GetContact app allows you to define number owners and find out how a contact is signed in other users address book. In October 2021, 3 years after its launch, the application ranks second among the AppStore’s top charts in the Utility section. And this despite the fact that GetContact collects the personal data of users. In this article, we explains how to delete personal data from the GetContact database.
How to delete your number from GetContact?
As noted by the developers themselves, deleting a profile in GetContact does not remove the number from the database application. However, to protect yourself, it is recommended to deactivate the account. Here’s how to do it:
- Open the app and go to the “Other” menu;
- Select “Settings” and then “Account Setup”;
- Go to “Account Management”, click “Lock Account” and confirm the action.
It is noteworthy that your data will not be visible in the application until you log in to GetContact again.
To completely remove your data from the app you should do the following:
- Go to page of official site GetContact: https://www.getcontact.com/en/unlist ;
- Log in;
- Scroll to the end of the page that opens and click Visibility settings;
- To prevent your data and tags from being available to other users, switch the slider to Off;
- Confirm the Action.
After performing these actions, your personal data will be hidden from search and your account will be deleted.
SQL injection is a common cybersecurity issue used by attackers as an entry point to your database. It can be a precursor of many other attacks like credential stuffing, account takeovers, and other forms of fraud. Therefore, it is essential to understand how to protect the application’s database to avoid heavy losses from SQL injections. In this post, we will discuss various ways that you can use to prevent SQL injection attacks.
Ways to prevent SQL injection attacks
Among the most dangerous threats to web applications today are SQL injection attacks. All is not lost to a network or database admin because there are various ways to prevent them from ever happening or minimize their occurrence frequency.
As we will see below, you can take various steps to reduce the risk of exposure to SQL injection attacks.
Regular auditing and penetration testing
It is becoming increasingly necessary to perform regular application, database, and network audits nowadays. With regulations like GDPR, a company does not have the luxury of relaxing on matters of database security. In addition, auditing the database logs for suspicious activities, privilege escalation, and variable binding terms are necessary practices.
As crucial auditing, the system for malicious behavior is, it is equally essential to perform penetration testing of your database to gauge the readiness of your response mechanisms to potential attacks that include SQL injection. Penetration testing companies can find threats like cross-site scripting, unpatched vulnerabilities, retired software, insecure password, and various forms of SQL injection.
User Input Validation
Validating the user inputs is a common step to preventing SQL injection attacks. You have first to identify the essential SQL statements and make a whitelist containing all valid SQL statements. This leaves out the invalidated statements. We refer to this process as query redesign or input validation.
Ensure you configure inputs for user data by context. For instance, you can filter email addresses to ensure that only strings that contain specific characters such as “@” are allowed. In a similar fashion. Ensure that you filter the social security and phone numbers using regular expressions to allow a specific format and number of digits in each of them.
Sanitization of data through special character limitations
You can safeguard your database against SQL injection attacks through adequate sanitization of user data. SQL injection attackers use specific character sequences that are unique to exploit a database. Therefore, sanitizing your data not to allow concatenation of strings is a critical measure.
You can achieve this by configuring the inputs from a user to a function. It ensures that an attacker does not pass characters like quotes in an SQL query as they might be dangerous. Various administrators use prepared statements to avoid unauthenticated queries.
Parameterization and enforcing prepared statements.
Input validation and data sanitization do not fix all SQL injection-related issues. Therefore, organizations must use prepared statements containing queries that are parameterized to write database queries. We also call this variable binding. Distinguishing user input and code is made easy to define the SQL code used in a query or a parameter.
Although dynamic SQL as a programming method allows more flexibility in developing an application, it has the drawback of allowing SQL injection vulnerabilities as instructions. In addition, sticking to the standard SQL means malicious SQL inputs will be treated as data but not as a potential command.
Enforcing stored procedures in the database
Stored procedures use variable binding like parameterization. Unlike mitigating SQL injections using prepared statements, when you implement stored procedures, they are resident to the database and are only called from an application. If you use dynamic SQL generation, they minimize the effectiveness of stored procedures. According to OWASP (The Open Web Application Security Project®), only one parameterized approach is required, but neither is enough to guarantee optimal security.
Increasing the capability of the virtual and physical firewalls
To help fight malicious SQL queries, we recommend using software or appliance-based web application firewalls. Both NFGW and FWAAS firewall offerings are easy to configure and have a comprehensive set of rules. If a software security patch is yet to be released, you can find WAFs to be useful. One popular firewall is ModSecurity. It is available in Microsoft IIS, Apache, and Nginx servers. It has ever-developing and sophisticated rules to help filter potentially dangerous requests from the web. Its defenses for SQL injection can catch many attempts to sneak in malicious SQL queries from the web.
Reducing the attack surface
An attack surface is an array of vulnerabilities that an attacker can use as an entry point. Therefore, in the SQL injection context, it means that you do away with any functionalities in the database that you do not require or ensure further safety.
A good example is the xp_cmdshell extended storing procedure for the Microsoft SQL Server. It can spawn a command shell and pass a string for execution in windows. Since the process started by the xp_cmdshell has similar security privileges as the SQL Server service account, severe damage from the attacker can befall the database.
One rule should always reign when dealing with matters on the internet. No connected application is secure. Therefore, ensure that you hash and encrypt your connection strings and confidential data. There are many encryptions and hashing tools that are cheap, easily accessible, or even open source. Today we must universally adopt encryption as a data protection mechanism. It is for a good reason. Without encrypting your data using appropriate hashing and encryption policies, when it falls in the hands of a malicious actor, all the data is in plain sight. There are various hashing mechanisms like SHA, LANNAN, and NTLM. Encryption algorithms in the market today are bcrypt, DES, RSA, TripleDES, among many others. According to Microsoft, through encryption, we transform the problem of protecting the data protecting cryptographic keys.
Monitoring the SQL statements continuously
Third-party vendors and organizations should ensure continuous monitoring of all SQL statements within an application or database-connected applications. They should also document the prepared statements, database accounts, and stored procedures. It is easier to identify SQL statements that are rogue and various vulnerabilities when you scrutinize the functioning of the SQL statements. Therefore, a database admin can disable or delete unnecessary accounts, the stored procedure, and prepared statements.
There are monitoring tools that use technologies like behavioral analysis and machine learning. They include tools like SIEM and PAM and are an excellent addition to an organization’s network security.
Take away about prevent SQL injection
It is essential to conduct regular penetration testing to evaluate how you have implemented measures to prevent SQL injection attack responses. Through this option, you can stay ahead of the attacker and prevent lawsuits and hefty fines from coming your way. Besides the above measures, you can implement other safeguards like limiting access, denying extended URLs from your application, not divulging error messages, among many others.
As we are already in 2020, it’s obvious to think about what the future has in store for us. From a cybersecurity viewpoint, there are a lot of concerns to be answered.
How cybersecurity will behave this year and what risks will come to the surface?
Will attackers capitalize on new tools like AI and biometrics or will they focus on utilizing traditional systems in new ways? What will shape cybersecurity in 2020 and beyond?
By reviewing the cybersecurity happenings over the past couple of years, it is somehow possible to predict the things in cyber scenarios over the next 12 months.
From cybersecurity staff shortages to the AI’s role in cybersecurity, let’s have a quick look at key cybersecurity trends that are likely to define the digital landscape in 2020.
The Cybersecurity Talents Gap:
The tech industry is going through cybersecurity talent crises, even though security teams have to face more risks than ever.
Various studies have found that the shortage of skilled cybersecurity workforce is expected to hit 3.4 million unfilled positions by 2021, up from the current level of 2.93 million, with 500,000 of those vacancies in North America. This can worsen the problem, leading to possible data incidents not being investigated. Consequently, there will be a greater dependence on AI tools that can help organizations with fewer humans.
Automated security tools such as digital threat management solutions are increasingly becoming important to safeguarding the data. Modern products can enable even a small team to protect their websites and web apps, ensuring a technological solution to persistent cybersecurity talent concerns.
Starting of the New Cyber Cold War:
In 2017, American intelligence agencies confirmed the Russian government’s involvement in a campaign of hacking, fake news, data leaks to affect the American political process to benefit Donald Trump.
This is how the cyber-game is played among powerful nations. And this has led to a new kind of war which is termed as a cyber-cold war.
Cyber-attacks in smaller countries are reportedly sponsored by larger nations to establish their spheres of influence.
Moreover, critical infrastructure continues to be on the radar of cyber-attacks, as seen in attacks on South African and US utility companies. Countries are required to ponder over their cyber defenses around their critical infrastructure.
Hackers to Exploit Misconfigurations:
Former Amazon Web Services employee Paige Thompson was found guilty of accessing the personal information of 106 million Capital One credit card applicants and clients as well as stealing information from over 30 other enterprises. Thompson was also accused of stealing multiple TB of data from a variety of companies and educational institutions.
The investigators found that Thompson leveraged a firewall misconfiguration to access data in Capital One’s AWS storage, with a GitHub file containing code for some commands as well as information of over 700 folders of data. Those commands helped him get access to data stored in the folders over there.
The point is here that human errors in the configuration process can provide an easy entry to the cyber-criminals. Therefore, hackers are looking to make the most of this security vulnerability.
The Eminent Role of AI in Cybersecurity:
In 2016, AI was used to propagate fake news in the US elections. Special teams were used in a political campaign to create and spread fake stories to weaken the opponents. As we are gearing up for the 2020 elections, the use of AI is likely to take place once again.
As AI continues to be a major tool for cyber-crime, it will also be utilized to speed up security responses. Most security solutions are based on an algorithm based on human intellect, but updating this against the sophisticated risks and across new technologies and devices is challenging to do manually.
AI can be useful in threat detection and immediate security responses, helping to prevent attacks before they can do big damage. But it can’t be denied that cybercriminals are also leveraging the same technology to help them identify networks for vulnerabilities and create malware.
Cloud Security to Remain a Top Concern:
Cloud technology has been gaining momentum among all businesses over the years. After all, it ensures flexibility, collaboration, sharing and accessing. Simply put, you can share and access data from any part of the world, especially if you are on the go.
However, cloud technology is not immune to threats like data loss, leakage, privacy violation, and confidentiality. These threats will continue to plague cloud computing in 2020 too. No wonder the cloud security market is expected to hit $8.9 billion by 2020.
The cloud threats are mainly caused by poor management by the clients, rather than the service provider. For example, you require a password to access a basic cloud service that is shared with you or created by you. In case of using a weaker password, you are making your cloud account vulnerable to cybercrimes. Keep in mind that detecting such flaws in your cloud usage is not a big deal for today’s sophisticated cybercriminals. Besides, sensitive information should be placed in a private cloud that is safer than a public cloud.
State-Sponsored Cyber-attacks will Rock the World:
Advanced cyber-attacks sponsored by nation-state actors will have a profound impact. Cybercriminals who are unofficially backed by the state can unleash DDoS attacks, create high-profile data incidents, steal secrets and data, and silence some voices. As political tensions are increasing, these things are likely to go up—and managing security in such a scenario will require equally sophisticated solutions to detect and prevent vulnerabilities.
Cyber incidents are on the rise. They will be even more malicious this year as hackers are looking for new ways to discover vulnerabilities. That’s why cybersecurity should be the topmost priority for organizations. Pondering over the new risks will help you better prepare. What do you think? Let me know by commenting below.