December 12, 2013

Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

Microsoft, Europol claim victory in taking down ZeroAccess botnet

It always seems like we post items to our blog designed to scare the bejeezus out of you. Well, that’s intentional. The Internet is a dangerous place, and if you’re not aware of some of the dangers, then you’re a sitting duck (and that’s just not sporting).

You know what the two articles above have in common? They present reasons why there will be a global agency – in the next 20-30 years we think – to police the Internet. This won’t be like ICANN – this will be an organization funded by the major Internet countries to keep the infrastructure safe and go after those who would exploit the ‘net for criminal purposes. It will be a political football, and has potential to evolve into a massive bureaucratic entity, but it will be the logical extension of what the world will need as the Internet roots itself deeper into daily life.

Imagine the Tylenol poisonings in the 1980’s, except on a global technological scale? Who would go after the bad guys in that instance? It would be a cluster among agencies across the globe right now.

We’re not for more government in peoples’ businesses, but it just seems like this will be the devised solution as politicians realize the damage to be done via the Internet.

As always, what says you?

SCOR

December 05, 2013

By Sean C. O’Rourke, Principal, Syzygy 3, Inc.

In the good ol’ days of the Internet (nee the World Wide Web), SPAM seemed to be the biggest threat to users. In reality, SPAM just threatened to overwhelm your inbox. But it proved yet again that the “bad” guys would always be ahead of the “good” guys.

The dangers on the Internet, like the Internet itself, have evolved. Viruses, Trojans, malware, spyware all became dangers to users. A relatively new -ware to flood the ‘net is called ransomware, with the latest being CryptoLocker (appeared in the latter part of 2013). Ransomware is an apt name for these infections, as the software renders your machine and/or data unusable until you pay the originating agent a specified amount of money (CryptoLocker charges $300).

CryptoLocker has received the bulk of publicity lately because the infection encrypts data on your machine and that encryption cannot be undone except by paying the ransom (you get a “key” that will unencrypt your data). You can clean the actual CryptoLocker infection off your machine, but even the NSA won’t be able to unencrypt your data without a key. At the moment it’s unclear whether the CryptoLocker software transmits any of your data to an outside source or merely taunts you with the encrypted data. In all reported cases of which we know, if the ransom is paid, the data are unencrypted.

Now that the “bad” guys are out ahead again, what can you do to protect your machine and data? At the moment, the infection is typically delivered via an email attachment. Security tools are still working to block software before it reaches your inbox, so it’s on you, the user, to recognize a potentially dangerous attachment and just delete the email.

Some suggestions:

  • Study every email you receive; ensure that it’s legitimate, thus confirming any attachment to be safe
    – This is getting more difficult as the fake emails are looking more and more like real emails
  • Any attachment that ends in .zip or .exe, or other types of media extensions, should be thoroughly scrutinized; these have been the most customary delivery vehicles
    – If you’re ever in doubt about an attachment you receive from a known sender, you can always send that person a separate email to confirm they sent the attachment
  • Financial institutions (banks, credit card companies, PayPal, etc.) WILL NOT send you any attachment to sign or review, and definitely will not send attachments that end in .zip or .exe
    – Emails from a financial institution will always address you by your full name, not “Dear Customer” or “To Banking Customer” or some other salutation
    – Again, if you’re not sure, financial firms generally provide you a message center within your online account; simply login to see if the email received is also in the messaging center; if it’s not, the email is probably not genuine
  • Backup all your important/valuable data to an offline resource, one that is not always connected to your machine
    – An external hard drive is one example
    – An online site that does not create a copy of your data on your machine, and requires you to always login with a username & password

The list could go on, but you get the picture. Common sense is still your best defense against most online dangers. Be smart about the sites you visit, the attachments you click on, the offers you accept, and you should be OK. You’ll never be 100% safe, but you can determine how vulnerable you are when online.

For more information on the CryptoLocker infection, visit http://en.wikipedia.org/wiki/CryptoLocker.

Or contact Sean C. O’Rourke
sorourke@syzygy3.com

December 05, 2013

There’s a quote – not sure who said it – that goes (paraphrasing here): “Learn from my mistakes so you can make your own, then teach someone not to make either of our mistakes.” It’s how species progress (and how we learned not to stick our hands directly into the fire pit). And while the human race has made tremendous strides, can you imagine how far along we’d be if we strictly followed that advice?

Ran across the article below. Having been around the city for a good part of my life, it baffles me that anyone still has issues with items 1-3 (startups and seasoned companies alike). Did no one learn anything from the original Internet boom (mid- to late-1990’s)? All sorts of startups crashed and burned because they took on too large a real estate footprint, hired too many people, and had no idea how to get people to buy their products/services. Incredible that so clear a lesson has yet to be learned by most.

From our vantage point, a lack of appreciation for how fast money goes out and how tough it is to bring in ranks #1 on reasons why these mistakes are recycled. The sudden influx of investor money skews reality for these companies, particularly if they’ve never managed money of any appreciable amount. Suddenly the world is their oyster, but those little devils are not only tough to open, but very expensive.

Investors themselves also drive this spending. Quick story: a friend of ours started a social media platform company about 4 years ago. Within a year Fortune 500 companies were signing up to use his platform. In less than two years the company was making decent profits. Still, our friend was prudent, so he continued to seek venture capital (VC) investment. VC’s couldn’t throw money his way fast enough. As the company’s business operations was handling everything, the VC money became a just-in-case fund. Well, the VC’s didn’t like that. They started pressuring the company to spend their cash… all of it. It was weird and crazy, and to this day, it still doesn’t make sense to us.

Anyway, if you have a great idea and are lucky enough to get it off the ground, learn from your forerunners, especially those who didn’t make it. If you learn something from them you may hang around long enough to teach others.

5 mistakes NYC startups make

SCOR