KeePass Password Safe

Are you looking for a free and easy to use password safe? Be sure to check out KeePass. It’s a great open source product that will place all of your passwords in a database which is locked with a secure key or key file.

The result? You only need to remember one password instead of hundreds.

Some key features include:

  • Full database encryption; not just the passwords
  • Portability- It can be placed on a USB stick
  • Multiple key support- A key file can be used (which can be carried with you), a password can be used, or a combination of both!
  • It’s not just for Windows. Ports are available for Linux, OS X, Blackberry, PalmOS, and many more

Want to learn more? Check out their site at

Project Honey Pot Finds Malware – And So Does MicroSolved’s HoneyPoint #Security Server

Project Honey Pot, a non-profit grassroots community of IT professionals founded in 2004 to capture and analyze malicious traffic, just captured its one billionth spam message. It is marking the opportunity by releasing its findings. They discovered that the number of computers co-opted as part of botnet operations has experienced a yearly average increase of 378%.

“Fortunately, Project Honey Pot’s coverage of active botnets has grown over time at an even faster rate. In 2006, we saw less than 20% of the active bots on any given day. Today we see more than 80%”, the Project said. Project Honey Pot is on a quest to find where spammers hide. They used the fact that botnet computers are primarily utilized for sending spam to do data analysis. It took the number of infected PCs in a country, divided by the number of Project Honey Pot members in the country, to create a ratio showing how friendly that country was to spam originating within its borders.

The Project also found that different types of spam campaign used harvested messages with varying speed. Product-based spam campaigns would build up a collection of harvested addresses for as long as a month before mailing them. On the other hand, they found that ‘fraud’ spammers who commit phishing scams, tended to send to and discard harvested addresses almost immediately.

We’re aware of these issues and have a potent weapon against such threats. Our HoneyPoint Security Server has been praised by our clients in helping them by providing more direct, targeted information on threats than anything they’ve experienced. HoneyPoint Security Server was born out of a three year initiative to break the attacker cycle. Its power and flexibility come from the underlying realization that attackers have a need for confidentiality, integrity and availability too. HoneyPoint leverages these needs and turns the tables on attackers at every opportunity.

While HoneyPoints seek to remove the confidentiality of attackers, we wanted to go beyond that basic approach. To accomplish this, MSI invented HornetPoints and HoneyPoint Trojans. HornetPoints also emulate typical services, but when they are probed, they don’t just alert – they engage in a patent- pending technique called “defensive fuzzing” that actively tampers with the attack results. In many cases, this actually breaks attacker tools and confuses all but the most focused of cyber-criminals.

HoneyPoint Trojans also make assaults on attacker integrity. These common appearing documents and files look just like any other juicy bits of target data, except these files hold a special secret – a sting. HoneyPoint Trojans alert security teams when they are interacted with, allowing you to find the source of illicit behavior and even track who is doing what as the Trojan is passed through the attacker underground. Imagine the impact that HoneyPoint Trojans have when attackers are afraid to read captured documents, unable to sort out what is real and what is a trap.

HoneyPoint Security Server can even target attacker availability. Using the incredibly flexible plugin architecture, it can easily be integrated with existing defense-in-depth tools such as routers, switches, firewalls and SEIM products. It can alert administrators for human responses or be a part of a fully automated security solution. Many of our clients depend on HoneyPoints and HornetPoints to drastically reduce their risk levels. Wouldn’t you love to stop wasting time by chasing ghosts and instead chase the real thing? Why not contact us today and let us help you do the same? Hackers aren’t waiting. Neither should you.

Creative Uses of Video for Quick and Easy Awareness

Are you looking for an effective mechanism to help your staff stay alert against laptop theft during the holidays and such? Here is a quick suggestion.

Take an iPhone, iPod or other video and shoot a quick 30 second piece about a laptop getting stolen. Have your own team star in it. Keep it quick, light and humorous. Maybe show your CEO in a panic when she realizes her laptop is missing, or a shot of your IT manager in a hoodie grabbing a laptop from the lunchroom and running. Make it over the top and funny, then close with a serious message about how quickly laptops can be stolen, how you should never leave them in a car or such without locking them in the trunk and other stuff you want the users to know.

Close with how they should tell you if they have lost a laptop and who they should call.

That’s it. Keep it home video looking, don’t worry about production quality or any of that. Quick and dirty videos are the way of the new web, so think more YouTube than MGM.

Now, send your video out, or a link to it, and let your employees make suggestions for future episodes. Everyone who submits a suggestion gets entered into a drawing for movie tickets. Easy, affordable and effective.

Who knows, you may not get an Oscar, but you might just save yourself from a data breach. Either way, it will be fun and educational.

Enjoy and don’t hesitate to call us if you need help with the video, ideas or need more information about laptop encryption or other security measures. We are here to help and can get you through most laptop security issues with ease!

5 Tips to Secure Mobile Devices #security

Security with mobile devices, starts before they are added to an organization’s assets. Although it may take extra time, it will pay off in the long run if an organization researches mobile devices before purchasing. Not all devices are equal. Some, such as MP3 players, are built for a general consumer base and won’t have such security safeguards as a “smart phone.”

Here are some tips that can help decrease the possibility of a security breach:

1. Use encryption and authentication features. Create policies that will ensure encryption features are accessed and launched. Many people do not use the password function but what would happen if a smartphone fell into a stranger’s hands? Why make it easy for someone to access private data? Set up a password.

2. Create remote wipe capabilities and set up a “lost item” process. If a mobile device is lost or stolen, the IT department could remotely remove any sensitive information. Not everyone turns in a lost cell phone. Remotely wiping it of sales forecasts or strategy diagrams will keep your organization’s plans safe. Having a quick hotline for lost items will help IT staff confront a problem quickly and efficiently.

3. Be careful about third-party applications. Although some seem to be harmless, they can possibly be a back-door for attackers to access your internal network. By limiting unsigned third-party applications, an organization can close one more opportunity for data theft.

4. Create unique firewall policies. Those who have smartphones do not need to have access to all the databases in the network. Only allow access to the data that would most commonly be used.

5. Start considering software. As smartphones become more common, hackers will start to target them more often. Adding precautions such as equipping devices with intrusion prevention software is another good way to provide security. And although anti-virus software for smartphones aren’t common, it’s a good idea to keep watching for it. This type of software is bound to develop and be plentiful as more organizations use highly sophisticated smartphones, which are really small computing platforms.

IT managers may be reluctant to tackle the issue of securing mobile devices, they realize mobile devices aren’t going anywhere. Supporting a limited number of mobile devices may be the answer. Creating and enforcing a consistent review process, together with awareness programs, will help keep your company’s business, your business.

HoneyPoint a Semi-Finalist for Innovation Awards in Columbus


MSI is proud to announce their nomination in the annual Innovation Awards, sponsored by TechColumbus, which recognizes outstanding achievements in technology leadership and innovation. HoneyPoint, MicroSolved’s flagship software, has been nominated for Outstanding Product for companies with 50 employees or less.

On Thursday, February 4, 2010 the annual TechColumbus Innovation Awards will showcase Central Ohio’s many achievements by honoring its top innovators. It is a night of networking, prestige, and celebration.  From a record number of nominees, winners in 13 award categories will be announced to an audience of 1,000+ attendees.

MicroSolved, Inc. is proud to be a Semi-Finalist in the Outstanding Product category. “It is an honor to be a Semi-Finalist for this award and to be recognized for our innovations. We look forward to the event and being surrounded by our peers, colleagues and mentors to learn if we will be named Outstanding Product,” commented Brent Huston, CEO and Security Evangelist.

Huston developed HoneyPoint Security Server three years ago, motivated by a keen desire to break the attacker cycle. Huston concludes, “Attackers like to scan for security holes. HoneyPoint lies in wait and traps the attacker in the act!”

The TechColumbus Innovation Awards celebrate the spirit of innovation by recognizing outstanding technology achievements in Central Ohio. This prestigious evening showcases the region’s advancements and promising future. For more information, visit or For more information on HoneyPoint, please visit

Don’t Forget Hacktivism as a Threat to Model

I loved this story. The idea that some “hackers” hack for political or social causes is not new. This idea stems back several years and has evolved from simple web defacements with social and political messages to the “new breed” of information theft, data disclosure and possibly even sabotage to further one’s views.

Today, all of the experts in the security field, myself included spend a great deal of time teaching people that the primary data theft threat is more organized crime than teenage vandalism. But, that said, we certainly can’t forget the idea that hacktivism is still alive and well. In fact, given the explosive growth of the Internet, the continually expanding dependence on technology for everyday life and the common availability of so much data and access, hacktivism is likely to gain in popularity, not shrink.

That brings us to a huge issue. How do we know where some of the data that hacktivists would be interested in lives? Given that people are involved today in a myriad of social activities, use of social networks and such, how do we know who might have information that a hacktivist would want and who doesn’t? The answer of course, is that we have to assume that someone in our organization might have data that is relevant to this threat, so we have to account for it when we create our threat models. If we happen to be a philanthropic organization, a government agency or a federal group, we definitely can’t overlook hacktivism as a threat, because our very existence yields reputational risk for us and a reputational trophy for many hacktivists if they make us a poster child.

While the hacktivism threat model is likely more one of opportunistic nature than dedicated, focused attacks against a given organization, that may not always hold true. One day it may not be all about what data YOU have and hold, but what data the people who WORK FOR YOU have and what roles they play in their personal lives. While this is not necessarily true today, the idea that hacktivists might one day target individuals to achieve social goals is not out of the question.

So, all of that said, how much thought have you given hacktivism? Does your risk assessment cover that as a threat? Have you done any threat models around politically or socially motivated attackers? If not, it might be a good idea to take a look at this threat vector. Their aims and goals may be different than what you had in mind when you last updated your threat models.