Read full release >> 

If you have what it takes to be a part of our team, please submit your resume along with a cover letter to kaya@georgejon.com.

http://www.technewsworld.com/story/12-Steps-for-Staying-1-Step-Ahead-of-Online-Security-Threats-74702.html

Pop-up windows are a common form of online advertising and often appear so quickly that users are caught offguard. However, some pop-ups, when clicked, trigger spyware that can cause serious damage to computers. That’s why it’s important to never click “agree” or “OK” to close a pop-up window, and only click on the red “X” in the corner or Alt + F4 to close it safely.

With the explosion of Web-based communications in the form of applications, blogs, podcasts, and social networking sites like Facebook and Twitter, new security threats that can cause serious damage to computers are emerging. As they access these Web-based services from both work and personal computers, many users are unaware that they may be exposing themselves and their organizations to risk.

In this increasingly social and interactive world, organizations must take the necessary steps to strengthen their defenses and protect their online property. While the Internet continues to offer exciting new ways to collaborate more interactively, it is also introducing highly targeted threats to the mix.

Recent data breaches — such as the Zappos incident early this year, which involved the theft of personalized customer information — are reminders that both individual users and organizations must have security measures in place to actively protect themselves from the latest cyberthreats.

Following are 12 simple steps to ensure that your personal information is protected online.

1. Surf and Download Safely

Yes, we’ve heard this advice before, but online behavior is critical to ensuring the protection of your computer. When browsing the Web, be sure to visit only websites that you trust.

Free, file-sharing programs are often bundled with sneaky spyware, and it’s important to read all End User License Agreements and privacy statements carefully before installing new software.

2. Beware of Email Attachments and Links

You’re likely familiar with the warning, “Don’t Click That Link!” and there’s a reason it’s still appearing. Email attachments and links present in both email and instant messages can contain malware.

Use caution even when a message appears to come from a safe sender, as identity information in messages can easily be spoofed.

3. Close Pop-ups, Don’t Hit Agree

Pop-up windows are a common form of online advertising and often appear so quickly that users are caught offguard. However, some pop-ups, when clicked, trigger spyware that can cause serious damage to computers.

That’s why it’s important to never click “agree” or “OK” to close a pop-up window, and only click on the red “X” in the corner or Alt + F4 to close it safely.

4. Select Strong Passwords

News of password-related security breaches has dominated the headlines over the past 12 months, as in the recent T-Mobile incident, when names and passwords of staff members were published. The company’s administrators had delegated the same password to each employee.

It sounds simple, but the more complicated a password is, the more difficult it is to crack. A good rule of thumb is to avoid using birthdays, family or pet names, the word “password,” or other obvious choices, and to select passwords that include both numbers and letters.

5. Update Software

Check regularly to make sure you have all the latest critical software updates and security patches.

Online attacks are only becoming more sophisticated, so be sure to do your part in investing in proper, updated security software for your computer.

6. Take a Defense-In-Depth Approach to Security

In addition to having antivirus and antispyware protection on your computer, it’s important to also use a two-way firewall.

If you use Windows, be sure auto-update is turned on.

7. Store Sensitive Data Securely

You keep sensitive paper documents under lock and key, right?

Be sure to secure your sensitive online information through file encryption software.

8. Use an Updated Web Browser

Adjust your browser security settings to medium or higher to ensure that you’re taking advantage of its current safety features.

Also, consider using an alternate browser, which may lower your risk of malware attacks.

9. Keep Your Private Info Private

Be cautious about giving out your personally identifiable information to anyone.

Find out why the information is needed, and then determine if it’s absolutely necessary to give out.

10. Shred Personal Digital Documents

Before discarding personal or financial information, be sure to shred it first.

This prevents hackers from bypassing information that has not been permanently deleted from your computer.

11. Access Financial Information From a Secure Location

Never log into your bank or other financial accounts from public computers.

Don’t access them on any wireless networks where login information can easily be stolen.

12. Stay Educated

In order to effectively protect your online data, you need to know what you’re protecting it from. Awareness and caution are effective methods to counter fraud, and share security tips you learn with friends and family.

The key to securing a network is to stay ahead of the new security threats before they appear. To do this, enterprises and users must evaluate their security infrastructure and properly plan for the future, proactively thinking of how hackers will attack next, as threats will only become more sophisticated. 

Stripped down version of Windows Server 8 aims to significantly reduce storage costs for organizations building private clouds.

Microsoft has enhanced Server Core in Windows Server 8 to make it more flexible and user friendly, and as a result the company says organizations can save thousands of dollars – or more – simply using the feature in their private could deployments.

Server Core is a stripped down version of Windows Server that includes only the bare essentials necessary for certain types of server roles, such as a DNS server or file and print server, that don’t require all the components included in Windows Server, such as a GUI and Internet Explorer.

Microsoft first introduced the Server Core installation option with Windows Server 2008, but adoption was limited as many users complained that it wasn’t sufficiently flexible or customizable. In essence, it was an all-or-nothing configuration that required users to install the full version of Windows Server or a pared-down version with functions preselected by Microsoft.

“Customer feedback showed that adoption of Server Core in Windows Server 2008 was limited,” said David Cross, Microsoft’s Windows Server partner program manager, in a blog post Tuesday.

[ Learn 8 Ways Windows Server 8 Handles Storage Better. ]

Cross said many customers didn’t need the full installation of Windows Server, but also couldn’t get by with what was offered in the initial version of Server Core. Only nine of 17 possible server roles ran, there was no support for SQL Server or PowerShell, and there was no pathway from Server Core to full-blown Windows Server 2008.

As a result, many customers were unable to realize the economic and administrative benefits offered by Server Core, which include significant savings on storage space and simplified server management. With Server Core in Windows Server 2008, Microsoft has taken steps to make the option more viable. “In planning this release, we spent over $10 million and a year talking to the community and cloud solution builders,” said Cross.

In Windows Server 8, Server Core now supports 14 server roles, including DNS Server, Hyper-V, Print and Document services, Web server, and Routing and Remote Access. To ease management, Microsoft has added an option that allows users to layer some GUI components on top of Server Core. “With a single command, it is now possible to go from a Server Core machine with a command prompt-only user interface to Server with a GUI with the complete Windows desktop,” said Cross, adding that the reverse is also possible.

Windows Explorer and Internet Explorer are now an optional package in Windows Server 8. Also available is a new configuration called Minimal Server Interface, which offers some GUI management tasks.

The bottom line is that, for organizations building private clouds, or even traditional, distributed computing networks, which can consist of hundreds or even thousands of servers, the use of Server Core can significantly reduce storage and other costs.

“As growing numbers of virtual machines vie for space on relatively expensive, high-performance disks, SANs, and SSDs, we saw the need to enable administrators reduce the disk footprint of Windows Server 8,” said Cross. “In Windows Server 8, we have added the capability for administrators to completely remove unneeded roles and feature from their installations.”

Microsoft has not announced an availability date for the final version of Windows Server 8. A beta version is now available for download from the company’s website.

InformationWeek is conducting a survey on the state of private cloud use in the enterprise. Upon completion of our survey, you will be eligible to enter a drawing to receive an 32-GB Apple iPod Touch. Additionally, you will receive a discount code good for 25% off Flex and Conference passes to Interop Las Vegas 2012, to be held at the Mandalay Bay, May 6-10. Take our Public Cloud Survey now. Survey ends March 30.

by Dennis O’Reilly March 20, 2012 10:49 AM PDT

Internet thieves are more organized and more technically savvy than ever before as they concoct insidious software designed to let them separate you from your valuables. Users and ISPs must work together to keep them at bay.

Today’s malware purveyor bears little resemblance to the outcast-teenage-loner caricature popular in days past.

Last November the FBI’s Operation Ghost Click led to the arrest of six Estonians charged with promulgating the DNSChanger malware, which the FBI claims allowed the gang to steal $14 million by manipulating the servers of online advertisers. Unfortunately, DNSChanger is estimated to have infected 100 million computers worldwide and 500,000 in the U.S., many of which haven’t yet been disinfected.

CNET blogger Topher Kessler describes in the MacFixIt blog how the Trojan horse works. Yes, Macs are as susceptible to DNSChanger as PCs are: it’s an equal-opportunity infecter.

Shutting down the crooks’ rogue DNS servers would have left people using infected PCs without an Internet connection, so the FBI arranged to legitimize the bad servers temporarily. The servers were initially set to go offline on March 6, but many systems haven’t yet been disinfected.

Earlier this month, the deadline for pulling the plug on the servers was extended to July 9, as Topher explained in a March 7 MacFixIt post.

Dan Goodin explains in his Ars Technica blog how ISPs are responding to ensure their customers don’t lose their Internet service. But ISPs can’t do it alone–as the saying (sort of) goes, it takes a virtual village.

Putting malware promulgators out of business requires a concerted effort
The reality of modern computing is that security is every user’s business. As much as we would like to make our ISPs and software vendors responsible for keeping our private information and bank accounts safe, there’s no way to prevent computer crime from a distance without seriously hampering use of the machines.

Anyone who operates an Internet-connected computer must take these three precautions: use a firewall, scan for malware, and keep the machine’s software up-to-date. (See the related-article links above for more information on each of these subjects.) When you follow these three steps, you protect much more than just your own computer–you help safeguard everyone else’s as well because infected PCs are often used to spread viruses, spam, and other potentially damaging software.

Need more reasons to do your part? A bill introduced recently in the U.S. Senate would require the Department of Homeland Security to verify that “critical infrastructure” is protected against “cyber attacks,” as CNET’s Elinor Mills reported last month in her InSecurity Blog.

The Cybersecurity Act of 2012 is criticized by privacy advocates because it may allow private entities to snoop on communications, which a spokesperson for the Electronic Frontier Foundation quoted by Elinor in a subsequent InSecurity Complex post claims constitutes “warrantless wiretapping.”

Conversely, Federal Communications Commission Chairman Julius Genachowski is promoting voluntary standards for ISPs working with government agencies and security experts to battle computer crime, as CNET’s Marguerite Reardon explains in a post from last month on the Politics and Law blog.

It’s easy to see why ISPs would favor the voluntary approach, but considering the fast pace of technological change and the snail’s pace of government action, a non-regulatory approach to securing the Internet backbone may be in everyone’s interest.

Can the Internet be switched off?
There are some people who claim the Internet’s distributed architecture makes it unsinkable. You don’t need the upcoming 100-year anniversary of the Titanic’s demise in the North Atlantic to be reminded of the folly of indestructibility claims.

The vigilante group Anonymous is reportedly planning to shut down the Internet on March 31 to protest the Stop Online Privacy Act. Even without the proximity to April Fools’ Day it’s difficult to give such claims much credence.

But this kind of cyber-saber-rattling is worth considering from a preventive as well as an academic perspective. What would it take to collapse the Internet? Ars Technica’s Sean Gallagher describes the DNS amplification technique that Anonymous is reportedly working on.

Gallagher’s post links to a paper (PDF) presented at the 2006 DefCon security conference by Baylor University researcher Randal Vaughn and security consultant Gadi Evron that describes how DNS amplification was used in attacks on ISP networks as far back as 2002.

What you can do to help prevent online security breaches
The more we rely on the Internet, the greater the potential damage from cyber attacks. Just as law enforcement agencies depend on the cooperation of citizens and businesses to do their job, the organizations charged with securing the Internet need our help, too.

To determine whether your computer is infected with the DNSChanger Trojan horse, browse to DNSChanger Working Group’s Cleanup page and select one of the links listed. If the test indicates your machine is infected, follow one of the links on the same page below the table to download a free program that removes the bug.

Alternatively, SecureMac offers the free, aptly named DNSChanger Removal Tool for the Mac. If you prefer the manual approach, the FBI provides step-by-step instructions (PDF) for determining whether a PC or Mac is using a compromised DNS server.

Instead of one attack on many machines, many attacks on one big target
There’s one new security threat that individuals can’t do much to prevent. Straight out of a spy novel, advanced persistent threats target a specific company, facility, or government agency with different types of attacks on the organization’s internal network. Elinor Mills explains in a post earlier this month in her InSecurity Complex blog that even security firms such as RSA and Verisign have been victimized by such attacks.

Compounding the problem is the difficulty organizations have in detecting such persistent attacks. According to the security firm Mandiant’s report entitled M-Trends 2012: An Evolving Threat, 94 percent of persistent-threat victims find out about the attacks from outside sources.

Even more startling, the median time between the first indication of a network being compromised and detection of the breach is 416 days, according to the report. Mandiant’s research also indicates that the backdoor mechanisms persistent threats use are getting more sophisticated.

(Registration required on the Mandiant site to download a copy of the complete report.)

Dell Inc. (DELL), the world’s third- largest maker of personal computers, agreed to buy SonicWall Inc. to gain network-security and data-protection tools, paying a price that analysts peg at between $1 billion and $1.5 billion.

SonicWall, based in San Jose, California, had revenue of about $260 million in the past 12 months and about 950 employees, executives from both companies said today on a conference call to announce the deal. SonicWall’s technology detects and protects networks from intrusions and malware attacks, and helps protect data.

Dell is buying services and software businesses as the PC market faces competition from smartphones and tablets. Last month, the company hired CA Inc. Chief Executive Officer John Swainson to oversee the software push, and today he said security is an important part of that strategy.

“My goal is to make software a meaningful part of Dell’s overall portfolio, so that means that this is not the last thing you’re going to see from us,” Swainson said on a media call. “We are going to build and buy software assets that complement the overall Dell portfolio.”

Clients need to feel secure moving data to the so-called cloud, which allows them store data on the Internet, Swainson said. Dell will invest both “organically and inorganically” to expand in that sector, he said.

Dell, which currently derives 54 percent of its sales from desktops and laptops, advanced 1.6 percent to $17.23 at the close in New York. The shares have risen 18 percent this year.

Cloud Offering

While the financial terms weren’t made public in a statement, Round Rock, Texas-based Dell probably paid between $1 billion and $1.5 billion, Peter Misek, a Jefferies & Co. analyst, wrote in a note.

“We think this adds more tools to Dell’s cloud stack,” wrote Misek, who recommends holding the company’s shares. Still, a unified product isn’t likely before 2013.

David Frink, a Dell spokesman, didn’t immediately return an e-mail seeking comment on the price.

SonicWall was acquired in 2010, for about $717 million, by a private-equity group led by Thoma Bravo LLC and the Ontario Teachers’ Pension Plan.

Most of the company’s sales are to small and medium-sized businesses, with about 25 percent of revenue coming from larger “enterprise” customers, such as universities and regional financial institutions, SonicWall CEO Matt Medeiros said on today’s call.

SonicWall is expanding its next-generation firewall business with its SuperMassive offering, Medeiros said. Its main competitors are Cisco Systems Inc., (CSCO) Juniper Networks Inc. (JNPR) and Fortinet Inc. (FTNT), he said.

Firewall Market

“The deal allows Dell to play in the next-generation firewall market,” Shebly Seyrafi, an analyst at FBN Securities, said today in a client note. “We believe that it will compete against leaders such as Check Point Software Technologies Ltd. (CHKP) and Palo Alto Networks Inc. primarily, and against Fortinet, Cisco, Juniper and Intel Corp.’s McAfee Inc., secondarily,” wrote Seyrafi, who rates Dell “sector perform.”

The SonicWall deal is expected to close in Dell’s fiscal second quarter, which ends July 31, according to the statement.

Dell’s latest security purchase follows its acquisition of SecureWorks Inc. last year, and KACE Networks Inc. in 2010.