Security Professionals Alert Users on New Malware Campaign

Recently, security researchers at Internet security firm Sophos identified a new malware campaign, which targets Facebook users. Attackers are purportedly sending e-mails, which appear to recipients as arriving from Facebook. The e-mail includes a well-crafted message, which advises the recipients to download a PDF attachment containing new password for their Facebook account as the currently used password is not safe. The malicious e-mail comes with different subject lines such as "your password has been changed", "the new password to your account", "personal data has been changed". The above sentence is preceded by the word, "Facebook" or "Facebook Support". The sentence is followed by an ID Number. The e-mails are not personalized. According to security researchers at Sophos, the e-mails claim toarrivefrommessage@,password@facebook.comorsupport@. Users must be wary of such e-mails as the companies are unlikely to change the passwords on their own and they will not send a PDF attachment. Further, genuine e-mails are more likely to be personalized.

Attackers may spoof e-mails or change the header to make the user believe that e-mails are arriving from a legitimate source. Users can direct visit the legitimate website and check whether they are able to log on with their existing passwords. Users may report such fraudulent e-mails to the targeted company and security response teams. Recipients who download the attachment may inadvertently infect their computers with Mal/Zbot-AV as identified by Sophos. Mal/Zbot-AV is a Fake AV downloader, which installs malware in several locations on the computer system. Internet security awareness is crucial to deal with consistent, well designed and sophisticated threats from cybercriminals. Users may gain insights on safe online computing practices through online IT courses and following security blogs, and updates from software developers. Internet users must install, update and regularly scan their computer systems with anti-virus and anti-malware software. They must avoid clicking on suspicious links and downloading e-mail attachments received from suspicious sources. They must use genuine software, adhere to security advisories and update software programs to safeguard their computer systems. The popularity of social media sites such as Facebook and Twitter makes them vulnerable to cyber threats.

Attackers constantly target users of social media sites through fraudulent schemes. Attackers tempt users to click on link or download attachments containing malware. The malware may be designed to delete, modify or extract files from the compromised computes. In the recent times, Facebook users have been targeted with various game, survey and event scams. Some of the scams seek access for rogue applications on Facebook account of a user. Once allowed access, the scams attempt to target people listed in the Friends list of the user. Vibrant online threats make it inevitable for security professionals to remain alert and regularly update their technical know-how by attending webinars, conferences and undertaking online IT degree programs. Professionals qualified in IT degree programs and security certifications may help developers in proactively devising new security mechanisms. Social media sites must work with Internet security firms to identify and alert users against spam and malware-ridden e-mail attachments.

World Of Insecure Browsing

If you are surfing the web through a browser that isn't up to date then you fall under the pool of those 40% internet surfers who are more prone to malicious attack. Almost 59% people use the latest version of their internet browsers and they are safer compared to the above mentioned 40%. The numbers are disturbingly high for anyone working in IT security.

These figures are revealed as the result of a comprehensive study conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM Internet Security Services. The researchers performed their analysis using Google's database of user information. The data between January 2007 and June 2008 was gathered for the analysis.

It was found during the research that although software vendors provide patches for security problems, users take days, weeks or months for updating their applications. However it was concluded that it's not solely the fault of users since the vendors haven't exactly made patching easy. Mozilla's Firefox was declared the best due to its auto-update feature, which tells users about the availability of a new patch and offers a one-click way to upgrade. According to the study, most Firefox users are up to date within three days. The updating features and installation wasn't found quick and easy for other browsers, such as Opera and Safari.

Who stays where?
IE7 is the oldest browser taken in the study but only 52.5 percent of the users surfing the web with Internet Explorer were using IE7. In spite of Microsoft's repeated and emphatic pleas to upgrade, 47.5 % IE users were still presumably using IE6. Firefox users were considered the best in upgrading, with 92.2 percent of Firefox users now using version 2 (Firefox 3.0 was not taken into account since the data gathered was between January 2007 and June 2008). 90.1 % of Opera users were using Opera 9 while 70.2 % of all Safari users currently running Safari 3.

Threats and recommendations
Web browsers are considered a weak link in the IT security chain. It becomes easy for hackers to gain control of a personal computer due to the software vulnerabilities. In the cases of hacking, hackers can perform malicious acts such as stealing personal data or turning PCs into spam-spewing drones.

The group suggested that auto-updates are a very good thing, and recommended that the feature be included in all browsers. The study recommended that corporate businesses should adopt URL Filters, or filters designed to prevent company employees from even touching websites carrying malicious content. One interesting recommendation is that the software industry follow the same type of labeling system as used by the food industry. If adopted, web browsers would be dated with a "Best before" label, and would automatically flag the user when the browser "expired."

Introduction to Physical Security Information Management

The security of an enterprise largely depends on systems of surveillance (Video management systems) and systems of control (Access control Systems). Physical Security information Management connects separate VMS and ACS into a single and unified security information management platform and providing intelligence inputs to concerned personnel. Here are a few other facts about PSIM: Ability The PSIM integrates security information as passed on to it from various control points occupied by VMS and ACS. It also integrates the various IT and security processes that governs the management of data of the organization. Therefore, it is an integration of security, technology and data of the organization. After integration of relevant security information, the system is brought online and it analyzes data and correlates different events and alarms to identify the situation and the priority. For example, the system may define a break in by receiving data from various access controls and sensor analysis and prioritize it over someone accessing his human factor is then brought in when the PSIM presents its findings to the operator for confirmation or rejection. Once confirmed, it directs the necessary action by following organizational policies as outlined in its software and then consolidates its processes for further investigation at a later stage. The speed and improved decision making ability has been PSIM's USP.

Situation awareness PSIM prompts better situation awareness that realizes better business and security decisions. Unifying its surveillance wings and making sense out of the considerable amount of security information that can be derived out of it reducing response times. Managing "the situation" is much more sophisticated than managing "a situation". "A situation in which a person accesses a hallway" is much different from "the situation in which a person accesses a restricted hallway without proper authorization and accesses a secured vault." This involves correlation of the security information passed on by motion detectors, access control points, video surveillance and the like. Advantage over present security systems Companies look to combine their existing security systems with more efficient brands of security systems, which fall into the bracket of PSIM's customer centric method of operation.

Vendor independence: Most VMS and ACS vendors follow a closed architecture meaning that if someone wishes to integrate them, they will have to do it on their own.Migration: PSIM systems allow for migration from one technology to another without hassle. It is common for organizations to migrate from older to newer technologies over a period of time.Powerful authentication systems: A consistent level of security across the board is maintained through out the organization regardless of the operator, system or user.Process guidance: the PSIM's inherent property to guide operators through the various systems setup according to company and regulatory policies ensure that responses are predetermined and in accordance with its programming. By 2014, the business opportunity for PSIM platforms would be worth nearly $200 million although it is stated that if other revenues such as maintenance, designs and consulting are considered, it could exceed $1 billion.

Cloud Computing Security Tips For Small Businesses – What You Must Know

As a business grows their data storage needs grow. Backups of business information for disaster recovery are essential and, storage of backups off site can be challenging for small business. With cloud computing, organizations can monitor current needs and make on-the-fly adjustments to increase or decrease capacity, accommodating spikes in demand without paying for unused capacity during slower times. Cloud computing represents system reliability, especially for small businesses with aging computers and data stored on hard drives. As it doesn't mean that security and reliability can be taken for granted, it is necessary to a small business in the company in the cloud with careful due diligence and planning. ??? Identify and Assign Value to Assets Assets could be include applications, data, including private customer information; or infrastructure such as hosted servers and operating systems.

While not all cloud providers are the same, it is best to assign a value to your assets, to decide the level of security that is necessary. ??? Assess Your Liabilities One of the biggest cloud security concerns is the risk of breaches resulting in loss or theft of sensitive private data. If the information leaked is proprietary only to your company, liability is not a concern. But it is important to know where responsibility lies if information goes missing. ??? Compliance Requirements In certain industries like banking and healthcare, there are specific regulations for the handling of electronic data. In some cases there may be restrictions to use cloud services as there may be a requirement to store data within the borders of your own country. ??? Inquire About Security and Reliability Certifications By considering only those providers with documented, verifiably sound security practices may eliminate some of the need to probe deeper. ??? Negotiate Service Levels and Exit Strategies Security in the cloud is not just about protecting data. It's also about ensuring your own business continuity.

Your ongoing operations may depend on being able to access a cloud service, and it is therefore important to understand the service levels and exit strategies It is also important to know about the types and levels of encryption the provider can offer to ensure that even if data is leaked it cannot be read. It is also prudent to know about the provider's business continuity provisions and what happens if its main data center is destroyed. Small businesses must know about the security monitoring and auditing processes, and what kind of reporting the provider does. Look for effective cloud computing services that can take all the worry out of maintaining the technology of a small business.

Safes: To Crack Or Not To Crack, That Is The Question!

We once purchased a safe from an estate sale, and promptly locked the combination inside (dumb, yes, but lets assume the fault lies with one of our children!). Two possible scenarios came to mind to access the contents of the safe: one was the scene from the The Apple Dumpling Gang (a movie we recently felt compelled to expose our kids to from our own childhood). I don't remember the details of the scene, but it ended with a large explosion, money flying everywhere, and no one injured - only a bit of soot on everyone's face. Though there was no disclaimer, the scene screamed at me ?DO NOT TRY THIS AT HOME!? My next thought was of The Italian Job and Charlize Theron. She had quite a touch in opening the most difficult safe under stressful situations successfully and without causing any damage to the safe. Hmmm? Not knowing Charlize personally, I decided to call my local locksmith to get his take on the situation. It turned out that he had seen this problem before and had quite a ?sensitive? ear for this type of thing.

So, when needing to access a safe, there is one simple question to ask: Do I need to keep the safe intact? Though it was not a realistic option for me, brute force is one of the methods for opening a safe. The other main safecracking methods involve either lock manipulation or manipulating a weak point on the safe (or as seen in popular media: drilling).

The best method to use is lock manipulation. How sweet would be the satisfaction to leave no sign of having ever been there! The safe owner comes in on Monday morning, opens his safe, and all the gold bars are missing. There are no indications of a break-in. Though you could leave a calling card inside the safe, something that says, ?Safe cracked courtesy of the Ghost? (or whatever cool name you come up with).

Surprisingly enough, the first way a safecracker will usually attempt to open a safe is to guess the combination. Manufactured safes often come with a manufacturer-set combination, which many people fail to reset. Most of these try-out combinations are industry standard and are accessible to locksmiths and safecrackers. With time being an issue, you might as well try the easiest thing first. If the try-out combination does not work, then a quick search of the room may reveal the combination. Often people leave their combination written down somewhere close by, sometimes even on the safe itself! Or, the owner uses easy to remember numbers, such as a birth date.

If no number is to be found or guessed correctly, then the safecracker must move on to more difficult options. To have to sit there with patience and your ear pressed up against the safe is probably the most pure form of safecracking among the professionals. It takes a great deal of skill and practice. For us non-safecracking people, it is the romantic and mysterious way to crack a safe. But it is also scientific. Harry C. Miller in 1940, described the following three-step process to discover the combination to a safe:

  1. Determine contact points
  2. Discover the number of wheels
  3. Graph your results
    I am not going into detail now on how this works, but lets just say that once the numbers are graphed, you just have to try the different possibilities to discover what order they go in to open the safe.

There are also autodialing machines to open safes. Auto-dialers try all the different numerical possibilities until the combination is discovered. This can be very time consuming, and are best used if the combination only has 3 digits.

Another method is to compromise a weak point on a safe by drilling. Drilling can be used to give the safecracker visual access to the locking mechanism. If they can see the mechanism, they can open the safe. Most manufactured safes have an ideal drill point and these are published by the manufacturer, though it is closely guarded information by manufacturers and locksmiths. More secure safes have relockers that are triggered by drilling. It is a piece of glass mounted between the safe door and the lock. When the drill hits the glass, spring-loaded bolts are released that block the retraction of the main locking bolt. Sometimes this can be avoided if it is possible to drill in from the side or back of the safe. Instead of trying to visually access the combination, two holes are drilled, one for a borescope to see what you are doing, the other for an extra-long screwdriver to remove the back plate and gain accesses to the lock. The screwdriver can then be used position the wheels of the lock so that the safe door can be opened.

Obviously, manufacturers try to combat safe manipulation methods. Besides relockers, different materials are used (such as cobalt) that are almost impossible to drill through. Special drill bits are needed and a lot of time.

Now, if noise is not an issue (you have been able to physically remove the safe to a remote location), then sometimes more physical methods can be used. This can include plasma cutters to cut through the safe, or explosives such as jam shots using nitroglycerin or C-4 to blow the door off the safe.

If you are a homeowner like me, I would suggest messing around with your ear pressed against the safe, just for the fun of it, and then calling a locksmith. Then you can watch the magic at work and wonder if you could ever do it!

Privacy Versus Security Enhancement

Where home security hardware is concerned, some of it constitutes real security hardware and some of it is simply designed to provide some privacy. Knowing the difference can help you improve your home security habits.

On your front door, if you've set things up correctly, you'll find a deadbolt, a kick plate and a locking door knob. In this situation, the deadbolt and kick plate are both security hardware. Together, they make it very difficult for anyone to open the door with a kick or a shoulder. The key-in-knob lock, however, is simply a privacy-enhancing device. If someone were to approach the house and simply try to open the door, the key-in-knob lock would let them know it's locked. If that person happened to be a thief and there was no deadbolt or kick plate in place, the key-in-knob lock would do essentially nothing to stop them from opening the door. This should serve to answer any questions about whether or not deadbolts are necessary.

Windows are privacy enhancing devices that can be transformed into legitimate security devices, given the right modifications. For instance, standard glass is not a security device. It will keep someone from entering your home by shattering the glass provided they're no stronger than a toddler. Adding laminate or tempered types of glass to a window, however, make it a much more formidable means of controlling access. A window that is reflective from the outside is a privacy enhancing device, obviously, as well as a security device as it keeps the contents of your home safe from prying eyes.

Screen doors are privacy devices. They allow a homeowner to, essentially, enjoy having their door wide open in the warmer months while still presenting a hindrance to anyone who would simply walk in uninvited. Remember that security value can be assessed, partially, on the difficulty of the obstacle it presents. A screen door that can be simply kicked in is no real obstacle. An iron door with screens added to it to allow it to function as a screen door, however, is a very real security device. Security is about making crime as difficult as possible.

When assessing home security, it's important to note where privacy devices have been used in place of legitimate security hardware. A shed or garage that has only a key in knob lock and flimsy glass windows is probably safe from anyone whose intentions are simply to be rude. If someone wants to steal your belongings, however, those devices will do little to discourage, or stop, them.

An alarm system is probably the device most accessible to homeowners that offers the greatest possible level of security. In any scenario, having a professionally installed alarm system makes it very difficult to break into a home undetected. They also work by taking simple privacy devices, such as windows, and outfitting them with monitors which has the effect of turning a privacy device into a security device in its own right.

Dynamic Security Services – Security Agencies In India

Dynamic personnel consultancy PVT Ltd. Helps in providing best security services in Mumbai. Dynamic personnel consultancy takes care of your entire security requirement through our security services like facilities management and property management. We provide trained security staff from security officers, body guards, lady searchers and security guards.

Dynamics security consultancy has over 10 years experience in serving the supreme security services to the wide range of customers in the private & public sectors. Our clients are ranging from large multinational organizations, banks, ATMs, factories, residences, shops, warehouses etc.

We also offer our customers flawless, innovative solutions developed from our extensive experience in Facility Management services. Our property management services include tasks like rent collections, maintenance, council and statute compliance.

Each of our services can be offered individually or they can be combined to create a bespoke product to suit your company's needs. As we have expertise to provide a complete security, property and facilities management service about office, industrial and retail properties.

Dynamic Security believes in a security system, which is primarily a combination of Man, Machine and Technology. We specialize in providing adequate security to personnel working in Industries, factory and offices against fire, outside influences and security to material.

You can also contact us, for getting more information about our firm and our services.

How to Hire a Private Investigator For Your Investigation?

An experienced and qualified detective agency understands the nature of your problem & issue and helps you according to it. There are lots of detective agencies in the market from which you can choose perfect and best one for your needs and can hire a Privatdetektiv for your investigation. There are various different reasons for which you can hire a private detective like personal matters, official matters, property issues and more. We all know that Switzerland is one of the biggest countries, which is most popular for banking as well as private detective agencies so you can easily hire a private detective agency. These days, the numbers of criminal are increasing and they are doing their work very effectively and leaving no proof so employing experienced and skilled investigator for your investigation is much important for you. Now, the modern investigators are using their special tactics and technologies like tapping devices, internet surveillance, GPS tracking, close circuit cameras and more products to do complete investigation. Whatever you reason is for hiring private detective agency in Switzerland but you can find various different agencies in Switzerland who have extra expertise in this field.

Now, these agencies are becoming more and more popular as they have advanced technologies which they are using while investigating. A good and knowledgeable Privat detektiv can handle all types of jobs that given by client. You can also get regular reports and updates related to your issues and problems. If you are thinking that hiring investigator is much expensive but you don't have to bother as they are charging by the hour, as per the day so you have to worry about rates. If you are looking for such agency that suits your needs then is completely best option for you that provide completely best service of investigation. You can hire any investigator as per your problem and issue. The A + A private detective agency offers best and high quality service as this agency has professional private investigator services for private and business customers. They understand your problem very clearly and bring complete solution in short period of time so hiring A + A private detective agency for your investigation is completely best option for you. So, what are you waiting for? If you want to hire Privat detektiv then explore this website and find best solution for your problem.