Business Security Information

Keyloggers monitor computer activity by capturing the keystrokes of the computer user.  The captured information is then sent to some individual(s) who should not have access to this information.  This should be a concern to all computer users who log into and access email accounts, online accounts, bank accounts, and other such information that should not be shared with others.  With a keylogger, someone else can capture this information and use it to gain access to any account or system that has been logged into.  Also, depending on the keylogger capabilities, all the information the user views can  be captured and sent to these individuals.  Keyloggers allow others to bypass security measures you have in place, and that is never a good thing.

ATM skimming has been around for a number of years.  Unfortunately, though, since I wrote the article entitled “ATM Skimming and Other Fraud Methods,” ATM skimming has become more difficult to detect.

ATM skimming involves criminals planting or installing fake card readers on ATM machines and other places you use your credit or debit card, including gas stations and other similar types of businesses.  Research data shows that approximately ten percent of fraud victims experience ATM cash withdrawals while nearly twenty percent have their PIN numbers also stolen.

A little over a week a go, Microsoft announced that Windows could be attacked using a shortcut vulnerability that would allow attackers to infect a Windows computer with the use of a drive-by download attack.  You can read details of it on the Microsoft’s Security Advisory webpage.

Basically, Windows contains a flaw in how it handles shortcut files.  If an attacker creates a malicious shortcut file, the attacker can automatically execute malware whenever a user views the contents of a folder that contains the malicious shortcut file.

New internet attack methods or new variations of old ones seem to be developing on a regular basis.  This makes it hard to keep up with all the ways your business’ computer system can be attacked as well as adequately protecting your most vital business asset–information.

If you are like most businesses, you have more on your plate than you have time to deal with.  Keeping up with all the security issues that face your business can be a daunting task.  One resource that can help you is the new Mozilla Plug-in Checker.  This tool lets you determine which of the computer plug-ins you are currently using are outdated.  While this may not have concerned you before, there is good reason to pay attention to your plug-ins.

On a recent trip, I stopped for gasoline and a snack at a convenience store along the highway.  When I entered the store, I noticed a bulletproof enclosure (also called bandit barriers) had been installed at the cashier’s counter.  It was different from other ones I had seen used in check-cashing businesses and banks in that it moved horizontally. The cashier could simply press a switch, and the bulletproof cashier window would open or close.  During the day when the risk of robbery may be less, the window could be left open.  In this way, interaction with customers could occur more easily, and it did not appear as intimidating to those visiting the convenience store.

Despite its complicated pronunciation, the word obfuscate merely means is to change, alter, modify, or obscure.  In business, you probably use this more than you think.  On the web, businesses often use URL shortening services which take a long URL (website address) and make it a short one.  These shorter URL’s are then used in an e-mail or instant message, on a blog, or on social media sites such as Facebook.  Twitter is probably one of the most popular places URL shortening (obfuscated URL’s) services are used since you are limited on the number of characters you can put in each tweet.  I have also seen it used in e-books and other informational products that are downloaded off the web.  URL shortening services hide the original and often long URL.

A security friend of mine recently sent me a link to this video. It is something to be aware of when you are traveling and staying in a hotel room. Although this method of bypassing door security has been around for quite some time and is known well in the locksmith and security community, I am not sure how much the business traveler is aware of it. Watch the video and then read the rest of this article for a couple of comments on what is shown in the video.

**Before reading this article, please refer to my previous article on identifying phishing attacks.  A number of the typical identifiers used to identify a phishing are no longer as important.  Some recent changes made by these scam or social engineering artists makes it hard to easily identify such e-mails as phishing attacks.

Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF).  If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.  This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks.  Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service.  In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised.  Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary.