<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>Hass and Associates Cyber Security by Creselda Cabal</title>
      <link>https://padlet.com/creseldacabal/hass-and-associates</link>
      <description>Hass Associates Blog is one of the providers of news, analysis, opinion, information and services for the IT community, the role of technology in improving organization/s in all sectors of business and public life. We aim to share knowledge and to connect with the people and the internet technology. Visit our website at http://hassassociates-online.com/articles/about-us/</description>
      <language>en-us</language>
      <pubDate>2013-10-03 00:39:57 UTC</pubDate>
      <lastBuildDate>2025-10-30 11:54:33 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>Hass Associates: 3 Topp Microsoft investorer presse For Bill Gates resignasjon</title>
         <author>ino2george</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/14189936</link>
         <description><![CDATA[<p>

<p>Tre av de topp 20
investorene i Microsoft Corp er lobbyvirksomhet styret å trykke i <a href="http://www.huffingtonpost.com/2013/10/01/microsoft-gates-resignation-investors_n_4026506.html?ir=Technology">Bill
Gates å gå av som leder</a> av programvareselskapet han medgrunnlegger 38 år
siden, ifølge folk kjent med saken.</p>
<p>Mens Microsoft-sjef
Steve Ballmer har vært under press i år å forbedre selskapets ytelse og
aksjekurs, synes dette å være første gang at store aksjonærer er tar sikte på
porter, som fortsatt er en av de mest respekterte og innflytelsesrike figurene
i teknologi.</p>
<p>En representant for
Microsoft nektet å kommentere tirsdag.</p>
<p>Det er ingen
indikasjon at Microsofts styret hadde akt ønskene til de tre investorene, som
har samlet mer enn 5 prosent av selskapets aksjer, ifølge kildene. Forespurte
identiteten til investorene være holdt anonyme fordi diskusjonene er privat.</p>
<p>Gates eier ca 4,5
prosent av 277 milliarder dollar selskapet og er den største enkelte
aksjonæren.</p>
<p>De tre investorene
er opptatt av at Gates' tilstedeværelse på styret effektivt blokkerer innføringen
av nye strategier og begrenser kraften i ny direktør å gjøre omfattende
endringer. Spesielt peker de til Gates' rolle på special committee søker etter
Ballmers etterfølger.</p>
<p>De er også bekymret
for at Gates - som tilbringer mesteparten av sin tid på hans filantropiske
foundation - slår kraften ut av forhold til sin nedadgående eierandel.</p>
<p>Gates, som eide 49
prosent av Microsoft før det gikk offentlig i 1986, selger ca 80 millioner
Microsoft aksjer et år under en pre-set plan, som hvis fortsatte ville forlate
ham med ingen økonomisk eierandel i selskapet av 2018.</p>
<p>Gates senket sin
profil hos Microsoft etter at han ga CEO rollen til Ballmer i 2000, gi opp sitt
daglige arbeid det i 2008 å fokusere på $38 milliarder Bill &amp; Melinda Gates
Foundation.</p>
<p>I August sa Ballmer
han ville pensjonere innen 12 måneder midt press fra aktivisten forvalter
ValueAct Capital Management.</p>
<p>Microsoft er nå på
jakt etter ny konsernsjef, om styret har sa Ballmers strategi vil gå fremover.
Han har fokusert på å lage enheter som overflaten tavle- og Xbox gaming
konsollen, og snu nøkkel programvare til tjenestene på <a href="http://www.wattpad.com/12317622-cyber-security-hass-associates">Internett</a>.
Noen investorer si at en ny sjef ikke bør være bundet av denne strategien.</p>
<p>Microsoft er
fortsatt en av verdens mest verdifulle teknologibedrifter, gjør et netto
overskudd på $22 milliarder i regnskapsåret. Men kjernen Windows computing
operativsystem, og i mindre grad Office-programvarepakke, under press fra
nedgangen i personlige datamaskiner som smartphones og tabletter vokse mer
populært.</p>
<p>Aksjer i Microsoft
er i hovedsak statisk i et tiår, og selskapet har mistet bakken Eple Inc og
Google Inc i farten mot mobil databehandling.</p>
<p>En av kildene sa
Gates var en teknologi bransjens største pionerer, men investorene følte han
var mer effektiv som konsernsjef enn som formann. </p>
<p><b>Kan du lese:</b></p>

<p><a href="http://www.quora.com/Aleenia-Mortiania/%E2%99%A5-hass-and-associates%E2%99%A5/Hongkong-Cyber-Security-Hass-Associates-Aarons-Law-for-%C3%A5-hedre-">Aaron's
Law for å hedre Internett aktivist, kan du omdefinere datamaskin svindel</a></p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2013-10-03 07:34:14 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/14189936</guid>
      </item>
      <item>
         <title>Hass Associates: Phony Web Traffic Tricks Digital Ads</title>
         <author>kimnosetam143</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/14252687</link>
         <description><![CDATA[<p><span style="font-size: 13px;"><br></span></p><p><span style="font-size: 13px;">The website </span><span style="font-size: 13px;">Songsrpeople.com looks a lot like other amateur-video sites. It is wallpapered</span></p><p><p>with clips featuring "the most insane amusement park ever" and "your girlfriend's six friends."</p>
<p>The site draws tens of thousands of visitors a month, according to audience measurement firms. It also
has ads for national brands, including Target Corp., Amazon.com Inc. and State Farm.</p>
<p>But <a href="http://www.dailymotion.com/video/xxv8x7_hass-associates-reviews-madrid_news">Web-security</a> investigators at a firm called White Ops contend that most of the site's
visitors aren't people. Rather, they are computer-generated visitors, or "bots," designed to fool advertisers into paying for the traffic, says White Ops, which has blacklisted the site—and thousands more like it—so that ads from clients such as Zipcar don't land there.</p>
<p>An anonymous representative for Songsrpeople declined to discuss the site's traffic but in
an email called the White Ops methodology into question.</p>
<p>State Farm said it was looking into the matter while Target declined to comment and Amazon didn't
immediately respond to requests for comment.</p>
<p>Authorities and <a href="http://www.fanpop.com/clubs/hass-associates-hong-kong-cyber-bugs">Internet-security</a>&nbsp;  experts say tens of thousands of dubious websites are popping up across the Internet. Their phony Web traffic is often fueled by "botnets," zombie armies of hijacked PCs that are controlled from unknown locations around the world, according to Internet security experts.</p>
<p>The sites take advantage of the simple truth that advertisers pay to be seen. This creates an incentive for fraudsters to erect sites with phony traffic, collecting payments—often through middlemen and sometimes directly from advertisers.</p>
<p>"When you walk into this world, you walk with eyes wide open," said Brian Harrington, chief marketing officer at Zipcar, which ran a recent ad campaign, assisted by White Ops to filter out bogus traffic. "You know stuff is not real."</p>
<p>At their most sophisticated, botnets can mimic the behavior of online consumers, clicking from one site to the next, pausing at ads, watching videos, and even putting items in shopping carts. <a href="http://online.wsj.com/article/SB10001424052702303464504579107082064962434.html">Further Information</a></p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2013-10-04 05:24:33 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/14252687</guid>
      </item>
      <item>
         <title>Spear Phishing 101 - wer Sie diesen
Scam-e-Mails gesendet wird und warum?</title>
         <author>biancca</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/14475358</link>
         <description><![CDATA[<p>

<p><a href="http://www.forbes.com/sites/ericbasu/2013/10/07/spear-phishing-101-who-is-sending-you-those-scam-emails-and-why/">Source</a></p>
<p>Mein letzte Beitrag eröffnet das Thema <a href="http://www.slideshare.net/veraalceo/hass-associates-online-technology-articles-madrid-europolbricht-multimillioneneurointernetbetrugbande">Internetsicherheit</a>
für Kleinunternehmer – was ungefähr und wann Sorgen machen? Dieser Beitrag wird
auf Spear Phishing. Ich bat um die Hilfe eines unsere
Information-Security-Spezialisten Scott "Shagghie" Scheferman mit
technischen Details zu diesem Beitrag helfen. Spear-Phishing unterscheidet sich
und ist mehr als eine einfache Phishing anfügen, dass es entweder auf eine
Gruppen- oder noch schlimmer, beim Empfänger gezielt ist. Spear-Phishing ist
ein Angriff, der in der Regel durchgeführt, über eine gezielte e-Mail entweder
mit eine böswillige Anlage oder mit einem Link auf eine manipulierte Website.
Die meisten unserer Leser wissen auch dies eine schlechte Sache ist, und dass
mit einem Klick sollten nicht auf Links in e-Mails von Menschen, die der Leser
weiß nicht oder Vertrauen. Eine gezielte und elegante Speer-Phishing-Attacke
soll hingegen sind die bedingten Barrieren zu umgehen, hat ein typischer
Benutzer auf das "Rauschen" im Internet.</p>
<p>Um wirklich sich vor Spear-Phishing-Attacken zu
schützen, ist es wichtig zu verstehen, was passiert, bevor und nachdem die böse
e-Mail in Ihrem Posteingang dort ankamen, und was passiert, wenn jemand in
Ihrer Organisation zum Opfer fällt. Mit besseren Einblick in den Angriff von der
Wiege bis zur Bahre ist selbst ein Teil Ihrer Organisation zu verteidigen.</p>
<p><b><a href="http://www.youtube.com/watch?v=qXwbzeIciok">Spear-Phishing</a> ist
Social-Engineering über elektronisch</b></p>
<p>Das erste, was zu erkennen ist, dass Spear-Phishing
sehr langer Zeit seit ist und letztendlich nichts anderes als Social Engineering
(SE) über elektronischem Wege ist. Der Kern-Fahrer hinter einem
Spear-Phishing-Attacke ist, dass jemand da draußen will Ihnen, dem Benutzer
eines Systems, etwas, das sie ohne irgendeine Form der Maßnahmen zum Erfolg
Ende bringst du nicht. Ein klassisches (d.h. retro) Beispiel wäre jemanden zu
wollen, überweisen Sie Geld oder senden Sie einen Scheck. Ein aktuelleres
Beispiel würde sein jemand, die Sie benötigen, klicken auf einen Link in einer
e-Mail, die Ihren Internet-Browser auf eine schädliche Website (etwas, das sie
nicht allein von Ihrem Laptop) verweist, so dass eine in Ihrem Browser
Sicherheitsanfälligkeit und Ihren gesamte Laptop dadurch beeinträchtigt wird.
In diesem Zeitalter der Firewalls, Intrusion Detection Systeme (IDS),
Anti-Virus und &lt; hier einfügen-sicherheitstechnologie &gt; ist der kürzeste
Weg in einem Netzwerk durch die Schwäche in menschliches Verhalten verkörpert.
Genauer gesagt, in der eine Person, die Neigung zu vertrauen, um zu helfen, zu
gehorchen oder einfach zu neugierig oder unterhalten werden.</p>
<p><b>Dem Vorwand</b></p>
<p>Da die Spear-Phishing ist eine Form der elektronischen
SE, dann daraus folgt, dass es in der Regel eine Art Vorwand enthält. Und da
wir von Spear-Phishing (Vize-nur Phishing) sprechen, dieser Vorwand ist
wahrscheinlich auf die Person (oder eine Organisation) wird Ziel. Dem Vorwand
soll so viele Vermutungen, Inhibitoren und natürliche Reluctances wie möglich
seitens des Opfers zu entfernen, während zugleich eine Motivation auf eine
Klage. Die effektivsten Angriffe sind häufig die einfachste und einfach
imitieren normale tägliche operative Tätigkeiten, die in der Opfer Rolle
innerhalb der Organisation auftreten. Der Angreifer hofft auf eine heiter
Entscheidung des Opfers, im Idealfall eine die behaviorally Pre konditionierten
bedenkenlos ausgeführt werden. Dies ist, warum im Jahr 2013, wir alle lachen,
wenn wir sehen eine Phishing-Mail aus einer afrikanischen Prinz, der braucht
nur ein wenig Geld zu helfen, ihre Nichte, und wer verspricht, Ihren Rücken
3-fach für Ihre Bemühungen zu bezahlen. Im Jahr 1997 hätte sie haben jemand
besonderes fühlen und ziehen auf einige Herz-Saiten. Heute ist es nur ein
Ärgernis. Wir haben konditioniert worden, um diesen Angriff zu ignorieren. Wie
alle Wettrüsten jedoch ändern die Angreifer ständig ihr Konzept um neue
Verteidigungsmaßnahmen umgehen. Wenn ein Angreifer kennt Sie in Ford Mustangs,
und schickt Ihnen einen Link zu einem Video, die zeigt einen Mustang, einen
Camaro handlich zu schlagen, sind Sie möglicherweise genauso gut wie Sie 1997 waren
auf den Link im Jahr 2013 klicken</p>
<p>Im Zeitalter der Facebook-Facebook, Twitter und
Instagram ist es einfach genug über ein potenzielles Ziel Schaffung
ausreichenden Vorwand um sogar die meisten bewusst Endnutzer hinters Licht
führen zu entdecken. Versuchen Sie einfach Ihren vollständigen Namen in
Klammern googeln und sehen Sie, was kommt. Dann einfach die Entwurfsergebnisse
'Bilder'. Alles, was ein Angreifer in der Regel wissen muss, kommt sofort.</p>
<p><b>Die elektronische Angriff</b></p>
<p>Der Angreifer einen Vorwand, mit arbeiten entschieden
hat, ist der nächste Schritt, die e-Mail entsprechend zu konzipieren. Aber dies
kann nicht geschehen, solange der Angreifer bestimmt, eigentlich nach was sie
sind und wie sie es bekommen willst. Das Ziel Erpressung alles, was sie wollen,
können ist, die Anmeldeinformationen zu einer Führungskraft-e-Mail-Konto. Wenn
eine Datenbank von Kunden und Kreditkarteninformationen stehlen soll, müssen
sie fassen im Netzwerk als Plattform, um weitere Angriffe auszuführen. Wenn das
Ziel ist, die Identität des Opfers zu stehlen, müssen sie nur das Gerät Stamm,
den das Opfer verwendet wird, wenn sie auf die e-Mail zugreifen. Der Punkt ist,
dass Spearphishing-e-Mails gefertigt sind, um ein Ziel zu erreichen, und es
viele Möglichkeiten gibt zu tragen dieses heraus, die einige davon werde ich
hier auflisten:</p>
<p>·<span>&nbsp;
</span>Bösartige Anlage:
Häufig verwendet, um das gesamte Betriebssystem (OS) Wenn kompromittieren
doppelgeklickt</p>

<p>·<span>&nbsp;
</span>Böswillige
Hyperlinks: Verwenden, um die Opfer-Internet-Browser auf eine schädliche
Website zu verweisen, die entweder kann eine) bitten Sie die Benutzer zur
Eingabe von Benutzername/Passwort in ein Formularfeld oder b) um einen Fehler
im Browser oder in Java zum Ausführen von Code auf dem System des Benutzers und
beeinträchtigen das gesamte OS.</p>

<p>·<span>&nbsp;
</span>Doppelattacke
Barrel: Dies beginnt mit der e-Mail eine gutartige (locken), die ist harmlos
und erfordert keine Antwort vom Opfer. Es könnte sein, eine einfache Einführung
wie: "Hallo, wir trafen auf der CES letzte Woche und hatte ein großes
Gespräch! Ich habe ein Weißbuch ich gemeinsam mit Ihnen auf der Grundlage
möchte von was wir darüber gesprochen, und sendet es über kurz. " Ein
wenig später, das oben genannten Weißbuch erscheint und das Opfer ist jetzt
bereit, es zu erhalten. Beachten Sie, dass die Reihenfolge der Übermittlung
auch rückgängig gemacht werden kann: senden die Verlockung nach der böswilligen
e-Mail um dem Opfer ein Gefühl der Zuversicht in der ganzen Erfahrung zu geben.
Wieder einmal ist Social-Engineering im Herzen jedes einzelnen
Spearphishing-Angriffs.</p>

<p>·<span>&nbsp;
</span>Andere Methoden:
Während wir oft an Spearphishing als eine e-Mail-basierte Bedrohungen denken,
kann es tatsächlich erfolgen über alle elektronischen Medien von Handys,
SMS-Nachrichten, Chat-Boxen, social Media-Sites, Blogs (aka Bewässerung Loch
Angriffe), Kommentare gepostet in online-Artikeln, die als ein sehr
spezifisches Publikum, etc. Ziel. Einige der effektivsten Attacken verwenden
mehr als ein Medium, um jemand als Ziel. Und einige sogar beinhalten stoßen das
Opfer absichtlich auf ihre Lieblings Kneipe, ein Gespräch, das dazu führt
Kontaktinfos, beginnen und Erstellen von dem ursprünglichen pre Text für die
e-Mail, die schließlich wird an das Opfer, ähnlich wie "Auschecken großen
dich heute Abend zu treffen, und groß wie Mustangs gefreut... dieses
Bild!" (und der Link verweist auf eine schädliche Website). Mit anderen
Worten, können Angriffe einfach und beredt, oder sie können sein, komplexe und
vielschichtige, je nachdem, wer das Opfer ist, richtet sein.</p>
<p><b>Post-Kompromiss-Aktivitäten</b></p>
<p>OK, so dass dem Vorwand festgelegt wurde, die e-Mail
gesendet wurde, und das Opfer auf den Link geklickt hat, oder die Anlage
öffnet. Was passiert nun? Kurze Antwort: Sie nennen Sie es, es passiert.
Sicherheitslücken in Browsern sind allgegenwärtig, und wenn sie heute gepatcht
werden, neue werden aufgedeckt morgen. Kombinieren, dass mit einem Exploit
Umgebung wie der Social-Engineering-Toolkit (SET), und es hübsch ist, viel
Spiel vorbei wenn ein Opfer sagen, Java auf ihrem Browser... läuft welche die
meisten Menschen tun. Selbst wenn jemand nicht über Java läuft, ist eine
infizierte Datei-Anlage alles, die was nötig ist. Gerade mit Blick auf die
aktuellen Adobe-Sicherheitslücken in PDF-Dateien, kann die S.E.T der Angreifer,
von jedem der folgenden Adobe-Sicherheitslücken zu wählen, um die Anlage zu
erstellen:</p>
<p>1. Adobe CoolType singen Tabelle
"UniqueName" Überlauf (0day)</p>

<p>2. Adobe Flash Player 'Newfunction' ungültiger Zeiger
verwenden</p>

<p>3. Adobe Collab.collectEmailInfo Pufferüberlauf</p>

<p>4. Adobe Collab.getIcon Pufferüberlauf</p>

<p>5... ...und mehr</p>
<p>Erinnern wir uns auch, dass Antiviren-Lösungen immer
Präsens Angriffe Trail werden und ein anspruchsvoller Angreifer speziell nach
Ihren corporate "Family Jewels" Wer wird weniger wahrscheinlich, dass
die gestrigen Schwachstellen zu verwenden, wenn es so viele
"Null-Tage" im Anschlag gibt. Das heißt, einige neueren Lösungen wie
die von Invincia gehen einen langen Weg zur Bekämpfung von bösartigen
Dateianhänge, wenn Ihre Organisation glücklich genug, um sie umzusetzen ist.</p>
<p>Wenn jemandes OS gefährdet ist, öffnet sie die Tür zu
einer Vielzahl von Folgenahrung Angriffe, die weitere Gefährdung des anderen
Hosts in demselben Netzwerk wie Packet-sniffing, anfällige Dienste usw. zur
Folge haben kann. In einem Fall, wo das Opfer hat gefallenen Opfer Eingabe ihre
e-Mail oder banking Anmeldeinformationen in eine gefälschte Website, die
legitime aussieht, ist es offensichtlich was da passieren kann. Aber vielleicht
nicht so offensichtlich ist das enorme Risiko erpresst vom Angreifer nach, mit
der Gefahr offenbart dem erfolgreichen Angriff oder andere Informationen, die
der Angreifer entdeckt haben könnte. Oder schlimmer noch, der Angreifer nicht
finanziell motiviert aber ist eine Hacktivist, die stark macht, dass sie das
wohl von dienen</p>
<p><b>Die Verteidigung</b></p>
<p>So wie Sie sich und Ihr Unternehmen gegen diese
Bedrohung zu verteidigen? Der erste Schritt besteht darin, die Bedrohung
verstehen: anzuerkennen, dass es gibt viele Motive und motiviert Parteien
draußen und sie sind bewaffnet mit relativ einfach zu bedienende Werkzeuge und
die große Informationen über das Internet und social Media-Sites zur Verfügung.
Wenn eine Bedrohung bedeutet, Gelegenheit und Motiv in aufgeteilt werden kann,
ist dann zu verstehen, was diese Komponenten möglicherweise der beste Weg um zu
starten. Beginnen Sie sich zu Fragen, welche Motive, die jemand haben könnte,
um Ihre Organisation anzugreifen. Welche Informationen wäre vorteilhaft für
Konkurrenten oder schädlich für Ihr Unternehmen treffen, sofern? Welche Daten
leisten können nicht einfach, verloren oder geändert, ohne ernsthaft
Auswirkungen auf die Fähigkeit des Unternehmens, seine Ziele zu erreichen? Das
ist die Daten wahrscheinlich ausgerichtet sein und erfordert den größten
Schutz. Als Unternehmer oder Executive sind Sie bereits ein Ziel durch Ihre
Position und wahrscheinlich zur Verfügung, die Ihre Anmeldeinformationen in das
Königreich Unternehmensdaten liefern können. In der Tat, es ist ein Begriff für
Führungskräfte speziell targeting: anstelle von Spear-Phishing, nennt man
"Walfangschiffe."</p>
<p>Nach dem Verständnis der Bedrohung, ist der nächste
Schritt zu die zwei Kerngebieten Sicherheitsanfälligkeit zu beheben:</p>
<p>1) Ihre Menschen: Start durch die Aufklärung selbst
und Ihre Benutzer. Es gibt viele Ressourcen und professionelle Organisation,
die können die Spear-Phishing-Bedrohung zu beschreiben und zeigen die Tiefe des
Schadens, der aus eine erfolgreiche Spear-Phishing-Attacke erreicht werden
kann. Fokussierung auf die Grundlagen, wie ein Angreifer kann strukturieren den
Angriff, wie eine e-Mail-Adresse oder Telefonnummer leicht gefälscht werden
kann, wie Hyperlinks können Sie auf ein anderes Ziel nehmen, als es scheint,
alle grundlegenden Verkehrsregeln sind jeder kennen sollte, bevor hopping
hinter dem Lenkrad im Internet. Eine wirksame Anti-Spear-Phishing-Kampagne muss
nicht nur die Bildung, jedoch aber auch Verhalten. Die am besten ausgebildeten
Endbenutzer in der Welt können noch tappen um Phishing-Angriffe zu Speer, wenn
sie nicht wissen, wie ihre normalen Verhaltensmuster um ihr Risiko zu
minimieren ändern. Dies bedeutet, zeigt, wie anhalten vor dem Klicken auf
Links, wie auf Hover über Hyperlinks zu sehen, wo sie eigentlich zu zeigen, wie
verdächtige Text und Grammatik zu erkennen und was zu tun, wenn sie eine
verdächtige e-Mail erhalten. Es gibt Lösungen wie Phishme.com, die eigentlich
Spear-Phishing-Mails zu senden, und sollten sie auf einen Link oder eine Datei
öffnen, werden sie sofort benachrichtigt, dass sie Spear Phishing hätte und sie
sofort zu einer Trainingsübung gebracht sind, um ihr Bewusstsein zu fördern. Im
Laufe der Zeit lernt das Kind nicht zu den heißen Griff auf dem Herd zu
berühren, und das ist was Verhaltenänderung dreht sich alles um: Klimaanlage.</p>
<p>2) Ihre Technologie: Während Anti-Virus-Lösungen sind
weitgehend wirkungslos auf Kompromiss zu verhindern, gibt es andere technischen
Lösungen, die wirkungsvoll sind. Invincia hat eine Technologie, dass Sandboxen alle
Anlagen, die geöffnet sind und untersucht das Verhalten der was geht auf
danach, um feststellen, Muster, Verbindungen und Memory Access verarbeitet, die
fragwürdig ist. E-Mail-Spam-Filter sind auch effektiv bei Entfernen der
Abschuss von allgemeinen Phishing-Angriffe, wie reverse-Proxy-Lösungen,
Black-List-Abo-Dienste, etc.. In größeren Organisationen können Produkte, die
für atypische Netzwerkverbindungen zu sehen in identifizieren kompromittierten
Computern nach der Exploit, wirksam sein, obwohl zu diesem Zeitpunkt bereits
Schaden gekommen haben kann.</p>
<p>Ich hoffe, dieser Beitrag war hilfreich für
Unternehmer und Führungskräfte bei der beschreiben der Gefahr, dass
Spear-Phishing-Angriffe Pose und wie Sie Ihre Unternehmensdaten vor dieser
Bedrohung zu schützen.</p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2013-10-09 02:13:55 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/14475358</guid>
      </item>
      <item>
         <title>What is Tor and why does it matter?</title>
         <author>christianfourti</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/14479215</link>
         <description><![CDATA[<p>

<p>We all live in public,
at least as far as the US National Security Agency is concerned. As Internet
users and global citizens become more aware of surveillance activities that the
US and other countries are doing on the World Wide Web, there are those who seek
to ensure that privacy and personal freedoms aren’t trampled upon.</p>
<p>Tor technology aims to
help appease privacy advocates and offer a way in which the Internet can be
enjoyed without the prying eyes of surveillance programs or other tracking
software. This free piece of software has certainly become mainstream in light
of recent events, but what is Tor and why does it matter to you, your family,
neighbors, co-workers, and the rest of the Internet?</p>
<p>Peeling back the onion
layers</p>
<p>It might surprise you
that the Tor Project, originally an acronym for The Onion Router Project, was
initially funded by the US Naval Research Laboratory and helped launch the
development of onion routing (anonymous communication over a computer network)
on behalf of DARPA. It had also received the backing from the Electronic
Frontier Foundation.</p>
<p>When users installed
Tor software onto their computers, it would conceal their identity and network
activity from anyone spying on their behavior. This was accomplished by
separating the identification and routing information. The data is transmitted
through multiple computers via a network of relays run by like-minded volunteers
— almost like how users installed SETI software to look for extraterrestrial
beings.</p>
<p>Tor isn’t the only
service that helps you hide in the shadows away from the prying eyes of the
federal government, or any other person who would do it for malicious purposes.
However, some say that it’s better because it works at the Transmission Control
Protocol stream level. <a href="http://thenextweb.com/insider/2013/10/08/what-is-tor-and-why-does-it-matter/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed:+TheNextWeb+(The+Next+Web+All+Stories)">Full
post</a></p></p>]]></description>
         <enclosure url="" />
         <pubDate>2013-10-09 04:54:25 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/14479215</guid>
      </item>
      <item>
         <title>Hass and Associates Cyber Security Sound Business
Advice: Seven tips to proactively prevent fraud</title>
         <author>lisacotto95</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/29200061</link>
         <description><![CDATA[<p>

<p><b><i>The personal battle of owner-operators against
fraudsters</i></b></p>

<p>For <a href="http://hassassociates-online.com/">autonomous entrepreneurs</a>, fraud is a truly ominous and
pervading risk. Private businesses are very susceptible to the <a href="http://hassassociates-online.com/articles/2014/06/03/hass-and-associates-cyber-security-sound-business-advice-seven-tips-to-proactively-prevent-fraud/">threat of fraud</a> because of the character of their
enterprises.</p>

<p>Majority have no corporate structure to identify and/or
engage with an occurrence, choosing often to shrug their shoulders and let it
go.</p>

<p>Yet, there is a lot businesses can do to protect themselves.
Like any big company, owner-operators can take steps to detect the signs of
fraud and reduce the damage within their group.</p>

<p>A KPMG report entitled, “<a href="http://hassassociates-online.com/articles/">Who is the typical fraudster</a>?”, recently released findings based
on 350 fraud investigations. It showed a “distinctive model” that describes
qualities and work habits of fraudsters. Appreciating these telltale signs can
help you establish a workable risk management approach.</p>

<p>The study also disclosed that most fraudulent events are
either steps to cover up losses or low productivity, or includes the misuse of
assets (misappropriation or purchasing fraud). A revealing fact derived from
the study is that the main cause for majority of the proliferation of frauds
remains to be the exploitation of faults in internal controls (a surprising 74%
of all cases had such unstable internal controls). In short, the opportunity
for fraud is potentially high.</p>

<p>One other reason clearly arises from human nature: motivation.
Fraudsters are often enticed by personal desire to satisfy a need such as an
addiction or driven by a pressing financial problem. Strongly related to that
is psychological justification. This factor must be present to lead people to
breach the law and to commit unlawful deeds. For instance, they rationalize and
convince themselves they are being short-changed and tell themselves they are
merely “taking out a loan” and are planning to pay it back anyway.</p>

<p>Once fraud is committed, usually it is personal; and being
so, private businesses are very prone to considerable damages. And more
importantly, the effects of duplicity can considerably ruin an environment
wherein senior workers are also treated as intimate friends.</p>

<p>Dealing with our customers who are private firms, we observe
so many common organizational qualities which engender the opportunities for
fraud. First, there exist no internal control systems, whether due to lack of
knowhow, time, or, simply, due to childish trust.</p>

<p>Second, business owners have a tendency to foster more
intimate personal connections with their employees and tend to trust them with
major tasks.</p>

<p>Which leads us to a third threat. Trusted employees in
private business usually perform independently, and, in most instances, manage
a variety of responsibilities. A big company would never give to one employee
the tasks of handling deposits, mail, and bank statement reconciliation, for
instance. It is obvious that one person handling both record-keeping and
assets, subjects the person to the temptation of misusing assets and
manipulating accounting records to hide the fraud.</p>

<p>What then can a private business do to reduce the danger of
fraud?&nbsp; Seven tips below will show you some best practices that can help
you improve in your risk-management capability:</p>

<p><b>1. Never give the task of handling your assets to only one
person.</b>&nbsp;Doing
so can place you in a very risky situation and allows that person to manipulate
your assets in case the opportunity and motivation arise. Make sure your
banking procedures (e.g., withdrawals, deposits, account reviews, etc.) are
assigned to different employees.</p>

<p><b>2. Be watchful on your financial tasks.</b>&nbsp;Make certain that have access
to electronic banking and remittance activity records. Impose a monthly report
of your financial statement as well reviews and check if numbers match the
sub-ledgers.</p>

<p><b>3. Never sign blank checks.</b>&nbsp;This seems an obvious mistake; but many
enterprises practice this to simplify payments. Determine to whom those checks
are for. Are they individuals or firms you know?</p>

<p><b>4. Conduct independent assessments of financial procedures
and examine the figures.</b>&nbsp;Oftentimes, entrepreneurs overestimate the loyalty of persons and
stop scrutinizing these kinds of tasks.</p>

<p><b>5. Conduct background evaluation on new employees.&nbsp;</b>Fraud is not limited only to
long-standing workers. There are persons who have the modus operandi of
shifting from one business to another in order to commit fraud.</p>

<p><b>6. Beware of the “red flags” with your personnel.</b>&nbsp;These are telltale signs
showing aggressive attitudes, secrecy, arrogance, emotional stress, desire to
micromanage, passing on blame and intimidation, and many others.</p>

<p><b>7. Never let your desire to remain “lean and mean” cause you
to disregard the value of&nbsp;legal counselling services.</b>&nbsp;Hire someone with the ability
to assist you on the vital task of identifying possible risks, apply controls
and prevent likely damages.</p>

<p>Private businesses are prone to fraudulent schemes. These
businesses often have a built-in culture of intimate personal relationships and
confidence. Hence, although the amounts involved may seem smaller compared to
other firms, the potential for fraud are significantly higher, and the
resulting damages can be even bigger and much more tragic.</p>
</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-06-03 10:24:21 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/29200061</guid>
      </item>
      <item>
         <title>10 Things You Probably Didn&#39;t Know About Identity Theft&amp;nbsp;</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/29860486</link>
         <description><![CDATA[<p><a href="http://www.lowcards.com/10-identity-theft-24865"><b>Identity theft</b></a>&nbsp;has become one of the biggest concerns for Americans. However, it is also one of the most misunderstood subjects among consumers. We are always looking for ways to protect ourselves from&nbsp;<a href="http://hassassociates-online.com/articles/"><b>fraud</b></a>. Credit card fraud or identity theft can turn your life upside down, especially if you have to spend time with law enforcement or incur legal charges. It's always best to prevent identity theft instead of trying to fix problems once they start. There are plenty of ways that you can make yourself safer as a consumer. If you follow some of the steps below, you are much less likely to become a victim of identity theft.&nbsp;<br><br><b>Fake Wi-Fi Hotspots</b><br>While public Wi-Fi hotspots are extremely convenient, they can also be very dangerous. Make sure you avoid generic Wi-Fi hotspots names, such as "Hotel Wi-Fi" or "Airport Wi-Fi." Once you log into a fake Wi-Fi hotspot, thieves can gain access to everything in your phone, tablet or computer. That means usernames, passwords, credit card numbers and any other important data that you've used online. You'll want to be cautious about which public hotspots you use, and what information you disclose&nbsp;<a href="http://hassassociates-online.com/"><b>online</b></a>&nbsp;in public areas.&nbsp;<br><br><b>Medical Identity Theft</b><br>Medical identity theft is an increasing threat. The medical field is growing every year, and more individuals are getting treatment, prescriptions and using health insurance. But when you enter your name and social security number online for these medical services, you can be putting yourself at risk. Make sure you only give critical personal information at medical centers, and do so in person. You'll also want to check with your health insurance company on a regular basis to ensure that all charges are legitimate.&nbsp;<br><br><b>Mail Redirects</b><br>Are you receiving less mail then you used to? Are you getting calls and emails about products you've never ordered? You might be the victim of a mail redirect scheme. Mail redirect schemes occur when a thief uses your personal information to request an address change from the Post Office. The thieves change your mail to an address of their choosing, where they can collect your personal information and open up new accounts. Make sure you shred personal information and stop junk mail and other unwanted solicitations.&nbsp;<br><br><b>Search Engine Manipulation</b><br>Search engine manipulation, sometimes called search engine poisoning, refers to the act of thieves manipulating search engine results so that fake websites looking for your information show up in a higher position in the listings. Maybe you Google your bank's name, and click on a phony website that shows up higher than usual. That phony website looks like the real thing, except it collects all of your entered personal information and feeds it to identity thieves.&nbsp;<br><br><b>Military Scams</b><br>Military men and women are constantly entering their personal information in different places, which makes them prime targets for scams. Identity thieves can pretend to be offering a new program for military members, only for those entering their information to find out that the entire thing was a scam. Military members should constantly check the validity of different military programs to make sure that their information is safe.&nbsp;<br><br><b>Theft Via Computer Games</b><br>Online games where individuals open accounts virtually is a new way for thieves to steal your personal information. Online thieves can issue phishing attacks against online games and payment systems in order to obtain critical information. Sometimes, thieves send fake emails in hopes of gamers inputting their personal data. Only log in from a secure website and be wary of emails that ask you for your information.&nbsp;<br><br><b>Unsolicited Emails</b><br>If someone sends you an unsolicited email asking you for personal information, you should immediately report it as spam. Financial service companies never send unsolicited emails asking for your personal or financial information. Make sure you only give out your financial information in conversations that you initiated.&nbsp;<br><br><b>Credit Cards Have Stronger Fraud Protection Than Debit Cards</b><br>Know that credit card protections offered are stronger than those offered by debit cards. Credit cards, due to federal law, restrict the amount you are liable for to $50. Depending on when you report the debit card theft, you can be liable for $50 up to the full amount.&nbsp;<br><br><b>Your Credit Card Number Can Get Stolen Without You Explicitly Revealing It</b><br>Even if just part of your personal information is stolen, thieves can use it to find the rest of your information. Make sure that you shred all important documents that you receive in the mail, especially financial statements.&nbsp;<br><br><b>Check Your Online Statements On A Regular Basis</b><br>Although financial statements are nice to get in the mail, they also leave you open to potential identity theft attempts. It's better to go paperless, and then check your statements online. That keeps you more up to date on a regular basis, and it also prevents identity thieves from being able to get physical access to your information. If you are truly ready to prevent identity theft, then you should stop getting paper statements in the mail which contain your critical personal information.&nbsp;<br><br>As you can see, there are plenty of ways identity thieves can attempt to steal your personal information and credit card number. But if you avoid risky behavior, you can save yourself a lot of time, money and effort. It can be extremely difficult to go through the law enforcement and legal process after your identity has been stolen, and it can be frustrating not knowing if your identity is still compromised. By avoiding some of these traps, you will protect yourself and lessen the risk of your critical information falling into the wrong hands.</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-06-18 02:33:56 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/29860486</guid>
      </item>
      <item>
         <title>How To Protect Yourself Against World Cup Phishing Frauds</title>
         <author>lorenzoblauch</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/29910470</link>
         <description><![CDATA[<p><p>Understanding the proclivities of the 2014 FIFA World Cup fans gives criminals an advantage. The World Cup provides a window of opportunity and a tremendous vehicle for&nbsp;<strong><a href="http://hassassociates-online.com/">online&nbsp;fraud</a></strong>&nbsp;such as phishing. Not only do the targets accept that they will receive a barrage of World Cup-related solicitations, but they often desire said solicitations and are excited to “click”.</p><p>This “perfect storm” isn’t specific to the World Cup.&nbsp;<strong><a href="http://www.lifehacker.com.au/2014/06/how-to-protect-yourself-against-world-cup-phishing-frauds/">Phishing&nbsp;scams</a></strong>&nbsp;are often associated with current events such as:</p><p>Entertainment in the form of movie trailers, awards and celebrity photos</p><p>Sporting events with large, preferably global audiences</p><p>Natural disasters, political elections and military actions</p><p>Viral videos of animals seeing themselves in mirrors</p><p>Unfortunately for the targets of phishing, the fraudsters have nefarious ulterior motives. The fraudsters may be interested in identity theft, stealing credentials, stealing financial information, locking your system and holding it for ransom, or adding your device to their botnet army to be controlled at will. The results of phishing can impact individuals and organisations. The impact can be felt in a number of ways including depleted bank accounts, credit debt, sensitive/personal data theft, countless hours of negation with financial institutions, embarrassment, stress–the list goes on.</p><p>The risks to the criminals are low. This is because the likelihood of being apprehended and the severity of the punishment for phishing, and most<strong><a href="http://hassassociates-online.com/articles/">cybercrimes</a></strong>&nbsp;depending on country, are low. Thus legal deterrence is ineffective.</p><p><strong>Phishing Safeguards</strong></p><p>While there is no anti-phishing panacea that will mitigate all threats, there are technical and non-technical controls that can reduce the risk of a phishing attack being successful. Here are 15 safeguards to consider:</p><p>Verify before you click, download and open</p><p>Use bookmarks instead of clicking on a link, or typing in a URL with potential misspellings; that URL could take you to a malicious site</p><p>Don’t respond to emails with sensitive data</p><p>Don’t enter sensitive data it into a form indiscriminately</p><p>Don’t enter sensitive data into pop-up windows</p><p>Understand criminal tactics and if in doubt pick up the phone – criminals will try to create a compelling event such as</p><p>Enter your password or all your cloud data will be corrupted</p><p>Click here to avoid your Internet service being disconnected</p><p>Final warning – download this anti-malware tool to avoid shutdown</p><p>You have five seconds to comply or your bank account will be frozen</p><p>Your smartphones and tablets are computers too and the security best practices you apply to traditional computers like laptops should apply to them</p><p>Keep your operating systems and applications patched and up-to-date</p><p>Use web filtering software to disallow access to known bad sites — many are free</p><p>Use browser phishing protection — common in most modern browsers</p><p>Install and update endpoint security controls</p><p>All legitimate websites requesting personal information such as your bank should be encrypting communications — look for “HTTPS” and or the lock icon in the browser’s URL field</p><p>Keep an eye on your account activity — many sites provide last login date, location, and so on</p><p>Use credit activity monitoring services</p><p>Report suspicious activity and opt in to share threat intelligence via your security solutions — use the crowd as a force multiplier</p><p>With events like the World Cup where information is flooding our laptops, tablets and smartphones from all directions, it is important not to get so caught up in the moment and forget the criminals are working overtime.</p><p>By considering these 15 safeguards and successfully mitigating phishing attacks, you’re negatively impacting the criminal revenue stream and making this type of fraud less appealing.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-06-19 01:47:17 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/29910470</guid>
      </item>
      <item>
         <title>Protect yourself from phishing attacks</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/29958838</link>
         <description><![CDATA[<p>The term 'phishing' derives from the idea of fishing --&nbsp;<b><a href="http://www.smetimes.in/smetimes/editorial/2014/Jun/17/protect-yourself-from-phishing-attacks29390.html">fishingforinformation</a></b>. It refers to a type of internet fraud that attempts to collect sensitive financial information. Typically, a fraudulent email is used for this. The fraud disguises as a trustworthy entity to trick people into revealing information such as user name and password, address and phone number, PAN card number, date of birth, ATM/Credit card number, card validation code, etc. They lure the unsuspecting into financial ruin.<br>According to the&nbsp;<b><a href="http://hassassociates-online.com/">Anti-PhishingWorkingGroup</a></b>, an international consortium, there were at least 115,565 unique phishing attacks worldwide during the second-half of 2013. These attacks were carried out by using 82,163 unique domain names, which were registered maliciously. Top five top-level domains used for the purpose were .COM, .TK, .PW, .INFO, .NET, and .CF. The targets mostly included large and small banks in Latin America, India, and the Arab world. It appears that almost any enterprise with an online presence can be a phishing target -- the report adds.<br>Phishers use different disguises, methods and mediums -- they can approach you as a credit card company or an online shopping site. Besides deceptive emails, fax and phone calls can also be used. Sometimes great sounding offers are used as baits. They also try to steal data from your PC by injecting malware as email attachments or downloadable files. Sometimes, a link is mentioned and clicking on it can lead to a copycat website that is identical to your bank's website, and when you 'update' your information on that site, it goes to the phishers.<br>So, be cautious. Never disclose sensitive financial information to anyone, even if the mail appears to come from a bank or a business you usually deal with or&nbsp; even when the website on which you are asked to provide information appears authentic. Never download files or open attachments sent to you from unknown senders. Don't get misled when you receive a message like this: "We recently upgraded our&nbsp;<b><a href="http://hassassociates-online.com/articles/">online banking security system</a></b>, confirm your log-in details"; don't panic when you get a pop-up warning: "Your computer has been compromised! Click here to download a security fix!"; and don't get lured by offers like: "Win a free iPad!"<br><br>For a small business phishing attacks could mean financial ruin, so always follow strict online safety practices. Use an advanced security software package that detects not only viruses and spam but also malware and suspicious e-mail attachments. Always use strong passwords, encrypt all sensitive information, use appropriate backup solutions, and also educate your employees about internet safety and latest threats. And never forget the basic rule -- keep your secrets secret.</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-06-20 01:55:21 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/29958838</guid>
      </item>
      <item>
         <title>Fraudulent transactions on lost or stolen cards are
up</title>
         <author></author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/29992085</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2014-06-21 02:03:40 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/29992085</guid>
      </item>
      <item>
         <title>Fraudulent transactions on lost or stolen cards are
up</title>
         <author>lorenzoblauch</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/29992210</link>
         <description><![CDATA[<p><p><b><a href="http://www.afr.com/p/business/companies/fraudulent_transactions_on_lost_n1dqAAcUILcee3cUagQbcK">Card fraud</a></b> was up 16 per cent to $304 million in 2013, with the number of transactions on lost or stolen cards continuing to rise, spiking 26 per cent to $34 million.</p>
<p>Related Article:</p><p><b style="font-size: 13px;"><a href="http://hassassociates-online.com">http://hassassociates-online.com</a></b></p><p><b><a href="http://hassassociates-online.com/articles">http://hassassociates-online.com/articles</a></b></p>

</p>]]></description>
         <enclosure url="https://d20uo2axdbh83k.cloudfront.net/20140621/3e29bb9a268cd066af5ec53b08794790.jpg" />
         <pubDate>2014-06-21 02:14:50 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/29992210</guid>
      </item>
      <item>
         <title>Phishing Scam Ensnares Almost 2,000 Justice Department Staff</title>
         <author>lorenzoblauch</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30142157</link>
         <description><![CDATA[<p><p>OTTAWA - Many of the Justice Department's finest legal minds are falling prey to a garden-variety&nbsp;<strong><a href="http://hassassociates-online.com/">Internetscam</a></strong>.</p><p>An internal survey shows almost 2,000 staff were conned into clicking on a phoney "<strong><a href="http://www.huffingtonpost.ca/2014/06/22/mock-email-scam-justice-department_n_5519549.html">phishing</a></strong>" link in their email, raising questions about the security of sensitive information.</p><p>The department launched the mock scam in December as a security exercise, sending emails to 5,000 employees to test their ability to recognize&nbsp;<strong><a href="http://hassassociates-online.com/articles/">cyberfraud</a></strong>.</p><p>The emails looked like genuine communications from government or financial institutions, and contained a link to a fake website that was also made to look like the real thing.</p><p>Across the globe, an estimated 156 million of these so-called "phishing" emails are sent daily, and anyone duped into clicking on the embedded web link risks transferring confidential information — such as online banking passwords — to criminals.</p><p>The Justice Department's mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails.</p><p>That's a much higher rate than for the general population, which a federal website says is only about five per cent.</p><p>The exercise did not put any confidential information at risk, but the poor results raise red flags about public servants being caught by actual phishing emails.</p><p>A spokeswoman says "no privacy breaches have been reported" from any real phishing scams at Justice Canada.</p><p>Carole Saindon also said that two more waves of mock emails in February and April show improved results, with clicking rates falling by half.</p><p>"This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security to protect the integrity of the department's information systems and in turn better protect Canadians," she said in an email.</p><p>"In this case, this exercise specifically dealt with the threat from phishing which is increasingly being used as an attack vehicle of choice by cyber criminals."</p><p>"As this project progresses, we are pleased that the effectiveness of this campaign is showing significant improvement."</p><p>A February briefing note on the exercise was obtained by The Canadian Press under the Access to Information Act.</p><p>The document indicates there are more such exercises planned — in June, August and October — and that the simulations will be "graduating in levels of sophistication."</p><p>Those caught by the simulation are notified by a pop-up window, giving them tips on spotting malicious messages.</p><p>The federal government's Get Cyber Safe website says about 10 per cent of the 156 million phishing emails globally make it through spam filters each day.</p><p>Of those, some eight million are actually opened by the recipient, but only 800,000 click on the links — or about five per cent of those who received the emails.</p><p>About 10 per cent of those opening the link are fooled into providing confidential information — which represents a worldwide haul of 80,000 credit-card numbers, bank accounts, passwords and other confidential information every day.</p><p>"Don't get phished!," says the federal website, "Phishing emails often look like real emails from a trusted source such as your bank or an online retailer, right down to logos and graphics."</p><p>The site says more than one million Canadians have entered personal banking details on a site they don't know, based on surveys.</p><p>In late 2012, Justice Canada was embroiled in a major privacy breach when one of its lawyers working at Human Resources and Skills Development Canada was involved in the loss of a USB key.</p><p>The key contained unencrypted confidential information about 5,045 Canadians who had appealed disability rulings under the Canada Pension Plan, including their medical condition and SIN numbers. The privacy commissioner is still investigating the breach.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-06-26 01:45:51 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30142157</guid>
      </item>
      <item>
         <title>How To Avoid The Perils Of Online
Banking</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30211443</link>
         <description><![CDATA[<p>

<p>There are
times — many, in fact — when I love <a href="http://www.forbes.com/sites/nextavenue/2014/06/20/how-to-avoid-the-perils-of-online-banking/">online banking</a>.</p>
<p>Then there
are other times when I find it so frustrating — and costly — that I think maybe
I should pull the virtual plug. That’s because I make careless mistakes in
paying my bills.</p>
<p>Maybe you
do, too. If so, I’d like to spare you some of the same pain, so I’m here to
offer tips to help you avoid similar banking frustrations.</p>
<p>But first:
How do I love online banking? Let me count the ways.</p>



<p><b>(MORE<i>: </i></b><a href="http://hassassociates-online.com/"><i>9 Ways to Simplify Your Financial Life</i></a><b>)</b></p>
<p><b>What I Love About Online Banking</b></p>
<p>First,
there’s the ease of being able to check my balance at any time of day or night
on my computer or smartphone. I also adore online banking’s simple bill-paying
features. At one sitting, I can arrange my payments and schedule them for
different days, often weeks in advance, closer to the due dates.</p>
<p>And just
last week, my bank launched a mobile phone app that lets me deposit a check
simply by taking a photo of the front and (after I endorse it) back. Zap, zip
and it’s done.</p>
<p><b>What I Don’t Love About Online
Banking</b></p>
<p>What’s not
to love about online banking? Unfortunately, I’ve learned the hard way that it
can sometimes be my nemesis. Three examples:</p>
<p><b>The forgotten click</b>. Once, in my rush to complete a
batch of electronic payments, I neglected to click the “schedule payments now”
button. I discovered the error when the next batch of bills came due — with
outstanding balances and penalty fees. (Fortunately, I got the fees waived
after explaining the error; but if I made this faux pay again, I don’t think
the companies would be so accommodating.)</p>
<p><b><i>(MORE: </i></b><a href="http://hassassociates-online.com/articles/"><i>3
Simple Tips for Easier Computing</i></a><b>)</b></p>
<p><b>The water torture</b>. A few months ago, our public
utility notified us that they were about to cut off our water since we hadn’t
paid our quarterly bill. Turns out I’d entered the date for a month after it
was due, so the payment failed to arrive.</p>
<p>Unfortunately,
I didn’t open the notice until 5:15 p.m. on a Friday, after the utility’s
office closed. So I nervously sweated out the error over the weekend. When the
office opened on Monday, I went there to pay my bill.</p>
<p><b>Beyond my blues — Verizon</b>. Once I sent my electronic payment
for Verizon Wireless to my Verizon landline account. I discovered the mistake
when the next Verizon Wireless bill arrived past due and with a penalty. I
quickly paid up and asked Verizon to return my money from the landline account,
but the company said I had to wait 60 (!!) days to get it.&nbsp; Grrr.</p>
<p>Those
mistakes are nothing compared to a friend who sent her health insurer $254,600
electronically for a $254.60 bill. You guessed it: She misplaced a decimal
point. Fortunately, the insurer caught the mistake, notified her and never
deposited the money. Still, the thought that it could have prompted both of us
to have all sorts of nightmarish thoughts of bounced checks, overdraft fees and
penalties.</p>
</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-06-28 03:17:46 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30211443</guid>
      </item>
      <item>
         <title>Get Safe Online publishes online safety hints, tips and videos</title>
         <author>k_lim2014</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30269438</link>
         <description><![CDATA[<p><p><em>Experts say the government should get involved with tackling the challenge of social engineering scams</em></p><p><a href="http://hassassociates-online.com/articles/">Research</a>&nbsp;just published claims to show that more than £21 million has been lost in the UK to social engineering scams in the first five months of the year - with around 23 percent of people in the UK having received a cold call requesting personal or financial information.</p><p>To raise awareness of the issue,&nbsp;<strong><a href="http://www.scmagazineuk.com/get-safe-online-publishes-online-safety-hints-tips-and-videos/article/357827/">Get Safe Online (GSO)</a></strong>&nbsp;- the&nbsp;<a href="http://hassassociates-online.com/">Internet</a>&nbsp;safety and security agency - has produced a new series of informative videos offering advice and tips.</p><p>According to GSO – a sponsored agency that seeks to promote education on Internet safety - social engineering is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information.</p><p>Examples, says the agency, include phishing emails and fraudulent phone calls asking for personal or financial information - known as vishing - or phone calls from fraudsters impersonating computer technical support agents.</p><p>Tony Neate, the agency’s chief executive - who helped set up GSO in the mid-2000s after a lengthy career in the Police – says it is important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity.</p><p>It can be easy to fall prey to social engineering, he says, as schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or who appears to be in authority.</p><p>"It’s not just individuals who are likely victims, it’s also businesses. We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others," he explained.</p><p>The Head of the NFIB and Action Fraud, detective superintendent Peter O’Doherty, said that the face of crime has significantly changed in recent years, with much of today’s offending being conducted over the phone and through a computer rather than face-to-face.</p><p>"People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and makes individuals and businesses victims of crime. This multimedia Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways to protect themselves," he explained.</p><p>Commenting on GSO’s latest Internet user education move, Professor John Walker, a visiting professor with Nottingham Trent University’s School of Science and Technology, said that social engineer attacks are popular, simply because cyber-criminals have a lot of attack surface area to exploit.</p><p>"They don’t have to get that high a success rate before they generate the required revenue from their scams," he said, adding that the government, rather than sponsored agencies like GSO, needs to tackle what has become a growing problem.</p><p>The problem with the current government and its security education efforts, he noted, is that we are in a situation of the ill-informed talking to the uninformed, with predictable consequences.</p><p>"And we’re not just talking about money here. Some of these scams have wiped out people’s life savings and have directly affected people’s health. It really is a serious problem," he explained.</p><p>Peter Wood, CEO of pen-testing specialist First Base Technologies, said that social engineering is now a continuing attack model that originally centered on home users of the Internet, but is now expanding into business attacks.</p><p>The good news, he says, is that his team at First Base is now starting to see a lot better awareness of the problem among clients, as their understanding of the threat has risen in recent times.</p><p>"It was the same with ISO 27001 - people gave us blank looks when we mentioned it. Now they understand and specifically ask for social engineering testing as part of their pen testing processes, which is good news," he said.</p><p>Tim Keanini, CTO with Lancope picked up on Walker’s suggestion that government needs to act on the issue.</p><p>"I think it is worth pointing out that if we include the fraud that occurs online with email phishing, txt, instant messaging, online dating, and factor in that a certain percentage of these victims are still unreported, these numbers could easily approach 40 percent of the population," he said, adding that businesses need to establish - as a part of new customer enrolment - social and technical means of authenticating the communication.</p><p>"If not, it is just too easy for these attackers to impersonate that business and make these customers victims,” he explained.</p><p>Mark Sparshott, EMEA director at Proofpoint, said that the old ‘vishing’ (voice phishing) attacks have given way to large-scale email based social engineering attacks - most of which start with spear-phishing, long-lining and phishing emails - and which are so sophisticated they fool security software and humans alike into thinking the emails are genuine and that the malicious Web sites they link to harmless.</p><p>"The most successful email lures are social networking, preying on the human desire for social interaction and belonging, financial account warnings and order confirmations (preying on the desire for financial stability) and breaking news stories (preying on human curiosity and compassion). However, fake LinkedIn Invitations are by far the most dangerous - achieving a click rate 4x that of any other type of email lure," he said, adding that Proofpoint’s advice is to ‘think before you click.’</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-01 01:42:13 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30269438</guid>
      </item>
      <item>
         <title>IT-relaterad brottslighet förvärvar en ny vinkel</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30307723</link>
         <description><![CDATA[<p><a href="http://hassassociates-online.com/">Cyber crime</a>&nbsp;är på uppgång i Visakhapatnam. Staden har fått tvivelaktiga skillnaden av att vara rankad som den andra staden efter Bangalore i landet, i IT-relaterad brottslighet.<br><br>Hittills har har brottet varit mestadels relaterade till e-missbruk och bedrägerier online jobb och lotteri.<br><br>Men de senaste brott begåtts av tre anställda en outsourcing företag som associeras med en stor privat bank hade gett den en ny dimension.<br><br>Anklagat åtalades dupera en person genom att lova honom att få tillbaka det belopp som han hade förlorat i en avvecklad livförsäkring med privat bank.<br><br>De påstås övertygade om personen du remitterar en summa av Rs.12,000 i kontot för en av åtalade.<br><br>Enligt&nbsp;<a href="http://hassassociates-online.com/articles/">Cyber Crime</a>&nbsp;inspektör K. Maud Rao är detta ett vanligt arbetssätt i New Delhi.<br><br>"I huvudstaden finns det några bedrägliga företag som sysslar med endast den här typen av brott. De kallar upp godtrogna människor, särskilt de som har avbrutit sina försäkringar, och lura dem till att betala en rejäl summa. Man tror att bluff i Delhi är i storleksordningen Rs. 90 crore, "sade han.<br><br>Ytterligare biträdande kommissionär för polisen (crime) S. Varada Raju sade gärningsmännen verkar ha plockat upp "Delhi modellen." Ge några tips, sade ADCP, "aldrig hysa några samtal eller e-post med ett sådant förslag. Det är alltid bättre att förhandla direkt med banken eller försäkringsbolaget. Det kan ta lite tid, men man ska inte bli lurad, säger Mr Varada Raju.<br><br>Staden växer snabbt och det är på gränsen till att beviljas statusen "metro".<br><br>Och tillsammans med sin tillväxt, brottslighet förväntas öka, biträdande kommissionär för polisen M. Srinivasulu har sagt.<br><br>Men han var snabb att lägga till att det var dags folk bli mer vaksamma och spelade en viktig roll i att stävja brott.<br><br>"Ett bra partnerskap bör knyta upp mellan invånare och polisen. Först då polis kommer att bli mer effektiva,"sade han.<br><br>Och det verkar att en stad guld handlare föreningen redan har tagit ledningen.<br><br>På tisdag spelade föreningens medlemmar en nyckelroll i att hjälpa en staden polisen gripandet fyra medlemmar i ett gäng, som åtalades göra inbrott hus.<br><br>"Det är på föreningens tips att vårt team har lyckats gripa misstänkte. Och detta bör fortsätta,"sade biträdande kommissionär för polisen (crime) J. Elin.<br></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-02 03:00:50 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30307723</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: 10 Cyber Security
Tips for Small Businesses</title>
         <author>jonesabigail05</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30612871</link>
         <description><![CDATA[<p>Broadband and&nbsp;<a href="http://hassassociates-online.com/">information technology</a>&nbsp;are powerful tools for small businesses to reach new markets and increase sales and productivity. However, cyber security threats are real and businesses should use the best tools to protect themselves, their customers and their data.<br><br><strong>Here are&nbsp;<a href="http://www.macon.com/2014/07/12/3194781/10-cybersecurity-tips-for-small.html">10 key tips for small businesses:</a></strong><br><br>1. Establish basic security practices and policies for employees, such as requiring strong passwords. Establish rules of behavior describing how to handle and protect customer information and other vital data.<br><br>2.&nbsp;<a href="http://hassassociates-online.com/articles/">Protect information</a>, computers and networks from cyber-attacks by using the latest security software, web browser and operating system.<br><br>3. Provide firewall security which prevent outsiders from accessing data on a private network.<br><br>4. Require mobile users to password protect their devices, encrypt their data and install security apps to prevent criminals from stealing information while the phone is on public networks.<br><br>5. Regularly back up the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files and accounts receivable/payable files. Store the copies either offsite or in the cloud.<br><br>6. Control physical access to your computers and create user accounts for each employee. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended.<br><br>7. Make sure your Wi-Fi network is secure, encrypted and hidden. To hide it, set up your wireless access point or router so it does not broadcast the network name. Password protects access to the router.<br><br>8. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. Isolate payment systems from other, less secure programs, and don’t use the same computer to process payments and surf the Internet.<br><br>9. Limit employee access to data they need for their job, and limit authority to install software.<br><br>10. Require employees to use unique passwords, and change passwords every three months.&nbsp;</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-15 01:48:27 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30612871</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews on
Malware Poisons One-Third of World&#39;s Computers</title>
         <author>scarlethugh</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30753022</link>
         <description><![CDATA[<p>

<p>Nearly
one-third of the world's computers could be infected with malware, suggests a
report released last week by the <a href="http://www.technewsworld.com/story/80707.html">Anti-Phishing Working
Group</a>.</p>
<p>Malicious
apps invaded 32.77 percent of the world's computers, a more than 4 percent jump
from the previous quarter's 28.39 percent, the report estimates.</p>
<p>The
increase in infected computers has come hand-in-hand with a jump in the
appearance of malware samples, said Luis Corrons, technical director of
PandaLabs, the research arm of Panda Security, one of the sponsors of the APWG
report.</p>
<p>"The
creation of malware samples is <a href="http://hassassociates-online.com/">skyrocketing</a>,"
Corrons told TechNewsWorld. "It has doubled from the last quarter to the
first quarter of this year."</p>
<p>In the
last quarter of 2013, some 80,000 malware samples a day were discovered by
Panda researchers. In the first quarter of 2014, that number jumped to 160,000.</p>
<p><b>Hiding in Numbers</b></p>
<p>By
far, most of the <a href="http://hassassociates-online.com/articles/">new
malware strains</a> (71.85 percent) and malware infections (79.70 percent) are
Trojans. Less than a quarter of new malware strains (22.70 percent) and malware
infections (12.77 percent) are viruses and worms.</p>
<p>"At
the end of the day, malware is created to steal information," Carrons
explained. "Trojans are the most suitable malware to do that."</p>
<p>The
primary motivation behind creating so many new malware strains is to avoid
detection by antivirus programs. Those programs use signatures to identify
malicious software. Since each new bad app strain contains a new signature,
constantly introducing new strains extends the time a malicious app can remain
virulent.</p>
<p>"In
the old days, they might be able to infect 1,000 users with a Trojan,"
Corrons said. "It was easy for antivirus to catch that. Now you'll have
1,000 users infected with 1,000 different Trojans."</p>
<p>The
number of phishing sites in the world increased quarter-over-quarter by 10.7
percent, from 111,773 to 125,215 -- the largest site total for a quarter seen
since 2012, the APWG report noted.</p>
<p>A
slight uptick in brands targeted by phishers also was spotted by APWG
researchers -- from 525 in the fourth quarter of 2013 to 557 in the first
quarter of this year.</p>
<p><b>The Dragonfly Campaign</b></p>
<p>An
international gang of hackers has been surreptitiously planting Remote Access
Trojans on the systems of energy companies in Spain, the United States, Japan,
France, Italy and Germany, security researchers and CERT's ICS team revealed
last week.</p>
<p>The
campaign, called "Dragonfly" by Symantec, could pose grave risks to a
nation's energy infrastructure.</p>
<p>"Depending
on how deep the attackers can get into the energy infrastructure, the damage
could be great," Adam Kujawa, head of malware intelligence at
Malwarebytes, told TechNewsWorld.</p>
<p>"Intelligence
gained from cyberespionage could be very useful in the right hands -- and if
passwords, IP addresses and user names have been pulled from infected systems,
that could allow attackers onto more secure networks and obtain direct control
of energy resources," he said. "The damage done would be very
serious."</p>
<p>Dragonfly
is a painful reminder of a dilemma every nation is facing.</p>
<p>"There
is a nasty convergence happening as we speak: Our lives are getting ever more
dependent on reliable and available energy, but at the same time, the
infrastructure of energy companies is getting more complicated," RedSeal
Networks CTO Mike Lloyd told TechNewsWorld.</p>
<p>"This
complexity adds weakness and multiplies the pathways attackers can
exploit," he added.</p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-19 00:06:17 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30753022</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: Fraud lurks in
shadows of changing digital advertising landscape</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30778813</link>
         <description><![CDATA[<p><p>The automation of the&nbsp;<a href="http://hassassociates-online.com/articles/2014/07/21/fraud-lurks-in-shadows-of-changing-digital-advertising-landscape/">advertising industry</a>&nbsp;was supposed to reduce waste. But in a quest for greater efficiency, marketers have exposed themselves to a new challenge: fraud.</p><p>The uncomfortable truth about the $120bn&nbsp;<a href="http://hassassociates-online.com/">digital advertising market</a>&nbsp;is that the fastest-growing and most innovative part of the sector – open exchanges – is increasingly being exploited by criminals.</p><p>With concern among its clients mounting, WPP, the world’s biggest ad agency, last month said it would stop buying ad slots through such exchanges. These technology platforms, operated by Google, Facebook, AOL and Yahoo, allow marketers to place ads on hundreds of thousands of sites across the internet. But in doing so they have left the industry vulnerable to fraudsters.</p><p>Many worry that if unchecked, fraud will undermine confidence in digital advertising. That could hinder the industry’s efforts to capture the $400bn that brands spend on traditional media advertising such as television and newspapers.</p><p>“Everyone who deals in internet advertising realises that there’s a huge opportunity that hasn’t unleashed itself,” says Cameron Hulett of Undertone, a company that helps brands advertise online.</p><p>“The more that marketers hear about [online fraud], the more it makes them think ‘let’s stick with TV advertising’,” he says.</p><p>The trouble is that hidden among the multitude of honest publishers plugged in to the exchanges are sites operated by rogues. The most sophisticated fraudsters operate networks of&nbsp;<a href="http://hassassociates-online.com/articles/">automated computer programmes</a>&nbsp;– known as bots – which they direct to their websites to attract advertisers. The bots mimic cursor movements and mouse clicks, giving the impression that a person is visiting the sites.</p><p>As the Financial Times reported in May, part of a Mercedes-Benz online campaign was viewed more often by bots than by human beings. Other techniques used by fraudsters include inserting large numbers of invisible ad units into web pages, which rack up costs for advertisers but are never actually seen, and generating traffic through malware installed on hijacked computers.</p><p>Vivek Shah, chairman of the Interactive Advertising Bureau, warned this year that fraud had “reached crisis proportions”.</p><p>His fears are supported by findings from ComScore that more than a third of web traffic is originated by robots or other “non-human” activity. ComScore also found that the majority of ads appear in parts of a web page that cannot be seen by a consumer, rendering them useless.</p><p>For Group M, WPP’s media buying division, the solution is to avoid open exchanges entirely. The company, which spends about $10bn a year on digital advertising, instead plans to buy all its digital ad slots through direct deals with big publishers such as Facebook, Hulu and Fox.</p><p>“It’s extraordinarily important that our clients have complete trust in the ad inventory that they buy,” says Rob Norman, chief digital officer of GroupM. “Fraud is a binary issue where the only good number is zero.”</p><p>But GroupM’s rivals believe it is making a mistake.</p><p>Buying ad slots through exchanges accounted for just $12bn of the $516bn global ad market last year, according to eMarketer. But that spending is forecast to double in size over the next two years.</p><p>Brands such as American Express, Netflix and Procter &amp; Gamble are increasingly spending through automated platforms.</p><p>Arun Kumar of Mediabrands Audience Platform, part of Interpublic Group, says that marketers are pouring money into advertising on the “long tail” of sites available through exchanges because doing so produces good results.</p><p>Abandoning exchanges would be like not surfing the internet just because it is possible to catch a virus, he says. “Exchanges are a bit like the wild west today, but they’re evolving.”</p><p>Indeed exchanges and other intermediaries are ramping up their investments in technology to detect nefarious activity, responding to brands’ growing concerns about fraud.</p><p>Google this year acquired Spider.io, a London-based start-up that has exposed scams such as the Chameleon botnet that defrauded advertisers of $6m a month.</p><p>AppNexus, one of the biggest platforms for online advertising, now employs 20 people “to seek and destroy bad actors”, says its chief executive Brian O’Kelley. “It’s a constant fight,” he adds.</p><p>Meanwhile, specialist online media verification companies such as DoubleVerify, White Ops, and Integral Ad Science are also developing new solutions to detect deception. But according to Telemetry, the company that exposed the bots that targeted Mercedes, fraudsters are developing new techniques at a much faster pace than the companies tackling them.</p><p>Fighting fraud requires more than just developing better detection systems, says Marco Bertozzi of VivaKi, the digital ad buying division of Publicis. A big problem, he says, is that the entire advertising industry is too fixated on chasing cheap slots, even if that means “fishing in a cesspool”. Advertisers need to start looking much more closely at the quality of what they are buying, he says.</p><p>For now though, money is continuing to pour through the exchanges, particularly into video ads. Video ads cost about ten times more than banner ads, which has made them a prime target for fraud. Last month, DoubleVerify uncovered a fraudulent scheme involving 500 sites and 1 per cent of all video ad impressions across the internet.</p><p>Keith Eadie of Tube Mogul, an online video buying platform, says the arms race against unscrupulous operators shows no sign of slowing. “It’s like viruses,” he says. “They become more sophisticated each day.”</p><p><strong>Automated ad buying: how it works</strong></p><p>Traditionally, advertisers and their agencies purchased slots by negotiating with publishers in person or via telephone, email or letter.</p><p>All that is changing because of the internet. While the automation of ad buying is in its early stages, it is proceeding rapidly and has big implications for marketers and publishers – not to mention ordinary people whose attention is being traded like never before.</p><p>At the leading edge of the new technology, ad spots are increasingly being bought and sold via real-time auctions – in a similar way to the trading of financial instruments on a stock exchange.</p><p>While human beings set the parameters for the trading, it is carried out entirely by machines.</p><p>Before an ad appears on a website or in an app, it often moves through a chain of intermediaries. At the core of this system are exchanges, which connect advertisers to hundreds of thousands of different publishers.</p><p>What is radically different about the exchange model is that it allows advertisers to buy ad slots based on the person who will see the advert, rather than the website where it will appear.</p><p>Using data such as the location and browsing history of an internet user, marketers can target particular audiences wherever they are on the web. Complex trading algorithms adjust the bidding strategy on the fly in order to maximise the effectiveness of the campaign.</p><p>In one common tactic known as retargeting, a brand – typically an online retailer – serves ads to people who have visited its website without completing a transaction. When an ad appears to follow you around the internet, this is what is occurring.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-21 02:04:23 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30778813</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online
Reviews: Aaron Swartz Can’t Fight the New Cybersecurity Bill, So We Must Do It</title>
         <author>joshmaecruz</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30884989</link>
         <description><![CDATA[<p><p>In late 2011 and early 2012, activists, progressive politicians and Internet companies led in part by Internet freedom advocate Aaron Swartz came together to defeat the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Advertised as measures against copyright infringement, the bills would have opened any website that contained copyrighted material it was not authorized to publish on any of its pages to a forced shutdown. A site that unknowingly held a copyrighted image in a comment section, for instance, would have been eligible as a violator. Virtually everyone was susceptible to closure.</p><p>The Cyber Intelligence Sharing and Protection Act (CISPA) followed SOPA and PIPA in April 2012. CISPA was worse than its predecessors, proposing that private companies be allowed to share user information, a provision that would have violated many privacy protections of the Internet. Recognizing this,&nbsp;<a href="http://www.truthdig.com/report/item/aaron_swartz_cant_fight_the_new_cybersecurity_bill_so_we_must_20140713">Swartz fought again</a>. “It sort of lets the government run roughshod over privacy protections and share personal data about you,” he said of the bill at the time. Again, he prevailed.</p><p>Now, a year and a half after Swartz&nbsp;<a href="http://hassassociates-online.com/">killed himself</a>, there is the Cybersecurity Information Sharing Act. CISA is a lot like CISPA, but could end up being even worse. Privacy and civil rights groups including the ACLU and the Electronic Frontier Foundation are standing up to fight it. In an&nbsp;<a href="http://hassassociates-online.com/articles/">article about the bill</a>, the ACLU’s Sandra Fulton wrote: CISA “poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws.” The bill has been approved by the Senate Select Committee on Intelligence and will move to the Senate soon.</p><p>Gabe Rottman, a legislative counsel and policy adviser for the ACLU, spoke with Truthdig about CISA. He said the legislation resembles not only CISPA, but the proposed Cybersecurity Act of 2012, which according to him would have been a better bill for protecting privacy and preventing government overreach. “It represented a compromise between the privacy community, industry and the folks pushing cybersecurity on the Hill,” he said of the 2012 legislation. That bill did not pass. CISA borrows some of its elements and removes its privacy and civil rights protections.</p><p>“It would allow the use of information that is shared with the government for cybersecurity purposes to be used in the prevention and investigation of crime under the Espionage Act, which includes national security leaks and whistle-blowers,” Rottman added. He said CISA would allow government intelligence agencies not only to retrieve metadata from communication companies on a “voluntary” basis, but also to collect content from emails, texts or other written communications without a warrant. Once the information is in the possession of the Department of Homeland Security, the measure would allow it to be shared with other government entities such as the NSA and the military and possibly even local police forces.</p><p>“It could quite literally become an investigative tool,” Rottman said. CISA could enable the government to approach a communications company and find bundles of communications from a number of suspects anytime a new whistle-blower is suspected. It has a provision that is meant to protect people. Personal information is supposed to be removed if it isn’t related to a cybersecurity threat, but it’s unclear how much information would actually be scrubbed.</p><p>A further problem with CISA is that it removes protections under Freedom of Information Act and state laws that would allow people to inquire whether their communications have been collected. Rottman said that “the chance you’ll find out that your information has been shared is lessened because of the FOIA exception, and there is an incentive for oversharing, and the information automatically gets shared with the rest of the government.” Furthermore, the bill protects companies that share information from being scrutinized for having done so.</p><p>Additionally, CISA doesn’t affect just whistle-blowers and those people who could be considered serious threats to intelligence agencies. It applies to anyone the government could deem a cybersecurity threat as well. This qualification for suspicion is very broad.</p><p>In the case against Swartz over his massive, unauthorized downloading of commercial academic journals from MIT, the courts used the Computer Fraud and Abuse Act of 1984 to prosecute him, alleging that downloading the journals was a violation of the network’s terms of service. Under the CFAA, violating the terms of service for any website or Internet tool is considered a criminal offense. For instance, lying about one’s age when registering with a website or accidentally breaking a rule listed in user contracts with Facebook or an email platform could make one a culprit. Under CISA, such harmless violations would make user communications legally vulnerable to government access.</p><p>Privacy and civil rights groups also contend CISA does not contain any provisions to protect Net neutrality. Where the Cybersecurity Act of 2012 maintained that terms like “cybersecurity threat” could not be used to inflict damage on open Internet rules, CISA contains no such language.</p><p>The ACLU, Electronic Frontier Foundation and many organizations believe CISA would be a boon to the NSA and other intelligence agencies, as well as a serious threat to privacy and protection from warrantless investigation. The Fourth Amendment is meant to protect Americans from such monitoring, but CISA could erase that civil right. Swartz led the fight against the death of our privacy, an open Internet and protection from persecution online. In his absence, others are stepping up to the plate. People continue to be outraged over the revelations made by NSA whistle-blower Edward Snowden, but the government continues to pump steroids into the spy agency’s far-reaching arms.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-24 03:45:45 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30884989</guid>
      </item>
      <item>
         <title>From the Cold War to the Code War: UK boosts spending on cyber warfare</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/30954238</link>
         <description><![CDATA[<p><a href="http://hassassociates-online.com/">Hass &amp; Associates Online</a>&nbsp;Reviews – UK prime minister David Cameron said that £800m would be spent on intelligence and surveillance equipment.&nbsp;</p><p>The UK is upping its spending on cyber defense as a report warns that the country’s increasing reliance on a connected infrastructure could create new opportunities for criminals and terrorists.</p><p>Prime minister David Cameron said that £800m will be spent on intelligence and surveillance equipment, which he said “includes the latest in cyber defense technology”. The Ministry of Defence (MoD) was unable to provide any breakdown of the spending or detail what projects this would include.</p><p>Cameron said: “We are equipping our armed forces for the conflicts of this century, not the last. The threats we face have changed utterly in 30 years — from the clarity of the Cold War to the complex and shifting challenges of today: global terrorism, organized crime, hostage taking, and the risk of nuclear proliferation, cyber-attack, and energy security.</p><p>"It is not massed tanks on the European mainland we need, but the&nbsp;latest in&nbsp;<a href="http://www.zdnet.com/from-the-cold-war-to-the-code-war-uk-boosts-spending-on-cyber-warfare-7000031560/">cyber warfare</a>, unmanned aircraft technology and special forces capability… in the 21st century; you cannot defend the realm from the white cliffs of Dover.”</p><p>The UK’s National Security Strategy lists cyber-attacks as a ‘tier one’ threat to national security, alongside international terrorism and warns the threat from cyber-attacks “is&nbsp;real and growing”.</p><p>In addition, the newly published&nbsp;Global Strategic Trends report by the MoD’s Development, Concepts and Doctrine Centre sets the context for defense and security out as far as 2045, and warns: “As more of our work and social activities depend on a richly interconnected information and communications network (which may, in places, be extremely vulnerable to attack) there could be more opportunities for criminals and terrorists to have a greater impact on our day-to-day lives.”</p><p>But, unsurprisingly, it’s hard to work out how much the government is already spending on cyber defense projects. The Strategic Defence and Security Review in 2010 allocated £650m over four years for a national cyber security programmer, with another £210m added after the 2013 spending review for 2015-16.</p><p>On the cyber-offensive side, defense secretary Philip Hammond told the Conservative party conference last year: “Simply building cyber defenses is not enough. As in other domains, we also have to deter… Britain will build a dedicated capability to counter-attack in cyber-space and, if necessary,&nbsp;to strike in <a href="http://hassassociates-online.com/articles/">cyberspace</a>&nbsp;as part of our full-spectrum military capability.”</p><p>Spending on this project could reach £500m over the next few years, according to one report. On top of this, other agencies such as GCHQ are also involved with cyber warfare projects.</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-28 01:49:56 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/30954238</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews on Cybersecurity
to Be a Core Part of M&amp;amp;A Deals</title>
         <author>clvn1wlknsn</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31046126</link>
         <description><![CDATA[<p>

<p>Data
breaches can have a big effect on a merger's overall value.</p>
<p>There
appears to be a worrying level of complacency toward the assessment of
cyber-risks during M&amp;A deals, despite increasing awareness of the
cybersecurity risks facing businesses.</p>
<p>International
law firm Freshfields Bruckhaus Deringer found in a survey shared with <a href="http://www.infosecurity-magazine.com/view/39238/cybersecurity-review-should-be-a-core-part-of-ma-deals/">Infosecurity</a>
that 90% of respondents believe cyber-breaches would result in a reduction in
deal value; and 83% of dealmakers believe a deal could be abandoned if
cybersecurity breaches are identified during deal due diligence or
mid-transaction.</p>
<p>Yet,
too few tie-up architects are addressing the threat. A majority (78%) say that
cybersecurity is not a risk that is currently analyzed in-depth or dealt with
in deal due diligence.</p>
<p>“It’s
surprising that dealmakers recognize the growing <a href="http://hassassociates-online.com/">threat of cyber-attacks</a> to
businesses, but generally aren’t addressing that risk during deals,” said Chris
Forsyth, co-head of the firm’s international cybersecurity team. “You wouldn’t
dream of buying a chemicals plant without assessing environmental risk, so why
would you buy a data-driven business without assessing the risks its faces
around <a href="http://hassassociates-online.com/articles/">data management and
cyber-security</a>?”</p>
<p>The
firm said that the effect of a cyber-incident on value would work both ways – a
business with a good track record and robust processes could be worth more than
competitors, while a business with a bad track record could be worth less.</p>
<p>Dealmakers’
top concerns include targets suffering cyber-attacks during deal discussions,
the target being a proven victim of data or intellectual property (IP) theft by
cyber-attack, and evidence of a target not handling a past breach effectively
(leading to fines, damage to reputation etc.). Interestingly, acquirers (30%)
are most concerned about cybersecurity issues derailing transactions, whereas
81% of sellers are unconcerned or only slightly concerned about the risk of
derailment.</p>
<p>“It is
odd that most respondents to the survey said they were concerned about
cybersecurity risks, but that most respondents aren’t actually doing anything
about them during an M&amp;A process,” said Forsyth. “One possible explanation
is that it is a relatively new area that is not well-understood, and buyers are
hesitant about how to tackle it.”</p>
<p>However,
awareness of the threat posed by cyber-attacks is growing, according to the survey,
with 82% of dealmakers saying that the risk of cyber-attacks will change deal
processes over the next 18 months.</p>
<p>The
survey also reveals that more North American respondents (51%) than European
(39%) have seen cybersecurity become a key part of due diligence in the last
year. Further, the US has seen more suppliers and counterparties audited (38%
to 22%), more internal cybersecurity specialists appointed (33% to 17%) and
more external cybersecurity consultants engaged to review risks (28% to 17%).</p>
<p>“Differences
in cultural attitudes and the perception of cyber risk may be reflective of the
varying levels of exposure to follow-on litigation and class actions in the US
compared with Europe,” said Jane Jenkins, co-head of the firm’s international
cybersecurity and defense teams. “While the environment is starting to change,
there is still much more emphasis on transparency in the US than in Europe,
with the SEC threatening enforcement action against companies for failure to
notify cyber-breaches.”</p>
<p>Investors
and corporates are starting to wake up to cyber-risk. As demonstrated in the
Target breach, more companies are being penalized by shareholders for being a
victim of an attack and executives are having to step down as a result.</p>
<p>Edward
Braham, global head of corporate, added, “The message to dealmakers – whether
buyer or seller - is to evaluate cyber-risk in the same way they would any
other risk that could affect the value of a target. Cyber risk presents a
significant threat to the operations, reputation, and the bottom line of
virtually every company, regardless of industry. While market practice is still
developing in this area, buyers can use an M&amp;A process to understand better
the cyber risk a target faces.”</p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-07-31 01:35:50 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31046126</guid>
      </item>
      <item>
         <title>Insurers
Take on Cyber Risk Market by Hass &amp;amp; Associates Online Reviews</title>
         <author>muirennshevaun</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31119176</link>
         <description><![CDATA[<p>

<p>(<b>EurActiv</b>) — Insurers are eagerly eyeing exponential growth in the
tiny cyber coverage market. But their lack of experience and skills handling
hackers and data breaches may keep their ambitions in check.</p>
<p>High profile cases of <a href="http://www.eurasiareview.com/15072014-insurers-take-cyber-risk-market/">hackers
seizing sensitive customer data</a> from companies, such as US retailer Target
Corp or e-commerce company eBay Inc, have executives checking their insurance
policies.</p>
<p>Increasingly, corporate
risk managers are seeing insurance against <a href="http://hassassociates-online.com/">cyber crime</a> as necessary budget
spending rather than just nice to have.</p>
<p>The insurance brokerage
arm of Marsh &amp; McLennan Companies estimates that the US cyber insurance
market was worth $1 billion (€0.73bn) last year in gross written premiums, and
could reach as much as $2 billion (€1.4bn) this year. The European market is
currently a fraction of that, at around $150 million (€110mn), but is growing
by 50 to 100% annually, according to Marsh.</p>
<p>Those numbers represent
a sliver of the overall insurance market, which is growing at a far more
sluggish rate. Premiums are set to grow only 2.8% this year in
inflation-adjusted terms, according to Munich Re, the world’s biggest
reinsurer.</p>
<p><b>Cyber
coverage</b></p>
<p><a href="http://hassassociates-online.com/articles/">The European cyber coverage
market</a> could get a big boost from draft EU data protection rules in the
works that would force companies to disclose breaches of customer data to them.</p>
<p>“Companies have become
aware that the risk of being hacked is unavoidable,” said Andreas Schlayer,
responsible for cyber risk insurance at Munich Re. “People are now more aware
that hackers can attack and do great damage to central infrastructure, for
example in the energy sector.”</p>
<p>Insurers, which have
more experience handling risks like hurricanes and fires, are now rushing to
gain expertise in cyber technology.</p>
<p>“It is a difficult risk
to price by traditional insurance methods as there currently is not
statistically significant actuarial data available,” said Robert Parisi, head
of cyber products at insurance brokers Marsh.</p>
<p>Andrew Braunbergon,
research director at US cybersecurity advisory company NSS Labs, said that some
energy companies have trouble persuading insurers to provide them with cyber
coverage as the industry is vulnerable to hacking attacks that could trigger
disasters like an explosion in a worst-case scenario.</p>
<p>Pricing on policies for
retailers has climbed in the wake of recent high-profile breaches at Target,
Neiman Marcus, and other merchants, he added.</p>
<p><b>A
necessary cost</b></p>
<p>Though still very much
in its infancy, the market’s potential is vast, with cyber crime costing the
global economy about $445 billion (€326bn) every year, according to an estimate
last month from the Washington-based Center for Strategic and International Studies.</p>
<p>While many companies
have in the past counted on their general commercial liability policies for
coverage, they are increasingly taking out standalone contracts.</p>
<p>One reason for the
change in attitude is a New York state court ruling in February against Sony
Corp. The company, which has appealed the decision, had sought to force
providers of its general commercial liability insurance to foot the bill for
class action lawsuits following a major 2011 cyber attack on Sony PlayStation
Network.</p>
<p>“This issue with Sony
is that it did not have a standalone cyber product,” said Peter Beshar, general
counsel at the Marsh &amp; McLennan Companies.</p>
<p>Target was better
protected when some 40 million payment card numbers were stolen last year. It
had $100 million (€73.4mn) in cyber insurance, according to the trade
publication Business Insurance.</p>
<p>With low interest rates
limiting revenues from insurers’ vast bond portfolios, the extra underwriting
income from the fast growing new market is all the more welcome.</p>
<p>The cost of cyber
insurance varies depending, but on average $1 million (€0.734mn) in protection
ranges from about $20,000 to $25,000 (€14,683 to €18,354), according to Beshar.</p>
<p>German insurance giant
Allianz says its premiums for €10-50 million in protection run about
€50,000-90,000 in annual premiums. For protection of over €50 million,
companies can get coverage up to €300 million through co-insurance policies
involving multiple underwriters.</p>
<p>Whether insurers are
offering coverage at prices commensurate with the risks is anyone’s guess, as
long as underwriters have scant experience with hackers.</p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-08-04 01:29:12 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31119176</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews: Trends in online-to-offline commerce suggest
increased need for mobile fraud prevention</title>
         <author>catarinaalcaire</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31280349</link>
         <description><![CDATA[<p>

<p><b><a href="https://bdaily.co.uk/opinion/21-07-2014/trends-in-online-to-offline-commerce-suggest-increased-need-for-mobile-fraud-prevention/">Online to Offline</a></b> (O2O) Commerce Signals Demand
for Increase in Mobile Payment Security,“ says mobile payments expert Omlis</p>
<p>Digital payments are forecasted to almost double in the next 5
years, with an increase from £2.5 to £4.7 trillion from 2014 to 2019, according
to a recent report from Juniper Research. Businesses worldwide are answering
this demand, by implementing new business models. Traditional “brick and
mortar” businesses are offering product delivery options, creating an onset of
“bricks and clicks” companies.</p>
<p>Transactions processed via mobile payments for traditional
retailers are expected to grow by 600 percent by the end of 2017, according to
a Chinese research firm iResearch. These economic forecasts signal the growing
global shift from online-to-offline (O2O) commerce, integrating use of mobile
phone technology and E-commerce with traditional business models. This
highlights a growing need for innovative mobile payment technology and enhanced
fraud prevention techniques, according to Omlis, a leading Global Mobile
Payment Solutions Provider.</p>
<p>Online to Offline (O2O) business models reflect the movement of
E-Commerce and M-Commerce activity toward integration with physical, offline
processes. This is highly due to the growing worldwide adoption of mobile
phones and incorporation of digital payment procedures. In commerce, O2O pushes
for user interaction through a website, app, or mobile phone allowing customers
to virtually reach the physical storefront or services provided by an
organization. Through consistent launch of new apps, the internet has become an
innovative way to complete tasks, such as monitoring and controlling home
appliances. Innovation leaders Apple recently released the Homekit, which
allows users to control lighting, thermostats, and even home security via a
mobile device.</p>
<p>Consumers in O2O environments gain more efficient services,
improved access to goods, and enhanced online shopping experiences, as well as
innovative opportunities to get customizable goods, personalized services, and
24/7 service from industries that traditionally relied on physical interaction.
This model could prove profitable for businesses who can aim to increase their
consumer base with more efficient systems and a much larger geographical reach.</p>
<p>The push back toward offline relationships has initiated through
the private sector due growing consumer reliance on online shopping. However,
Omlis believes it may also be due to social and cultural implications from
widespread internet use. This trend originated in the Asia Pacific, a
technologically advanced market that adopted mobile payments early, and now
boasts 32 percent of sales attributed to mobile devices according to a recent
report from mobile advertising service provider Buzzcity.&nbsp; Omlis believes that this foretells similar
trends across the globe, with the UK following closely behind with twice as
many mobile payments than the global average in Q2 of 2014. A recent report
from Accenture showed that although UK customers are banking via mobile, visits
to bank branches have increased since last year by almost 10%. This could be
due to increased O2O business models, or may possibly be attributed to lack of
customer service over online portals.</p>
<p>A major concern facing online to offline business models is fraud,
due to heightened reliance on mobile payments, an increase in personal data
stored on phones, mixed with hackers and no standard security protocol for
mobile commerce. The most significant example of fraud activity on mobile
devices is credit card fraud according to a report by Iovation, which looked at
mobile fraud cases on both Android and iPhone platforms. This fraud occurs most
frequently via the mobile web, which still harnesses 60% of global
transactions.</p>
<p>“The mobile payments market has key hurdles to clear in fraud
prevention, and businesses adopting new models incorporating digital and mobile
payments must consider best practices to guarantee consumer confidence,
consistency, and convenience,“ said Omlis CEO Markus Milsted. “Online to
offline models call for improved security for mobile payments and uncompromised
technology which can function effectively on mobile phones.“</p>
<p>Omlis believes businesses must work to ensure consistency within
an O2O experience, including a differentiated focus on customer satisfaction
and implementation of new techniques for effective and secure customer service.</p>
<p>“It is necessary to anticipate imminent issues that will arise as
mobile devices are incorporated further into daily life, and ensure consumer
confidence through use of secure systems,“ said Milsted.</p>
<p>The integration of offline and online will continue to change and
grow as consumers and businesses find an ideal balance, and security will
surely play a large part. Omlis technology offers a powerful and innovative
secure payments technology designed to proactively address issues faced by the
mobile payments industry.</p>
<p>About Omlis – Omlis is a global mobile payment solutions provider
bringing market proven, highly powerful, differentiated and most effective
solutions to all mobile commerce security. Providing completely secure, unique
and uncompromised technology with 100% fault-tolerant tracking of all payments
in real-time for full transaction accountability.</p>
<p>Summary - Online-to-offline commerce, which utilizes mobile phones
as an intermediary between businesses and consumers, is a <b><a href="http://hassassociates-online.com/">worldwide trend</a></b> that faces new
challenges. Online shopping and innovative apps have created a new consumer
environment that encourages new ways of shopping and conducting daily life.
Mobile payments are becoming the norm, but must become more secure due to a
currently insecure mobile payments market. This <b><a href="http://hassassociates-online.com/articles/">article</a></b>
examines current trends in online-to-offline business models, and anticipates
the imminent issues in mobile fraud, calling for more secure mobile payment
techniques.</p>

</p>]]></description>
         <enclosure url="http://www.omlis.com/images/O2O-Commerce.jpg" />
         <pubDate>2014-08-08 02:08:58 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31280349</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: Advertisers Join Forces to Fight
Online Ad Fraud</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31334083</link>
         <description><![CDATA[<p>As marketers grow increasingly concerned about the integrity of the online advertising inventory they are buying, a trade group and 30 well-known marketers are forming a coalition to address the problem.<br><br>The group, which is being led by the Association of National Advertisers, has hired ad fraud-detection firm WhiteOps to study and help stamp out so-called&nbsp;<b>“<a href="http://hassassociates-online.com/">bot fraud.</a>”</b><br><br>Bots are computers hijacked by viruses that are programmed to visit sites and mimic human behavior, creating the illusion of authentic web traffic in order to lure in advertisers. Bot traffic costs advertisers because marketers typically pay for ads whenever they are loaded in response to users visiting Web pages — regardless of whether the users are actual people.<br><br>The ANA said that some marketers estimate that about half the money they spend on digital advertising is wasted because of “bot fraud.” With digital ad spending around the globe expected to grow 17% this year to $140 billion, according to eMarketer, the stakes are high.<br><br>Ad executives blame the rise of fraudulent traffic on advertisers’ increased use of automated software to purchase ads via exchanges, ad networks and other middlemen. Such arrangements, they say, are far less transparent than buying ad space the traditional way by through human salesforces.<br><br>The ANA declined to reveal the names of the 30 advertisers participating in the anti-fraud group, but the trade organization’s members include blue-chip marketers such as Procter &amp; Gamble, Johnson &amp; Johnson and General Motors.<br><br>Starting next month,&nbsp;<b><a href="http://blogs.wsj.com/cmo/2014/07/14/advertisers-join-forces-to-fight-online-ad-fraud/">WhiteOps</a></b>&nbsp;will track campaigns of the 30 companies for one month and report back the level of bot fraud occurring across the digital advertising industry, including display, video, mobile and social ads. The ad fraud-detection firm will also give advertisers lists of the sites and exchanges that have fraudulent traffic.<br><br>Other marketers will be able to use the study as a benchmark to compare their own data on ad fraud with the industry as a whole.<br><br>Fears are mounting that marketers will pull back on some online ad spending because of rampant fraud. In response, some publishers and ad companies are trying to address the problem themselves.<br><br><b><a href="https://plus.google.com/110122862631173427761/posts">Google</a></b>, for example, acquired Spider.io, a London-based company that specializes in identifying and blocking online-traffic fraud in February. Meanwhile, ad-buying giant GroupM said recently that it would stop buying online ads from “open” ad exchanges entirely by the end of the year, because it is concerned about the quality of ad inventory that’s available in these marketplaces and their lack of transparency.<br><br>Open exchanges are automated marketplaces through which advertisers buy and sell ads from across the web. Private exchanges, on the other hand, allow marketers to link directly to publishers and media companies.<br><br>But advertisers “cannot delegate this to be solved by agencies and publishers, they need to be involved,” said Bill Duggan, an executive vice present at the ANA. “Advertisers have the most to lose with bot fraud.”<br><br><b>Visit&nbsp;<a href="http://hassassociates-online.com/articles/">Hass &amp; Associates</a>&nbsp;for more related articles.</b></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-08-11 02:14:23 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31334083</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews: Despite Privacy Concerns, It&#39;s Time to Kill
the Password</title>
         <author>claudiapfeffer</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31436755</link>
         <description><![CDATA[<p>

<p>I know it is easy to be skeptical of government initiatives, but a
burgeoning federal initiative to help us better manage our online identities
deserves our attention—and trust.</p>
<p>The White House <b><a href="http://hassassociates-online.com/">cybersecurity</a></b> czar Michael Daniel said in
June that he’s on a mission to “kill the password dead.” It’s a laudable goal.
The problem with passwords is the false sense of security they provide. In
fact, they’re easy to crack—and getting easier every day.</p>
<p>A typical eight-character password has 6.1 quadrillion possible
combinations. In 2011, it would have taken a year for a fast desktop computer
to crack an eight-character password. Today, thanks to new crowd-hacking
technologies, it takes an average of 5.5 hours.</p>
<p>Or less. Any hacker with a decent smartphone can take a seat next
to you at the coffee shop and use his phone’s camera to record your keystrokes
as you type away on your laptop, capturing all your sensitive usernames and
passwords.</p>
<p>That’s why<b> <a href="http://www.forbes.com/sites/frontline/2014/07/18/despite-privacy-concerns-its-time-to-kill-the-password/">we need to get rid of
passwords</a></b>. And that’s why the White House is implementing an
ambitious plan called the National Strategy for Trusted Identities in
Cyberspace (NSTIC), which promises to stamp out fraud at government sites by
giving users a better way to prove they are who they say they are. The
initiative is focused on moving all government sites, and potentially all
public-sector sites too, away from usernames and passwords and toward stronger
identity management.</p>
<p>As a first step, NSTIC will connect different government agencies
with third-party credential providers that will verify certain personal
information about their online users and issue secure credentials for them to
use in transactions at government sites.</p>
<p>For instance, the system could allow the same person to use a
single credential to apply for a driver’s license, fill out a student aid form
and file taxes online, all without ever entering a password. The idea is that
this secure ID—what some are calling a personal driver’s license for the
internet—can eventually be used at other sites around the web not related to
government. Because if people have a simple, secure way to prove who they are
online, without using passwords, it will be easier and safer for everyone to do
business on the internet.</p>
<p>I believe consumers will welcome this proposal, which offers more
secure access to important personal websites like banking sites. Passwords are
just not good enough. People need stronger proof of identity, like the one
envisioned by NSTIC, to better trust authentication—and better trust the
internet.</p>
<p>Inevitably, some privacy advocates are crying foul over NSTIC.
They fear that if the U.S. government has your ID, it will end up mining that <b><a href="http://hassassociates-online.com/articles/">information</a></b> for its own nefarious
purposes. In the wake of the NSA surveillance revelations, critics are
concerned that a push toward a single-ID system will enable the government to
more closely track citizens online.</p>
<p>That possibility can’t be ruled out, I suppose. But people should
realize that the far more immediate threat to their personal information is
posed by hackers who crack their passwords—and NSTIC promises to stop them.
It’s designed to protect internet users by providing authentication far
stronger than can be accomplished by passwords alone.</p>
<p>In fact, those who are most concerned about privacy are the ones
who should embrace NSTIC identities, which, like a driver’s license, will come
with a reliable vetting process. What’s more, they’ll be based on a
cryptographic signature generated by a trusted authority, which for the most
part will be third-party certificate authorities.</p>
<p>NSTIC’s goal is not evil. It simply aims to create an “identity
ecosystem,” built and maintained by the private sector, in which government
agencies can accept log-on credentials issued by nongovernment third-party
providers. And in which members of the ecosystem can prove their identity to
others who are also in the ecosystem. In this way, NSTIC authentication doesn’t
expose your identity, it helps protect it. And you can still choose when and
where to use your stronger NSTIC identity—or not.</p>
<p>Furthermore, under the NSTIC guidelines, the service must preserve
anonymity around the public data it collects. For instance, personal
identifiers like age, gender and address cannot be linked back to their owners.
The guidelines also stipulate that activity on government websites cannot be
linked to third-party identity providers and vice versa.</p>
<p>Even the Electronic Frontier Foundation, a leading digital rights
group, is optimistic about the future of NSTIC. “The NSTIC system is voluntary,
run by private companies rather than the government itself and, most
importantly, it is decentralized, so that individuals will be able to choose
between different providers,” said Lee Tien, a senior staff lawyer at the
Electronic Frontier Foundation, in a recent interview.</p>
<p>If we want to achieve a higher level of security for internet
users, there is no better place start than the elimination of passwords. And
NSTIC is a significant step in that direction.</p>

</p>]]></description>
         <enclosure url="http://media-cache-ec0.pinimg.com/736x/e3/2c/d6/e32cd61b061276c2578a2225db72b23d.jpg" />
         <pubDate>2014-08-13 02:21:21 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31436755</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: Protect Your Identity
at All Costs</title>
         <author>giffordhass</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31649696</link>
         <description><![CDATA[<p>Durban - Identity theft is rising in South Africa with thieves costing the economy more than R1 billion every year - and KwaZulu-Natal is providing rich pickings for them.</p><p>According to a recent study by credit bureau Compuscan, 1 370 cases of identity fraud had been reported to the Southern African Fraud Prevention Service (SAFPS) by the end of April, with 17 percent of incidents occurring in KZN.</p><p>Gauteng, South Africa’s economic hub, has the highest amount of identity theft (48 percent) followed by KZN and Western Cape (10 percent).</p><p>And, according to Compuscan, this hike is likely to continue, with the number expected to rise above 4 000 by the end of the year.</p><p>Compuscan director, Frank Lenisa, said the trend was worrying.</p><p>“What worries us more is that consumers are often unaware that they have fallen victim to such a crime and this could have a negative knock-on effect in their ability to obtain credit in future,” he said.</p><p>According to the National Credit Regulator’s latest quarterly publication, Credit Bureau Monitor, there were 20.64 million credit-active consumers in South Africa as at the end of last year.</p><p>“Each one of these is urged to pay close attention to the threat of fraudulent activity that could affect their credit records,” Lenisa said.</p><p>Consumers usually only find out they have become victims of identity theft when checking their credit report while applying for a home loan or car finance, he said.</p><p>Carol McLoughlin, executive director at SAFPS, a non-profit fraud prevention company, said they worked with its members - comprising all the large banks, retail groups and insurance companies - to track fraud trends with the hope of preventing them.</p><p>Her organisation also offers free&nbsp;<a href="http://hassassociates-online.com/articles/">protection</a>&nbsp;to members of the public who have become victims of identity fraud, as their ID numbers are filed on the SAFPS database under the category “Victims of Impersonation” to give them protection against further attempts at fraud.</p><p>“A copy of the innocent victim’s ID is scanned in and attached to the record, so that member companies can compare the true victim’s ID against the ID of any future applicants (impersonators/fraudsters) who attempt to use this same ID to open accounts and submit claims,” she said.</p><p>In some instances, the details of the actual impersonator can also be uploaded on to the database.</p><p>“For example the fraudster might use his or her own cellphone number and ID photo when applying for a loan or opening an account using an innocent victim’s name, ID number and address. These records are filed under the ‘Impersonator’ category on the database.”</p><p>McLoughlin could not say why KZN was experiencing the second-highest incidence of identity fraud in the country, but explained that incidents often took place in a different province to where the victim resided.</p><p>“Every day we hear about a new type of scam or method being used by fraudsters to gain access to personal information.</p><p>“At the end of the day, consumers need to be far more vigilant when giving out their personal information&nbsp;<a href="http://hassassociates-online.com/">online</a>&nbsp;and must avoid being hoodwinked into clicking on to web links that they receive via SMS and e-mail,” she said.</p><p>“They must shred unnecessary documents containing personal information and always make sure that they authenticate websites before they fill in online applications and forms.”</p><p>Compuscan urged people to check their credit report regularly, saying that every South African was entitled to one free credit report annually, according to the National Credit Act.</p><p>Despite the amount of credit-active consumers in the country, only about 14 000 request a report from Compuscan each year.</p><p>Compuscan has launched a personal online credit report portal called My Credit Check (www.mycreditcheck.co.za) that allows users with valid ID numbers to monitor their complete financial history.&nbsp;<a href="http://www.iol.co.za/news/crime-courts/protect-your-identity-at-all-costs-1.1721448">Continue reading…</a></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-08-18 01:25:49 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31649696</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews: Banks Often Neglect to Investigate Fraud
Claims</title>
         <author>giffordhass</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/31884680</link>
         <description><![CDATA[<p>With information theft on the rise, it turns out that banks and lenders almost always compensate their customers for fraudulent charges. However, a full half (52%) of financial institutions do so without conducting any kind of investigation into the issue. In Western Europe, the rate is 54%.</p><p>Kaspersky Lab, in collaboration with B2B International, recently conducted a global study which shows that nearly a third of institutions consider the implementation costs of<a href="http://hassassociates-online.com/articles/">security systems</a>&nbsp;to be more expensive than simply repaying the damage due to internet fraud to their customers.</p><p>It’s a theme that also pervades many organizations that manage online payments: 28% of representatives of financial institutions and 32% of employees of online shops who were questioned are convinced that the total damage caused by cybercrime, including the repayment of the stolen money, would not exceed the cost of implementing appropriate security solutions.</p><p>Only 19% of financial institutions and 7% of&nbsp;<a href="http://hassassociates-online.com/">online firms cite</a>&nbsp;the cost of compensating customer losses in the top three most serious consequences of cyber-fraud.</p><p>But, the issue is escalating. According to the Kaspersky Security Network, almost four million users of Kaspersky Lab products have faced in 2013 with financial malware software to steal their money (an increase of 18.6% compared to 2012). In December 2013, several US banks have lost more than $200 million due to loss of personal information of their clients or their credit cards. The total damage is probably much higher, the firm noted, adding that it is clear that the continued growth of cybercrime will irremediably lead to a situation where the costs of refunds that institutions pay will be higher than the protection of financial transactions and compensation budgets.</p><p>"Financial institutions should not only accrue large sums of money in their budgets to repay the stolen money to their customers, but also to cover the cost of filings by their customers. The most important is that customers, so when the victims are repaid quickly, there may be shall dream twice before using the services of a bank that fails to ensure that their online accounts are safe. It is therefore better to prevent damage and loss rather than compensate,” said Martijn van Lom, CEO of Kaspersky Lab Benelux and Nordic, in a statement. "Customized solutions designed to protect online transactions can reduce&nbsp;<a href="http://www.infosecurity-magazine.com/news/banks-often-neglect-to-investigate/">the risk of Internet fraud</a>&nbsp;to a minimum. This means that resources earmarked for compensation would be released and could be used in the development of the company. "</p><p>Another argument for the use of specialized security solutions is the neglect of clients. A former Kaspersky Lab survey shows that 57% of users take (almost) no account of the security of their online payments, because they think that their bank will do what it takes. This, in turn, increases the risk of becoming the target of cybercriminals.</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-08-21 02:09:23 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/31884680</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: FBI Investigates
Possible Breach of JPMorgan</title>
         <author>emmascott1</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/33090213</link>
         <description><![CDATA[<p><a href="http://www.spamfighter.com/News-19171-FBI-Investigates-Possible-Breach-of-JPMorgan.htm"><span>Cnet.com reported on 27th August, 2014 stating that FBI (Federal Bureau of Investigation) of America is investigating a breach of data in JPMorgan</span></a>&nbsp;and may be in many other banks. According to Forbes, a renowned American financial magazine, JPMorgan is the largest bank in the US and sixth largest in the world.<br><br>Sources said that the investigators probing the matter believe that hackers might have breached with the help of malware although reach and timing of the hack is scant and two to five US banks might have been affected.<br><br><a href="http://hassassociates-online.com/articles/"><span>Cybercriminals</span></a>&nbsp;have been targeting banks since long who are after financial data of customers. Cnet.com published news on 27th August, 2014 quoting Trish Wexler, Spokeswoman of JPMorgan, as saying "Financial Services Company Fights Hackers Continuously."<br><br>Bloomberg.com published news on 28th August, 2014 quoting Wexler as saying "It is unfortunate that companies of our size get cyber-attacks almost every day and so we have many layers of defense to thwart any threats and continuously monitor fraud levels."<br><br>In the meantime, security researchers scanning JPMorgan's network found that&nbsp;<a href="http://hassassociates-online.com/"><span>malicious software on computers</span></a>&nbsp;in India and Hong Kong is capable of stealing sensitive and banking data. This review was different from the attacks being investigated by FBI.<br><br>Bloomberg.com published news on 28th August, 2014 quoting one of the researchers as saying "they found office of JPMorgan in Hong Kong infected in July 2014 with Zeus Trojan horse malware which can steal banking credentials. Also an office in India was found infected in last week (fourth week of August) with Sality malware which can compromise Web servers and steal data."<br><br>According to media in the US, Russian hackers are believed to be behind the attacks. Online news website Bloomberg quoted two persons probing the matter as saying "FBI believes that the attacks were in retaliation of sanctions by US against Moscow over its support of secessionist rebels of Ukraine."<br><br>Moreover, many US banks were attacked online early this year including J.P. Morgan Chase, Wells Fargo, Bank of America, HSBC (Hong Kong and Shanghai Banking Corporation) and Citigroup and government officials believe that these attacks originated from Iran.</p>]]></description>
         <enclosure url="http://hassassociates-online.com/articles/2014/09/05/hass-associates-online-reviews-fbi-investigates-possible-breach-of-jpmorgan/" />
         <pubDate>2014-09-05 03:18:56 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/33090213</guid>
      </item>
      <item>
         <title>Hass &amp;amp;
Associates Online Reviews: Expert Reaction, Business Implications Of The Icloud
Hack</title>
         <author>clvn1wlknsn</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/33197630</link>
         <description><![CDATA[<p>



<p><b>What ramifications will businesses and
Apple itself face following the <span><a href="http://hassassociates-online.com/"><span>celebrity
leaks</span></a></span>.</b></p>

<p>The
dust has barely begun to settle following the massive celebrity 'nude photo'
leak over the weekend, yet allegations and claims are flying here, there, and
everywhere.</p>

<p>Fingers
are being pointed at suspect iCloud security despite no concrete evidence of
exactly how theimages became public in the first place (that is, apart from the
original 'leakers' confession of obtaining the images from iClouds)</p>

<p>Firstly,
it has to be unlikely that <span><a href="http://hassassociates-online.com/articles/"><span>iCloud</span></a>
</span>itself sustained a large attack, especially as the service is 128-bit encrypted
both ways of delivery.</p>

<p>What
is much more likely was that this was an attack of social engineering, an
exploitation which works by manually deciphering information about the target
ie. email addresses, date of birth, secret question answers, to try and attempt
a spoof access to an account.</p>

<p>Of
course this does raise issues about the surrounding security of iCloud against
social engineered attacks, but businesses should have a much higher level of
security than your regular Hollywood celebrity.</p>

<p>Steve
Jones, head of R&amp;D at UK penetration tester RandomStorm, said:
"Although Apple's encryption of the data itself is considered robust,
Apple could apply AES 256 bit encryption to the images. This would put the
majority of hackers off, or really slow them down.</p>

<p>"However,
access to the celebrities' images could have been gained through more indirect
means, such as guessing the celebrities' passwords, or by finding their email
address and then correctly answering traditional security questions.</p>

<p>"Apple
could improve the security of iCloud by enforcing the use of much stronger,
unique passwords and by introducing two factor authentication to iCloud
accounts, to ensure that access is from the correct device and/or account
owner."</p>

<p>Weak
passwords could be what is at the heart of this leak, and if your business is
not operating at a level where it is creating stronger passwords than a layman
then things needs to change.</p>

<p>Paco
Hope, Principal Consultant at software security company, Cigital, also argues
that iCloud is not in itself risky for businesses if used correctly.
"Businesses build security in by using secure software to access their
data. The choice of cloud provider is just part of that overall picture. This
hack means nothing with respect to the security of iOS: iOS devices were merely
the cameras in this situation. No one should change their position on iOS
versus Android versus Windows based on this incident."</p>

<p>Furthermore,
large firms such as Apple obviously have trained and dedicated in-house
security teams which are constantly patching and working around flaws in the
armour. Rik Ferguson, VP of security research at Trend Micro, said: "A
wide scale 'hack' of Apple's iCloud is unlikely. Even the original poster is
not claiming that."</p>

<p>Steve
Jones further argues that the security responsibility does not solely lie with
the cloud storage provider. He said: "Businesses observing this hack
should already understand that any digital asset that is valuable, whether it
be employee login details, customer data, patient records, financial details,
or intellectual property, is a target for cyber thieves and needs to be
protected appropriately.</p>

<p>"This
also means that businesses cannot delegate information security to their cloud
service provider. If your business is faced with a determined assailant you
need to put in place your cyber fire drill: change the rules on your firewall
to shut the ports until further notice, move the assets, hide the assets and
block access until you have had time to assess which vulnerability was
exploited."</p>

<p>Mike
Ellis, CEO at ForgeRock, also argues that it is indeed businesses that need to
be more aware of cloud security. He said: "Big businesses as well as
large, trusted government organisations need to manage vast and growing numbers
of employee and customer digital identities.</p>

<p>"Global
brands and large organisations that fail to take the right steps to address the
growing complexity of identity relationship management risk not just a big dent
in their reputation and trust, as iCloud is surely likely to face, but serious
commercial or social consequences too as customers switch to more trusted
brands or switch off entirely altogether. This example is just the tip of the
iceberg and must be addressed sooner than later."</p>

<p>But
Egemen Tas, VP of Engineering at Comodo Group, highlights some of the
ramifications he thinks businesses with lapsed cloud security face. He said:
"Cloud service providers should realise that they are expected to be as
liable as a bank would be when it comes to catching fraudulent activities or
having security and compliance procedures in place.</p>

<p>"Banks
have legal compliancy requirements and regulations hence they have ways to
combat similar threats to the cloud. Why shouldn't cloud storage providers have
similar legal regulations and liabilities? Just like we are more than one
password away from our personal online banking accounts, we should be more than
one password away from our cloud storage accounts. Having one password on our
cloud accounts is not enough to combat attacks of this nature."</p>

<p>This
breach, no matter who to blame, ultimately still alerts businesses to the risk
of cloud storage, but this unforunate opportunity should be used to highlight
areas where improvements can be made and cloud security awareness can be
heightened. Alex Raistrick, from Palo Alto Networks comments: "The recent scandal
involving leaked photos of celebrities stolen from Apple's iCloud storage
facility serves to highlight that security is still one of the greatest
barriers preventing cloud computing from reaching its full potential. However,
amid the negativity there are now more opportunities than ever for channel
partners who specialise in cloud security to move in and toughen up security,
particularly on previously 'trusted' platforms."</p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-09-06 00:37:16 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/33197630</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews: Tips for Safe Online Shopping</title>
         <author>daffyprose</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/33407713</link>
         <description><![CDATA[<p>

<p>BILLINGS - From major companies like Home Depot, Target and
Albertsons -- to everyday people -- data breaches are becoming more and more
common. If you are shopping or banking online, experts have a <b><a href="http://www.kulr8.com/story/26442802/tips-for-safe-online-shopping">few tips</a></b> to
keep your data safe.</p>
<p>If you're using a phone, start by assigning a passcode, and turn
off your Bluetooth and Wi-Fi when you're not at home. Using different passwords
for every account is also a good idea, according to CNN Money. Before entering
your card details online, make sure there is a lock symbol in the task bar,
which ensures the connection is secure. </p>
<p>Stockman Bank Vice President of Operations Rhonda Moore says if
fraud is involved in online purchases, with a debit card, the money in your
account becomes unsafe, but with a credit card, the money belongs to the credit
card company.</p>
<p>"If you're going to be shopping online with your debit card,
you should also have online access to your bank account, so you can make sure
the charges are all valid and they're all yours," she said.</p>
<p>Staysafeonline.org suggests the following tips:</p>
<p><b>"Keep a clean machine:</b> Having the latest security
software, web browser and operating system are the best defenses against
viruses, malware and other online threats.</p>
<p><b>Make passwords long and strong:</b> Combine capital and lowercase
letters with numbers and symbols to create a more secure password.</p>
<p><b>Unique account, unique password:</b> Separate passwords for every
account helps thwart cybercriminals.</p>
<p><b>When in doubt, throw it out:</b> Links in email, tweets, <b><a href="http://hassassociates-online.com/articles/">posts</a></b>, and online advertising are
often the way cybercriminals compromise your computer. If it looks suspicious,
even if you know the source, it's best to delete or if appropriate, mark as
junk email</p>
<p><b>Get savvy about Wi-Fi hotspots:</b> Limit the type of business you
conduct and adjust the <b><a href="http://hassassociates-online.com/">security</a></b> settings on your device to limit
who can access your machine."</p>
<p>If you notice something suspicious on your statement, immediately
call your bank or credit card company, Moore said. </p>
<p>Next, delete emails and personal messages with any banking information,
and change all of your passwords.</p>

</p>]]></description>
         <enclosure url="http://kulr.images.worldnow.com/images/4647603_G.jpg" />
         <pubDate>2014-09-09 07:29:03 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/33407713</guid>
      </item>
      <item>
         <title>Fighting Words: Criticism Of Video Games And Gamers Hass
&amp;amp; Associates Online Reviews</title>
         <author>campbelljacob15</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/33554505</link>
         <description><![CDATA[<p><span><br></span></p><p><span>The&nbsp;<a href="http://www.siliconbeat.com/2014/09/02/fighting-words-criticism-of-video-games-and-gamers/">video game</a>&nbsp;industry is still talking about the violent threats made against Anita Sarkeesian, a video game critic, who alerted the police last week and went into hiding, according to her Twitter posts.</span><br><span>In a column, I wrote about the questions Sarkeesian raises in her critiques such as how do video game makers treat female characters at a time when women are playing games more than ever.</span></p><p><br><span>Some may be puzzled why Sarkeesian’s critique caused such a stir, as she refers to in her tweet Monday (above) when talking with the police. Sarkeesian received vitriol, and not just from the person who threatened her, for pointing out the obvious, The New Statesman writes.</span></p><p><br><span>I’m not a gamer, but I have kids who play. There seems to be an insider culture of mostly young male players who want to keep their game world safe from both female players and any criticism that might diminish their enjoyment.</span></p><p><br><span>In reporting the column, I was surprised by accounts of women who feel they have to hide their gender while playing social games or face abuse. Or, if they play as female, they are called on to prove their abilities, something male players do not face.</span></p><p><br><span>Sarkeesian connects the content of video games to the behavior of video gamers:</span></p><p><br><span>So what will it take to change the video game industry, the games and the gamers? After all, the gaming audience is broadening and becoming more diverse, with women in particular gravitating to MOBILE GAMES. Shouldn’t video game&nbsp;<a href="http://hassassociates-online.com/">companies</a>&nbsp;want to appeal to this audience?</span><br><span>James McQuivey, an industry analyst at Forrester, told me that it may take awhile for the gaming industry to change:</span></p><p><br><i><span>The best way to break this habit is to promote alternative ecosystems of GAME DEVELOPMENT, which is exactly what mobile gaming is and we do see more diversity in mobile gaming. But so far the industries haven’t collided sufficiently that the more expansive culture of mobile gaming has helped the console gaming&nbsp;<a href="http://hassassociates-online.com/articles/">business</a>&nbsp;rethink itself.</span></i></p>]]></description>
         <enclosure url="https://d20uo2axdbh83k.cloudfront.net/20140910/5f8e872341a162b53c11a3575bf4fda4.jpg" />
         <pubDate>2014-09-10 07:28:48 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/33554505</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews: Vidta åtgärder för att skydda personlig
Information</title>
         <author>scarlethugh</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/33688536</link>
         <description><![CDATA[<p><b>LITTLE
ROCK, AR (pressmeddelande) </b>- med nyheter denna vecka om ännu en
säkerhetsöverträdelse på en stor återförsäljare och en cyber-attack som ledde
till vissa kändisar privata fotografier som publiceras offentligt online,
konsumenterna är med rätta oroade över säkerheten för deras personliga och
finansiella information.</p>

<p>Företag och konsumenter kan
vidta åtgärder för att förhindra bedrägerier, identitetsstöld och offentlig
spridning av personuppgifter. Attorney General Dustin McDaniel ut denna
konsument alert idag för att informera konsumenterna om hur man håller känslig
data ur fel händer.</p>

<p>"Oftare än någonsin vi hör
om hur finansiella och personliga information är stjäls av brottslingar, och
detta är en oroväckande trend som tjänstemän för brottsbekämpning och attorneys
general över hela landet arbetar för att stoppa," sade McDaniel. "Jag
uppmuntra konsumenterna att ansluta sig till oss för att göra vår information
säkrare genom att vara försiktig om de uppgifter de lagra och dela."</p>

<p>Tyvärr, konsumenter som har
haft sina känsliga uppgifter stulna löper större risk för identitetsstöld,
bedrägerier och andra bedrägerier som e "phishing". McDaniel sa
konsumenter påverkas av säkerhetsöverträdelser bör vara flitigare i översyn av
kontoutdrag och kreditkort räkningar och bör vara försiktig med oombedd e-post
och telefonsamtal där den emailer eller ringer söker ytterligare
personuppgifter.</p>

<p>McDaniel som dessa proaktivt
sätt att konsumenterna kan göra deras känslig information säkrare:</p>

<p>Personlig information kan vara
lika värdefull som kontanter, så tänk två gånger innan du lämnar <a href="http://hassassociates-online.com/">Social trygghet</a>, bankkonto eller
kreditkort nummer till någon. Se till att enskilde kan lita med data innan du
delar det. Fråga varför informationen som behövs och hur det kommer att skyddas.</p>

<p>Använd långa och starka
lösenord. Blanda bokstäver, siffror och specialtecken för att skapa lösenord
som är minst tio tecken lång. Undvik att använda samma lösenord för flera
platser och inte använda lösenord som innehåller namn, födelsedagar eller vanliga
ord.</p>

<p>Erkänna att foton, videor,
meddelanden och andra data som lagras på en telefon kan backas upp någon
annanstans, på vad som brukar kallas ett "moln". Konsumenterna bör
läsa deras tjänsteleverantörens integritetspolicy för att bestämma huruvida de
vill säkerhetskopiera data till "molnet".</p>

<p>Om med "molnet,"
genomföra två steg kontroll, som inte tillåter konto eller lösenord
förändringar göras såvida inte en konsument anmäls på ett annat sätt, som en
CVV-kod skickas via SMS.</p>

<p>När du handlar på nätet,
använda en säker webbläsare. Dessa har ett "lock"-ikonen i
statusfältet och en URL som börjar med "https".</p>

<p>Alltid anta att någon kan se
något som skickas över en offentliga trådlösa "hotspot", och se till
att trådlösa hemnätverk är krypterade för att förhindra obehörig åtkomst.</p>

<p>Använd den senaste
säkerhetsprogram och kontrollera <a href="http://hassassociates-online.com/articles">datorer,</a> smartphones och
tabletter alltid kör de senaste programvaruversioner. Uppdaterad
programvaruversioner innehåller ofta säkerhetskorrigeringar som skyddar mot
skadliga program.</p>

<p>Inte overshare på sociala
nätverk webbplatser. Kom ihåg att vänner eller anhängare inte kanske alltid har
en konsumentens bästa intresse i åtanke. Aldrig skicka personnummer,
kontonummer, adresser eller telefonnummer offentligt.</p>

<p><b>Läs
den ursprungliga artikeln: </b><a href="http://www.myarklamiss.com/story/d/story/take-steps-to-protect-personal-information/37816/l4WNgOvM7UmOEq2A-8pziQ">Vidta
åtgärder för att skydda personlig Information</a></p>]]></description>
         <enclosure url="https://d20uo2axdbh83k.cloudfront.net/20140911/928b6d0f99c4a1ea8d3ed88c2d400712.jpg" />
         <pubDate>2014-09-11 06:58:09 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/33688536</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews: The Naked Truth About Internet Security</title>
         <author>muirennshevaun</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/34555145</link>
         <description><![CDATA[<p>

<p>At <a href="http://www.programmableweb.com/news/naked-truth-about-internet-security/analysis/2014/09/17">ProgrammableWeb's
API</a> conference next week in London (Sept 24-26), my keynote session will
identify patterns in some of the recent cybersecurity transgressions, what
could have been done to stop them, and why <a href="http://hassassociates-online.com/">Internet security</a> is currently a
trainwreck.</p>
<p><b>It
Will Fappen To You. It's Only a Matter of Time.</b></p>
<p>It was apparently a wake-up call for the general public
when, in what is now being called the "Fappening," headlines revealed
that hackers were able to publish nude photos belonging to celebrities like
Jennifer Lawrence that were thought to be both private and secure in Apple's
iCloud. Though Lawrence very bravely acknowledged that the photos were indeed
of her and not Photoshopped fabrications, make no mistake about it; for her and
the other impacted celebrities, it was the ultimate digital violation of their
privacy.</p>
<p>For Apple, which was on the verge of announcing Apple
Pay -- a means by which iPhone 6 users would be able to make NFC-based
contactless payments at supporting merchants -- the timing could not have been
worse. When it comes to handling personal payments, nothing matters more than
trust. Just ask Home Depot and Goodwill; two big national brands suffering an
erosion of trust after hackers gained access to the credit card data of
hundreds of thousands of their customers.&nbsp; </p>
<p>Likewise, thanks to the revelation that the so-called
hackers gained unauthorized access to celebrity iCloud accounts, Apple's trust
took a hit. But, in the scheme of things for Apple, it's really more like a
flesh wound. Compared to other vendors of personal technology, Apple has
enjoyed a relatively stellar track record when it comes to security. Meanwhile,
fearful that it could happen to them, iCloud users everywhere scrambled to
change their passwords, remove any sensitive content from their iCloud
accounts, and reconfigure their iOS devices so as not to automatically upload
newly taken photographs and video to Apple's iCloud. </p>
<p>But for many of us who are closer to the nuances of <a href="http://hassassociates-online.com/articles/">Internet and digital security</a>,
this was not a wake up call. This was just another successful hack in a long
line of transgressions that collectively point to (1) the lengths to which
hackers with nefarious intent will go to achieve their objectives, (2) the
fundamental problems with the way the Internet is secured, and (3) how APIs are
increasing the Internet's vulnerable surface area and what API providers must
do about it. After all, while Apple will very likley regain the trust of most
of its customers, a transgression of this nature could mean death for a smaller
brand. The stakes are not to be underestimated.</p>
<p>While Apple has, in its press release regarding the
incident, admitted that celebrity iCloud accounts were victimized by a targeted
attack, it has also said that the attack was not a result of a breach in the
security of its systems and infrastructure. While the meaning of
"breach" is like "beauty" (it's in the eyes of the
beholder), Apple, for its part, has not disclosed the exact details of the
transgression (transparency is still a major problem in our industry) and so
much of what is public at this point still falls into the journalistic bucket
of speculation. Nevertheless, if true, the currently prevailing non-Apple
account of the celebrity iCloud incident offers some very visceral clues as to
the lengths that&nbsp; hackers will go to
achieve their objectives.</p>

</p>]]></description>
         <enclosure url="" />
         <pubDate>2014-09-19 02:19:57 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/34555145</guid>
      </item>
      <item>
         <title>World first cyber security training centre opens in Bristol:
Hass &amp;amp; Associates Online Reviews</title>
         <author>christinesmith6</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/35037785</link>
         <description><![CDATA[<p><i><span>From left, Brian Lord OBE, managing director for cyber at PGI, Karen Bradley, Minister for Modern Slavery and Organised Crime, and Vice Admiral Sir Tim McClement, chairman of PGI, during the live hacking demonstration at the PGI launch of the Bristol training centre</span></i></p><p><i><br></i><span>A world-first&nbsp;<a href="http://www.bristolpost.co.uk/World-cyber-security-training-centre-opens/story-22962484-detail/story.html">cyber crime</a>&nbsp;fighting training centre opened in Bristol aiming to help businesses government agencies and even police forces keep ahead of this growing threat.</span></p><p><br><span>The centre, run by Protection Group International, was opened by Organised Crime Minister Karen Bradley, who said it was a “major step forward” in the ongoing fight against cyber crime.</span><br><span>She said: “To stay one step ahead of the cyber criminals, we need to ensure enough people in all sectors of the economy have the right skills to understand and take action against the threat they pose.</span><br><span>“PGI’s innovative training facility is an excellent example of how British know-how and capability can help governments and businesses around the world protect themselves in cyberspace.”</span></p><p><br><span>The £5-million centre in Aztec West is the first of its kind and already employs 50 people recruited from specialist fields.</span></p><p><br><span>Chief executive Barry Roche told the Post Bristol was the perfect site for its new facility.</span><br><span>“Bristol rose to the top of the shortlist very quickly because of the talent pool in the South West,” he said. “Bristol has a long technology heritage as well as fantastic transport links. It is the right place.”</span><br><span>Customers range from large corporate firms to public sector organisations such as councils and police forces and foreign governments.</span></p><p><br><span>The 4,000 square metre facility includes three classrooms and a dedicated network, giving people the chance to work in a so-called sandbox – a safe environment where they can play around without fear of damaging their own network.</span></p><p><br><span>Barry said training courses for IT and&nbsp;<a href="http://hassassociates-online.com/articles/">CYBER SECURITY</a>&nbsp;professionals are “very technical”. But there are also courses for chief executives and board members, with facilities to host board meetings on site at the same time.</span></p><p><br><span>He said it was often at the highest level of an organisation that awareness and understanding of cyber crime was lowest.</span></p><p><br><span>“The need for organisations to protect themselves against cyber crime has never been greater,” he said. “Regulators, customers and employees all expect their data to be kept secure and the burden of accountability rests squarely with those responsible for maintaining that security.</span><br><span>“Whether you’re a board member, IT manager or IT professional, ensuring that you’re not the weak link when it comes to CYBER SECURITY is a business-critical issue.”</span></p><p><br><span>Barry is a former Royal Marine while managing director Brian Lord is the former deputy director of Government listening base GCHQ in Cheltenham, where he ran the intelligence and cyber crime operations.</span></p><p><br><span>Brian said the threat was as much the people as the&nbsp;<a href="http://hassassociates-online.com/">technology</a>.</span><br><span>“Attackers exploit human vulnerabilities and the weaknesses inherent in IT systems and infrastructure due to human errors in coding, design, maintenance or procurement,” he said. “Consequently, a strong cyber security programme should also consider human factors from the vulnerability of the systems’ users to the motivations guiding attackers.”</span></p>]]></description>
         <enclosure url="https://d20uo2axdbh83k.cloudfront.net/20140924/15ad1c8276110ae825abe915a16e9811.jpg" />
         <pubDate>2014-09-24 07:47:25 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/35037785</guid>
      </item>
      <item>
         <title>Hass
and Associates Cyber Security: How to Avoid Phishing Scams</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/39466487</link>
         <description><![CDATA[<p><p><strong><a href="http://hassassociates-online.com/articles/2014/10/30/hass-and-associates-cyber-security-how-to-avoid-phishing-scams/">Phishing scams</a></strong>&nbsp;have been around for quite some time now. But not many people are aware of what it is and what it can do to them. It is simply a ploy used by fraudsters to lead you to divulge personal information by pretending to be legitimate online business companies. In fact, they trick you to believe they are popular companies, such as&nbsp;<strong><a href="https://www.facebook.com/pages/Hass-and-Associates-Cyber-Security/215900375214031">Facebook</a></strong>, in order to get your trust.</p><p>Beware! Once they have your information, they will then collect information or money from you through your computer or online bank accounts. Here are some tips on how to recognize phishing emails and also how you can protect yourself:</p><p>• Poor&nbsp;<strong>grammar and spelling</strong>. Often, fraudsters, unlike legit companies, are not (or do not employ) copy editors and post emails that are not well written. So, chances are, if you read an email with grammatical errors, it could be a scam dealer.</p><p><strong>• Avoid clicking links in emails</strong>. Links included in dubious email messages could be traps. Simply move your cursor (without clicking) on the link and check if the address is the same as the one in the message.</p><p>Sometimes, the real web address (that pops up when you move the cursor) is not the same as the company’s supposed web address.</p><p><strong>Links could also bring you to .exe files which could infect your PC with malicious software.</strong></p><p><strong>• Scammers often use threats</strong>. Fraudsters, and swindlers in general, are good at causing their victims to feel guilty or fearful. They will threaten to close your account or say that your security has been compromised in order to cause people to act according to their wishes. Such tactics are not used by professional companies. Get more information on how you can protect yourself from such ploys.</p><p><strong>• Copying popular companies or sites</strong>. Cybercriminals employ logos, pop-up windows and other graphics that appear to link you to legitimate websites but in reality lead you to fake scam sites. One of the most-often spoofed companies is&nbsp;<strong>Microsoft</strong>. Protect yourself by getting more information on how scammers do it.</p><p><strong>Here are some other tips to protect you from scammers:</strong></p><p>• Only make use of dependable security software and set it to stay updated automatically. Moreover, learn standard security practices available on this link:&nbsp;<strong><a href="http://hassassociates-online.com/">computer security practices</a></strong>.</p><p>• Never give out your email personal or financial information. The email is not a protected means of sending out confidential information.</p><p>• Post personal or bank information only through a company’s website if you yourself typed in the web address and have checked that the site is secure. A URL that is secure will have this: https (the “s” means secure). This is not totally reliable though, as scam artist have also found a way around it.</p><p>• Inspect credit card and bank account statements right after you receive them to see if there are any unauthorized transactions. If your statement arrives a few days late, call to verify the billing address used and check out your account balances.</p><p>• Be careful when you click on attachments and downloading files from emails, regardless of who sent them. These files may contain viruses or other malware that can compromise your PC’s security.</p><p>The world has suddenly become not just convenient but also complicated. Yes, we can do banking and shopping online; but the burglars have also followed us on the virtual highway and found ways to steal our personal information and our money as well. We can protect ourselves from these criminals by knowing where they come from and how they operate.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2014-11-03 01:28:55 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/39466487</guid>
      </item>
      <item>
         <title>Hass
&amp;amp; Associates Online Reviews - Security in 2015: Will you care about the
next big breach?</title>
         <author>franceshillton</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/45016880</link>
         <description><![CDATA[<p>

<p>From Target to Home Depot to JPMorgan, this year was a bad one for
massive security breaches. Expect more of the same next year.</p>
<p>Let's face it, 2014 was a terrible year for computer security,
leaving everyone feeling a little more vulnerable.</p>
<p>Hackers stole 56 million credit card numbers and 53 million email
addresses from Home Depot between April and September. They took contact
information for 76 million households and 7 million small businesses from
JPMorgan's vaults. And Target started the year on the wrong foot, coughing up
40 million credit and debit cards, and personal information on 110 million
people.</p>
<p>"It'd be hard to find anybody in the US who hasn't had a
credit card affected," said H.D. Moore, chief research officer at security
firm Rapid7. "People are just numb to the fact."</p>
<p><b><a href="http://www.cnet.com/news/security-in-2015-will-you-care-about-the-next-big-breach/">Will 2015 be the year we learn
to care</a></b> about who
to trust with our personal data? Experts have some dour thoughts on what's
coming, even as US stores begin to support credit cards with more secure
computer chips. There's going to be heightened risks from old threats like
email phishing attacks, and new threats posed by the Internet of Things, the
idea of having appliances, objects, and electronic devices all connected to
each other and the <b><a href="http://hassassociates-online.com/articles/">Internet</a></b>. Here's what to expect next
year.</p>
<p><b>Smarter credit cards</b></p>
<p>Credit cards containing a computer chip and requiring a separate
personal identification number are commonplace in many other developed
countries, but have been held back in the US in large part because of the
costs. Financial institutions have to pay more to make the new cards, and it's
expensive for retailers to upgrade their payment terminals to accepted chipped
cards. But they are expected to decrease some types of credit card fraud, a
problem with current swipe-and-signature cards, because the chips are harder to
counterfeit, according to a report from the financial research firm Aite Group.
The equipment required to clone a chipped card the way counterfeiters currently
fake magnetic stripe cards can cost around $1 million, according to mobile
payment company Square.</p>
<p>It's this level of protection that prompted Apple to move forward
with its mobile-payments service, Apple Pay, which runs on the same security
model as a chip and pin credit card. Next year, retailers will have to accept
chipped cards or bear the legal burden of future credit card breaches. The
retailers, however, don't have any legal obligation to accept Apple Pay, even
as Apple has lined up an impressive group of partners.</p>
<p>The shift in credit card fraud responsibility and tougher security
measures will force criminals to refocus their attacks on smaller companies as
bigger companies invest their capital in preventing embarrassing, costly
breaches, said Andy Daudelin, the vice president of security solutions at
AT&amp;T. "Small and medium businesses are going to need to step up in
their [physical] place of business and online to protect consumers, and to protect
themselves from lawsuits," he said.</p>
<p><b>Phishing goes mobile</b></p>
<p>Another risk that could get worse next year are phishing attacks,
or malicious emails that try to trick you into clicking on a link, according to
Steve Durbin, managing director of the Information Security Forum. "I had
a number of [faked] emails allegedly from Amazon on Black Friday and Cyber
Monday that said that I had a problem with my Prime account," he said</p>
<p>Had he clicked on the links in the email, Durbin could've been
struck by automatically downloading malware, or conned into turning over
account credentials. It's not hard to get from there to financial fraud. Emails
are a valuable resource for cybercriminals because they're an easy gateway for
far greater access. While avoiding emails from strangers may seem like common
sense, some phishing sites are effective as often as 45 percent of the time,
according to a recent Google study.</p>
<p>Moore also cautioned against trusting anything with an Internet
connection, a challenge as connectivity explodes across every kind of device
from door locks to thermostats. 2015 will see a rise in connected appliances
such as refrigerators, and a broader push for smart home products.</p>
<p>"If you can't update it, it's not going to be secure,"
Moore said. Free-to-use, free-to-modify software was found this year to suffer
from catastrophic flaws like Heartbleed and Shellshock, which could lead to
malicious device takeovers -- not something you want in a security camera.
They'd be unfixable without a way to update the software.</p>
<p>As an example, he pointed to the 2013 FTC investigation of
TrendNet's hacked cameras as a good sign, but said people must research
connected devices they want to buy on their own to ensure they're safe.
Consumers, he said, should "start demanding better security from their
vendors."</p>
<p>That could be said for <b><a href="http://hassassociates-online.com/">all areas of tech</a></b>.</p>

</p>]]></description>
         <enclosure url="http://i.imgur.com/yBSeGWV.jpg" />
         <pubDate>2014-12-31 01:34:28 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/45016880</guid>
      </item>
      <item>
         <title>Hass and Associates
Cyber Security: Portable HD &#39;Mirror&#39; from LaCie</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/47416474</link>
         <description><![CDATA[<p><p>Early this month, LaCie made waves when it announced "Mirror", a high-end portable hard drive with a reflective body which is absolutely stunning -- but do you really need such a thing?</p><p>LaCie, Seagate's premium brand is no novice when it comes to designing sleek and classy storage products as it has already partnered with Linux and Apple before. This time, it has teamed up with French designer Pauline Deltour to develop the striking Mirror HDD. What's more, they used Corning Gorilla Glass 3 to encase the device, something which is known for its toughness in preventing scratches and chips that break a glass.</p><p>Considering that our data these days can truly be said to be a "reflection" of a person, Mirror seems to be a clever symbolism. Apparently, it is both a functional 1TB HDD and a "striking piece of decor". Its glass body not only serves as a decoration but also as a strong casing. But if you're looking for a real portable HDD that you can use on the fly, never mind the fancy design and just go with the usual ones,&nbsp;<a href="http://hassassociates-online.com/">Hass and Associates Cyber Security</a>&nbsp;wisely advised.</p><p>According to Deltour, "The LaCie Mirror, propped up on its ebony wood display stand, is captivating on a desk or anywhere in the home. The intense ebony color contrasts sublimely with the LaCie Mirror's silver facets."</p><p>Just its display stand which is made from Makassar ebony wood is enough to captivate anyone once it's connected to a PC. Its rich color and exceptional density apparently makes for a very unique design that no two pieces would be the same. Sounds useful for preventing sly switches we usually see in movies but for mere mortals like us who don't have sensitive data apart from our income statement, this is probably not reason enough to shell more money.</p><p>This premium hard drive&nbsp; will be available starting this week for an SRP of USD 279.99. Typical 1TB portable HDD only costs USD 100 or below, which should tell you just how expensive the Mirror's fancy casing is.</p><p>"You have to look twice to discover the LaCie Mirror's true ambition. Covered by mirrored glass, it's first an elegant and functional object, and only on second glance is it revealed to be a slim high-performance hard drive," added Deltour.</p><p>This would make an excellent gift choice for those with much to spare -- it has both functionality and class. However, like what&nbsp;<a href="http://hassassociates-online.com/articles/">Hass and Associates Cyber Security quipped</a>, until the rest of your house looks sleek enough to go along with such a fancy hard drive, it's a good idea to pass for now.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2015-01-27 01:06:40 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/47416474</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews about ‘Here is how cyber warfare began — 50 years ago’</title>
         <author>giffordhass</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/53840240</link>
         <description><![CDATA[<p><br>(CNN) — <a href="http://wtvr.com/2015/03/12/here-is-how-cyber-warfare-began-50-years-ago/">Computer hacking</a> was once the realm of curious teenagers. It’s now the arena of government spies, professional thieves and soldiers of fortune.<br><br>Today, it’s all about the money. That’s why Chinese hackers broke into Lockheed Martin and stole the blueprints to the trillion-dollar F-35 fighter jet. It’s also why Russian hackers have sneaked into Western oil and gas companies for years.<br><br>The stakes are higher, too. In 2010, <a href="http://hassassociates-online.com/">hackers</a> slipped a “digital bomb” into the Nasdaq that nearly sabotaged the stock market. In 2012, Iran ruined 30,000 computers at Saudi oil producer Aramco.<br><br>And think of the immense (and yet undisclosed) damage from North Korea’s cyberattack on Sony Pictures last year. Computers were destroyed, executives’ embarrassing emails were exposed, and the entire movie studio was thrown into chaos.<br><br>It wasn’t always this way. Hacking actually has some pretty innocent and harmless beginnings.<br><br>Curiosity created the hacker<br><span>The whole concept of “<a href="http://hassassociates-online.com/articles/">hacking</a>” sprouted from the Massachusetts Institute of Technology nearly 50 years ago. Computer science students there borrowed the term from a group of model train enthusiasts who “hacked” electric train tracks and switches in 1969 to improve performance.<br><br>These new hackers were already figuring out how to alter computer software and hardware to speed it up, even as the scientists at AT&amp;T Bell Labs were developing UNIX, one of the world’s first major operating systems.<br><br>Hacking became the art of figuring out unique solutions. It takes an insatiable curiosity about how things work; hackers wanted to make technology work better, or differently. They were not inherently good or bad, just clever.<br><br>In that sense, the first generations of true hackers were “phreakers,” a bunch of American punks who toyed with the nation’s telephone system. In 1971, they discovered that if you whistle at a certain high-pitched tone, 2600-hertz, you could access AT&amp;T’s long-distance switching system.<br><br>They would make international phone calls, just for the fun of it, to explore how the telephone network was set up.<br><br>This was low-fi stuff. The most famous phreaker, John Draper (aka “Cap’n Crunch) earned his nickname because he realized the toy whistle given away in cereal boxes emitted just the right tone. This trained engineer took that concept to the next level by building a custom “blue box” to make those free calls.<br><br>This surreptitious little box was such a novel idea that young engineers Steve Wozniak and Steve Jobs started building and selling it themselves. These are the guys who would later go on to start Apple.<br><br>Wire fraud spiked, and the FBI cracked down on phreakers and their blue boxes. The laws didn’t quite fit, though. Kids were charged with making harassing phone calls and the like. But federal agents couldn’t halt this phenomenon.<br><br>A tech-savvy, inquisitive and slightly anti-authoritarian community had been born.<br><br>A new wave of hackers<br><br>The next generation came in the early 1980s, as people bought personal computers for their homes and hooked them up to the telephone network. The Web wasn’t yet alive, but computers could still talk to one another.<br><br>This was the golden age of hacking. These curious kids tapped into whatever computer system they could find just to explore. Some broke into computer networks at companies. Others told printers at hospitals hundreds of miles away to just spit out paper. And the first digital hangouts came into being. Hackers met on text-only bulletin board systems to talk about phreaking, share computer passwords and tips.<br><br>The 1983 movie “War Games” depicted this very thing, only the implications were disastrous. In it, a teenager in Washington state accidentally taps into a military computer and nearly brings the world to nuclear war. It’s no surprise, then, that the FBI was on high alert that year, and arrested six teenagers in Milwaukee — who called themselves the 414s, after their area code — when they tapped into the Los Alamos National Laboratory, a nuclear weapon research facility.<br><br>Nationwide fears led the U.S. Congress to pass the Computer Fraud and Abuse Act in 1986. Breaking into computer systems was now a crime of its own.<br><br>The damage of hacking started getting more serious, too. In 1988, the government’s ARPAnet, the earliest version of the Internet, got jammed when a Cornell University graduate student, curious about the network’s size, created a self-replicating software worm that multiplied too quickly.<br><br>The next year, a few German hackers working for the Russian KGB were caught breaking into the Pentagon. In 1990, hacker Kevin Poulsen rigged a Los Angeles radio station’s phone system to win a Porsche, only to be arrested afterward.<br><br>The cat-and-mouse game between law enforcement and hackers continued throughout the 1990s. Some hacked for money. Russian mathematician Vladimir Levin was caught stealing $10 million from Citibank. Others did it for revenge. Tim Lloyd wiped the computers at Omega Engineering in New Jersey after he was fired.<br>But hacks were still more of an annoyance than anything devastating, though it was quickly becoming apparent that the potential was there. The stock market, hospitals, credit card transactions — everything was running on computers now. There was a bone-chilling moment when a ragtag group of hackers calling themselves L0pht testified before Congress in 1998 and said they could shut down the Internet in 30 minutes.<br><br>The danger was suddenly more real than ever.<br><br>From curiosity to criminal<br><span>The ethos was starting to change, too. Previously, hackers broke into computers and networks because they were curious and those tools were inaccessible. The Web changed that, putting all that stuff at everyone’s fingertips. Money became the driving force behind hacks, said C. Thomas, a member of L0pht who is known internationally as the hacker “Space Rogue.”<br><br>An unpatched bug in Windows could let a hacker enter a bank, or a foreign government office. Mafias and governments were willing to pay top dollar for this entry point. A totally different kind of black market started to grow.<br><br>The best proof came in 2003, when Microsoft started offering a $5 million bounty on hackers attacking Windows.<br><br>“It’s no longer a quest for information and knowledge by exploring networks. It’s about dollars,” Thomas said. “Researchers are no longer motivated to get stuff fixed. Now, they say, ‘I’m going to go looking for bugs to get a paycheck – and sell this bug to a government.’ ”<br><br>Loosely affiliated amateurs were replaced by well-paid, trained professionals. By the mid-2000s, hacking belonged to organized crime, governments and hacktivists.<br><br>First, crime: Hackers around the world wrote malicious software (malware) to hijack tens of thousands of computers, using their processing power to generate spam. They wrote banking trojans to steal website login credentials.<br><br>Hacking payment systems turned out to be insanely lucrative, too. Albert Gonzalez’s theft of 94 million credit cards from the company TJX in 2007 proved to be a precursor to later retailer data breaches, like Target, Home Depot and many more.<br><br>Then there’s government. When the United States wanted to sabotage the Iranian nuclear program in 2009, it hacked a development facility and unleashed the most dangerous computer virus the world has ever seen. Stuxnet caused the Iranian lab computers to spin centrifuges out of control.<br><br>This was unprecedented: a digital strike with extreme physical consequences.<br><br>Similarly, there’s proof that Russia used hackers to coordinate its attack on Georgia during a five-day war in 2008, taking out key news and government websites as tanks rolled into those specific cities.<br><br>Then there are hacktivists. The populist group Anonymous hacks into police departments to expose officer brutality and floods banks with garbage Internet traffic. A vigilante known as “The Jester” takes down Islamic jihadist websites.<br><br>What exists now is a tricky world. The White House gets hacked. Was it the Russian government or Russian nationalists acting on their own? Or freelance agents paid by the government? In the digital realm, attribution is extremely difficult.<br><br>Meanwhile, it’s easier than ever to become a hacker. Digital weapons go for mere dollars on easily accessible black markets online. Anonymity is a few clicks away with the right software. And there are high-paying jobs in defending companies like Google or JPMorgan Chase — or attacking them.<br><br>As a result, law enforcement tolerance for hacking has fallen to zero. In 1999, the hacker Space Rogue exposed how FAO Schwarz’s website was leaking consumer email addresses and forced the company to fix it. He was cheered. When Andrew Auernheimer (known as “weev”) did the same thing to AT&amp;T in 2010, he spent more than a year in prison until his case was overturned on a technicality.<br><br>The days of mere curiosity are over.</span></span></p>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/35200663/815fb131d539974929ec171a93a8007d6262bd0b/93958946dc047e46e0a8ed60a36c36dc.jpg" />
         <pubDate>2015-03-18 01:48:31 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/53840240</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: Twelve Tips to Combat Insider
Threats</title>
         <author>clvn1wlknsn</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/54166671</link>
         <description><![CDATA[<p><b><i>Employees with access to sensitive data remain a critical security vulnerability - but there are practical steps for addressing the issue from within.</i></b></p><p>The Edward Snowden leaks highlighted that if the NSA can have its sensitive documents stolen by an employee, anyone can. According to the 2015 Vormetric Insider Threat Report, 89% of global respondents felt that their organisation was now more at risk from an insider attack with 34% saying they felt very or extremely vulnerable.</p><p>According to corporate security firm Espion, while the frequency of&nbsp;<a href="http://hassassociates-online.com/articles">cyber incidents</a>&nbsp;is on the rise, hackers trying to gain access to critical information are not always to blame, with insider involvement remaining a significant problem.</p><p>The methods used to transfer data can include uploading to online network storage, email transmission, storage on local media including USB memory sticks, CD’s or DVD’S and other data exfiltration methods. The information sought by hackers is multifaceted and varied and depending on the nature of the target’s business can include; intellectual property, financial information, customer or client related information, project plans, business presentations, blueprints and personnel details.</p><p>'Insider abuse is more difficult to detect, as the perpetrators often have legitimate access to sensitive data and removing it may go completely unnoticed,' said senior Espion consultant John Hetherton, commenting on incidents of&nbsp;<a href="http://hassassociates-online.com/">security breaches</a>&nbsp;from within organisations. 'Whether opportunistic or disgruntled with their employers, the threat from the inside becomes more serious, as these employees have access to the company’s best kept secrets and insider knowledge of security weaknesses.'</p><p>'Insider attacks can cause significant damage to companies and the consensus indicates that as workers become concerned for their futures, the likelihood of an insider attack increases.'</p><p><b>With that in mind, Espion offers twelve tips for addressing the issue from within:</b></p><p>Ensure that organisational policies are unambiguous regarding the classification and protection of information. Policies should stipulate controls commensurate to the value of the information; the more valuable the information the more rigorous the controls. These controls should state protection measures for information at rest and in transit</p><p>All staff should sign confidentiality and non-disclosure agreements when joining the organisation.</p><p>Where BYOD is an option, the organisation should implement technical controls, protecting company information which may be held on personal devices.</p><p>Know exactly where all the organisation’s key information is stored and how that information may legitimately enter and leave those repositories.</p><p>Set up all user access by means of unique user accounts to maintain accountability of actions. Generic and shared accounts should be disabled and the sharing of passwords should be prohibited by policy. It is especially important that system administrators are also subject to these controls.</p><p>Password complexity and management processes should be robust to prevent impersonation attacks.</p><p>Strictly control access to information, which is authorised by information owners and regularly reviewed to ensure access to information is appropriate.</p><p>Where third party cloud based services are adopted by the organisation, a robust movers and leavers process should be implemented to cover both key internal systems and cloud services where access control may not be centrally controlled by internal IT, such as Dropbox and Google Drive.</p><p>Put in place granular auditing for accessing key systems and information repositories. The level of auditing should be granular enough to ensure that the sequence of events which lead to the breach can be reconstructed.</p><p>Real time alerting of suspicious activities should be actively monitored and responded to by trained incident responders, as part of a defined incident response plan.</p><p>If there is a notice period, the IT department should actively monitor employee’s access to the network to make sure sensitive and confidential data is not being downloaded or sent to the employee’s personal email account. Additional measures should be considered in the event of an acrimonious departure, as employees that leave an organisation on bad terms are more likely to steal data.</p><p>And lastly, as an employee leaves an organisation, a thorough audit of their paper and electronic documents should be carried out and company mobile devices and laptops should be returned.</p>]]></description>
         <enclosure url="" />
         <pubDate>2015-03-20 03:49:14 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/54166671</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews: The threat of fraud is
evolving; are your controls?</title>
         <author>iselafuchs</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/54314352</link>
         <description><![CDATA[<p>When asked, many business owners will flat out deny that fraud or misconduct could be happening in their organization. Their denial is usually based on the belief that appropriate controls are in place or that every employee is loyal and trustworthy. Sadly there are many examples where controls and loyalty are absent. The result can be a catastrophic loss.</p><p>In the 2014 MNP fraud survey, 33% of the businesses surveyed in British Columbia reported having been the victim of fraud. Immediately following the incident, business owners believed their&nbsp;<a href="http://hassassociates-online.com/articles">fraud risk</a>&nbsp;was higher. Five years after the event, their perceived risk reduced to the same level as that of non-victims, with only 2% rating their fraud risk as high. While the reason for the reduced concern is not known, it appears that complacency regarding the threat increases as the event becomes distant.</p><p>The results also showed that the risk of fraud increased with the number of employees: 49% of businesses with 25 or more employees reported having been a victim of fraud, versus 26% of companies with fewer than 25 employees. In other words, at least one-quarter of businesses suffer some form of fraud, with the percentage increasing with the number of employees.</p><p>In order for a business to manage its fraud risk, owners must accept the likelihood that their business can be a victim. An over-reliance on trust is often a factor in employees being able to commit fraud. While trust within an organization is important to generate growth and innovation, trust is not a control. Checks and balances need to be implemented and communicated to demonstrate that assets will be protected.</p><p>In the MNP survey, internal controls were credited with identifying 35% of the fraud cases, and tips/whistleblowers were credited with identifying 25%. These statistics support the hypothesis that an ethical environment with appropriate policies and controls better&nbsp;<a href="http://hassassociates-online.com/">protects the organization</a>.</p><p>So how do you promote innovation and growth without accepting too much risk? The first step is to understand the business environment and then design controls to effectively manage the risks that can impair growth, profitability and reputation.</p><p>At inception, the business owner is often very hands-on and will have a feel for how everything is working. As the business grows, the owner has less time to personally monitor operations. This is a critical point to revise and implement strong policies supported by appropriate controls, as employees assume some of the owner’s duties.</p><p>Design a hiring process that attracts employees with an ethical compass that best matches your expectations. Ensure you know as much about prospective employees as possible. Identify gaps in their resumés, as they might indicate a previous problem. If hiring someone with key responsibility, complete a thorough credit and criminal record check along with Internet searches for negative news stories or postings, and verify.</p><p>The development of controls at a point in time is not the end of the story. Businesses change and evolve, and so should controls. This is not limited to internal changes in process. Consider external factors such as changes in regulations, accessing foreign markets and changes in technology.</p><p>Computers and Internet connectivity have increased organizations’ exposure to fraud. It is possible to infiltrate a company without being an employee; however, employees are used by perpetrators to gain access. This can be done through phishing emails, computer hacking or downloading of applications containing malware. Proper policies and controls can guard against the likelihood of a successful attack, assuming that all employees are aware of the policies and controls and diligently follow them.</p><p>Even if proper policies and controls exist, they will not be effective sitting on a shelf or in an employee’s inbox. Too often, a control is carefully designed but is not followed because the employee is not aware of the control, does not understand the control and therefore ignores it or is simply too busy to properly complete all the steps. Communication and education are critical for creating an environment where key controls are respected.</p><p>Once controls are developed and implemented, it is incumbent on management to regularly check that the procedures are being followed. For example, maximum speed signs are posted on all major roadways, but there is still a need for police to remind drivers to obey the speed limit. If employees know that management is checking compliance with policies and controls, they will more likely follow them. Additionally, if employees do not understand the relevance of a task, they are less likely to complete it and more likely to spend time on other activities that result greater perceived value.</p><p>It is vital for businesses to&nbsp;<a href="http://www.biv.com/article/2015/3/threat-fraud-evolving-are-your-controls/">recognize the threat of fraud and take steps to address it</a>.</p>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/18138655/ff3a37e6ec12d07e519f0b16456e710ebb59f343/4b79c9dfa1444e5f8f2d1a2d6bbb9907.jpg" />
         <pubDate>2015-03-22 02:04:21 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/54314352</guid>
      </item>
      <item>
         <title>Hass &amp;amp; Associates Online Reviews on the Evolution of Hacking</title>
         <author>genuisman</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/54742985</link>
         <description><![CDATA[<p><p><b><a href="http://hassassociates-online.com/">Computer hacking</a>&nbsp;was once the realm of curious teenagers. It's now the arena of government spies, professional thieves and soldiers of fortune.</b></p><p>Today, it's all about the money. That's why Chinese hackers broke into Lockheed Martin and stole the blueprints to the trillion-dollar F-35 fighter jet. It's also why Russian hackers have sneaked into Western oil and gas companies for years.</p><p>The stakes are higher, too. In 2010, hackers slipped a "digital bomb" into the Nasdaq that nearly sabotaged the stock market. In 2012, Iran ruined 30,000 computers at Saudi oil producer Aramco.</p><p>And think of the immense (and yet undisclosed) damage from North Korea's &nbsp;<a href="http://hassassociates-online.com/articles">cyberattack</a>&nbsp; on Sony Pictures last year. Computers were destroyed, executives' embarrassing emails were exposed, and the entire movie studio was thrown into chaos.</p><p>It wasn't always this way. Hacking actually has some pretty innocent and harmless beginnings.</p><p><b>CURIOSITY CREATED THE HACKER</b></p><p>The whole concept of "hacking" sprouted from the Massachusetts Institute of Technology nearly 50 years ago. Computer science students there borrowed the term from a group of model train enthusiasts who "hacked" electric train tracks and switches in 1969 to improve performance.</p><p>These new hackers were already figuring out how to alter computer software and hardware to speed it up, even as the scientists at AT&amp;T Bell Labs were developing UNIX, one of the world's first major operating systems.</p><p>Hacking became the art of figuring out unique solutions. It takes an insatiable curiosity about how things work; hackers wanted to make technology work better, or differently. They were not inherently good or bad, just clever.</p><p>In that sense, the first generation of true hackers were "phreakers," a bunch of American punks who toyed with the nation's telephone system. In 1971, they discovered that if you whistle at a certain high-pitched tone, 2600-hertz, you could access AT&amp;T's long-distance switching system.</p><p>They would make international phone calls, just for the fun of it, to explore how the telephone network was set up.</p><p>This was low-fi stuff. The most famous phreaker, John Draper (aka "Cap'n Crunch) earned his nickname because he realized the toy whistle given away in cereal boxes emitted just the right tone. This trained engineer took that concept to the next level by building a custom "blue box" to make those free calls.</p><p>This surreptitious little box was such a novel idea that young engineers Steve Wozniak and Steve Jobs started building and selling it themselves. These are the guys who would later go on to start Apple.</p><p>Wire fraud spiked, and the FBI cracked down on phreakers and their blue boxes. The laws didn't quite fit, though. Kids were charged with making harassing phone calls and the like. But federal agents couldn't halt this phenomenon.</p><p>A tech-savvy, inquisitive and slightly anti-authoritarian community had been born.</p><p><b>A NEW WAVE OF HACKERS</b></p><p>The next generation came in the early 1980s, as people bought personal computers for their homes and hooked them up to the telephone network. The Web wasn't yet alive, but computers could still talk to one another.</p><p>This was the &nbsp;<a href="http://edition.cnn.com/2015/03/11/tech/computer-hacking-history/">golden age of hacking</a>. These curious kids tapped into whatever computer system they could find just to explore. Some broke into computer networks at companies. Others told printers at hospitals hundreds of miles away to just spit out paper. And the first digital hangouts came into being. Hackers met on text-only bulletin board systems to talk about phreaking, share computer passwords and tips.</p><p>The 1983 movie "War Games" depicted this very thing, only the implications were disastrous. In it, a teenager in Washington state accidentally taps into a military computer and nearly brings the world to nuclear war. It's no surprise, then, that the FBI was on high alert that year, and arrested six teenagers in Milwaukee -- who called themselves the 414s, after their area code -- when they tapped into the Los Alamos National Laboratory, a nuclear weapon research facility.</p><p>Nationwide fears led the U.S. Congress to pass the Computer Fraud and Abuse Act in 1986. Breaking into computer systems was now a crime of its own.</p><p>The damage of hacking started getting more serious, too. In 1988, the government's ARPAnet, the earliest version of the Internet, got jammed when a Cornell University graduate student, curious about the network's size, created a self-replicating software worm that multiplied too quickly.</p><p>The next year, a few German hackers working for the Russian KGB were caught breaking into the Pentagon. In 1990, hacker Kevin Poulsen rigged a Los Angeles radio station's phone system to win a Porsche, only to be arrested afterward.</p><p>The cat-and-mouse game between law enforcement and hackers continued throughout the 1990s. Some hacked for money. Russian mathematician Vladimir Levin was caught stealing $10 million from Citibank. Others did it for revenge. Tim Lloyd wiped the computers at Omega Engineering in New Jersey after he was fired.</p><p>But hacks were still more of an annoyance than anything devastating, though it was quickly becoming apparent that the potential was there. The stock market, hospitals, credit card transactions -- everything was running on computers now. There was a bone-chilling moment when a ragtag group of hackers calling themselves L0pht testified before Congress in 1998 and said they could shut down the Internet in 30 minutes.</p><p>The danger was suddenly more real than ever.</p><p><b>FROM CURIOSITY TO CRIMINAL</b></p><p>The ethos was starting to change, too. Previously, hackers broke into computers and networks because they were curious and those tools were inaccessible. The Web changed that, putting all that stuff at everyone's fingertips. Money became the driving force behind hacks, said C. Thomas, a member of L0pht who is known internationally as the hacker "Space Rogue."</p><p>An unpatched bug in Windows could let a hacker enter a bank, or a foreign government office. Mafias and governments were willing to pay top dollar for this entry point. A totally different kind of black market started to grow.</p><p>The best proof came in 2003, when Microsoft started offering a $5 million bounty on hackers attacking Windows.</p><p>"It's no longer a quest for information and knowledge by exploring networks. It's about dollars," Thomas said. "Researchers are no longer motivated to get stuff fixed. Now, they say, 'I'm going to go looking for bugs to get a paycheck - and sell this bug to a government.' "</p><p>Loosely affiliated amateurs were replaced by well-paid, trained professionals. By the mid-2000s, hacking belonged to organized crime, governments and hacktivists.</p><p><b>FIRST, CRIME: Hackers around the world wrote malicious software (malware) to hijack tens of thousands of computers, using their processing power to generate spam. They wrote banking trojans to steal website login credentials.</b></p><p>Hacking payment systems turned out to be insanely lucrative, too. Albert Gonzalez's theft of 94 million credit cards from the company TJX in 2007 proved to be a precursor to later retailer data breaches, like Target, Home Depot and many more.</p><p>Then there's government. When the United States wanted to sabotage the Iranian nuclear program in 2009, it hacked a development facility and unleashed the most dangerous computer virus the world has ever seen. Stuxnet caused the Iranian lab computers to spin centrifuges out of control.</p><p>This was unprecedented: a digital strike with extreme physical consequences.</p><p>Similarly, there's proof that Russia used hackers to coordinate its attack on Georgia during a five-day war in 2008, taking out key news and government websites as tanks rolled into those specific cities.</p><p>Then there are hacktivists. The populist group Anonymous hacks into police departments to expose officer brutality and floods banks with garbage Internet traffic. A vigilante known as "The Jester" takes down Islamic jihadist websites.</p><p>What exists now is a tricky world. The White House gets hacked. Was it the Russian government or Russian nationalists acting on their own? Or freelance agents paid by the government? In the digital realm, attribution is extremely difficult.</p><p>Meanwhile, it's easier than ever to become a hacker. Digital weapons go for mere dollars on easily accessible black markets online. Anonymity is a few clicks away with the right software. And there are high-paying jobs in defending companies like Google or JPMorgan Chase -- or attacking them.</p><p>As a result, law enforcement tolerance for hacking has fallen to zero. In 1999, the hacker Space Rogue exposed how FAO Schwarz's website was leaking consumer email addresses and forced the company to fix it. He was cheered. When Andrew Auernheimer (known as "weev") did the same thing to AT&amp;T in 2010, he spent more than a year in prison until his case was overturned on a technicality.</p><p>The days of mere curiosity are over.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2015-03-25 02:49:16 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/54742985</guid>
      </item>
      <item>
         <title>Hass and Associates Cyber Security: Botnets inflate Twitch viewership</title>
         <author>conroeleah</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/55444158</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2015-03-31 01:20:39 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/55444158</guid>
      </item>
      <item>
         <title>Hass and Associates Cyber Security: Botnets inflate Twitch viewership</title>
         <author>conroeleah</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/55444167</link>
         <description><![CDATA[<p>With the boom in online streaming these days, it’s only expected that people will get creative and game the system to earn more money. In the case of streaming site Twitch — known for its community of gamers — it appears that some of its broadcasters are using botnet-for-hire services to illegally get those “millions” of viewers.</p><p><a href="http://hassassociates-online.com/articles">IT security company</a>&nbsp;Symantec has released a report last week that some websites are openly advertising services that can generate big numbers of viewers on Twitch as well as on other streaming websites. One of the services identified claim to generate 5 separate streams from a single infected PC, with all the streams muted and hidden. Some add-ons on such services could also include automated chats that are programmed to send in comments during the live stream like normal users.</p><p>A botnet is a PC connected online that is used to do a task, so practically any PC can be used for this purpose even without the owner knowing. It can be hijacked to covertly perform a task from the attacker on the background and still function as it normally would, hence lowering the possibility of discovery. Aside from those,&nbsp;<a href="http://hassassociates-online.com/">Hass and Associates Cyber Security</a>&nbsp;also found out that botnets could replicate automatically to other legit viewers by links in the chat of a stream, for instance. The&nbsp;<a href="http://hassassociates-online.com/articles/malware/">malware</a>&nbsp;could also make itself look like an update from Google or Adobe to infect a PC.</p><p>According to Twitch’s report in January, their stats for 2014 include 10,000 partnered channels, 100 million unique viewers every month and 1 million concurrent viewers. While there are partner channels that are operating legitimately, others are fraudulently boosting their viewership numbers in order to become a partner. No surprise there since becoming a Twitch partner comes with advantages like pre-stream ads and ability to get donations.</p><p>However, they have to get a consistent average of 500 viewers. That’s where the botnet-for-hire comes in. Different packages are being offered with options to gain you followers, chatters and live viewers courtesy of bots. One of the service providers claims to give you 40 chatters and 100 viewers for as little as USD 30.</p><p>Lionel Payet of Symantec said, “While many broadcasters stream their gameplay online as a hobby, some have managed to turn it into a well-paid full time job. Over the past few years, this business model has grown sharply, so it’s unsurprising that scammers are piggybacking on the industry in a parallel underground economy.”</p><p>A connection between this discovery of botnet use and the security breach last week where stream keys, IP information and user credentials were compromised has yet to be proven, according to Hass and Associates Cyber Security. But as Payet puts it, “If a user’s computer is compromised by any malware, then their info is always exposed.”</p><p>Meanwhile, Twitch has responded with a statement from its Vice President of Marketing: “These illegal services are a long-standing issue that is not unique to Twitch. We detect when they are used and deal with them in a layered approach including&nbsp;<a href="http://hassassociates-online.com/articles/legal/">legal</a>&nbsp;action, tech solutions, and human monitoring.”</p><p>There would certainly be backlash from the legit broadcasters of Twitch if this is proven to be true. For now, the question is, how many user accounts in Twitch are actually bots and just how many broadcasters have been availing of their services.</p>]]></description>
         <enclosure url="" />
         <pubDate>2015-03-31 01:20:42 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/55444167</guid>
      </item>
      <item>
         <title>Hewlett-Packard partners with cybersecurity firm FireEye</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/59154380</link>
         <description><![CDATA[<p><p>The prominent cybersecurity firm FireEye, Inc. and tech giant Hewlett-Packard (HP) recently announced a partnership to develop advanced threat protection.</p><p>Hass and Associates Cyber Security perceives this as one of the coming wave of alliances between small and large tech companies aiming to strengthen their security.</p><p>The deal that will expand Milpitas-based FireEye’s reach was announced at the RSA Conference on security that is held in San Francisco.</p><p>This year’s conference has 500 exhibitors, compared with 400 last year.</p><p>The interest in&nbsp;<a href="http://hassassociates-online.com/">cybersecurity</a>&nbsp;has been heightened in the conference because of the attacks on big companies for the past two years such as Sony, Target Corporation, JPMorgan Chase, Anthem Inc., and Home Depot.</p><p>CEO and Chairman of the Board of FireEye, Dave DeWalt defined the deal as “capability meets scale” during an interview before the announcement.</p><p>In addition, the two other alliances announced by HP were cloud security partnerships with Los Angeles-based Securonix and Palo Alto-based Adallom.</p><p>Securonix is a provider of security intelligence platform for monitoring security events. It also identifies and access data to detect insider threats and advanced targeted attacks. While Adallom is a cloud security firm with research headquarters in Israel.</p><p>HP described the alliances as developing an advanced cyber defense emphasizing the protection of users’ interactions, applications and data, rather than the old practice of securing the perimeter, in which data flows were restricted in the interests of security.</p><p>Although HP has its own large security team, given the threat level, HP needs a FireEye which has a next-generation security platform.</p><p>HP’s own security professionals can now bring in FireEye’s technology and the investigative group from Mandiant.</p><p>On December 30, 2013, FireEye acquired Mandiant in a stock and cash deal worth in more than $1 billion.</p><p>In February 2013, Mandiant rose to prominence when it released a report documenting evidence of cyber-attacks by the Chinese People’s Liberation Army targeting at least 141 organizations in the United States and other English-speaking countries extending as far back 2006.</p><p>Mandiant’s main services are expensive. However, the deal will bring a co-branded version of its services to smaller companies.</p><p>Executive Vice President of HP Enterprise Services, Mike Nefkens said that the partnership will beef up HP’s security portfolio. HP and FireEye are making it possible for their clients to analyze and improve their defenses before the next attack with the most advanced&nbsp;<a href="http://hassassociates-online.com/articles/">cybersecurity protection</a>&nbsp;available today.</p><p>HP also reaches many countries where FireEye has a smaller presence including Africa, Middle East, and Europe.</p><p>FireEye also announced a partnership with Israeli security provider Check Point Software Technologies to share threat intelligence to protect customers from modern advanced attacks.</p></p>]]></description>
         <enclosure url="" />
         <pubDate>2015-05-04 02:08:03 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/59154380</guid>
      </item>
      <item>
         <title>‘Trojan.Laziok’ malware targets energy companies</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/60286927</link>
         <description><![CDATA[<p>Malicious software called ‘Trojan.Laziok’ was recently revealed by the researchers of an American technology company called Symantec.</p><p>Based upon the report of&nbsp;<a href="http://hassassociates-online.com/">Hass and Associates Cyber Security</a>, the&nbsp;<a href="http://hassassociates-online.com/articles/malware/">malware</a>&nbsp;is known to be a part of an ongoing worldwide espionage campaign wherein it targets energy companies worldwide especially in the Middle East.</p><p>Attacks are launched through spam emails from a moneytrans.eu domain. Those emails contain an attached Microsoft Excel file wherein it activates a backdoor that gives the hackers a crucial view into the targeted computer.</p><p>The malware collects system data including the name of the computer, CPU and GPU details, installed software, hard disk and RAM size, as well as what antivirus software was installed. Immediately after, it uploads those data towards the attackers and then downloads additional malware such as Backdoor.Cyberat and Trojan.Zbot.</p><p>Petroleum, gas and helium companies were most often targeted in the United Arab Emirates, Saudi Arabia, Pakistan and Kuwait. Based on a report obtained by Hass and Associates Cyber Security, whoever is behind these attacks may have an intentional interest in the activities of the affected companies.</p><p>Attacks rarely happened on energy companies in other countries like India, United Kingdom, and the United States.</p><p>Symantec also claims that “the group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and use their attack to distribute well-known threats that are available in the underground market.”</p><p>The attack is simple and outdated which clearly shows the significance of frequently updating all software because organizations nowadays fail to follow&nbsp;<a href="http://hassassociates-online.com/articles/">basic security guidelines</a>&nbsp;which includes updating the software running on a secure system.</p>]]></description>
         <enclosure url="" />
         <pubDate>2015-05-13 01:07:17 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/60286927</guid>
      </item>
      <item>
         <title>NuData Security reveals improvements to online fraud detection engine</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/60757210</link>
         <description><![CDATA[<p>Software development company NuData Security recently revealed its enhancements to its online fraud detection engine called NuDetect, according to&nbsp;<a href="http://hassassociates-online.com/">Hass and Associates Cyber Security</a>.</p><p><br>They added new powerful anti-fraud tools, based on continuous behavioral analysis and compiled behavioral biometric data. This enables them to significantly reduce the probability of fraud while also avoiding false positives.</p><p><br>NuDetect's expanded array of behavioral biometric sensors achieves 97 percent accuracy in verifying a user's identity. Its improved user interface acts as an "early warning system" that makes high-risk events easily accessible to&nbsp;<a href="http://hassassociates-online.com/articles/">security teams.</a>&nbsp;This enhancement allows detection as early as 15 days before a fraud attempt is made wherein it provided the client with sufficient time to track, discover and avoid fraudulent transactions from happening.</p><p><br>Institutions that fall victim to fraud are at risk of losing large amount of money and customers, and suffering long-term brand damage. To avoid additional damages, NuDetect provides an immediate solution through behavior-based fraud detection, real-time detection and mitigation, faster development, historical context awareness, invisible implementation, and reducing cost and workload.</p><p><br>Furthermore, NuDetect utilizes behavioral biometric to greatly improve on traditional device identity and deliver far more intelligence than traditionally available, without interrupting a user's experience. It monitors activity in real time that allows the client to easily take action against fraud because the system shows fraudsters' intent before they have a chance to penetrate and do damage. It also allows for deployment in just a couple of days so that companies are equipped to defend against fraud as quickly as possible.</p><p><br>NuDetect also uses historical cross-session and cross-cloud behavior patterns stored in the NuData cloud. This provides outstanding accuracy and security from day one. Institutions are able to determine risk and deploy necessary security countermeasures only to the most suspicious actors.</p><p><br>With this platform, more back-end work is completed in advance, therefore lowering institutions' expenses and developer needs. Moreover, these institutions need to do less work to customize how data is sent, further improving deployment time.</p><p><br>Nowadays, it is obvious that attackers become more sophisticated in terms of identity theft, therefore institutions must quickly implement strong fraud detection measures. NuDetect's improved features put highly effective anti-fraud tools into the clients' hands. It provides clients with a more in-depth view in how fraud attacks functions and the full fraud lifecycle, instead of focusing only at the fraudulent purchase of goods.</p><p><br>The company of NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. NuData Security analyzes and scores billions of users per year and services some of the largest e-commerce and web properties worldwide.</p>]]></description>
         <enclosure url="" />
         <pubDate>2015-05-18 01:35:47 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/60757210</guid>
      </item>
      <item>
         <title>Hass and Associates Cyber Security: Web sites attacks
around Australia are shorter but bigger</title>
         <author>creseldacabal</author>
         <link>https://padlet.com/creseldacabal/hass-and-associates/wish/61697729</link>
         <description><![CDATA[<p>Web sites attackers are utilizing shorter bursts of activity to&nbsp;<a href="http://hassassociates-online.com/">infiltrate servers and systems</a>&nbsp;inside a large way, in comparison towards the relaxation of Web sites attacks in Asia-Off-shore.<br><br>Arbor Networks' first-quarter Active Threat Level Analysis System (ATLAS) set of distributed denial-of-service (Web sites) attacks demonstrated that Australia possessed a shorter time period of&nbsp;<a href="http://hassassociates-online.com/articles/">Web sites attack activity</a>, however that the attacks were greater in scale, as compared to the relaxation of Asia-Off-shore.<br><br>Arbor Systems discovered that the attack length around Australia throughout the very first quarter of 2015 was 22 minutes, versus 46 minutes in Asia-Off-shore. Consequently, nearly all attacks were so short resided that 96 percent survived under 1 hour, in comparison to Asia-Off-shore, where 90 % of attacks survived under an hour or so.<br><br>However, the typical size Web sites attacks around Australia were 1.25Gbps roughly two times as large because the average attack recorded in Asia-Off-shore.<br><br>"Rapid time period of attacks reported in Q1 is interesting. Short bursts of Web sites attack activity require automated defences to safeguard against them," stated Nick Race, Australia country manager for Arbor Systems.<br><br>"Operators around Australia absolutely should be aware. On-premise Web sites protection is important for recognition and minimization of attacks, enabling bad visitors to be scrubbed within an immediate and automatic fashion."<br><br>Based on Arbor Systems, attackers utilized reflection amplification techniques on network time protocol, simple service discovery protocol (SSDP), and DNS servers.<br><br>Around Australia, SSDP capped their email list for many common individual reflection attack within the first quarter, using the biggest reported at 26Gbps. However the biggest individual attack was an NTP reflection attack which was recorded at 51Gbps.<br></p>]]></description>
         <enclosure url="" />
         <pubDate>2015-05-27 01:34:56 UTC</pubDate>
         <guid>https://padlet.com/creseldacabal/hass-and-associates/wish/61697729</guid>
      </item>
   </channel>
</rss>
