Fort Myers Insurance

VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware.

The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator.

Citing sources in the defense contracting and intelligence consulting community, the iDefense report unambiguously declares that the Chinese government was, in fact, behind the effort. The report also says that the malicious code was deployed in PDF files that were crafted to exploit a vulnerability in Adobe's software.

“The source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof,” the report says.

The researchers have determined that there are significant similarities between the recent attack and a seemingly related one that was carried out in July against a large number of US companies. Both attacks were apparently managed through the same command-and-control servers.

“The servers used in both attacks employ the HomeLinux DynamicDNS provider, and both are currently pointing to IP addresses owned by Linode, a US-based company that offers Virtual Private Server hosting. The IP addresses in question are within the same subnet, and they are six IP addresses apart from each other,” the report says. “Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July.”

If the report's findings are correct, it suggests that the government of China has been engaged for months in a massive campaign of industrial espionage against US companies.

Update: Adobe disputes iDefense's claim that PDFs were used to deploy the malware. In a statement issued today, Adobe says that they have found no evidence that their technology was used as an attack vector in this recent incident. This is supported by independent research conducted by security firm McAfee, which has found evidence that a vulnerability in Internet Explorer—but not Acrobat Reader—was exploited in the attack.

Email compliance has become essential for all types of businesses. It can help protect harassment, security and your business. There are solutions in which those who violate email compliance can be stopped before they occur. Of course, for this to happen, there are automated tools to help accomplish this amazing task. There are even email compliance laws that all public businesses have to abide by. Even HIPAA, (Health Insurance Portability and Accountability Act) has to engage in email compliance laws. The problem with this as many suggest, some HIPAA and email compliance laws contradict each other making this a controversial subject.

I understand that businesses must have a policy with email compliance, but some businesses are subject to privacy. Files are becoming increasingly kept in databases and archived. The government is allowed to track email in certain businesses, but if I am writing this business, the government should have no business interfering. For example, if I go to a doctor and I am diagnosed with a chronic cough. He prescribes me codeine to relieve the cough. A week or so later, I email the doctor and say I need more. If a government official wants to check email records, he/she may think I am addicted. This violates doctor – patient confidentiality. This scenario was light, but what if it was about a girl revealing teenage pregnancy. Government does not have the right to know about it. At the same time, if the doctor told his staff through email about someone’s diagnosis, he/she would be violating email compliance and HIPAA, which could result in serious consequences for the doctor.

One positive aspect of email compliance is that it can reduce spamming of real businesses. What do I mean by this exactly? For some businesses, it is a good idea to get a mailing list and send bulk email. It’s really no different than an annoying telemarketer. Legitimate businesses send bulk email after you sign up for certain things online like how to make money off the internet. The specific site that you signed up for may be a partner with another site you are now receiving email from. The email compliance they have to follow is usually an opt-out choice. The opt outs are usually in the fine print at the bottom of the email saying “you have received this email because you signed up for (whatever you signed up for) and if you would like to opt out from receiving this email, please click this link.” When you sign up for a lot of these, it does feel like spam. If this email compliance rule was not in affect, my inbox would be full on a daily basis.

Email compliance can be positive or negative. In any case, every business needs a policy. The use of phones, radio, television, or any other form of communication has a policy. Email may be relatively new, but it is communication, which gives right to all businesses to have an email compliance policy.