Check NOW if your Passwords are leaked with this FREE tool

Discussion in 'privacy general' started by amvlad, May 6, 2014.

Thread Status:
Not open for further replies.
  1. amvlad

    amvlad Registered Member

    Joined:
    Aug 3, 2011
    Posts:
    14
    Location:
    Romania
    Thousands of user credentials are leaked and misused by IT-criminals every single day and the newly reported vulnerability named Heartbleed just makes this problem even worse.

    Typically 3 different techniques are used in stealing your user credentials: Phishing, malware or third-party leaks (Target, Adobe, LinkedIN, SONY, Yahoo, etc.).

    Your passwords could be compromised! Check now, using the Free Heimdal Data Leakage Test: https://heimdalsecurity.com/en/heartbleed-new-user

    Feedback is much appreciated!
     
    Last edited: May 6, 2014
  2. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    So free version can only update some softwares automatically. How is it different from Secunia? Does it have a bigger database or any other advantages.

    About pro version, I have a few concerns, lets see:

    Exactly how? What kind of data is being analyzed and what about the privacy concerns?

    I would like to know if you have internal blocklist or some shared lists. Also how many FPs are encountered and how they are treated.

    Seriously need much more info about this particular behavior.

    How? Does it use browser plugin/addon or some other way?

    How is it unique and what kind of advantage does it have?

    HIPS?

    Overall, it only acts as a software updater to a free user. And Since there are no trials I dont have the slightest clue about the pro features. Some features essentially states the same thing. Also theres no info exactly how it operates, the methodology. Given there are numerous well know both free and paid security products that kind of info is essential for a lesser known company.

    Regards
    Subhro
     
    Last edited: May 6, 2014
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes exactly, more info would be nice, it´s now a bit vague.

    For example, does it have HIPS capabilities? Or is it like Secunia PSI? :)

    http://www.softpedia.com/get/Others/Signatures-Updates/CSIS-Heimdal.shtml
    http://www.snapfiles.com/get/secunia.html
     
  4. amvlad

    amvlad Registered Member

    Joined:
    Aug 3, 2011
    Posts:
    14
    Location:
    Romania
    The free version is, indeed, a patch management solution, which functions automatically and silently, focusing on the most vulnerable software pieces, security wise, such as Java, Acrobat Reader, Flash, Skype, Microsoft Data components and similar.

    We aren’t experts in Secunia’s platform, but yes it is a patching platform as well, however, as far as we know it doesn’t patch software automatically for the user. It has to be initiated to work.

    We check where data is being sent and cross reference that with our database. We also check the nature of the traffic with our heuristics engine to check for and find new threats. Our database is build from several sources.

    First of all, it is built on data from our cooperation with banks and large corporations, when we analyze the attacks performed on these entities.

    Secondly, we have a reverse engineering malware lab that studies how the malware works and how it communicates with the cybercriminal server. As an example we recently reverse engineered the Cryptolocker malware and, therefore, we know now how it works and which servers it tries to communicate with.

    We also gather information by monitoring new domain name registrations and adding malicious sites to our database.

    Our database of threats is currently updated with roughly 800.000 malicious addresses per week.


    We use our own proprietary block list + shared lists we receive from our cooperation with AV vendors. Our specialty are the APT’s and financial/banking malware.

    The Heimdal client contains a bloom filter that checks all potentially harmful lookups against our database and blocks them if they turn out to be harmful.


    Heimdal adds a security layer between a computer and its internet connection, when installed. The service installed acts as the lookup and Heimdal is the connection between the lookup service and the computer.

    If a hacker tries to remove Heimdal that connection will be broken and the computer will be unable to access internet addresses.
    Naturally we cannot detail how that is circumvented, but naturally it is possible as it is to remove and antivirus product as well. However, this does serve as a good additional layer of security


    The Phishing protection works by checking for malicious links, whenever you access them. It is built in to the service. Therefore it doesn’t matter if you access them from a link in a mail, as a typed internet address or as part of a website you visit.
    The feature makes it possible for us to block top level domains or content inside a website coming from another domain.

    The "It even helps protect you if the website itself is infected by malware." section is a mistake by our content writer and is in the process of being deleted.

    Our database is compiled as described in the above section. It stands out because this is our area of focus and thus we lead the area to our knowledge. As an example again, we are as far as we know the only company to successfully have reverse engineered the Cryptolocker malware thus knowing how it operates and which servers it uses. Therefore we are able to block encryption key downloads from their servers to an infected client even though the malware itself might not be detected due to morphing.


    We assume you mean Host Intrusion Prevention System.

    Heimdal looks to find malware which is not yet known on signature, due to mutations, but which is detectable on behavioral and communication patterns instead. We don’t focus as broad as an AV solution would, but instead focus intensely on making sure that we find as much banking and data stealing malware as possible.
    Ie. The really nasty malware which won’t hit your file system and infect it, but which will instead try to steal your data or financial means. We specialize in malware which typically has a low AV detection rate.

    Thanks a lot for the questions and feedback.
     
Loading...
Thread Status:
Not open for further replies.