Is an updated Mac computer that is immune to hacking
As "The Telegraph" reports, the Apple Watch was recently officially banned from the British Parliament. The reason: Fear of being spied on by Russian cyber spies. The British government had previously banned smartphones from all cabinet meetings.
Smartwatch eavesdropping: the best conditions
According to security experts, the fear of espionage attacks is well founded, which is why companies - or IT decision-makers - should also give thought to the topic: "Wearables such as the Apple Watch have a microphone, numerous sensors and wireless ones Communication options - a more than worthwhile attack base for cyber spies and hackers, "says Craig Young, an expert at the security service provider Tripwire.
Some time ago, security researchers had already demonstrated how easy it is to listen to and record conversations using the integrated microphone of a smartphone, and to steal data and passwords. Smartwatches could be abused in a similar way, according to the expert, and allow hackers and cybercriminals an even better "eavesdropping experience" through their position on the user's wrist.
- Admin rights
No assignment of administrator rights to employees
Complete and regular documentation of the IT
- Secure passwords
IT security begins with sensitization and training of employees as well as clear communication of the internal rules of conduct for information security:
Complex passwords made up of upper and lower case letters, numbers and special characters, at least eight characters.
- Password theft
Never pass on or / and write down confidential data.
- Email security
Sign emails, encrypt sensitive data, be careful when opening email attachments and links.
- Social manipulation
Handle confidential information consciously, only pass it on to authorized persons, do not manipulate or allow yourself to be eavesdropped.
- Be careful when surfing the internet
Not every link leads to the desired result.
- Use only the latest software
Software that is not updated leaves more security holes open.
- Use of your own software
Follow company guidelines and never install software of questionable origin.
- Company guidelines
Use only permitted data, software (apps) and applications.
Regularly save operational data on a network drive and back up data on external data carriers.
- Theft protection
Protect mobile devices and data carriers from loss.
- Device access
Do not pass devices on to third parties, do not leave mobile devices unattended and lock workstation PCs when leaving.
- Security guidelines
The organizational structures in the background form the necessary framework for IT security. Here it is important to formulate clear rules and to adhere to them:
Definition and communication of security guidelines
- Access rights
Regulation of access rights to sensitive data
- Software updates
Automatic and regular distribution of software updates
- Log files
Control of the log files
- data backup
Outsourcing of data backup
- Security analysis
Regular review of the security measures through internal and external security analyzes
- Contingency plan
Creation of a contingency plan for responding to system failures and attacks
- WLAN usage
A minimum standard must be guaranteed at the technical level. For the most part, this can be implemented without great expense:
Documentation of WLAN use, also by guests
Protection of the internet connection through firewalls
- Biometric factors
Use of access protection / passwords / biometrics
- Access control
Physical security / access control and documentation
- Protection against malware
Protection against malware both on the end device and on the Internet gateway, ideally through two different anti-virus programs
- Web access
Definition of a structured regulation of web access
Encryption to protect files and messages with sensitive content
Secure deletion of data when decommissioning
- Update of the security systems
Ensuring regular updates of the security systems
Permanent monitoring of the network traffic for abnormalities
Important meetings: Preferably without an Apple Watch
At the beginning of the year, some experts questioned the security of the Apple Watch and demonstrated in tests how easy it is to record the hand movements of a user via the smartwatch, for example. It was even possible to spy on pin numbers at ATMs in this way.
"Decision-makers in companies are therefore well advised to either do without their smartwatch at meetings and gatherings in which business-critical decisions are made, or at least to leave them out of earshot," recommends Young.
However, the Apple Watch is not a real target for malware: Windows PCs and Android smartphones "take over" the majority of attacks. Nevertheless: "Stuxnet" has proven the efforts governments and secret services undertake in terms of cyber sabotage and espionage.
- 1986: Brain
More than a decade before Napster was known to anyone, the first computer virus was created - to fight software piracy. The author who started the word "cyber" was William Gibson - called "Brain". Basit and Amjad Alvi developed and marketed medical software in Lahore, Pakistan. They were interested in two things. First they wanted to test the multitasking functionality of the new DOS operating systems (so-called "TSR" systems). Second, they wanted to see if there were any security flaws in DOS compared to other operating systems like Unix.
When they noticed that DOS was quite vulnerable, they had the idea of writing a piece of software that would monitor how the software and floppy disks move. Brain went viral on 3.25-inch floppy disks and within a few weeks the Alvis had to change their phone numbers. That was of little use to you, however, because 25 years after the development of the first PC virus, Mikko Hypponen from F-Secure set out on a trip to Lahore in the spring of 2011. His goal: the address that could be found in the code. In fact, he found the Alvi brothers there and had the opportunity to conduct the first video interview with them about Brain.
- 1987: Stoned
Created by a high school student in New Zealand, stoned was initially considered harmless. At first he only made himself noticeable with the message "Your PC is now Stoned". But as the first virus to infect the boot sector of a PC, Stoned showed that viruses can control the functioning of a computer - from the moment it is switched on. Bob Dylan would have been proud.
- 1990: form
Form became one of the most widespread viruses ever. On the 18th of each month, he made a clicking sound from the PC speakers - every time a key was pressed. That was quite annoying, but harmless.
- 1992: Michelangelo
Michelangelo was used to overwrite all data on a hard drive on certain dates. As a variant of Stoned - only significantly more malicious - Michelangelo was arguably the first computer virus to make it into the news internationally.
- 1992: VCL
The Virus Creation Laboratory (VCL) made it easy to create a malicious little program by automating virus creation through a simple graphical interface.
- 1993: Monkey
Monkey - also a distant relative of Stoned - secretly integrated itself into files and then spread seamlessly. This made Monkey an early ancestor of the rootkit: a self-concealing program that could prevent the boot process from being carried out using a floppy disk. If not removed correctly, Monkey would prevent any kind of booting.
- 1995: Concept
As the first virus to infect Microsoft Word files, Concept became one of the most common types of computer malware. Eventually it was able to infect any operating system Word could run. Oh yes and: if the file was shared, the virus was also shared.
- 1999: Happy99
Happy99 was the first email virus. He greeted users with the words "Happy New Year 1999" and spread the good news by email to all contacts in the address book. Like the early PC viruses, Happy99 did no real harm, but still managed to spread to millions of PCs around the world.
- 1999: Melissa
Allegedly named after an exotic dancer, Melissa was a combination of a classic virus and an email virus. He (or she) infected a Word file, then emailed himself to all contacts in the address book and thus became the first virus that spread worldwide within a few hours.
Melissa combined the "fun motive" of the early virus authors with the destructive power of the new era: The virus integrated comments from "The Simpsons" into user documents, among other things, but could also send confidential information without those affected noticing. Not long after Melissa, macro viruses were virtually eliminated when Microsoft changed the way the Visual Basic macro language worked in Office applications.
- 2000: Loveletter
This loveletter broke millions of hearts and is still considered one of the greatest breakouts of all time. Loveletter spread via email attachments and overwritten many important files on infected PCs. At the same time, it is one of the most successful social engineering attacks ever. Millions of Internet users fell victim to the promise of great love and opened the infected e-mail attachment. The estimated total worldwide damage was estimated at $ 5.5 billion.
- 2001: Code Red
The first worm that spread within minutes without any user interaction was called Code Red. It carried out various actions in a monthly cycle: it spread on days one to 19 - on days 20 to 27 it started denial-of- Service attacks on various websites - for example those of the White House. From day 28 to the end of the month, Code Red siesta was also the order of the day.
- 2003: Slammer
With just a few lines of code and a vulnerability, network worms can cause serious problems. Slammer crashed the Bank of America's ATM network and Seattle emergency services. Even the air traffic control system wasn't immune to the agile villain.
- 2003: Fizzer
Fizzer was the first virus specifically designed to make money. It found its way onto the victim's computer in the form of an infected email attachment. When the file was opened, Fizzer took over the computer and used it to send spam.
- 2003: Cabir
Cabir was the first cell phone virus in IT history and targeted Nokia phones with Symbian OS. Cabir was distributed via Bluetooth and proved that technological advancement alone is not an effective means against hackers and cyber criminals.
- 2003: SDBot
SDBot was a Trojan horse that bypassed standard PC security measures to stealthily take control. He created a backdoor that enabled the author, among other things, to spy out passwords and registration codes for games such as "Half-Life" and "Need for Speed 2".
- 2003: Sobig
Sobig was an optimization by Fizzer. The peculiarity: some versions waited a few days after a computer was infected before the affected computers were used as e-mail proxy servers. The result? A massive spam attack. AOL alone had to intercept more than 20 million infected messages per day.
- 2004: Sasser
Sasser gained access to the system via endangered network ports, slowed it down dramatically or crashed entire networks - from Australia to Hong Kong to Great Britain.
- 2005: Haxdoor
Haxdoor was another trojan that sniffed for passwords and other private information. Later variants also had rootkit capabilities. Compared to previous viruses, Haxdoor used far more complex methods to disguise its existence on the system. A modern rootkit can turn a computer into a zombie computer that can be controlled without the user's knowledge - possibly for years.
- 2005: Sony DRM Rootkit
In 2005 one of the largest record companies in the world had the same idea that the Alvi brothers had in 1986: a virus should prevent piracy. The affected audio CDs contained not only music player software, but also a rootkit. This controlled how the owner accesses the audio tracks on the disc. The result: a media shit storm and a class action lawsuit. Sony was only able to fight off the latter out of court through generous settlement payments and free downloads.
- 2007: Storm Worm
According to Machiavelli, it is better to be feared than loved. Seven years after Loveletter, the pest Storm Worm took advantage of our collective fear of freak weather. To do this, he used an email with the subject line "230 dead from storms in Europe". As soon as the attachment was opened, a Trojan backdoor and a rootkit forced the affected computer to join a botnet. Botnets are armies of zombie computers that can be used to spread tons of spam, among other things. Storm Worm hijacked ten million computers.
- 2008: Mebroot
Mebroot was a rootkit that was specifically designed to outsmart the emerging rootkit detectors. The malware was so advanced that it sent a diagnostic report to the virus writer as soon as it crashed a PC.
- 2008: Conficker
Conficker quickly spread to millions of computers around the world. He made use of vulnerabilities in Windows as well as weak passwords. Combined with some advanced techniques, Conficker was able to install more malware. One - particularly nasty - consequence: the virus prevented users from visiting the websites of most security software providers. More than two years after Conficker was first spotted, more computers were still infected every day.
- 2010: 3D Anti Terrorist
This "trojanized" game targeted Windows phones and was distributed through freeware websites. Once installed, the Trojan started calls to particularly expensive special numbers and gave users extremely hefty bills. This strategy for apps is still new - but it will probably develop into one of the most common methods that hackers and cybercriminals will use to attack mobile devices in the future.
- 2010: Stuxnet
As we have already seen, computer viruses have had an impact on the real world for decades - but in 2010 a virus also changed the course of history: Stuxnet. An unusually large Windows worm (Stuxnet is more than 1000 percent larger than the typical computer worm), Stuxnet likely spread via USB devices. The worm infected a system, hid itself with a rootkit and then recognized whether the infected computer was connecting to the Siemens Simatic automation system. When Stuxnet found a connection, it changed the commands that the Windows computer sends to the PLC / PLC-programmable logic controller - i.e. the boxes for controlling the machines.
It runs on PLC / PLC he is looking for a specific factory environment. If this is not found, Stuxnet remains inactive. According to F-Secure Labs' estimates, implementing Stuxnet took more than ten man-years of work. After all, this shows that a virus that can obviously manipulate a centrifuge to enrich uranium cannot be created by anyone in the blink of an eye. The complexity of Stuxnet and the fact that the use of this virus was not based on financial interests suggests that Stuxnet was developed on behalf of a government.
With material from IDG News Service.
- Which Hollywood actresses are gold diggers
- Why is maintaining social order important?
- What is calculus in mathematics
- Who was the first female Jedi Knight
- Can we possibly wage another war?
- What mistakes should we not make while meditating?
- Can be drawn from electric fences
- What devices work with Cozmo
- How bad is Israel 1
- Why is Pakistan running out of power
- What is not a metallic mineral
- Why does insulin need to be cooled?
- Which is the anhydride of acetic acid
- You Can Make Money With Snap Chat
- When will Amazon ELB offer SPDY support?
- Has anyone made a Stack Overflow clone
- Are the TCS off-campus results declared?
- Which British low-cost airline will close next?
- Which moments are crucial for a relationship
- Why are there hate groups
- Is psychology a big topic
- What's so good about donating blood
- Detroit is a dump to live on
- What is BTS RM's past
- Why do molecules vibrate
- Fasting Can Help Relieve Symptoms of Depression
- Immunotherapy is harmful
- How does GPS calculate the position
- What is the best music promotion website
- When will PS3 be obsolete?
- Can I cancel my Gujarat Board exam?
- Are there Trappist or Benedictine women
- What does the future hold for psychedelics?