Jacques Erasmus, CTO at Prevx, an internet security vendor headquartered in the U.K., discovered a site where a trojan is uploading FTP login credentials from more than 74,000 websites. Among the affected FTP login data are major corporations including Bank of America, BBC, Amazon, Symantec and McAfee. The trojan, a variant of Zbot, main purpose is to harvest stored FTP login credentials to send them to servers located in China. According to Erasmus, the final purpose of this attack is to get access to websites source codes injecting evil Iframe that would spread the malware further. The Zbot trojan has been in use for some time to carry on different types of illegal and also remunerative activities: installing spyware and adwares and
phishing emails mainly.

One of these methods involves using anonymous proxies, lots of people think that finding a free online anonymous proxy and surfing through that will make you secure. Well I’m afraid the opposite is generally the truth, many of these servers are run by identity thieves across the world, it’s an easy way to steal account names by having people send them directly to you.

So let me just clarify a couple of points and if you wish you can investigate further. From the moment you fire up your browser, your privacy is at risk.

1) When you type in a web address in your browser, it is instantly sent out in clear text. The first place it is logged is in your ISP where you’ll find the most complete list of someone’s online activity.

2) The web site you visit also logs your IP address before sending you the information.

3) The vast majority of all your internet traffic is vulnerable throughout their journey, remember it’s virtually all clear text.

So anyway if you’ve already found a free, fast proxy I suggest you be very careful about using it, find out who runs it and more importantly why are they funding the large bills for free!

Anyway the solution to proper anonymity and protecting your data online can be summarised in one word – encryption. Without encryption anybody can get access to what you do online. A trusted secure proxy and full encryption is the only real option for protection.

You can achieve this in a variety of ways, if you have the technical knowledge you can do it yourself for a small cost. Check out the TOR and SSLTunnel projects for a start, combining these with your own proxy would be a very good start. There are some commercial options – though make sure you pick a professional service. Don’t end up using some badly set up VPN service, run by a teenager off a cheap shared web hosting plan.

Good luck in your search for privacy, if you’re interested here’s a free demo of the service I use,

demo here

A great way of doing this is to keep the file password protected. This will only allows specific users to have access to the files and the database. It can keep people out of the information that you do not want them to see. You can also install various anti-virus and anti-spyware software on your computer. Fire walls are another excellent tool that you can use to prevent anyone getting access to your personal information.

There are always new updates and downloads available that you can get to keep your security software programs safe and protected. It is important to stay up to date with any of the new features that you can download to help improve the level of security. Using firewalls and by protecting your databases, you can be your databases safe. Fire walls can be used in software and in hardware and even both. They are usually used to help prevent unauthorized users from being able to access private information and networks that are connected to the Internet. Fire walls are commonly used in companies that are protecting the privacy of information being passed from one user to another, or through the Internet. Fire walls are set up to filter every message and communication that passes through the system.

If you have information that you need to keep protected and need to have security features intact for allowing only certain users to have access to view, change or delete files in your database security system, you need to have the right tools to defend your computer. If you are not sure if you have the right amount of security and protection to keep your entire information safe, you may want to verify that you have anti-virus software installed. Not only is it important to have anti-virus software installed on your computer, you also need to make sure that it is up to date and turned on for full security.

Security is a big concern for both corporations and small companies. More and more research and development is going into new ways to help keep computers protected and to keep everyone’s personal and financial information secure and prevent others from gaining access to the files.

Article created by Jake Ruston.

Practically anyone who uses a computer, camera, cell phone or other electronic devices will at some point lose data. This can be caused by accidentally deleting files, acquiring a virus, or experiencing hardware or software breakdowns and malfunctions. When this occurs the first thing you will want to do is recover lost data from your computer or other device.

You need to realize when you first lose your photos, music, text documents or other types of data that this loss may be temporary and the information could very well still be available to access on your computer or other type of device. Recover lost data help is available. Data recovery software and data recovery specialists are the two main ways you can get the help you need to recover your lost data.

One thing you need to avoid doing when you lose data is to keep storing new information on your computer or other electronic device. This new data may end up overwriting the old information and make data recovery harder. Therefore it is very important to attempt to recover lost data as soon as you can.

When it comes to data recovery software, there are both paid and free versions available to help you recover lost data. The software is easy to require and you can download it from online. Once the software is installed on your computer or device it will attempt to recover your lost data.

If data was deleted by accident from a computer or electronic device, the data can probably be retrieved with data recovery software. However, if there was a more serious problem such as hard drive error you will probably need professional help. To recover lost data you can contact a computer repair service or data recovery specialist.

Another possible way you can lose data is from contracting a virus on your computer or electronic device. If this happens you may be able to use software to fix the problem. If this is not effective you will need to have your computer examined by an expert.

Some data loss problems are easy to solve. Many computer and electronic device users can just obtain software and fix the problem themselves. Other problems, however, are more serious and complex and may need a data recovery specialist to restore the data.

The main thing to keep in mind is to not panic and realize that there are solutions available to help when you lose data off your computer or other device. Research your options and work to solve the problem quickly in order to give yourself a better chance of recovering your information. There are recover lost data solutions available to you if you act quickly.

Hackers have found ways to infiltrate internal networks via those web applications that most of the times are insecurely coded and are full of vulnerabilities. Attacks and exploits range from code injections, sql injection, cross site scripting (XSS) etc. Via those exploits, attackers can steal sensitive information from the databases on the back of the web-apps, or even manage to gain shell access on the database or web server itself. Gaining shell access allows the attacker to create a “pivot-point” from where he can execute further attacks to get deeper into the network.

The following are some important suggestions to follow for hardening your web applications:
 

1. First and most important is to adopt secure coding. Your software developers or the vendor from where you purchased the web application or whoever designed and coded your website, must have implemented security inside the code itself. Some examples include the filtering of input data in web forms (to block sql injections or XSS), the avoidance of buffer overflows, the avoidance of remote file injection and local file injection etc.
2. Don’t allow the web server to communicate with the database as an administrator user (sa).
3. Don’t run the webserver or the database server with administrator priviledges.
4. Configure engress firewall filtering in order to prohibit the database from communicating with the outside world.
5. Remove command execution (e.g xp_cmdshell) capability on the database.
6. And ofcourse harden all software and applications with latest patches.
7. Implement host intrusion detection and log monitoring.

 Those are some of the most important steps you need  to take to enhance the security of your web-apps and backend databases.

It affects hundreds of millions of us each day while we are blissfully unaware.

Today’s high-tech world is drowning in data but is starved for knowledge. Data mining is the search for significant patterns and trends. It’s also been called the poor stepchild to statistcial analysis.

By this point in time, you’ve probably heard a good deal about internet security — the database industry’s latest buzzword. What’s this trend all about? To use a simple analogy, it’s finding the proverbial needle in the haystack. In this case, the needle is that single piece of intelligence your business needs and the haystack is the large data warehouse you’ve built up over a long period of time.

To give you an example you go to your local supermarket to buy food and you use your store card for discounts and fast checkout. It give the store a record of how often you shop, what foods you like and at what prices in this case it’s a win-win situation. This continues thoughout your day as you bank go to the mall, gas station, and so on.

However information is increasingly collected without your knowledge or consent. “Black Boxes” the size of cigarette packs have been installed in 40 million vehicles to monitor speed, seat belt use, and more. Only 5 states at the present time require that the buyer be made aware of this fact.

The trade-off is somone has a record of when and where you drive,what you eat, what over the counter medications you buy,whether you smoke or not,where you fly and with whom, what you like to read and watch and spend money on.

Any one item is not invasive but when birth certificates, credit histories, real estate deeds, military records, and insurance claims are pulled together it paints a very intimate picture. Add to the mix that the average person is seen by surveillance cameras 75X a day.

In the past decade an explosion of technology has taken place and the insatiable appetite of marketers for personal finance information about consumers has made data collection less voluntary and more worrisome.

Data mining is big business. Companies vacuum up data from public and private records, aggravate it analyze it and sell it to buyers ranging from private companies to the CIA. If an error exists there is no knowledge on your part thus it can’t be fixed.

Data thefts are on the rise included are banks, credit card companies, and the biggest of the data brokers Choicepoint.

When their records were breach they left millions of people vulnerable to identity theft.

In closing technology is here to stay and we love convenience but we must be aware and remain vigilant. Also it’s time for Congress to step up and do their job to create a basic bill of rights for all information. This will provide us with much needed protection.

Read important suggestions to free website traffic – this is your personal guide.

The only problem was that the mother was not aware of parental control software like Net Nanny or Norton Internet Security, which also cost some money. Before you decide to block some addresses (something that the children will be opposed), try a few other things:

First of all, educate your children and tell them about the dangers that exist when they share information with strangers. Family members should discuss the security and confidentiality of data in the web. You can place the computer in an area where you can easily check the screen to get an idea of what your children do and which sites they visit frequently. Furthermore, Orkut is a social network which means that one can easily see what friends your children have and what data is exchanged.

Finally, to block specific sites on your child’s computer with Windows without paying any money, follow the procedure below.

* Start – Run
* Enter notepad c: \ windows \ system32 \ drivers \ etc \ hosts
* Go to last line and add:

127.0.0.1 orkut.com
127.0.0.1 facebook.com
127.0.0.1 myspace.com

* Save the file and quit notepad

You can block any site you want with this technique. If you want later to unblock a certain site, simply remove the appropriate line with the same procedure. You should know however that usually your children are very smart and they will find out about the above technique sooner or later. So maybe a parental control software might be more appropriate.

Affected:Adobe Acrobat Standard 8.1.3 and prior
Adobe Acrobat Standard 7.0.8 and prior
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1 and prior
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader (UNIX) 7.0.1 and prior
Adobe Acrobat Reader 8.1.3 and prior
Adobe Acrobat Reader 7.0.9 and prior
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1 and prior
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.3 and prior
Adobe Acrobat Professional 7.0.9 and prior
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.1 and prior
Adobe Acrobat Professional 7.1
Adobe Acrobat 7.0.3 and prior

Description:

Graphics Device Interface (GDI) is an application programming interface by Microsoft Windows. It’s a core operating system component responsible for representing graphical objects. Microsoft Windows GDI has integer overflow vulnerability in gdiplus.dll while processing Enhanced Metafile (EMF) files. Possible vectors to exploit the flaw are: (a) Create a webpage containing a malicious WMF or EMF image file, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted EMF image file attachment and convincing the user to view it or (c) embedding the malicious image file in an Office document and convincing the user to open it. Successful exploitation might lead to code execution or denial-of-service. Technical details about the vulnerability are publicly available.

Affected versions:

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
Microsoft Office XP SP2 and prior

In symmetric cryptography, the same encryption key is used for encoding and decoding of a message. Therefore the key must be known to both the sender and the recipient. However, this requires a secure means for transmission and the only way to achieve this is to have a private meeting of the sender and the recipient where it is agreed what key will be used. If this is not feasible, symmetric cryptography is not recommended. A well known symmetric encryption algorithm is the Data Encryption Standard (DES or 3DES), which was developed by IBM and then adopted in 1977 by the U.S. Government as the standard encryption algorithm for important information.

On the other hand, in asymmetric cryptography two keys are used, one for encryption and another for decryption. Lets look at this case with an example using RSA asymmetric cryptography. Assume one party wants to accept a message from another party. Then from the side of the receiver, two keys are generated, a public and a private key, which uniquely correlate with each other. (ie for each private key there is only one public key). The receiver gives the sender the public key (which can be seen by anyone). Then the sender encrypts the message with this key and sends it to the recipient. During transport, the message can be seen by anyone but it can not be decrypted (at least regarding the RSA algorithm for which we discuss below). When the receiver gets the encrypted message, he can decrypt the message with his private key.

You must be asking now how this happens, that is, how an encrypted message created by the public key can not be deciphered with the same key that was created. This is the «magic» of mathematics in which there is not always a reverse process, or if there is, it can not be achieved by mathematical analytical methods. As we said before there is a correlation between public and private key. If you found this correlation then you can brake the encryption.

The RSA encryption method was proposed in 1977 by leading mathematicians Rivest, Shamir and Adleman, from where it took its name. The philosophy of this algorithm is what mentioned above and its security strength is based on the complexity of numbers. We will not mention how it operates exactly but we will give a very simple example to understand why its such a safe encryption method.

Assume you are given a number, 133. Can you find two numbers (except 1 and the same number), which when multiplied will give us 133? An analytical formula certainly does not exist (at least not for all the numbers), ie there is no formula to accept as input number 133 or 1,3,3 or any other relevant number and output a result. The only way to find these numbers is by trial and error, i.e to begin with numbers 2,3,4 … until we find exactly what divides 133 (to be precise we should look at numbers 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41 ..- prime numbers). After testing you will find that 7 divides exactly 133: 133 / 7 = 19, so the solution is the pair (7, 19).

Imagine now the number is not just 3 digits, like 133, … but 1000 digits! The time needed to find two numbers that when multiplied will give this 1000 digit number will increase dramatically. The RSA method is based on the inability of a system to analyze any such large numbers at a reasonable time.

As you will understand the higher the figure the more time you need to analyze this number to two factors (which are prime numbers). If one could calculate such numbers in a short time (and not a few years!), you could find the private key through the public key in order to decode the encrypted messages.