Tag Archives: stories

Tech

Top security stories of 2015

Leave a comment

Not a shocker to have data breaches lead the way as criminals get ever more devious.


More data breaches
Hacking Team, Comcast, Ashley Madison… the list goes on of companies who became just another notch in the belt of cybercriminals. Like in years past, data breaches were top of the list for our year in review story. Here are some stories that made headlines in 2015.

Dell puts privacy at risk with dangerous root certificate
Dell has come under fire for shipping PCs with a pre-installed trusted root certificate that can be used to compromise the security of encrypted HTTPS connections.

“Surely Dell had to have seen what kind of bad press Lenovo got when people discovered what Superfish was up to. Yet, they decided to do the same thing but worse. This isn’t even a third-party application that placed it there; it’s from Dell’s very own bloatware,” commented the Reddit poster under the name “rotorcowboy”.

Comcast Xfinity Wi-Fi discloses customer names and addresses
The Xfinity Wi-Fi service from Comcast disclosed the full name and home address of residential customers, which is something the company says isn’t supposed to happen. The disclosure of such information increases an already exposed attack surface, by allowing anyone with malicious intent to selectively target their marks.

It has been just over two years since Comcast launched the Xfinity Wi-Fi service, which created a separate wireless network in homes and businesses for existing customers and the general public.

Police arrest 15-year-old in TalkTalk hack
UK telecom TalkTalk disclosed a possible breach, which could impact upwards of 4 million customers. Those responsible for the attack likely compromised names, addresses, birthdays, phone numbers, email addresses, TalkTalk account information, credit card data, and banking information. A 15-year-old boy was later arrested.

Soon after the disclosure, TalkTalk reported that someone claiming to be responsible for the attack demanded a ransom, but the company didn’t go into detail on the demand itself.

4.6M customers impacted by Scottrade breach
Brokerage firm Scottrade alerted customers to a data breach, which affected 4.6 million people. Scottrade learned about the problem after being contacted by the FBI. According to the email sent to customers, and a public notice, the authorities learned that Scottrade was compromised while investigating other data-theft cases.

“If your information was contained in the affected database, you will receive a letter or email from Scottrade with additional information and resources. We have secured the known intrusion point and conducted an internal data forensics investigation on this incident with assistance from a leading computer security firm. We have taken appropriate steps to further strengthen our network defenses,” Scottrade told customers.

T-Mobile US says Experian breach exposed 15M customers
T-Mobile US CEO, John Legere, said that the names, addresses, Social Security numbers, birthdays, and ID information on more than 15 million customers had been compromised after a breach at Experian.

“The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015,” a statement from T-Mobile’s head executive added.

Ashley Madison hackers publish compromised records
The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.

In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.

IRS: Breach larger than first reported, 220k additional taxpayers affected
The Internal Revenue Service (IRS) said that the data breach reported in May has now impacted a total to 330,000 taxpayers. In addition, the agency sent 170,000 taxpayers notifications that their personal information was potentially exposed during the incident.

The compromise occurred through the “Get Transcript” application used by the tax agency. Using previously acquired personal information (PII), criminals were able to access the “Get Transcript” application to obtain old tax returns.

OPM says second breach compromised 21 million records
The breach at the Office of Personnel Management impacted 21.5 million people.The incident exposed Social Security Numbers and biometric data for federal employees and in some cases their families. OPM became aware of the second breach while investigating the first one disclosed in June.

At the time, the OPM said that the breach impacted the personal information of 4.2 million current and former federal employees. This second incident began in May of 2014 and went undiscovered for a year, however the OPM has stated that patches applied to systems in January halted the extraction of data.

Hacking Team hacked, attackers claim 400GB in dumped data
Specializing in surveillance technology, Hacking Team is now learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

The attackers published a Torrent file with 400GB of internal documents, source code, and email communications to the public at large.

CareFirst data breach affects 1.1 million people
CareFirst BlueCross BlueShield (CareFirst) disclosed a data breach that impacts 1.1 million current and former members, who registered to use the insurer’s websites or who did business with them online prior to June 20, 2014.

CareFirst stated that they detected the initial compromise and took action to contain the attack. The assumption made was that their actions helped avoid a crisis.

Anthem: 78.8 million affected, FBI close to naming suspect
Anthem, the nation’s second largest health insurer, said that 8.8 to 18.8 million people who were not customers could be impacted by their recent data breach, which at last count is presumed to affect some 78.8 million people. This latest count now includes customers of independent Blue Cross Blue Shield (BCBS) plans in several states.

Click here to view complete Q&A of MB2-706 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MB2-706 Training at certkingdom.com

Tech

How to Survive 4 Cloud Horror Stories

Leave a comment

For all its promise, the cloud still brings some peril (like sleepaway camp or that dirt-cheap fixer-upper on the outskirts of town). Here are four cloud horror stories – along with spoilers so you know how to make it out alive.

Horror stories don’t just happen at the movie theater. In a few cases, companies make a big play to use the wrong cloud application or experience widespread outages in their connection to cloud storage.

While vendors claim that cloud services are secure and reliable, that’s not always the case. A better way than relying or vendor promises? Make sure your migration plans, budgets, existing infrastructure, security and any ancillary services all match up before making the jump to the cloud.
What Happens When a Cloud Provider Declares Bankruptcy?

Late last year, a cloud storage company called Nirvanix shut down and gave customers only a few weeks to move data to a different provider. According to Charles King, an IT analyst, this meant companies with terabytes or even petabytes of data in the cloud had to act quickly. “A business should always have a strong sense of the assets it has stored in the cloud, but it needs to consider those points in terms of the time and cost of retrieving them,” King says.

In the case of Nirvanix, one client noted that, due to the company’s download bandwidth limitations, it would need 27 days, in a best-case scenario, to recover all data. “That was cutting things pretty close since they were given just 30 days’ notice to remove everything,” King says.
What If the Wide Area Network Is Faulty?

Before attempting to use cloud applications to run your business, you might want to check with your network engineers first.
John Eisele, the vice president of business development at The DDC Group, a business process outsourcing company, tells the story of a major networking snafu. A preexisting condition related to router configurations at a customer location became exacerbated once the company started using cloud apps. Slow, sometimes broken connections were the main problem, though there were some issues using a virtual network with an external VPN. Fortunately, the network engineers and WAN experts ran diagnostic tests. The culprit? Outdated router configurations.

“In the end, the customer’s end-users could successfully access the cloud-based applications quicker than they could before the migration – which should be the case with all cloud solutions),” Eisele says.

What If Your Cloud Service Provider Has No Disaster Recovery Plan?
Disaster recovery is far more than just having a good backup. There has to be a more thorough way to get a system back online. This can include restoring data, applications, server access, user accounts and much more.

Code Spaces, a company that let developers host their code on a cloud server, learned this the hard way. Last month, the company announced that its Amazon Web Services account had been breached. The hack wasn’t just a way to change passwords and block access, either. Code Spaces found that its Apache Subversion repositories and Elastic Block Store volumes had been deleted.

It gets worse: The company posted a message on its site saying that it wouldn’t be able to rebound from the attack and would be closing its doors. A spokesperson for Amazon told CIO.com the breach had nothing to do with the AWS services and that companies must follow the AWS security precautions.
What if You Forget About Compliance and Security?

Most companies know the cloud is a secure portal. In some cases, the disaster recovery techniques and backup processes are even more rigid than an on-premises approach. According to analyst Rob Enderle, though, that’s not quite the whole picture.

Enderle tells the story of two engineers at an enterprise-level pharmaceutical company who were tasked with analyzing the results of a drug trial that required an investment in hardware and software. The IT contacts told the engineers the budget would be around $100,000 and would take nine months to deploy. They decided not to wait. After finding a cloud provider and spending about $3,600 using their own credit cards, they rented the resources and finished the work. Then an executive found out.

“The engineers were terminated the following day for the massive violation of security policy,” Enderle says. “There was no way to determine where the data resided after the work was done but, generally, it was believed to be in Eastern Europe.”

How should your company respond to all of these horror stories? With due diligence. The experts all says cloud infrastructure is just an extension of your own data center and computing services. Somewhere, there’s a server and a storage array housed in another city – or another country. Research all of the variables, ask the right questions and be thorough about your strategic plan.

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Tech

Bottom Nine: 2014’s startup non-success stories

Leave a comment

Back to the drawing board
The statistics aren’t great, are they? Nine out of 10 startups – or maybe it’s three out of four, or five out of six, or even not that many at all – we’re told, will fail. Here are some of the luckless startups and services which have bitten the dust in the first half of 2014.

Optier
As first reported by Gartner Research’s Jonah Kowall, APM and analytics company Optier has ceased operations as of May, despite more than $100 million in funding over its nine-year run and a host of big-name customers in the financial industry.

FindIt
FindIt’s personal search service – the idea being to let you search your Gmail, Dropbox and so forth from one portal – shut down in February. In an official blog post, the team said that it plans to pivot to a Facebook advertising optimization platform.

Donna (Of Incredible Labs)
Yahoo bought up Incredible Labs – who created personal assistant app Donna – in January for an undisclosed fee. Unfortunately for Donna’s users, the app got the axe. Five staff members went to the Yahoo Mail team, according to the company’s statement. (via TechCrunch)

Outbox
You’ll have to open your own paper mail for just a little bit longer, it seems – Outbox, a service that opened, scanned and digitized your mail for a $5 monthly fee, went belly-up in January, due to what an official blog post characterized as excessive operating costs.

DrawQuest/Canvas
At least he’s still got 4chan – entrepreneur Chris Poole closed down his four-year experiment with DrawQuest, a drawing game/app that was an outgrowth of Canvas, a meme-sharing site. “It became clear to us that DrawQuest didn’t represent a venture-backed opportunity, and even with more time that was unlikely to change,” he said in January. (The service stayed functional until May, when a security breach forced the doors to finally close.)

Bump
Another one of those good-news/bad-news stories is Bump, who got bought out by Google in January. The company’s eponymous transfer app – you bumped your phone against somebody else’s to send or receive data – was axed in January, however. Also cut was the company’s photo-sharing app, Flock.

Calxeda
ARM processor maker Calxeda went to the wall right around the turn of the New Year, despite some successes, like inclusion in some HP products, and a general perception as a leader in bringing ARM SoCs to the data center. (H/T: The Register)

Springpad
Sort of a social version of Evernote, Springpad announced that it would shut down on June 25 in an announcement last month. The money just wasn’t there for the information capturing and organizational services, according to the official blog post.

Argyle Social
Social media marketing manager Argyle Social pulled the plug late last month, despite positive reviews. CEO Adam Covati told VentureBeat that the market – with competitors like Hootsuite – was too competitive.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

MCITP Training, MCSE, MCSE Certification, MCSE Training

Mcitp Training Online: Learn At Your Own Pace In Your Own Home

Leave a comment

Mcitp Training Online Learn At Your Own Pace In Your Own Home

MCITP is the crowning accreditation in the I.T earth and today crapper be provided in the richness of your possess bag via a DVD. If you hit a agitated schedule or only favour the richness of acquisition in a old environment, computer-based acquisition is amend for you. These training DVDs module wage you with a outlay trenchant artefact of accessing this widely constituted professed accreditation, which enables you to officer Microsoft technologies in visit for you to boost your prospects in the impact place.

Experts module pass you finished a arrange of concepts and module utilise all of your senses for the prizewinning acquisition experience. Technology combines with this training information to wage you with flooded change videos, advice from the experts in the field, mutual labs and assessments that effort your skills and knowledge. To compound the acquisition process, the activity of MCITP DVDs pore on a step-by-step process, which is then improved by in-depth explanations and then finally, by swing your skills to the effort in the grave assessments.

A variety of training instruction are acquirable on DVD, including the MCITP database administrator course. On 19 DVD’s, individual key areas are proven on database administration, including feat and fix and database improvement as substantially as artful a database server infrastructure. The arrange includes, likewise the mutual material, printable instruction touchable and a springy mentor, who module respond all your questions. Additionally, training in database development, project administration and such more are all acquirable on DVD from around £500.

Or if you poverty to think on the go, some courses are today acquirable in individual assorted formats, including I-pod Video, MP3 Audio, WMV and AVI video. Perfect for the commuter, these formats enable you to utilise that constituent instance on open transport, acquisition new skills and rising your career prospects.

So wherever you are, whether it be on the train or at home, you today crapper meliorate your I.T skills and career prospects by labor this highly wanted after accreditation on DVD.

Interested in the MCITP Training and MCTS Training Course, hit a countenance at: https:://www.certkingdom.com