888.4.NATNET
Facebook Twitter LinkIn Blog Instagram YouTube Google Plus

Monthly Archives: August 2015

31
Aug
2015

Cyberwars May Soon Lead to Sanction Wars Between The USA and China

by Bill

According to a new report from the Washington Post, the Obama administration is developing a package of unprecedented economic sanctions against Chinese companies and individuals that benefit from ‘cybertheft’ of valuable U.S. trade secrets. Some rumors suggest the new sanctions may even become public sometime in the next couple weeks, just in time for an important visit from President Xi Jinping of China who is scheduled to arrive next month in Washington for the first state visit of his Presidency.

Officials have said that Chinese hackers may have stolen everything from nuclear power plant designs to search engine source code and confidential negotiating positions of energy companies throughout their sustained and effective campaign of cyber-warfare. A set of sanctions would be a significant increase in the intensity of the American administration’s public response to cyber espionage and economic theft that is routinely committed by Chinese hackers that are understood to be performing these tasks with authorization of their government.

If enacted, these new cyber-sanctions would mark the first use of the executive that established the authority to freeze financial and property assets of, and bar commercial transactions with, individuals and entities overseas who engage in destructive attacks or commercial espionage in cyberspaceorder which President Obama signed by President Obama in April of 2015.

A senior administration official told the Washington Post “As the president said when signing the executive order enabling the use of economic sanctions against malicious cyber actors, the administration is pursuing a comprehensive strategy to confront such actors. That strategy includes diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities that engage in certain significant, malicious cyber-enabled activities. The administration has taken and continues to introduce steps to protect our networks and our citizens in cyberspace, and we are assessing all of our options to respond to these threats in a manner and timeframe of our choosing.”

Last month, the FBI said that on a global level, economic espionage cases surged 53% in the past year, and that China accounted for most of that – so the motivation for sanctions is clear, but the reactions possible still make enacting any new sanctions a difficult move at best.

If sanctions are imposed, “I’d say the chances of Chinese retaliation are high,” said Jeffrey A. Bader, Obama’s principal adviser on Asia from 2009 to 2011. But, he also added that “if a Chinese company was a beneficiary of stolen intellectual property from an American company, and the evidence is clear cut, then actions or sanctions against that Chinese company strike me as appropriate.”

With the Chinese economy faltering and so much US Debt in the hands of Chinese investors, the complexity of international relations, timing of these events and massive stakes on the line are creating a political challenge of monumental significance. It is also starting to show that the eventual solution to piracy and cyber security concerns is likely to be as political or legislative as technological.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
21
Aug
2015

Data Security Continues to Emerge As A Leading Consumer Trigger Point

by Bill

As the Internet and cloud computing become nearly ubiquitous, so do recent strains of data security malfeasance and intrusions by unscrupulous hackers. These days, data security is quickly becoming a make or break element of any online sales pitch, recurring revenue stream and more.

In just the last few months alone we have seen widely reported stories of: Lifelock being investigated by the Federal Trade Commission for failing to put proper data security protocols in place, a massive data hack of the Office of Personnel Management that may have included the personal information from as many as 18 million people, and a hack of Ashley Madison (a website advertising itself as a place to find an affair online) that may include as many as 30 Million user profiles.

Given the widespread loss of private data, in conjunction with recent credit card data hacks that have impacted the security of large retailers like Target and HomeDepot along with the government sponsored privacy intrusions made public by Edward Snowden – having any level of data privacy is becoming an increasingly significant concern for many consumers.

A recent Pew Internet report found that: “93% of adults say that being in control of who can get information about them is important; 74% feel this is “very important,” while 19% say it is “somewhat important. 90% say that controlling what information is collected about them is important—65% think it is “very important” and 25% say it is “somewhat important. At the same time, Americans also value having the ability to share confidential matters with another trusted person. Nine-in-ten (93%) adults say this ability is important to them, with 72% saying it is “very important” and 21% saying it is “somewhat important.”

In the face of so much proof that data is currently hackable, even when backed by government agencies, huge corporations, million dollar guarantees or mega-corporation IT departments – it becomes increasingly clear that consumer experience will either need to change the expectations of the marketplace, or will have a negative impact on the bottom line of many companies both online and offline as well.

Some have argued for harsher penalties against hackers, others dream of instituting new protocols that are harder to hack, and some seem resigned to the notion that the public should simple accept the fact that modern world conveniences come with an inherent loss of data security. The most likely outcome will be some combination of all three premises, with a long period of transition along the way toward any meaningful resolution.

In the meantime, companies are already taking smart steps to market their brands by adding trust seals from companies like WebsiteSecure.org, TrustE and Verisign. While adding highly visible support with live chat windows, toll free call centers and more. Now more than ever, showing your customers that their security matters to you and that you are doing all you can, even though it is confined within the limits of what is possible, is an essential part of maximizing your revenue and their satisfaction.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
13
Aug
2015

Attackers Hijacking Critical Cisco Network Gear?

by Bill

Cisco Systems is now officially warning customers about attacks that have hijacked critical networking gear by swapping out the valid ROMMON firmware image with a maliciously altered version using valid administrator credentials. The fact that the attackers use valid administrator credentials indicates that the attacks are being done by insiders or hackers who have obtained the necessary passwords required to update or change Cisco hardware.

ROMMON is the ROM Monitor, used for booting Cisco’s operating system, and it is frequently used by SysAdmins to configure tasks, recover lost passwords, download software, and alter the router settings and more.

The CISCO advisory states: “In all cases seen by Cisco, attackers accessed the devices using valid administrative credentials and then used the ROMMON field upgrade process to install a malicious ROMMON. Once the malicious ROMMON was installed and the IOS device was rebooted, the attacker was able to manipulate device behavior. Utilizing a malicious ROMMON provides attackers an additional advantage because infection will persist through a reboot.”

So, while the IT industry is buzzing over this news, in reality no product vulnerability is being used because an attacker requires valid admin credentials or physical access to the system. That essentially means that the attacker could just as easily bring these systems to their knees by pouring hot pots of coffee over the active servers or deleting all files on them because they are doing these things after gaining access via stolen passwords or physical intrusions.

For that reason, we view this news as a useful reminder of the importance of maintaining password security and properly securing all sensitive IT gear from intrusion. National Net continues to utilize state of the art password encryption methods and security best practices to limit access to all servers under our supervision to only those people who should have access, and to limit the access of each person with access to include only the functionality their tasks require. At the end of the day, server security is as much about not spilling coffee on your hardware or handing out your passwords as it is about updating firmware and heeding Cisco warnings.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
10
Aug
2015

Security Tips All 67 Million Windows 10 Users Should Know

by Bill

Windows 10Windows 10 is quickly becoming one of the most ubiquitous operating systems in computing history with 67 Million users and counting already. The OS has some privacy and user tracking functions that some security experts are concerned about and Wired Magazine recently did a feature article on the important settings changes all Windows 10 users ought to consider making immediately.

Hit Start, find Settings and then click Privacy. From the Privacy menu you can control the way your computer uses information from your location, microphone, camera, etc. You can also choose to set the Feedback & Diagnostics system to “never” and the Diagnostic and Usage Data to “basic.” Doing this will helps prevent Microsoft from gathering some information about you, though it is not yet entirely clear exactly which information is saved or discarded.

The Edge web browser included in Windows 10 sends your entire Internet browsing history to Microsoft. This is done to “help Cortana personalize your experience” according to Microsoft. To disable this feature: click on the ellipsis button in the top right corner of Edge, then go to Settings > Advanced Settings > View Advanced Settings, and in the Privacy and Services section turn off Have Cortana Assist Me in Microsoft Edge.

Another potential privacy trap is that Windows 10 prompts you by default to create a Microsoft Account. By opting not to create an account you can keep your activity and information local on your computer. Having an account creates a constant link for Microsoft to use while piecing your metadata together as it gathers it all back to assemble an image of your digital identity.

As operating systems and other software become increasingly complex and intrusive, many users are willing to give up a great deal of privacy for the many conveniences that these new services enable. Whether you choose to be open or closed to those services is all up to you, but Microsoft and others should definitely do a much better job of ensuring that the choices you make are fully informed decisions rather than breeze-through accidental or unknowing checkbox clicks that many consumers hardly notice along the way during installations or upgrades.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
NationalNet, Inc., Internet - Web Hosting, Marietta, GA
Apache Linux MySQL Cisco CPanel Intel Wowza