensitive data:

Regularly Backup Important Files

Backing up data is highly necessary because it ensures that, if data is lost by anyway’s, it can be recovered, but make sure that the back-up test has been done. Backup solutions include backing up data to an online storage service, to CD or DVD, or to some other removable media, such as another computer or hard disk. To prove the importance of backing-up of data.
An example Is given here-

Backing up of data is something that many of us do not do enough of because for many of us, this would severely cripple business. Think if anyone has not been backed up his data and when he needs it, he realized that the data was corrupted and unusable or all the data is erased.

Read the rest of this entry…

Share

There are many people over the Internet working very hard, trying to get some penetration on client computer. All have the same motive to install any software on your computer and that software will steal all your important information like bank account derails, user name and passwords, credit card information. Some of attackers have different motive like they want to destroy all your running programs. Some people thinks that why not do some damage on clients Mail box, they will trying to convert your mail box in a junk or spam mail box. As a computer user what our goal is work securely over the Internet. Let’s talk about some important point regarding the security penetration attempts and how to prevent them.

Read the rest of this entry…

Share

Now attackers are using media files like mp3, mpg and other format of media files to inject Trojan and other malicious software’s into the victim computers. Some days back infected mp3 files are spread over the Internet by some peer to peer networks. After downloading the media file, which can be of either MP3 or MPG form, when users try to play it, they will be prompted to download a file dubbed “PLAY_MP3.exe”. Victims should realize that the downloaded “music” or “video” file is actually fake and that no media file would be rendered. McAfee users will be fully protected of this Trojan horse after a virus definitions update. If you come in contact with any of these files, the McAfee Antivirus will recognize it as a Trojan horse dubbed Downloader-UA.h.

Read the rest of this entry…

Share

Bruce Schneier, one of the most appreciated security experts in the world, predicted some time ago the death of the security industry and these days, along with the RSA Conference and its security events, it seems he was right. Security is the most important part of IT industry and IT industry is looking for powerful but easy to use security products. Most of the IT companies want to buy some useful products like Database management system, Web 2.0 Applications, office Applications but they don’t want to buy security products. IT companies want security come in products that they are buying from vendors like Microsoft,IBM, Adobe,oracle and many other big names. Let’s compare Computer software security with the automobile industry.

Read the rest of this entry…

Share