Category Archives: Security

Application Security

USA creates ‘do not buy’ list of software from Russia and China

Posted on by

USA creates ‘do not buy’ list of software from Russia and China.

The United States Department of Defense is working on a software “do not buy” list to block vendors who use software code originating from Russia and China, a top Defense Department acquisitions official said on Friday

Ellen Lord, the under secretary of defense for acquisition and sustainment, told reporters the Pentagon had been working for six months on a “do not buy” list of software vendors. The list is meant to help the Department of Defense’s acquisitions staff and industry partners avoid buying problematic code for the Pentagon and suppliers.

“What we are doing is making sure that we do not buy software that has Russian or Chinese provenance, for instance, and quite often that’s difficult to tell at first glance because of holding companies,” she told reporters gathered in a conference room near her Pentagon office.

The Pentagon has worked closely with the intelligence community, she said, adding “we have identified certain companies that do not operate in a way consistent with what we have for defense standards.”

Lord did not provide any further details on the list.

Lord’s comments were made ahead of the likely passage of the Pentagon’s spending bill by Congress as early as next week. The bill contains provisions that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.

The legislation was drafted after a Reuters investigation found that software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government, including the Pentagon and intelligence agencies.

Security experts said allowing Russian authorities to look into the internal workings of software, known as source code, could help adversaries like Moscow or Beijing to discover vulnerabilities they could exploit to more easily attack U.S. government systems.

Lord added an upcoming report on the U.S. military supply chain will show that the Pentagon depends on foreign suppliers, including Chinese firms, for components in some military equipment.

She said the Pentagon also wants to strengthen its suppliers’ ability to withstand cyber attacks and will test their cyber security defenses by attempting to hack them.

The Pentagon disclosed the measures as the federal government looks to bolster cyber defenses following attacks on the United States that the government has blamed on Russia, North Korea, Iran and China.

The Department of Homeland Security this week disclosed details about a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.

Australia generally follows US advice on cyber security matters.

Australia’s attitude to Huawei, for example, changed after the 2011 meeting between Barack Obama and Julia Gillard. Australian authorities are likely to be briefed on this new list, and to consider it seriously.

Source: https://www.itnews.com.au/news/usa-creates-do-not-buy-list-of-software-from-russia-and-china-499245

Contact us today to see how Adept Secure can help you with these problems and many more.

Learn More About Adept Secure

Call us toll free 1-888-392-9623

Protecting your personal data from Open Records Directory Sites

Posted on by

Protecting your personal information can help you reduce the risk of identity theft.

Privacy protection in the digital age has become much more complicated and risky than it used to be. In the pre internet days, if people wanted to access your public records, they had to visit the county clerk’s office in person. Today, most government information about you that contain highly sensitive personal data is available on the internet via Open Records Directory Sites.

Hacker Privacy

Most of these Open Records Directory Sites provide an opt out for you to remove your data from their databases. If they do not remove your data from their databases after your request you can submit a complaint with the Federal Trade Commission (FTC). In our requests we had no problems with any of these sites and our data was removed within the hour or up to 48 hours after the request.

The problem with having your personal information easily accessed online is that hackers and other criminals will leverage this information to guess your passwords, account names and steal your identity.

Here are a few opt out links:

White Pages Public: https://www.whitepages.com/suppression_requests

White Pages Premium: https://support.whitepages.com/hc/en-us/articles/115010106908-How-do-I-edit-or-remove-a-personal-listing-

Spokeo: https://www.spokeo.com/optout

Discoverthem: https://discoverthem.com/removal.php

Speedyhunt: https://speedyhunt.com/removal.php

Mylife: email to: removalrequests@mylife.com and read instructions at: https://what-is-privacy.com/2016/01/how-to-get-out-of-mylife-directory-site/

Radaris.com: https://radaris.com/page/how-to-remove

Intelius: Read Instructions at: https://www.reputationdefender.com/blog/privacy/how-remove-information-intelius-and-protect-your-privacy

Using service companies for a monthly fee that claim they will remove your personal data from the Open Records Directory Sites, we found these companies were not effective. Doing it yourself was effective.

Conduct a search engine search on your name and see the search results. Make a list of the companies selling your information and locate their opt out procedure. Most are listed in their terms of use or privacy notification pages. Follow their instructions and your personal information will be removed.

Hackers and other criminals leverage every bit of information they can find on you to add to their tools of stealing and destroying your life, and the lives of others.

You are the best tool on protecting yourself.

Together with cyber security experts that want to help you and with technology we can all work together to prevent the hackers and other criminals from destroying our lives. They can make many mistakes and still win, if we make one mistake we lose. Getting your personal information off these Open Records Directory Sites is one step in the right direction on protecting you.

Contact us today to see how Adept Secure can help you with these problems and many more.

Learn More About Adept Secure

Call us toll free 1-888-392-9623

Social Media Disinformation Bots, Sockpuppets and Trolls the new additions to Cyber Security

Posted on by

The problem for Cyber Security with social media these days is the huge amount of disinformation spread to you by Bots, Sockpuppets and Trolls.

A bot is a computer program that behaves like humans. It performs automated tasks, and were developed to help you feel more comfortable when interacting with automated software systems.

But all too often, automated bots have been built to deceive, especially within the social media software systems. Not only do these bots pretend to be real people, but they spread misinformation, malware and ransomware. These bots are well known for coordinating social media harassment campaigns.

Hacker Software

Not only have individuals been victims to these coordinated bot attacks, but corporations and governments too. In addition to bots, there are two other categories you have to watch out for; sockpuppets and trolls.

A sockpuppet account is created by one individual in order to appear like the account is controlled by a second, distinct individual. The second individual could be a real person, or is a poser that simply masks the identity of the real account creator. What distinguished a sockpuppet from a bot is that the sockpuppets are at least partially controlled by a human, where bots are fully automated via software code. Often a human controls multiple sockpuppet accounts, writing different content from each one, or sending or resending the same content from all of them. There are various tools available to someone who wants to coordinate mass content across multiple accounts.

A troll is an account setup that starts quarrels or just upsets people by posting inflammatory, extraneous, or off-topic content in social media systems.

By leveraging all three of these Cyber Attack account systems, Bots, Sockpuppets and Trolls; one human can overwhelm the information seeking public quit easily.

A good example of this is the Delta Airlines over reaction decision to end their NRA relationship based on what they believed was a main stream demand by the majority of Americans to do it. Their decision cost them $50 million dollars in lost sales tax savings by upsetting the Georgia conservatives. To think that a few people can leverage these Cyber Attack account systems and suddenly your targets (Delta Airlines and others) believe you have every American Citizen on the planet supporting you. These are very valuable cyber attack tools!

FedEx did not follow Delta Airlines because they were obviously protected by very good Cyber Security experts that confirmed the Bots, Sockpuppets and Trolls that attacked them with misinformation and who these human attackers where. Which probably saved Fedex millions of dollars in not upsetting individuals, governments and businesses for unnecessary actions at that time. Information is power.

What can you do when attacked?
Rule number 1 – do not get excited.
Rule number 2 – do not over react.
Rule number 3 – you will need to add protection from Social Media Disinformation Bots, Sockpuppets and Trolls to your Cyber Security Planning and software systems.

Contact us today to see how Adept Secure can help your organization with these problems and many more.

Learn More About Adept Secure

Call us toll free 1-888-392-9623

Microprocessor Speed vs Security Flaw

Posted on by

Microprocessor Speed vs Security Flaw

Spectre and Meltdown are both flaws in every modern microprocessors, based on the concept of predictive computing, that dates back to 1967, but wasn’t implemented into microprocessors until the 1990s.

It appears that for the last twenty years microprocessors have been built for speed over security, thus every modern microprocessor can be exploited.

Intel has rushed to release patches to address these flaws, but has run into system reboot problems and stability problems, which has caused systems to crash. Intel on Monday advised all users to not apply any of their firmware patches.

Software Attack Risks

Major Problems

Intel also isn’t the only vendor having problems patching Meltdown and Spectre. Microsoft pulled their patches after systems froze, and end users received the blue screen of death. Antivirus companies were also required to patch their systems after Microsoft patches were installed.

Many cloud vendors are still trying to figure out which of their products and services are at risk.

It seems the patch updates is getting very messy in the high target Cloud computing market where the systems can be exploited in these public shared computing environments much easier than in non-shared public environments.

For typical desktop users, the risk is less significant, it still is a problem, but less targeted.

Basically the Microprocessor Speed vs Security Flaw has come to roost, and it is and will continue to be a long term messy and costly fix.

Major Questions

The question now is with all the patches being rushed to market, and as we are seeing crashing servers, what other security flaws are being created? How safe in your data in the “Cloud”?
We then add Social media sites like Twitter and Facebook apps, website access, Google searching, and the hundreds to thousands of unknown web server sessions for your modern microprocessors to calculate, along with the hundreds to thousands of server’s microprocessors calculations, are you safe?

Are You Safe?

No you are not safe. Running your enterprise in the public cloud is a bad idea, and sadly the savings to risk analysis will only get worse.

With the constant security flaws in our modern technology world, we recommend running your enterprise with our Adept Enterprise Software, which medicates the risk of being a huge target with Cloud providers to being a very small target with Adept Technologies on-premises systems and private service systems.

It is easier to manage the risks, and it is cheaper when your systems are not a huge and easy target to exploit.

Contact us today to see how Adept Enterprise can help your organization.

Call us toll free 1-888-392-9623

Unsupported software systems: Microsoft shuts down support for Windows 8.1, upgrade to Windows 10 ends today.

Posted on by

Unsupported software systems: Microsoft shuts down support for Windows 8.1, upgrade to Windows 10 ends today.

New York, NY – Microsoft’s Windows 8.1 is essentially a dead operating system. Microsoft ended mainstream support on January 9th. There will be no new features, or bug fixes. There is a last-ditch upgrade to Windows 10 via the Microsoft assistive technology loophole, but it ends today January 16, 2018.

All software has a lifecycle. It gets developed, released, updated, and eventually completely over written for a newer version. There is nothing to stop you from using unsupported software, but the dangers are huge.

Basically the unsupported software has no further updates, no bug fixes, no technical support, then there are the security weaknesses, and security bugs that can be exploited by hackers. We have seen ransomware attacks that are designed to target unsupported software systems. Ransomware systems like Wanncry and Petya have been very active in this field.

Unsupported Software Risks

Bottom line

If your version of any software system is no longer supported, you are putting your business at risk.

Devices connected to your network are more integral to your business then you think. Which means that a virus on any device could cause a major business disruption.

Although you can believe you can accept the risk of running unsupported software, you should treat it as a temporary strategy.

Unsupported software systems will expose your corporate network to cyberattacks. The cost and resources required to replace unsupported software will be much greater then making sure your software is supported. The perceived cost and impact of an adverse event caused by the unsupported software is huge, and can possibly put your organization out of business.

If your organization has decided to allow the use of unsupported software, senior management should fully understand the risks, and they should establish a policy for preventing unsupported software on its network. Such a policy must be part of the business risk management plan. It should specifically identify resources and earmark funding to implement the policy.

What can you do?

1) Inform senior management about the risks of running unsupported software.
2) Establish a corporate wide policy for preventing unsupported software use on your networks.
3) Ensure the corporate wide policy aligns with your corporation’s risk management plan.
4) Identify resources and earmark corporate funding to implement the policy.
5) Contact Adept Technologies: www.adepttech.com.

We at Adept Technologies have replaced numerous unsupported software systems in our industry.

Contact us today to see how Adept Enterprise can help your organization.

Call us toll free 1-888-392-9623