Hego IT, expert in IT infrastructure security and data maintenance, and Lybero.net, expert in web encryption and data protection, join their forces to offer you the best suited solutions to your data security needs in Germany.

HEGO Informationstechnologie GmbH was founded 1997. Since then the company has gathered customers from all markets all around the world.
Their customers are located worldwide in Germany, Europe, USA, VAE and even China. Core competency of HEGO is the design and realisation of long-living strategies in the area of IT security, IT governance, compliance and design. HEGO is protecting its customers from downtimes in IT infrastructure, data-breaches, intrusions and all other kinds of IT security risks, both in terms of technical and also strategical consulting.
Their team is highly motivated to work for customers success and trained on the best possible level ( ISO 27001 / ISO 27005 / ITQ / CEH- Certified Ethical hacker and much more)

Hego IT as an expert on strategies in cybersecurity will provide you one of the most secure solution in cybersecurity.

Thanks to this unique partnership, which will offer you high security solutions to protect your data wherever you are.

More information about Hego It

L’article Lybero.net and Hego IT announce their partnership ! est apparu en premier sur Lybero.

L’article Businesses Cybersecurity Barometer est apparu en premier sur Lybero.

Cybersecurity is an ever-increasing concern for organizations. With assets scanning at V-speed, it is becoming increasingly tempting and profitable for hackers to try to attack businesses or individuals. The threat is both internal and external.

Too often we hear from companies experiencing considerable difficulties after cyberattacks. Read the following article on NotPetya: The untold Story of Notpetya. He’s not going to reassure you. When the digital survival of a multinational company lies in a server not connected to the network in Ghana because of an electrical failure, one may be afraid. This is a particularly spectacular case, but on a smaller scale, it is common to hear of a company that is the victim of a data leak or malware and then encounters significant economic difficulties: digital damage can be the stitof that makes a fragile company tip over.

Technologies and algorithms for data protection and identification by encryption exist: the RSA encryption algorithm was described in 1977, the Diffie-Hellman key exchange in 1976, the ECDSA encryption algorithm dates from 1992, AES date 2000, … and these technologies are used every day through https, smart card payment, encrypted partition decryption, and various mobile messaging applications.

However, at the same time, the exchange of confidential files remains a headache even between large organizations, within the state services, between a doctor and his patient, between an accountant or a lawyer and his clients. And who individually protects files on their computer? These shortcomings are not woefully so insignificant as that. Recent massive ransomware attacks have been possible by offering to open an invoice from a known company (for example Free or another provider). These emails had the perfect look of authenticity, but in fact they didn’t come from Free.

In short, we have many technological means of data protection, but organizations use them little. Our mission at Lybero.net is to bring security to the simplest organizations in the world. The best security and ease of use, deployment, management and control are our promises. You’ll tell us if we keep our promises.

Arnaud Laprévote, October 16, 2018

L’article Lybero.net’s mission est apparu en premier sur Lybero.

Each year the Clusif (https://clusif.fr), the French information systems security club, offers a general presentation of the state of cybersecurity over the previous year. This year the program was very dense and interesting. 14 very good presentations that you can find on the Panorama page of the Cybercrime of clusIF.

The presentation on the attacks faced by the banks in 2018 by Gérôme Billois of Wavestone caught my attention. You can see it here.

3 different attacks were detailed. These are the attacks “Darkvihnya Attack”, “Bank of Chile” and “Cosmos Bank”.

In the case of “Darkvihnya Attack”, what has been done is the connection of several malicious devices directly to the bank network. Once the devices are connected, they are used to expand the bank’s network and then to gain access to the IT infrastructure from the outside. Malware is then used to make transfers to third-party accounts. It is therefore first of all a physical access that then allows access to IT. The attack involved 8 banks in Eastern Europe.

Countering this type of attack is possible: a well-configured network and detection of unusual equipment can detect the attack early. However, there is a need for sufficient teams, appropriate hardware and software. The fact that these attacks were carried out in different banks geographically close to them indicates a problem of lack of a localized cybersecurity culture.

The second attack is that of “Bank of Chile”. The method is very different, the attackers have managed to infect machines with malicious code. This code was destroying the machines. IT teams focused on crisis management. Meanwhile, hackers were operating quick wire transfers. A typical diversionary strategy. I see very little way to fight such an attack. The only solution is to have a team dedicated to crisis management but completely detached from the operational monitoring teams.

The latest attack is that of “Cosmos Bank” an Indian bank. The bank’s internal infrastructure has been infected with malware. It was possible to install a server that was in dialogue with the ATMs instead of the normal infrastructure. When distributors asked if money could be withdrawn, the answer was always yes. In 2 days more than 10 million euros have been withdrawn in many countries with cloned cards.

All these attacks are very sophisticated, requiring not a hacker but entire teams of people, who have the time and the opportunity to study banking systems, or to learn about them. It’s hard to imagine small hacker organizations succeeding in doing this, these are much more important means that are put at stake.

The fact that after several years, it is possible to identify these organizations and the people working there was highlighted in the presentation “Geopolitics and attribution” of Loïc GUÉZO of Trend Micro France. All hope is not lost.

L’article #PANOCRIM 2018 – The Bank – Smarter Attacks est apparu en premier sur Lybero.

Lybero.net is a specialist in web-based information encryption. But after all, why is it necessary to encrypt? A computer’s operating system and applications offer isolation methods to prevent access to information from people who are not entitled to it. What else does encryption bring?

The first reason is technical. The insulation provided by the operating system, applications or databases is fundamentally illusory. If you follow the technical news, you hear regularly about computer flaws, programs, operating systems, protocols or hardware.

These flaws are tenuous, it only takes very little to have a fault. To illustrate this, consider the bug that led to the destruction of the first Arianne 5 rocket. The wikipedia article details this bug. In summary, a variable representing acceleration was coded to 8 bits when it should have been coded to 9 bits. Only one bit led to the destruction of the rocket after 37 seconds.

This type of code instability is both very common (this is the definition of a bug) and at the same time very surprising, intellectually. We are deceived by our physical intuition, such instabilities are rare (even if they exist) in our sensory world.

Not only is the software susceptible to infinitesimal error, but also the digital hardware. The Spectre attack and now the whole family of associated attacks are related to processor architecture.

It is therefore necessary to be able to protect the computer data despite the software and despite the hardware. That is, use something else. The other thing is mathematics, and mathematics for data protection is cryptography.

L’article Why do we have to encrypt the information? est apparu en premier sur Lybero.

Lybero.net is part of the first promotion of the #LePlateauLUX. What’s that? I asked Laurent Marochini, the head of Societe Generale’s #LePlateauLUX, to tell me more.

AL – Lybero.net: How do you say #LePlateauLUX?

LM – SGBT: We say the lux tray, but we write #LePlateauLUX with LUX by exhibiting.

AL – Lybero.net: What is #LePlateauLUX?

LM – SGBT: This is an innovation lab from Societe Generale Bank and Trust (SGBT), the Luxembourg subsidiary of the Societe Generale Group, whose aim is to host startups linked to our business challenges.

AL – Lybero.net: What are these business challenges?

LM – SGBT: It depends on the banking business. We can talk about a solution to automate, security solutions, but also solutions to obtain a competitive advantage: for example artificial intelligence to better exploit our data.

AL – Lybero.net: Where did the idea of #LePlateauLUX come from?

LM – SGBT: Three years ago, a Culture and Conduct program was created, people are being asked for solutions to improve daily life.

In this context, the idea of an innovation centre has emerged.

With the support of our management, we got to work.

We have assembled a team by integrating the different professions (Business, communication, purchasing, general services to create the place).

AL – Lybero.net: What about coordination with #LePlateau in Paris?

LM – SGBT: In those first 6 – 9 months, you had to find a name. Very logically, we stopped on #LePlateauLUX given our roots in the Group, and in particular innovation center in Paris which is called #LePlateau. We had the ambition to strengthen the Group’s global network of innovation centres and the name allows us to demonstrate the link to this network and to establish internal visibility.

AL – Lybero.net: Who are the people of PlateauLUX?

LM – SGBT: There are 3 people very present, but this is for all the staff of Societe Generale. Anyone can come.

Amandine Guerrier is the host of the place. It ensures the proper functioning of the center (communicating, meeting startups, animate, coordinate the use of the place).

Philippe Pasquali, SGBT’s Chief Digital Officer, is the executive sponsor of the management. It is there to challenge from a digital point of view and business the different solutions.

And Laurent Marochini, myself, head of the innovation centre. My role is to accelerate digital transformation, develop the level of technological competence of employees, improve the Group’s brand image and be present in the ecosystem.

But it’s everyone’s lab, and a lot of people help us: communication, transformation team, procurement, legal and operations. A lot of people come to see us.

AL – Lybero.net: Are there priority topics?

LM – SGBT: Anything that contributes to our goals. But we focus on anything that can bring maximum value: AI, cybersecurity, … But if there is a big business issue, the solution will be showcased in the innovation centre.

AL – Lybero.net: Can you tell us about the first promotion?

LM – SGBT: 3 startups have been hosted:

Tale of data: they publish a data preparation and exploration application to prepare manual use, make reconciliations, and especially the automated use of data in big data or learning applications. Their tool has a lot of use. For example, in a database with millions of records, it allows to normalize all data (e.g. addresses or phone numbers), to quickly find almost identical duplicates …

Myrtea Metrics: Myrtea Metrics offers tools to automate complex tasks in complex but repetitive processes. For example, at a project follow-up meeting, the project manager knows that he regularly has to send stimulus emails to get the necessary indicators. The tool will automatically offer the email to the project manager, or a set of emails, which the project manager can choose. In addition, the tool learns, it refines the proposals for action as it is used.

Lybero.net: continue to browse this site to find out who we are.

These are 3 quality startups. We have to be able to get the trades even better. We’ve been effective in selection, we need to be even more efficient on transformation. We work with all stakeholders (IT, purchasing, business, …). It is also necessary to plan budgets upstream and anticipate integration problems. We learn every day. We learn in human terms, process, technology.

AL – Lybero.net: What about working with Lybero.net?

LM – SGBT: The team is convinced of the value of the solution. The Risc, Private Banking, Private Equity teams were involved and understood the value of the tool. Now we have to make the leap. We were able to explain the needs of the different trades in detail so that all the constraints (functional and security) were integrated into the tool. We got along very well.

Gilles Dumont (Myrtea Metrics), Amandine Guerrier (SG), Stéphane Hugot (Myrtea Metrics), Thierry Elkaim (Tale of Data), Philippe Pasquali (SG), Jean-Christophe Bouramoue (Tale of Data), ahead of Arnaud Laprévote (Lybero.net)

#LePlateauLUX

Laurent Marochini and Amandine Guerrier of Societe Generale

L’article LePlateauLUX – a co-development laboratory of Societe Generale with startups est apparu en premier sur Lybero.

Simple to use, simple to deploy, simple to manage, possible to control are our currencies at Lybero.net for our products. Our focus is on data exchange protection, not postal data protection.

This does not prevent the protection of stations by encryption. There are two separate levels to protect information in different contexts. The basic level is the encryption of partitions. Operating systems have been offering this option for a long time, and it is recommended to use it. However, when your post works, if an attacker gets access, it can recover the data that is decrypted during that time. Encrypting files individually helps to avoid this.

If one thinks in the terms of the General Data Protection Regulations, Article 25 (Data Protection from the Design and Protection of Data by Default) states that “…these measures ensure that, by default, data of a nature personnel are not made accessible to an unspecified number of individuals without the intervention of the individual concerned.”

In technical terms, this can have no other meaning than: any personal data, any file containing personal information must be encrypted with one or more associate officials with the ability to give access to it voluntary. In particular, system administrators should not have access to personal information, including through backups.

The only way to do this is by encrypting files. There are many ways to do this, but let’s start by using a universal gpg encryption tool.

Individual file encryption under linux

I’ve been working for over 20 years on a linux position. In 2008, I really started to worry about security issues. For reasons of diversity of the operating system, linux posts are less likely to fall victim to viruses, however, a determined attacker can always target a post. What worried me most was the multiplicity of passwords I had to manage. I was looking for a simple way to store them, in an encrypted way. So I created 2 aliases (commands available via the command line) pe and pv: pe is password edition and pv is password view.

I knew there were programs all done, but I like to control with simple solutions. These aliases are:


alias pv='pushd ~/Documents/password;make view;reset;popd'
alias pe='pushd ~/Documents/password;make edit;reset;popd'


pushd allows you to change your repertoire by memorizing the path you were originally where you were. popd allows you to go back to that original repertoire. Between the two, I launch the programs via make.

And the corresponding Makefile:


# example Makefile for viewing/editing an encrypted file
GPGID = <mon.adresse@mondomaine.com>
FILEPLAIN = index.txt.clear
FILECRYPT = index.txt

view:
@umask 0077; $(GPG) --decrypt $(FILECRYPT) | less


When I type pv, a window asks me the password protection of my gpg key for mon.adresse@mondomaine.com, and then I see my complete file in which I can do a search via the usual vim commands. It’s clearly a geek solution. But it’s very convenient. A new password: pe, go to the end of the file, add the password, save, get out. And the previous file is backed up with the date. The use of pv is: pv, search, copied pasted, and hop. I use vim, but everyone can use the editor of their choice.

I shared the following discovered keepassX and now I use both solutions.

From there, it seemed necessary to have encryption/decryption commands for my files with my pgp key. So now I have a crypt command and a decrypt command (okay, it’s in English). “crypt nom_de_fichier,” encrypts the file in nom_de_fichier.crypto and “decrypt nom_de_fichier.crypto” decrypts the file for myself.

As much as these solutions seem practical for someone who is not afraid of the command line under linux, as much as they are totally impractical for a user under windows.

Data encryption in windows

So I searched for an equivalent under windows. What I wanted was to have just 2 commands, one to encrypt and another to decipher in the menu associated with each file in the windows file explorer. If you install gpg4win [https://www .gpg4win.org /], you have a “Sign and Encrypt” command that opens a graphical interface allowing you to sign and/or encrypt for the default user or someone else. That’s good, but in my opinion, there’s a window with extra choices. The decryption is it very well, you make a right click on a .pgp file and the file is decrypted. Cons, the .pgp file remains in addition to the decrypted file.

It’s almost perfect, but I wanted something even simpler. Just click-right Encrypt and for the files .pgp click-right decipher, enter the pass-phrase and that’s it. Well, after a few (ok, a lot) tries, it works.

To have an action on a right click in the file explorer, simply add via the registry editor regedit entries. You’ll find plenty of tutorials on how to edit registry entries. So I added 2 elements in the windows registry:

• HKEY_CLASSES_ROOT> -> shell> – Crypt for me
• HKEY_CLASSES_ROOT> -> shell> – Decrypt for me

In “Crypt for me”, I created a command sub-entry, with as a key (default): cmd /c gpg -output “1.gpg” – encrypt -recipient “mon.adresse@mondomaine.com” “1” and del “1”

This command requires a little explanation. cmd starts a “terminal” command.com, /c indicates that after the execution of the next order, the “terminal” closes. Then we find the gpg command. The 1 is replaced by the name of the file on which a right click has been made. It says that we want to encrypt for even. It is at the creation of the key that you indicate the email and the associated person. There is a graphics tool for managing windows keys called Kleopatra, you can generate a new bi-key by choosing the encryption/signature algorithm. Then you have a list of the different keys available. So I indicate that I want to encrypt the file by adding the .gpg extension after. Indicates that there is a command that will be executed afterwards and that is to delete the original file. This command is only executed if the previous command has run without error.

It is possible to use the crypt_for_me.reg file below to directly create the command in regedit.


Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\Crypt for me]
[HKEY_CLASSES_ROOT\*\shell\Crypt for me\command]
@="cmd /c gpg --output \"%1.gpg\" --encrypt --recipient \"<mon.adresse@mondomaine.com>\" \"%1\" && del \"%1\""


And for Decrypt for me, likewise, a command sub-entry, with as key (default): cmd /c gpg -use-embedded-filename “1”


Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\Decrypt for me]
[HKEY_CLASSES_ROOT\*\shell\Decrypt for me\command]
@="cmd /c gpg --use-embedded-filename \"%1\" && del \"%1\""


Now you have an encryption solution for your windows files and you simply want to comply with the RGPD. My next point is not to explain how to then move across a business scale, but we will come back to that by explaining how to manage the keys across the organization.

L’article Encryption and windows – some experiences with GPG est apparu en premier sur Lybero.