How To Hack Proof Your E-Commerce Site

Image courtesy of Dennis Skley under CC BY-ND 2.0

In our age of internet, e-commerce sites are becoming one of the most used shopping outlets of all time. With the major successes of big online stores, such as amazon.com, many retailers are looking to make the move into online sales. However, with such a big part of commerce now relying on these sites, the need for vigilance in online security from business owners is becoming more paramount than ever.

The risk of hacking not only puts customers and their details at threat, it also seriously jeopardises the reputation of the merchant. Businesses everywhere, even retail giants, such as Target, who predicted a $148 million profit loss after their site was breached, are discovering the hard way, that taking steps to reduce the threat of hacking is an essential part of running an e-commerce site. Fortunately, there are a few simple things that can be done to drastically reduce the risk, and by staying up-to-date and alert to threats, your e-commerce site can thrive to it’s full potential.

  1. Handling and Storing Credit Card Data

First, as a bottom line, credit card data of customers should never be stored for long periods of time. Although this drastically reduces risk, as hackers have less data to target, it is not a full proof method to protect customer data. This is because the use of certain programs, such as memory scraping malware, can intercept data even if it has only been stored momentarily, while being tokenized.

Similarly, specifically targeted malware can work parallel with your individual payment process in order to access sensitive data while the payment itself is underway. There is no definitive answer when it comes to storing data, however the PCI-DSS (The Payment Card Industry Data Security Standard) has been set up to help any organisations that handle labelled credit card transactions. From their website, merchants can complete a self-assessment form and work alongside the Security Standards Council to take steps to optimise the handling of sensitive data.

  1. Keeping Data Encrypted

Keeping data encrypted in essential when running an e-commerce site as any sensitive information that passes through is at threat of intruders. There are many ways to incorporate data encryption into an e-commerce platform, and although the most tech savvy among us may choose to build their own, for most of us the easiest way to ensure our site is secure is by using a third-party tokenization system. Most third-party platforms, such as Shopify, come with a pre-approved SSL (secure sockets layer) certificate, which means businesses can ensure that data is encrypted when travelling between the company’s web server and customers website.

The SSL seal will also help to reassure customers that the site is authentic and therefore improve reputation. Another way data encryption can help protect is through the use of a VPN when administrating the site. The VPN encrypts your data and IP address, which prevents potential threats accessing the internal website and admin panels through your internet connection.

  1. Managing Passwords

Unsurprisingly, passwords are an essential element of securing your site. Just as unlocking our front door gives access to our houses, passwords are the key to accessing everything inside a website. However, this also means they are a point of weakness for hackers to attack, so taking steps to ensure optimal password safety is an essential step to take when securing your site.

First, heightening customer password security by installing requirements in passwords length and character use and sending reminders to update and change passwords on a regular basis are both sure-fire ways to reduce threat. Alongside this, using a secure password storage system, such as cyberark, which uses multiple layers of built-in security, reduces the risk of passwords being hijacked. Finally, by highly restricting admin privileges and access for users and reviewing settings for unused or dormant accounts, you can minimise the threat of hackers gaining entry and accessing sensitive information within the site.

  1. Keeping Alert & Up to Date

As cyberthreat is ever-changing and ever-growing as technology advances, one of the best tips to ensure the highest level of security for your site is to stay in tune and up to date. This can be done simply through ensuring your software is updated. Updated software can include resolutions for security threats that older versions didn’t even know existed, including firewalls, gateway, e-commerce and anything else you may be running.

Also, for those using a third-party e-commerce platform, many providers will supply an up-to-date analysis of threats to the system that can help you stay ahead of the game. Another step that can be taken to stay up to date with threats is to install software, such as Google Intelligence, that alerts the proprietor to any suspicious activity or transactions. By doing this, threats can be identified early and dealt with before a serious infiltration occurs.

  1. Getting the Right Help

Internet security can be a very complex topic and running a business is very time consuming, so it’s little surprise that many merchants find this element of setting up their e-commerce site more than a little bit daunting. Fortunately, this is not a problem you have to tackle alone! Many companies advocate actually hiring hackers to test their sites security and to work alongside them to reduce the threat of cyberattacks.

Similarly, many third-party companies will perform what is known as a penetration test to highlight vulnerabilities in the system and allow businesses to prioritize addressing the specific weaknesses of their network. And, as aforementioned, completing the PCI-DSS self-assessment form is a great way to start to take steps to ensure your site’s optimum security without having to become a hacking expert yourself. 



The benefits of prioritizing internet security when developing your e-commerce business are undeniable. Not only does it protect your customers, it ensures the smooth running of your website and business and protects the detrimental effect on reputation that a security breach will no doubt bring. Although ensuring optimum online safety may seem like an overwhelming task, these simple steps will set you up for drastically improving your sites security and reaping the benefits that having a secure, validated e-commerce site brings.

Protect Your Startup From Crime With These Essential Tips

21743993224_cc6366813a_z

Criminal activity isn’t something you are likely to think about when you plan out your startup ideas. However, it’s something you need to consider if you want to protect your business.
There are many different ways that criminals can target your business, from inside and out. So, we thought we would put together this short guide on everything you need to know. Read on to find out more – and feel free to leave any tips in the comments section below.

Your intellectual property

First of all, let’s look at your intellectual property. You will need to cover yourself from the moment you have your idea, because as soon as you put yourself out there, it is open to theft.

Find a business lawyer that specializes in intellectual property law. Make sure that you take out patents, too, and copyright everything that needs protection. Industrial espionage is a real thing – and it would be a tragedy for you if someone stole your idea and made a lot of money from it.

Your premises

Make sure that you have robust security, wherever you work from. Offices should have lockable windows and doors, as well as security lighting to ward off burglars. CCTV is an excellent option, but above all, it’s important to train your staff to be more secure.

Get them into the habit of closing and locking doors and windows whenever they leave the room – not just the office. You will reduce the chances of an opportunistic thief taking a chance.

Your stock

If you sell products, then you will have a stockroom to hold your inventory. It’s important that you track this accurately and ensure that all your stock is accounted for. There are many ways that thieves can get hold of your property, so hold regular audits and stock takes to make sure you know where you are.

It’s also a good idea to tag all of your working equipment, from computers to fax machines. All of them are valuable to thieves, but much more valuable to you. Make sure that you give yourself the best chance of finding them if they ever go missing.

Your employees

Unfortunately, people can go through difficult times, and they can become more open to the idea of committing a crime. It could be as simple as stealing something off the shelves of your shop, or as complex as money laundering.

Make sure you learn about compliance. It can help protect your business from the threat of employee theft, bribery, and other criminal activity. It’s not a nice thought to think that all your employees might be thieves; that much is clear. But, compliance will help you lay the foundations that make it hard for any of them to give into any urges.

Your records

All businesses have a lot of records about their customers; that could prove to be fruitful for criminals. Make sure that all your databases and computer systems are secure. Also, shred any papers with confidential information before disposing of it.

As you can see, there are plenty of areas where crime can affect your business. It’s important to take the subject seriously, even when you are just starting out. Put a good plan in place, and it will be much easier to control and deal with. Let us know your thoughts…

DC Hot Tech Startup Gryphn Finding New Problems They Solve Every Day

gyphn,dc startup,startup,startup interviewOne of Washington DC’s hottest startups is Gryphn. This mobile security firm released their ArmorText secure text messaging application for Android users last summer and they’re constantly hearing from customers that they’re solving a new problem every day.

“we are still discovering all the problems that Gryphn solves. People come up to us at events and tell us how our products can be used for public notaries, insurance resellers, journalists… you name it. We are staying focused to solving regulatory compliance problems for Healthcare, Finance, Government, Law Enforcement, First Responders and Defense.” Gryphn’s CEO and co-Founder Navroop Mitter told us in an interview.

Back in June the team had grown enough that they took over the space of fellow DC Startup JESS3 which relocated to Los Angeles.

Much of their success is coming from innovating in the security space in the sectors where security matters most.

We got a chance to catch up with Gryphn. In the interview below they reveal how they got their name Gryphn. Check it out:

Read More…

Rogue Anonymous Member Takes Responsibility For Downing The Ship Of Pirate Bay

 

Two days ago we reported on how Pirate Bay, the leading site for illegal torrents was being attacked by DDoS attacks. However, at the time no one including Pirate Bay knew who the attack was coming from. Leading votes where from the MPAA, RIAA or a Government, after Anonymous claimed it wasn’t them. That’s when the thought came to me that It could be someone(team) that has defected from the collective and that’s what it turned out to be.

Read More…

[Updated] Anonymous Denies Attack Yet Pirate Bay Still Downed By DDoS Attack

Down goes the ship. That’s what’s been happening over at Pirate Bay for the last couple of day. The popular torrent site has been plagued by  non-stop DDoS attacks. Known to be one of the most prolific sites for illegal torrents(Simply, a torrent is data about a target file, though it contains no information about the content of the file. The only data that the torrent holds is information about the location of different pieces of the target file. Torrents work by dividing the target file into small information chunks, found on an unlimited number of different hosts. Through this method, torrents are able to download large files quickly) As well as legal torrents. However, in recent times the site has come under legal attack in Europe by forcing ISP’s to block access to the site.

In reaction to that, Anonymous has targeted multiple sites, including UK’s Virgin Media, which Pirate Bay actually condemned them for those actions. However, Anonymous has sent out multiple comments on different social sites claiming those attacks on Pirate Bay are not their doing.

Read More…

Karma? Arianna Huffington Gets Hacked By Nigerian Hackers

 

Gawker is reporting and now Arianna her self is confirming that yesterday morning her personal email was hacked into. For those who don’t know who she is, she is the founder of Huggington Post, a blog site which after selling to AOL for over $300 million never gave a dime to her workers, many of whom she never paid in the past.

The email went out to look like Arianna her self sent a document for people to see. What it did was leave those who opened the email to a mock site for users to log into. Thus providing their email and passwords to the hackers.

Read More…

Hackers Get 181,000 Medicaid Records And 25,000 SSNs From Utah Department Of Health.

image

On March 30th hackers believed to have been from Eastern Europe, hacked into a vulnerable server within Utah’s Department Of Health.  UDOH has said that records were moved to a new server that had a configuration problem which allowed hackers to circumvent the department’s security protocols.

Although the breach occurred on March 30th UDOH waited until last Wednesday to publicly announce that the breach occurred. On Friday they revealed the damage.  Hackers made off with 24,000 files. Each file can contain information on hundreds of Medicaid patients.  UDOH tallied up all the damage and said that 181,000 patients have had information compromised. 

The information that was taken includes patient names, birth dates, addresses, provider information, procedure codes answer social security numbers.  The patients affected ranged from children kn Utah’s CHIP program to senior citizens.

More after the break

Read More…

[Breaking News] Anonymous Drops UK Home Office From Existence With DOS Attack

As we reported on Thursday, Anonymous was planning to go after the UK Home Office’s website due to actions in which they’ve helped the West prosecute British civilians. As of now, people just can’t connect to the site, no letter or anything has been left yet.

#OpTrialAtHome is Anonymous newest cause. Unlike last Saturdays “attempt” to take down the Net which makes no sense as why would they crash their playground. This one is being reported by all the Anonymous Twitter feeds and people close to it. In a group showing against UK extraditing people to the USA to face crimes, Anonymous is telling its supports to take out the countries home website.

Source: @Anon_Central

Rawporter Road Show: Biometrics Associates Encrypted Bluetooth Technologies

At the government technology show, formerly called FOSE, in Washington DC we got a chance to talk with Biometrics Associates. This company has developed some very cool encrypted Bluetooth technologies that are implemented in military and government uses.

Their first product is a card reader that, when attached to a smartphone, allows apps that use Biometrics Associates SDK to be unlocked. The only way to unlock these apps is with the right key card and the right credentials on the keycard. Biometrics Associates offers an SDK where developers can build any kind of protected app.

App uses already in use or in development include email protection apps, phone unlocking apps, tactical planning apps and even apps that are used to protect plans for military equipment. Their technology is approved by the United States Department of Defense and NSA to ensure that it meets the top-secret clearance needed at such a high level.

The other technology they offer is a secure BlueTooth headset.  As you’ll learn in the video the secured Bluetooth headset uses its own pairing mechanism so that the default 0000 and 1234 codes don’t work to pair the phone with the headset. In addition once locked to the phone it creates a shield that won’t allow any kind of Bluetooth interruption, penetration or eaves dropping.

The headsets were built to NSA specification so that even the highest level agent in any branch of government can talk securely via Bluetooth headset to another party.

 “Today’s CAC user needs secure access to mobile applications”, noted Scott Johnson, BAL Executive Vice President and COO, “but sensitive information – both data and voice – must be protected from multiple points of attack. Imagine a doctor in a DoD hospital making his or her rounds with an Android tablet. This doctor needs CAC authenticated access to the hospital medical records database but also needs to be able to dictate notes into the patient’s record over an encrypted Bluetooth link. We are proud to provide products to make this a reality.”

Sound interesting, watch the video.

Breaking: Anonymous Hacks Chinese Site

Anonymous, has in the past shown great “humanitarian” beliefs by going after government sites in which those countries take away the freedom from their people. That is just what Anonymous did yet again by Hacking multiple Chinese related sites. But instead of defacing them, left messages explaining how people in China can have a free internet, without the censorship of it’s dictating Government.

A new Twitter account has been opened just for Anonymous attacks against China, which we have a feeling will start to become very active in response to preventing it’s people from having a free world.

Read More…

MasterCard And Visa Hack, Work Of Anonymous Again?

 

Both Visa and MasterCard are reporting that over 10 million customers of both Credit Card companies have had their information hacked into.

As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk

Krebs has been quoted on their Security blog. What they’ve failed to mention though is if this is payback from Anonymous as they have gone after both companies before. Or if this is another group of hackers. Alerts where sent out last week to banks as the Hack happened between Jan. 21 and Feb. 25.

Credit Cards them selves where not the target, however the processing of them was.

We’ve seen in the past that after both companies stopped letting donations to Wikileaks, that Anonymous hacked into both companies. Could this be their doing again is the question.

Both Visa and MasterCard have refused comment on this so far as the investigation is still on going. As well as the fact it’s yet another black eye on both companies as they continue to feel heat from Hackers who continue to go after both companies.

Rumor: Anonymous To Take Down Internet This Saturday

Rumors are starting to go around, thanks to a Paste Bin post by someone claiming to be part of a larger group under the name Anonymous. That this Saturday, they’ll “crash” the net.

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, on March 31, anonymous will shut the Internet down. We’ll look to shut down the Internet by disabling its core DNS servers, thus making websites inaccessible

Read More…

Brazilian Kids Being Tracked By Embedded Computer Chips

If the headline sounds like something out of a strange sci-fi movie, well it’s not. This is actually a true story out of Brazil. Grade school students in a northeastern Brazilian city have new uniforms. Those uniforms may look like typical school uniforms but they are not.

Twenty thousand students in a northeastern Brazilian school system are wearing uniform t-shirt embedded with microchips. All 20,000 students attend one of 25 schools in the Victoria da Conquista’s public school system. There are 213 schools in the system and when it’s all said and done 43,000 students aged 4 to 14 will be wearing the chip embedded t-shirts.

The entire program, which cost the school system over $670,000 to implement, is aimed at targeting tardiness and truancy. The chip notifies the parent of the child by text message when their student has entered the school. It also lets them no if the student hasn’t entered the school after 20 minutes with a text message that says “Your child has still not arrived at school”.

More after the break
Read More…

Hacktivism, All Explained In An Infographic

Anarchist, Hackers, Criminals, Freedom Fighters, which ever you want to call them. Hacktivist has become part of the vocabulary over the past two years with groups like Anonymous, LulzSec and others. Below is a graphic explaining where it started recently, the cause and effect of such actions which we’ve seen.

Read More…