Cyber attack slows internet

By on April 16, 2013 in Blog, Internet, Security

The internet has picked itself up and dusted itself off following what web experts have described as the biggest cyber attack in history. So just what happened to bring it down?

Reports from computing.co.uk suggest a conflict was sparked last month after Spamhaus, a European spam-fighting group, added Dutch web host Cyberbunker to a blacklist that is used by email providers to weed out spam addresses.

The firm claims to offer services to every client – provided they’re not using their site for hosting child pornography or terrorism-related material.

Bringing the Spamhaus down

Five national cyber police forces were reported to be investigating huge DDoS attacks on Spamhaus, which were launched following its actions against Cyberbunker.

Some grew to a data stream of 300 billion bits per second, taking the Spamhaus site offline and causing widespread congestion around the world. Cyber crime experts say the attack was particularly potent because it exploited something known as the ‘domain name system’, which is used every time a web user enters an address into their computer.

Since the virtual assault began on March 19th, millions of ordinary internet users have faced slowed down speeds and worldwide services like Netflix have been affected. However, experts are now worried that banking and email systems may also face disruption.

In an email answering questions fronted by Bloomberg News, Spamhaus representative John Reid said: “The size of the attack hurt some very large networks and internet exchange points such as the London Internet Exchange.”

He added that the number of affected users could run into millions due to the group’s global infrastructure.

Spamhaus claims Cyberbunker cooperated with “criminal gangs” from Eastern Europe and Russia to launch what’s now considered to be the largest publicly announced DDoS attack in the history of the internet.

The hosting site is yet to comment on the allegations, though company spokesperson Sven Olaf Kamphuis has told New York Times that Spamhaus should not be able to decide “what goes and does not go on the internet”.

Read more

No time to relax defences despite huge spam decrease

By on April 15, 2013 in Blog, Security

Recent figures suggest an unprecedented decrease in spam levels. This, of course, can only be a good thing, but don’t assume we’ll be seeing a complete eradication any time soon.

Kaspersky Lab has reported a significant decline in spam. During the course of 2012, there was an 8.2% drop in the amount being sent out – the largest decrease recorded to date.

In its report, Kaspersky attributes anti-spam software as a major contributor to these encouraging figures, claiming its effectiveness is deterring spammers. With PC users recognising the importance of using such software, it seems spammers are realising their efforts are having less impact, as fewer are having these unsolicited emails hit their inboxes.

The shutting down of a number of botnet command centres and pharmaceutical affiliate programs during 2011 has also played a vital part.

But whilst an 8.2% reduction is certainly encouraging, it’s a drop in the ocean as far as the recipient is concerned.

  • On average, 72.1% of all emails sent on a daily basis is spam
  •  Spam accounts for around 100 billion of the 144.8 billion emails sent each day       Would a less-than-10% reduction of bees in a swarm be noticeably less of a problem for someone subjected to an attack? Probably not. In the same vein, those bombarded by unsolicited mail won’t gain much respite from an 8.2% decrease on what still amounts to some pretty steep numbers.

The best means, of course, to ensure your ensure is not cluttered by spam is purchase anti-spam software, have you not already done so. Whilst the drop signifies spammers’ activity may be waning somewhat, it is certainly no time to deem protection surplus to requirements – now, as ever, it’s a vital requirement.

Read more

Excel shortcuts add up to time savings

By on April 12, 2013 in Blog, Microsoft, Tips & tricks

You may already be using some of the many convenient keyboard shortcuts available in Excel. But with so many on offer, just how many do you actually know about?

Many users love Microsoft’s keyboard shortcuts. These controls let us perform commands quickly, without the need to reach for our mouse, saving a bit of time and effort.

You may have come across the many on offer from Microsoft Excel, but just how many do you tend to use on a regular basis? We’ve compiled a list below of some of the main ones that you may wish to start putting into practice.

Shortcut Function
Ctrl + Z Undo
Ctrl + F Find
Ctrl + H Find & replace
Ctrl + S Save
Ctrl + Arrow Move to edge of region
Ctrl + A Select all cells
Ctrl + Shift + End Select from current cell to last cell in used range
Ctrl + Shift + Home Select from current cell to A1
Ctrl +Page Down Move to next sheet
Ctrl + Page Up Move to previous sheet
Ctrl + N Open new workbook
Shift + F11 Insert new worksheet
Ctrl + Spacebar Select columns
Shift + Spacebar Select rows
Read more

You are what you tweet

By on March 22, 2013 in Blog, Social networking

After Sally Bercow come thousands more Twitter users facing possible charges of contempt of court. Why? For retweeting images that reveal the identity of Jon Venables, one of the convicted killers of Jamie Bulger.

There are two primary laws that Twitter users should be aware of – the first being libel. Libel is the written or broadcast form of defamation, in that it is permanently recorded; whereas slander is a transient form of defamation, in that it is not recorded and is therefore potentially less harmful.
For something to be considered defamatory, it must ‘lower the claimant in the estimation of right thinking people’, among other requirements. This means that if a tweet could negatively impact on someone’s reputation in the eyes of a ‘right-thinking’ person, the tweeter could be sued. While defamation is an expensive legal process for the claimant, the damages awarded can be huge.

The other law that tweeters need to be aware of is contempt of court – strict liability contempt, in particular. The easiest way of understanding the law is by saying that anything that creates a risk of a jury’s decision being impaired could be considered strict liability contempt. This means that anything that happens from the point of an arrest right through to a verdict that could sway the jury’s decision – including tweets – could result in criminal charges being brought against the publisher.

Read more

5 great new features in Outlook 2013

By on March 22, 2013 in Microsoft, Tips & tricks

The new version of this popular email client is out and with it comes a number of changes. Here’s our selection of those we feel will make your life just that little bit easier.

1. Unread Mail Search Folder

It takes a dedicated practitioner of inbox-zero techniques to avoid a clutter of both read and unread mail in one’s inbox. In previous releases of Outlook you could segregate the two by clicking on the “Filter” button and selecting “Unread”. The 2013 edition has simplified the process by adding a big “Unread” button above your inbox to make things quicker. To go back to viewing all mail, just click on “All”.

2. Preview your messages

In the past all you could see before clicking to view an email was the name of the sender and the subject line. To see the body of the message itself, you would have to either click once to view in the preview pane, or twice to open it. Outlook’s new release offers a preview option by means of the “View” tab, which allows you to read a few lines of the email without having to actually open it.

Also now, from the preview pane, you can reply to or forward an email without using the ribbon.

3. Zoom for easier reading

There may be times when you want to increase or decrease the size of the text on an email to view it more easily. This is where the new Outlook 2013 feature – one you’ll recognise from Word – comes in handy. The Zoom slider lets you adjust the size of the text quickly from buttons located in the bottom right-hand corner.

4. Never forget to attach an attachment again!

We all know how embarrassing it is to click “Send”, only to realise – or have the recipient point out – you’ve forgotten to add the attachment you had intended to.

Outlook 2013 now warns you that it thinks you’ve forgotten to add an attachment you’ve referred to in your text. Clever!

5. A new look

If you’re bored by the appearance of Outlook, you can now jazz it up with one of a number of different “themes”. Choose from around a dozen including clouds and stars. You can even change the colour – although the choice only stretches to white, light grey or dark grey.

Read more

BlackBerry takes swipe at Android security

By on March 18, 2013 in Blog, Mobile devices, Security

Handheld device manufacturer BlackBerry has taken a jab at Google’s operating system Android, stating there is an “inherent weakness” in open operating systems.

BlackBerry’s UK and Ireland managing director Rob Orr believes that any system to protect data “was only as strong as the weakest link”, with one of BlackBerry’s key selling points being its secure operating system.

He believes that Android’s openness could come home to roost, though Google certainly does not share these views. Nonetheless, Orr has a point – Google’s Play Store has been plagued by discoveries of malware in its app store, leading the removal of a number of apps.

Businesses forced to compromise on security?

However, far from deterring small businesses from embracing Android phones as work devices, some firms may feel ‘forced’ to compromise on device security as more consumer-friendly phones have become commonplace in the office.

Orr’s remarks come after tech manufacturer Samsung announced a rival to BlackBerry’s ‘Balance’ programme, which allows work and personal data to be viewed on one device yet secured according to different protocols.

The software, named Knox, is aimed at IT departments worried about the theft of sensitive corporate data by hackers. BlackBerry has built loyalty through its security and Samsung hopes to create the same beefed-up security for Android.

Samsung executives have revealed Knox will appear on a new Galaxy smartphone in the second quarter of the year.

Read more

Microsoft becomes latest hacking victim

By on March 18, 2013 in Blog, Microsoft, Security

Microsoft is the latest in a long line of technology giants to admit it has been hacked, according to reports this month, following in the footsteps of the like of Facebook and Apple.

In a recent post on blogs.technet.com, Microsoft’s general manager for trustworthy computing security, Matt Thomlinson, confirmed that Microsoft had been breached in a similar fashion to Apple and Facebook.

“We found a small number of computers…that were affected by malicious software, using techniques similar to those documented by other organisations,” said Thomlinson.

What hope for the rest of us?

Apple and Facebook recently admitted that a number of their staff computers had been compromised, due to a vulnerability in the Java browser plugin. The vulnerability was apparently executed via iphonedevsdk.com, a digital hangout for many developers. The site was compromised and used to host the exploit.

Oracle, the developers of Java, continue to investigate and issue patches for the series of zero-day flaws found in their plugin, but at the moment it seems like they are continuously playing catch up.

High profile attacks appear to be on the rise. Twitter was recently reported to have had 250,000 of its accounts compromised while the New York Times is pointing a firm finger at China for a sustained campaign on its servers.

Graham Cluley of Sophos Security warned: “If we have to say it once, twice or a thousand times – we’ll keep on saying it: if you don’t need Java enabled on your browser, run it off now.”

Read more

Days of the password are numbered

By on March 9, 2013 in Blog, Security

As hackers make advancements in cracking techniques and users continue to choose unsophisticated passwords, is it time to move away from conventional thinking in search of new ways of user identification?

Passwords will soon be a thing of the past, predicts PayPal president, David Marcus.

The online payment merchant is spearheading a campaign for the industry to embrace new methods including biometrics. Voice identification, fingerprint scanning and keystroke analysis are all viable password replacements, says Marcus.

“Like magic, you’ll be authenticated and your payment will go through,” he told the BBC.   “You’re going to start seeing that type of experience later this year, with a mass roll-out in the year to come,” he added.

Fido to sniff out new technologies

PayPal, Lenovo, NXP and other companies have recently formed the Fido (Fast Identity Online) Alliance, to collaborate on identification technologies.   A firm working out of Sweden is using behavioural biometrics to verify users. BehavioSec says that its software learns how users type and then uses the data as part of the authentication process. For example, if a mobile device is stolen and the thief knows the PIN number, they will still be unable to authorise transactions without mimicking the owner’s timing to within fractions of seconds.

Meanwhile, Nuance, a company well known for its Dragon Dictate software, has been working on a speech recognition technology in the form of an app. The app, called Nina, can recognise a user’s voice to approve transactions. According to the firm, a customer can open Nina and say ‘pay my phone bill’ and the voice recognition software will pay the bill.

Read more

Your IT security 5-a-day

By on February 22, 2013 in Security, Tips & tricks

As IT professionals, we are constantly on the lookout for innovative new security threats. Although, where breaches do occur, they often come back to a number of all too familiar failings.

Below are 5 areas in which companies frequently fall down – so please check your own performance against the list below and ask if you have any questions.

1. Update, update, update

As the recent Java security vulnerability highlights, patch management is vital to ensuring your data remains secure. For companies with a small number of devices, updating each one manually might be relatively straightforward. However, larger organisations may wish to consider a system of automated updates.

2. Don’t let mobile data go AWOL

Password protecting mobile devices is not adequate protection. If a laptop is stolen, all the thief need do is place the hard drive in a different computer and they can then access the content.

Companies concerned about confidential data on mobile devices should implement encryption on both a system level and file level. Enterprise versions of Windows include encryption facilities and there a range of premium programs which can help secure your work. Additionally, users can apply passwords to both their BIOS and their operating system.

3. Lock down data

Many companies are not doing a good enough job of keeping tabs on their data and sometimes the greatest threat comes from within. Restrict the use of USB drives so that the flow of data in and out of your network is controlled. Third party applications can help shore up your ‘endpoint security’ by preventing staff from downloading customer lists and other confidential data to their smartphones.

4. Make sure your cloud does not drift away

If a cloud service has its servers located outside of the EU, storing private data on the service could potentially be in breach of EU law. Ask your cloud provider for written confirmation that the service is within the European Economic Area (EEA). If they are in the US, ask for proof that they are signed up to the ‘US-EU Safe Harbor Framework’. If their servers are outside the EEA and the US, seek advice form the Information Commissioner’s Office (ICO).

5. Test your backups and backup your backups

Checking the integrity of backups is a task often overlooked. Sometimes the most consummate of professionals is so confident of the stability of their primary system that they don’t dream of checking backups.

When the day comes that primary servers do fail, a company needs to have 100 per cent confidence in its backup. Please note that best advice recommends that data backups are tested periodically, even if this is a simple spot check by attempting to recover individual files.

Read more

Report finds data theft by staff is on the rise

By on February 16, 2013 in Blog, Security

A recent report has warned businesses to remain vigilant against staff stealing client lists and confidential data. So can you be sure your employees are not downloading sensitive files or emailing them to their private accounts?  

KPMG has concluded that pay freezes, job restructuring and redundancies are among the issues that can provoke people to commit fraud. Hitesh Patel, UK forensic partner at the firm, picked out these three factors following the publication of a report on fraudulent activity, which showed that businesses need to keep an eye on staff if they are going to avoid running into difficulties.

Endpoint security risk

Even though the number and value of cases involving professional conmen in the UK fell in 2012, there were certain areas that grew significantly. One growth area was fraud committed by employees, which almost doubled from 2011 to 2012 – reaching £25.1 million.   The sort of activities that staff were involved in were procurement fraud and so-called back-office fraud. These issues have been around for years, but modern businesses must also think about IT threats relating to endpoint security and the data held by the organisation.

Mr Patel pointed out that the total value of fraud has only dropped due to the reduction in the “eye-watering”, high-profile cases that involve huge sums of money, whereas the issue is still very much a challenge for employers.

Tough times exacerbate threat

He remarked: “What we’re seeing is individuals looking to feather their nests through ripping off employers, banks or the government. Times may be tough, but the data shows that some people are unwilling to give the lifestyles they’ve become accustomed to.”

The KPMG report also noted that identity fraud more than doubled to reach £26.3 million, while Ponzi scheme cases tripled in value during this time to hit £72 million and counterfeiting was three times higher than the five-year average. In total, insider trading made up 80 per cent of fraud-related financial losses at UK companies, with these crimes perpetrated by employees and managers.

Thisismoney.co.uk notes that the authors of the report made clear the effect such activity can have on an organisation. Mr Hitesh highlighted how fraud can ‘exacerbate’ the need to make job cuts and reduce budgets.

In the public sector, tax evasion and benefits fraud are proving to be two major challenges in the current climate, as people seek to hang on to more of their earnings or gain undeserved welfare payments.

Read more