26th April, 2017
Cyberstalking is a common type of cyber crime that involves using electronic means of communication, such as IMs, emails or social media, to stalk the victim. The stalker may send threatening messages, make false accusations, spy the victim’s internet activities, steal his identity or simply make unwanted advances to stay in contact.
Given here are some tips that should be followed to protect yourself against cyberstalking:
Be Careful While Sharing Information Online
It is important to be cautious when you post anything on social media or share information through emails or IMs. It is very easy for the hackers to gather details about you such as name, residence, places of interests, friends and likes/dislikes.
Search your name on Google to see what results are being displayed. It is quite possible that hackers have created fake profiles in your name. You can also search your phone number to detect any unwanted information about you. Delete or report all the incorrect or unauthorized information you find about yourself on the internet.
Password Protect All Accounts
Create strong passwords for all your online accounts specifically online banking, email and social networking profiles. The security questions you choose should be complex so that the correct answers cannot be guessed by the stalker. Avoid using your name, date of birth, phone number or other such trivial details in your password.
In some cases, the cyberstalker may attach a web-enabled device to the victim’s computer system to monitor his activities. A software program or application may also be installed that transmits all your sensitive information to the stalker. Therefore, make sure you stay vigilant and perform a regular check to identify any such threats. Always log out of the computer system and lock the screen when you are away.
Review Your Privacy Settings
Social networking websites constantly keep on changing their privacy policies so you should keep a check on your account settings. Limit the number of people with whom you are sharing your information. You can even block some people from seeing your posts or photos. Accept friend requests from only those people whom you personally know and trust.
For more information on how to safeguard your identity over the web, please contact us at Centex Technologies (855) 375 – 9654.
17th April, 2017
Cloud computing has provided a convenient way to store, access and share data over the internet. However, password leaks and security breaches in the recent years have led to many apprehensions about the use of cloud services. The lack of compliance standards and stringent security policies in the cloud make your data vulnerable to many online attacks.
What Is Zero Knowledge Encryption?
Zero knowledge encryption is one of the most secure ways to protect your information stored in the public cloud. It offers complete data privacy, ensuring that no one can access your files, not even the cloud service provider. It also known as personal encryption or private key encryption.
How Does It Work?
When you upload any data to the cloud, it is encrypted on the client side. The key to decrypt the data can be accessed by the authorized user. Even the company providing the cloud services cannot access the data because the information gets encrypted before it reaches their servers. The decryption key is stored in the cloud server in a hashed format which is known only to the user.
The reliability of zero knowledge encryption is assessed on the basis of 3 principles:
- Completeness – Assuring that the cloud service provider is properly following the security protocols.
- Soundness – Double checking that the account can be accessed only by entering the right password.
- Zero Knowledge – Verifying that the decryption key is known only to the user.
Advantages Of Zero Knowledge Encryption
- It offers the highest possible control over your data stored in the cloud.
- Zero knowledge encryption allows you to use the popular, convenient and user-friendly cloud services in the most secure way.
- It minimizes the likelihood of a data breach as all the information is stored in an encrypted format. Even if the cloud server gets compromised, your data will still be safe because only you have the decryption key.
Limitations Of Zero Knowledge Encryption
- In case the user forgets his account password or decryption key, there is no way to retrieve the files stored in the cloud.
- The privacy of data becomes your responsibility. You will be held liable for any loopholes in its security or unauthorized attempts made to access the files.
For more information on zero knowledge encryption and cloud security, feel free to contact Centex Technologies. We can be reached at (855) 375 – 9654.
10th April, 2017
Synthetic monitoring, or active monitoring, is a technique used to test the performance of a website or application by analyzing its interaction with simulated users. It provides insights about downtime during the critical business transactions and issues being faced in navigation paths that a real user is expected to follow. This type of testing is usually performed by businesses who are expecting to receive huge website traffic during an upcoming sale or holiday season. Synthetic monitoring allows them to estimate the amount of traffic and HTTP requests the existing website or application can process efficiently.
How Does Synthetic Monitoring Work?
In synthetic monitoring, the tester creates scripts simulating a navigational path or action that has to be followed by a robot user. The script defines the activity to be performed during the test, i.e. log in to the website, visit a specific page or carry out a specific transaction. The test is executed through a pre-decided browser, server and geographical location. The script makes an HTTP request to the website just like an actual visitor would have made. When this occurs, the tester records the response time of the website and any other issues encountered such as increased load time or server error. The data obtained is then analyzed and evaluated.
A typical synthetic monitoring test answers the following questions:
- Is the website performing well?
- What is the average load time?
- Are all transactions being carried out smoothly?
- In case there is a website downtime or slowdown, what is the reason?
- Is the website ok to go live?
Why Do You Need Synthetic Monitoring?
- Identify and detect issues beforehand
With synthetic monitoring, you can simulate user interactions with your website and identify the performance issues well before they impact the user experience. You can easily find the root cause and fix it beforehand.
- Prepare for peak traffic
If you are launching a new feature in the application or a section in the website, you can proactively test the way it will respond to multiple user requests. This will help to ensure optimal website performance.
- Test from the end users perspective
By testing your website and applications from different browsers, geographical locations and internet service providers, you are better able to evaluate realistic user experience. It provides insights into the critical performance parameters that prepare your website for diverse user scenarios.
For more information on synthetic monitoring and its benefits, feel free to contact Centex Technologies at (855) 375 – 9654.
28th March, 2017
Man-in-the-Browser (MitB) attack is one of the most harmful forms of online threats prevalent in the recent times. It involves the use of a Trojan horse to gain access to the target user’s online banking credentials, financial details, account numbers and other sensitive information. The hacker uses a phishing approach to trick the user to click on a link that directs him to a website with manipulated form fields. A Man-in-the-Browser attack is quite difficult to detect as it does not hamper the normal functioning of the web browser.
Man-in-the-Browser attack can be specifically risky because of the following reasons:
- It does not require complex hacking or phishing techniques to gain access to the user’s web browser.
- It cannot be detected by anti-virus software.
- Since the attack operates between the browser and the user’s input, it can easily circumvent the standard security measure, such as two factor authentication.
How Does A Man-In-The-Browser Attack Work?
Just like other online attacks, a Man-in-the-Browser attack also begins by infecting the user’s computer with a malware. This may be done by compelling the user to download a malicious attachment, visit a fake website or click on a malware injected URL. Once the system has been infected, the malware remains in stealth mode until the user performs the desired action, such as access an online banking account or visit a shopping website.
At this stage, the malware gets activated and creates a code to add extra input fields in the web page. When the user enters the information in these fields, it gets transmitted to the hacker. The Man-in-the-Browser attack can even involve secretly manipulating data on the website, such as account number or amount to be transferred to initiate illegitimate transactions without the knowledge of the user.
How To Prevent Against Man-In-The-Browser Attack?
- Keep your web browser, operating system and other software updated as well as properly patched.
- Install anti-malware software on your computer system and update it frequently.
- Be careful while filling form fields on online banking and shopping websites. If you are asked to fill in additional form fields, provide more
- information than is normally required or re-enter your password, you should close the browser and start a new session.
- Keep a check on browser extensions. Make sure you use only reputed extensions and disable the ones that are no longer required.
We, at Centex Technologies, provide complete information security solutions to business firms in Central Texas. For more information, feel free to call us at (855) 375 – 9654.
21st March, 2017
As the online gaming industry continues to expand, hackers are looking for ways to breach into the players accounts to gain access to their personal and financial details. Whether you are a regular player or occasionally spend some time on an online game, you are making yourself susceptible to many potential attacks that can jeopardize your personal identity as well as financial privacy.
Given below are some of the common security risks associated with online gaming and how you can stay protected against them:
Phishing is a scamming technique that involves the use of imitation websites or fake URLs. The hackers send out emails to the online gamers with an aim to defraud them and gain access to their account login credentials or credit card details. The users may be required to click on a link to validate the online gaming account or change their password. The information entered is directly transmitted to the hackers.
To protect against phishing attacks, make sure you do not click on a link in an email. Instead, manually type in the gaming website’s URL to log in to your account and update your account settings.
In this type of attack, the cyber criminals may attempt to cheat the players with in-game resources, paid account upgrades or game characters. The stronger your game characters are, higher will be your chances of being targeted by the hackers. They may offer lucrative in-app purchases or character upgrades to extract your credit card details.
Playing cautiously is important to avoid being a victim of such attacks. Set up two factor authentication and create a strong password to prevent the hackers from breaching your gaming account.
Malicious File Downloads
Online gaming involves several file downloads. To capitalize on this, the hackers may attempt to infect the player’s computer system with malware. They may install fake game updates, anti-cheats, in-game interface tweaks, utility files etc. that contain a malicious code. Once executed, the malware acts as a keylogger as well as records your user name, password, credit card numbers and other sensitive information.
In order to stay safe, you should install an anti-virus software on your device. Schedule a daily scan to identify and remove any keylogger tools or malware files. Also, keep your device updated with the most recent patches and OS versions released by genuine vendors.
For more tips on online gaming security, you can contact Centex Technologies at (855) 375 – 9654.