Spoofed versions of the popular file transfer program FileZilla that steal data are circulating on third-party websites, the organization behind the software said Tuesday.FileZilla is an open source application, and hackers have taken its source code and modified it in order to try to steal data for more than a decade. But this campaign, run on third-party websites, is one of the largest FileZilla has seen to date, it said.
A new form of encryption is called “Honey Encryption”. It protects data with an added deceptive security mechanism i.e.. fake data that looks like valid information is presented to cybercriminals upon each failed password attempt. It was developed by former RSA chief scientist Ari Juels and University of Wisconsin researcher Thomas Ristenpart, and generates a piece of fake data resembling the user’s real information each time a hacker fails to access an account, as is common in brute-force hacking.
There’s an odd bug in Google search which is pointing users directly to a personal email address. The address appears in a “Compose” window that pops up when the top search result for Gmail is clicked. Very, very bizarre (and reproducible). see http://techcrunch.com/2014/01/24/gmail-glitch-is-causing-thousands-of-emails-to-be-sent-to-one-mans-hotmail-account/
The largest of the three studies — a Stroz Friedberg online survey of more than 700 information workers — found that senior management may be the biggest threat to an organization’s digital well-being. Fifty-eight percent of senior managers reported (digitally) sending sensitive information to the wrong person. Compare that with just 25 percent of lower-level employees guilty of the same misstep. More than half of all senior managers in the study admitted to taking files with them after they left a job. Only 25 percent of rank-and-file employees were found to have done the same.
The study also found that 9 in 10 senior managers admitted to uploading work files to personal email and cloud-based accounts, a faux pas that could lead to intellectual property theft and attacks on corporate networks.
In a study by Osterman Research, of 160 security professionals seventy-four percent of respondents said that malware had posed a significant threat to their networks in the past year, while 64 percent said the same for email scams. Who did these security experts blame for such high rates of vulnerabilities? Workers themselves. Fifty-eight percent of respondents said that malware unknowingly downloaded by Web-surfing employees posed the biggest threat to corporate security. Fifty-six percent thought that the malware and phishing schemes rampant in personal webmail accounts were an even bigger threat to companies.
Lax ‘Bring-Your-Own-Device (BYOD)’ policies weaken corporate security. Forty-six percent of security professionals questioned in the study said they no longer even try to manage the safe use of personal devices in the workplace.
A survey published last week — a SecureData survey of more than 100 IT professionals at midsize companies — found that clear security management strategies for employees are lacking within their organizations. 60 percent of the IT staffers surveyed listed employee carelessness as the biggest threat to a company’s cybersecurity.
The idea behind “Honey Encryption” is that if the intruder does ultimately enter the correct password and breach the account, then the fake data will be indistinguishable from the real data
Traditional encryption methods obfuscate the data, or make it look unintelligible, so hackers need to make sense of the garbled data after accessing it. Decoys and deception are really underexploited tools in fundamental computer security. Each decryption is going to look plausible so the attacker has no way to distinguish which is correct.
