June 29, 2015
Cybersecurity experts have come up with a new self-destructive virus, Rombertik, which is remarkably inimitable with respect to its functionality and perplexity. Identified by Cisco’s Talos Security Intelligence and Research Group, the deadly virus has been designed to decode any text entered into the user’s internet browser. It aims at stealing user names, passwords, bank account details, credit card codes and other sensitive information. Also known as the ‘suicide virus’, Rombertik attempts to destroy the infected computer if it gets detected.
How Does Rombertik Work?
Rombertik mainly targets a user’s computer through spam emails. When a user downloads the attachment files that accompany these emails, the virus installs itself on the device. Initially, Rombertik performs some checks to confirm it is not running inside the sandbox, after which it starts with its execution. What makes Rombertik different from other malware is its bloated file size. As stated by Talos, the unpacked version of Rombertik is merely 28 KB whereas the packed file is more than 1 MB. This implies that almost 97 percent of the data in packed version is included just to make the file look legitimate.
The malware Rombertik is self-aware, meaning that it recognizes if the user tries to dismiss it with anti-virus software. In an attempt to avoid detection, the virus starts to destroy itself along with the computer’s Master Boot Record (MBR), rendering it unusable.
How Does Rombertik Remain Undetected?
- The huge amount of junk elements contained in the executable file of Rombertik is never utilized by the malware. This inflates the volume of the file, which needs to be analyzed and studied by the cyber experts, thus, adjourning the virus identification process.
- The virus overwrites a single byte of random data 960 million times on the computer memory. This is done to deceive sandbox to take Rombertik to be an authentic program. It leads to extending the data log over 100 GB, thus, complicating the investigation and detection of the malware.
How To Protect Against Rombertik?
- One should not download attachments in emails from unknown sources.
- Anti-virus software should be updated to block the malware in the first place.
- Set up email security settings and block downloading of certain types of attachments.
Cyber security professionals recommend that users should constantly update their system’s security software and keep a backup of all the important data to minimize the effects of getting the system infected with Rombertik.
June 25, 2015
Switching over to cloud for your critical business operations, like emails and document storage, can be extremely beneficial. It can help to cut costs, organize workflow and eliminate the need for hiring specialized IT personnel. Above all these, the biggest benefit of moving operations to cloud is major data concerns such as security, support and backup are automatically taken care of. With a number of companies offering cloud based services, it can be difficult to choose the most reliable one for your business.
Here are some of the important questions that you must ask while screening a provider:
What level of services do they provide?
Determining your cloud computing needs can help you decide on what type of services you require. If you require more than just data storage service, there are several providers offering complete cloud computing services such as virtual software, applications and servers.
What is their pricing structure?
Choose a provider that allows you to pay-as-you-go. This means that you will be charged on the basis on the services you avail and your storage needs. The fees can be charged hourly, monthly or yearly, depending on your cloud service provider. Charges for cloud computing may be as low as $1 and go up to $ 100, as per your usage.
How secure is their cloud?
To ensure the safety of your company’s stored data, verify if your cloud provider follows standard and regularly updated security policies. You must look for measures like anti-virus software, firewalls, data encryption, two-factor user authentication, backups etc. Also ask them which employees at the company will have access to the information in the cloud.
What happens if the data is lost?
In the event that your cloud service provider inadvertently loses or obliterates your useful data, you must be sure how exactly they will resolve the issue. You must ask them about the provisions in the company’s Service Level Agreement (SLA) for such cases and if they would recompense for your loss. Also inquire if they have implemented any policies to mitigate the occurrences of such losses.
Is their cloud flexible enough to meet your business needs?
As you expand your business, you might need more storage space on cloud. Therefore, you must choose a company that can upgrade its services to accommodate your requirements. Ask them what other services and how much extra storage capacity they can provide over time. Also, it should be easy to add additional employees to your account.
Besides these, you should ensure that you can access all your business information from any device by just logging into your cloud provider’s sign in page.
June 20, 2015
There are thousands of ecommerce websites offering innumerable line of products, thus, making it extremely difficult to gain prominence in search engine results. By having several web pages listing different items, SEO for an online shopping portal becomes far more challenging than it is for other business websites. Owing to this, there are some common mistakes that most ecommerce companies are likely to make in their SEO campaign. Some of these are discussed below:
- Not providing product descriptions: While high definition images are essential to drive users’ attention, not accompanying them with product descriptions is the biggest mistake most companies make. Search engine crawlers use the content of these descriptions to index your website for that specific product. Make sure you include proper description giving complete details about the product to increase your web presence.
- Duplicating content from manufacturers’ website: Most ecommerce portals use descriptions exactly as given on the manufacturer’s website. While you may be providing accurate information about the product, you may get penalized by Google due to duplicacy of content. To avoid this, you must write informative and unique content that help your customers make the purchase decision.
- Not including product reviews: Not providing product reviews is also a major mistake made by ecommerce websites. These are equally important as descriptions to achieve a higher conversion rate. Majority of customers usually read the reviews posted by previous buyers to decide if they should buy a specific product or not. Positive reviews will help to make your site look credible and boost profits.
- Duplicating title tags: Another SEO mistake made by ecommerce companies is using the same title tags on all landing pages. Ideally, only the home page should have your brand name in the title tag, as opposed to all inner pages. In order to maximize your SEO potential, try to create unique key phrases relevant to the product listed on the page.
- Not optimizing URLs: Even if you have a well-designed website and unique product descriptions, you might be losing out on web traffic in the absence of an optimized URL. To avoid making this mistake, ensure that your website has a clean and descriptive URL instead of being a jumbled mix of random letters or numbers. You should also try to include relevant keywords in the URL.
We, at Centex Technologies, provide comprehensive SEO solutions for ecommerce companies. For more information, you can call us at (855) 375 – 9654.
June 9, 2015
In an attempt to enhance search experience for mobile users, Google has once again come up with a remarkable innovation called ‘Now on Tap’. At Google I/O held this May in San Francisco, the company previewed this smart upgrade to Google Now, a feature that will be available in the upcoming Android M.The basic idea behind Google Now on Tap is to enable the users to access information as and when needed, without having to leave the app they are using.
What Is It Exactly?
Essentially, Now On Tap takes the power of Google Now to a whole new level. It will be a core part of your Android operating system that will connect every element of your mobile device with Google’s extensive database. Rather than being a full screen app, Now On Tap will have a card-like interface that will appear on top of whichever app you are using, providing information relevant to the current content on your mobile screen. For instance, if a friend sends you a message about going for a movie, you can quickly tap and hold the home button to invoke Google to read reviews, watch trailer or buy online tickets without closing the app.
How Google Now On Tap Works?
According to Google Now’s product director, Aparna Chennapragada, Now On Tap will scan the words that you are presently viewing on your mobile screen and identify the relevant terms in it. Then, it will search these terms on Google, come up with the most contextual information you might need and present it in a card like format.
Just as with Google’s all other apps, the functionality is not limited for Now on Tap as well. It can provide information on anything and everything right from music, people, movies, restaurants, places and a lot more. Now on Tap will even work with voice search, with the user saying ‘ok Google’ from any screen or app in his phone. Let’s say you are listening to a song on your phone and you want to know about its singer. You simply need to say ‘Ok Google, who is the singer’ and you will automatically get the answer without the need to mention the name of the song.
The rollout is expected to come around the third quarter of 2015 alongside the release of Android M, according to official sources from Google.
May 30, 2015
A man-in-the-middle (MITM) attack occurs when an unauthorized user attempts to actively monitor, capture and control the information transmitted between the source and destination computer. The attack may be carried out to simply gain access to the encrypted/unencrypted information or empower the hacker to modify the message before passing it further.
How Does A Man-In-The-Middle Attack Works?
The man-in-the-middle attack is performed when the attacker gains complete control over the networking router along a normal flow of traffic. The cybercriminal, in most cases, is in the same broadcast domain as the victim. For example, a TCP connection exists between the server and client in an HTTP session. The MITM splits the link into two – one between the server and attacker and other between the victim and attacker. By interrupting the TCP connection, the attacker decodes, alters and inserts fake data into the communication. A man-in-the-middle attack aims to exploit the weaknesses in the communication protocol, convincing the source network to divert traffic through the attacker’s router.
Tips To Prevent Man-In-The-Middle Attacks
- Pay Attention To Certificate Warnings: A security certificate warning appearing for a website might indicate a serious problem. If the certificate doesn’t match with the server, you might be communicating with a malicious server carrying out a man-in-the-middle attack. Thus, you must not visit such websites, specifically if it involves entering important information like user names, passwords, bank account details etc.
- Check for HTTPS Encryption: When connecting to sites that process financial transactions such as online shopping or banking, make sure that the session has an HTTPS encryption. When communicating over HTTPS, your web browser checks identity certificates to confirm the credibility of the servers you are connecting to, thus, reducing the possibility of a phishing server.
- Be Careful While Using Wi-Fi Networks: Avoid doing any online transaction or sharing sensitive information if you are using a public Wi-Fi network. Be more alert if you see certificate warnings and websites without HTTPS encryption on such networks. Always try to use a private virtual private network (VPN) to create a secure connection to a trusted server.
- Install Anti-Virus Software: Installing and regularly updating anti-virus software can help you defend against man-in-the-middle attacks that involve infecting your computer with a malware.
We, at Centex Technologies provide the most advanced cyber security solutions for businesses. For more information, you can call us at (855) 375 – 9654.