Follow by Email

Friday, May 22, 2015

Safeguard from the tricky cryptowall



CryptoLocker is an especially insidious form of Ransomeware malware that was first detected in the wild in September 2013, restricts access to infected computers and requires victims to pay a ransom in order to regain full access.
What makes CryptoLocker so bad is the way it encrypts the user data on your hard drive using a strong encryption method. This makes it literally impossible to access your own data without paying the ransom amount to the criminals between $100 and $300 or two Bitcoins, even now more.

Once affected you will be locked out of your computer and unless you pay the ransom amount in 72 hours , the virus will delete the decryption key to decrypt all the files on your PC .

The malware lands on PCs the same way other malware does and a few sensible precautions will help minimize the chances of a CrytoLocker attack.

Yesterday, it was reported that - UK's National Crime Agency has given out an urgent national alert that a mass spamming event targeting 10 million UK based email users with CryptoLocker.

What if your computer gets compromised? Currently there is no option to decrypt the files without the decryption key and brute forcing a file encrypted with 2048 bit encryption is almost impossible. If you don’t pay the ransom, you forever lose access to everything you’ve been working on which is stored on your computer.

A few things you can do to prevent your PC from getting infected with the CryptoLocker virus:
  • Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails. Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
  • Most people have some anti-virus program, but how do you know it’s effective? Ensure you have best one active and up-to-date.
  • Also keep your operating system and software up-to-date.
  • Keep a backup. If you have a real-time backup software then make sure that you first clean the computer and then restore the unencrypted version of the files.
  • Create files in the Cloud and upload photos to online accounts like Flickr or Picasa.
  • Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
  • Make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.
There are many free tools now available in the community, that can help users to protect their systems from this malware.
1.) CryptoPrevent tool, created by American security expert Nick Shaw.
This tool applies a number of settings to your installation of Windows that prevents CryptoLocker from ever executing and has been proven to work in Windows XP and Windows 7 environments.

2.) HitmanPro.Alert 2.5, a free utility that will help you to protect your computer against the CryptoLocker ransomware malware.


HitmanPro.Alert 2.5 contains a new feature, called CryptoGuard that monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm.

3.) BitDefender Anti-CryptoBlocker, an encryption-blocking tool that can detect and block malware from installation.

Intrusion prevention systems can block the communications protocol send from the Cryptolocker infected system to the remote command-and-control server where the malware retrieves the key to encrypt the files. Blocking the communications can prevent the encryption from taking place.

Thursday, May 14, 2015

Android Milkshake is the next Upcoming version



While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco.

Android M — The name of the latest version of Android mobile operating system was spotted at the Google I/O 2015 schedule under the "Android for Work Update" Session, which says…
"Android M is bringing the power of Android to all kinds of workplaces."
According to the company, this will open up "huge new markets for hundreds of Millions of devices to workers at small businesses, logistics, deskless workers, and warehousing jobs."

However, Google appears to have since removed any mention of Android M from Google's I/O website, most probably the company wants to keep it as a surprise for Android users.

Considering the full Android releases with starting letters in alphabetical order, — Android M — strongly believes to be the next version of the Android operating system.

When the Google launched Android 5.0 at its developer conference last year, it was known by the name "Android L" before the company revealed its final name "lolipop" months later.

Some More highlights:

The schedule also includes another session "Voice Access" known as "Your app, now available hands-free," which suggests that Google wants its users to control every feature of Android apps by their own Voice Command.
As the Voice Access session says, "In this talk, we introduce Voice Access, a service that gives anyone access to their Android device through voice alone."
The main highlights of the Google I/O schedule are yet Android M, which will eventually get some sweet sugary name too like all the previous versions of Android OS.


Wednesday, May 13, 2015

Data Governance and Enterprise Data Management

Data Governance and Enterprise Data Management

Data Governance Discipline

image

Data Governance Roles

1. Ownership – Ownership recognizes and formalizes a set of responsibilities of business managers but does not redefine the job of business management.
2. Stewardship – Data stewardship is the nexus of data governance. It provides linkage among owners of different but related data subjects. And it connects business rules and requirements with data models, database design, information systems implementation, and day-to-day management and administration of data.
3. Custodianship – custodianship recognizes and formalizes responsibilities of data specialists but doesn’t redefine their jobs.

Custodianship versus stewardship

Custodians are responsible for the “buckets” that store the data, and for the systems that process it; stewards are responsible for the “content”—the data itself.

In Data Governance groups, responsibilities for data management are increasingly divided between the business process owners and information technology (IT) departments. Two functional titles commonly used for these roles are Data Steward and Data Custodian.
Data Stewards are commonly responsible for data content, context, and associated business rules. Data Custodians are responsible for the safe custody, transport, storage of the data and implementation of business rules. Simply put, Data Stewards are responsible for what is stored in a data field, while Data Custodians are responsible for the technical environment and database structure.

IT is the custodian of an organization’s data assets. This department gathers business requirements, develops the application systems, operates these systems and supports their users. Further, it manages the infrastructure on which these applications operate and ensures that the data is properly stored and protected. Data protection, for example, might be accomplished by providing a security system and periodic backups. To perform this role, IT establishes processes such as the system’s development methodology, facilitates the development of the business data model, and sets security administration and enforcement policies. 

Business representatives (stewards) must retain responsibility for the data content. Stewards define the requirements, verify that systems meet them and use the systems. The business representatives also have a data protection responsibility. This includes determining who can retrieve what data and enforcing access restrictions.
The table below contrasts some of IT’s custodianship duties with stewardship responsibilities performed by business representatives.

Custodianship versus stewardship responsibilities
Ultimate success depends on cooperation among data stewards as well as a strong ongoing partnership between stewards and custodians.
Custodianship—IT Stewardship—Business
Create the business data model.
Facilitate creation of the business data model, maintain it and apply it for data management database design.
Contribute to the business data model.
Provide the business rules, definitions, etc.
Gather business requirements.
Interview data stewards and other business representatives to define the business requirements. IT team members gathering the requirements must apply interviewing and analytic skills to ensure that they ferret out the requirements and translate these into the information required to understand what needs to be designed and built.
Provide business requirements.
Work with IT analysts during the system development and provide them with the requirements.
Establish data access restriction facilities.
Install security mechanisms that enable data access restrictions.
Determine who can access what data.
Input information on who has access capabilities into the data access restriction facilities.
Deliver quality data with supporting audits and controls, and resolve deficiencies.
Build systems that meet business expectations and provide evidence (through audits and controls) that the data has been processed correctly. Errors disclosed through audits and controls indicate data processing deficiencies and must be addressed by IT.
Establish quality expectations and ensure compliance.
Ensure that realistic quality expectations are consistent with business processes. In addition, ensure that the data conforms to the quality expectations.
Incorporate changes as needed.
Continuously communicate with the data stewards and other business representatives to keep informed about business changes that impact the systems and data. When these occur, gather detailed requirements and incorporate the changes to the existing environment.
Keep IT informed of business changes that impact data.
As the business environment evolves, changes are needed in systems and data to ensure that they continue to support the business. Information about these changes must be transmitted to IT on a timely basis to ensure that the data asset can be appropriately leveraged.

Securely and Instantly Share Sensitive Files

Once i was connecting with one of the client to have a confidential conversation.We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle.

If you are ever faced with the same situation, I am here to introduce you a very simple and easy-to-use approach to encrypt your files and send them to the person you want to communicate with.

Lets KickStart:


You don’t even need to install any software or sign up to any website in order to use the file encryption service.
So, what do I have today in my box?

"Otr.to" — an open-source peer-to-peer browser-based messaging application that offers secure communication by making use of "Off-the-Record" (OTR) Messaging, a cryptographic protocol for encrypting instant messaging applications.

We first introduced you Otr.to two months ago. At that time, it included two services:
  • Secure Peer-to-Peer Chat
  • Self Destructing Message
However, the developers have added a new feature called Secure File Sharing, that helps users to share files encrypted with AES256 algorithm with anyone they want to communicate.

Secure File Sharing feature "using Javascript with AES256 algorithm. Secret Key (password) will never transmitted to the server and the server will store only encrypted data" website mentioned.

HOW TO USE
http://3.bp.blogspot.com/-oFYQWxMDmo0/VVHjwu71_wI/AAAAAAAAi5w/MDrxFw-QHGU/s1600/secure-file-sharing.png
In order to get started with Otr.to’s Secure File Sharing, you don’t need to register an account or install any application on your desktop. All you need to do is, follow some simple steps given below:
  1. Open any web browser from any platform
  2. Visit https://Otr.to website and go to Secure File Sharing option
  3. Upload a file and get a link to it
  4. Share that link and encrypted password with your friend you want to communicate
  5. When our friend will download the file once, it will automatically self-destruct.

Otr.to is absolutely free and anonymous, which means it doesn’t reveal anybody’s identity to public. Also, Otr.to doesn’t save the keys (password) on its server, as everything it stores on the server is in encrypted form only.

This is something we really need in today’s fast life. Otr.to could prove to be a great tool for a variety of people, including journalists, businesses and whistle blowers who want to keep their communications instant, private and secure, as it’s not complex like other file and messages encryption software available in the market.

Last week, I have to communicate with my friend overseas in China. We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle.
If you are ever faced with the same situation, I am here to introduce you a very simple and easy-to-use approach to encrypt your files and send them to the person you want to communicate with.

Here’s the Kicker:

You don’t even need to install any software or sign up to any website in order to use the file encryption service.
- See more at: http://thehackernews.com/2015/05/secure-file-sharing.html#sthash.IdLQHJhK.dpuf