Share options :

  • Date : 15 / 05 / 2013
  • Author :
  • Comments : 0

Cyber Thefts

News broke last week that seven people accused of operating the New York cell of what prosecutors said was a network that carried out thefts at ATMs in 27 countries. Law enforcement agencies from more than a dozen nations were involved in the investigation.

Hackers got into bank databases, eliminated withdrawal limits on pre-paid debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe for use on ATMs.

A network of operatives then fanned out to rapidly withdraw money in multiple cities, authorities said. The cells would take a cut of the money, then launder it through expensive purchases or ship it wholesale to the global ringleaders.

NEW YORK (AP) – A gang of cyber-criminals operating in 26 countries stole $45 million by hacking their way into a database of prepaid debit cards, federal prosecutors in New York said Thursday. The U.S. attorney in Brooklyn, Loretta Lynch, called it “a massive 21st-century bank heist” and said the fraudsters had moved with astounding speed to loot financial institutions around the world.

When you consider these bank databases are nothing more than cloud storage, you can really see how so much reliance on these systems leaves us vulnerable to the whims of criminals. Alternatives to the banking systems cloud-based transaction system may not be fleshed out yet considering the whole ATM thing, but existing markets can benefit from non-cloud backup immediately. First of all in order to steal your data a thief would have to crack the encryption key which at 448 bit encryption would take 12.7 BILLION years to break with a computer making 1 billion attempts per second. It’s more likely that someone would steal your username and password before that time.

Stealing your account information is the most common way criminals break into computer-based systems. Unfortunately for cloud-backup users this means anywhere from hundreds to millions of ways to get your information compromised. For dedicated private backup users, not only is the username/password combination the only way to access their data, but there can also be an auxiliary encryption-key stored on say a thumb drive that keeps the data encrypted again…so even if someone stole your username and password they would need to get that encryption key you keep in that safety deposit box in that one bank downtown with the electrified doors.

Source: AP
Read more: Time

Share options :

  • Date : 29 / 03 / 2013
  • Author :
  • Comments : 0

amazon-s3-failThe cloud isn’t looking so great lately with this latest news from Amazon. Rapid7 an internet security company did some “testing” on Amazons Simple Storage Service (S3) and found thousands of exposed accounts containing over 126 billion files.

Some specific examples of the data found are listed below:

  • Personal photos from a medium-sized social media service
  • Sales records and account information for a large car dealership
  • Affiliate tracking data, click-through rates, and account information for an ad company’s clients
  • Employee personal information and member lists across various spreadsheets
  • Unprotected database backups containing site data and encrypted passwords
  • Video game source code and development tools for a mobile gaming firm
  • PHP source code including configuration files, which contain usernames and passwords
  • Sales “battlecards” for a large software vendor.

This isn’t a risk directly created by Amazon, they simply provide the tools to leave your account open to the public. Approximately 1 in 6 accounts are left open. The way it works is more of a flaw in the system design. There is a better way to allow people to leave files open to the public while keeping their private data secure. Simple Storage Service might be an accurate name for Amazon’s cloud as it takes a great level of design complexity to protect users, complexity that their simple service seems to be currently lacking.

Source: Net Security

Share options :

  • Date : 25 / 03 / 2013
  • Author :
  • Comments : 0

gdrive2Last week Google Drive was down due to a software bug during a scheduled maintenance event. According to Google the issue affected up to 33% of all user requests.

Complaints were popping up quickly across social media outlets like Twitter as there was no available redundancy for users to access their data.

Google later stated direct links to data it were still accessible but it brings up a good question about data accountability and whether or not cloud-based storage is the right answer for small to medium businesses. Private data backup solutions avoid this issue by having each user backup to their own device, not a shared cloud.

Coverage: engadget
Source: Google

Share options :

  • Date : 18 / 03 / 2013
  • Author :
  • Comments : 0

cloud storageDon’t expect your cloud-saved data to be private. An article posted by NBC News points out instances of routine scans, by cloud storage providers, of their clients data.

Apple — which declined to comment — and Microsoft, along with Verizon Online, state in their user agreements that they reserve the right to actively search stored files.

Some providers will scan your data, while some will not without a court order. If data security is a priority, either some research into how much your provider will pry would be in order, or you could avoid cloud based systems and opt for a private backup instead.