Men in Proxy Blog

A blog covering the most interesting topics about online anonymity and Internet security!

Superworm attacks Iran

Posted on: June 19th, 2013

Superworm Attacks IranThis week is the first anniversary of the sophisticated computer attack on Iran and several other Middle Eastern countries. The apparent goal of the attack, given that the primary targets happened to be Iran’s networks linked to their nuclear centrifuges. When the attack occurred, it was clear from the start that whoever designed the worm was a “state player”. This worm was primarily a data stealing virus nicknamed, “Flame”.

Some experts claim that the worm has been in computers for as many as five years, dormant, waiting for some unknown predetermined point in time to strike and that day, strike it did. Read the rest of this entry »

AddThis Social Bookmark Button

FixYa launches the FixBoard, a dashboard for the FixYa data

Posted on: June 17th, 2013

FixYa launches the FixBoard, a dashboard for the FixYa dataFixYa had been founded in order to take advantage of the facts that adequate support is not being offered by consumer manufacturing products on their websites. Even though most of these products become technologically advanced by the day, the manufacturers have time and again failed to offer the necessary technical support which is required by most users. Thus, the idea behind the creation of FixYa was to integrate the various content which is scattered all over the internet with regards to various consumer products and to integrate them into one user friendly site wherein users can find all the information they need about specific consumer manufacturing products. Furthermore, FixYa also offers an online support community where consumers and experts can meet and get problems related to various appliances solved. The site is also popular as a storehouse of knowledge and is constantly updating its content with the help of a community of users who share experiences pertaining to technical problems and figure out solutions.

Another advantage offered by FixYa is that the site is dependant and based upon experiences from real users rather than basing the content on manufacturer FAQ’s. As a result, the solutions offered and the problems asked are quite genuine and pertain to issues which are commonly faced by most users. The website also allows users to ask a question and get their queries solved within hours. The website also allows users to search for a local repairman for the product in question in the user’s geographical location and area.

FixYa is about to become more useful for the big brands due to the FixBoard, the latest feature of the website. The FixBoard is basically a dashboard which allows users to browse through the FixYa data. This dashboard also shows the number of owners who have reported a problem with regards to a particular company’s  product, the most common problems of the product in question, the number of problems which have been reported about a product over time and a comparison to the competitive products. Moreover, the FixBoard also offers users with a much broader view of a product rather than limiting it to individual questions and products. Even though this data is compiled from the activity which takes place on FixYa and does not include complaints from the company websites and social media platforms, this should be enough to offer users with a true picture as the FixYa site witnesses a traffic of about 30 million individual views every month and also has more than 9 million questions pertaining to products which have been answered.

The FixBoard is presently a free program which is available to all users. However, at the present moment, it only covers about 1000 products out of the total FixYa product range of 60000. The FixBoard shall soon be released to cover many more brands and will be chargeable to the companies who wish to get their products featured on it.

AddThis Social Bookmark Button

Guccifer strikes again: candace bushnell hacked

Posted on: June 8th, 2013

Guccifer strikes again: candace bushnell hackedNo one knows who he is for sure. Guccifer is the pseudonym for a high level hacker who has broken into the email, Twitter and other accounts of for one example, Dorothy Bush Koch, sister of President George W. Bush. Guccifer disseminated photos of the elder Bush who was in the hospital undergoing treatment. Photos of George W. Bush’s painting were also released online. Guccifer has hacked the email accounts from Yahoo, AOL and more.

Among his victims who saw sensitive information being shared with the world thanks to his efforts are Colin Powell, Lisa Murkowski, Barbara Bush’s brother, Jim Nantz and beauty queen Miss Maine Patricia Legere. Recently, Guccifer hacked into the email accounts of Sidney Blumenthal, former aide to President Clinton and Hillary Clinton, specifically leaking emails regarding the terrorist attack on 9/11/2012 in Benghazi. Experts tracked his IP address to Russia, but were not able to ascertain if this was his actual location or if he had used a proxy server located there.

But he wasn’t done. Last week, the infamous hacker gained access to the email and Twitter accounts of Candace Bushnell, author of the book, “Sex and the City”. He was able to locate a copy of the first fifty pages of Bushnell’s new book, entitled, “Killing Monica”. Bushnell spent several hours attempting to regain control of her accounts as Guccifer downloaded her work and then made it available online for all to see.

Bushnell’s publishing company, Grand Central Publishing, confirmed that Guccifer had indeed gotten a copy of the actual beginning of her new book. To add insult to injury, Guccifer was not satisfied with merely stealing her work and distributing it, he also hacked into her website and placed links to blog posts about online gaming of games like Diablo 3. To date, these blog posts have not been checked for malware, but it is possible that the purpose he had was to distribute a virus amongst Sex and the City fans. Investigators still have no clue who he or she is, but they advise against clicking on any links for blog posts you might find that just don’t seem to gel with the theme of the site you are on.

AddThis Social Bookmark Button

What to do when faced with a Data Breach

Posted on: June 7th, 2013

What to do when faced with a Data BreachDespite all attempts of preventing data breaches, they are bound to happen. Thus, preparing for such problems can help users go a long way in responding quickly and thereby containing the damage caused. A recent survey conducted by the Ponemon Institute showed that on an average the cost of a malicious data breach is about $840000 and the cost per record is about $222. Despite of this fact, only 40% of the organizations which were surveyed claimed to have the proper funding, knowledge, tools and personnel in place to help them track down the root cause of such breaches.

Planning for the Data Breach

The main problem is that most of these breaches remain undetected for an extremely long time. The survey showed that it takes about 80 days to detect ad discover such breaches and about one third of them are not uncovered by the defences employed by the company. These breaches are mostly discovered by customers or by accident. Thus, planning for the prevention of such breaches has become extremely important. Moreover, simply planning for them is never going to be enough. Companies need to test out these plans by conducting exercises and mock breaches so that the users and the personnel can get familiar with the processes of containing a breach. These exercises go a long way in helping the company to efficiently contain the breach when it does take place. The processes of planning for such breaches contain 5 key steps. The first step is to develop interconnected breach response processes which include efficient crisis management, incident management and case management systems. The second step is to test these systems regularly to prepare them for the inevitable breach. The third step involves making a comprehensive analysis and trying to get a full image of the damage done. This can go a long way in helping out with future breaches. The fourth step involves maintaining proper activity logs so that the regulatory requirements can be met. Finally, employees should be encouraged to report suspicious activity and the IT departments should develop a practice of checking out each report, whether it is genuine or not.

Determining the cause

One of the most important aspects during a data breach to take care of is to stay calm and take proper time in eliminating the breach. Simply rushing in to find solutions will not get the company anywhere as it prevents them from gaining valuable insight which could go a long way in preventing future breaches.  It also pays to capture a forensic image of the network which is affected so that it can be analysed after the system goes back online. These practices can help companies understand how were they attacked and how can such attacks be prevented in the future. Moreover, a breach should be looked at as a learning curve rather than a failure. Learning from mistakes is the surest way to ensure that the mistakes are not repeated again.

AddThis Social Bookmark Button

Chinese government hacking us defense secrets

Posted on: June 5th, 2013

Chinese government hacking us defense secretsThe Pentagon recently issued the annual report to Congress regarding recent Chinese military developments. In the 83 page report, the Pentagon accuses China of using computer hacking to spy on United States advanced technology. Although Beijing denies this vehemently, recent coordinated cyber-attacks on U.S. interests and several private companies were traced to a PLA (People’s Liberated Army) building in China.

Chief amongst the targets for Chinese hackers are the US pilotless drone program and the stealth fighter and an aircraft carrier fleet. The Pentagon cites concerns beyond that of the stolen technology being syphoned off by the communist nation. The skills necessary for hacking into high level US Government computer networks and private enterprise networks of CBS, the New York Times are the same skill set necessary to conduct serious DDoS, or Distributed Denial of Service attacks on the internet.

Recent DDoS attacks have shut down some sites, and one attack in particular virtually slowed the internet service to several sites down to a crawl. The Pentegon’s concern is that the size and nature of these attacks could shut down automated internet based communications stalling everything from access to emails to bank services. Due to the sheer volume of commerce that takes place online on a daily basis, a DDoS on a large enough scale could make the use of inter-bank transfers impossible. Bank and Debit cards would become unusable and that would affect consumers world-wide.

It is the first time that an official US Government report makes the accusation against the Chinese, but it is something that has been known for years. The recent buildup of Chinese military and defense reflects a resurgence in technology previously unavailable to them. 2012 marked the second test of China’s new stealth fighter aircraft. Before the recent espionage efforts conducted, it was estimated that it would be 2018 before China even had one stealth fighter that was operational. It was also the year that China’s retrofitted Soviet aircraft carrier successfully launched an aircraft.

AddThis Social Bookmark Button

Microsoft moves into 2 step authentication processes

Posted on: June 4th, 2013

Microsoft moves into 2 step authentication processesMore and more companies have been shifting to the 2 step authentication processes for their online services. One of the biggest reasons for this shift is the fact that the 2 step authentication makes it much more secure to access online services. Most companies such as Google and Microsoft also see the 2 step authentication as a way of improving the platforms as well as reduce hacking issues. Most of these 2 step authentications require a password as well as a second code to access data or accounts. This code is normally a randomly generated number which can be used only once. Google had already introduced the 2 step authentication for its users and now Microsoft has also followed suit and plans to launch the 2 step authentication for all user accounts.

Microsoft was expected to announce the two step authentication for its accounts for quite some time and the company has finally declared the 2 step process officially. An upgrade to all Microsoft accounts shall be introduced in the coming few days which would enable the two step authentication as an optional feature for its users. The process is quite similar to that used by Google where Microsoft shall allow the users to use the application passwords for services such as the Xbox which do not support these 2 factor authentications at the moment. Microsoft is also offering an authenticator application for the Windows based phones which will allow the users to receive the 2 step authentication while they are offline as well.

Microsoft has also been an avid supporter of the multiple authentication methods since ages and has offered these features to certain parts of its accounts. However, with the launch of the two step authentication process, Microsoft has now launched a multiple authentication method to the entire account. This means that the account shall remain completely protected irrespective of what kind of data is accessed by users.  This 2 step authentication also ensures that it becomes extremely difficult for any third party to access the accounts even if the username and passwords have been hacked.

This 2 step authentication process shall now be used for signing into services such as Messenger, SkyDrive and outlook.com. Once this 2 step authentication has been enabled, an additional layer of security such as a code sent to the phone is required to access any account. The entire process might sound like a huge hassle but is extremely beneficial in terms of online security for user accounts. However, users can also choose to not use this 2 step authentication if they do not wish to and will only be asked to do so if they have not accessed their accounts for a period of 60 days.

There are various other companies as well who have now opted for the increased security of the 2 step authentication process. The top companies include Google, who offered the process for its user accounts and Apple, who introduced the process for all Apple IDs.

AddThis Social Bookmark Button