Hacking rose by 92% this year

With hacking on the rise by 92% this year, it's time to ditch the old approach to stopping cyber attacks and get protected.

  1. Hacking rose by 92% this year
  2. Malware attacks were up by 57%
  3. Antivirus stops only 1 of 4 targeted attacks
  4. 94% of advanced threats target the data on enterprise servers
  5. In a recent survey, 60% of organizations were unaware they had even been hacked
  6. In the same study, nearly 50 % of breaches targeted desktops, laptops, and POS terminals
  7. Signature updates can cripple your systems
  8. Customers would be trusting Companies with their personal data.
Its time to change !!!!

Simple go for a organization anti-virus or an enterprise anti-virus program that can help you achieve Momentum and results in short time. 


Reduce costs, risks, and maintain compliance for a 'Get better protection tomorrow'.
at 1 comment:

Domain Name System Security Extensions (DNSSEC)

DNSSEC what it really means and how is it related to us......


DNSSEC (short for DNS Security Extensions) adds security to the Domain Name System 


DNSSEC
Domain Name System Security Extension (DNSSEC) will help strengthen trust in the Internet by helping to protect users from redirection to fraudulent web sites and unintended addresses. 


DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning [0]. It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence.

These mechanisms require changes to the DNS protocol. DNSSEC adds four new resource record types: Resource Record Signature (RRSIG), DNS Public Key (DNSKEY), Delegation Signer (DS), and Next Secure (NSEC). These new RRs are described in detail in RFC 4034. 



DNSSEC is the only solution that solves the DNS cache poisoning security hole, conclusively. Many top-level zones, including .ARPA, .GOV and .ORG, as well as the root zone, have already been signed using DNSSEC. This new technological strategy allows appropriately configured name servers to validate answers cryptographically from these zones—effectively eliminating the possibility of cache poisoning. In the coming months, many additional zones will be signed, including .NET and .COM. Now, every organization needs to assess its DNSSEC implementation drivers and readiness, and develop a DNSSEC policy and implementation plan. Infoblox can help your organization develop its DNSSEC policy and implementation plan today. However DNSSEC does not provide confidentiality of data at any time and does not protect against DDoS Attacks.There are a  lot of tools available in the market that support DNSSEC you can just try goggling it out.



To make deployment of DNSSEC easier, one can also buy a dedicated "DNSSEC Appliance", which acts as an automated DNS signer for DNS zones. Several vendors are already offering commercial and non-commercial solutions for signing DNS in real time, some of them using external cryptographic hardware such as HSM (Hardware Security Modules), including USB tokens and smart cards. 



Several ISPs have started to deploy DNSSEC-validating DNS recursive resolvers. Comcast became the first major ISP to do so in the United States, announcing their intentions on October 18, 2010 and completing deployment on January 11, 2012.




Key Benefits after implementing DNSSEC:-
  • Accelerated path to security and compliance
  • Lower operational costs and expertise risks
  • Reduced configuration errors to ensure service availability

There's a mobile app for the DNSSEC Analyzer:-
There a lot that I can talk on DNSSEC, more information can be found here 
More information about DNS Weaknesses can be found in the DNS Threats section.
at 1 comment:

March 8 DNSChanger



Infected: The Trojan 'DNSChanger' could cause millions - including Fortune 500 companies - to lose their Internet if the FBI shuts down surrogate servers


The Internet could go dark for millions of users as early as March 8 because of a virus that has corrupted computers in more than 100 countries.



According to 'RT,' innumerable people globally may get impacted starting March 8, 2012, incase the U.S. FBI proceeds to execute its plans towards taking PC-servers offline which were deployed for countering malware. Deccan Chronicle published this on February 15, 2012. It's asserted that the FBI substituted PC-servers, which had been infected with DNSChanger a malicious Trojan virus, with fresh ones of its own, as also is presently considering taking those substituted servers, offline.


The computer script, called DNSChanger Trojan, taps into fraudulent servers, sending users of the Web to unintended - and sometimes illegal - sites.



Last year, authorities in Estonia apprehended six men believed responsible for creating a malicious computer script called the DNSChanger Trojan. Once set loose on the Web, the worm corrupted computers in upwards of 100 countries, including an estimated 500,000 in America alone. The US Federal Bureau of Investigation later stepped up by replacing the rogue Trojan with servers of their own in an attempt to remediate the damage, but the fix was only temporary. Now the FBI is expected to end use of those replacement servers as early as next month and, at that point, the Internet for millions could essentially be over.




Partial map of the Internet




About 450,000 computers are still infected with the Trojan, the DNS Changer Working Group recently reported. (The DCWG has a tool on its website to determine if your computer is harboring the malware.)

Following the November bust, the FBI set up temporary Domain Name System "surrogate" servers to enable Web access for those PCs infected by the DNSChanger Trojan, researcher Brian Krebs explained. However, the court order permitting the surrogate servers gave the FBI only until March 8 to operate them.

In three weeks, any computer still infected with DNSChanger will have difficulty getting online. DNS servers translate text-based Web addresses such as "www.securitynewsdaily.com" to Internet Protocol address numbers such as "166.70.35.157." A malfunctioning or missing DNS server will prevent the former from working, though savvy Web users can simply replace it with the latter.

About the infected DNS servers, Wisniewski added: "I say turn them off. It will be a rude wake-up call but an unfortunately necessary one. We all have responsibility for our own security and safety, and it isn't the job of the FBI or anyone else to coddle those who haven't taken the steps to ensure their own safety."

The malware is especially malicious, Gizmodo reports, because it blocks infected users from visiting secure sites that could help them rid of the worm.

March 8
To verify whether you are infected by DNS Changer Trojan, do check your DNS Server ip [ Run-> Cmd-> Ipconfig /all ]
and if the DNS server's ip falls in between these range, then it is possible that your system is infected with the DNS Changer Trojan.


Law enforcement officials and the computer industry have been working together in a coalition to fight the malware. 

The group, called the DNSChanger Working Group, will examine possibilities to fixing the problem.

If no solution is provided, millions of people would be without the Internet.......

at 1 comment:
Subscribe to: Posts (Atom)