August Monthly Roundup

September 3, 2014

In August, Kaspersky Lab brought you even more relevant reads and vital security news stories. From testing your brain power, to hacking your home, we kept you in the know! If you missed any of our popular August posts the first time around, now is your chance to catch up!

monthly_aug

10 computer-related mistakes that can cost a career

You’re fired! Two words you don’t want to risk hearing because of a mistake you made on your work computer. Regardless of stringent security instructions signed by employees as part of the recruiting process, those are neither followed nor considered, never embracing the paramount impact of consequences the violation may carry. So, what are these no-go use cases for a work PC or laptop?

  1. Using USB sticks to transfer data. One might lose the drive containing important corporate or confidential data, or even unintentionally infect all PCs in the office via a wayward virus.
  2. Chatting in social networks. It is important to mind the sensitivity of the data and information that you are sharing.
  3. Improper tone of voice when talking to clients or partners publically (social networks), as damaging your employer’s reputation is likely to mean dismissal with immediate effect.
  4. Resending work emails via personal email. If compromised, your mail service data may end up in the hands of cyber criminals.
  5. Sending encrypted personal information from the office computer could mean the end of your career.
  6. Using unauthorized third-party software at work, especially on laptops. Irrelevant software wastes company resources. Don’t forget your PC is likely monitored remotely so security professionals can see what you’re up to.
  7. Deliberate or accidental policy violation, i.e. password disclosure. It can cost one a career to blatantly disclose, or risk disclosing, company passwords.
  8. Downloading irrelevant content may seem harmless, but people forget that they are being monitored, and can be penalized for these actions.
  9. Mobile communications can lead to many mistakes such as confusing a corporate phone with a personal one, or exceeding traffic limits. All above rules are application to mobile devices, not just laptops.
  10. The last but not least,don’t forget that everything you say (and write) online can and shall be used to support or ruin your career.

What to do, if someone really stole 1.2 BILLION passwords?

Allegedly a criminal group gained access to, and stole, 1.2 billion passwords and usernames from various web sites. The public was ill informed about exact details, including what sites were targeted as well as any technical details, thus leaving a lot of security experts scratching their heads. So what actions should one take if their credentials are stolen? An alleged theft such as this might mean it is a good time to switch from incoherent password policies to more secure approaches. For example, one can minimize the danger and damage of a breach by making sure a unique password is used for each account. Unique passwords will prevent a hacker from using one password to open up the door to other important accounts. Password managers and password checkers are great tools to ease this process!

Test Your Brain Power in the Global Think Test

On September 6, the best of the best brains will compete in the Global Think Test in hopes of winning the grand prize of $25,000. Leading up to the one-day event, you can test your brain-power at the Brain Training Zone, which will get your brain in tip-top shape. It is simple: the more you play, the more points you earn, the more chances you have to win one of the awesome prizes. Kaspersky Lab has teamed up with the Mensa Organization, Ferrari and cricket player Sachin Tendulkar to bring you specialized puzzles and prizes. For example, the Mensa Challenges were specifically designed to help challenge intellect and test problem solving skills. The Ferrari Challenges include Ferrari-related games, puzzles and video teasers to test your Ferrari knowledge. Legendary cricketer Sachin Tendulkar has joined the Global Think Test to challenge your cicketing brainpower. Not to mention, Sachin and Ferrari are contributing some great prizes. Haven’t registered yet but you think you have what it takes? You can register to be a part of the Global Think Test at GlobalThinkTest.com.

How to seal the “back door” in Android OS

A not-so-fun-fact: according to Kaspersky Lab, more than 99% of mobile malware is Android-oriented. Google is vigilant in its security measures, implementing a number of protective measures in the Android OS itself. Unfortunately, these measures are not perfect and malware has had a good opportunity to get into the smartphone by a back door, i.e. several flaws in Android protection mechanisms. A malicious application can penetrate the smartphone by disguising itself as a popular and trusted service, or by “piggybacking” the legitimate application, i.e. adding itself into the installation package. The vulnerabilities called Master Key and FakeID are presented in most modern Android smartphones. They are a little bit less famous than renowned Heartbleed (Android smartphones are also subjected to it partly), but it is very important to remove them. To get rid of the vulnerability without any assistance is not easy, but you can minimize associated risks for your devices. Here are the steps to do that:

  1. Check for the vulnerabilities mentioned by using the free scanner from Kaspersky Lab, which is available on Google Play.
  2. If your device is vulnerable, check if firmware updates are available.
  3. If the vulnerability hasn’t been addressed yet, you could fix it yourself, but this is not suggested.
  4. Don’t throw away your smartphone over unpatched vulnerability. Instead, just be vigilant to avoid loss of money or data by using only large and official applications stores, downloading only popular apps, controlling the permissions of the application, and using a reliable android security software

How I hacked my home

Did you know that a typical modern home can have around five devices connected to the local network which aren’t computers, tablets or cellphones? Think of a smart TV, printer, game console, network storage device and some kind of media player/satellite receiver. We ask: does this make your home hackable? Well, first off, in order to consider a hack successful one of the following things should be achieved: obtaining access to the device; obtaining administrative access to the device; or being able to transform/modify the device for personal interest. Researching the network storage devices in a home experiment, uncovered a number of vulnerabilities that would allow an attacker to remotely be able to execute system commands with the highest administrative privileges. Some devices did not just have a vulnerable web interface, but the local security on the devices was also very poor. Weak passwords on devices appeared to be a common theme. Furthermore a lack of authentication or encryption on some devices left them susceptible to man-in-the-middle attacks. Ultimately, we need to assume that our devices can be, or are already, compromised. We need to start assuming that products are vulnerable and that attackers can and will gain access to them. Understanding the risks associated with household devices and some best practices to keeping them safe, will be beneficial to your household’s security.