Tag Archives: unauthorized

Voter Database Security Is A Myth

In this post, guest author David Maman, CTO and founder of GreenSQL – the database security company – questions the security reliability of voter databases.

imageSome of us spend days and months of indecision, hours in front of the TV watching campaign commercials and presidential debates, researching on the Net, mulling the options with family and friends, all ultimately to go to the polls to exercise our constitutional right to vote. For millions among us, this is a final decision and a terminal point.

Not for me.

As an information security specialist and database security researcher, I wonder where my vote goes, in what database it’s maintained, and, of course, how secure it is.

Hard experience has taught me that right now, somewhere, a hacker is trying to penetrate the voter databases “just for fun,” “to prove something,” or if I really want to be paranoid, “because he’s part of a powerful, international organization that seeks to dictate our political process by determining elections.”

Paranoia? I wish. One only has to read the news… last year, the databases of major companies were hacked: LinkedIn, Visa, KT Mobile, Sony, Zappos, etc. Of course, that tally doesn’t include the organizations who don’t know they were hacked.

Want news on voter databases being hacked in the last few years? Take a look at the list below, the result of a two-minute Google search:

July 15, 2012: Florida Allowed to Access Citizen Database for Voter Purge

July 27, 2012: Obama Administration to Open Voter Database

March 26, 2012: GOP’s Voter Vault Database Hacked, Candidates’ Identity Altered

August 2011: No Personal Information Compromised After Voter Database Hacked

At a time when databases are being constantly penetrated by unauthorized users and personal information is being stolen, misused or just maliciously exposed, the question remains: How secure are voter databases?

As if selecting a candidate isn’t vexing enough, now, I have a bigger concern: “How can I be sure my vote ultimately goes to the candidate of my choice?” “Will my vote be manipulated in any way, whether by foreign or domestic entities?” “Will my voter information be used to make it easier to have my identity stolen? (Even the FBI says identity theft represents a more serious threat than drugs.)”

About GreenSQL:

GreenSQL, the Database Security Company, delivers out-of-the-box database security solutions for small and mid-sized organizations. Started as an open source project back in 2006, GreenSQL became the no. 1 database security solution for MySQL with 100,000 users worldwide. In 2009, in response to market needs, GreenSQL LTD developed a commercial version, bringing a fresh approach to protecting databases of small- and medium-sized businesses.

GreenSQL provides database security solutions that are affordable and easy to install and maintain. GreenSQL supports Microsoft Azure, SQL Server (all versions including SQL Server 2012), MySQL and PostgreSQL.

1 Comment

Filed under Cyber Crime, Guest Writers, Point of View

Lock Your Computer’s Folders With Free BuduLock

imageIf you’re on the hunt for a free privacy application designed to password protect folders on your drives, including USB drives, then you’ll be interested in BuduLock.

As a bonus, BuduLock will protect your PC from unauthorized USB flash drive access by implementing password protection – password protection which effectively disables USB operations on your system. Considering that malware infection by Flash Drives, is the second leading cause of system infection ….

This small application is driven by a self explanatory tabbed interface, which even less experienced users will find easy to follow. Simply choose the folder to be locked – enter a password – and you’re done.

image

Browsing to the selected folder in Windows Explorer reveals that the folder has been successfully locked, as indicated by the “lock” icon – shown in the following screen capture.

image

Unlocking the folder is the process in reverse. Launch the application – highlight the selected folder – enter your password – done.

image

Flash Drive Blocker:

When you disable the USB port, unauthorized users (those without the password), will be denied access.

Flash Drive Blocker Requirements:

UAC setting (User Account Control) feature must be disabled to use this feature. (Go to Control Panel > User Account > Turn UAC On or Off)

No password is required during the initial setup – (blank password). To setup and change your password, go to “Change Password”.

BuduLock will only disable the USB port for flash drive for that particular computer. It does not disable your flash drive.

System requirements: Windows Vista, Win 7.

Download at: Developer’s site.

The application is slightly more cumbersome to use than it needs to be – no access is available by way of the context menu. The addition of context menu access to the lock/unlock function is an improvement the developer should consider.

Other than this convenience issue, I found BuduLock very easy to use and perfect for locking folders on shared machines.

Last in a series:

Additional articles in this series on encryption and privacy:

Free AxCrypt – Encrypt, Compress, Decrypt in Windows Explorer

TrueCrypt – Free Encryption To The Max

EncryptOnClick – Encrypt and Decrypt Files and Folders With A Few Clicks

Free Secret Disk – Keep Your Secret Computer Files “Secret”

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Don't Get Hacked, downloads, Encryption Software Alternatives, flash drive, Freeware, Privacy, Software, USB, Utilities, Windows Tips and Tools

Password Protect Folders (And More) With Free BuduLock

imageIf you’re on the hunt for a free security application designed to password protect folders on your drives, including USB drives, then you’ll be interested in BuduLock.

As a bonus, BuduLock will protect your PC from unauthorized USB flash drive access by implementing password protection – password protection which effectively disables USB operations on your system. Considering that malware infection by Flash Drives, is the second leading cause of system infection ….

This small application is driven by a self explanatory tabbed interface, which even less experienced users will find easy to follow. Simply choose the folder to be locked – enter a password – and you’re done.

image

Browsing to the selected folder in Windows Explorer reveals that the folder has been successfully locked, as indicated by the “lock” icon – shown in the following screen capture.

image

Unlocking the folder is the process in reverse. Launch the application – highlight the selected folder – enter your password – done.

image

Flash Drive Blocker:

When you disable the USB port, unauthorized users (those without the password), will be denied access.

Requirements:

UAC setting (User Account Control) feature must be disabled to use this feature. (Go to Control Panel > User Account > Turn UAC On or Off)

No password is required during the initial setup – (blank password). To setup and change your password, go to “Change Password”.

BuduLock will only disable the USB port for flash drive for that particular computer. It does not disable your flash drive.

Personal note:

Disabling UAC, under any circumstances, is not something I would recommend. Based on this, I have not tested the Flash Drive Block feature.

System requirements: Windows Vista, Win 7.

Download at: Developer’s site.

The application is slightly more cumbersome to use than it needs to be – no access is available by way of the context menu. The addition of context menu access to the lock/unlock function is an improvement the developer should consider.

Other than this convenience issue, I found BuduLock very easy to use and perfect for locking folders on shared machines.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under Freeware, Malware Protection, Privacy, Software, USB, Utilities, Windows 7, Windows Tips and Tools, Windows Vista

Visa Credit Card Scam – Don’t Be a Victim!

The more things change the more things remain the same, right? Well perhaps not always, but when it comes to Internet credit card fraud that definitely seems to be the case.

In 2003 cyber criminals ran an Internet scam that preyed on Visa credit card holders that used scam e-mail in conjunction with a specially designed Web site to gather both customer account numbers, personal identification numbers and other personal information. It has since been estimated that 5 percent of recipients responded to this scam e-mail – an incredible number.

Just this past week, I reported on this Blog on an email scam that involves MasterCard. In this scam an email link redirects to a site that looks very similar to MasterCard’s site. Those who fall victim to this scam are persuaded to input their credit card and other personal information. Carole Theriault, a senior security consultant at Sophos, a leading developer and vendor of security software and hardware, has pointed out that the average person would have difficulty in determining that this fraudulent site is not the authentic MasterCard site.

Well, here we go again. Now comes additional news from Sophos of a new Visa credit card scam in which Visa’s Verified by Visa website has been fraudulently replicated. Similar to the MasterCard scam, this one relies on the victim being persuaded to provide credit card details including their Visa card number, security ID, ATM pin number, Social Security Number, mother’s maiden name, full address, and phone number.

The information obtained would then allow criminals to make fraudulent charges, or use the victim’s credentials on online services, such as eBay, Amazon and others, with little risk of being caught.

A number of Internet security experts have told me this morning that this phishing scam is not designed particularly well, and that various aspects of the scam should raise potential victims’ suspicions. On the other hand, in my view any scam that alerts 95% of potential victims to fraudulent activity but still manages to trick 5% of its target audience is an unqualified success by any measure.

In this escalating battle with cyber criminals there are ways to protect your money and identity, but in the end we all need to use a little common sense.


Follow the tips below to protect yourself against these and other threats.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date.

Share this post :

9 Comments

Filed under Email, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Safe Surfing, Windows Tips and Tools

Protect Yourself – MasterCard SecureCode Phishing Attack!


Phishing can be defined simply as the act of tricking people into revealing sensitive or private information. It relies for its success on the premise that asking a large number of people for this information, will always fool at least some of those people.

Most of this activity is automated, and the targets are, as stated earlier, large numbers of Internet users. So phishing is considered an opportunistic attack, rather than the targeting of a specific person.

In a phishing attack, the attacker creates a situation where people are convinced that they are dealing with an authorized party; in this case MasterCard.

As described by MasterCard, SecureCode is a secure method for payment at thousands of online stores which uses a private code known only to the customer and the bank. Using this system offers protection against unauthorized card use online, at participating online retailers.

According to Carole Theriault, a senior security consultant at Sophos, a leading developer and vendor of security software and hardware, “MasterCard has been very successful in positioning SecureCode as the answer to online fraud.

However security experts, including Sophos, are now warning of an email phishing scam that attempts to entice MasterCard customers to signup for this service with a promise of discounts on future purchases.

The email link redirects to a site that looks very similar to the MasterCard site, where the cyber crooks then persuade the victim to input their credit card information. Sophos’ Theriault makes the point that “to the undiscerning eye, it’s almost impossible to tell this isn’t the real MasterCard site.”

The information obtained would then allow criminals to make fraudulent charges, or use the victim’s credentials on online services, such as eBay, Amazon and others, with little risk of being caught.

There are ways to protect your money and identity from preying cyber criminals but in the end, we all need to use a little common sense – if it seems too good to be true, it probably is.

Follow the tips below to protect yourself against these and other threats.

· Don’t open emails that come from untrusted sources.

· Don’t run files that you receive via email without making sure of their origin.

· Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

· Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, scan your computer with a second-opinion security solution, like NanoScan.

Elsewhere in this Blog you can download freeware anti-malware solutions that provide excellent overall security protection. Click here.

Share this post :

5 Comments

Filed under Anti-Malware Tools, Email, Freeware, Interconnectivity, Internet Safety, internet scams, Online Banking, Online Safety, Phishing, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools