“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
– Eric Schmidt, Google CEO
With the Google hack in headlines news recently, there seems to be another war going on. This one is against… Google. It appears that Google tracks EVERYTHING you do while you use its search features. Including the webpages you clicked on when doing your searches, the news you’ve read and the places that you asked directions for.
Moxie Marlinspike, computer software expert, penetration tester and the one who showed the world that SSL can be completely bypassed, is now taking on the privacy issues with using Google. His Firefox plug-in called “Google Sharing” connects you to a Google sharing proxy server that protects you from Google’s tracking methods. A full explanation and the software can be found at http://www.googlesharing.net/index.html.
As with any proxy type software, security is a risk, because you are opening a network path from your PC to an unknown system. But if your privacy concerns outweigh the risk, then Google Sharing may be the way to go.
Daniel W. Dieterle
“There’s an arms race going on in Cyberspace” , that’s the word today from Dave DeWalt, chief executive and president of McAfee. Here is the cyberwar tale of the tape according to Mr. DeWalt:
Countries with Cyber Weapons :
US, China, Russia, Israel and France
20+ Countries arming themselves with cyberweapons.
500% increase in new Malware attacks
60% polled say foreign governments infiltrated their corporate infrastructure.
Worldwide, US is the biggest cyberwar threat, China is number two.
Cyber attacks cost 6.3 million a day, 1.75 Billion a year worldwide.
Read the full story at Yahoo News.
It looks like China is still denying any involement in the recent google hack. The exploit used was a zero day attack. On January 21, Microsoft announced that they actually had known about the flaw since last September and it was in “the queue” to be addressed. Microsoft released Security Bulletin MS 10-002
in resonse to the attack.
Read more at ZDNet.com.
Continuation of “Computer Security Tips for Small Businesses – Part 1”
5. Change Server administrator passwords once in a while, especially if an employee leaves who knew the password. User passwords should be a combination of letters, numbers and symbols. These are much harder to crack. Also, do not use the same password everywhere. Some administrators will use one password for their servers and also their online accounts.
6. Have an IT company check your system for common vulnerabilities. Software like SAINT is available to check for exploits in a network system.
7. When thinking of putting up a web server, if you are just putting up a non-confidential informational site, not tied to an internal database, it is always a good idea to have an external hosting company run it for you. This way if it is hacked, the hackers will not gain access to your internal network.
8. One less common thing is to use online searches like Google to check for confidential information that may have been placed on a social board regarding your company. Believe it or not, disgruntled employees have placed sensitive company information on blogs before.
This is just a quick list, but hopefully it will give you some ideas in planning the security of your network.
Daniel W. Dieterle