Blog

January 23rd, 2013

Virtual Guardian celebrates its 10th anniversary!

Laval (Quebec), January 23rd, 2013. Virtual Guardian Inc, a company specializing in IT security, is proud to announce that it is celebrating its 10th anniversary this January. Here are some company highlights:

 • January 2003: Patrick Boucher founds Virtual Guardian Inc.
• December 2008: The company reaches 1M $ in sales for the first time in its history.
• April 2009: Virtual Guardian is the first IT security company in Canada to receive the prestigious ISO 27001 certification.
• April 2010: The company is expanding. Its head office moves from a 600 square foot office to a 3000 square foot business condo on de l’Avenir boulevard in Laval, near the new Montmorency metro station.
• May 2010: Virtual Guardian’s 24/7 Security Monitoring service is launched.
• January 2013:  Virtual Guardian celebrates its 10th anniversary.

To read the official press release, click here (french version only).

January 21st, 2013

Not just the “big guys” at risk

The article below explains why and how smaller companies are not immune to hackers and data loss. If you operate a small or medium business and have concerns about information security, contact Virtual Guardian today. We have custom-made packages with prices tailored to fit tighter budgets.

———————————

It’s become fashionable to assume that all cybercriminality these days is about money. In other words, attacks that aren’t likely to be worth anything aren’t likely.

It’s also fashionable to assume that the attackers are increasingly and exclusively after rich and fruitful targets, such as multinationals and governments. In other words, if you’re a little guy, you’re off the radar and can stay safe online simply by keeping your head down. Sure, cracking into systems just for the fun of it – the lulz – was briefly popular a couple of years ago, thanks to the appositely-named Lulzsec crew, but a bunch of arrests seemed to put paid to all of that. But those arrests didn’t stamp out cracking for the sake of it. There’s still plenty of gratuitous, “because it’s there” digital break-and-enter going on.

Even if you run a tiny website and don’t have much to hide, you (and your customers) are nevertheless at risk from criminals, like the apppositely named @JokerCracker, who openly gives his reason for hacking as, “It’s just a personal challenge.” JokerCracker has announced a number of hack-and-reveals over the past few days. That’s where he digs around on your website for holes, probably using automated tools to find what software you’re running, and what vulnerabilities he can most easily exploit.

Once he knows a likely way of tricking your webserver into dumping one or more of its databases, instead of simply answering one of your pre-arranged queries, he’ll extract what he can, and upload anything that looks like Personally Identifiable Information (PII) to a public drop site, where data-theft voyeurs can grab it at will. The final step is a tweet to let the world know. A sad example over the weekend was his hack of a boutique Australian babycare site. He only made off with about 900 records, perhaps because that’s the whole database collected by the site owner. (Only email, screen name and passwords were leaked. Your full name, your child’s name and birthday, requested on signup, didn’t appear in the dump. That’s a small mercy, I suppose.)

The passwords, as you may have guessed already, weren’t hashed or obscured at all. They were all stored in plain text.

  •     If you are a user of a website that gets hacked this way, and you shared your password with any other sites, change those passwords immediately, and stop re-using passwords.
  •     If you’re the owner of a website that gets hacked this way, consider publishing a warning on your main page and alerting your users.
  •     If you’re the operator of any sort of web site or similar online property, don’t keep plaintext passwords.
  •     If you think a site is storing plaintext passwords, consider withdrawing from it until it stops doing so.

Note that the last point implies that you can easily tell whether a site is doing the right thing with your passwords.

Fortunately, many sites publish, or will tell you if you ask, how they deal with password storage and reset. But others won’t, and often that’s because they know they have bad news, or don’t even realise the importance of the question. In that case, you may be able to find out simply by trying a password reset. If you get back a password reset link, they probably haven’t been storing your password in plaintext. But if you get your old password back in an email, then clearly the site must have been storing it. Babycare Advice, for what it’s worth, doubles up on its insecure behaviour because doesn’t use HTTPS during its login phase; worse still, it doesn’t even use HTTP “challenge-response” password verification, which at least prevents your password going out unencrypted. Your password is there, in the clear, waiting to be sniffed. Web site users, be vigilant. If you think a site is not treating your PII with the respect it deserves, even for so-called casual or throwaway logins, then consider working, shopping or playing somewhere else. Web site operators, don’t be happy with the security standards of ten, five or even two years ago. Show that you care about PII and help to build and maintain the trust of your customers.

Source: Paul Ducklin, January 21st 2013, Naked Security

December 22nd, 2012

Virtual Guardian in La Presse

An article about the ins and outs of being an IT security specialist was published in La Presse today. The interview was conducted by Émilie Laperrière who interview company Presient, Patrick Boucher. To read the article (french only), please click here.

December 14th, 2012

SANS’ Seven steps to a secure computer

Did you know that the SANS institute publishes a free, monthly security awareness newsletter? This newsletter, called “OUCH!” gives readers a bunch of useful tips and trics to help them reach a better IT security posture. This month’s issue’s topic is a well known classic: how to secure your computer. You’ll find the newsletter (PDF format) called “Seven steps to a secure computer” in the DOCUMENTS page of this website. Enjoy!

November 8th, 2012

Photos from the Hackfest

The HACKFEST was held this past weekend at Quebec City’s Hotel Plaza. Close to 500 participants attended the event, from hacking afficionados coming for the CTF challenge to a business crowd coming to enjoy the various conferences. Virtual Guardian was a sponsor for the third consecutive year at the event, which is rapidly becoming the province’s premiere get together in the information security industry. Here are a few pictures we took at the event:  on.fb.me/gbrR0B

September 14th, 2012

GV et le Hackfest; jamais deux sans trois!

Gardien Virtuel est heureux d’annoncer son partenariat OR avec le Hackfest. L’événement, qui combine conférenciers de renom dans l’industrie de la sécurité informatique avec compétitions de piratage éthique amicales, a pris beaucoup d’ampleur ces deux dernières années et possède maintenant le plus haut, sinon un des plus hauts, nombre de participants pour un événement de ce type au Québec.  Le Hackfest, qui attirait plutôt des étudiants à ses débuts, attire désormais un nombre important d’employés des secteurs privés et publiques et est devenu un incontournable pour tous les professionnels du domaine. C’est sans surprises que Gardien Virtuel y participera pour une troisième année consécutive.  L’événement se tiendra les 2 et 3 novembre prochains à l’Hôtel Plaza de Québec. Pour tous les détails consultez le www.hackfest.ca.

May 31st, 2012

Job opportunity!

We are looking for a Network Administrator. This opportunity is open to all candidates looking for new and exciting challenges and also looking to join a dynamic company currently experiencing an expansion phase. For all pertinent details, please click here.

 

February 1st, 2012

Joint conference: Desjardins/VG

On March 1st, 2012, Virtual Guardian and Desjardins will be giving a joint-conference via “Réseau Action TI LLL (Laval-Laurentides-Lanaudière)”. The conference, given in french, will have two parts: Dany Rivard of Desjardins will talk about new credit card security threats and Patrick Boucher of Virtual Guardian will discuss upcoming security trends we should expect to see in 2012. For all details and to register for the conference, please click here.

 

December 23rd, 2011

Physical intrusion testing

NEW! Virtual Guardian now offers physical intrusion testing. If you are looking to test your building/place of work’s physical defenses, we have the expertise you are looking for. Let our professionals test your security team (ex. guards) and your equipment’s (ex. cameras) efficiency. We can also review your physical security processes. Don’t take chances; call us today at 450-933-7774 for a free evaluation.

October 25th, 2011

Ten cybersecurity tips for small businesses

When it comes to intrusions, size matters — Help-Net Security (October 2011)

Small businesses lack security preparation – eWeek Europe (September 2011)

New cyberattacks target small businesses – Usa Today (July 2011)

Do these headlines worry you? More and more small businesses are being targeted by cybercriminels because data access is relatively easy and potential gain is high. If you would like some help securing your network, we can help you. You can reach us by phone at 450-933-7774. Until then, here is a document titled “Ten cybersecurity tips for small businesses” that can help you get id of your security worries.

 

 

« Older Entries