Category Archives: Security

Application Security

Securing corporate networks 2019 Best Practices – Admin Accounts

Posted on by

In the age of constant attacks on your networks here are some good tips on how you can reduce the risk of having a security breach.

Administrator Accounts

Employees with administrative access should be using separate devices dedicated only for administrative operations. These devices like all the other devices within your domains should always be kept up to date with all the recent software and operating system updates.

All default administration accounts should be given zero rights on the device account and the domain account. Its best practices to require that they request just-in-time (JIT) privileges that gives them access for a finite amount of time and logs it in a system.

Secure Admin Accounts

Administrator accounts should also be created on a separate user namespace/forest that cannot access the internet, and should be different from the employee’s normal work identity. This way, any compromise of the company’s employee-force namespace/forest won’t grant the attackers easy access to an administrator account, since the employee with admin rights would not be using that account for daily tasks.

Employees with administrative accounts should avoid remotely logging into devices with administrator access to perform any administrative tasks, as attackers could be logging these events on compromised devices. The way to go is to have administrators use their separate devices for any administrative tasks as much as possible.

Contact us today toll free 1-888-392-9623 to find out more on how Adept Technologies can save you money by utilizing our services and technology.


Is Blockchain Technology Seriously Overvalued?

Posted on by

Is Blockchain Technology Seriously Overvalued?

What amazes me these days is how people can take an idea and place a value on it, without fully understanding the idea. Then numerous 3rd parties leverage this idea into new ideas and package them into speculative instruments and trade them. When the idea in the first place is really not an idea, but an educated guess, with secrets you get the Bitcoin.

What is Blockchain Technology?

Please it was not invented by Satoshi Nakamoto, this technology has been around since software was invented. There is nothing new or cutting edge with it. In fact I would argue Napster was one of the first to leverage this type of technology in the mainstream, but who remembers that? Just look at the word itself “Block” and “Chain”. For the non-tech people out there which means most of everyone, Blockchain is a chain of blocks that continuously grows. Think of opening a Microsoft Word document, then force your cat or dog to jump up and down on the keyboard, now look at the word document…there you just created a blockchain. The cat and dog is the encryption. Now this chain of blocks is saved across multiple computers (nodes) all over the planet. Each time the cat or dog is forced to jump up and down on the keyboard the block is updated and this chain grows and must be verified on ALL the nodes in the chain at the same time, if one computer fails the process must start all over. Nothing in the Chain of blocks can be deleted it just grows on forever. I am not going to get into the all the bells and whistles of the processes but in a nutshell that’s it.

Cryptocurrencies

This creates major problems when we deal with cryptocurrencies like bitcoin, along with all the other stupid guesses being thrown around right now. As the chain grows it consumes more resources. Each transaction would require more energy than the previous one, because the chain has grown.

There really is no value to Cryptocurrencies when the core technology continues to grow in size. Kicking the can down the road hoping that we technology people will fix it or write temporary fixes hoping that other factors of the industry will create software and hardware systems in the future to keep up with the chain demand is nuts. Does anyone remember Y2K?

What I find very upsetting is that the cryptocurrencies idea was to bring free money transfers to everyone on the planet, and to remove the trusted 3rd party from the transaction. Sadly the trusted 3rd parties that cryptocurrencies where supposed to remove have embraced this technology. Private Blockchains VS Public Blockchains boy sounds like a cloud computing conference. Obviously Blockchain technology was flawed from the beginning when it came to Cryptocurrencies for the individual.

I do agree that fiat currencies are under a lot of pressure, yes the markets appear to be fixed, yes the paper gold and paper silver markets are overleveraged, but I will tell you Blockchain Technology is Seriously Overvalued and it is NOT the answer in the long term. Unless you want to wait 30 to 45 minutes for your Bitcoin mastercard to process your peer to peer transaction block for your lunch or dinner, and have huge amounts of servers consuming huge amounts of energy for your transaction, say goodbye to your bandwidth too. The internet crawls to a stop…

Good luck out there.

We do use Blockchain Technology in systems that track transmission of encryption cycles of network communications between groups of nodes, so this technology is useful. If speed is of no issue, and security is, then this type of Technology is interesting, but then again other technology does a better job. I wouldn’t give huge amounts of value on Blockchain Technology, and have industries be able to borrow large sums of venture capital based solely on this technology, remember the .COM crash?

Good luck out there!

USA creates ‘do not buy’ list of software from Russia and China

Posted on by

USA creates ‘do not buy’ list of software from Russia and China.

The United States Department of Defense is working on a software “do not buy” list to block vendors who use software code originating from Russia and China, a top Defense Department acquisitions official said on Friday

Ellen Lord, the under secretary of defense for acquisition and sustainment, told reporters the Pentagon had been working for six months on a “do not buy” list of software vendors. The list is meant to help the Department of Defense’s acquisitions staff and industry partners avoid buying problematic code for the Pentagon and suppliers.

“What we are doing is making sure that we do not buy software that has Russian or Chinese provenance, for instance, and quite often that’s difficult to tell at first glance because of holding companies,” she told reporters gathered in a conference room near her Pentagon office.

The Pentagon has worked closely with the intelligence community, she said, adding “we have identified certain companies that do not operate in a way consistent with what we have for defense standards.”

Lord did not provide any further details on the list.

Lord’s comments were made ahead of the likely passage of the Pentagon’s spending bill by Congress as early as next week. The bill contains provisions that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.

The legislation was drafted after a Reuters investigation found that software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government, including the Pentagon and intelligence agencies.

Security experts said allowing Russian authorities to look into the internal workings of software, known as source code, could help adversaries like Moscow or Beijing to discover vulnerabilities they could exploit to more easily attack U.S. government systems.

Lord added an upcoming report on the U.S. military supply chain will show that the Pentagon depends on foreign suppliers, including Chinese firms, for components in some military equipment.

She said the Pentagon also wants to strengthen its suppliers’ ability to withstand cyber attacks and will test their cyber security defenses by attempting to hack them.

The Pentagon disclosed the measures as the federal government looks to bolster cyber defenses following attacks on the United States that the government has blamed on Russia, North Korea, Iran and China.

The Department of Homeland Security this week disclosed details about a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.

Australia generally follows US advice on cyber security matters.

Australia’s attitude to Huawei, for example, changed after the 2011 meeting between Barack Obama and Julia Gillard. Australian authorities are likely to be briefed on this new list, and to consider it seriously.

Source: https://www.itnews.com.au/news/usa-creates-do-not-buy-list-of-software-from-russia-and-china-499245

Contact us today to see how Adept Secure can help you with these problems and many more.

Learn More About Adept Secure

Call us toll free 1-888-392-9623

Protecting your personal data from Open Records Directory Sites

Posted on by

Protecting your personal information can help you reduce the risk of identity theft.

Privacy protection in the digital age has become much more complicated and risky than it used to be. In the pre internet days, if people wanted to access your public records, they had to visit the county clerk’s office in person. Today, most government information about you that contain highly sensitive personal data is available on the internet via Open Records Directory Sites.

Hacker Privacy

Most of these Open Records Directory Sites provide an opt out for you to remove your data from their databases. If they do not remove your data from their databases after your request you can submit a complaint with the Federal Trade Commission (FTC). In our requests we had no problems with any of these sites and our data was removed within the hour or up to 48 hours after the request.

The problem with having your personal information easily accessed online is that hackers and other criminals will leverage this information to guess your passwords, account names and steal your identity.

Here are a few opt out links:

White Pages Public: https://www.whitepages.com/suppression_requests

White Pages Premium: https://support.whitepages.com/hc/en-us/articles/115010106908-How-do-I-edit-or-remove-a-personal-listing-

Spokeo: https://www.spokeo.com/optout

Discoverthem: https://discoverthem.com/removal.php

Speedyhunt: https://speedyhunt.com/removal.php

Mylife: email to: removalrequests@mylife.com and read instructions at: https://what-is-privacy.com/2016/01/how-to-get-out-of-mylife-directory-site/

Radaris.com: https://radaris.com/page/how-to-remove

Intelius: Read Instructions at: https://www.reputationdefender.com/blog/privacy/how-remove-information-intelius-and-protect-your-privacy

Using service companies for a monthly fee that claim they will remove your personal data from the Open Records Directory Sites, we found these companies were not effective. Doing it yourself was effective.

Conduct a search engine search on your name and see the search results. Make a list of the companies selling your information and locate their opt out procedure. Most are listed in their terms of use or privacy notification pages. Follow their instructions and your personal information will be removed.

Hackers and other criminals leverage every bit of information they can find on you to add to their tools of stealing and destroying your life, and the lives of others.

You are the best tool on protecting yourself.

Together with cyber security experts that want to help you and with technology we can all work together to prevent the hackers and other criminals from destroying our lives. They can make many mistakes and still win, if we make one mistake we lose. Getting your personal information off these Open Records Directory Sites is one step in the right direction on protecting you.

Contact us today to see how Adept Secure can help you with these problems and many more.

Learn More About Adept Secure

Call us toll free 1-888-392-9623

Social Media Disinformation Bots, Sockpuppets and Trolls the new additions to Cyber Security

Posted on by

The problem for Cyber Security with social media these days is the huge amount of disinformation spread to you by Bots, Sockpuppets and Trolls.

A bot is a computer program that behaves like humans. It performs automated tasks, and were developed to help you feel more comfortable when interacting with automated software systems.

But all too often, automated bots have been built to deceive, especially within the social media software systems. Not only do these bots pretend to be real people, but they spread misinformation, malware and ransomware. These bots are well known for coordinating social media harassment campaigns.

Hacker Software

Not only have individuals been victims to these coordinated bot attacks, but corporations and governments too. In addition to bots, there are two other categories you have to watch out for; sockpuppets and trolls.

A sockpuppet account is created by one individual in order to appear like the account is controlled by a second, distinct individual. The second individual could be a real person, or is a poser that simply masks the identity of the real account creator. What distinguished a sockpuppet from a bot is that the sockpuppets are at least partially controlled by a human, where bots are fully automated via software code. Often a human controls multiple sockpuppet accounts, writing different content from each one, or sending or resending the same content from all of them. There are various tools available to someone who wants to coordinate mass content across multiple accounts.

A troll is an account setup that starts quarrels or just upsets people by posting inflammatory, extraneous, or off-topic content in social media systems.

By leveraging all three of these Cyber Attack account systems, Bots, Sockpuppets and Trolls; one human can overwhelm the information seeking public quit easily.

A good example of this is the Delta Airlines over reaction decision to end their NRA relationship based on what they believed was a main stream demand by the majority of Americans to do it. Their decision cost them $50 million dollars in lost sales tax savings by upsetting the Georgia conservatives. To think that a few people can leverage these Cyber Attack account systems and suddenly your targets (Delta Airlines and others) believe you have every American Citizen on the planet supporting you. These are very valuable cyber attack tools!

FedEx did not follow Delta Airlines because they were obviously protected by very good Cyber Security experts that confirmed the Bots, Sockpuppets and Trolls that attacked them with misinformation and who these human attackers where. Which probably saved Fedex millions of dollars in not upsetting individuals, governments and businesses for unnecessary actions at that time. Information is power.

What can you do when attacked?
Rule number 1 – do not get excited.
Rule number 2 – do not over react.
Rule number 3 – you will need to add protection from Social Media Disinformation Bots, Sockpuppets and Trolls to your Cyber Security Planning and software systems.

Contact us today to see how Adept Secure can help your organization with these problems and many more.

Learn More About Adept Secure

Call us toll free 1-888-392-9623