User accounts, passwords and an assortment of other sensitive information were stolen, and while the bulk of the information came from Adult Friend Finder, other parts of the FriendFinder Network were also impacted. Here’s how the numbers break down:

• Adult Friend Finder: 339.7 million records stolen
• Cams.com: 62.6 million records stolen
• Penthouse.com: 7 million records stolen
• Stripshow.com: 1.4 million records stolen
• iCams.com: 1 million records stolen

A small remainder of user accounts were taken from an unidentified website affiliated with the FriendFinder Network.

This is the second time in two years that the FriendFinder Network has been breached, but last time, the scope and scale was fairly limited with a few million records being impacted. The incident is still under investigation, and it is not known at this time whether this breach and the last one are related. If so, the first breach could fairly be described as having been a trial run, but at this point, it’s too soon to say for certain.

The vulnerability used to gain access to the system has been identified and corrected, but this incident ranks as one of the largest of all time in terms of records compromised. It is even larger than the MySpace breach, which saw more than 360 million user records compromised.

Needless to say, if you use any part of the FriendFinder Network, now is the time to change your password. If you’re in the habit of using the same password across multiple websites, and if, for example, your FriendFinder Network password is the same as the password you use to access your banking information, you could be in serious trouble.

Used with permission from Article Aggregator

It gives your users an automatic way to sign onto your site, meaning that they don’t have yet another password to keep track of. That’s win-win, right?

It would be, except for the fact that the technology is often misused or incorrectly applied, leaving the door open for the hackers, and making it easy to intercept password information. If that happens, the convenience of using Facebook or Google’s sign-in API works against you.

Security professionals have been shouting from the mountain tops for months about how dangerous it is to use the same password across multiple accounts. While it takes on a slightly different form, that’s exactly what a Google/Facebook sign in is, and once the hackers have your Facebook password, they can get into a number of other sites you use.

The attack is accomplished via a “man in the middle” approach that allows hackers to sign into a victim’s app using their own credentials.

Once logged in, the hackers can make use of any site the user logs onto via Facebook or Google. If you’ve linked your banking information to those sites, then the hackers will have access to those accounts. They can go shopping, book a vacation and basically do anything you would normally do when you sign onto those sites legitimately.

In a recent survey of the top 600 US and Chinese mobile aps, it was found that more than 40% (41.2%) can easily be compromised in just this fashion.

The level of exposure is staggering. This could impact more than a billion mobile devices, worldwide.

If you make use of Facebook and/or Google’s sign-in API in the conduct of your business, it’s time to do a review. You may be putting your clients at risk without realizing it.

Used with permission from Article Aggregator

A recent TrendMicro survey of Apple Apps offered by third party marketplaces has discovered that the ecosystem is infested with a variety of malware.

The most common method of infection is spoofing Bundle IDs. Hackers can make fake copies of popular apps, inject whatever malicious code they want, give them a Bundle ID that will pass iOS inspection, and ride the wave of app popularity to get downloads and installs.

Fortunately, anyone running iOS 10 is safe from this type of attack. The problem, of course, is that not everyone is running the latest version of the OS.

This presents enormous challenges for small to medium sized business owners, especially if your company has a BYOD policy. It’s all too easy to envision a scenario in which a poisoned app on one of your employees’ devices proves to be the back door that allows a hacker access to your company’s data.

With proper security protocols in place, the risk of such an occurrence can be minimized, but it can never be completely eliminated.

What’s the current state of your digital security and your policy on employee devices? If you’re worried that either (or both) might need to be shored up, but aren’t sure how to proceed, give us a call. One of our talented team members will be happy to work with you to assess your current situation. We can work with you to design a more robust and security digital security system that minimizes your risks.

Used with permission from Article Aggregator

Unfortunately, things haven’t been working out like that.

While Edge was initially well-received, and saw a high adoption rate, mostly, this was because it came bundled with Windows 10. Google Chrome has been the browser of choice for users fleeing from Edge, but in the last two month, Chrome seems to have reached a saturation point. More recently, Firefox has been getting the lion’s share of users looking for a browser alternative.

Over the last year, Firefox has seen its user base declining steadily under intense pressure from its larger competitors. This year, they dropped to less than 8% of the market share. They’ve regained all of those losses, plus some, over the last two months and are now sitting at just over 11% of the market share.

This is good news for fans of Firefox who were afraid that the browser was slowly being relegated to niche status, but it raises an interesting question. Why is it that Microsoft is struggling so to make a viable web browser?

The answer is complex, but revolves around two major issues. First, Microsoft has never devoted the time, effort and resources to their browser that the other products in their lineup receive. The second issue is more telling.

When Edge was released, it had no plugins available, and was not compatible with the plugins of other browsers, meaning that “vanilla Edge” was as good as it got. The plugin ecosystem has been growing, but most users aren’t willing to wait, given that there are viable alternatives available with all the added functionality they’re looking for.

If you currently use Edge in your business, you have little reason to worry that the browser will be discontinued, but you should be aware that it is bleeding users at an alarming rate, and now might be a good time to see if some other browser might be a better fit.

Used with permission from Article Aggregator

Unfortunately, as speeds have improved and bandwidth has increased, so too have the demands we place on it, which has led to a kind of internet cold war. The faster it gets, the more we find to do with it, which strains the limits of currently available speeds, which increase again, and ‘round and ‘round it goes.

Next year, though, is going to be huge for WiFi. The WiFi Alliance has just announced WiGig, which promises speeds up to three times greater than even the best speeds you get out of WiFi connections today.

Manufacturers are already expressing an interest in the new certification program, and as of right now, you can get consumer products that carry it. In fact, if you have a Dell Latitude 7450 or 7470, you’ve already got it.

The drawback, of course, is that in order to realize the best speeds the new technology makes available, both ends of the connection have to support WiGig. At present, there aren’t any routers that do, although that’s coming late this year and early next.

The new standard is expected to really hit stride by mid 2017, when we’ll start seeing WiFi speeds of up to 1GB per second, from a distance of up to 33 feet. At speeds like that, you’ll be able to download your favorite movie in full HD glory in a matter of just seconds, and that’s just the tip of the proverbial iceberg.

This is great news, and a sign of things to come. You can bet that once the new standard has been widely adopted, it’s going to open up whole new frontiers of use. Among other things, you can expect to see VR technologies benefit greatly from the new speeds, and there’s little doubt that it will be a boon to your business, no matter what business you’re in. Where WiFi is concerned, faster is always better.

Used with permission from Article Aggregator

First, hackers have turned their attention to hospitals in a big way in 2016 with record numbers of attacks, including ransomware attacks that have locked up a number of hospital systems completely.

In some of those cases, patient lives were at risk, which is why the affected hospitals have tended to simply pay the ransom and get their systems back. Unfortunately, that’s not the only reason a fatality is inevitable in the relatively near future.

The second, and infinitely more problematic reason is that we are coming to rely increasingly on “smart” devices such as insulin pumps, pacemakers and the like. The problem with that is simply that these “smart” devices aren’t very smart when it comes to security.

Most of these devices have only the most rudimentary of security features built in, and many don’t have any security at all. This makes them almost laughably easy for hackers to take over, and when they do, they can either shut the devices down or cause them to malfunction in ways that will literally kill the patients who rely on them.

Even if the hackers don’t necessarily intend for this to happen, the viruses they use don’t discriminate. They don’t know or care that there’s a human being relying on the device’s proper functioning for his or her survival.

Recently, the Northern Lincolnshire and Goole NHS Foundation Trust hospitals in both Scunthorpe and Grimsby were infected with a virus that forced them to shut the hospital down and suspend all operations and planned procedures until it could be purged from the system.

In this case, there were a number of trauma and other high-risk patients with procedures planned who had to be rushed to non-infected hospitals. All of the transfers were successful, and no one died in this instance as a result of the virus, but next time, we might not be so lucky.

Hacking was already serious business before this, but it just got a whole lot more serious. Life and death, actually.

Used with permission from Article Aggregator

Google’s longstanding policy has been to inform the company that owns the software when a security flaw is found. Google’s thresholds are seven days for an announcement, and ten days for a patch. If neither of those things happen, Google makes the announcement.
Seven days after Google informed Microsoft of this latest security flaw, the software giant had not released any information to its massive user base. So Google, in keeping with its policy, made the announcement, causing Microsoft to cry foul.

Microsoft’s position is that seven days is an extremely aggressive timeframe, and for software as complex as Microsoft’s Operating System, it’s seldom enough time to even research and verify the problem. Ten days is certainly insufficient time to prepare and properly test a patch.

Google’s view on the matter is significantly different. From their point of view, informing the public does two things. First, it spurs the company that owns the software in question to action. Once the flaw is widely known, the clock starts ticking, and it’s just a matter of time before hackers begin to ruthlessly exploit it.

This has the benefit of making the entire ecosystem stronger.

Google also contends that it’s good policy because it lets the users of the software in question know the risks they face. If the vendor isn’t forthcoming, someone has to be.
There’s something to be said for both sides of the argument. On one hand, this has been Google’s standard practice for years now, and it has had the desired effect. Companies are very quick to apply resources to fixing critical security flaws, limiting the risk in the long term.

On the other, announcing security flaws to the wider public carries certain risks. In their haste to fix the immediate problem, companies may not have the time to properly test their new patch, which could lead to the introduction of additional flaws. It also alerts the hackers of the world to new opportunities. Granted, the window tends to be small, but they can inflict significant damage, even in a limited window.

In this instance, since the security flaw was already being exploited by hackers around the world, Google seems to be on the right side of the issue, but things are not always so clear cut.

Used with permission from Article Aggregator

The statistics are alarming. According to a survey conducted by Data Privacy firm CEB, fully 90% of employees admit to rational noncompliance for the sake of convenience. Two thirds say that they regularly email company files to personal email addresses so they can work from home.

The combination of increasing reliance on cloud-based solutions and BYOD policies makes this increasingly easy for employees to do, which raises the stakes and makes life much more complicated for your digital security staff.

These actions, while seemingly innocuous, open the door to a variety of risks, all of which spell bad news for your bottom line. In fact, CEB found that on average, Fortune 1000 companies spend more than $400,000 notifying customers and employees of data breaches each year, to say nothing of the money spent in the ongoing effort to address the shortcomings in digital security as they are found.

It’s important to understand that this rational noncompliance behavior does not stem from any sort of desire to do the company harm. It’s simply an outgrowth of security policies that are not always thought through completely, and can inadvertently lead to a bottleneck in workflow.

What’s the current state of digital security in your company? Do you have policies currently in place that are making it difficult, if not impossible for your employees to do their jobs without violating them?

If you’re not sure, give us a call today, and one of our talented team members will be happy to work with you to review your current security situation and make recommendations on how it can be improved to save you money.

Used with permission from Article Aggregator

This is a huge policy shift that opens all sorts of doors that have previously been bolted shut. For starters, it means that researchers can purchase equipment and hack it to reverse engineer it. They can also probe their own equipment for security flaws and other weaknesses, which is almost certain to create a vast wave of fixes for a whole host of devices.

In the weeks ahead, you can bet that there will be dozens of new open source initiatives that will be spawned by this announcement. The implications (and the potential) is simply staggering.

This is not dissimilar to the ruling the FTC made where smartphones were concerned. Thanks to a similar rules change, users were given the ability to hack their own phones. The same basic rules apply with this new ruling, but there’s a catch.

It’s not permanent, and it may not ever be made permanent. The window is only open for a period of two years. After that, there’s no guarantee that it will remain open.

If you’ve been wishing you could reverse engineer a key piece of technology, or take it apart and probe into it without fear of a lawsuit, now is your opportunity.

This represents an enormous opportunity for business owners. If you’d like to take advantage of it, but aren’t quite sure how to proceed, give us a call. A member of our talented team would be happy to work with you to identify opportunities and demonstrate how you can make the most of this two year window of opportunity.

Used with permission from Article Aggregator

The files were actually downloaded to the drive in November of 2015, but the loss was only discovered this year, in September, as part of an audit which reviewed file access and downloads to removable media.

The OCC did not go into detail about what kinds of information the drives contained, saying only that it was “controlled unclassified information, including privacy information,” and that the data spanned more than 10,000 records. The investigation is ongoing, and so far, there’s no word on whether the drive in question has been found.

The bright spot, however, is that none of the data has appeared for sale on the Dark Web, so it could be the case that the drive has simply been misplaced. The agency also said that they have already updated their data security policies so that an incident like this cannot happen again.

Nonetheless, this underscores how fragile digital security is. When all it takes to send a government agency into crisis is a moment of carelessness with a simple thumb drive, it puts the risks that all enterprises face in today’s business climate.

What is the current state of your company’s digital security? Would the sudden disappearance of a thumb drive containing sensitive company data put you in a tailspin? Would you even know the data had been taken?

If you’re not sure what the answers to these questions are, and want more peace of mind, we can help. Give us a call today and one of our talented team members would be happy to assist you!

Used with permission from Article Aggregator