Zeus strikes once again!

OUCH!!!

http://news.cnet.com/8301-27080_3-20013246-245.html


How much more must consumers and financial institutions suffer? How much more money must we lose to these cyber criminals? How much longer will financial institutions bury their heads in the sand and reassure consumers that their banking systems are safe to use?

I get sooooooooooooooo frustrated when i see such attacks time and time again as I believe that they are easily avoidable.


How?

Three-prong approach!

1) Financial institutions must finally show the initiative to deploy security systems that not only protect their back end systems, but also the weakest link in their security chains - the end user when they login to their internet banking systems!

2) Users must be given access to security technologies that protect their confidential information (usernames, passwords, one-time-token passwords, personal details, bank account access) even if their computer is compromised with malware such as keyloggers, trojans, spyware etc. Such technology must be fool-proof as many users out there don't even know what a firewall is let alone how to spot a phishing attack or how to identify code injection caused by cross-site-scripting techniques.

3) There must be a coordinated approach by industry and low enforcement to raise consumer awareness, develop systems that educate, nurture and encourage safe browsing habits, and greater information-sharing initiatives between industry and law enforcement to help the good guys defeat the bad guys!



Does your bank use state-of-the art security?? So what, who cares!!!!

When was the last time you read about a bank's back-end systems being directly compromised? You never read about this as the banks have invested huge amounts of resources in securing their back-end systems. Bank back-ends are robust and built like sherman tanks and the cyber criminals know that it is easier to enter into the enemy's sherman tank on the back of the unsuspecting tank driver than it is to try to break in through the many layers of solid iron and steel!

Well the same applies in the cyber world! Cyber criminals know it's much easier to ride on the back of an unsuspecting online banking user than it is to attack the bank directly. And as the above article shows, they are reaping huge "rewards" for their work.

It is not until the banks secure the weakest link (ie, the unsuspecting internet banking user) that they can effectively protect their customers from such threats! All they really need to do is deploy a small app (few mb in size) that can verify the security health of the user's computing device, suspend any known malware in real-time and secure the transaction by locking down the session so it cannot be penetrated or intercepted by the criminals or any malware present onthe device (such as the zeus trojan).

Sounds like rocket science, but it is very simple to deploy and end users are then protected, regardless of their technical ability.



So what now?

It's about time that consumers began demanding better security services that included their computing devices in the entire security chain. Such services exist and are not expensive at all.

Also, it's about time financial institutions started thinking about the end user and taking steps to secure the end user's online identity and hard-earned cash. It's no longer good enough to simply reimburse a user for any amounts stolen by a cyber criminals. STOP the theft altogether and protect the user's online identity!

PLEASE PLEASE PLEASE give us online peace of mind!

Yes, gmail is still GREAT email!

http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

Although the recent attack on the Googliath of internet email, gmail, was nothing more than a few gmail accounts being compromised through “phishing scams or malware placed on the users’ computers” and not through holes in Google's security systems, it still made headlines worldwide.

Why? Well I believe it may be because many people have a false sense of security that if they use reputable and trusted services or systems, which in themselves are very comprehensive in their security and/or privacy architecture (such as gmail), then their online personal information will always be safe and secure.

Newsflash, it's NOT!

The key issue here was that the hacked accounts were a result of malware or phishing attacks - means that allowed the hackers to bypass the most comprehensive of security systems as a result of the users unknowingly activating or authenticating malware or clicking on a rogue link in a phishing scam. The hackers did not (and probably cannot) compromise Google directly, so they utilised other sneaky means to get in to the gmail accounts.

How? Well think of it like this. You can have the most sophisticated traditional security systems protecting your house, but if you allow an intruder in through a window or door, then all of your traditional security systems render themselves useless in protecting you from the intruder once he’s inside your house. No traditional perimeter or network security systems (windows, doors, grilles, locks, guard dog, CCTV, door camera) can help you once you have allowed (authenticated) the intruder into your living room, right?

Well the same principle applies to our cyber world too! No matter how comprehensive your traditional perimeter or network security systems are (firewall, cryptic username/password, SMS/token authentication tools, antivirus/antispyware scanners, url/phishing filters), they are all helpless if you allow the malware (intruder) to enter into your living room (pc) through a window or door (installing/activating/authenticating the malware on your pc).

In an ideal world, there would exist another much more sophisticated system that would be intelligent enough to protect you from your own self. A system that would be intelligent enough to automatically and instantly determine that the intruder was NOT legitimate and then kill/freeze/suspend/disable him should he manage to enter into your house! Imagine that! Sounds like something from a futuristic sci-fi flick, huh? Bad guy disguised himself and bypassed CCTV, door camera, window grilles and guard dog, only to be then killed/frozen/suspended/disabled in real time by a sophisticated system as soon as he entered your house!

Well although such systems do not exist to protect our domestic world (I am told that a shot gun is not an acceptable system), they DO exist to protect our cyber world!

Yes, that’s right! There is a system out there that still protects your online identity and confidential information in the event that you accidently activate malware on your pc. This system will protect you from malware such as Trojans, viruses, worms and rootkits, as well as phisihing/pharming and MITM/MITB attacks. This means that even if one of these nasties did manage to get onto your pc, your online identity, usernames/passwords, credentials, banking transactions etc will always remain safe and secure from the hacker.

Oh, and surprisingly this system costs much less than my monthly mobile phone recharge and is very simple to install and use. No wonder many high-profile financial institutions are rolling out this system to their online bankers free of charge.

It’s what they refer to as online peace of mind!