The term “cyber espionage” was first coined by the Department of Defense to characterize methods used by opposing countries such as China and Russia to breach its top secret networks for the purpose of stealing U.S. military or government secrets. However, due to recent evidence regarding the emergence of a number of breaches at U.S. research labs and targeted phishing campaigns against corporations located in the U.S. and abroad, cyber espionage is breaking new ground at an alarming pace.

Today, economic gain appears to be the number one motivating factor for new and seasoned cyber criminals, followed by companies seeking to gain a competitive advantage, and a variety of amateur hackers targeting large companies looking to establish a reputation and bragging rights. According to PricewaterhouseCoopers, corporate espionage costs the world’s 1,000 largest companies in excess of $45 billion every year and the SANS Institute ranks cyber espionage number 3 on it’s “Top Ten Cyber Menaces for 2008”. If fifty percent of corporate espionage was indeed perfected by utilizing covert electronic techniques for stealing information, that would yield a $22.5 billion a year market for cyber espionage, based on PricewaterhouseCoopers estimates. During an economic recession, it would be very hard to find someone who would not want a piece of this market; especially if they could be convinced that their electronic criminal activities could not be traced.

In addition to financial gain, a new wave of cyber espionage is being launched by disgruntled employees who attempt to leverage the confidential data they obtained through network looting as a bargaining chip or for vindication against their own company or co-workers. Ironically, companies that have been victimized by cyber espionage are usually the ones with more than adequate resources and expertise to protect against the attacks.

In 2000, hackers broke into Microsoft’s systems and accessed Windows and Office source code. They had access to the source code for approximately three months before being discovered.

In 2001, Fortune magazine reported that Proctor and Gamble had been involved in illegal corporate espionage against its archrival Unilever. The article alleged agents appointed by P&G misrepresented themselves as market researchers and used other electronic methods to collect information about Unilever.

In 2006, the UK extradited two hackers to Israel because they developed and sold spyware that was used to spy on rival companies in Israel. Several private investigation companies in Israel sent e-mails with Trojan horse viruses that were designed to evade anti-virus applications.

In 2007, members of AirTran Airways’ executive management team in Orlando, Florida were targeted by phishing e-mails that sought to trick them into divulging confidential corporate information and placed bot-like malware on their computers to capture sensitive information.

The details of these cases were made public most likely due to regulatory reporting requirements; however, there are hundreds of cyber espionage incidents that are not publicized, even though regulatory requirements for reporting these types of incidents exist for the majority of companies affected. Publicly traded companies and companies operating in the healthcare, financial, and government contracting sectors all have regulatory reporting requirements as it pertains to information security incidents. However, most companies don’t report cyber security incidents for fear of damaging their reputation and potential revenue loss. Some companies report information security incidents as required, but not until well after the incidents have been mitigated and prevention measures have been implemented.

In most cases, if companies were to adopt an “an ounce of prevention, beats a pound of cure” philosophy regarding cyber security, rather than an “if it isn’t broke, don’t fix it” philosophy, the risk of cyber espionage could be reduced significantly. Unfortunately, most companies’ approach to cyber security is reactionary, which can prove to be detrimental to their reputation and bottom-line when a breach occurs. Additionally, since cyber espionage often goes undetected, it is usually too late to effectively mitigate the breach before significant loss when it is actually detected.

Just as other crimes seeking financial gain tend to escalate during economic recessions, it is very logical to assume cyber espionage is among these crimes. However, pouring money into the latest security solutions without a defined strategy will simply lead to more widgets eventually being left on the shelf collecting dust.  To make sure your company is prepared to defend against targeted cyber espionage, I recommend the following strategies:

Increase the Information Security Organization’s Visibility

Most companies make the mistake of burying their information security organization under their information technology organization, which often limits the scope of information security to technological solutions only. Not to mention the intradepartmental political screening in an effort to conceal the vulnerabilities caused by IT solutions from executive management. To achieve optimal effect, the information security organization must be strategically aligned with Legal, Risk Management, Human Resources, Regulatory, and executive management. Depending on the corporate culture, industry, and or the degree in which executive management values or understands the mission of information security, attaining appropriate visibility for the information security organization may be very challenging. Regardless of the challenge, information security leaders must strive to attain this goal because visibility can be an effective deterrent.

Implement a Best Fit Information Security Program 

Reliance on point solutions to protect your company’s information assets is an ineffective strategy with little to no return on investment. To become more effective in protecting the corporate environment from cyber espionage, information security leaders must take a holistic approach to information security by implementing a corporate-wide information security program to encompass all personnel, processes, and technology. Using security best practices as defined with the ISO 27001 certification process, information security leaders can use this as a framework for implementing a best fit information security program for their company.  An effective information security program should include components such as a security policy, training and awareness program, asset management strategy, compliance, personnel and physical security, access control, application/systems development, change management, business continuity strategy, governance, and the most important component, buy-in from executive management and or the board of directors.

Layered Security Approach 

The days of just relying on firewalls to protect enterprise perimeter networks and information assets are long gone; firewall manufacturers realized this years ago when they began integrating intrusion detection and prevention functionality in their products.  Although, the added firewall functionality is a significant improvement, it doesn’t address virus and malware on mobile devices, data leakage and compliance issues, role-based and need-to-know access control, or security vulnerabilities that exist on converged networks such as data, voice, and video. Information security leaders can better minimize the risk of cyber espionage by implementing technologies that will provide protection, monitoring, and enforcement at the perimeter as well as within the defined security zones behind the perimeter such as at the desktop/laptop and data centers.

Technologies to consider for a layered approach are enterprise-class anti-virus and malware solutions for the desktop, email filtering solutions, web filtering solutions with dynamic URL verification and filtering, security information management systems with intrusion prevention and robust notification capabilities, data leakage protection solutions, and firewall technology for the perimeter network protection and laptop protection.

Other Articles:

Will Americans Elect a Lo-Tech or Hi-Tech President?

Firefox Has The "Restore Session" Feature

In the event of a power outage, or if your computer stops responding, you can just exit and restart Firefox (don't restart your computer). When you relaunch Firefox, you will be given a choice to "Restore Session". When you choose this option, you will be taken back to any webpage you have been browsing before(including password protected pages).

Easier Access To Browsing History

With Internet Explorer, finding the 'browsing history' section is like finding the Holy Grail. I mean it! With Firefox, there's a highly conspicuous, separate tab fully devoted to your browsing history. In case you get lost while browsing 10,000 pages in an hour, you can just visit the 'History' section and toggle between pages that you have visited before. And yes, with Firefox it's easier to delete your history archives.

The Mozilla Firefox Interface Is Less Cluttered

Have you noticed that Internet Explorer sometimes takes longer to load than Firefox? This is because Explorer has more tabs/features/add-ons, and this is not necessarily good. When users browse online, majority of them don't care how many features are available on the browser. They just want to check their email, watch some Youtube videos, read the news etc...whatever they wanna do, they wanna do it faster!

Another thing, the Internet Explorer interface takes up too much screen space. Firefox is a breath of fresh air. It is less cluttered with features that you don't need anyway. There's more room for the webpage itself. (To be fair to computer geeks, Internet Explorer has more features to spend time with and explore on).

Firefox Automatically Opens .PDF Files -- No Need To Download

Online reports and e-books are pretty much popular online. These kinds of files frequently come in .PDF format (a file that can only be opened with Adobe Reader). With Internet Explorer, you cannot read .PDF files online. You need to download them before you can read them. That means, if the PDF file has some sort of viruses or malware attached to it, or if the source website is malicious, then you acquire those dangerous elements into your computer as well.

With Firefox, you can open PDF files online without having to download them. It's safer, faster, and it saves disk space. Ain't that convenient?

So, tell me, which browser are you using right now?

Some say that security is a state of mind and for the most part, they are correct. Yet it is more than that. Security is having confidence that private matters stay private and public matters are public affairs.

The biggest problem is that whenever conducting private matters over a public medium such as the Internet keeping it private is no easy matter to achieve. Here is how to do it.

First Line Defenses

Your first line of defense will be your antimalware software. You have an antivirus suite to keep malicious code at bay and antispyware to prevent keystroke logging.

Firewalls, intrusion prevention and intrusion detection devices and software to regulate network traffic flow and to stop prevent intruders from gaining access to your network as well as to warn you of attempts to breach your perimeter security.

You cannot conduct business or social affairs in isolation so you create a demilitarized zone (DMZ) to allow visitors access to your public face, usually in the form of a website. You might even establish dedicated email and blog services in your DMZ to facilitate smoother user-friendly communications.

Whenever you partake in communications outside of your secured sites using a publicly accessible medium such as the Internet you know your privacy and security are non-existent and want to do something about it. Enter the CIA.

CIA: Confidentiality, Integrity and Authenticity

The foundation stones of all secure private communications are the three pillars of confidentiality, integrity and authenticity also known as the CIA of security.

Confidentiality - Confidentiality ensures that the conversation remains private (confidential). Encryption technologies are the standard means to assuring message confidentiality.

Integrity - Integrity to ensure that the contents of the communication remain free from interference or corruption (the message remains intact). Hashing algorithms and the digests they produce are the most common means of assuring the message's integrity.

Authenticity - Authenticity to ensure that all parties to the conversation are who they are say they are (verification that the remote party is in deed the remote party you intend to converse with). Digital certificates are the most common means of verifying the authenticity of all and parties.

Secure Sockets Layer (SSL)

The most common means of securing a website and allowing parties to connect over a secure HTTPS connection is by using SSL technologies to provide authentication and message encryption. The process is as follows:

• The first step is to obtain an SSL certificate consisting of a public key and a private key. This can be “in house” or by way of a commercial certification authority such as VeriSign or Thwarte. You use the public key to encrypt information and the private key to decrypt it.
• A browser is pointed to a secured domain or website
• The Secure Sockets Layer handshake authenticates the server and the client
• An encryption method is established
• A unique session key is created
• The parties begin to communicate via a secure session that guarantees message privacy (confidentiality) and message integrity between authenticated parties

Other Common Uses of Cryptographic Technologies

Other technologies commonly used to deliver confidential, authenticated sessions with data integrity assured include:

• SSH is commonly used for secure encrypted remote access sessions
• OpenPGP is often used for file encryption with Email content encryption the most common
• VPN/IPSec for secure private networking over public media

Other uses of cryptography include full volume encryption of hard disk drives to protect data in the event of physical theft; digital rights management (DRM) schemes, key generation for digital fingerprint and authentication systems

As with all technologies, it is important that any cryptographic technologies that you use be correctly: installed, configured, administered, maintained and regularly tested, verified and updated when necessary.

With people regularly communicating outside or beyond their firewall protected local environments it is important that we ensure we pay due attention to the CIA of security. We must be proactive in order to protect ourselves and our organizations as well as our personal information and our assets (computers etc.).

AVG Anti-Virus Free Edition 7.5.524

AVG is anti-virus software developed by Grisoft Company. It is the best free anti-virus software which has much improved design in terms of its usability, stability and highly impressive detection feature that has gained popularity among the computer users. In other words, millions of home users trust on its high level of detection capability to protect their PC from the attack of unknown and weird viruses. Due to its high detection on almost all the wild viruses, Grisoft has awarded VB100% Award by Virus Bulletin in February 2008. Not only that, AVG was rated as the second highest rating for user satisfaction for its free edition. Additionally, its quality assurance has been announced as the top downloaded program on CNET Download.com.

AVG anti-virus free edition is permitted for a home user and not for a commercial use. The software provides real-time protection and it is updated automatically so that you will be provided with a rapid virus database to alert you for any infected files. It handles the infected files safely and it never gets your PC slow down. It is indeed easy to use this anti-virus software that protects your PC against viruses, worms and Trojans besides protecting your PC against spyware, identity-theft, Adware, hackers, network intrusions, and sophisticated rootkit attacks. It is also furnished with an anti-spam feature to help filter out any junk electronic mails. It is by far the best free anti-virus software I have been using so far.

PC Tools Antivirus 3.6 Free Edition

This software is very useful to protect your PC against the latest fast-spreading worms and virus, such as Netsky, Mytob and MyDoom which can seriously infect your PC as they can be transferred to other person's PC who accesses your email contacts and computer's network. Additionally, these infections may allow hackers to steal your database from your PC, and later use it to launch threats against other computer's users or website or to send large numbers of SPAM mails. Therefore, it is always safer to use this software to keep alert of infected files.

Its real-time protection is trusted with rapid database updates and it is essential to keep your PC safer against any online threats and malicious infections attempting to gain an easy access to your PC by stealing your personal details. The suspected viruses, Trojans and worms will be quarantined, disinfected and destroyed thoroughly. It is worth using this software as it is free to use plus it has no time-limits.
For a direct download, please click here.

ThreatFire Free Edition 3.0.8 (Beta 4)

The chart clearly shows that ThreatFire's Active Defense feature has proven to provide up to 243% more protection when combined its usage with the traditional anti-virus products. ThreatFire is powerful software to detect and to stop any malicious and cyber-threats which include known and unknown spyware, adware, keyloggers, viruses, buffer outflow, Trojans, rootkits, worms and malware as well. This is its unique feature as compared to the traditional antivirus products as virus threats are sometimes remained undetected and thereby infecting your PC.

Now, how to uninstall it. There are three basic ways to get rid of this. First, you can purchase the Virus Heat ($49.50 I think) and uninstall it. Of course, nobody wants to pay that much. Another way to uninstall this is to do it manually. This is hard and can become very confusing if you are not that good with a computer. Finally, you can use a program called Malwarebytes' Anti-Malware to kill Virus Heat. Malwarebytes' Anti-Malware is by far, the best anti-malware program on Earth.

To uninstall it manually, follow the directions on the website below. I will not list out the directions because I did not do that, and also, it is a long and grueling process.

First, you will need this program called Malwarebytes' Anti-Malware. No, it is not a virus. To be safe, download it from this website.

There is some additional information there about uninstalling.

After you have downloaded Malwarebytes' Anti-Malware, start a quick scan. Let it finish and Virus Heat should be gone.

Spyware, Adware, Malware and Viruses are infections you can get from opening and Email, going to a website, downloading a piece of software, putting a USB drive into your computer, the amount of ways to receive them are amazing. Computer programmers make the infections, just to cause trouble for everyone, whether you are at home using your personal computer, at a friend's house, at your small business or working in a large corporation.

These nasty infections can do a whole heap of different things to your computer. The things that can happen, and often happen are:

• Slow Computer - Your computer will slow down dramatically.
• Freezing - Your computer may "lock-up" or "freeze".
• Programs not working - Some of your programs might not work properly
• Personal Details - Some infections have the potential to retrieve personal details such as bank account details.
• Turn off - Your computer could sometimes just switch off without warning.

All of these things, and more, are possibilities when you have infections on your computer.

 Hold on! There is hope for you though. There are many programs on the Internet these days that you can download, which runs a scan to delete these problems. Here is a list of programs, free of charge that you can download today!

• Ad-Aware Free
• Spyware Doctor
• Spybot Search & Destroy
• Windows Defender
• Clamwin Antivirus
• Windows Malicious Software Removal Tool

There are also a number of programs that allow you to stop the infections getting into your computer in the first place. They are called "firewalls". Here is a list of free firewalls available to download.

• Comodo Firewall
• ZoneAlarm Firewall
• Ashampoo Firewall
• OutPost Free Firewall
• Sunbelt Personal Firewall

I hope this guide has helped you learn about the different problems you will face with your PC, and how to treat them.

Firefox is free for everyone. You might think that Internet Explorer is free, too. It isn't because it's part of Windows and when you bought your Windows, you paid for it. But always the product you pay isn't better than you can get legally for free.

Features

Internet Explorer is nowadays very near the feature list of Firefox and all other browsers. It had a lack of tabs and pop-up blocker before. Firefox is a little better with it's configuration tool because when you configure Firefox, you configure Firefox and when you configure Internet Explorer you might configure things that modifies also other Windows tools configuration like proxy servers.

Interface

Firefox has a little more original (and maybe old) look and interface. It's easier to use for beginners and easy for people moving from old Internet Explorer 6 (IE6). The new interface of Internet Explorer 7 (IE7) is a little odd for older users and takes a little time to learn using it, I think.

Plug & Play

This might be a trademark of Microsoft but it's also a term meaning easily installable devices, software, plugins... etc. There's many plugins for Internet Explorer but they might modify your system a little deeper (or do I just think this way?) than Firefox plugins which can be disabled/enabled/installed/removed/configured using Firefox own plugin manager and any of these tasks often needs just a restart of Firefox not the whole system. Internet Explorer is also more "plug & play" with malware than Firefox is.

Standards and Scripts

Few sites requires or suggests Internet Explorer. Firefox can pretend being Internet Explorer if it's required. I have been thinking if this is caused by two standards. The standard syntaxes and the IE syntaxes which causes that sometimes "javascripts" have to be made for IE and non-IE browsers. Always the problem isn't either the development of two standards. Simply, all the sites might not work with Internet Explorer in the future.

Documentation

Internet Explorer has its own documentation included with Windows. Many plugin's installations has their own step-by-step tutorials and using Google, you will find many hits, more than for Firefox. But using Firefox, you might get better documentation and help from the developers or next to developers, people that do work with Firefox. If you contact Microsoft asking for help, you most commonly get a link to page in their own web documentation or you have to pay or you figure it out for yourself. Never tried but I see it this way.

Compatibility

If you once study your Firefox well, you will be able to use it on different platforms (often default graphic browser in Linux) and use different browsers that are the same kind because free and open software development goes often with the same line with same ideas to provide better compatibility between different applications.

IE users, please think about it.

First off, an explanation of what may be happening.

Your computer may be part of a bot net

If your computer is "zombied" this means that somewhere on your computer a program or set of programs is letting someone else access it and use it for nefarious deeds such as spamming or bringing down a website. Most of this is automated, the person responsible is not in your computer looking at your stuff, they are using automated scripts and programs to access many computer simultaneously. This is known as a "bot net" and you really don't want to be part of this, it slows your box down, really annoys people who are getting the spam being generated, and is just generally uncool...

Your computer is running too much spyware or malware

This really slows computers down as the regular programs have a hard time running when something is using up all available memory

Where does this stuff come from and how did it get on my computer?

There you are happily surfing the web searching for variations on turnip wine recipes or some such thing, when you land on a certain website. The site seems totally innocent, even the website designer may be unaware of the evil lurking in the webpage code. But your computer downloads this bad code, and when executed, tries to download all its friends. the next thing you know the computer is running slower than the hour before schools out, and your start page has gone from google to some strange page about midget yahk herder sex. This is called a drive by, and is just one of the ways that you can get compromised.

Oh sweet tunderin' Jesus! what do I do now?

All is not lost! Follow these suggestions and there is a good chance that you can solve these difficulties.

(disclaimer...The following are just suggestions, and by using them you do so at your own risk. If you are uncomfortable doing the following, indeed call in a pro)

Number 1 (and most important) Check to make sure that your anti virus is running and up to date. I cannot over state the importance of this. Many computers that I have to deal with have either outdated, disabled or non-existent Anti Virus. I even had one lady who uninstalled her anti virus because she didn't like the color of the antivirus window. sheesh!

All computers ship with antivirus programs, but most of these only work for a couple of months before the ask you to pay a subscription or they stop updating.

Some viruses, worms and spyware will intentionally break your av.

What to do if your av is broken...

There are quite a few Free for personal use Anti Virus programs out there. The one I have been using is Avast.

It is a self updating av, scans everything going in and coming out of your computer and it talks. The first time I used it I left my computer on overnight, and around three am I heard this manly voice say "Anit Virus successfully updated"...scared the bujesus outa me!

It is good for a couple of months as a demo, but registration is free, and all they want to know for registration is your email, so they can send you a registration number,and what country you are from.

Just download it and install. It will ask if you want to do a "boot time" scan. Say yes and let it reboot your computer. It will scan before letting anything load into windows memory, and will pick up most of the crud.

If you have problems downloading it because your computer is running too slow, shutdown your computer and restart. As it starts to boot up press "F8" a few times and it will bring up a boot menu. Use the arrow key to go to "safe mode with networking" and hit enter. This will start windows without any drivers or programs being loaded. the screen will look weird, but you should be able to access the internet.

Next you are going to want to download another free program Spybot Search and Destroy.

Download and run this, make sure you update it first. This will remove spyware from your system.

This is normally enough to get things back on track, but being the overly paranoid and under paid person that I am, I also use these programs just to make sure:

Ad-Aware

Super Anti-Spyware 

All of these are free for personal use.

Other suggestions to keep you safe...

Use the Firefox browser. I personally think it is a better browser than internet explorer and has lots of plugins to keep you safe. One of the add ons is called "NoScript" and when enabled, stops websites from executing anything unless you say so.

Another handy plugin for most browsers is the Netcraft Anti-Phishing Toolbar. This will alert you if a website is fake, like a banking site or auction site. I'm always getting emails telling me that I need to reset my banking info, or there is something wrong with my ebay or paypal account. These are just attempts by scum sucking hairless monkeys to steal my stuff. Neither Banks or ebay or paypal would ever ask you to reenter your financial info by email. When in doubt, phone the person that the suspect email is from.

Well, thats all for now. I'll put up some more security stuff as soon as I get time.

Cheerio all!

Things you Must Realize:

1. Everything on the Internet that is unknown is potentially dangerous. You have a new email message from a man or a company of which you don't have an idea? You have a new contact who is trying to send you unknown file? The best advice: Don't open it. Unless you have very good reason to do so.
2. If you're connected to the Internet, firewall is crucial. Otherwise there is a huge opportunity, despite your antivirus, that you are going to be infected. Get firewall, the best ones in my opinion are Zone Alarm and Outpost.
3. If you download something for the first time, scan it with the latest antivirus definitions. That is the first step. But there is a second step which I recommend if you really want to make sure you are protected and that is…
4. Sandbox, heard of it? Go to Sand Boxie for more information. It may be something you haven't heard about. But it's very effective. If you want good protection. Their slogan is “Trust no program”.
5. Anti-spyware and anti-malware software programs are must for today's world. It is estimated that around 90% of all computers are infected by some sort of spyware. The best anti-spyware software to try is Spybot S&D, Ad-Aware and Spy Sweeper.
6. Update your Operating System. And your software! New exploits get discovered every day, there is a huge hole in your computer if your OS or software program are not updated to their latest version.
7. If you are suspicious about a file, why not scan it online with over 20 anti-viruses at once? Go to http://www.virustotal.com, I think this is the best service for the of job.
8. Backup your important information! Get this habit! Some day you'll find it saved your life, trust me.
9. The best way to protect against unknown viruses is not to open unknown files. You already know this.
10. Realize there is no 100% protection! It will never be! If you realize this, then you'll always backup the important data and be cautious of what you open.

I hope some of these things helped you learn more about computer security and how to protect your computer against viruses.

So when your software fails there is only one thing to do. Follow these simple steps:

1. Go to a site that can scan your computer for viruses and tell you were they are located.
2. Try and see if Trend Micro can delete it.
3. If the infection can not be deleted then remember the name of the infection and its location. Then, restart your computer and enter safemode.
4. Look for the section where the infection is located and delete it.
5. Enjoy your infection free computer!