Microsoft Boosts Encryption for Outlook Webmail and OneDrive

From: The Hackers News – Wednesday, July 02, 2014 by

After the wide chain of scandals over US global snooping that seriously damaged the trust on the top U.S. Tech companies, Google and Yahoo! came forward and took initiative to provide more secure, encrypted and NSA-proofed service in an effort to gain their reputation again among its users.

Now, Microsoft has also announced several improvements to the encryption used in its online cloud services in order to protect them from cyber criminals, bad actors and prying eyes. The company effort detailed in a blog entry by Matt Thomlinson, Microsoft’s Vice President of Trustworthy Computing Security.
MICROSOFT’S COMMITMENT
Last December, Microsoft promised to protect its users data from government snooping by expanding encryption across its services, reinforcing legal protections for its customers’ data and enhancing the transparency of its software code, making it easier for the customers to reassure themselves that its products contain no backdoors. <READ MORE>

Encryption of Mobile Devices: A Security No-Brainer

From: Law Technology Today, June 18, 2014, written by

As attorneys continue to increasingly embrace mobile technology like laptops, smartphones, tablets, external hard drives, and USB (thumb) drives, it is critical for them to understand and address the risks. The attributes that make theses devices so useful – they are portable and compact, with high storage capacity – also make them risky. They can easily be lost or stolen, compromising the data stored on them.

Fortunately, there are inexpensive and easy to use encryption solutions to protect confidentiality in the event of loss or theft of mobile devices. While many attorneys will need help in setting up encryption, it is generally easy to use after it has been set up.

Verizon’s 2014 Data Breach Investigations Report, a leading analysis of security incidents and their causes, explains it this way:

PHYSICAL THEFT AND LOSS
RECOMMENDED CONTROLS
The primary root cause of incidents in this pattern is carelessness of one degree or another. Accidents happen. People lose stuff. People steal stuff. And that’s never going to change. But there are a few things you can do to mitigate that risk.

Encrypt devices
Considering the high frequency of lost assets, encryption is as close to a no-brainer solution as it gets for this incident pattern. Sure, the asset is still missing, but at least it will save a lot of worry, embarrassment, and potential lawsuits by simply being able to say the information within it was protected. Also, periodically checking to ensure encryption is still active is right up there too. This will come in handy when the auditor or regulator asks that dreaded question: “How do you know for sure it was encrypted?” <READ MORE>

Maliciously crafted files can disable Microsoft’s security products

From PC World – Security – June 18, 2014, by Lucian Constantin

This information can be very useful especially to those of you working from home.  Providing this sort of content can help to minimize your risk.

A vulnerability allows attackers to disable Microsoft’s antimalware products by sending specifically crafted files to users via websites, email, or instant messaging applications.

The vulnerability is located in the Microsoft Malware Protection Engine, which sits at the core of many Microsoft security products for desktops and servers including Microsoft Forefront Client Security, Microsoft System Center 2012 Endpoint Protection, the Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, Windows Intune Endpoint Protection and Windows Defender, which comes pre-installed in Windows Vista and later.

Microsoft fixed the vulnerability in Microsoft Malware Protection Engine 1.1.10701.0 released Tuesday. For home users, the new version should typically download and install automatically within 48 hours, but administrators in enterprise environments should make sure that their update management software is configured to approve the engine updates.

If left unpatched, the vulnerability can be exploited to force the Microsoft Malware Protection Engine into a scan timeout, essentially leading to a denial-of-service vulnerability. When this happens, the antimalware product will stop monitoring the system for threats until the rogue file is removed and the malware protection service is restarted. <READ MORE>

From HIE to HR, cloud finding favor

From: Healthcare IT News, June 17, 2014, Mike Miliard, Managing Editor

Business associate agreements, security concerns prove problematic for providers

Eighty percent of respondents to the inaugural 2014 HIMSS Analytics Cloud Survey say they currently use cloud-based IT services. Still qualms about performance and privacy persist.

Lower maintenance costs, faster deployment and the ability to step in when staffing resources are scarce are the cloud’s top three selling points, according to the poll, which finds that of the organizations currently making use of the cloud, nearly all of them plan to expand their use.

[See also: New HIPAA rule could change BAA talks]

Half of the cloud adopters are hosting clinical applications in the cloud, primarily using software-as-a-service tools, according to HIMSS Analytics. Typical cloud services include health information exchange, the hosting human resources applications and backup and disaster recovery.

“Cloud services have been long praised as a tool to reduce operating expenses for healthcare organizations,” said Lorren Pettit, vice president of market research for HIMSS Analytics, in a press statement. “The data presented in our inaugural survey demonstrates the healthcare industry’s eagerness to leverage this resource.”       <READ MORE>

Oops! Tim Cook tweets photo of Mac production line running Windows

From PC World: Jun 6, 2014, Mark Hachman@markhachman

The definition of ironic – happening in the opposite way to what is expected, and typically causing wry amusement because of this.

Well, there’s apparently one good thing Microsoft’s Windows is good at: running the software necessary to manufacture Apple’s Mac computers.

And the messenger of this information? Apple chief executive Tim Cook himself. On Thursday, Cook tweeted a photo of himself touring Apple’s Austin, Texas production line where the Apple Mac Pro is manufactured: <READ MORE>

View image on Twitter

FL – Summer Storms – Be Ready

It’s no secret that Central Florida is the lightning capital of the United States.
Do you have a plan in place to protect your data as well as access and run the software applications that your business depends on?
Can you accomplish this goal by just flipping a switch?
When it comes to running your business Managed Backup and Business Continuity should be at the top of your list. You can protect your data, keep your business up, running and profitable when your competition cannot.
This solution can be implemented quickly and at a reasonable monthly cost.
Please view this video – it’s time well spent:

Cryptowall Ransomware Spreading Rapidly through Malicious Advertisements

From: The Hacker News: Friday, June 06, 2014

Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim’s computer system or encrypt the documents and files on it, in order to extort money from the victims.

Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker, Icepole, PrisonLocker, CryptoDefense and its variants.
Now, the ransomware dubbed as Crytowall, a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others.
Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense (Trojan.Cryptodefense) ransomware, appeared in the end of March, that holds the victims’ computer files hostage by wrapping them with strong RSA 2048 encryption until the victim pays a ransom fee to get them decrypted.
But unfortunately, the malware author failed to realize that he left the decryption keys left concealed on the user’s computer in a file folder with application data.

Why Your Small Business Needs Cyber Insurance

From Intuit Small Business Blog – by Dave Clarke on

Sometimes small-business owners feel invisible compared to more established brands. But when it comes to cyber crime, your business is just as visible — and vulnerable — as any Fortune 500 concern. Nearly one-third of all cyber attacks in 2013 targeted companies with fewer than 250 employees.

Not only are small-business owners less likely to have the resources to put sophisticated cyber defenses in place to protect their and their customers’ data, but they are also less likely to be able to absorb the financial impact of such crimes. That’s where one of the latest offerings from your insurance agent — cyber insurance — may come in handy. Many of the larger insurance carriers now offer this coverage to help you protect your business from the ravages of cyber crime.

The biggest mistake you can make as a small-business owner “is thinking, ‘I don’t need this,’ and, ‘It’ll never happen to me,’” says Claire Wilkinson, former vice president of global issues at the Insurance Information Institute and editor of Terms and Conditions, the institute’s blog. “Cyber attacks targeting large companies may dominate the news headlines, but for a small business, cyber attacks can cause huge financial and reputational damage.” Roughly 60 percent of small businesses hit by a cyber attack will close within six months, Wilkinson says.

What Cyber Insurance Can Do For You

Cyber insurance is designed to help you deal with the negative ramifications of having a web presence. Some policies offer safeguards against viruses and hacking, and others might even cover liability for problematic web content, such as a defamatory blog post.

Additionally cyber insurance can help by: <READ MORE>

You’re in the cloud…right?

From: Healthcare IT News, June 2, 2014, by Benjamin Harris, Contributing Writer

‘Even if your data is encrypted, how well is it encrypted?’

It seems that everybody under the sun has been asking “you’re in the cloud, right?” But it’s important to take a step back and realize that not all clouds are equal. Maybe it’s time for people to be asking, “Are you doing the cloud right?”

Fred Eberlein of Tresorit, a Hungary-based cloud storage service, likes to talk about the roles that encryption plays, and how the word alone can create a false sense of security. For instance, he notes that almost everyone says they encrypt data. And that’s true. But how?

“When you push a medical file to the cloud, it’s encrypted on the path to the cloud,” Eberlein says. “But when it gets to the server they decrypt it and encrypt it in storage. That’s the Achilles heel for most established cloud data solutions.”

[See also: Has the cloud found its moment?.]

Problem? You bet.
The solution to this lies in client-side encryption, where data is encrypted on the device it’s created on and stays that way until it reaches its final destination. Once that data is encrypted and uploaded to the cloud it’s safe, right? Well, maybe. It depends on how it was encrypted.

Take, for instance, a picture of a penguin. Encrypt that image using an industry standard 256-bit AES algorithm. Chances are very good that someone with a high level of understanding about encryption and a reasonably powered computer can coax enough sense out of the chaos of that encrypted file to get most of the picture visible.

This actually happened. Eberlein says that while the image was still garbled, it was recognizable as a penguin. That should worry anyone who thinks that just because his or her data is encrypted, it’s safe.

“Even if your data is encrypted, how well is it encrypted?” Eberlein asks.

Here, the prospective buyer wants to see their cloud provider offering multi-level encryption, something well beyond the 256-bit standard.

A secure file still has a history that needs to be overseen. Who has access to what and on what terms? Provided a file is encrypted, what next? Any cloud provider worth its salt should come with a slew of administrative features that allow an IT director to see when it’s been edited, how and by whom. Client-side solutions with these features give a tremendous leg up to the mHealth and BYOD camps.

Eberlein cautions that while it is a given that control features need to be built into a system, proper encryption and security trump even that. “A lot of administrative features are good, but if the data is accessible to attack, the control doesn’t really do too much,” Eberlein says. <READ MORE>