Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it must beyour worst nightmare--to wake up and learn that you are a bankrupt.Some crook stole your personal data and all the money you have beensweating blood for years has flown to somebody else's account. Almosteverybody must have heard that such a tradegy is called identity theftand millions of people in the USA alone suffer the same every year.Poor consolation for its victims, isn't it?

Unfortunately, businessmen frequently are targets for identitythieves, especially online. Lots of articles on identity theft,"how-to-avoid" tips, and scary stories about the victims circulatethrough the Web and other media. The authors remind people again andagain that they should be cautious when giving anybody their privateinfo as well as care for their PCs' security. But in spite of alltheir effort identity theft is still the most rapidly growing crime.

Software developers are doing their best, too. They can't be of muchhelp if somebody plainly looks over your shoulder and writes yourcredit card number down. It's for you to take care and never revealyour personal info to anybody who asks for it. What they can do is tocreate new solutions to the urgent problems like data stealing.Keylogging spyware--the very programs that make lots of such crimepossible--are pretty much written about lately. These programssecretly monitor everything users do on their PCs.

Keyloggers are used--by themselves or as a part of a virus or a Trojan-- much more widely than PC users think; it is an open secret that thelion's share of identity theft that happens online is because ofkeylogging spyware. The losses caused by stealing PINs, logins, andother valuable data, are well comparable with the damage from viruses.Actually, if a virus or a Trojan contains a built-in key logger module(and it often does), the end user finds himself in a pretty toughsituation. The problem is that most anti-keylogging programs warnusers when it is too late. The data have already been captured andsent. Why does it happen?

Almost all anti-spy software existing at the present moment worksusing the same scheme: spy program is detected and then blocked oreliminated. Detecting viruses or spy software is the crucial step ofthe whole process--all the protection depends on whether the anti-spysoftware is able to detect as many spies as possible. Signature baseswhich all these products depend on, is actually the "list" ofsignatures - small pieces of spy programs' codes. Anti-virus oranti-spy program actually scans the system and compares its codes withthose in signature bases. So, in this case only the spies whosesignatures already are in the base will be detected and eventually"caught". As long as anti-spy software is regularly updated and thesystem doesn't come across some unknown spyware product, everything isall right.

The problem is that lots of programs which could be used for stealingdata are not included into signature bases right now. Some of themwill never be.

There is good deal of people capable of creating something brand-newspy, unknown to anti-spyware developers. The period of time when a newspy already exists, but the updates have not been released yet, is thevery time when hackers make their biggest profits.

Spy programs can be created for the specific purpose, such asindustrial espionage, so they will never be represented in the base.Moreover, some monitoring programs can be used as spy programs aswell, though they are not always included into signature bases. As wecan see, a signature base is the weak spot of anti-spy protection; itis, so to speak, a joint in the armor. Information thieves also knowabout it.

Fortunately, software developers are constantly looking for newsolutions. One of the new trends in anti-spyware developing is not touse signature bases as means of detecting spyware. There is threebasic advantages in such an approach. First, the product gets rid ofits the least reliable part; second, there is no so urgent need forupdates anymore; and last, but certainly not least--the productbecomes capable of blocking the destructive activity of even unknownspyware. To read more about this new approach follow the link in thesignature.

When products of such a kind become widespread, there would be muchmore problems for hackers in future. However, there is no guaranteethat no innovative spy software appears in response.

Whether we like it or not, all malware "evolves" very quickly; newschemes are being developed, and new software which online criminalscreate and utilize becomes more and more malicious and "selective".New keyloggers as well as keylogger-containing viruses and Trojans,appear all the time; the losses these programs may cause to a businessare enormous. That is why in some businesses there is an acute needfor separate anti-keylogging protection.

Alexandra Gamanenko currently works at the Raytown Corporation, LLC -- an innovative software developing company company. visit its website at http://www.anti-keyloggers.com

Newsday

Syria Crisis: Bombs Hit Security Headquarters In Aleppo Huffington Post By BASSEM MROUE 02/10/12 06:02 AM ET AP BEIRUT -- Two explosions targeted security compounds in the Syrian city of Aleppo on Friday, state media reported, saying 25 people were killed and 175 wounded in a major city that has so far largely stood by ... Blasts hit security HQs in Syrian city AleppoNewsday Syria unrest: Explosions in Aleppo 'kill 25'BBC News Bomb blasts bring death to Syria's AleppoReuters all 450 news articles »

Afghan private security handover looking messy Boston.com By Heidi Vogt AP / February 10, 2012 KABUL, Afghanistan—The push by Afghanistan's president to nationalize legions of private security guards before the end of March is encouraging corruption and jeopardizing multibillion-dollar aid projects, ... and more »

New York Daily News

Coming & Going: Expedited TSA screening, new blood clot advice, more travel news Washington Post Coming & Going Get through security faster; prevent blood clots on flights TSA expands program The Transportation Security Administration has announced that it will add all three Washington area airports to its expedited screening program. New airport security rules will let some passengers keep their shoes, belts onNew York Daily News O'Hare to get expedited security screeningChicago Tribune TSA to expand PreCheck program to speed up airport security linesLos Angeles Times Baltimore Sun (blog) -Reuters -Boston Globe all 812 news articles »

AFP

Security forces shoot dead two Tibetans: report AFP BEIJING — Security forces shot dead two Tibetan brothers who were on the run after protesting against Chinese rule, US-based broadcaster Radio Free Asia (RFA) said, a day after a monk reportedly set himself alight. The incidents are said to have taken ... Report Says 2 Tibetans Killed by Security ForcesABC News all 315 news articles »

Russian security agency says military officer sentenced to 13 years for ... Washington Post MOSCOW — A Russian security agency says a Russian military officer has been convicted of passing missile secrets to the CIA and sentenced to 13 years in prison. The Federal Security Service, the main successor to the KGB, said Lt.-Col. and more »

First Security Group Completes Transformation of Executive Management Team MarketWatch (press release) CHATTANOOGA, Tenn., Feb 09, 2012 (BUSINESS WIRE) -- With the appointment of three new executive vice presidents, First Security Group, Inc. /quotes/zigman/6590222/quotes/nls/fsgi FSGI +0.89% has completed the restructuring of its executive management ... and more »

Microsoft Ruining Valentine's Day with Nine Security Bulletins PCWorld (blog) Microsoft revealed today that there are nine new security bulletins slated for next Tuesday. Happy Valentine's Day? Of the nine security bulletins, four are rated as Critical and the remaining five are all Important. Based on the limited information ... Microsoft to issue more critical patches next week for Win7 than XPComputerworld Patch Tuesday heads-up: 21 vulnerabilities, including 'critical' IE bulletinZDNet (blog) all 41 news articles »

NFC World

Security flaw in Google Wallet PIN identified msnbc.com By Matt Liebowitz A security researcher has found a serious flaw in Google Wallet's PIN protection that, in seconds, could enable an attacker to view everything in the owner's digital wallet, including credit card numbers and transaction history. Google Wallet Security Concerns RaisedPCWorld zvelo Researcher Discovers Google Wallet PIN Security VulnerabilityMarketWatch (press release) all 78 news articles »

Telegraph.co.uk

Syria uprising: live Telegraph.co.uk 10.35 At least 25 people were killed and 175 people wounded in blasts targeting security bases in Syria's northern city of Aleppo, state television quoted the Health Ministry as saying. The number of martyrs that have been transported so far to ... Why Beijing Votes With MoscowNew York Times Martin Rowson on the veto of the UN security council's Syria resolution - cartoonThe Guardian US suspends operations at embassy in Syria for security reasonsLos Angeles Times Jewish Telegraphic Agency -Wall Street Journal (blog) all 15,163 news articles »

YemenOnline

Security official killed in Yemen China Daily SANAA - A senior Yemeni security official was shot dead Thursday evening in Yemen's southern restive province of Lahj in an attack probably carried out by al-Qaida militants, a provincial police official told Xinhua. "Major Alkadr al-Humaidy, ... 5 Yemeni prisoners killed in riotsBoston.com Officials say 5 Yemeni prisoners killed in clashes during prison riotsWashington Post all 85 news articles »