Do you feel safe using Paypal?

 If you’ve ever shopped around the internet, you’ve probably come across Paypal before. It’s one of the biggest online payment transfer companies there is. The question is, how secure is this site, and with big names like Ebay requiring you to use it, do we really have any choice in the matter?

According to the Paypal site, they think their site is pretty secure:

PayPal automatically encrypts your confidential information in transit from your computer to ours using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available). Before you even register or log in to the PayPal site, our server checks that you’re using an approved browser – one that uses SSL 3.0 or higher.

Once your information reaches the PayPal site, it resides on a server that is heavily guarded both physically and electronically. PayPal servers sit behind an electronic firewall and are not directly connected to the internet, so your private information is available only to authorized computers.

I’ve personally never had any problems with Paypal, and I’ve used it quite often. There are certainly horror stories though. Even having known there is a risk using this service, and now that I’ve researched this in more detail and read all the stories of people who’s accounts were frozen, and lost thousands of dollars, I’m undoubtably still going to use Paypal. I don’t have much of a choice. There’s also an inherent risk in doing any transactions online, no matter where you go. So unless I find an amazing alternative, and sites start supporting that alternative, I’ll stick to paypal.

What do you guys think? Do you use Paypal, and if so, do you feel safe?

Anonymous planning a Day of Vengeance on Sept. 24

Anonymous, a hacktivist group has released a statement that they
are planning on having a special “Day of Vengeance” this Saturday
September 24. They did not state what city they were planning to do this in but
most clues point to New York. This is because they stated that they are planning
to have peaceful protests along with cyber-attacks on “various
targets” such as Wall Street, Corrupt Banking Institutions, and the New
York Police Department.

To spread the message Anonymous used a website called, Pastebin,
to post their message out to everyone. Though the police are not worried about
the protestors, Anonymous has been very successful in launching cyber-attacks.
Just last month the group has claimed to have hacked the servers of companies
such as Symantec, Apple, Facebook, and Microsoft.

Though Anonymous has kept their organization very secretive, a
number of alleged Anonymous members have been arrested around the world. Even
though there have been arrests, Anonymous has kept a brave face stating that
even though they are arresting some of their members, there are always other
members to take their place.

If you look at the Anonymous slogan it states “We are
everywhere. We are legion. We never forget. We never forgive.” and I guess
we will see how far they take this, this coming up Saturday.

Windows 8 raises the bar on Security something to worry Linux users

We can say that most of Linux PC users have installed their operating system on a computer that has been pre installed with Windows. Moreover installing Linux over a pre installed windows PC is cheaper and more convenient regarding you might want to switch back one day.

However with Windows 8, the situation seems like it will change. A security feature in windows 8, might deem installing Linux over Windows 8 certified hardware impossible. A Red Hat developer Matthew Garett, has announced that it is not necessary to panic but it worths worrying.

“The problem” arises from the fact that Microsoft would like to use hardware based secure boot protocol called “Unified Extensive Firmware Interface(UEFI)”. This technology aims to supply protection against rootkits and low level attacks.

Garrett further explains UEFI keys as “If a manufacturer has installed a key into the machine, the only way for the code to be signed by this key, is to have the signing to be done by the manufacturer”. Several keys might be installed on a machine, but if you do not get the machine to sign double data, you can not achieve an installation.

Microsoft already announced that machines with Windows 8 logos will come with a feature called secure boot. Garrett guesses hat Windows on those machines will be signed by a Microsoft key signature. Linux and similar operating systems does not include any signature. Thus if the manufacturer does not have a certain intention to enable these operating systems the OEM and Microsoft signed machines will not operate a Linux general distribution.

iPhone Security Threat

Nowadays, more and more information is being stored on smartphones such as contact details and often emails that contain sensitive information. I predict an upward trend in the number of mobile phone attacks in the next couple years because of the amount of data that is stored on mobile phones. Recently a security vulnerability was found in a iPhone application- Skype. The vulnerability allowed an attacker to steal address book information off an iPhone which could potentially be disastrous. The attack would be administered by a cross-site scripting vulnerability which exists in Skype’s chat window.

CNET discusses the vulnerability here- http://www.zdnet.com/blog/security/xss-bug-in-skype-for-iphone-ipad-allows-address-book-theft/9426?tag=mantle_skin;content

To add to the issue of security flaws around smartphones physical security is also an issue. Stolen, lost, or un-password protected- leaves any information on the phone exposed to a potential thief. A possible solution would be to encrypt your personal mobile phone. Most smartphones have the option to do this for an extra layer of security. Also for basic security adding a password to the phone keeps unwanted people from going through your phone. What are your thoughts on this? Do you think mobile security is an important issue?

US government looks to form cybersecurity code of conduct

http://www.engadget.com/2011/09/23/us-government-to-beat-back-botnets-with-a-cybersecurity-code-of/

With all the recent botnet attacks organizations are looking to find ways to combat these attacks and create a unified guideline for ISP’s to follow. The national institute of standards and technology has published a request for information to help create a voluntary code of conduct that would include internet as well as IT companies and would provide “best practices” for these companies.

As of now suggestions are still being collected and will continue until November 4th. It has been said however that NIST is considering two models which were used overseas. These programs are Australia’s iCode program and Japans Cyber clean center. While these programs are meant to help prevent attacks as well as provide immediate action after attacks take place, they do provide cause for concern to many.

While some of these systems monitor traffic for attacks some are concerned they can be a privacy risk themselves. These very same monitoring systems have access to user information and could be susceptible to manipulation by would be attackers. Many ask the question, are these measures truly keeping us safe? or are they providing future means for attacks to occur?

 

http://www.engadget.com/2011/09/23/us-government-to-beat-back-botnets-with-a-cybersecurity-code-of/