Why Ransomware Gangs Love the Healthcare Industry
Posted on by Zuly GonzalezCategories Computer Security, Security, Web SecurityLeave a comment on Why Ransomware Gangs Love the Healthcare Industry

Ransomware Costs Healthcare MillionsRansomware. It’s the latest buzzword, and everyone is talking about it, especially in healthcare.

Ransomware has become increasingly prevalent over the last year because it’s been so successful for the bad guys. According to the FBI, cyber criminals are on pace to collect $1 billion from ransomware payments in 2016. And data breach response insurance provider, Beazley, projects ransomware attacks will grow 670% from 2014 to 2016. That’s insane!

The statistics for the healthcare industry are even grimmer. Healthcare is the most breached industry. It sees 340% more security incidents and attacks than the average industry, and is more than 200% more likely to encounter data theft. Healthcare is 4 times more likely to be impacted by advanced malware than any other industry, and is 4.5 times more likely to be impacted by ransomware. And healthcare is 74% more likely to be impacted by phishing attacks than any other sector.

The Impact of Ransomware on Healthcare

A successful breach on a healthcare organization can mean:

  1. the loss of money,
  2. the loss of brand reputation,
  3. the loss of Protected Health Information (PHI), and sadly
  4. the potential loss of life.

According to the Ponemon Institute’s 2015 Cost of Data Breach Study, the healthcare industry has the highest cost per record stolen of any industry at $363 per stolen record.

Unique to the healthcare industry, the impact of malware isn’t just a matter of losing money. As dramatic as it may sound, people’s lives are at stake. What happens if a hospital’s systems are down because of malware or a ransomware attack, and they can’t provide emergency services to a patient? Could that patient lose their life? Or could the delay in service cause additional health complications for that patient?

As an example, when MedStar was recently locked out of their systems as a result of a ransomware attack, they were unable to provide radiation treatment to cancer patients for several days. This is serious!

What Makes Healthcare a Prime Target

There are 3 main reasons why the healthcare sector is targeted so much by cyber criminals.

  1. Healthcare records contain the most valuable information. The data healthcare organizations store on patients includes personal identities and medical histories, which makes it a very complete data set. This is a goldmine for identity thieves. This is why healthcare records are about 10 times more valuable than credit card details on the black market.
  2. Healthcare data doesn’t change. Unlike other types of data cyber criminals steal, patient data stored by healthcare organizations can’t be easily changed. If your credit card company gets breached, you can easily change your username and password, and get a new credit card number. No big deal. But if your hospital gets breached, you can’t just go get a new social security number. Compromised health information can haunt you for a lifetime.
  3. Healthcare organizations don’t prioritize security. Because the healthcare sector in general hasn’t kept up-to-date with modern security practices like other industries have, attacks on them are more likely to be successful. If you compare healthcare to the financial industry, for example, the financial industry has devoted so many resources to protecting their data that attackers would rather focus on softer targets, like healthcare.

Luckily, Light Point Security’s isolated web browser can protect healthcare organizations from ransomware and other web-based malware. Our Full Isolation technology is the strongest in the industry, and offers the best user experience. Contact us today to learn how we can keep your data safe.

Tech Faceplant: Dropbox Infinite
Posted on by Beau AdkinsCategories Computer Security, Opinion, SecurityLeave a comment on Tech Faceplant: Dropbox Infinite

Dropbox Project InfiniteLast month, Dropbox pulled back the curtains on their next new major feature, titled “Dropbox Infinite”. However, the details about how they were going to implement this feature left the majority of the audience dumbfounded. This is another one of those occasions where tech companies make a decision against the outcries of their customers, and even in the face of that backlash, just chug happily along.

Dropbox Infinite sounds like a pretty cool idea. It would make your Dropbox storage area appear as its own drive in your OS. It’s an idea that few people would complain about. However, when Dropbox revealed that they would implement this with kernel mode extensions, people’s heads started exploding.

By implementing this in the kernel, it puts the user’s system security at much higher risk than if it were implemented in user-mode. When code runs in the kernel, it has complete system access. It can read, write, or delete any file. If malware gets a foothold in your computer’s kernel, then it’s no longer your computer. Any programming mistake in the kernel means the whole system crashes (the infamous Blue Screen of Death). For these reasons, users should be wary of every piece of code they allow to run there. A product like Dropbox, used to manage remote shared file backups, seems like a poor candidate for kernel level code. It would be like Microsoft announcing the next version of Internet Explorer will run primarily in the kernel. It would be the worst idea in the history of computing.

The Dropbox article mentioned an open-source project called FUSE, which could have been used to implement this in user-mode. But they scrapped that idea because it incurred an extra kernel-mode context switch which has performance implications. Like a commenter observed, the performance of a context switch is practically nonexistent compared to the cost of performing network operations with the Dropbox servers.

The article received numerous comments, which were mostly negative. A common theme in those comments was the hope that this feature was optional. Dropbox never clarified if this was mandatory or not. If they make it mandatory, it will be an enormous faceplant. It’s quite obvious that the users are not ready for it. Maybe one day they will be, but not today. Forcing it on users now will only hurt Dropbox.

Sadly, this sort of thing happens all the time. Tech companies come up with an idea that they believe their users will go gaga over. But when they announce it, it is met with vitriol. Instead of just admitting a mistake and scrapping the idea, they double down, and shove it down their users’ throats anyway. Think Windows Metro or Chrome removing support for plugins. Listen to your customers. If you announce a new product change that causes your customers to threaten to leave, its not too late to go back to the drawing board.

Light Point Security CEO Discusses Cybersecurity and Terrorism Prevention
Posted on by Beau AdkinsCategories Computer Security, Opinion, SecurityLeave a comment on Light Point Security CEO Discusses Cybersecurity and Terrorism Prevention

Zuly Gonzalez discusses cybersecurity and terrorismLight Point Security CEO, Zuly Gonzalez, was interviewed on the Emmy Award winning Live TV show Fresh Outlook, which aired on Saturday April 2, 2016 at 2pm ET. Fresh Outlook is a weekly talk show that airs every Saturday Live, and examines a variety of topics and current events.

Zuly discussed Apple vs the FBI, encryption, terrorism, and how to protect yourself from cyber threats, among other topics. For example, she was asked why if less skilled adversaries are able to hack into devices, does the FBI with all of the resources at their disposal have such a hard time getting into the encrypted iPhone of one of the San Bernardino terrorists. Zuly talked about how not all things are equal and that a combination of skill level and protection mechanisms must be taken into account when comparing successful and unsuccessful attacks. She also discussed the importance of the data being protected and how consumers should also value their data. Zuly also touched on the irony of Apple asking the FBI for help in strengthening their protections.

It was an informative segment with several other security experts on the panel. The segment is below for your viewing pleasure.

Two Ways Google Chrome Sacrifices Security in the Name of Speed
Posted on by Beau AdkinsCategories Computer Security, Security, Web SecurityLeave a comment on Two Ways Google Chrome Sacrifices Security in the Name of Speed

Google ChromeGoogle Chrome is now the most popular web browser in the world, with an estimated 45% of all website views. Google claims that security is a top priority, which is why they push frequent, automatic updates and use a sandbox. But an even higher priority for Google is speed.

Sometimes they need to make the choice between speed and security, and this article lists two cases where they chose a minimal speed improvement at the expense of introducing a much larger security risk.


Prerendering is a technology used in Chrome that can make pages appear to load faster. For example, if you browse to http://example1.com and that page includes a link tag like “<link rel=”prerender” href=”http://example2.com”>”, Chrome will automatically and silently load example2.com in the background while you are viewing example1.com. The hope is that the next link you click will be to example2.com, so the browser can display it instantly, making things seem faster.

The most likely place you see this feature in use is on google.com. Based on a user’s search terms, they may decide there is a very high likelihood that they can anticipate which link the user will click next. In that case, they can mark that link to be prerendered, so the page appears to load faster.

Google Chrome itself can also decide to prerender pages. If you start typing “reddit” into the URL bar, there is a decent chance that Chrome will begin prerendering reddit.com in the hopes that is what you were in the process of typing.

What’s so Bad About Prerendering?

  1. Exposure to malware: When a page is prerendered, it has limitations. It can’t initiate downloads, or play audio. But it can execute scripts, and that is all that is needed for a malicious site to infect your computer. Because of prerendering, you can be infected by a site just because a link to it appears in a Google search results page, or you typed something similar to it in the Chrome address bar. You don’t even need to visit the page anymore.
  2. Loss of privacy: When Chrome prerenders a page, it exposes your IP address and browser information to the website. For users performing sensitive online research, this can be a big deal. Some users need to learn about a company or organization without tipping their target off about it. Because of prerendering, just Googling the name of the target will likely expose them.

How to Turn Off Chrome Prerendering

  1. Open the Chrome Settings by clicking the 3 horizontal lines icon in the top-right of Chrome and choose “Settings”.
  2. Scroll to the bottom and click “Show advanced settings”.
  3. Under “Privacy”, uncheck the box labeled “Prefetch resources to load pages more quickly”.

Disable Chrome Prerendering

Automatic Downloads

By default, Google Chrome is configured to automatically download any file that a website decides to push to you. In the interest of speed, instead of asking you if you want to accept a download, it will happily download it immediately, into the “Downloads” folder of your user profile.

The obvious threat here is that malware can get downloaded without your permission. But just downloading a malicious file isn’t actually enough to infect you. You have to execute it somehow.

After the download completes, it will show up in a box in the bottom left corner of Chrome, until the user dismisses it. If the user clicks the box for a download, Chrome will open that file. If this file is malicious, there is a good chance you will be infected.

However, this attack method is weak because it requires the user to decide to click that box. A more sinister approach involves the use of DLL hijacking. When a Windows executable loads, it often also loads a set of DLL files that it requires. These DLLs can be specified with an absolute path (like C:\Windows\System32\user32.dll) or with just a name (like user32.dll). When the DLL is specified with just a name, Windows will search for a DLL with the right name across a few different places. The first place it looks is the same directory as the executable.

An attacker can then create a malicious DLL with the same name as a common Windows DLL, like user32.dll, kernel32.dll, or UxTheme.dll. Chrome will happily automatically download this DLL into the user’s Downloads directory. After that, it’s just a matter of time before the user downloads a legitimate executable (into their Downloads directory) that doesn’t specify an absolute path to the DLL, and when the user executes it, the malicious DLL gets loaded and the user is infected.

How to Turn Off Automatic Downloads

  1. Open the Chrome Settings by clicking the 3 horizontal lines icon in the top-right of Chrome and choose “Settings”.
  2. Scroll to the bottom and click “Show advanced settings”.
  3. Under “Downloads”, check the box labeled “Ask where to save each file before downloading”.

Disable Chrome Automatic Downloads

Light Point Web Protects Against Both of These Threats

Light Point Web protects against these, and other security issues commonly seen in web browsers. Learn how our secure remote browser can protect your home or business.

Light Point Web Integrates With Metascan Online to Protect Against Malicious Downloads
Posted on by Beau AdkinsCategories Computer Security, Light Point Security Update, Light Point Web, Security, Web SecurityLeave a comment on Light Point Web Integrates With Metascan Online to Protect Against Malicious Downloads

OPSWAT LogoWe recently added a new feature to Light Point Web that warrants some extra recognition. We have added a server-side integration with OPSWAT’s Metascan Online service to provide yet another best-in-class layer of security for our users.

Metascan Online is a cloud service that can scan files with over 40 anti-virus engines, and do so in a matter of seconds. The fact that Metascan Online uses so many anti-virus engines is important. Just because one anti-virus engine claims that a file is safe, it doesn’t mean it is. It could be safe… or it could just be that this is a newer virus that has not been identified by that anti-virus vendor yet. It is actually common for new malware to only be identified by a small number of the anti-virus engines. With Metascan Online using so many anti-virus engines, we can get a much greater level of confidence that a safe file is indeed safe.

With our integration with Metascan Online, our users will get an extra level of assurance that every file they download is safe without having to wait around for the results. We offer this service for no extra charge for our cloud users.

How Does It Work?

When a user wants to download a file, Light Point Web will ask for their permission. If they say yes, that file will be downloaded to the Light Point Web server. Light Point Web will then ask Metascan Online to scan that file. If it is safe, the file is streamed to the user’s computer and the user is informed of the scan results.

LPS download no threats detected

If, on the other hand, the file is found to be malicious, the download is blocked and a message informs the user why.

LPS download threat detected

This all happens seamlessly to the user, so no extra work is required by the user to get this additional layer of protection.

Coming soon: If a file is found to be malicious, the dialog will also include a link to the scan results so that you can see further details on the threat detected and which engines detected it.

Enterprise Options

For our enterprise customers, we offer a couple of options: Metascan Online or Metascan on-premises. OPSWAT offers both a cloud version and an on-premise version of Metascan. This gives our enterprise customers the flexibility of choosing the option that works best for them.

If you are interested in learning more about how Light Point Web protects you while browsing the web, contact us, or sign up for a free trial to experience worry free web browsing for yourself.

The Weakest Link in Your Company’s Security
Posted on by Joanie NelsonCategories Computer Security, SecurityLeave a comment on The Weakest Link in Your Company’s Security

Employees are the weakest link in your securityAre your employees creating a security risk in your company? Did you know that employees were the second highest cause for data breaches, after criminal attacks? Here are some common ways well-meaning employees can cause data breaches:

1. E-mail

People are quick to trust banks, universities, and friends, and will instinctively want to open the email and click on the link. Even when the mail filter sends the e-mail to the junk/spam folder, employees have been known to open that email anyway, because the subject line has caught their interest.

Not only are employees targets, but contractors working for companies are targets as well. It was recently noted that the massive Target breach last year was initiated through a phishing e-mail to Target contractors working for an HVAC company. This incident is proof that when employees open emails, not only is your company data at risk, but your customer data is as well.

2. Links

Shortened links can fool anyone, especially when it seems it’s from a trusted source, such as a news source. It’s always a good idea for employees to expand the shortened link to see where it’s taking them, before clicking on the link.

3. Ads

Online advertising is growing every year, and with that growth comes more malware. How easy is it to accidentally click on an ad? It’s very easy! I did this two weeks ago on accident. I have been a Mac user for 6 years and my previous time using Windows had been nearly erased from my memory. I felt clumsy bumping around that operating system. When I went to go download an open source program for a class, I hit download. And then I hit run. As I was watching it load, within 15 seconds I knew this was not the program I needed, but it was too late. I had loaded mysearchdial and it was proud to be on my computer. It didn’t want to leave. Luckily, it was just that and nothing more nefarious.

On my Mac, the ad above the real download link was something unrelated to the page. I could easily tell the difference.

Ad on my Mac. Notice it’s a Google link. An obvious Google link.
Ad on Windows.

On Windows, I was easily fooled. Had I paid more attention, I would have noticed it was an ad. If I had squinted my eyes more I would have seen the word advertisement. Imagine how easy it is for an employee to do this and possibly cause a major issue for their company, not to mention their customers.

What Can a Business Do to Protect Against Employee Missteps?

Security training and awareness for employees can go a long way. Some may not know to leave the junk mail in the junk mail folder. They may not be able to help their curiosity because the subject line or link is just too enticing. If it seems too good to be true, you’re probably right. A simple training meeting could bring the needed security awareness to the company and possibly mitigate employee negligence.

However, while security awareness training is helpful, it’s not enough on its own. The hard truth is that your employees will never care as much about your company’s security as you do. If they receive an especially enticing link, and even if they have been trained to ignore it, they may still feel it’s worth the risk to take a quick peek.

And in a perfect world where all your employees followed all of their training perfectly, they can still be putting your company’s security at risk. For example, earlier I stated that shortened links should be expanded before clicking. What if it points to a well-known, reputable news site? Their training would say it’s safe to click. But even the most well-known, most reputable sites can and have been hacked to spread malware to its visitors. This is a problem that goes way beyond training and trust.

This is the problem that we solve. When employees use Light Point Web, your security no longer depends on training and trust. Light Point Web can allow your employees to browse the web without any sites reaching your computers. So the most dangerous site in the world poses no more threat than the safest site in the world. You can set policies to say what types of files employees can download, from what sources, or stop them from downloading anything at all. Clicking links in email will automatically launch it in Light Point Web, because it integrates seamlessly into your standard browsers.

If you are interested in learning more about how Light Point Web can protect your business, contact us.

As cyber attacks multiply, so do insurance policies that cover damages
Posted on by Zuly GonzalezCategories Computer Security, Light Point Security Update, SecurityLeave a comment on As cyber attacks multiply, so do insurance policies that cover damages

Baltimore Business Journal interviews Zuly GonzalezRyan McDonald, the Digital Producer for the Baltimore Business Journal, recently interviewed me for the publication’s latest cybersecurity story, “As cyber attacks multiply, so do insurance policies that cover damages,” where he discusses the pros and cons of purchasing cybersecurity insurance and how to go about it. I thought it was worth sharing here on our blog in case any of you missed it. Below is an excerpt from the story.


In the wake of high-profile security breaches that have affected major companies and universities, a growing number of firms are pushing a relatively new product for businesses: cyber security insurance.

American International Group Inc. is the latest big name to introduce a new offering. AIG this week announced it has started offering cyber security insurance to cover property damage and bodily injury.

“More insurance companies are jumping on that bandwagon and starting to offer cyber insurance,” Zuly Gonzalez, CEO of Baltimore-based cyber firm Light Point Security said.

The question for businesses is whether such policies are worth the money.

While purchasing cyber insurance could help your business alleviate some of the damages associated with a possible security breach, it may not be the right fit for every business owner.

“You have to make a decision on where you fit in terms of your risk profile,” Gonzalez said.

Companies should take the time to research the costs and benefits of cyber insurance, she said

You can read the full story on the Baltimore Business Journal’s website here.

How to Browse the Web Safe From Viruses for Free
Posted on by Beau AdkinsCategories Computer Security, Light Point Web, Resources, Security, Web SecurityLeave a comment on How to Browse the Web Safe From Viruses for Free

VirtualBoxToday, I’m going to walk you through the process of being able to browse the web in complete safety. The title of this post explicitly mentions “viruses”, but I’m using this as a more well-known moniker for the term “malware”. Malware is a more generic term which encompasses viruses, spyware, trojans, etc.

What I mean by “complete safety”, is that you do not have to worry about malware infecting your computer. It does not mean you are safe from being tricked into giving your banking passwords to a site that is only pretending to be your bank.

Step 1. Set up VirtualBox

The method I will be describing in this post relies on Virtual Machines for security. Think of a virtual machine as a fake computer inside your real computer. By using a virtual machine, you can perform tasks on a computer in a way that is completely isolated from your real computer. With this, you can browse the web inside the virtual machine, so that if you stumble on some malware, only the virtual machine will be infected. The virtual machine management software will also allow you to rollback all changes made to a virtual machine to a known state. Using these abilities correctly will allow you to browse in safety.

The first step is to install a virtual machine management software package, also known as a “hypervisor”. There are many different options for this, but I’m going to recommend VirtualBox. You can download and execute the installer from here. Just click the “VirtualBox x.x.x for Windows hosts” link (assuming you are using Windows). Once it is downloaded, just run the installer.

Step 2. Download Your Guest OS

Next, you will need an Operating System to use inside the Virtual Machine. You could install Windows as the Operating System, but you would need to buy a license. For a free alternative, I suggest installing Ubuntu. Ubuntu is a Linux-based Operating System. It is very high quality, and completely free.

When you download Ubuntu, you do not get an installer. Instead you get an “ISO” file. An ISO file is a bit-for-bit copy of a CD that you would use to install it on another computer. Its a rather large file. To start the download, go here and choose your version (either is fine). You need to remember where you download this file to.

Step 3. Set up Your Virtual Machine

Now that you have VirtualBox installed and an OS ISO file ready, you can create your first Virtual Machine. Start up VirtualBox (you probably have a shortcut on your desktop). Click the button at the top labeled “New”. Give your Virtual Machine a name, for example, “Browsing Machine”. Choose “Linux” as the Operating System, and the Version as “Ubuntu”.

Next, you need to select how much RAM to give this Virtual Machine. I would recommend 1 Gig at the least. Enter “1024” in the box labeled “MB”. This means 1024 Megabytes, which is equal to 1 Gigabyte. Note: you need to have more RAM than this on your computer. If you do not have more than a Gig of RAM on your computer, then unfortunately, you probably do not have system requirements to use virtual machines.

On the next screen, leave the default options (“Boot Hard Disk”, and “Create new hard disk”). Continue on to the “Hard Disk Storage Type” screen. Leave the default option of “Dynamically expanding storage”. On the next screen, leave the defaults in place and continue on.

VirtualBox SettingsOnce you get through all the options mentioned above, you will be returned to the main VirtualBox screen, but now you will see a new entry for your Virtual Machine in the pane on the left. Click on it to select it, and then click the “Settings” button at the top. In the settings dialog, select “Storage” in the left hand pane.

VirtualBox Settings Highlighted

In the center of the screen, click on the disk image labeled “Empty” under the “IDE Controller” entry. Next, on the right of the screen, click the disk icon next to the “CD/DVD Drive: IDE Secondary Master” entry, and in the popup, select “Choose a virtual CD/DVD disk file”. A file select dialog will appear. In this dialog, select the ISO file you downloaded in Step 2. Now click the “OK” button at the bottom of the settings dialog.

You are now back to the main VirtualBox screen again. You can now click the “Start” button at the top, to start your virtual machine. At this point a blank Virtual Machine will start, and it will begin the install process for your downloaded OS. It will ask you a lot of setup questions that I will not walk-through here.

When the Ubuntu setup process is finished it will tell you to eject the CD from the drive before continuing. Because this is a virtual machine attached to an ISO file, this is not possible. Ignore this, and keep going. You will see the virtual machine shut down, and then start up again. Once it has began starting again, click the “X” at the top right of the Virtual Machine’s window to close it. It will ask you how you want to close it. Choose “Power off the machine” and click “OK”. The virtual machine is now shut down.

VirtualBox Settings With ISO Mounted and Highlighted

Now that the virtual machine is off, we need to detach the ISO image we have set previously. Return to the settings screen, and on the left, select “Storage” as you had down previously. Next select the entry below the “IDE Controller” in the center. Finally, on the right, click the disk icon next to “CD/DVD Drive: IDE Secondary Master” and choose “Remove disk from virtual drive”. Finally, click “OK” at the bottom of the settings screen.

Step 4. Create a Restore Point

At this point, your Virtual Machine is a totally fresh install. You may want to take a moment to get the Virtual Machine customized to your liking. After you have done so, you should make a restore point, also called a “snap shot”. VirtualBox can use a snap shot to restore your virtual machine to a known state. For example, if you stumble upon an infected website, your virtual machine can become infected as well. But, you can then revert your virtual machine to its state from before the infection. It is like it never happened.

First, start your virtual machine using the “Start” button at the top of the VirtualBox window. Once your Virtual Machine starts, take a moment to do any one time customizations, such as installing a browser of your choice, upgrading software, etc. Once you are finished, shut the machine back down.

Back on the main VirtualBox window, on the upper right hand side of the screen, you will see an icon that looks like a camera, labeled “Snapshots”. Click this button to show you the snap shots. You will see an entry labled “Current State”. Just above it is another camera icon. Click it to take a snap shot. A dialog will appear that will ask for a name and description of this snap shot. Enter something useful meaningful to you, so you know what you have changed. Click “OK” to take the snap shot.

Once the snap shot is taken, you will see an entry with the name you choose for the snapshot, with a “Current State” entry below it. You now have your restore point.

Step 5. Browse the Web

You can now start your Virtual Machine and use it to browse the web whenever you want. The websites you visit in the virtual machine are isolated and separated from your actual computer. You may have some problems downloading files or printing things from within the virtual machine, so some tasks may have to be done on your real computer.

Step 6. Restore Your Snap Shot

Whenever you are done browsing, you should shutdown the virtual machine, and restore it to the snapshot created in step 4. The easiest way to do this is to simply click the “X” in the top right of the Virtual Machine to close the window. It will ask you how you want to close it. Choose “Power off the machine”, and check the box labeled “Restore current snapshot…”. This will turn off the Virtual Machine, and throw away all the changes you made since the snapshot was created.

Drawbacks of Using This Method

While this is an effective way to browse the web safely, it is not entirely painless. First off, using a virtual machine takes an enormous amount of resources. While the Virtual Machine is on, it will consume a large amount of memory, and maybe a lot of processing power.

Additionally, it can be frustrating to have your changes wiped out all the time. For example, if you add a bookmark to your browser, it will be lost when you revert.

It can also be annoying that it takes so much time to start the virtual machine. If you want to browse the web right now, waiting a minute or two for a virtual machine to start is painful.

Another Option

The method described above is basically the technology behind Light Point Web, except we do our best to shield you from the downsides just mentioned.

For example, we run the virtual machine on our computers, so your computer is not bogged down with it. We also integrate into your existing browser, so you are not prevented from changing settings in your browser or saving bookmarks.

Finally, our Virtual Machines are always running, so you do not need to wait for one to start when you are ready to browse.

If you are concerned about browser security, give this method a try. It is free, but it does take some time and effort. If you would rather someone else handle the work and headaches, give Light Point Web a try. We offer a free trial, so what do you have to lose?

Does Light Point Security Track Your Browsing? Absolutely Not!
Posted on by Zuly GonzalezCategories Computer Security, Light Point WebLeave a comment on Does Light Point Security Track Your Browsing? Absolutely Not!
No Red Sign
Image credit: net_efekt

No. Nope. N O.

We absolutely do not track our users’ activities online. In fact, that goes totally against what we stand for – to protect you while on the web.

I get this question a lot, so I’d like to clarify this in a blog post.

Some people I talk to don’t come right out and ask, but they do hint at it. The last such conversation I had was with a few male friends of mine. We were talking about Light Point Web, and as it often happens, it led to the topic of porn. We joked about how they could use Light Point Web to look at porn without getting viruses, but they quickly deflect it. As we continued to talk it became clear to me that they were afraid that Light Point Web would track their online activity, and that I would know they were looking at porn…something they didn’t want to happen.

What Does Light Point Web Track?

I want to be crystal clear, we do not track our users’ browsing activities. We make money by charging a subscription fee to use our service, not by selling your information.

We do, however, log one small thing. When a user attempts to connect to Light Point Web, our server will log the outcome of that attempt. This is the one and only time Light Point Web logs something.

During a connection attempt, the user’s computer will send the user’s username and password to the server.  One of three possible outcomes will be logged:

  1. If the server fails to read this information from the user, a parse error is logged, which will contain the user’s IP address.
  2. If there are no parse errors, the server can attempt to complete the connection. If this fails for any reason, this failure is logged with the user’s username and the reason for the failure. Examples include: incorrect username/password, no active subscription for the user, no available servers.
  3. The last possible outcome is a successful connection. In this case, we just log that a successful connection occurred with the user’s username.

Neither a user’s password, nor any browsing information is ever logged or exposed to human eyes.

Additionally, our user website, lightpointweb.com, will log unsuccessful log in attempts along with the username used, and IP address of the incoming connection. This is done to stop brute force password guessing attacks.

Why Log Connection Attempts?

The reason for logging this small bit of data is twofold.

  • Provide better customer support. If a customer contacts us with problems related to logging into his/her account, we can work to identify what the problem is, and fix it. And in general, it’s a way for us to detect if we are having critical failures on our end that need to be fixed right away.
  • Prevent unauthorized access to our service. By logging failed login attempts we can detect if someone is trying to brute force their way into fraudulently using our service. It’s also a way to detect Denial of Service attacks.

We Want to Protect You

We are here for you. We’re doing everything we can to protect you while on the web, and that includes your privacy.

You may not be aware of it, but every time you visit a website you are unknowingly trusting them with your privacy. You are trusting them not to track you. Unfortunately, many businesses make money by gathering, and sometimes selling, this data. Researchers at U.C. Berkeley recently discovered that popular websites like Hulu, Spotify, GigaOm, Etsy, and AOL’s About.me are using a tracking service that can’t be evaded – even when users block cookies, turn off storage in Flash, or use browsers’ incognito functions.

Not only does Light Point Web not track you, but it also prevents those other sites from tracking you.

I hope this clears up any privacy concerns about Light Point Web. If you have any unanswered questions, please contact us.



National Cyber Security Awareness Month Is Here
Posted on by Zuly GonzalezCategories Computer Security, Events, Resources, Security, Web SecurityLeave a comment on National Cyber Security Awareness Month Is Here

National Cybersecurity Awareness Month LogoOctober is National Cyber Security Awareness Month (NCAM). NCAM is sponsored by the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). October 2011 marks the eighth year NCAM has been organized.

Through a series of events across the country, National Cyber Security Awareness Month engages public and private sector partners to raise awareness and educate the public about cybersecurity. A listing of the events can be found here. They will also feature a different cybersecurity issue each week in October.

  • Week One: Emphasizes general cybersecurity awareness with events highlighting the Stop.Think.Connect. Campaign.
  • Week Two: Showcases the urgent need to develop cyber education programs to train the next generation cyber workforce.
  • Week Three: Focuses on national and local efforts to prevent identity theft and other cybercrimes.
  • Week Four: Highlights strategies small and medium sized business owners can use to bolster their own cybersecurity defenses.

We encourage everyone to become involved and participate in local NCAM events, but remember that Internet safety and security doesn’t end in October. You should practice Internet security all yearlong.

And what better way to kick off National Cyber Security Awareness Month than to sign-up for a free trial of Light Point Web, our malware protection software that lets you safely browse the web from the cloud.