November 17, 2015 By Garratt Boyden
In today’s highly interconnected world, dangers of extortion, blackmail, and various scams affect absolutely everyone. Just recently, we have seen a steep rise in a class of Trojans called ransomware. This malicious software often poses as a regular email attachment, which seems to be sent by a reputable company. However, when downloaded, this file quickly encrypts user’s computer with a very strong encryption algorithm. The only way to regain access to data is to pay the operators a relatively large sum of money (often around 500 USD).
The above example is just a small part of a much larger problem. According to the FBI’s Internet Crime Complaint Center 2014 Internet Crime Report, more than $16 million dollars were extorted from victims that year. This number is comprised of many different types of blackmail and extortion with an increasingly larger portion involving the threat of releasing personal information and damaging one’s reputation. Identity Theft Resource Center states that such criminal acts have happened 591 times just in the first nine months of this year.
Extortion and blackmail are often used interchangeably, but they refer to slightly different ways of getting money from victims. Extortion involves a threat of violence or damage to property. It is not necessary for the perpetrators to actually obtain the money to commit the offense. On the other hand, blackmail happens when offender threatens to reveal information about a victim. Such information can usually cause substantial social damage and embarrassment for the victim. In return for keeping quiet, the blackmailer demands money, property, or services.
Modern social media networking sites pose a convenient attack vector for attackers and are thus often exploited for profit. What commonly happens is that a person of opposite sex befriends somebody online and establishes a friendship with that person. Their interaction seems very believable and often includes personal pictures, voice messages, and what seems to be a genuine interest in the other person. All of this just to gain the trust of the victim in order to ultimately obtain something that can be used as a leverage for their treats. Attackers often manage to lure their victims into exposing themselves on camera, without knowing that they are actually being recorded and are talking only to a decoy. When this happens, there is only a little that victims can do to protect their privacy. Tracking down the perpetrators is often impossible and paying the demanded amount of money does not guarantee that there will not be more threats in the future. In fact, once scammers find out that the victim is willing to pay, they often try to get as much money from the person as they can.
This leads us to the question: How can victims protect themselves against blackmail and extortion and how should they act when it actually happens? The most important thing is, of course, prevention. Never say or do things online that you might regret in the future. Always assume that everything you do on the web and in front of your web camera could get into the hands of criminals. There have been many cases of celebrities having their smartphones and computers hacked and private pictures published online. Regular citizens are not immune to such crimes. Modern operating systems are capable of data encryption, which prevents random strangers from being able to gain access to data stored on the device. It is always advisable to use every tool that you have at your disposal to increase your chances of staying safe and protected. However, fully relying on these tools is not a good idea as they cannot guarantee complete safety.
Victims of online blackmail or extortion should always contact authorities and use their expertise to decide on the best course of action. The situation often seems much worse than it really is and hasty solutions are the worst enemy of reaching a favorable outcome.
The risks described above are only a handful of vulnerabilities that individuals and businesses face online. One of the easiest ways to ensure individuals are adequately competent in cyber security is to get certified. Unitek Education’s 3 day CompTIA Security Plus boot camp is the perfect course for high level employees that require a solid foundation in cyber security. The Security Plus boot camp is Unitek Education’s most popular entry level security course and is part of the DOD IAT Level 1 on the 8570 certification chart. This course is frequented by members of the Armed forces, Department of Defense and IT Professionals. Learn more.
December 30, 2014 By Garratt Boyden
Traditional IT roles mutate as boundaries expand
Once, the territory that belonged to system administrators and network administrators was neatly delineated, writes Lawrence Garvin in NetworkComputing.com. But the rise of cloud computing and software-defined infrastructure has blurred traditional boundaries; soon, Garvin says, “we’ll all just be known as ‘cloud administrators,’ with no real distinction between systems and networks.”
Historically, network administrators have handled the infrastructure down to the switches and routers, and sysadmins have focused primarily on software and system configuration and maintenance. But success in either role has always favored those with a broader understanding of the whole ecosystem, Garvin notes.
“Sysadmins who have an understanding of how networks work, including DHCP, DNS, and IP routing, usually have a much easier time diagnosing server and application problems,” Garvin writes. “Likewise, network admins who have an appreciation for the nature of the application traffic flowing across the wires and through the switches typically enjoy much better behaved networks.”
Entire application infrastructures, Garvin points out, depend on optimal network operation. And so the profiles of the two roles are morphing to reflect dimensions of the other.
“Sysadmins,” Garvin writes, “particularly application administrators, must now be cognizant of network technologies and operations. Network administrators who want to keep networks in top shape must now have an awareness of what application traffic is flowing across the network and how to design and implement networks to support those needs.”
He notes that there are divergent trends in the toolsets the two roles employ — sysadmins are rediscovering the efficiency of the command line, while network admins, thanks to cloud management tools, are finally embracing the graphical user interface (GUI). The question of which will prevail, Garvin leaves unanswered.
December 30, 2014 By Garratt Boyden
How Citrix Fits into Hybrid Cloud
Citrix executive defines user-centric vision
Appearing on SiliconANGLE TV, Morgan Gerhart, senior director of products for Citrix’s cloud and networking business, offered his thoughts on where Citrix fits in the emerging hybrid cloud environment.
“What we try to do at Citrix is make the deployment and configuration of our stack as transparent as possible regardless of whether it’s running on-premise or in AWS [Amazon Web Services] because IT professionals shouldn’t have to do things fundamentally different to invoke AWS,” Gerhart said. Citrix’s goal, Gerhart noted, is to make AWS look like a natural extension of its customers’ data centers rather than just another silo.
The interview took place at Amazon.com’s recent re:Invent summit and was reported in siliconANGLE by Maria Deutscher.
Citrix NetScaler is central to the company’s cloud strategy, “providing a common interface for managing demand that allows organizations to handle an application running on AWS no differently than if it were deployed on-premise,” Deutscher writes. Users can also also move NetScaler-backed workloads outside the data center with minimal tweaking.
“What’s driving us is the concept of the software-defined workplace, which is fundamentally built around the fact that when a user is accessing an application today, they’re going to be accessing that application from at least three devices over the course of the day,” Gerhard said. “Ultimately, it’s not a technology conversation, it’s a user-centric one.”
December 30, 2014 By Garratt Boyden
IT Hiring Is Up; 10 Hottest Skills for 2015
Tech support, programming high on list
“November was a good month for hiring in general and IT hiring in particular,” writes Patrick Thibodeau on computerworld.com. According to Foote Associates, an IT labor analyst and research firm, IT added 17,300 jobs in November, compared to 12,900 in October.
Employers are “systematically replacing consultants with full-timers,” says David Foote of Foote Associates, searching in particular for “people with business and technical skills, analysts, architects and software engineers.”
Another article on computerworld.com took a deeper look at the IT skills that
will be most in demand heading into 2015, based on feedback from 194 IT executives.
In a repeat from a similar survey last year, the IT skill that topped most wish lists was programming/application development. Forty-eight percent of survey respondents said they plan to hire for those skills in the next 12 months.
Next was project management, which analysts said is crucial in order to be able to execute on the backlog of complex technical initiatives that enterprises had back-burnered because of the recession.
The Computerworld 2015 Forecast Survey also listed the following skill sets, in descending order:
Help desk/technical support “Demand for this position is a function of growth,” explained one analyst.
Security/compliance governance - Security breaches can be devastating and make for lurid headlines. Demand is high for those who can protect an enterprise’s digital assets.
Database administration Big Data has given us the ability to crunch massive sets of data, but “you still need to understand how your database has been put together,” said an analyst.
Mobile applications and device management
Networking Robert Half International reports that 57% of U.S. technology executives said network administration tops the list of skills needed in their organizations.
November 10, 2014 By yogi
Robotaxis, hover boards, dog translators
Truth may be stranger than fiction, but it could never compete with science fiction, right? Well, an infographic on the British website wish.co.uk begs to refute that assumption. It identifies 11 sci-fi creations that have actually come to pass in our non-fiction world.
For example, Star Trek fans know the Starfleet Tricorder as one of the crew’s most indispensable tools, used to record and analyze inputs in a range of scenarios, including medical ones. Fantastical, right? Well, General Electric has developed a device it calls the GE VScan that performs a similar function. It is a handheld device that works like an ultrasound, enabling medical professionals to measure and analyze internal organs without invasive surgery.
What do Arnold Schwarzenegger and residents of Masdar City in the United Arab Emirates have in common? Both are familiar with the coolness of traveling in a personal automated robotaxi — the former in the movie Total Recall, the latter as a feature of living in a planned city. The vehicles have been operational since 2010.
The movie Back to the Future featured a hover board, which could zip around in any direction without touching the ground. French scientists have created the Mag Surf, which uses superconductor magnetic levitation to glide a few inches above a magnetic track. The device was developed to promote research in urban transportation.
Superhuman powers come standard in many sci-fi and fantasy worlds, but scientists at Raytheon expect to bring some of that enhanced capability to U.S. soldiers within the next year or two. Its XO2 Suit is an exoskeleton that features hi-pressure hydraulics that increase a soldier’s agility, strength, and endurance.
The ability to communicate with aliens is another venerable technology in the canon of science fiction — and one that has its analog in today’s world: Voxtec has created the Phraselator P2 for the military (which seems to get all the cool stuff), which can translate more than 100,000 English phrases into 70 different languages. And if that were not impressive enough, there is the Bowlingual translator, which analyzes the acoustics of your dog’s bark and tells you what it’s saying.
See other strange but true inventions at wish.co.uk.
November 10, 2014 By yogi
Positioning system points to other uses
It’s crunch time: you’ve got precious minutes before the game resumes to find the closest restroom and premium beer stand. How do you avoid making a wrong turn and wasting time on the hunt?
Visitors to Levi Stadium, home of the San Francisco 49ers, can now install a nifty app developed by enterprise wi-fi provider Aruba Networks that enables a range of location-based services such as locating concessions, restrooms, and seats.
Jay Donovan reports on TechCrunch that Aruba Network’s system, one of the largest indoor installations ever, points to a future where indoor positioning services are as common as GPS navigation. He notes Aruba’s intention to enable location-aware push messages in order to create a “richer experence” for users (or at least for the technology and content providers).
The beacons — small, battery-powered Bluetooth devices — are deployed all over the stadium. They communicate with an array of Aruba Wi-Fi nodes, which can cover a greater area. The Wi-Fi nodes then relay the beacon data back to a software controller that works for the entire stadium. A user with the app installed on their smartphone can communicate with the beacons to determine their location — and find out where things are.
Retailers are excited about the technology, Donovan writes, because it offers the ability to push messaging specific to each beacon’s individual location — and represents a potential game-changer for the brick-and-mortar shopping experience, which has suffered from the rise of online shopping.
November 10, 2014 By yogi
New OS blends elements of 7 and 8
“We’re not building an incremental product,” said Terry Myerson, head of Microsoft’s Operating Systems Group, referring to Microsoft’s decision to skip the number 9 entirely for its latest operating system, Windows 10. But is the new OS the great leap forward the company claims it to be?
Writing in ComputerWorld, Woody Leonhard puts the question this way: “Is Windows 10 as goofy as its predecessor?” — or has Microsoft “righted enough of Win8’s wrongs to make it a worthwhile PC upgrade?”
Windows 10 does not officially launch until the middle of next year, so some features may evolve further, but the bones of the new OS are in place, and Leonhard highlights 13 hits and misses.
The Start menu — absent in Win8 — is back, somewhat modified but familiar enough. It shares the stage with the Metro tiles from Win8, which, if so desired, can be unpinned from the page by right-clicking. Leonhard gives Microsoft credit for “righting the ship” after its controversial decision to forsake the Start menu in Win8.
Leonhard is less enthused about the way Windows 10 handles pinning apps (programs) to Start, because it adds the programs as Metro tiles — which Leonhard dislikes. Users can drag programs from the Start menu’s most-recently-used list to the leftside Start menu … not an intuitive solution.
Leonhard also dislikes the fact that searching your computer in Windows 10 sends the same search string to Microsoft, which returns the results from Bing, “to, uh, enhance your shopping experience,” Leonhard surmises.
As in Windows 8, libraries are hard to find in Windows 10. And File Explorer has not improved since Win8, as it opens in an area it calls “Home” which, in the reviewer’s opinion, adds another layer to click through to get where you want to go.
Leonhard cheers the fact that gadgets are back — as Metro tiles. They might be a little ungainly, he says, but they can be put on the desktop, and they “run rings around Win7 gadgets.”
Read more about Windows 10 hits and misses at computerworld.com:
September 4, 2014 By yogi
The lessons to be learned from security breach
Celebrities including Oscar winner Jennifer Lawrence and model Kate Upton learned the hard way this week that privacy is an illusion in today’s hyper-connected world. A hacker allegedly broke into the Apple iCloud backups of as many as 100 celebrities and downloaded a bevy of nude photos. The images were posted to the “b” forum of 4chan.org, an anonymous imageboard (called by some the “Dark Side of the Internet”).
According to Sean Gallagher on arstechnica.com, initial reports suggested that the breach was made possible by a vulnerability in Apple’s Find My iPhone application programming interface. But Apple has since claimed that it was a “very targeted attack on user names, passwords and security questions … None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.”
Regardless of how the breach was achieved, the incident underscores the risks inherent in cloud services — and how comfortably ignorant the general public has become about where its “private” content lives, and how easily it can escape into the wild.
“Does anybody really know what’s sitting in Apple’s or Google’s data stores from their phones?” Gallagher wonders, noting how much content Apple and other devices automatically upload to the cloud, including full phone backups. “Ongoing threats like carefully-crafted phishing attacks and large-volume password cracking … make it especially hard to protect mobile data in a world where everything on your phone is already on the Internet, protected only by your login credentials,” he writes.
Ultimately, Gallagher notes, “if it’s in the cloud … then chances are good that eventually it will find its way to the Internet.” Tal Klein, vice president of strategy for the cloud security firm Adallom, confirmed this in a Twitter conversation with Gallagher, stating: “Don’t take pictures of your junk; it will end up on the Internet somehow at some point.”
September 4, 2014 By yogi
Eyes life-saving potential of vehicle-to-vehicle networks
The government believes that public safety could be much improved if communication between cars were more sophisticated than current protocols, which primarily feature the middle finger. To that end, reports Stephen Lawson on itworld.com, it is currently seeking input from industry and the public about a possible federal standard for vehicle-to-vehicle (V2V) technology that would let cars automatically exchange information such as proximity and rate of speed.
U.S. Transportation Secretary Anthony Foxx described V2V technology as nothing less than “the next great advance in saving lives.”
In August, the National Highway Traffic Safety Administration (NHTSA) published a research report on V2V that estimated that just two possible applications of V2V — Left Turn Assist and Intersection Movement Assist — could prevent as many as 592,000 crashes and save 1,083 lives per year.
Left Turn Assist would warn drivers not to turn left into the path of an oncoming car, and Intersection Movement Assist would warn drivers not to enter an intersection when there’s a high probability of crashing into other vehicles.
Neither system would necessarily take control of a car, although the evolutionary trend toward a self-driving car seems clear.
V2V would run over wireless networks using the IEEE 802.11p specification, a variant of the standard used for Wi-Fi, on a band of spectrum between 5.85GHz and 5.925GHz. The NHTSA insists that V2V would have layers of security and privacy technology to protect users and wouldn’t collect or share personal information about drivers.
But there are those, like network security blogger Martin McKeay, who can easily image the V2V system “being used to track individuals every movement in a way that makes Orwell’s 1984 look Utopian.” He also raises some interesting concerns about swarm behavior and the unintended consequences of imbuing machines with the ability to coordinate with one another, however primitively. It is the stuff of science fiction movies … and yet it might be just a government RFP away …
July 9, 2014 By yogi
Conference sessions showcase risks
Many of the sessions at Black Hat USA 2014, a security conference taking place this August, could give nightmares to those concerned with network security or personal privacy. On networkworld.com, Tim Greene highlights 10 of the more disturbing topics that will be explored at the Las Vegas event. These include:
Using Google Glass to snatch passwords
Researchers have created an application that videos victims tapping passwords into touchscreens and analyzes it to steal passwords, reportedly with 90% accuracy from three meters away. The app is not specific to Google Glass, but the wearable device is perfectly suited to surreptitious video recording.
Data theft through virtual desktop infrastructure
In theory, a virtual desktop infrastructure makes BYOD programs safe by centralizing applications and data and limiting end users to presentations of that data. But engineers from Lacoon Mobile Security will demonstrate how to steal data through screen scraping without being detected by malware detection measures.
Stealing data from POS devices
Target was just one of many companies that were victimized by point-of-sale breaches last year. It’s a threat that is not easy to solve, according to Nir Valtman of NCR Retail, who will review both successful and unsuccessful efforts to reduce the risk of memory scraping.
USB stick malware
That innocent little thumb drive could be an evil agent bent on destruction, according to Karsten Nohl and Jakob Lell of SRLabs. The controller chips inside USB sticks can be compromised, enabling malware to take over host machines, steal data, and spy on users. Nohl and Lell’s presentation will include a demo showing a system fully compromised with an undetectable self-replicating virus.
Read more at networkworld.com: