Sunday, September 25, 2016

BLOCKDOS To Attend GITEX Dubai 2016.

Any company with an online network, website or server is subject to hacking or other malicious attacks. These web attacks can jeopardize confidential personal and financial data and can also cripple a company’s online presence. The end result usually involves a company’s loss of money, time and/or credibility. Fortunately, these losses and disruptions can be avoided if the right safety precautions are implemented. Every company should prioritize online security and its management should be left in the capable hands of specialists.  

Located in Mississauga, Ontario, BLOCKDOS is one of the Leading Canadian Security company that offer comprehensive online security services. BLOCKDOS not only mitigates any attacks on a company’s network, but also takes the necessary measures to prevent such attacks from happening in the first place. Through BLOCKDOS, a company can be confident that their entire network is securely hosted and set up to only allow appropriate traffic to come through. BLOCKDOS offers Distributed Denial of Service (DDoS) attacks prevention, Malware prevention, Web Application Firewall, Content Delivery Network, Secure Hosting and more.

For over a decade, many Fortune 500 companies, Financial entities and eCommerce portals around the world have trusted and depended on BLOCKDOS to protect their online  operations. It has a wide-spread network of support and data centres in several key locations internationally. BLOCKDOS offers unmatched quality, services and features to provide its clients the best online security measures possible.

BLOCKDOS is proud to announce that it will be attending Gitex Dubai (16 Oct - 20 Oct 2016) and are urging attendees to visit its exhibition within the Canadian pavilion. Visitors can learn more about the work BLOCKDOS does to secure and protect the online presence of companies and prevent any attacks on their networks. BLOCKDOS is also pleased to be offering a limited number of free guest passes to those wishing to attend Gitex Dubai. Interested parties are asked to contact BLOCKDOS as soon as possible before all passes are distributed.


BLOCKDOS is one of the leading Canadian Security Firm, established in 2005 as a most Secured Dedicated Hosting & Distributed Denial of Service (DDoS) Mitigation Service provider. We guarantee 99.9% uptime SLA on Enterprise Protection solution. Once your website is on BLOCKDOS, all the traffic will be routed through our global network of high-powered servers that inspect all incoming traffic, keeping hackers out while accelerating your traffic. We provide: DDoS Protection Service, DDoS Protected Dedicated Servers, Remote Proxy Protection, DDoS Protected Virtual Private Server, Content Delivery Network, Web Application Firewall, Monitoring & Malware Detection Service and Vulnerability Scanning.

To learn more, please contact
Awa Kebe, Media Relations
211 Watline Avenue # 208
Mississauga, ON Canada

+1-905-405-8786 | | 1-888-765-7776

Wednesday, May 20, 2015


 Picture Source : Google Images

The ultimate goal of a DDoS attack is to bring down the targeted site by flooding it with fake requests, usually from multiple locations.

Thousands of DDoS attacks take place every day and typically these attacks last for a number of days.

But not all of these attacks take days before they die down. There are also short duration DDoS attacks that only take a few minutes. These short duration attacks have the same modus operandi where attackers coordinate and launch the attack full throttle.

These short duration DDoS attacks are becoming more and more talked about and are happening more often as their frequency has increased in comparison to full blown DDoS attacks that last way longer.

An early trend that has been spotted with these short bursts of DDoS attacks is that apparently they’re carried out primarily to divert site owner’s attention.

In this article, we would like to address what happens when this type of attack targets a site and
possible protections from it.

Recently, a well known bank’s two domains were targeted by these short bursts. It only lasted for a few minutes but consumed a bandwidth at the rate of dozens of gigabytes per second. It was gathered that the first and second attacks were reconnaissance attacks, executed to evaluate which of the two domains was more vulnerable. It was clear that the second domain was more susceptible since it was hit much harder in the third and final attack.

Attackers leverage short-duration attacks to evaluate which companies and organizations are easiest to infiltrate.

One must be prepared for short term as well as longer more conventional DDoS attacks but with the short duration DDoS attack the thing is that you are left with a very small window of reaction time. The best possible protection from it rather than trying to sort it out while it has already begun is to make sure that professional people be made responsible to make sure that it shouldn’t happen in the first place. As a professional DDoS mitigation outfit would certainly take necessary precautions to either stop it in the bud or let least minimum damage occur if any.

Organisations managing multiple web domains must have the ability to centralise incoming data, preferably by working with the same security vendor across all their domains. This enables them to predict attacks by analysing trends and patterns across their sites.

One more advantage of having a professional team of DDoS mitigation experts is that they use data from their various customers in order to predict potential attacks in advance.

DDoS mitigation experts identify the patterns early on while an unsuspecting customer thinks that the attack is over, these experts know that this may actually be a sign for a much larger attack coming through as they prepare for it in advance.

Keeping in view how these new short duration DDoS attacks are forming patterns, new services and tools are being used by DDoS mitigation services as they aggregate attack information from other cases and ultimately predict and avoid a possibly massive attack that is about to come.

Thursday, January 29, 2015


Image Source - The Gamer Headlines

As we had mentioned in our earlier post ‘Gaming the Gamers – DDoS: The Enemy’, anyone receiving a new Xbox One or PlayStation 4 on Christmas morning was likely in for a frustrating first experience with the system, as the PlayStation Network and Xbox Live were both taken down by prolonged distributed denial of service (DDOS) attacks. In addition to that, an 18-year-old UK man had been arrested as part of an investigation into these DDOS attacks that crippled PlayStation and Xbox services over Christmas.

Well, the hacker group Lizard Squad, which claims responsibility for the Xmas blackout on Xbox Live and PSN, has discovered its own network has been hacked.

Lizard Squad's "boot-for-hire" service was compromised, with more than 14,000 names revealed.

Lizard Squad had achieved their objectives after their devastating attacks on the Christmas morning. They were obviously so pleased with their achievement that they announced their ‘boot-for-hire’ service. Basking in the so called glory of the ultimate success of their so called hacking skills Lizard Squad asked people to nominate any website as they will hack it for them. Of course their services would come for a charge, which is a nominal fee for their so called professionalism.

However, Lizard Sqaud was in for a surprise. Their Stresser tool was itself hacked. An unknown entity drilled through the security layers of Lizard Squad and gained access to the data behind their virtual walls. The hacker who hacked the hackers exposed a list of 14,241 who had already signed up for Lizard Squad’s malicious service of carrying out DDoS attacks on unsuspecting victims who were literally sitting ducks at the mercy of these digital mercenaries. Investigative journalist Brian Krebs obtained a copy of the data dump, and noted that few precautions were taken to protect the identity of customers. "All registered usernames and passwords were stored in plain text," he wrote on his personal site.

This information sprung up after the local police at English seaside town of Southport arrested an 18 year old hacker. He was detained under suspicion that he was an active member of the Lizard Squad. The suspect is not only involved apparently in that malicious activity but also according to the web site GameSpot he’s also being held on the charges of ‘Swatting’.

This again reiterates the theory that no matter how smart criminals might think they are, eventually they leave a loop hole through which the law enforcement agencies gain their entry and apprehend the perpetrators. This story also contains important lessons for both the initiators and the victims. Especially so to the victims since it stresses the need of professionals who should take care of any potential DDoS attacks for them and safeguard them from mishaps occurring in the future.

Image source :,85213.html

Reference Links:

Wednesday, January 21, 2015


Xbox and Play Station DDoS Attack
As a gamer would progress to the new level in a game he meets a new more powerful nemesis who’s ready to make our player’s virtual life more and more troublesome and makes it harder for him to progress further in the game. Well, for the gamers of our age, their nemesis is back and this time round it’s armed to the teeth with new weaponry under its sleeve that makes it even the more powerful and harder to defeat. It’s DDoS aiming at gamers.

Anyone receiving a new Xbox One or PlayStation 4 on Christmas morning was likely in for a frustrating first experience with the system, as the PlayStation Network and Xbox Live were both taken down by prolonged distributed denial of service (DDOS) attacks.

In addition to that, an 18-year-old UK man has been arrested as part of an investigation into the recent DDOS attacks that crippled PlayStation and Xbox services over Christmas.

Nowadays gaming is not just limited to recreation and entertainment at home for kids and teenagers and more serious adult gamers or those amateur players who do it online via networking in small groups and organize game competitions. There are also professional game players, aside from angering a whole lot of players, these attacks also cost professional gamers a lot of money by making them unable to do their jobs. Professional gamers make money from advertisements during live streams of their performances and it costs them thousands of dollars out of their livelihoods.

"These people generate revenue using game servers, so when they're attacked, it creates dramatic financial loss for them," Matt Mahvi, told Ars Technica. When it comes down to bringing down gaming networks, a new trick that abuses the Network Time Protocol (NTP), which keeps computers' clocks synced up to Coordinated Universal Time, is proving more difficult to thwart.

The NTP method first began to appear late last year. To bring down a gaming server the attackers trick NTP servers into thinking they've been queried by the game’s server. The NTP servers, thinking they're responding to a legitimate query, message the game’s true server, overloading it with as many as 100 gigabits per second (Gbps). That's large even for a DDoS attack. In this way, one small request to an NTP server can generate an enormous response capable of taking down even high-capacity websites.

Having been bombarded with fake server requests and traffic, there’s nothing much you can do to thwart it, unless off course you’ve hired a professional outfit that deals with DDoS attacks in all earnest. The benefit of having a team of professionals looking after the servers are quite a few, since they get into it even before the DDoS attack takes place and assume all necessary precautions for this calamity to even take place.

There isn't much that individual gamers can do to protect themselves against DDoS attacks. However, server operators can upgrade their NTP software to version 4.2.7p26 or later, in which the vulnerability exploited in these DDoS attacks has been patched.



Sunday, December 7, 2014


App Tracking
Picture - Google Images

How could a tiny flash application on your smart phone be sending your highly confidential data back to its developers? And how your information gets passed on to the advertising agencies and marketing research firms and other third parties? How? You must be asking. Let us enlighten you.

Many flashlight apps which allow a device to be used as a torch also secretly record the most sensitive personal information. This may include the location of the phone, details of its owner and their contacts, and even the content of text messages.

The truth is, your smart phone is really spying on you with the applications you download every day – without your knowledge and without your consent. Privacy policy is an important feature that must be present with every application developed. But Google and Apple don’t require applications to have written privacy policies.

As advertising on applications becomes more popular, online tracking companies are suddenly very, very interested to see what we are downloading, how long and how frequently we use that download, who we are, whether we are male or female, where we live — you get the picture.

A recent article in the Wall Street Journal tested 101 popular applications for both iPhone and Android. Out of the 101 tested, here are the highlights of what they found:

  • Number of those apps that transmitted the phone’s unique ID number to other companies without consent: 65
  • Number of apps that transmitted the phone’s location: 47
  • Number of those who sent age, gender, and other personal information to online tracking companies: 5

Here’s a breakdown of the most frequently collected data: 

  • 82 percent of the top Android free apps and 49 percent of the top Android paid apps track user location
  • 50 percent of the top iOS free apps and 24 percent of the top iOS paid apps track user location

According to Appthority, “One of the main reasons app developers initiate app tracking is to generate supplementary revenue by sharing app user data with advertising networks and analytic companies. In some cases, particularly with free apps, developers are paid based on the amount of data they collect and share about users.”

All this revealing information is pretty scary. Even scarier when you know that there’s  actually NOTHING you can do about it. When it comes down to your PC, you can easily delete the cookies found in your computer system and rest assured but with smart phones you cannot do it, at least not at this point in time.

Keep checking our space as we stay on the lookout for more information about how you can make your privacy more private. Stay safe, and secure.

Friday, November 14, 2014


DDOS ATTACK- Prevention is better than cure (Google Images)

Whether you are a small online retailer or a big corporation, cometh the Holiday season, it’s hunting time for DDoS perpetrators! It's likely cyber criminals will only scale up their activity as the holiday season approaches.

In these circumstances one must know the importance of implementing DDoS mitigation controls. One must have a comprehensive DDoS mitigation strategy all in readiness. Even the security professionals who know better often find themselves making last-minute contingency plans despite the knowledge that proper planning months in advance would have reduced the cost of the mitigation solution and substantially mitigated any damages during an attack.

The scope of the threat varies from individuals to organizations between different industrial sectors and during different seasons. Your business’ reputation is at stake that can potentially be damaged beyond repairs. Your customers’ confidence levels will nose dive should anything of adverse nature occurs. Planning ahead of the disaster and trying to prevent the damages being
occurred is much better than finding yourself taking emergency measures.

To have in-house DDoS mitigation system is almost impractical for small companies. Even if you plan to have one within your company then you’re looking at putting a lot of money in to it. 

Prepare for DDOS Attacks (Google Images)

It’s better to have a solution that is more service oriented and one that is handled by the experts. The consequences of not having any protection in place could prove to be absolutely devastating.

It could bring your entire online operations down to a complete halt. That would ultimately lead to sales numbers nose diving and may even lead to bankruptcy. Considering what lies ahead it’s a wise choice to hire a DDoS mitigation service provider, people who know there job and know how to save your business.

Fortunately, there are practical solutions available for smaller companies. These require advanced planning and an understanding that DDoS protection and information security are fundamental concepts that must be incorporated into a company's business plan year-round.

All companies should work with a security firm or consultant with experience in mitigating DDoS attacks to determine those solutions that make the most sense for the size of the business being protected, thereby facilitating the most attractive ROI and reaping the rewards of making a wise choice.

Friday, October 10, 2014


Iphone6 (Picture Google Images)

Do you have a good printer? Glue? Well, you’re ready to hack into iPhone 6! At least that’s what’s been proved by Mr. Rogers from the security firm Lookout. All he used was a high resolution copy of a fingerprint through a special printer and some glue and voila! No! It’s not as easy as it sounds. You need at least a thousand dollars and a lot of hope that your plan works plus some other intricacies that are attached with this plan.

Finger Scan (Picture Google Images)
Marc Rogers had earlier proved his hacking skills as soon as iPhone 5 came out and he proved the vulnerabilities iPhone 5 and Touch ID presented. But at the same time Rogers suggested that hacking Touch ID is so complicated, that most hackers wouldn't bother. Your iPhone 6 is, for all practical purposes, safe. "Don’t panic," he told Business Insider. "I don't see a risk to consumers in any way."

The bad news is that this won't last, he cautions. With the introduction of Apple Pay, where Apple hopes to turn every smart phone into a credit card protected by Touch ID, criminals now have a huge financial incentive to come up with methods that make hacking the fingerprint sensor faster and easier. And Apple missed some big chances with the iPhone 6 to make that impossible, Rogers told Business Insider.

For both the iPhone 5 and the iPhone 6, Rogers hacked Touch ID by creating fake fingerprints. He lifted a fingerprint from a shiny surface. He printed a high-resolution copy of the fingerprint with a special printer and transferred that to something called "transparency film." He used that to develop a mold of the fingerprint with something called "photosensitive PCB board." He poured glue into the mold and voila! He had a fake fingerprint. But the process took hours and required over $1,000 worth of gear, he said.

What’s frustrating is that even after proven attempts of the security flaws in Apple’s Touch ID, no improvements have been made. The finger print sensor problem has been around for a long time now. According to Rogers Apple’s missing out on improving how the sensor and the touch screen interacts with the skin. Conductivity he says is what makes the touch screen detect the contact and this is where Apple’s lacking.

According to Rogers Apple should make sure that if somebody is trying to hack in then the sensors should be able to detect that they’re wearing fake finger prints and nip it right in the bud. He says Apple’s always been ground breaking with their innovative products and this is the same approach that they need to tackle this issue with.

In the meantime we can hope that it becomes easier for the consumers to pay through their smart phones but at the same time knowing that their IDs are well protected. We hope the manufacturers pay heed to these concerns and come up with better beefed up security for payment devices.