Latest Blog Posts

PCI Compliance 101: Join @McAfeeSECURE Expert Sally Baptiste for #eCommChat

Posted by softwareguru on January 24, 2013

In previous posts, we’ve discussed the importance of PCI compliance as well as some of the many misconceptions around it. During this month’s #eCommChat, we’d like to expand on this PCI conversation and discuss some of the complications specific to mobile shopping. Consumers and retailers alike are embracing mCommerce, and online merchants need to be able to navigate new security and compliance vulnerabilities in order to stay ahead.

We want to know: What are some of the biggest challenges eCommerce merchants face around PCI compliance – Mobile web access, payment gateways, customer data storage, or something else? Which specific compliance concerns and solutions do you think are most compelling for SMBs vs. their larger counterparts? Can embracing alternative payment systems help mitigate some of these concerns, and if so, how?

Additionally, what are some of the most frequent PCI challenges you’ve seen specific to mobile retail sites, and what do online merchants need to do moving forward to address these issues?

Thursday, 1/31 at 11am PT, join @McAfeeSECURE and Sally Baptiste, McAfee Director of Global Credit Card and Electronic Receipts to share your experiences, best practices, and recommendations with the eCommerce community to address these questions and more.

Logistics: How do I participate in #eCommChat?

1. Find
• Search for the #eCommChat hashtag (via TweetChat, TweetDeck, or a Twitter client) and watch the real-time stream.

2. Follow
@McAfeeSECURE will get the conversation rolling by posing the first couple of questions

3. Engage
• Tweet your reactions, questions and @reply’s to the chat, making sure to use the #eCommChat hashtag.
• #eCommChat should last about an hour.

Google and Passwords Are Never, Ever Getting Back Together

Posted by softwareguru on January 24, 2013

It’s official: Google is breaking up with passwords.

As our lives continue to move online, securing private of information is an increasingly difficult task. As I discussed last month, 2012 could be described as the year the password fell apart, with numerous high-traffic websites breached and millions of user credentials stolen. As a result, many companies have taken a stand against simple password security, arguing for a new strategy that goes beyond an 8-10 character phrase.

Google in particular believes they are on the way to an answer, and a paper on the topic is set to publish late this month. In it, Google engineers describe several ways people may end up logging into websites in the future, and many of their ideas build off two-factor authentication.

At its core, two-factor authentication requires a user to provide two of out of the three authentication factors: something you know, something you have, and something you are.

1. Something you know: This is something you remember, like a PIN, password, or pattern you swipe on your mobile phone.

2. Something you have: This is a physical object that you can keep with you, like an ATM card, key fob, or USB device.

3. Something you are: This is something that is a part of you, like your fingerprint, or the pattern of your eye’s iris.

Google already practices two-factor authentication by linking users’ mobile phones to their accounts, which means that anyone trying to gain unwarranted access to your Gmail account would also need your mobile phone to get in. But even with these two barriers, hackers are still fairly successful at breaking the system to gain access.

In response, Google is experimenting with ways to eliminate passwords entirely, moving towards the “something you have” part of the authentication equation. One proposal involves device-assisted security, wherein users would carry small USB devices or even wear encrypted rings that would require a simple tap on the computer to access an entire range of accounts.

One Ring to Protect Them All

One Ring to Protect Them All

But while device-assisted security certainly has the potential to provide users with privacy peace of mind, time will tell if a system like this gets adopted on a large scale. As with any new system, user adoption is based on trust, ease of use, and accessibility, and Google has a long road ahead if they want to make “smart rings” the passwords of the future.

Do you have a hard time remembering your passwords? If so, would you switch over to a device-based system?

Let us know in the comments below or on Twitter with @McAfeeConsumer, and be sure to check out more information on McAfee SafeKey if you answered yes to either of those questions. SafeKey is already included in your McAfee All Access subscription, and it allows users to manage all usernames and passwords across devices, so you can securely log in on any website with just one click.

Students Getting Cyberwise to Become Safe and Responsible Digital Citizens

Posted by softwareguru on January 22, 2013

Australian Prime Minister Julia Gillard unveils the new cyber education module, which was developed in partnership with McAfee and Life Education Australia.
This module expands the Life Education Program that is for primary school children across Australia.

JuliaGillard_TwitPic

 

 

 

 

 

 

 

 

 

 

 

 

A study called “The Secret Life of Teens 2012 report,” (conducted by TNS Research and commissioned by McAfee) shows an alarming 62% of teens have had a negative experience on a social network and 25% said they had been the victim of cyber bullying. bCyberwise is a program designed to help close that gap. The evidence for developing this program was numerous, but some key points are:

  • Digital media has become a significant and predominantly positive aspect of the education, leisure and social lives of most of today’s children and young people.
  • The use of digital media also poses some risks to the safety and well being of children and young people. The most harmful of these appears to be cyber bullying
  • Other contact risks include exploitive communication, sexting, impersonation, humiliation via doctored images, under-age enrollment on social media sites, and exposure to material that is inappropriate, misleading, unacceptable or illegal
  • Children and young people need opportunities to learn the skills and values that will enable them to be safe online and become good digital citizens
  • The middle and upper primary years of schooling represent a sensitive and timely period for introducing students to these skills and values

McAfee and Life Education’s new program content will support the class teacher in this regard, providing an opportunity for young students to learn and practice a set of relevant skills and values (technical, thinking, emotional and social) that are fundamental to the promotion of cyber safety and positive cyber citizenship.

The hope is that being “safe and responsible digital citizens” will hopefully be a part of these students’ lives as they grow up. More info can be found at www.mcafeecybered.com

 

Robert Siciliano is an Online Security Expert to McAfeeDisclosures.

Malware Disguised as Java Update: Careful What You Download!

Posted by softwareguru on January 22, 2013

All too often, cyber attacks are crimes of opportunity. This was exactly the case when late last week, hackers created a fake website to fool users into downloading a virus instead of the latest version of Java. As many of you read here in the blog, Oracle recently released a patch for a critical Java security issue found spreading malicious files to unprotected computers. In response, users scrambled to download a new, protected version of the software, attracting cyber criminals in the process.

We’ve seen this behavior time and time again: Criminals go where they can get the most bang for their buck. This means finding ways to infect as many computers as possible, so there are more opportunities to siphon off money or steal user credentials. What’s attractive about Java for hackers is that it runs on billions of devices worldwide (and probably every Internet connected device currently in your home). This means that when Oracle releases a critical patch, millions of people are typing in “Java update” or “Java virus” into search engines like Google or Bing. This presents a grand opportunity, because if criminals can create a fake website that looks nearly identical to the Java update website, they’re bound to fool a large number of people into downloading their malicious software.

This is called Social Engineering.

Social Engineering is different from other types of cyber attacks, because victims must actively participate in the hacker’s plan. In this case, a user must freely give up access to his or her computer by clicking the “Download Now” link on the fake Java website. In other cases, attacks may involve sending victims a fake email to request sensitive information, with the byline forged as a message from a boss or colleague (this is called “phishing”). The attacks can even be carried out in-person, with hackers sneaking into IT departments disguised as management personnel.  But in all cases, the user must be fooled into letting the attacker in, as opposed to the hacker circumventing security barriers by force or other means.

There are tricks of the trade that users at home can learn in order to avoid falling victim to social engineering attacks.  

  1. Pay close attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL typically uses a variation in spelling or different domain (e.g., yahoo.co vs. yahoo.com).
  2. Pay attention to grammar and spelling. Many illegitimate websites, including the fake Java update website, will have misspelled words and poor grammar (“A new version of Java is require”).
  3. Be suspicious of unsolicited phone calls or email messages asking you to share personal information, change a password, or download software. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company before taking action.
  4. Install and maintain all-inclusive antivirus software like McAfee All Access to prevent spam, malicious traffic and flag suspicious sites before you click.

 

Click here for a detailed how-to on how to update or disable Java from your devices safely. And for additional updates on emerging threats, follow our team on Twitter @McAfeeConsumer.

CES Trends: Smartphones Are the Remote Control for Your Life

Posted by softwareguru on January 18, 2013

Smartphones have evolved at a rapid pace over the past couple of years to become much more than a communication tool. Everything is connected to the Internet – lights, power outlets, cars, cameras, kitchen appliances and more – and can be controlled from a mobile device. At CES this year it was more evident than ever that our mobile devices are starting to become the remote control for our lives. These app-powered accessories and appliances are the wave of the future and made a big splash at the year’s biggest consumer electronics show.  Here are a few examples of what was featured:

  • AT&T announced that in March its Digital Life security system will go on sale. It allows people to use tablets or phones to monitor cameras, alarms and even coffee pots.
  • Appliance-maker Dacor showed off a new 30-inch Discovery wall oven on the show floor that can be controlled remotely through Discovery IQ Controller, an Android app.
  • Ingersoll Rand offers a $300 starter kit and software for people to connect their homes. It includes a lock, a light and a wireless “bridge,” or base station, to connect the devices to the Internet. They can be controlled with a smartphone or tablet app called Nexia Home Intelligence.

McAfee-Central-CES

App-controlled ovens and home security systems are just the start. Pretty soon the control for every aspect of our lives will lie within our mobile devices, but as we adopt this new functionality we’re opening more doors for cybercriminals.

A mobile app left without a security solution is open to hacks that could affect every aspect of your life. With appliances, cars and security systems connected via smartphones, imagine all the things that could go wrong if your smartphone was attacked.

That’s why in 2013, we’ll see mobile security move more and more to the forefront of industry conversations. Consumers will need to protect themselves by choosing security solutions that fit their mobile lifestyle.

At McAfee our goal is to shield consumers from all mobile dangers by providing protection against theft, loss, malware, unwanted calls and texts, and unsafe apps and websites.  McAfee Mobile Security (MMS)is the most comprehensive solution available so it’s the perfect solution for CES attendees. Mobile enthusiasts looking to download all the latest apps debuted at CES can keep their personal life personal, outsmart identity thieves and connect (to their oven, car or home security system) with confidence.

Recent Blog Posts