October 31, 2014
Bash (Bourne-again shell) is system software used in Unix based systems, including Apple’s Mac OS X and Linux, and is used to manage its command prompt. Bash allows the user to type a series of commands in a text window which are then executed by the operating system. ‘Bash’ software is used in a majority of computer systems that connect to the internet.
Bash Bug, also known as Shellshock, is a security threat which makes the Bash software accessible to the hacker. The bug was discovered by the Unix specialist, Stéphane Chazelas, in September this year. Hackers can exploit this bug to take complete control of a targeted system. Bash Bug is considered to pose a larger threat than ‘Heartbleed’ bug which was discovered in April 2014. While Heartbleed bug exposed passwords and other sensitive data to hackers, the Bash bug is capable to wreak havoc as it allows the users to seize the entire system, snip data and shut down networks.
There are a number of web servers that are already being exploited with the help of Bash bug. The fix that was initially rolled out for the flaw was incomplete and just hours after the news went live; there were reports of hackers trying to take advantage of it.
How does Bash Bug work?
Bash software allows the user to control programs and features by typing commands in the text box. Officially only the website owners or limited programmers are authorized to enter these commands and access information. However the Bash Bug makes the command control and information accessible to the hacker. For instance, if a web server uses Bash as a background program to manage tasks, such as personal data filled in online forms, a hacker who intends to exploit Bash could steal this data. He could then add a disparaging code either to the server to direct the user to other websites or to infect their system with viruses.
One solution to prevent your system from the threat of Bash Bug is to keep your vulnerable devices updated. According to cyber security experts, Bash bug rates 10 on 10 on a scale of severity, implying that it has the ability to leave drastic effects.
Here are some important tips to save your data from this disastrous fault:
- Keep your security model application centric, which is not dependent on other security mechanisms.
- Create directed prevention strategies to monitor server programs and block malicious activities.
- Install hosted firewall and toughen the processes of operating system to ensure smooth functioning of the applications.
- Leverage application and device control capabilities to lock down configuration settings, file systems and the use of removable media.
- You should check for software updates on the websites of companies that make your router, computer as well as other Internet-connected equipment to prevent the bug.
Centex Technologies provide IT security systems for businesses. For more information on how to enhance security of your network and devices, please call us at – (855) 375-9654
October 27, 2014
The mystery surrounding the latest version of Google’s Penguin Algorithm has been resolved. The company rolled out the recent update, Penguin 3.0, on October 18th. It is the fifth release of Penguin till date and is mainly intended to combat black-hat SEO techniques, such as keyword stuffing, irrelevant keywords, invisible text to name a few. Although the update will be more interest to the website owners and SEO specialists, but will also affect the millions of users that turn up to the search engine giant to search for anything.
What does the update target?
- Exactly matched anchor text
- Keyword rich anchor texts
- Backlinks from spammy or low quality blogs and sites
- Malware affected sites or blogs
- Sites with high number of advertizements and partner links
- Sites or blogs having many backlinks from guest blogging networks
- Sites or blogs having artificial social sharing
How to protect your website?
Keeping in line with the previous versions of Penguin, the update will also target at penalize the websites that use spammy links to achieve a higher ranking in Google. Here are some of the ways in which you can safeguard your website from the drastic effects of the Penguin update:
- Remove faulty backlinks: You might not have any idea about the number of spam websites that are sending links to your website. Make sure you do an audit of all the links that can negatively affect the ranking of your website. Every link to your website should abide by the quality guidelines of Google.
- Remove exact match anchor texts: Over optimization can also lead to your website being penalized. Penguin update will target any anchor texts that are either exact match or keyword stuffed. Thus, make sure you remove all such links.
- Remove links from guest blogging: If you have been getting links from guest blogs in the past, make sure you identify all those links and remove them.
- Remove low quality and irrelevant links: If your website receives links from link farm directories, you must remove them. Google is completely aware that the only purpose of these indexes is to gain backlinks, particularly if these are not relevant to your business.
- Remove highly optimized links: Keyword stuffing has been a thing of past. Although these anchors might be getting you lots of website traffic earlier, but with the recent Penguin update, you can not only drop your ranking but also face strict penalties by Google.
Battling any Google algorithm’s penalties is quite difficult. Therefore, it is suggested that you keep a constant check on your backlinks and avoid using black hat SEO techniques for better ranking of your website.
October 16, 2014
With the growth of IT and digitalization, cyber-attacks and digital combat on corporate networks are continuously on the rise. Hackers are specifically targeting databases due to the sensitive and valuable information that they contain. Whether the information contains corporate secrets or financial records, worldwide cyber-criminals are always looking to penetrate the servers of businesses and breach their databases.
The most common database security vulnerabilities include:
- Deployment failure: This is the most common cause of database vulnerability. Even though every database, at the point of creation, is tested for functionality and proper working; it is often not analyzed or checked for deployment failure.
- SQL injections: When the database fails to filter the inputs, hackers can execute SQL injections that allow them to raise privileges and get hold of a wide range of information.
- Blank, weak and default password: It can be a tough task to keep records of all the passwords in an organization that manages many hundreds of databases. However by removing blank, weak and default passwords organizations can take the first step in securing their database system.
- Data leaks: Database is considered as a backbone of an organization and should be protected from the threats that arise from the internet. This makes it important to use TLS or SSL encrypted platforms for communication.
- Stolen backups: External hackers are always a threat but there might be some individuals inside the organization too that can be a threat to information and data stored in servers. Therefore, businesses should think about encoding archives to reduce the risk of an insider attack on the database.
- Misuse of database features: Businesses should uninstall or disable the packages that are not used. Apart from reducing the risk of attacks by hackers, it will also simplify patch management.
- Buffer overflows: This is most commonly exploited by the attackers. It includes flooding of inputs with a lot more characters than required, for instance- adding 100 more characters for an input that expects SSN. Instances of buffer overflows should be addressed with appropriate measures.
- Increased privileges: Database vulnerabilities also allow the hackers to get hold of important privileges and get permission to access administrator rights. It is important for administrators that they install patches and updates on time.
- Hopscotch: In addition to buffer overflow, hackers try to find out a weakness in the system and use it as a leverage to attack and get into the database. This risk can be reduced by separating the systems and creating discrete accounts for each administrator.
By keeping these important tips in mind you can definitely protect your database system to a considerable extent.
We at Centex Technologies assist companies to identify vulnerabilities in their database systems and provide security solutions for the same. For more information, call us at – (855) 375-9654.
October 10, 2014
Besides being the most admired place for social networking, Facebook is a website where people share most of their personal information such as photos, likes, habits, places they visited and even the place they are at the present moment. Therefore, it is extremely important to keep your Facebook account secure in order to prevent any misuse/ account hacking.
Here are some tips to keep your Facebook account secure:
- Create a strong password: Although it is the most basic advice to be given, but most people do not always follow it. Not just for Facebook, it is advised to keep a strong password for all the websites you use. Avoid using simple password like names, date of births, and successive alphabets or numbers. Instead, use a combination of uppercase and lowercase letters, numbers and symbols to make it bit complex. To change your existing password, click on Account Settings> General> Password
- Customize your privacy settings: You would not want everyone to view your personal stuff that you or your friends post on Facebook. In order to restrict people, you should choose appropriate privacy settings for your account. For that, you need to click on the padlock icon on the extreme right in the top toolbar, click on ‘Who can see my stuff’ and choose your preference from the drop down menu. It is recommended to you limit your privacy to ‘friends’ or ‘friends of friends.’
- Confirm Mobile Number: This will help you to reactivate your Facebook account in case you forget your password. To enter your mobile number, go to Account Settings> Mobile> Add a Phone. After this, you will receive a confirmation code on your mobile which you have to enter in the given column. Now, you have your mobile phone registered with Facebook.
- Setup login notifications: You can set up notification alert if anyone tries to access your account from an unknown device. This is an easy way to prevent unauthorized use of your Facebook account. To do this, go to Account Settings > Security > Login Notifications. From here, you can choose either to receive an email or a text message notification for any unapproved login.
- Always log out: Whether it is a public computer or a personal device, make it a habit to log out of your account after every session.
By putting these simple tips into practice, you can be assured of your Facebook account being safe and secure.