MicroSecurity

How to protect your Facebook account from hackers, spammers and clowns

2011-03-02T21:02:00.003+03:00

If you’re like the average Facebook user, you have 130 Facebook friends. Those friends may include your mom, your best friend from 5^th grade, your boss. (If your friends list includes people you don’t know, you should audit your account right now. )

Now, what happens if your Facebook account is taken over by a spammer or a scammer? Or maybe a disgruntled ex gets control of your profile and starts posting shameful things on your friends’ walls. Could you brush it off and tell yourself, “It’s just the Internet. Who cares?” Probably not.

Hackers are out there —helping each other to take advantage of lax security. So here’s what you need to know to keep strangers out of your account. If you’re in a hurry, the most important information is on top.

The Basics

Use a strong password and don’t let your browser remember it
Your password is the key to your Facebook castle. If it isn’t strong, if it includes things that your friends and exes can guess, you’re leaving your drawbridge wide open. Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system.

And tell Firefox, or whatever browser you use, that you don’t want it remembering your passwords. Don’t make life easier for hackers. (To clear your passwords in Firefox, go to “Tools” then “Clear Private Data” the close and reopen Firefox.)

Use unique passwords for all of your important accounts (and update them whenever you go the dentist)
For any account that really matters—your email, your bank and credit card accounts, Facebook—you need to use a unique, strong password that you do not use for any other account. Whenever a site is hacked, you see that this creates a security crisis across the Web. Why? People reuse passwords. Don’t be one of those people.

And yes, you should update the passwords of your most important accounts. How often? Some say every month. Some say every few months. How about whenever you’ve just gotten home from the dentist? You’ll be in the mood for a little pain. And if you’re the kind of a person who sees a dentist more than twice a year, you should be as careful with your passwords as you are with your teeth.

Of course, if you recognize any suspicious account activity in your account, change your password immediately.

Make sure your system software and Internet security are updated
All the security in the world won’t help you if your PC is infected with a keylogger that can track every letter you type. Updated system and Internet Security can’t stop you from making security mistakes. But it can prevent most of the common attacks out there. Our free Health Check will tell you if your PC is protected.

Watch where you click and watch where you land
Cybercriminals have mastered a devious method of stealing passwords: they ask you for them. This method is called Phishing and it works because it’s easy to make any webpage in the world look official and reputable. A page that looks just like a Facebook profile can be replicated in minutes. That’s why you always need to check the URL in your browser to make sure you’re on Facebook whenever you enter your private information. And if you ever have any doubt about something that has been posted in your newsfeed, follow the Golden Rule of Social Media Securityand don’t click.

Always log out
You’re not keeping hackers out by staying logged in. They still can get in and you’re leaving your account open for a snarky co-worker or invasive family member to pry. And once someone is inside your account, they can change your password to keep you out.

How To Make Sure You Can Get Your Account Back If It Is Hacked

If you start using a new email account, update Facebook settings
If your account is hacked, you need access to the email account you have in your settings. If you can’t get into that email because it’s closed, you’ve just greatly limited your chance of recovering your account.

Do what Facebook recommends
Facebook now rates how secure your account is. It’s a powerful feature, as long as you take it seriously. If your account “Overall Protection” is rated “low”, Facebook will prompt you to add some information. Do this!

Add a secondary email
Facebook asks for a secondary email. This helps Facebook because now it will be able to connect you with more friends. And it helps you if you ever lose access to your primary email, or if your primary email gets hacked. So only add a secure email account with a unique password.

You can add your secondary email by going to “Account” > “Account Settings”> Find “Email” and click on “change”.

Add your mobile number
Adding your cell phone number gives you a secondary way to claim your hacked account. It also gives you the ability to get one-time passwords, which I’ll explain later. To change or add your mobile number, go here. On that same page, be sure to edit your notifications or Facebook will be texting you nonstop.

Keep in mind that your Facebook account security now depends on your mobile security, so I recommend that you have some way to lock or wipe your phone if you lose it. Our Free Anti-Theft for Mobile does just that.

Add a strong security question
Make sure you choose a question that only you can answer. The last five digits of your driver’s license are probably better answer than the name of your first pet—since your friends and family may know that. The worst answer, of course, would be one that a stranger could figure out by looking at your profile.

For Extra Protection

Activate Account Protection
Want to be notified whenever a new computer logs into your account? Activate Account Protection.

Why would you want to do this? Because if someone gets into your account on a device you don’t recognize, you can login to Facebook and “end activity” on that login. Then you can, hopefully, change your password before the intruder does.

Once you activate this feature, you’ll have to identify ever device you login from. It’s slightly annoying, but it gives you the kind of control of your account that will keep your account safe.

To activate Account Protection and “end activity” on any Facebook sessions you didn’t initiate, go to “Account” > “Account Settings”> Find “Account Protection” and click on “change”.

Use One-Time Passwords on public computers
If you use Facebook on public computers, such as at school or the library, you should use Facebook’s One-Time password feature. On a public computer, you have no idea what kinds of programs are running that could be used to log your account information. By using a unique password each time, you remove the risk that your credentials will be stolen.

To do this you need to set up and verify your SMS number. Go here and add in your mobile number. You’ll then need to verify the number by entering a code that will be sent to you. Once this is done, you can send a text message to 32665 with the message “otp” whenever you’re about to login on a public computer. Your One-Time Password will work for 20 minutes after you receive it.

How to protect your data privacy on social networks

2011-03-02T15:22:00.007+03:00

Studies have said public speaking makes as many as 3 out of 4 people anxious. But that was before Facebook.

The 650 million people on Facebook suggest that most of us are getting over—or want to get over—that fear of communicating (or at least sharing pictures) in public. In just a few years, Twitter, YouTube and Facebook have given billions of people the chance to connect to an audience they would never had access to before.

But now that you’re becoming comfortable in public, you may begin to wonder: Am I revealing too much? In a world with the NSA, TMZ and Wikileaks, do I have any privacy? Is it possible to be a public person and still protect my information from being misused?

Friday January 28 is Data Privacy Day 2011 , an international celebration of the dignity of the individual represented through personal information. Protecting your irreplaceable data is our mission and we take this mission very seriously. (Here is F-Secure’s Privacy Policy.)

The risks

The more visible, attractive or rich you are, the more you’re a target for the haters, the stalkers and online criminals of the 21st century. Heck, if you have a credit card, you’re a target for both the online criminals and unscrupulous marketers of the world.

Sharing personal information in an age where data can travel faster than lightning requires a 21st century view of data privacy. Some think it’s vain to worry about privacy. But don’t think about your ego, think about social engineering.

Wiktionary describes social engineering as “The practice of tricking a user into giving, or giving access to, sensitive information, thereby bypassing most or all protection.” Criminals have discovered that human error is the easiest vulnerability to exploit. If you’re not careful, your private data (or even public data) can be used to fool you into making mistakes that even your award-winning Internet Security can’t prevent.

Ignorance may be bliss, but it’s not an excuse. Once your private data is stolen, you’ll have to deal with the consequences. The good news is that you can do a lot to make your data more secure

My nephew once told me, “Facebook is so easy that even old people can use it.” And by old people, he meant me.

I agree with my nephew. Most people who use social media don’t suffer significant negative consequences for doing so—or there wouldn’t be millions of new people trying it every day. Stories of people being fired or arrested for what they’ve done on Facebook are rare. But they get lots of attention because Facebook is the superstar everyone knows.

Only a small percentage of those on social media fall victim to the worst of identity theft, malware or scams. And that’s still too many people suffering needlessly—especially because most of these scourges are avoidable.

The lessons

If you learned to manage the benefits and risks of email, you can do the same for social media. Here a few things you can do to help keep your private data private.

1. Decide why you’re social networking.
For some, social networking is an extension of your private life. You mostly interact with people you know or would like to know in the real world. The main topics of conversation are personal. Even when you delve into entertainment or politics or sports, it’s about sharing opinions to have fun and connect. Intimacy is the goal so private things are often shared nonchalantly. For instance, you might reveal what you did on a day when you played hooky from school or work.

For others, social networking is like interacting at a conference. You’re seeking out people in your industry or whom you admire. Conversation is like a cocktail party—being interesting and on-topic matters. When you talk about entertainment or politics or sports, it’s a way to network and establish trust. You want people to feel like they know you, but getting too personal too fast raises red flags. For instance, you may reveal what you did on your vacation but only in a way that you wouldn’t mind your boss reading.

For a growing number of people, social network is a chance to build a little fame or fortune. You’re looking for an audience who trusts and enjoys you to the point you might even sell them things. You converse with fellow influencers and friends but you also broadcast for a targeted or general audience. When you talk about entertainment or politics or sports, you’re entertaining or engaging an audience while establishing expertise. You may share extremely private details or never talk about your personal life. Either way, you’re establishing a persona that’s relatable to the audience you’re trying to attract. For instance, you may reveal a joke a well-known person shared with you.

By the time you’re out of college for a few years, most people have tried out some variation of each of these approaches to social media. And your approach definitely affects your data security.

The rule is: the bigger the audience you seek, the more you have to think about the information you share.

All of us have to protect our ID, account and phone numbers, our address and our Mother’s maiden name. But if you’re an aspiring Disney star or class president, you have to think about which pictures you take—since you know they’ll all be posted eventually. And George Clooney probably shouldn’t use Foursquare to share his location unless he wants to spend his day shaking hands or filing restraining orders.

We all need to be cautious about sharing details that can be used to scam us. If you achieve, or accidentally achieve, fame, your privacy will become even more precious. So if you want to be internet famous, you need to be savvy about which information you share online—or you’ll have to hire people who are.

2. Secure your systems
Don’t use the default password for your voicemail or anything. Use strong, unique passwords for all your accounts. Don’t use work email addresses or passwords for social accounts. Put security software on your PC and your mobile device, if possible. Password protect your Wi-Fi networks.Turn on secure browsing on Facebook . Put a remote lock on your mobile phone. Always lock your PC and mobile devices when you aren’t using them. Keep your system and application software updated. (Our free Health Check makes that easy.) Turn off GPS on your phone and pictures if you don’t want strangers to know your location.

3. Choose services you trust
Any store, service or site that has your data, should have a privacy policy. A key feature of a good privacy policy is that your data will not be shared or sold. By 2011, most reputable online businesses have privacy policies that make that basic promise. But in addition to privacy also have to trust that any organization you trust with your data had security that won’t be compromised. Quality can have a price. If privacy is more important to you than cost, you can buy dedicated email services that won’t serve you ads. Regardless if they charge or not, you should only use reputable online services you trust. Before you enter any data into any website, think, “Do I trust this organization?” If there’s any doubt, ask others what they think.

4. On a social network, your information could be shared with everyone– no matter what your privacy settings are.
Twitter is simple. There are two privacy settings: everyone or “Protect my tweets”. But even if you go with the protected option, your approved followers can still retweet your information to everyone. Facebook’s privacy settings are much more complex. They’re so complex that it almost feels like you should get college credits for really using them. Going with “Friends Only” is a good start, then you have to decide if you want your page on Google (if you don’t want your Facebook page to show up on Google, go to Account > Privacy Settings > Apps and Websites: Edit your settings > Public Search: Edit Settings > Uncheck Enable public search) and if you want to automatically share your information with other websites.

The safest rule is: get your settings right and still assume that what you post could go public so only share information you wouldn’t mind a future boss (or fan) seeing. NEVER share information that could be used to crack your passwords. Also keep in mind that the information you’re sharing that could be used by identity thieves and social engineers.

5. Be available or don’t
There is a difference between following and friending people. You can follow a lot of people but our brains can only handle around 130 friends. Rejecting or ignoring friend requests can be emotionally difficult, but your privacy is more important than others’ feelings. I say follow anyone on Twitter but on Facebook I’d recommend only befriending people you know or trust. And realize that the person is your friend, not their links. If anyone begins to spam you, let them know the problem. If they keep spamming, unfriend them. If anyone harasses you at all, block their communication. If you’re threatened, contact law enforcement.

You have the right to keep your private data secure while living your digital life to the fullest. All you have to do is respect your own data privacy and do your best to make sure that the people and businesses you interact with do the same.

WiFi + Airport = Lost password

2011-02-16T00:09:00.001+03:00

As most travelers know, many airports and VIP lounges offer Wi-Fi connectivity but, unfortunately, these connection are rarely encrypted. Here’s an example:

All data sent and received travels in clear text, which means anyone could intercept the data for malicious purposes. This unencrypted data could include passwords, logins, financial information like PIN codes, etc.

Many people also know that it’s always better to use a VPN connection. However, in many cases, VPN connection are filtered out and blocked by rules on the network firewall. I tried two different protocols and both were blocked. Mostly network administrators don’t allow using VPNs from Public WiFi access points only because they want to make sure the network isn’t be used for malicious purposes without any readable network logs. These policies actually allow to the bad guys to launch really easy man-in-the-middle attacks when all traffic pass through a malicious host.

The reality is that using a public Wi-Fi service can expose your really sensitive data to cybercriminals. Recently, we saw some famous people lose their Facebook and other social network passwords by using open (insecure) Wi-Fi connections.

So what is the solution when your VPN is blocked? Well, in some cases, an SSL (https) connection may help. Please, before going to any Website, type in the address bar https:// and then the domain name. After the page is loaded, please check if the certificate used for encryption is a valid one and issued to the site you’re visiting. If you see something wrong with the certificate, stop using the site.

Another solution is to use a cable Ethernet connection instead of a WiFi. Many lounges have such connection as well; it will be much safer for you.

In any case if you’re connected from a public place, it’s better not to use eBanking or ePayment services. That data is the main target for criminals. So, travel safe and keep your personal data safe as well!

iPhone passwords succumb to researchers' attack

2011-02-15T01:23:00.002+03:00

Researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, have found a way to steal passwords found in the Apple iPhone's keychain services within six minutes.

In order to steal passwords, the researchers said, the attacker must have have the actual, physical iPhone in hand--this isn't a remote maneuver. First, the attacker has to jailbreak the iPhone, and from there then must install an SSH server on the smartphone to be able to run unrestricted programs. The researchers also created a "keychain access script" that they then copied to the iPhone. After executing that script, they found that they were able to decrypt and see some passwords saved in the keychain.

Over the past year, several iPhone exploits have been revealed by researchers around the world, including some that attack vulnerabilities in the mobile Safari browser. But at least so far, the issues have affected users who jailbreak their own devices. Even in the Fraunhofer Institute's case, a non-jailbroken iPhone will not reveal keychain passwords. Jailbreaking is the process of bypassing the restrictions that Apple sets up to keep users from tinkering with the device's underlying system software.

Researchers said that this latest issue has to do with how iOS handles encryption--namely, that "encryption is independent of the personal password to protect access to the device properly." In other words, even if a user protects access to the iPhone--or any other iOS-based device--with a passcode, it won't be enough to stop hackers from using this method to access saved passwords in the keychain.

It should be noted that the proof-of-concept maneuver would not reveal passwords for Web sites. Services like Gmail, AOL Mail, Yahoo Mail, and others with "protected" passwords "were available to the script only after entering the passcode to unlock the device, which by assumption, should not be possible for an attacker," the researchers noted.

But the folks at Fraunhofer Institute don't necessarily believe that iPhone owners should assume that they will be safe if they don't jailbreak their iPhones. In their scenario, the researchers assumed that the iPhone was stolen and the person who took it knew how to jailbreak the device and create and run scripts. They said in their evaluation of their proof-of-concept that the difficulty level of exploiting the vulnerability is "low."

"Owners of a lost or stolen iOS device should therefore quickly initiate a change of all stored passwords," the researchers wrote in their report. "Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts."

Malicious hackers are increasingly turning towardsthe mobile market to target unsuspecting victims.

Earlier this week, security firm McAfee revealed that mobile malware threats were up 46 percent last year. The company said that it expects "cybercriminal activity" in the mobile market to surge in 2011.

Data theft attacks besiege oil industry, McAfee says

2011-02-15T01:03:00.000+03:00

A McAfee diagram of how the Night Dragon attacks proceeded.

(Credit: McAfee)

For years, companies in the oil and energy industry have been the victims of attempts to steal e-mail and other sensitive information from hackers believed to be in China, according to a new report from McAfee.

The attacks, to which McAfee gave the sinister name "Night Dragon," penetrated company networks through Web servers, compromised desktop computers, bypassed safeguards by misusing administrative credentials, and used remote administration tools to obtain the information, the security firm said late yesterday. McAfee and other security companies now have identified the method and can provide a defense.

"Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise. These targets have now moved beyond the defense industrial base, government, and military computers to include global corporate and commercial targets," McAfee said in a white paper (PDF) published today.

And the attack was at least partially successful, McAfee said: "Files of interest focused on operational oil and gas field production systems and financial documents related to field exploration and bidding that were later copied from the compromised hosts or via extranet servers. In some cases, the files were copied to and downloaded from company Web servers by the attackers. In certain cases, the attackers collected data from SCADA systems," the supervisory control and data acquisition systems that control and monitor industrial processes.

McAfee didn't reveal details about what SCADA data was involved, but it's a potentially serious matter: such systems are at the operational heart of everything from oil pipelines and refineries to factories and electrical power distribution networks.

McAfee told The Wall Street Journal that the attacks appeared to be purely about espionage, not sabotage. The latter possibility has become a more vivid fear with the Stuxnet attack that apparently damaged Iranian nuclear operations. China is a particular concern: it's a rising industrial power that Google has implicated in attempts to crack its own network and obtain sensitive information.

McAfee notified the FBI of the Night Dragon attacks, and the FBI is investigating, the Journal reported.

Several Night Dragon attacks were launched in November 2009, McAfee Chief Technology Officer George Kurtz said in a blog post, but attacks have been going on for at least two years and likely as long as four.

"We have strong evidence suggesting that the attackers were based in China," Kurtz said. "The tools, techniques, and network activities used in these attacks originate primarily in China. These tools are widely available on the Chinese Web forums and tend to be used extensively by Chinese hacker groups."

The attacks themselves used a variety of methods that, although described as "relatively unsophisticated," were nonetheless effective.

First came an attack to compromise a Web server that then became a host for a variety of hacking tools that could probe the company's internal network. Password cracking and other tools were used to gain access to PCs and servers. Remote administration software, including one called zwShell, let attackers control compromised Windows PCs to gather more data and push the attack toward more sensitive areas.

An appendix of the white paper offers more details on the Chinese connection:

While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers--this individual is based in Heze City, Shandong Province, China. Although we don't believe this individual is the mastermind behind these attacks, it is likely this person is aware or has information that can help identify at least some of the individuals, groups, or organizations responsible for these intrusions.
The individual runs a company that, according to the company's advertisements, provides "Hosted Servers in the U.S. with no records kept" for as little as 68 RMB (US$10) per year for 100 MB of space. The company's U.S.-based leased servers have been used to host the zwShell C&C [command and control] application that controlled machines across the victim companies.
Beyond the connection to the hosting services reseller operation, there is other evidence indicating that the attackers were of Chinese origin. Beyond the curious use of the "zw.china" password that unlocks the operation of the zwShell C&C Trojan, McAfee has determined that all of the identified data exfiltration activity occurred from Beijing-based IP [Internet Protocol] addresses and operated inside the victim companies weekdays from 9:00 a.m. to 5:00 p.m. Beijing time, which also suggests that the involved individuals were "company men" working on a regular job, rather than freelance or unprofessional hackers. In addition, the attackers employed hacking tools of Chinese origin and that are prevalent on Chinese underground hacking forums. These included Hookmsgina and WinlogonHack, tools that intercept Windows logon requests and hijack usernames and passwords...
Although it is possible that all of these indicators are an elaborate red-herring operation designed to pin the blame for the attacks on Chinese hackers, we believe this to be highly unlikely. Further, it is unclear who would have the motivation to go to these extraordinary lengths to place the blame for these attacks on someone else.

The early phase of the Night Dragon attack gains access to Web servers.

(Credit: McAfee

Sandboxing to come in Avast 6

2011-02-10T05:48:00.001+03:00

Free security suites have long been offering protection for Windows computers that has ranged from adequate to excellent. After using the Avast 6 beta for the past week, it looks like Avast 6 will land far closer to the high end of the spectrum thanks to its new WebRep browser add-on and sandbox environment, unique in the free antivirus marketplace.

Avast 6 Free will come with a sandbox feature to isolate risky programs while they run.

(Credit: Screenshot by Seth Rosenblatt)

The security suite is available in three forms: Free Antivirus, which replicates the features available in the upcoming Avast 6 Free; Pro Antivirus, which offers a 30-day trial for checking out Avast's first level of paid security; and Internet Security, which ramps up the feature set to include more security tools.

The biggest new feature is the AutoSandbox, which walls off suspicious programs, preventing them from potentially damaging your system while allowing them to run. Few details have been provided so far as to how the AutoSandbox works, however a response from an Avast employee on Avast's forums gave some indication of how it works. Avast's sandbox allows the program to run, while keeping track of which files are opened, created, or renamed, and what it reads and writes from the Registry. These permanent changes are virtualized, so when the process terminates itself, the system changes it made will evaporate.

The AutoSandbox settings are accessible from the new Additional Protection option on the left nav. It defaults to asking the user whether a program should be sandboxed, although you can set it to automatically decide. There's a whitelist option for programs that you always want to exclude from the sandbox, and you can deactivate the feature entirely.

Avast 6 will come with an optional browser plug-in for Internet Explorer and Firefox called WebRep, which is Avast's new Web site reputation service. It uses a combination of data from Avast's virus labs and user voting to determine a safety score for a site. Similar add-ons are a common tool available in most antivirus suites, so it's good to see Avast join them. Like its competitors, Avast appears to have ignored Google Chrome and its 10 percent market share when it comes to search result rating add-ons. However, Avast has promised that the Chrome add-on will be released soon.

The browser add-ons install when installing Avast 6. If you don't want them, it's actually easier to remove them from within Avast instead of within the browser. Currently, removing the add-on using the browser's interface will cue Avast to re-install the add-on the next time the computer is rebooted.

Other new features have been introduced in Avast 6 beta. The Troubleshooting section now comes with a "restore factory settings" option, there's a new sidebar gadget for Windows 7 and Vista, and you can set automatic actions in the boot-time scan. Two features that have filtered down to the free version are the Script Shield and site blocking. The Script Shield now works with Internet Explorer 8 and 9's protected mode. Meanwhile, the paid versions have gained some new features, such as SafeZone, a virtualization feature for secure online banking. The installer has shrunk for all versions by about 20 percent.

Avast 6 Free also comes with the optional WebRep add-on, for rating search results and Web sites.

(Credit: Screenshot by Seth Rosenblatt)

The initial build of the program was buggy and actually caused my computer to enter into a crash loop that I escaped by booting into Safe Mode and removing it. However, subsequent builds have proven to be far more stable. Note that if you do install the beta, you'll have to completely uninstall your current antivirus program, even if it's Avast 5. The company expects to have an upgrade mechanism in place by the time Avast 6 is ready for wide distribution.

Other known problems in the beta include the fact that the SafeZone feature doesn't work yet and that the firewall in the paid versions contains a conflict with uTorrent.
Performance benchmarks are not available because of the in-development nature of this release. It's simply changing too quickly for benchmarks to provide any useful information, given the time it takes to conduct them.

Although the suite looks good and bodes well for the coming public release, this is a beta product and so it's not recommended for security duties on your primary or only computer. However, it's well worth exploring on secondary machines, and it's encouraging to see Avast not laying fallow after the gains made in version 5.

The beta announcement thread on the Avast forums can be read here.

Firefox beta to Web: 'Do Not Track'

2011-02-09T05:36:00.000+03:00

Firefox 4 beta 11 has landed a useful security feature for people who are sick of "stalkertizements," those cookie-based ads that use your browsing history to target ads at your perceived tastes. The new "Do Not Track" feature in Firefox 4 beta 11 for Windows, Mac, and Linux sends out a header that tells Web sites that you want to opt out of behavioral tracking, though Mozilla cautions in a blog post that it will take some time for sites and advertisers to respond to the header.

This diagram shows how Firefox's new 'Do Not Track' feature works.

(Credit: Mozilla)

The feature can be toggled via a check box in the Advanced tab of Firefox's Options window.

Mozilla privacy lead Alex Fowler said that the engineers decided to base the feature in the header sent from the browser because it's something that all Web pages read as they load. A blacklist or cookie-based solution would be harder to implement across different browsers. He acknowledged that successful implementation of "Do Not Track" also depends on advertisers and site owners respecting that incoming header.

He added that the initial stages of a legislative fix are under way as at least one member of Congress--Rep. Jackie Speier (D-Calif.)--plans to introduce a bill ordering the Federal Trade Commission to create a "Do Not Track" program for advertisers. However, a second bill also being proposed does not include the "Do Not Track" option. Both might have a hard time passing in today's antiprivacy climate, although a bill with "Do Not Track" would be the harder sell because of its stronger privacy controls.

Mozilla security and privacy engineer Sid Stamm has documented the technical implementation of "Do Not Track."

Other changes in Firefox 4 beta 11--which Mozilla hopes will be the penultimate Firefox 4 beta--include moving connection status messages to a small overlay window, re-enabling WebGL on Linux, disabling automatic switching to offline mode when no network connection is detected, and a redesign of the default about:home page. The full changelog is available here.

McAfee: Mobile threats on the rise

2011-02-09T05:19:00.001+03:00

Mobile threats are spreading and spam continues to be a thorn in the average person's side, according to a new McAfee report about the fourth quarter.

Mobile malware threats increased by 46 percent last year as criminals continued to embrace new opportunities on smartphones and tablets, the security firm said today.

"One of the most important threats of the quarter" among mobile devices was the Android-based Geinimi Trojan that Zeus botnet creators unleashed. It was flanked by several other malware threats, like the Symbian OS-focused Zitmo.A, McAfee said.

"Cybercriminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort," Vincent Weafer, senior vice president of McAfee Labs, said in a statement. "McAfee Labs also sees the direct correlation between device popularity and cybercriminal activity, a trend we expect to surge in 2011."

McAfee's latest report could help bolster support for the company's plans in 2011 to become increasingly invested in mobile security, thanks to Intel, which announced plans to acquire the security firm last year in a deal valued at $7.68 billion. Intel said at the time that it plans to use McAfee's core security products to improve protection for mobile devices, TVs, and other products that the chipmaker believes don't have enough protection.

McAfee found in its report that the "lack of security awareness and mobile safeguards" will lead smartphone owners to face an increasing number of botnet attacks this year.

In addition, the growth of mobile devices and Web-connected products like Internet TVs contributed to more Web-based threats in 2010, McAfee said. The company found that phishing scams asking people to provide information to the Internal Revenue Service, offering gift cards, and stealing social-networking account information were quite "popular" in the fourth quarter. Worst of all, McAfee said that 51 percent of the top 100 search results for the top daily search terms directed people to malicious sites.

Adobe Systems also took a beating in McAfee's quarterly report. The security firm found that all last year, malware creators were "heavily" targeting Flash and PDF and that Adobe Acrobat was the most popular place for malicious users to take aim at unsuspecting victims. Worst of all, the security firm said it's "certain" that Adobe will continue to be hit hard by malware in 2011.

Spam continues to be a major issue for people, accounting for 80 percent of all e-mail traffic in the fourth quarter, McAfee reported. At that level, however, spam actually hit a low it hasn't touched since the first quarter of 2007.

When it came to malware, consumers weren't so lucky. Twenty million "new pieces of malware" were developed in 2010, McAfee said.

Microsoft patches Windows, IE

2011-02-09T05:14:00.001+03:00

Microsoft today issued three "critical" security bulletins as part of its monthly Patch Tuesday program. Together with nine other alerts, which the company rated as "important," the bulletins address 22 vulnerabilities spanning Microsoft products from Windows and Internet Explorer to Office and Internet Information Services.

On the top of the list is MS11-003, which is a cumulative update for Internet Explorer that resolves four vulnerabilities. Included is a fix for the nasty CSS bug outlined in Security Advisory 2488013, a bug that could give attackers control of people's computers.

In a podcast about the patches, Jerry Bryant, the group manager of response communications for Microsoft's Trustworthy Computing Group, downplayed the scope of the CSS issue, saying that the company had seen only limited, targeted attacks focused on this vulnerability. To drive that point home, the company has released telemetry of how that vulnerability stacks up against an already-patched vulnerability in the Windows Shell, to explain why a fix was not made available outside the company's normal release cycle.

"While our first priority is to protect customers from issues like these, we also look to minimize disruption that issues like out-of-band releases can bring," Bryant said.

The second critical item included in the list of patches is the thumbnail image attack vulnerability, which is being addressed in MS11-006. This fixes the security hole in Microsoft's Windows Graphics Rendering Engine that could let attackers gain control of users' computers by having them load a specially formatted image. The problem affects Windows XP, Server 2003, Windows Vista, and Windows Server 2008, but not Windows 7 or Windows Server 2008 R2, the company said.

"We have not seen any attacks against this vulnerability, but proof of concept code is available to attackers, so we recommend customers put this at the top of their priority list," Bryant said.

The third critical item that's being patched is the OpenType Compact Font exploit as part of MS11-007. That particular vulnerability requires end users to load what Microsoft classifies as a "maliciously crafted" font. Bryant explained that the issue had privately been disclosed to the company, and that it was rated a 2 in the Exploitability Index, since Microsoft does not believe a reliable exploit code will show up within the next 30 days.

One tier Lower on the company's deployment priority index (which is how Microsoft dictates to customers the order in which to deploy patches to machines) is the fix to the zero-day vulnerability with the FTP services in IIS 7.0 and 7.5. It too has a rating of 2 in the Exploitability Index, and it makes up part of MS11-004.

Along with those critical and important updates, Microsoft is changing its Autorun functionality when users plug in USB thumb drives. The company is disabling Autorun from USB thumb drives in versions of Windows that are older than Windows 7, which already has such a security feature. That's going out to users as an AutoUpdate in Windows Update.

As mentioned in previous coverage about this month's batch of updates, Microsoft has not offered up more details on long-term fixes for the MHTML vulnerability that cropped up last month and affects Internet Explorer. But according to Jim Walter, the manager of McAfee Threat Intelligence Service, the MHTML problem is smaller than most.

"The scope and impact of the MHTML vulnerability is relatively limited compared to other recent zero-day code execution vulnerabilities," Walter said in a statement. "Based on the information that is currently available, we are aware that successful exploitation could lead to the running of arbitrary scripts, as well as the disclosure of sensitive information."
More details about the list of fixes, and ways to deploy them, can be found in Microsoft's Security Response Center blog.

Did Sony add a rootkit to PS3 firmware update?

2011-02-07T02:02:00.001+03:00

Gamers on a forum accuse Sony of adding a rootkit to its latest version of PlayStation 3 firmware.

Rootkits, in general, have a bad reputation. Security watchers often associate them with malware. In this case specifically, though, the alleged rootkit would allow Sony to peer into users' system files without their knowledge.

A user dubbed N.A., who first mentioned the alleged rootkit last week on the Neogaf forum and cited work performed by developer Mathieulh, alleged that a rootkit in firmware version 3.56 allows Sony to "remotely execute code on the PS3" when users connect to the PlayStation Network. Mathieulh informed people over Internet Relay Chat that the alleged rootkit can be used by Sony for "verifying system files or searching for homebrew." It might also be used as a way to ensure users on the PlayStation Network are using Sony's own firmware.

However, N.A. also pointed out that "Sony hasn't activated any of this yet."

For its part, Sony hasn't made any mention of a rootkit being added to its latest update. A page on the company's site describing the updates in firmware version 3.56 say only that a "security patch has been added." Because of that, it should be noted that the claims made through Internet Relay Chat and forums are unsubstantiated, and there is currently no indication from Sony that a rootkit was added to its PlayStation 3 firmware.

What is clear is that Sony is in the middle of a real battle with jailbreakers who continue to take issue with the way the company safeguards its console. With each new update released by Sony since the company made the decision to end support for "Other OS," allowing folks to run operating systems--typically Linux--on the console, jailbreakers have found ways to run so-called homebrew applications.

PlayStation 3 firmware version 3.55 arguably attracted the most attention after well-known hacker George Hotz, known as his Web name, Geohot, found a way for users to run custom packages on the console. The move prompted Sony to request a restraining order against Geohot to take his solution off the Web. After a lengthy court battle with each side trading shots, Sony was awarded the restraining order last week.

"After consideration of the record and the arguments of counsel, the court finds that a temporary restraining order is warranted," U.S. District Court Judge Susan Illston wrote in a judgment released last week. "Plaintiff has submitted substantial evidence showing that defendant George Hotz has violated the Digital Millennium Copyright Act."

For his part, Hotz contends that his jailbreak shouldn't violate the DMCA. He pointed out that the DMCA allows mobile phone owners to jailbreak their devices without fear of legal recourse. The far-reaching act fails to mention other devices, which allowed Sony to gain the upper hand in its battle against Hotz.

"I think the same precedent should apply," Hotz said in an interview with G4TV last month. "If you can jailbreak one closed system, why can't you jailbreak another?"

It's a sentiment that many in the Neogaf forums agree with. And rather than face the possibility of being locked into Sony's latest firmware, those who believe Mathieulh's claim that a rootkit is in the latest software have warned others not to upgrade to 3.56.

"Official Firmware 3.56 released," an announcement reads on the forum. "Do NOT update."

Sony did not immediately respond to request for comment.

Back in 2005, Sony BMG came under fire for including a rootkit in software on some of the company's CDs. The rootkit was used to limit the widespread reproduction of music CDs at the time. Sony later reversed its stance, offering up a solution to remove the rootkit, and then eventually, recalled CDs with the rootkits installed.

Microsoft to seal 22 security holes this month

2011-02-07T01:53:00.000+03:00

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical.

Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important."

In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution.

Along with the fixes for the rendering engine and the CSS exploit, Microsoft says it will be addressing zero-day flaws that created vulnerabilities in the FTP service found inside of Internet Information Services (IIS) 7.0 and 7.5.

Not included in this month's batch of announced patches is a fix for the recently-discovered script injection attacks that affect Internet Explorer. Acknowledged by the company last week in Security Advisory 2501696, the exploit targeted the way IE handled MHTML on certain types of Web pages and document objects, and could provide hackers with access to user information. According to Wolfgang Kandek, chief technology officer at Qualys, the best route to prevent those attacks

continues to be the workaround Microsoft outlined in its initial security advisory about the problem.

Microsoft has a full list of the pending issues here

Report: Hackers penetrated Nasdaq computers

2011-02-07T01:45:00.001+03:00

Federal authorities are investigating repeated intrusions into the computer network that runs the Nasdaq stock exchange, according to a Wall Street Journal report that cited people familiar with the matter.

The intrusions did not compromise the tech-heavy exchange's trading platform, which executes investors' trades, but it was unknown which other sections of the network were accessed, according to the report.

"So far, [the perpetrators] appear to have just been looking around," one person involved in the Nasdaq matter told the Journal.

The Secret Service reportedly initiated an investigation involving New York-based Nasdaq OMX Group last year, and the Federal Bureau of Investigation has launched a probe as well. Investigators are considering a range of motives for the breach, including national security threat, personal financial gain, and theft of trade secrets, the newspaper reported.

Nasdaq representatives could not be reached for comment.

Investigators have not been able to follow the intruders' path to any specific individual or country, but people familiar with the matter say some evidence points to Russia, according to the report. However, they caution that hackers may just be using Russia as a conduit for their activities.

The Nasdaq, which is thought to be as critical from a security standpoint as the national power grid or air traffic control operations, has been targeted by hackers before. In 1999, a group called "United Loan Gunmen" defaced Nasdaq's public Web site with a story headlined "United Loan Gunmen take control of Nasdaq stock market." The vandalism was quickly erased, and Nasdaq officials said at the time that the exchange's internal network was unaffected.

A malicious addition to a Facebook link

2011-02-06T23:10:00.001+03:00

In the last few days we have discovered that spam messages with malicious links are being sent via instant messenger services. It turns out that the mailings were carried out by the Zeroll IM worm. A bot generated various messages depending on the language of the recipient. Here are a few of them:

“Wie findest du das Foto?”
“seen this?? :D %s”
“This is the funniest photo ever!”
“bekijk deze foto :D”
“uita-te la aceasta fotografie :D”

Like lots of other similar incidents, the cybercriminals have made use of social engineering, asking users to look at pictures with alluring names. At the end of the message there is a link such ashttp://www.facebook.com/l.php?u=********.org/Jenny.jpg. As well as the link to the Jenny.jpg file the messages included similar links to Sexy.jpg.

The page that the http://www.facebook.com/l.php?u= link leads to is not actually malicious – it contains a warning from Facebook telling the user they are leaving the site.

Facebook warning

If you add a link to any random site after ‘l.php?u=’, then a window opens with a warning from Facebook. However, after the user clicks the ‘Continue’ button the link will direct the user to the corresponding site. This mechanism was used by the cybercriminals to make the link to the malicious site look more legitimate.

When the browser redirects to the page ********.org/Jenny.jpg it leads to the file PIC1274214241-JPG-www.facebook.com.exe which is then launched by unsuspecting users. Hereafter, the terms jenny.jpg and sexy.jpg refer to this executable file.

After analyzing jenny.jpg and sexy.jpg it turned out that they were typical downloaders, protected by packers and written in Visual Basic.

Fragment of the downloader code after the jenny.jpg file is unpacked in full

The downloaders’ job is typical for these types of program – download another malicious program to the infected computer. In this case, it’s the file srce.exe. So that the user doesn’t suspect anything, the downloaders also open the picture that was promised in the original spam message. The picture is downloaded from the Internet (the link can be seen in the screenshot).

So what is srce.exe? It’s a dropper + downloader whose outer shell is also written in Visual Basic. It downloads IM-Worm.Win32.XorBot.a which uses Yahoo Messenger to send out messages to users.

So what we have here is a link to a page on Facebook being used in instant messaging spam instead of a direct link to a malicious object. You could say that Facebook is being used a service along the lines of bit.ly: it allows links to be modified so that they are directed via the Facebook domain.

Zeroll is still actively sending out spam. The messages contain links to different files, but with similar names such as Girls.jpg and Marisella.jpg. And even though people already know they shouldn’t just click any old links, even if it was sent by someone on their contact list, it’s worth reminding everyone again. If nothing else, cybercriminals are creative, and the Zeroll spam once again confirms this.

A keygen with a twist

2011-02-06T22:35:00.003+03:00

Programs for cracking commercial software are, sadly, not unpopular. They have also caught the attention of malware writers, who prepared a couple of surprises for those who don’t mind a free ride every now and then.

A short time ago, we detected a Trojan dropper which passes itself off as a key generator for Kaspersky Lab products. The file’s name is kaspersky.exe.

Once launched, the file displays a key generator window prompting the user to select a product. After one of the options is selected, the program proceeds to generate a key.

Keygen window

While the freebie lover is waiting for the result, two pieces of malware that were stealthily installed and launched by the dropper make themselves at home on the PC.

One of these is detected by Kaspersky Lab as Trojan.MSIL.Agent.aor. It steals registration data for other programs, as well as passwords, mostly for online games. It rather considerately stores all the stolen data in one file. A fragment of the file is shown on the screenshot below.

Fragment of a file that is filled in with registration data for the software listed in it

The Trojan also modifies the ‘hosts’ system file to block access to a number of websites. For example, such websites as virustotal.com and virusscan.jotti.org, which offer file scanning by solutions from many antivirus vendors, become inaccessible.

Fragment of a modified hosts file:

##Do not touch this file, changing it will cause SERIOUS damage to your computer
127.0.0.1 virustotal.com
127.0.0.1 www.virustotal.com
127.0.0.1 www.virusscan.jotti.org/
127.0.0.1 www.virusscan.jotti.org/en
127.0.0.1 www.virusscan.jotti.org/en

The second piece of malware installed by the dropper is a typical backdoor which also has keylogger functionality, collecting keystroke data. It is detected as Trojan.Win32.Liac.gfu.

Thus, running a supposed key generator for Kaspersky Internet Security will plant a couple of very real malicious programs on your computer, which KIS will then have to deal with. Provided, of course, that the keys generated by the ‘keygen’ actually work.

Securing a wireless network

2011-02-06T21:40:00.002+03:00

Securing a wireless network

If your wireless network is not secure, a hacker can easily intercept the data you send and receive, or access files saved on your computer – all from the comfort of their own sofa.

Why is it necessary to secure my wireless network?

These days, most computers are wireless-enabled: they let you connect to the Internet without a physical network cable. The major benefit, of course, is that you can use your computer anywhere in the house or office (as long as it’s within range of your wireless router). However, there are potential risks involved in wireless networking - unless you make your network secure:

A hacker could intercept any data you send and receive;
A hacker could get access to your wireless network;
Another person could hijack your Internet access.

Therefore, if your wireless network is not protected, a hacker could intercept any data you send; access your network, and therefore your shared files; use your connection to connect to the Internet - especially significant if you have a download limit on your internet package and your bandwidth is being swallowed up by a hijacker.

How do I secure my wireless network?

There are some simple steps you can take to secure your wireless network and router in order to minimise these risks:

Change the administrator password for your wireless router. It’s easy for a hacker to find out the manufacturer’s default password and use this to access your wireless network. And avoid using a password that can be guessed easily: follow the guidelines provided in the section below on choosing a password.

Switch off SSID (Service Set Identifier) broadcasting, to prevent your wireless device announcing its presence to the world.

Enable encryption in your connection settings: WPA encryption is best, if your device supports it (if not, use WEP encryption).

Change the default SSID name of your device. Again, it’s easy for a hacker to find out the manufacturer’s default name and then use this to locate your wireless network. Avoid using a name that can be guessed easily: you should follow the guidelines provided in the 'Choosing a Password'section.

To secure your wireless network:

Change the administrator password;
Enable WAP or WEP encryption;
Switch off the SSID and change the default name of your wireless router;

Follow the advice above on how to protect from malicious code and hacker attacks.

Passwords

2011-02-06T21:17:00.002+03:00

Passwords

Choosing a good password is vital to being secure online. Just follow a few golden rules, which a surprising amount of people ignore. Three of the most common internet passwords? 'password', 'monkey' and '123456'.

Why are passwords important?

We now use the Internet for a wide range of activities, including online banking, online shopping and online research. Increasingly, we’re also using the Internet to socialise. In the last few years there's been a massive growth in the number of social networking sites such as Facebook, MySpace, etc. We share all kinds of personal details as well as music, pictures, and videos.

Unfortunately, the more personal details we make available, the more exposed we are to online identify theft. Identity theft is when a criminal steals confidential personal data that lets them fraudulently obtain goods and services in your name. A cybercriminal could, for example, open a bank account, obtain a credit card or apply for a driving licence or passport. Or they could simply steal money directly from your bank account.

Given that passwords protect such valuable data, they're clearly very important. You should protect all your online accounts with passwords - but you must be careful when choosing them.

Passwords help safeguard you against identity theft. They make it harder for cybercriminals to profile you, access your bank account (or other online accounts) and steal your money.

Choosing a good password is an important part of lowering the risk of becoming a victim of cybercrime. The following guidelines should help you when choosing passwords for your online accounts.

How to choose secure passwords
Make your passwords memorable, so that you don’t have to write them down or store them in a file on your computer (remember, this file could be stolen by cybercriminals).
Don’t use real words that a hacker or cybercriminal can find in a dictionary.
Use a mixture of uppercase and lowercase letters, numbers and non-alphanumeric characters such as punctuation marks (although the latter are not always allowed).
Don’t recycle passwords, e.g. don’t use 'password1', 'password2', 'password3', etc. for different accounts.
If possible, use a passphrase, rather than a single word.
Don’t use the same password for multiple accounts. If a cybercriminal finds the password to one account, they can use to access other accounts.

How to keep your passwords safe
Don’t use obvious passwords that can be easily guessed, such as your spouse’s name, your child’s name, pet's name, car registration, postcode etc.
Don’t tell anyone your password. If an organisation contacts you and asks for your password, even by phone, don't give them any of your personal details. Remember, you don’t know who’s at the other end of the telephone line.
If an online store, or any web site, sends you an email confirmation that contains a new password, login again and change your password immediately.
Check that your Internet security software blocks attempts by cybercriminals to intercept or steal passwords.

32 Ways to Secure Your Digital Life

2011-02-05T16:59:00.002+03:00

For every freedom and convenience we enjoy in our digital lives, there are countless cyber do-badders looking for ways to exploit them. Fight back with these 32 ways to protect your digital life!

Call us cynical or hard-edged, but we frankly believe that the world is filled with hustlers, grifters, and crooks out to bamboozle us at every turn.

Those suspicions are doubled for our digital lives. For no longer do bunko artists need to trick you into buying that iPad box with a brick in it. Today, they can rip you off by auto pilot. With the deadliness and stealth of a UAV, these scumbags can steal your banking credentials, clone your debit card, or infect your computer. Don't worry about being too paranoid. There's really no such thing as being overly vigilant when it comes to your digital security.

Protect Your Desktop PC

Installing strong, up-to-date security software is a given. But it takes much more than that to defend the epicenter of your digital life.

Keep Your OS Patched

Could real people actually be as clueless as some of those characters we see in movies? Sadly, you need no more evidence of that cliché than the average computer user. Even though he or she knows that an OS update is as critical as, say, nailing boards over your windows in a zombie apocalypse, many choose to ignore the updates until something crawls in and eats their brains.

The most basic security step PC users should take-regardless of OS-is to install the latest updates. Yes, we know, it can be teeth-gritting-especially when the updates are larger than the original OS-but it's necessary for patching holes being used by attackers to squeeze into your PC.

Lose Windows XP

Windows XP was a great operating system but it's now pushing 10 years old and it's a popular target for attacks. Why? It's not as secure as its replacements. It's also where the money is-literally-with 51 percent of computers on the planet running it. Many attacks specifically target XP and ignore Windows Vista and Windows 7 completely. Unless you like to wrench on your OS all day, we recommend that you give XP the retirement it has earned.

Keep Your Applications Patched

Even Microsoft haters have to admit the company has done an admirable job patching its operating systems in a reasonable amount of time. Because of this, many of the weak spots on a PC aren't even the OS anymore, but rather the third-party applications. While Microsoft will patch its own products in Windows Update, it doesn't do squat about anything else. With literally dozens of apps to check for updates every week, you can see where the problem lies. That's why we run Secunia's PSI Scanner (www.secunia.com). The free app runs in the background and checks your installed apps and plugins for available updates and then gives you a link of where to download the patch. The latest beta version will actually install some of the updates for you. The company also offers an online scanner but we don't recommend it because it runs in Java.

Secunia's free PSI app will monitor the dozens of applications installed on your machine for available security patches.

Beware the Usual Suspects

When a massive malware outbreak occurs, you can almost always expect to see these five shifty guys in the police lineup: Flash, Acrobat/Reader, QuickTime, Java, and JavaScript.

Normally we'd say just execute 'em, but it doesn't always work that way. Yes, if you can, simply uninstall these offenders (save JavaScript), but if you must have them, there is a way to at least mitigate some of the damage.

Start by disabling Acrobat/Reader in your browser. In Firefox, go to Tools, then Add-ons, then Plugins, and disable the Acrobat plugin. While you're there, you should also probably disable QuickTime, Java, and even the DivX Web Player if you want to be extra cautious.

Disabling plugins for Acrobat, QuickTime, and other media players can mitigate some of the damage from new zero-day exploits.

To disable these plugins in Chrome, go to Options, Under the Hood, Content Settings, Plugins, and select "Disable individual plugins."

Now, go into the Acrobat app, go to Edit, Preferences, Trust Manager, and uncheck "Allow opening of non-PDF file attachments with external applications." While you're in Preferences, click the JavaScript option and uncheck "Enable Acrobat JavaScript." Also click on Internet and uncheck "Display PDF in browser." Or just dump the whole thing for Foxit Reader (www.foxitsoftware.com).

For QuickTime, start the player, dig into Edit, Preferences, QuickTime Preferences, Browser, and uncheck "Play movies automatically."

To mitigate the damages from Adobe Flash, consider running the FlashBlock extension in Firefox and Chrome. This will prevent Flash from being displayed on a page. In its place will be a place holder that, when clicked, will play the Flash content.

Disabling JavaScript unilaterally can be problematic, as it breaks many sites. Still, for the paranoid, there is a way. The NoScript extension for Firefox is the leading contender. Chrome has no such extension, but you can go to Tools, then Options, then Content Settings, then JavaScript, and select "Do not allow any site to run JavaScript." This will place a small icon in the address bar that will let only your favorite sites run JavaScript. Disabling JavaScript in Chrome can be wonky, but it's worth investigating if you want to avoid one of the primary ways crooks are targeting you.

Use a Virtualized Browser

Since the vast majority of attacks are coming from the browser, one of the safest ways to surf the web is from a virtualized browser or a virtual machine. Dell offers its free KACE browser (www.kace.com), which virtualizes Firefox 3.6 along with Adobe Reader and Flash. Malware that exploits holes in Firefox, Reader, or Flash would be contained within the virtual machine. The bad news? If you do get an infection and need to flush the virtual Firefox, you lose all of your settings. That includes the numerous updates to Firefox that come out seemingly every month and any bookmarks and plugins you installed. An alternative is to build a virtual machine using either Virtual PC 2007 (www.microsoft.com) or VM Ware Player (www.vmware.com). Both are free, and both Microsoft and VM Ware offer free images that include browsers. Microsoft offers Vista and XP with IE8 installed and VM Ware offers Ubuntu with Firefox installed. Of the three options, VM Ware's is the most solid but folks not used to Linux might be thrown for a loop. Microsoft's images time out after three months, so you'll have to download it again.

Get a Second Opinion

Do you really know if that file is truly untainted? Many malware writers are specifically crafting wares to avoid detection by antivirus suites. If you have a file that you need to run, we recommend that you incubate it for a few days or a few weeks if possible. This gives security software a chance to catch up to any new exploit. We then recommend that you get a second opinion from Virustotal.com. This website lets you upload a file to be scanned by two dozen AV engines. Just remember that malware writers are also using tools such as Virustotal.com to see if their wares can pass muster, so long incubations are key.

Unshorten Those URLs

Shortened URLs can conveniently turn unwieldy web address into bite-size morsels, but they can also disguise a link to a malware-ridden site. Though many of the URL shortening services check for malicious websites, it's usually better to verify a shortened URL's destination. For that, we use Longurlplease.com. It supports 81 shortening services. As for cryptic shortened URLs, visit Virustotal.com to have the address checked by six URL analysis engines.

Although many URL shortening services claim to scan for malware, it's probably best to lengthen those URLs before you click on them, using Longurlplease.com.

Run in a Standard User Account

Running as an administrator in a Windows OS is a bit like giving someone the right to walk into your home and rummage through every nook and cranny. One easy way to avoid or greatly limit damage from malware is to always run with standard user rights. As with all things, this is no guarantee against harm. Some malware, even when executed in a standard user account, can grant itself administrator privileges and still run rampant through your PC, but running as a standard user minimizes risk.

Running in standard user mode in a Windows OS has proven to be useful in beating back malware attacks.

Use a Live CD/Linux Distro to Do Banking

That Windows is the number one target for cybercrime and mischief is not news to any of us-naturally, owning 95 percent of the market makes it an obvious target. That's why we agree with security journalist Brian Krebs (http://krebsonsecurity.com) that members of the most at-risk group should do online banking with a Linux Live CD. You can do your gaming and other Windows-based computing booted from your hard drive. But once you have to go into secure mode, whip out your Live CD and boot to it. Numerous Linux builds are available, but the most popular, and among the easiest, is Ubuntu.

Restrict PC Access for Others

So, you've created this incredibly secure moat, ringed with razor wire, claymores, and mines. And then you let your 14-year-old nephew play some Flash games or "check email." Right. The best solution is to have visitors use a separate, secured guest PC. But if they must use your machine, make sure you have the guest account activated. Another option is to have them use a virtual machine. Once they're done, simply shut down the VM and erase any trace of their activities. Or have them use your HTPC, where they're working in the open instead of being left alone in your office.

PHYSICAL SECURITY: Put Your Laptop on Lockdown

Kensington's new ClickSafe key lock makes it an easy one-step process to secure your laptop from snatch-and-grabs.

Obviously, all the same security risks and safety recommendations that apply to your desktop computer also apply to your laptop. But your laptop carries the added risk of being stolen. And let's face it: If you haven't encrypted all your sensitive data or been diligent about backups, the loss of your laptop could be mighty painful. One way to prevent the potentially dire consequences is to use a laptop lock.

The vast majority of notebooks have a slot to accommodate a physical locking mechanism-it's usually designated by a padlock icon. The lock itself is attached to a reinforced cable which cannot be easily cut without the aid of a large and very noticeable set of bolt cutters. The cable is either bolted to the floor-in your office at work, for instance-or looped around a substantial or immovable object. Kensington is one of the biggest names in cable-lock makers, and offers both combination and key locks, priced at $25 and $50, respectively.

Protect Your Network

Keep your digital bits out of the hands of baddies.

Use Google Public DNS

If the crooks can't convince you to visit their phony-baloney banking webpage, the next step is to get you there against your will. One way to do that is to poison the DNS cache you're using. The DNS server translates URLs into IP addresses. By exploiting flaws in the DNS software, crooks are able to redirect you to any sight of their choice-even if you typed in the correct URL of your bank.

Bypass your ISP's DNS for one that's likely faster and more secure, Google DNS.

To avoid this, we recommend switching from your ISP's DNS to Google's public DNS (http://bit.ly/7Ti5tM). It's free and the company has implemented many of the recommended safeguards against cache poisoning. To change the DNS on your client PC, go to Network Connections, right-click on your connection, and double-click Internet Protocol. Then simply enter the preferred DNS of 8.8.8.8 and alternate of 8.8.4.4 and click OK.

Conduct Personal Business at Home

You want a simple reason not to check your personal email at work? Someone in your network could be using a so-called "man in the middle" attack to spy on you. Whether by exploiting ARP cache poisoning, session hijacking, or some other technique, MITM attacks let a crook steal the credentials issued to your machine and then fool, say, Yahoo or Gmail into thinking he's you.

At work, with hundreds of computers and a network that stretches the coasts, you really wouldn't know where the MITM attack is coming from. This risk negates the possibility that your corporate network is more secure than your home network. So, assuming you have secured your home Wi-Fi (or don't use wireless) and that the other machines on your home LAN are secure, save your personal email and banking for home.

Secure Your Wireless

Quick, what's the most secure wireless available today? None. OK, we jest, but probably no wireless protocol is 100 percent secure. But just because there's a theoretical way to break the latest wireless encryptions doesn't mean you should be using the weakest form. The weakest, of course, is WEP. Easily broken in under a minute by anyone capable of reading an Internet how-to, WEP is far less secure than WPA or WPA2. If you're running WEP because some old hardware doesn't support WPA2, consider junking the old equipment or upgrading your router to one that supports guest networks. This lets you keep your internal network behind WPA2, while keeping guests roped off with the weaker WEP protocol to access the Internet. If you're running WPA2, the adage in security circles is that the longer and more randomized the key, the better.

Although not a guarantee, you can also set up your router's wireless to only accept connections from known MAC addresses. These are the unique IDs assigned to each computer's network card. The hole there is that an intruder could easily spoof a MAC address from a trusted client to still access your wireless network.

Check Each Machine's Shares and Services

You can check what files are shared on a machine by right-clicking My Computer, selecting Manage, and clicking Shared Folders. Great, now how do you do it for all of the machines on your network? One way is to use NetBrute Scanner (www.rawlogic.com). This free utility will scan your internal network and report on shared resources that are available.

Scan Your Network for Intruders and Piggybackers

If a neighbor has broken into your network so he or she could download movie torrents, how would you know? Since most home networks use DHCP, go into your browser's setup screen and check the DHCP screen to see how many IP addresses are assigned. Then, try to match those up with the systems on your network. If you have more IP addresses assigned than devices (remember that your smartphone will eat an IP address if it's using Wi-Fi), you may have an intruder. Another option is to use RogueScanner (www.paglo.com), a free tool that will query devices on your network and compare them to an online database of devices to help you identify the machines.

Running an internal port scan may help reveal intruders freeloading on your network's bandwidth.

So what do you do if you have an intruder or suspect one? Since the person has likely infiltrated your network via wireless, you'll want to lock down your wireless by switching to WPA2 and using a very long and very random key.

Smartphone Security

It's a lot smaller than your desktop PC, but the risks are just as big.

Hang on Tight

Currently, the number one threat to smartphone users is having the device end up in the wrong hands, through theft or loss. Your first line of defense, therefore, is constant vigilance regarding your smartphone's whereabouts.

Use a Password and Encryption

Should your phone get lost or stolen, a good first layer of protection is a password, an option many phone users neglect. Choose the strongest password option available-a passphrase, for instance, rather than a four-digit code or swipe pattern. Encryption options vary among mobile OSes, but when possible, you should encrypt your storage card as well as your device memory.

Back Up Your Data

Just as with a PC, backing up your smartphone is important. Regularly synching the device to a linked computer will do the trick. It's insurance against the loss of your phone, corruption of your OS, or any other event that jeopardizes your data.

Don't Store Sensitive Data

The surest way to guard your sensitive data is to keep it off your smartphone altogether. Minimize the number and/or days of emails you store on your phone, or better yet, save email and attachments to a server. Make it a habit to regularly move or delete anything you wouldn't want to share with strangers.

Practice App Awareness

An abundance of apps is both a blessing and a curse for smartphones-there is no way every app that makes it to market can be thoroughly vetted for 100 percent fail-safe security. By selecting reputable apps, backed by favorable user reviews, from a trusted source, you can diminish the risks. Avoid apps with scant reviews or that have only recently been uploaded. Also be cautious when granting an app permissions; consider the app's function and what it might reasonably need access to.

Keep Software/Firmware Updated

Make sure you are running the latest versions of your apps, OS, and phone manufacturer software and firmware. This will ensure that any security holes are patched and your device is less vulnerable to hacks.

Disable Bluetooth and Wi-Fi When Not in Use

Unsecured wireless networks can be used by hackers to either attack your phone or steal information from it. You can protect yourself by keeping Wi-Fi and Bluetooth off when you don't need them. When wireless is needed, stick to known Wi-Fi networks using WPA2 and beware of public networks, which are sometimes set up by crooks to snare people's data.

When using Bluetooth, make sure it's in non-discoverable mode to avoid hacks like "Bluesnarfing" (stealing data), "Bluejacking" (sending unsolicited messages), and "Bluebugging" (listening in on your calls).

Beware of Links and Attachments

You've long been warned about the risks of opening strange links and attachments-particularly those arriving in unsolicited emails or text messages. All those same warnings apply to smartphones. And those warnings also apply to calling unfamiliar phone numbers received in messages, and clicking links for app "updates." You can ensure the authenticity of an update by going to the app's website.

SMARTPHONE AV: Add Extra Protection with a Third-Party Security App

Currently, smartphone malware infections are rare-nothing like what you see with PCs. But as proliferation of the devices grow, expect viruses, worms, and trojans to become more of an issue. To combat these threats, you need third-party software, and if you're like the majority of smartphone users, you don't have it. But even if malware isn't a pressing problem at the moment, a security app can offer other useful benefits, such as browsing protection, telephone and text-message spam blocking, and theft-protection features like locking down, wiping, or even locating a stolen phone.

You can find mobile security apps by many of the big names in PC protection. Independent security testing lab AV Comparatives (www.av-comparatives.org) recently evaluated mobile apps from ESET, F-Secure, Kaspersky, and Trend Micro and gave them all "Approved" designations. See the full report at http://bit.ly/cGRySZ.

Webmail Safety

In today's connected landscape where we enjoy Internet access not only from our desktops and notebooks, but also from our smartphones, tablets, and even our portable media players, it's easy to see why free-to-use webmail has become so popular. Most webmail accounts now offer several gigabytes of storage space, effectively turning us into digital pack rats.

Everything you choose to save-from sensitive email exchanges to confidential attachments-is not only accessible to you, but anyone who manages to figure out your password, whether by brute force dictionary attacks or by answering a series of weak security questions. And it's not just your email history that's in danger; an unsecure webmail account opens the door to other security breaches, like using your email account to send spam and spread viruses. Here are some ways you can avoid becoming just another statistic.

Create a Burly Password

Your webmail account is only as secure as your password, so use a strong one. The best way to do this is to use a combination of letters, numbers, and even symbols if your webmail provider allows. Avoid using real words at all costs, as these are easily cracked by any teenage hacker using a brute force dictionary script. For particularly sensitive accounts, use a random password generator (http://bit.ly/bf9oB2).

Use Multiple Passwords

The key to your house doesn't unlock your car door, nor does it work with your safety deposit box. If it did, you'd be three feet deep in dung if it ever fell into the wrong hands, and the same concept applies to your digital accounts. In practice, most people tend to use the same password for various accounts, and that's a rookie mistake. Use a different password for your email than you do your bank account, forum login, and whatever else you do online. If you have trouble keeping track of them all, store your passwords in a virtual safe, like KeePass (free, http://keepass.info).

Log Out/Leave No Trace

It might be slightly inconvenient to log out of your webmail and clear your browser cache, but if your notebook ends up lost or stolen, you'll be glad you did. And if there are others around, log out and close your browser before heading off for a bathroom break.

About Security Questions

Answering security questions can save your bacon if you forget your login credentials, but keep in mind that anyone who knows you well can probably guess the correct answer(s). Only rely on these if the questions are particularly personal in nature, or if you're allowed to create your own that are not easily guessable. And, for God's sake, don't publish that information in your Facebook profile. There's no point in having a security question of what city where you born in, or what your pet's name is if your public profile gives the answer away.

The human factor and information security

2011-02-04T19:49:00.002+03:00

The human factor and information security

Computer security as a system
People are part of the system
Security vulnerabilities and some examples
Conclusion

This article has not been written in order to scare users, or to push them into buying security software for their computers. It's simply an attempt to share some thoughts which have come to mind in my work as a virus analyst, while analysing code, reading a range of forums and articles, and numerous daily messages from readers asking for help.

Computer security as a system

Information security cannot be thought of as a single, discrete, entity; it's a whole range of measures, and should be viewed as a system. Information security is as complex as any other system which combines a number of different aspects and approaches, none of which can be regarded as more or less important. This means that no single aspect or approach can be disregarded; if one area or part of the system is ignored, the system will not function correctly.

Information security differs very little from security in general. After all, no one would install a heavy security door with a pick-proof lock on a garden shed. Similarly, a car can have excellent tires, but if the brakes are faulty, the car will be unsafe. Protection against cyber threats works on the same principle: all possible weak points should be secured, whether on a desktop computer, an organization's server or a corporate network. Data should also be accessed via secure paths, although I'm not going to discuss how any of this should be done in this article. Those who work with information should also be viewed as a part of the system, a link in the chain which ensures both data exchange and the security of the system overall.

People are part of the system

There's a wide variety of security software available, including firewalls, intrusion detection systems, antivirus solutions etc. Each type of software is designed to perform very specific functions, and using such software will help protect a system. However, even using the very best software, which implements the most advanced technology and the most secure algorithms, cannot guarantee 100% system security. This is because people are involved in the development and implementation of software, and people make mistakes. Consequently people, who are a part of any system, are always going to be the weak point in a security system.

The human factor is the underlying reason why many attacks on computers and systems are successful. Of course, there are a great many specific examples. Let's take a look at how and why hackers, virus writers and other malicious users exploit the human factor, using people as the chosen method to penetrate systems.

Security vulnerabilities and some examples

A lot of users don't understand that using software which contains vulnerabilities poses a genuine security risk to their computer or system. The majority of users see their computer as a black box; they don't understand how it works, and in reality, they don't really want to. They want to use computers in the same way as a vacuum cleaner, a fridge, a washing machine, or any other household appliance, without having to understand how the appliance performs its function. And many users think that viruses, hackers, and other cyber threats are simply the invention of security software vendors. In some ways, who can blame them, given that some of those working in the security industry regard viruses as 'something that happen to stupid users' and antivirus software is simply a waste of money. "I'll simply install an operating system which isn't susceptible to viruses, and software without any vulnerabilities, and then I'll have nothing to worry about" so goes the theory.

Underestimating the severity of potential threats is only part of the problem, however. The human factor also comes into play in creating and implementing security policies and procedures, and many potentially exploitably loopholes appear at the drafting stage.

The security of wireless networks is in a lamentable state due to the fact that errors were made when wireless protocols were being developed. There are as much written about secure programming as there are program errors; however, I'm sure while programmers and testers will continue to identify loopholes which already exist, new ones will continue, albeit inadvertently, to be created. And even the most carefully developed software has to be implemented, which again brings humans into the equation: the best firewall in the world will not protect your system if you have a poorly trained system administrator.

While I was writing this article, a worm was gaining ground on the Internet. Lupper spreads via known vulnerabilities, and if an administrator regularly reads vulnerability alerts and installs patches promptly, the system won't be vulnerable to Lupper. This is standard for all worms. The usual scenario is that a vulnerability advisory is issued, but most people don't pay much attention to it; then proof of concept code is released showing how the vulnerability can be created, but the majority of users still don't understand the gravity of the situation and take no action. Lupper follows this pattern, and confirms the fact that security issues are not taken seriously enough at an early stage.

Another example of an irresponsible approach to security is how users treat confidential information. An analogous situation in everyday life: who would leave their keys in the outside lock, or hang them on a hook where anyone could take them? No-one, of course. But lots of systems use an empty password, or the users' name as a password, making it extremely easy to access the system. As an alternative, let's take the scenario where the administrator requires users to have passwords which are difficult to guess, and therefore better from a security point of view. This is all well and good, in theory, but I've often seen such 'secure' passwords written on a piece of paper and left lying on the user's desk, or stuck to the monitor. It's not surprising that malicious users take advantage of this situation.

Another human failing which malicious users exploit to the full is curiousity. The vast majority of us have encountered email worms at some time and know that these worms arrive as attachments to infected messages. Sending the worm out is only half the battle, however, for the virus writer or malicious user. The worm then has to be activated in order to spread further, and this is done by opening the attachment. You might thing that users have become wary of attachments to unexpected messages, and consequently don't open them. Unfortunately, the cyber criminals and vandals know how to pique users' curiosity. An intriguing message referring to the attachment will be opened by the majority of users, as the graph below shows:

Why do you open suspicious attachments?

Interestingly, in spite of the fact that antivirus vendors constantly stress that suspicious attachments shouldn't be opened, the number of users who open these attachments remains stable. This can be explained by the fact that virus writers are constantly finding new ways to exploit human curiosity and gullibility.

However, email worms don't only spread attached to messages. Recently, users have been receiving a ling to the body of the worm, rather than the worm file itself. The user is still part of the activation process, and has to be persuaded to click on the link in order to launch the worm. It seems that this is very simple: let's take Email-Worm.Win32.Monikey, which sends emails like the one shown below:

Email sent by Email-Worm.Win32.Monikey

At first glance, this seems to be a perfectly normal email, telling the user that s/he has received an e-greetings card. It's logical for the user to click on the link in order to view the card, and the malicious users who have sent the email are counting on this: the unsuspecting user, in trying to view the alleged card, will launch the worm. So what is the answer? How can malicious emails be distinguished from genuine emails? The screenshot below is a legitimate email sent out by the POSTCARD.RU service:

Email sent by POSTCARD.RU.

Firstly, it should be highlighted that the email shown in screenshot 1 uses HTML code - this is used to mask the URL of the address where the worm is place, making it appear to be a link to POSTCARD.RU. Screenshot 2 shows the email from POSTCARD.RU which includes a warning, stating that all emails from POSTCARD.RU are in plain text only; any message containing HTML is not legitimate, and potentially malicious. If the user wants to view their card, they should copy the link into their browser - a genuine link will then cause the e-card to be displayed. Under no circumstances should users click on HTML links; in this case, as in many others, this opens a site containing malware, which will then be activated.

A similar approach has been used recently in a spam mailing. Messages stated 'If you wish to unsubscribe from our mailing list, please click on the link below'. You might ask what the problem is - of course users don't want to receive mountains of spam, and will try and use the link to unsubscribe. When the user clicks on the link, an HTML page is opened, which alledgedly checks the subscriber database, and then displays a message saying 'Your address has been removed'. However, this is all an illusion - in actual fact, two malicious programs will be downloaded to the victim machine:Trojan-Dropper.Win32.Small.gr and Trojan-Spy.Win32.Banker.s. There's a clear lesson here - spammers are not going to worry about users wants and needs, and once they have got hold of an address, that address will receive spam regardless of any attempts to unsubscribe. In fact, attempts to unsubscribe usually result either in more spam, or in malicious code being downloaded. The best way to deal with spam is simply to delete the unwanted messages.

The summer of 2005 brought a new type of mass mailing, with cleverly designed emails which targeted a clear group. Malicious users started spamming corporate email addresses with messages appearing to come from the user's manager. This was done by spoofing the address field. However, the real return address, which couldn't be seen, was the malicious user's address. Of course, conscientious employees are highly likely to do as they are told by their manager, and would therefore open the attachment and launch the malicious program. It should be noted that such incidents don't receive much publicity; those responsible for security in organizations which are targeted usually attempt to prevent the information from reaching the wider world.

When malicious code is mass mailed, the senders often play on the popularity of antivirus solutions. This kills two birds with one stone: the user launches the malicious program, and antivirus vendors are discredited. This last point should be emphasised - if users receive enough messages appearing to be from antivirus companies, sooner or later they will start to think that the antivirus companies are sending out infected updates, and will stop updating their antivirus solutions. This, of course, makes antivirus software lose most of its efficacy. It must be stressed that no antivirus company distributes updates via mass mailing, and users should not install programs which arrive by email on their machines. Email-Worm.Win32.Swen successfully used this approach by presenting itself as a security patch issued by Microsoft. The worm managed to infect several hundred thousand computers around the world as users installed the alleged patch. The worm's authors had carefully waited for the moment when users would be most likely to install a security patch, having been frightened by the recent Lovesan incident.

This case shows how virus writers exploit events in the world at large in order to infect more machines. They do this extremely quickly and effectively - recent cases include mass mailings of Trojans following the terrorist bombings on the London underground, the power cuts in Moscow, and Hurricane Katrina in the USA in 2005. The messages sent made reference to these and other disasters in order to entice users to open attachments or click on links.

Malicious code for instant messaging programs (ICQ, Miranda etc.) takes a very similar approach.

How do computers get infected by instant messaging malware? More often than not, the malicious user sends a link to the body of the worm, which is activated once the user clicks on the link. In order to get users to click on the link, the same methods are used as with email. However, in some cases cyber criminals have gone further, as Trojan-PSW.Win32.LdPinch shows. The authors decided that having received the link, the recipient would probably want to chat, or at least say thank you. They developed a bot which would generate likely answers to be sent to the recipients' questions or phrases.

In spite of these new, more sophisticated methods, virus writers haven't forgotten about an older, tried and tested one - using links, which differ only slightly from trusted addresses and where the difference is not obvious at a first, cursory glance (e.g. changing an I to an |). This continues to be used as it is an effective way of enticing users into clicking on links. An example of this was detected in summer 2005, when we intercepted a worm which spread via MSN Messenger. The link sent by the worm, http://www.vbulettin.com/xxxxxxx, supposedly led to the site of a well regarded antivirus publication. Unsurprisingly, many users trusted this link, not realizing that Virus Bulletin is actually located at www.virusbtn.com, clicked, and activated the worm.

The user receives the malicious program in some form or another in all the cases mentioned above. Although many users do launch the programs, some heed repeated warnings, and don't click on links or open attachments. Consequently, virus writers need to find other, more effective methods, to reach these security conscious users. It would be far more effective if the user didn't receive anything directly, but simply picked up the malicious program while surfing the web. Due to this, there has been an increase in the number of sites which have been compromised and had malicious programs placed on them. Malicious users naturally choose popular sites, often those of well-known companies. Although malicious programs placed on compromised sites usually only stay there a few days before they are removed, this is long enough for thousands of machines to be infected.

One example of this is the email worm Monikey, which was mentioned above. Infected messages contain a link to the site where the body of the worm had been placed. The worm was placed on totally legal sites, and we haven't managed to establish exactly how this was done. However, we suspect that accounts which could be used to access the sites were stolen and the data used by the authors of Monikey. It's surprising that the administrators of compromised sites, although they removed the body of the worm, didn't block the accounts which had been misused. And the worm continues to appear on the same sites which often display the following announcement, assuring users that the site owners did not carry out any mass mailing, explaining that the site has been compromised, and apologizing for the inconvience.

Announcement on compromised site

Cyber vandals from Nizhni Novgorod came up with an even more inventive method of distributing their malicious code via the Internet. They offered webmasters, who agreed to place a Trojan on their site, 6 cents for every machine infected by the Trojan. It's a cause for some concern that a fair number of webmasters agreed to do this.

All of the above shows that users are under considerable threat in a variety of ways when surfing the Internet.

There are of course other ways of exploiting human nature, and the topic of social engineering deserves a separate article. Sometimes malicious users don't know where to start when trying to penetrate a system. One tried and tested method is to get to know someone within the target organization. This provides a foothold to conduct a range of attacks, often without resorting to technology, but simply by exploiting human fallibility. For instance, a potential hacker may call the organization being targeted, state that s/he is an employee, and be given a variety of information, ranging from telephone numbers to IP addresses. This information can then be used to attack the organization's network.

Conclusion

Computers are becoming ever more widely used in every area of life. THe potential profits to be made from cybercrime are also increasing, and techniques used by cyber criminals are consequently evolving rapidly.

Creating a reliable and effective security system in the modern world is not at all easy. There are so many potential weak points that detecting new security loopholes and patching them is an unending process. New technologies are taking the place of old ones, and are being used to solve today's problems - but these new technologies have their own drawbacks. But hackers, virus writers and malicious users are inventing new tricks in order to evade the security software currently being used. The result is a continued stand off between cyber criminals and security professionals, with only intermittent success for the security industry. However, users have the ability to swing the balance one way or the other: unfortunately the unpredictability (or predictability) of human behaviour can bring the most concerted efforts made to secure systems to nothing.

Despite this, I hope that this article may cause some readers to consider information security in more depth, and to pay more attention to security issues.

AVG Anti-Virus Free Edition for Linux

2011-02-04T16:55:00.000+03:00

AVG ANTI-VIRUS FREE EDITION FOR LINUX

Basic antivirus protection for Linux/FreeBSD available to download for free. Free virus protection for your PC. For private and non-commercial use only.


Name	Version	Type	Size
AVG Server Edition for Linux (avg85flx-r863-a3205.i386.deb)	8.5.0863	deb	88 MB
AVG Server Edition for Linux (avg85flx-r863-a3205.i386.rpm)	8.5.0863	rpm	88 MB
AVG Server Edition for Linux (avg85flx-r863-a3205.i386.sh)	8.5.0863	sh	88 MB
AVG Server Edition for Linux (avg85flx-r863-a3205.i386.tar.gz)	8.5.0863	tar.gz	88 MB
AVG Server Edition for FreeBSD (avg85ffb-r863-a3205.i386.tar.gz)	8.5.0863	tar.gz	89 MB

AVG LINKSCANNER® FOR MAC

2011-02-04T16:21:00.002+03:00

AVG LINKSCANNER® FOR MAC

Web protection for your Mac

Online criminals are getting smarter, but we're one step ahead of them. Now you can surf, search, email, shop, and social network knowing that the pages you visit are safe. AVG LinkScanner® checks each web page in real time before it opens on your Mac. If it sees trouble ahead, it stops you. It's easy to use, won't get in your way and it's FREE.

DOWNLOADFIND OUT MORE

AVG LINKSCANNER® FOR PC

2011-02-04T16:00:00.004+03:00

AVG LINKSCANNER® FOR PCExtra web protection, no matter what antivirus software you use

LinkScanner® keeps you safe wherever you go online by actively checking links and web pages in real time the only time it matters - before you click that link. LinkScanner® also places safety ratings next to your search results, allowing you to assess the safety of a site before visiting it.

DOWNLOADFIND OUT MORE

AVG Anti-Virus Free Edition 2011

2011-02-04T15:36:00.002+03:00

Basic protection for surfing, searching and social networking

Millions of people around the world use AVG Anti-Virus Free for their basic online activities. Whether it's surfing the Internet, conducting web searches, or simply keeping up with friends on Facebook, AVG Anti-Virus Free has got you covered.

AVG Anti-Virus Free Edition 2011 allows you to:

Surf and search with confidence AVG LinkScanner's® real-time protection .
Stay protected on social networks with AVG Social Networking Protection.
Enjoy a faster running PC AVG Smart Scanning works while you're away and runs in low-priority mode when you return .

Stay up-to-date with the latest threat information from the AVG Community Protection Network and AVG Protective Cloud Technology

Download

Avest ! free antivirus

2011-02-03T19:39:00.003+03:00

Our avast! Free Antivirus often outperforms our competitors´ paid products and is the minimum protection you should have — it provides great protection against viruses and spyware. But for best protection against the latest and constantly changing internet threats, upgrade to avast! Internet Security.

Download

ESET SysInspector

2011-02-03T16:00:00.005+03:00

ESET SysInspector® is a free, state of the art diagnostic tool for Windows systems. It is also an integral part of ESET Smart Security 4 and ESET NOD32 Antivirus 4. It peers into your operating system and captures details such as running processes, registry content, startup items and network connections. Once a snapshot of the system is made, ESET SysInspector applies heuristics to assign a risk level for each object logged. Its intuitive graphical user interface enables the user to easily slice through the large volume of data using a slider to select objects of a particular color coded risk level for closer examination. ESET SysInspector is a convenient utility for the tool box of every IT expert and first responder.

Key Benefits

Ability to generate and save a detailed log to be used by an IT expert or uploaded to an online forum for diagnosis
Option to exclude private, personal information from being saved in logs
Integrated Anti-Stealth technology allows discovering hidden objects (e.g. rootkits) in MBR, registry entries, drivers, services and processes
Ability to compare two existing logs for differences makes it easy to detect changes over time
Log entries are assigned a color code risk level for easy filtering
Intuitive hierarchical navigation of logs
Fast and compact single file executable, ideal for first responders to run from a USB drive without lengthy installation

Download

ESET SysInspector (32-bit)

Microsoft® Windows® 7/Vista/XP/2008 R2/2008/2003 R2/2003/2000

Version: 1.2.026, File size: 2.55 MB, Changelog

Download

ESET SysInspector (64-bit)**

Microsoft® Windows® 7/Vista/XP/2008 R2/2008/2003 R2/2003

Version: 1.2.026, File size: 3.23 MB, Changelog

Download

** Note for 64-bit users:

64-bit Windows Operating System is required for these installations. Typically these are found in servers and high-end workstations with high processing power. Be sure to check your operating system carefully before downloading the 64-bit version.

Free Antivirus Utilities

2011-02-03T14:41:00.007+03:00

ESET Online Scanner

ESET Online Scanner is a user friendly, free and powerful tool which you can use to remove malware from any PC utilizing only your web browser without having to install anti-virus software. ESET Online Scanner uses the same ThreatSense® technology and signatures as ESET Smart Security/ESET NOD32 Antivirus, and is always up-to-date.

Fast and Easy-to-Use: The scanner is installed and activated by a single click.
Always Up-to-Date: Uses the most current threat signatures and heuristic detection algorithms available from ESET's Threat Lab.
Comprehensive Malware Detection: Detects both known and unknown forms of malware, such as viruses, worms, Trojans, phishing and spyware.
Deep Scans: Scans inside archive files and runtime packed executables.
Cleaning: Cleans systems that became infected while running other security programs and allows easy troubleshooting and repair of many malware-related problems.
Privacy: The Online Scanner can be used anonymously. Contact information is not required to use the free service.

IMPORTANT: Administrator privileges are required to run ESET Online Scanner

MicroSecurity

How to protect your Facebook account from hackers, spammers and clowns

How to protect your data privacy on social networks

WiFi + Airport = Lost password

iPhone passwords succumb to researchers' attack

Data theft attacks besiege oil industry, McAfee says

Sandboxing to come in Avast 6

Firefox beta to Web: 'Do Not Track'

McAfee: Mobile threats on the rise

Microsoft patches Windows, IE

Did Sony add a rootkit to PS3 firmware update?

Microsoft to seal 22 security holes this month

Report: Hackers penetrated Nasdaq computers

A malicious addition to a Facebook link

A keygen with a twist

Securing a wireless network

Securing a wireless network If your wireless network is not secure, a hacker can easily intercept the data you send and receive, or access files saved on your computer – all from the comfort of their own sofa.

Why is it necessary to secure my wireless network?

How do I secure my wireless network?

To secure your wireless network:

Passwords

Why are passwords important?

How to choose secure passwords

How to keep your passwords safe

32 Ways to Secure Your Digital Life

Protect Your Desktop PC

Keep Your OS Patched

Lose Windows XP

Keep Your Applications Patched

Beware the Usual Suspects

Use a Virtualized Browser

Get a Second Opinion

Unshorten Those URLs

Run in a Standard User Account

Use a Live CD/Linux Distro to Do Banking

Restrict PC Access for Others

PHYSICAL SECURITY: Put Your Laptop on Lockdown

Protect Your Network

Use Google Public DNS

Conduct Personal Business at Home

Secure Your Wireless

Check Each Machine's Shares and Services

Scan Your Network for Intruders and Piggybackers

Smartphone Security

Hang on Tight

Use a Password and Encryption

Back Up Your Data

Don't Store Sensitive Data

Practice App Awareness

Keep Software/Firmware Updated

Disable Bluetooth and Wi-Fi When Not in Use

Beware of Links and Attachments

SMARTPHONE AV: Add Extra Protection with a Third-Party Security App

Webmail Safety

Create a Burly Password

Use Multiple Passwords

Log Out/Leave No Trace

About Security Questions

The human factor and information security

The human factor and information security

Computer security as a system

People are part of the system

Security vulnerabilities and some examples

Conclusion

AVG Anti-Virus Free Edition for Linux

AVG ANTI-VIRUS FREE EDITION FOR LINUX

AVG LINKSCANNER® FOR MAC

AVG LINKSCANNER® FOR MAC

AVG LINKSCANNER® FOR PC

AVG Anti-Virus Free Edition 2011

Avest ! free antivirus

ESET SysInspector

Key Benefits

Download

ESET SysInspector (32-bit)

Microsoft® Windows® 7/Vista/XP/2008 R2/2008/2003 R2/2003/2000

Version: 1.2.026, File size: 2.55 MB, Changelog

ESET SysInspector (64-bit)**

Microsoft® Windows® 7/Vista/XP/2008 R2/2008/2003 R2/2003

Version: 1.2.026, File size: 3.23 MB, Changelog

Securing a wireless network

If your wireless network is not secure, a hacker can easily intercept the data you send and receive, or access files saved on your computer – all from the comfort of their own sofa.