Category: Security Page 71 of 75

Bash Bug Security Threat

On October 31, 2014

October 31, 2014

Bash (Bourne-again shell) is system software used in Unix based systems, including Apple’s Mac OS X and Linux, and is used to manage its command prompt. Bash allows the user to type a series of commands in a text window which are then executed by the operating system. ‘Bash’ software is used in a majority of computer systems that connect to the internet.

Bash Bug, also known as Shellshock, is a security threat which makes the Bash software accessible to the hacker. The bug was discovered by the Unix specialist, Stéphane Chazelas, in September this year. Hackers can exploit this bug to take complete control of a targeted system. Bash Bug is considered to pose a larger threat than ‘Heartbleed’ bug which was discovered in April 2014. While Heartbleed bug exposed passwords and other sensitive data to hackers, the Bash bug is capable to wreak havoc as it allows the users to seize the entire system, snip data and shut down networks.

There are a number of web servers that are already being exploited with the help of Bash bug. The fix that was initially rolled out for the flaw was incomplete and just hours after the news went live; there were reports of hackers trying to take advantage of it.

How does Bash Bug work?

Bash software allows the user to control programs and features by typing commands in the text box. Officially only the website owners or limited programmers are authorized to enter these commands and access information. However the Bash Bug makes the command control and information accessible to the hacker. For instance, if a web server uses Bash as a background program to manage tasks, such as personal data filled in online forms, a hacker who intends to exploit Bash could steal this data. He could then add a disparaging code either to the server to direct the user to other websites or to infect their system with viruses.

Preventive Tips

One solution to prevent your system from the threat of Bash Bug is to keep your vulnerable devices updated. According to cyber security experts, Bash bug rates 10 on 10 on a scale of severity, implying that it has the ability to leave drastic effects.

Here are some important tips to save your data from this disastrous fault:

Keep your security model application centric, which is not dependent on other security mechanisms.
Create directed prevention strategies to monitor server programs and block malicious activities.
Install hosted firewall and toughen the processes of operating system to ensure smooth functioning of the applications.
Leverage application and device control capabilities to lock down configuration settings, file systems and the use of removable media.
You should check for software updates on the websites of companies that make your router, computer as well as other Internet-connected equipment to prevent the bug.

Centex Technologies provide IT security systems for businesses. For more information on how to enhance security of your network and devices, please call us at – (855) 375-9654

Database Security Vulnerabilities

By centexitguy

On October 16, 2014

In Security

October 16, 2014

With the growth of IT and digitalization, cyber-attacks and digital combat on corporate networks are continuously on the rise. Hackers are specifically targeting databases due to the sensitive and valuable information that they contain. Whether the information contains corporate secrets or financial records, worldwide cyber-criminals are always looking to penetrate the servers of businesses and breach their databases.

The most common database security vulnerabilities include:

Deployment failure: This is the most common cause of database vulnerability. Even though every database, at the point of creation, is tested for functionality and proper working; it is often not analyzed or checked for deployment failure.
SQL injections: When the database fails to filter the inputs, hackers can execute SQL injections that allow them to raise privileges and get hold of a wide range of information.
Blank, weak and default password: It can be a tough task to keep records of all the passwords in an organization that manages many hundreds of databases. However by removing blank, weak and default passwords organizations can take the first step in securing their database system.
Data leaks: Database is considered as a backbone of an organization and should be protected from the threats that arise from the internet. This makes it important to use TLS or SSL encrypted platforms for communication.
Stolen backups: External hackers are always a threat but there might be some individuals inside the organization too that can be a threat to information and data stored in servers. Therefore, businesses should think about encoding archives to reduce the risk of an insider attack on the database.
Misuse of database features: Businesses should uninstall or disable the packages that are not used. Apart from reducing the risk of attacks by hackers, it will also simplify patch management.
Buffer overflows: This is most commonly exploited by the attackers. It includes flooding of inputs with a lot more characters than required, for instance- adding 100 more characters for an input that expects SSN. Instances of buffer overflows should be addressed with appropriate measures.
Increased privileges: Database vulnerabilities also allow the hackers to get hold of important privileges and get permission to access administrator rights. It is important for administrators that they install patches and updates on time.
Hopscotch: In addition to buffer overflow, hackers try to find out a weakness in the system and use it as a leverage to attack and get into the database. This risk can be reduced by separating the systems and creating discrete accounts for each administrator.

By keeping these important tips in mind you can definitely protect your database system to a considerable extent.

We at Centex Technologies assist companies to identify vulnerabilities in their database systems and provide security solutions for the same. For more information, call us at – (855) 375-9654.

Facebook Security Tips

By centexitguy

On October 10, 2014

In Security

October 10, 2014

Besides being the most admired place for social networking, Facebook is a website where people share most of their personal information such as photos, likes, habits, places they visited and even the place they are at the present moment. Therefore, it is extremely important to keep your Facebook account secure in order to prevent any misuse/ account hacking.

Here are some tips to keep your Facebook account secure:

Create a strong password: Although it is the most basic advice to be given, but most people do not always follow it. Not just for Facebook, it is advised to keep a strong password for all the websites you use. Avoid using simple password like names, date of births, and successive alphabets or numbers. Instead, use a combination of uppercase and lowercase letters, numbers and symbols to make it bit complex. To change your existing password, click on Account Settings> General> Password

Customize your privacy settings: You would not want everyone to view your personal stuff that you or your friends post on Facebook. In order to restrict people, you should choose appropriate privacy settings for your account. For that, you need to click on the padlock icon on the extreme right in the top toolbar, click on ‘Who can see my stuff’ and choose your preference from the drop down menu. It is recommended to you limit your privacy to ‘friends’ or ‘friends of friends.’

Confirm Mobile Number: This will help you to reactivate your Facebook account in case you forget your password. To enter your mobile number, go to Account Settings> Mobile> Add a Phone. After this, you will receive a confirmation code on your mobile which you have to enter in the given column. Now, you have your mobile phone registered with Facebook.

Setup login notifications: You can set up notification alert if anyone tries to access your account from an unknown device. This is an easy way to prevent unauthorized use of your Facebook account. To do this, go to Account Settings > Security > Login Notifications. From here, you can choose either to receive an email or a text message notification for any unapproved login.

Always log out: Whether it is a public computer or a personal device, make it a habit to log out of your account after every session.

By putting these simple tips into practice, you can be assured of your Facebook account being safe and secure.

CloudAlloy Makes Docs In The Cloud More Secure By Breaking Them Into Pieces

By centexitguy

On September 17, 2014

In Security, Tech Buzz

September 17, 2014

A major concern for most companies, while putting their important documents in the cloud, is their security. Storing important documents without enough security can lead to a breach and loss of important information. CloudAlloy, one of the companies who exhibited at the Disrupt SF 2014 Startup Alley, follows a simple concept of breaking your documents into small pieces, spreading them across the cloud and getting them back again whenever you need them.

The creator of CloudAlloy, Vinay Purohit, reveals the details behind the whole process. The software just splits any documents into small bits, puts them into codes and deciphers them back for you. He further adds that by splitting the documents into different pieces, it becomes extremely difficult for hackers to put them together. Thus, in his words, “the encryption makes it bullet proof”. Whenever you request for the document, all broken pieces are decoded and combined together without any adjournment. In fact, Vinay insists that it would be faster than calling the whole document in a customary scenario of content retrieval. Also there is no need to worry even in the case of a service drop as they save some additional information along with each bit they allocate to the cloud and are still able to get it back even if the service stops working.

As of now, the service is compatible with Google, HP, Microsoft and Amazon S3, but the company is willing to work with a large enterprise if they want to avail their service. Vinay says that a person can also merge the local storage in the data center as well as the open cloud data in a hybrid model. It usually requires a minimum of 2 services however, you can also do this with a single service while considering on layering more services at a later time. The more services you use; more will be the level of security.

CloudAlloy is a very simple mean to certify security in the cloud. It does not require any complex inputs from the user or a huge IT involvement. You just have to subscribe to the service and as you store your docs in the cloud, it will break them into segments and provide the companies with a simple yet competent way to ensure content security.

Online Security Tips For Youngsters

By centexitguy

On September 10, 2014

In Networking, Security

September 10, 2014

Internet has provided various means for youngsters to connect, share, explore and socialize with other individuals instantly. Social networking and social media sharing have become an important part of their daily lives. This has not only provided them ability to interact instantly but has also made them vulnerable and easy target for cyber criminals and hackers. Here we have jotted few security tips for younger generation that will help them to be safe and enjoy the social buzz to the most.

Keep computer system updated: Software companies keep updating their products to address potential online threats. Therefore, computer systems should be regularly updated whenever updates are available or it should be configured to automatically update itself.

Enable Firewall: Firewall acts as a security layer between the computer and internet. It helps to keep hackers away from accessing personal information, stealing identity or destroying files from the computer.

Create strong passwords: Passwords for all online accounts should be strong enough and should contain letters, numbers and symbols. Users should also refrain from using same password on multiple sites.

Only use secure websites: While making online purchases, make sure the credit card credentials are processed through a secure connection, known as SSL (Secure Sockets Layer). For this you can check for https:// (“s” in end of http means the page is SSL protected) in the URL of the page. Also it is advisable not to use public computers for any kind of banking activities.

Securing Wi-Fi hotspots: Before using free Wi-Fi hotspots, users should verify that it is a secure connection. Using Virtual Private Networks provides a layer of security by routing data to a separate and secure network when using public connection.

Protect against malicious software: Software programs downloaded from unsecure websites are designed to track user’s login details, monitor online activity and transmit confidential information. Software programs should be downloaded only from safe and familiar websites. Anti-Spyware, Anti-Virus and other security software should be installed that detects the presence of bots and viruses in the computer system, thereby helping keep the computer system clean.

Be Social Media smart: Social networking sites let youngsters connect with friends, relatives or family members. However, friend requests should be filtered and only people who are known should be added into the inner circle. Also be selective in sharing information with Apps on social networks.

Not answering phishing mails: Chain mails claiming to be from a bank or individuals asking for bank details should never be answered. These are spam mails and should be immediately deleted.

Online security is an important issue; therefore one must stay vigilant while using the internet. These preventive steps can help to keep information safe and also provide a sense of security while browsing the internet.