1 Aug 2016
When his yacht reached the open ocean the businessman pulled out his laptop and sat down to work on his important documents.
After a long period of serious concentration he stood up to stretch, just as the stern of his yacht dropped into the valley of a deeper-than-average swell. The sudden unexpected pitch of the deck caused him to lose his balance. As he instinctively snatched at the top rail to keep from falling, his laptop tumbled overboard and quickly sank to the sea floor below.
Lacking diving equipment and skill, the businessman had no choice but to note his GPS coordinates and return to harbor.
His laptop sat at the bottom of the sea for three weeks, until he found a diving company willing to search for such a tiny object in the vast ocean. Incredibly, the divers found it.
Time continued to pass as he pleaded with data retrieval companies to recover the only copy of his vital information.
Each of them examined the drive exterior, asked him the same questions, and upon learning the drive had sat at depth under salt water, said they could not help him.
“I think it was a good thing the others didn’t try, because it’s likely they would have prevented us from retrieving anything,” said Igor Samuilik, Senior Data Recovery Engineer at ACE Data Recovery. “We design and build our own recovery hardware. Everybody else is capped by the capabilities of the commercially available hardware they buy. We’re not. And so we got his data back.”
Over the 35 years ACE engineers have been retrieving data, they have developed unique proprietary hardware and software for recovering data from the spinning platters of computer hard drives. Indeed, the company can recover data from every storage media type – hard disk, tape, flash drive, RAID servers, solid state drive, and even floppy drive.
The company provides its services because – like the businessman on his yacht – most users remain unconcerned about securely backing up their data until it’s too late.
“When the others fail we get it,” said Yevgeniy Tolkunov, CTO. “While some user-installed recovery software has become popular recently, few people know that you can damage your media to the point at which data is not recoverable at all. We can even recover data from slightly damaged platters. If you try that software at home or work and your hard drive platters are damaged, your data will become unrecoverable.”
If you’re unable to read from or write to a hard drive, first get it to ACE Data Recovery, using any available means. Once it’s there, ACE engineers perform a no-cost diagnosis.
“The diagnosis tells you…
1. That we can get the data
2. The primary cause of failure, and
3. The cost of retrieval.
“Once you give approval it’s up to us – we don’t get paid until we deliver your data to you,” said Charles Walker, CEO. “We’re pretty confident we can do that, because we have the best recovery engineers in the business.”
ACE Data Recovery engineers are selected from the very best candidates around the world. Each has at minimum a computer engineering degree. They work in the four data recovery labs ACE operates in the USA, each of which has class 100 clean rooms.
It also operates 25 data recovery service centers across the USA, and six more in Canada. For customers not close to those locations, certified partners in the USA are ready to help recover data from compromised storage media.
To maintain the integrity of your data, engineers “capture an image” of the data on your drive, and place that image on another drive, called – logically enough – the image drive. Then they go to work on recovering data from the image drive, using expertise that ACE has developed over three and a half decades of recovering lost and corrupted data.
Once your data is recovered, the Quality Assurance department performs a quality control check, to ensure your data is there for you to see and use.
“We keep the image drive for five business days in case there are any issues,” Samuilik said. “After that we securely erase data from the image drive.”
Customers receive their recovered data on media provided by ACE. The media depends on the data, and is usually either an external drive or flash drive. “We work with the client,” Tolkunov said. “We can send their data to them via FTP or one of the cloud services if that’s what they want.”
Some customers, in a hurry or far from an ACE facility or unable to ship a server, ask if their data is remotely recoverable.
“Whenever a customer wants data recovered from a logically corrupted SAN, NAS, RAID, server application, or Virtual Machine, we first find out what their requirements are. Then we remotely connect to perform a full diagnostic, and prepare quote” said Samuilik. “If it is a logical issue we use our own tools to recover the data. Physically damaged drives must go to one of our facilities.”
29 Mar 2016 -This device with training can prevent instances of a common form of data loss.
Users are the weakest link in the security chain. It’s always been that way and likely always will be.
Apricorn has a device IT administrators and information security professionals will appreciate, as it makes securing information very simple. Of course it's not foolproof, as fools are so inventive that nothing is every fully foolproof.
Aegis Secure Key 3.0 is a USB 3.0 device with built-in keys that allow a user to set the key.
Touted as waterproof – we didn’t test that aspect – and weighing 45.3 grams, our evaluation model has 30GB capacity.
Instructions are very simple – first time setup requires six steps.
There are only three steps to unlocking it.
Adding a new user PIN requires six steps.
A full reset takes three steps.
Keys are from 7 thru 16 digits, meaning an unthinking user can use a telephone number (yes, it’s bound to happen). Consecutive numbers are not allowed as keys, nor are all the same numbers. With minimal thought even the thickest user ought to be able to enter a strong yet memorable key.
The Aegis is formatted for NTFS and ready for Windows users. Mac users will need the Disk Utility to format it for that file system.
An internal battery is charged from the PC USB port. The red LED pulses when the battery is charging. Apricorn recommends charging for 60-80 minutes before first use.
If you’re going to allow USB sticks on your network – and very few admins do not – then you’d best ensure your data are removed and transported while encrypted. The Aegis protects your data with 256-bit AES encryption.
It’s not viewable in Windows Explorer until unlocked. After unlocking, if not accessed for 30 seconds it returns to sleep mode, and is no longer visible in the directory. That’s excellent for protecting the data of typical users who walk away from their desks with USB keys still in the port.
Considering the number of users who insert USB sticks they’ve “found” into their work machines and those who lose USB keys containing important data, it seems obvious the Aegis is an answer to one of every administrator’s nightmares.
22 Mar 2016 - Until an attack is publicized and actually threatens bureaucrats, IT security remains an afterthought beyond budgetary consideration.
“Being Canadian I wanted to look into issues affecting Canadians, particularly the state of ransomware in Canada,” said Jérôme Segura, senior security researcher, Malwarebytes. “The website of Norfolk General Hospital in Simcoe, ON appeared to be compromised. I replayed the attack with a virtual machine. Ransomware encrypted all of my fields and asked for a $500 ransomware.”
[Securebuzz will not knowingky link to a compromised site.]
Since the Joomla platform on which the site was running is at version 3.8 right now, the site running version 2.5 was seriously out of date, with multiple vulnerabilities. Joomla is second only to WordPress in popularity of website platforms.
The injected code was obfuscated with strings that don’t make sense, to hide the intent. The code launched the Angler exploit kit, which defines vulnerabilities in your system. It exploits the machine to download within a few seconds of browsing the site. If your machine is not up to date it is infected.
“Two weeks ago I informed the hospital administration,” Segura said. “I even left a voice message for the president of the hospital. Apparently they receive a lot of calls from salespeople they ignore, but I wasn’t trying to sell them anything.”
On the same morning Segura spoke to Securebuzz he finally spoke with hospital officials, and learned the website is outsourced.
Instead of updating Joomla, the outsourcing firm restored a version of Joomla that was older than the compromised one. They’re now running version 2.52.28.
Criminals have scanners that look for website information. When you lock a website down you want to ensure you’re not revealing too much information about it. In this case the malware detected visitors’ IP address and launched the ransomware.
Google had already blocked the site. Yet the hosting company vehemently denied the claim of ransomware, because the hosting company IP addresses were prevented from seeing the ransomware... until Segura provided proof.
“I felt bad for the IT guy who was stuck in the middle and frustrated. I gave him names of a couple of companies that protect websites. Government entities are running sites that are outdated and putting patients, employees, and their families at risk. In theory employees could infect themselves from that site.”
It also matters if personal data is stored, although fortunately it appears there was none in this case. “Only” site visitors are at risk. There might be other malware running on the website server, although Segura couldn’t tell from the outside.
“We want to raise awareness, not point the finger at the negligence due to politics and budgets,” said Segura. “I find it almost criminal that a public hospital is running a website hosted on outdated software. The health industry has many examples, like when I go to a clinic and see they are using an unlocked Windows XP computer, with my personal information on there. The security is horrible. It’s just a matter of time.”
He’s experienced in this field, having worked website cleanup, logging into servers and removing malware, for years.
“People think they’ve cleaned the site by removing the offending code,” he said. “They forget important things, like a lot of time there a backdoor remains, or there is still residual code that allows a hacker to reinject malicious code. That’s a problem with education. Don’t just fix the symptoms – look for how the breach happened in the first place. Check your access logs. Find out if they stole your passwords. A lot of people don’t even think about that.”
2 Mar 2016 - Doesn’t matter what or how many layers you have until you know for sure they’re protecting you.
After witnessing significant customer frustration, lack of confidence and skepticism over security products, there exists a need for a vendor to provide answers and test assumptions.
“Instead of promising another product to protect you, we offer a product that validates everything you have in place now, and in the future, and helps consolidate into a solid security program with only what is essential to help you manage,” said Stephan Chenette, CEO AttackIQ. “There are 75 security products. On average they ship through hundreds of thousands of alerts, of which fewer than 20% are actionable. There aren’t enough security people to manage all of the security products. There is a huge need to automate security testing.”
So Chenette founded a firm that offers continuous security testing, challenges the infrastructure and products, and helps measure risk, validate, and provide assurance. Founded in 2013, the firm came out of stealth mode only after working with hundreds of companies in various industries.
The platform allows organizations to run security unit tests to challenge every assumption about security posture. Chenette claims it’s the first purpose-built community platform that allows organizations to use their security knowledge for repeatable and consistent tests of their security programs on an ongoing basis.
“So many alerts are myths. In every day data breaches, it’s not only the technology that fails, it’s the humans and their processes that fail also,” he said. “If we have security products you assume are working, you need to test that assumption. Most organizations instead of validating what they have works, they add more products until security becomes unmanageable.”
Unified security testing that is powered by the AttackIQ research team and the security community includes a repository of curated security tests organizations can use to test their own programs, both on premise and in the cloud. They can safely attack and improve their defense in depth strategies.
Another goal of AttackIQ is to help every organization improve its security and spend money wisely, regardless of budget size. The correct way to buy technology is to decide what is at risk, and then build security around the valuable assets in the organization.
Testing is the missing component. You have to test what you’ve put in place, which allows you to become more resilient and secure. Finding the gaps and blind spots in your infrastructure lets you improve what works and to what degree.
“Most companies go from being skeptical to the belief that they’ve never had this before,” Chenette said. “With the FireDrill platform you can test your AV for example, in minutes. Hundreds of templates help you validate your security. Sign up for the platform, deploy agents, and begin validating your infrastructure.”
Scenarios range from validating firewall egress points, to safely testing adversarial techniques inside an organization defense in depth strategy. The goal is to validate the security controls, while exposing gaps and blind spots so an organization can improve its security and continue to retest.
“What was true yesterday might not be true today,” said Chenette. “Networks change, configurations change, machines come in and out of networks. They must be tested continually.”
It’s designed so that in less than five minutes you can sign up, deploy test points, and validate the security controls in your organization.
You have access to reports, and direct outputs via a number of different mechanisms. An organization can use any data FireDrill has to integrate into its workflow.
Fully API-driven, it’s built to integrate well with other components of an organization… technology agnostic.
“It’s no longer about the promise of technology… we have to stop the guessing game and test our assumptions,” Chenette said. “Stop guessing and start knowing.”
24 Feb 2016 - Automated platform agnostic peer to peer encryption allows users to remove themselves from the equation.
Four men with technology backgrounds are out to increase everybody’s privacy through peer to peer encryption by default that is invisible to users, and therefore very easy to use.
• Simon Witts is an enterprise seller
• Leon Schumacher is an enterprise buyer
• Volker Birk is a software architect in the security space
• Sandro Kochli builds service-based companies around open source software
“At the core a security product has to be an open source project to be taken seriously,” said Simon Witts, Head of Sales, Pretty Easy Privacy. “Leon and Volker run crypto classes to teach people how to use encryption. Their idea was, what happens if it’s encrypted by default? Couldn’t you just write algorithms to do the key management and keep it easy? That’s what we’ve been doing for four years.”
Distributed through GPL, PEP is easily added. The open source distributions of PEP are a Thunderbird plugin called Enigmail and K9 with PEP. Being device based, it’s fully peer to peer.
“Think of it as a little engine that automates everything that’s going on,” Witts said. “Started as an Outlook plugin or iOS or Android device, it works against any email backend. It covers email and messaging including SMS text, sending as securely as it can.”
If you’ve got PGP it will use that, or if you have SMIME, or if you have OTR it will use that… whatever there is it will pick up and use it, because it’s completely automatic. It’s meant to be unobtrusive – automatic installation and operation.
If users want to, they can set things, but they don’t have to.
The only difference is PEP offers the privacy status encrypted yellow button. On the left the incoming status is unencrypted. Reply is automatically encrypted, as shown in the right slide.
“Once I reply my key goes with it and in future we’re encrypting both ways,” said Witts. “I’m automatically sending it encrypted. Every communication I send and receive from him will be encrypted.
“On the next image, if I click the unencrypted button, I can see on the list it’s Terry the investment banker, who pep hasn’t exchanged keys with.
Users don’t have to do any of this, as PEP sends encrypted when it can and unencrypted when it can’t.”
“If you force encryption then Terry gets a nice little email that asks him to download a reader,” Witts said. “So you can push privacy with a reader similar to Adobe Reader. “Or you can go in and manage the privacy status manually of any user with a handshake. We use trust words. We can exchange PGP fingerprints, although we can make it as simple as five trust words. I get on the phone with a person we know there is no man in the middle, then all communications are green and there are no attack vectors at that point.”
Use the same concept of trust words to form device groups. Put PEP on your Windows PC and iPhone or Android, and it automatically pops up to ask if you want that device to join that group. It automatically detects and provides the trust words. At that point your keys are shared amongst all devices.
“We can’t assume a user knows what a key is, let alone manage them, so we keep things simple and automatic,” said Witts. “The viral nature is when people push privacy and it spreads.
PEP covers email, messaging, and text, and it does so peer to peer. How you decide to store the key is your decision. Most companies will store email on the server unencrypted, because they are behind the firewall, and we only want it encrypted in transit.
There are about 20 options IT can play around with if they want to. Individuals will not see it.
“We let them configure Outlook exactly how they want it,” Witts said. “The Outlook becomes the master config, configuring all devices. IT loves that, because it gets all devices conjured the way IT wants. Being encrypted by default makes it easy, because it’s automated. We make it as secure as possible automatically, unless the user wants otherwise.”