Connecticut's IT Managed Services Blog

NSI's IT Support Team has reviewed the data:  After a 6 month study that consisted of over 630,000 samples has found that when it comes rootkits, Windows XP has 74% off all the infections, followed by Vista with 17% and Windows 7 with 12%.  Microsoft even admits that Windows 7 is over 5 times more secure than XP in there last quarterly security rate. Although AVAST, an anti-virus software company, has pointed out that Windows XP infection rates might not be all Microsoft’s fault, as many of the machines running Windows XP are running pirated versions which aren’t allowed to be updated through Microsoft leaving the OS vulnerable to various types of virus’s and rootkits.

A rogue hacking organization, LulzSec, has been terrorizing different internet sites as a way of protesting certain corporations and governments that they find to be corrupt, and then adding in their own random hijinks into the mix taking down legitimate sites also which they state that they do it for the Lulz. LulzSec has “hacked” the various sites to different degrees, sometimes with the intent to hurt the company by stealing customer data and forcing them to update and fix their security flaws, other sites they do it to prove that there are security holes with no malicious intentions, and finally some sites are hit with DDoS attacks, (Distributed Denial of Service) which is overloading the server with requests so it becomes unavailable for its intended users.

Some of the high profile attacks the group LulzSec has attacked have been:

• PBS (Stole user data and posted a fake news story)
• Sony (Stole user data of up to 1 million users causing Sony to take down the Playstation network for over a month
• Nintendo (Stole a Config file and apologized to Nintendo, stating they love the N64 too much to hurt them)
• Black & Berg Cybersecurity Consulting (Who had posted a hacking challenge that was completed by LulzSec)
• Pron.com (A pornographic website in which 26,000 of its user’s emails and passwords were posted online with encouragement from LulzSec to try them on Facebook and other sites)
• Bethesda Game Studios (Posted information taken from their site, but did not post the 200,000 account information that they had stolen from the site also)
• Minecraft (DDoS attack from their “Titanic Take-down Tuesday”)
• League of Legends (DDoS attack from their “Titanic Take-down Tuesday”)
• The Escapist (DDoS attack from their “Titanic Take-down Tuesday”)
• FinFisher (An IT security company that was also hit with a DDoS attack from their “Titanic Take-down Tuesday”)
• EVE Online (DDoS attack from their “Titanic Take-down Tuesday”)
• Writerspace.com (62,000 User emails and passwords were posted, later it was revealed it was from Writerspace.com)
• InfraGard (a Company that works the FBI for botnet detection, they hacked and leaked some user accounts from their data base)
• British National Health Service (They emailed the administratiors letting them know they found a security hole, and did not intend on exploiting it)
• Senate.gov (Released emails and passwords of users of senate.gov)
• Cia.gov ( Used a DDoS attack to take down the site after the Pentagon said that cyberattacks could be considered an act of war)

A new study from CPU maker, AMD, shows that over one third, 37%, of companies are now using cloud infrastructure for their data centers with an additional 43% of companies investigating implementation. And this isn’t just small companies who are relying on the power of cloud technology, with 63% of those using the cloud saying that they have data stored in there worth over $250,000, meaning billions of dollars worth of information is now sitting securely off-site.

Cloud computing has been growing over the past couple of years, and has increased with the wide spread of virtualization allowing companies to scale their IT department easier and more efficiently. 1 in 10 companies are now storing over 10 million dollars in the cloud now, but there is still concerns from security experts who point out that are still some flaws that have come to light recently with companies like Sony having their servers hacked and Amazon’s cloud service going down for an extended period of time leaving many companies unable to access their information. While security was still sited as the number one concern when moving to a cloud infrastructure, these flaws in the cloud computing model haven’t deterred companies from moving to the cloud, having the benefits of accessing their information from anywhere and allowing companies to outsource certain IT tasks to an outside company.

It was recently found that Apple has been tracking every iPhone user’s location with a secret hidden file. This came as a shock to most, as Apple has never mentioned this feature, which was most likely added in the iOS 4 update, and has caused quite a stir among privacy experts. This file tracks your location based on cell phone triangulation, which gives a general pinpoint of where you are at that time by locating the signal strength over 3 towers. What is even more alarming as there is currently no way to prevent apple from gathering your data, even with your GPS off, Apple can see where you were at any given time. To make matters worse, this file is unencrypted, meaning that anyone with a little bit of knowhow can pull up this data and check in on your activities.

Currently there is no word on why Apple added this feature to its mobile devices or what it planned on doing with the data, but the data is there assessable to anyone who can gain access to your iPhone or even a backup copy you make during syncing, as the data is transferred from the device to your computer. Current speculation has people wondering if this was even intentional, as both Android and Windows Mobile both track your location, but only the most recent one used. Apple might have been doing the same thing, but do to a bug/oversight it might not be deleting the past data like it should.