31 March : World BackUp day

On March 31, the Internet celebrates World BackUp day, which as per its name, celebrates the backing up of files from one’s computer.

http://www.worldbackupday.com asks the users to take this pledge

I solemnly swear to backup my important documents and precious memories on March 31st.I will also tell my friends and family about World Backup Day – friends don’t let friends go without a backup.

The simple campaign actually makes a lot of sense. The reason being that users today are in a greater risk of losing all their digital data to a computer hack, hard drives crash, virus attacks and other incidents.

Even though a trusty external hard disk can do the job in most cases, we believe that backing up essential data online is a safer bet. And for this, the Internet offers a plethora of efficient services.

How do I backup? (Tips from the campaign site)

Backing up is easy. Once set up, your data should be backing up automatically. You just need to check every once in a while to make sure your backups actually work. There are three main types of backup solutions:


Every week, copy your most important files onto an external hard drive next to your desk, in your closet, or any other place where you can easily retrieve it.

You can even use Windows Backup (or Time Machine, if you have a Mac) to do this automatically!


Another automatic backup or an external hard drive that’s stashed at another location, such as a bank vault, friend’s house or even in a data center in another state. This protects your backup in case of theft, natural disaster or simple hardware failure.


Similar to an offsite backup, this involves simply installing a small app on your computer to instantly and automatically copy your files to the internet. This makes multiple copies of your files at various places around the world, making it hard to lose any of your files.

It’s super simple and done instantly – you barely need to do anything! However, your backups can be a little bit of a pain to retrieve though (it’s a lot of stuff you have to download!) so having this option in conjunction with one of the above is a good, secure plan.

Things to backup

  • Computer
  • Laptop
  • Phone
  • iPod
  • Tablet
  • Other electronic devices
  • Photos and videos on social networks
  • and other online services.

Ways they can fail…and lose your data.

  • Theft
  • Hardware failure
  • Natural disaster
  • Alien invasion
  • Obsolete file formats
  • You forgot where you put it (really. it happens!)
Remember, always have a backup to back up your backup!

Measuring What Matters – New Seurity Framework

Measuring What Matters: Reducing Risk by Rethinking How We Evaluate Cybersecurity

After Congress failed to pass cybersecurity legislation last year, President Barack Obama introduced an executive order that focuses on security standards, information sharing and privacy protections. Those directives are now in the early stages of going into effect. Lawmakers have vowed to take up cyber legislation again this year, but in the meantime, a new report offers a framework for federal, state and local agencies to get ahead on cybersecurity.

SafeGov issued the report, titled “Measuring What Matters: Reducing Risk by Rethinking How We Evaluate Cybersecurity” in conjunction with the National Academy of Public Administration at an event March 26, 2013.

The document states that “despite the guidance of experts and millions of taxpayer dollars, federal information systems remain critically vulnerable to breaches and cyberattacks. This approach will strengthen the security of government information systems and improve the overall management of government resources by focusing scarce resources on the areas that pose the highest risks to agencies’ missions.”

The report does not call for new cybersecurity legislation, but instead offers a road-map for transforming compliance procedures within the existing Federal Information Security Management Act (FISMA).

The governing agencies should focus more on implementing critical security controls & automated continuous monitoring, diagnostics and mitigation; estimating risk on continuous basis; and ensuring mechanisms required for testing and verifying that critical security controls are effective.

Infosec Awareness: Watering Holes

“Watering hole” campaigns are more visible lately, with researchers identifying new incidents almost every day. The watering hole attack that compromised several computers over at Twitter, Facebook, Apple and Microsoft recently appears to have impacted regional banks, activist groups, government foreign policy resource sites, manufacturers, the defense industrial base, and many other companies from varied industries.

In a watering hole attack, attackers compromise and manipulate a Website to serve up malware to site visitors. However, the attackers’ motivations in this kind of an attack is different from those hacking sites as a form of protest or intent on stealing information or money. Instead, these attackers are taking advantage of insecure sites and applications to target the class of users likely to visit that particular site.

Hackers don’t necessarily get a better level of targeting with watering hole attacks, but they do gain a degree of efficiency with these types of attacks. It’s simple to Googledork sites looking for vulnerable versions of web servers to infect, rather than spending time doing reconnaissance on social networks and forums, and building complex profiles of people and the systems they use.

How to defend – Update update and update !!

Developers are “typically soft targets,” as they have extensive access to internal resources and often have administrator (or high-privileges) rights on their own computers, according to Rich Mogull, analyst and CEO of Securosis. Developers spend a lot of time on various developer sites and may take part in forum discussions. A lot of these forum sites don’t have the best security in place and are vulnerable to compromise.

From a user’s standpoint, this just highlights the importance of keeping your security tools, software, and operating system up-to-date with the latest patches. Attackers aren’t just using zero-days; many of the attacks actually rely on old, known, vulnerabilities because people just don’t update regularly. If your job requires you to access sites that use Java, have a dedicated browser for those sites, and disable Java in the default browser to access the rest of the Web.