October 16, 2014
With the growth of IT and digitalization, cyber-attacks and digital combat on corporate networks are continuously on the rise. Hackers are specifically targeting databases due to the sensitive and valuable information that they contain. Whether the information contains corporate secrets or financial records, worldwide cyber-criminals are always looking to penetrate the servers of businesses and breach their databases.
The most common database security vulnerabilities include:
- Deployment failure: This is the most common cause of database vulnerability. Even though every database, at the point of creation, is tested for functionality and proper working; it is often not analyzed or checked for deployment failure.
- SQL injections: When the database fails to filter the inputs, hackers can execute SQL injections that allow them to raise privileges and get hold of a wide range of information.
- Blank, weak and default password: It can be a tough task to keep records of all the passwords in an organization that manages many hundreds of databases. However by removing blank, weak and default passwords organizations can take the first step in securing their database system.
- Data leaks: Database is considered as a backbone of an organization and should be protected from the threats that arise from the internet. This makes it important to use TLS or SSL encrypted platforms for communication.
- Stolen backups: External hackers are always a threat but there might be some individuals inside the organization too that can be a threat to information and data stored in servers. Therefore, businesses should think about encoding archives to reduce the risk of an insider attack on the database.
- Misuse of database features: Businesses should uninstall or disable the packages that are not used. Apart from reducing the risk of attacks by hackers, it will also simplify patch management.
- Buffer overflows: This is most commonly exploited by the attackers. It includes flooding of inputs with a lot more characters than required, for instance- adding 100 more characters for an input that expects SSN. Instances of buffer overflows should be addressed with appropriate measures.
- Increased privileges: Database vulnerabilities also allow the hackers to get hold of important privileges and get permission to access administrator rights. It is important for administrators that they install patches and updates on time.
- Hopscotch: In addition to buffer overflow, hackers try to find out a weakness in the system and use it as a leverage to attack and get into the database. This risk can be reduced by separating the systems and creating discrete accounts for each administrator.
By keeping these important tips in mind you can definitely protect your database system to a considerable extent.
We at Centex Technologies assist companies to identify vulnerabilities in their database systems and provide security solutions for the same. For more information, call us at – (855) 375-9654.
October 10, 2014
Besides being the most admired place for social networking, Facebook is a website where people share most of their personal information such as photos, likes, habits, places they visited and even the place they are at the present moment. Therefore, it is extremely important to keep your Facebook account secure in order to prevent any misuse/ account hacking.
Here are some tips to keep your Facebook account secure:
- Create a strong password: Although it is the most basic advice to be given, but most people do not always follow it. Not just for Facebook, it is advised to keep a strong password for all the websites you use. Avoid using simple password like names, date of births, and successive alphabets or numbers. Instead, use a combination of uppercase and lowercase letters, numbers and symbols to make it bit complex. To change your existing password, click on Account Settings> General> Password
- Customize your privacy settings: You would not want everyone to view your personal stuff that you or your friends post on Facebook. In order to restrict people, you should choose appropriate privacy settings for your account. For that, you need to click on the padlock icon on the extreme right in the top toolbar, click on ‘Who can see my stuff’ and choose your preference from the drop down menu. It is recommended to you limit your privacy to ‘friends’ or ‘friends of friends.’
- Confirm Mobile Number: This will help you to reactivate your Facebook account in case you forget your password. To enter your mobile number, go to Account Settings> Mobile> Add a Phone. After this, you will receive a confirmation code on your mobile which you have to enter in the given column. Now, you have your mobile phone registered with Facebook.
- Setup login notifications: You can set up notification alert if anyone tries to access your account from an unknown device. This is an easy way to prevent unauthorized use of your Facebook account. To do this, go to Account Settings > Security > Login Notifications. From here, you can choose either to receive an email or a text message notification for any unapproved login.
- Always log out: Whether it is a public computer or a personal device, make it a habit to log out of your account after every session.
By putting these simple tips into practice, you can be assured of your Facebook account being safe and secure.
September 24, 2014
The latest invention with Google will come as a surprise to many. Now the programs that you watch on TV might affect your search results on Google. Recently, on the 16th of September, Google has been granted a patent, which was filed three years ago, to make use of the TV programs that the user watches as a signal for the ranking of websites. This complex patent has also been given a lengthy official name – ‘System and method for enhancing user search results by determining a television program currently being displayed in proximity to an electronic device’. Previously, Google had been using hundreds of logics in its algorithms to provide rankings to the search results but this one is quite novel and unique.
Here is an outline of the patent filed by Google:
“A computer implemented method for using search queries related to television programs. A server receives a user’s search query from an electronic device. The server then determines, in accordance with the search query and television program related information for television programs available at a location associated with the electronic device during a specific time window, a television program currently being displayed in proximity to the electronic device, wherein the television program related information includes program descriptions for a plurality of television programs being broadcast for the associated location.”
Therefore, what you watch on TV will be observed by Google to offer you the most relevant search results. It is not clear yet whether they will be using a set top box, a satellite or an internet aided device to accomplish this. To cite as an example, let’s say that you are watching a TV program on Porsche and at the same time you searched Google for ‘Cars.’ The search engine will assess that you like the program or the car model being shown on TV and thus Google may show up the website of Porsche and the model that you are viewing or relevant information about the particular show that you are watching. This way, live TV viewers can get enhanced search results that are relevant to the content of the program being aired or the ones that users are likely to be interested in watching.
As Google owns various entities, like YouTube and Chromecast, that stream live TV programs, it is quite understandable that it will have access to all its related information. However, the way Google will acquire information from other sources will be quite interesting to know.
September 17, 2014
A major concern for most companies, while putting their important documents in the cloud, is their security. Storing important documents without enough security can lead to a breach and loss of important information. CloudAlloy, one of the companies who exhibited at the Disrupt SF 2014 Startup Alley, follows a simple concept of breaking your documents into small pieces, spreading them across the cloud and getting them back again whenever you need them.
The creator of CloudAlloy, Vinay Purohit, reveals the details behind the whole process. The software just splits any documents into small bits, puts them into codes and deciphers them back for you. He further adds that by splitting the documents into different pieces, it becomes extremely difficult for hackers to put them together. Thus, in his words, “the encryption makes it bullet proof”. Whenever you request for the document, all broken pieces are decoded and combined together without any adjournment. In fact, Vinay insists that it would be faster than calling the whole document in a customary scenario of content retrieval. Also there is no need to worry even in the case of a service drop as they save some additional information along with each bit they allocate to the cloud and are still able to get it back even if the service stops working.
As of now, the service is compatible with Google, HP, Microsoft and Amazon S3, but the company is willing to work with a large enterprise if they want to avail their service. Vinay says that a person can also merge the local storage in the data center as well as the open cloud data in a hybrid model. It usually requires a minimum of 2 services however, you can also do this with a single service while considering on layering more services at a later time. The more services you use; more will be the level of security.
CloudAlloy is a very simple mean to certify security in the cloud. It does not require any complex inputs from the user or a huge IT involvement. You just have to subscribe to the service and as you store your docs in the cloud, it will break them into segments and provide the companies with a simple yet competent way to ensure content security.