Net Safety Guide

Lots of Updates to do

Andrew — Wed, 14 Apr 2010 13:53:31 +0000

Updates are being release today by Microsoft, Adobe, and Oracle. Probably the most important thing that you can do to keep yourself secure on the Internet is to keep your system up to date. And this means both the Operating System and the applications (Windows and Adobe Reader in this case).

More details about the updates can be found at Network World.

Comodo Firewall: Annoying But Useful

Andrew — Thu, 11 Feb 2010 13:58:24 +0000

If you want to boost your safety on the Internet and you run Windows, you really should use a personal firewall, often called a software firewall. This is a program that runs on your computer and provides protection that goes beyond the firewalls that are built into Windows. A recent article reviewed one of the best personal firewalls, Comodo Firewall, and found it to be somewhat annoying (especially when it installs extra “features”) but very effective.

Personal firewalls are important because they not only protect against bad traffic coming into your computer, they also protect against bad traffic leaving your computer. So, if a bad program gets installed somehow and attempts to “phone home”, perhaps with stolen data, then the firewall should detect this and alert you.

The annoying thing with personal firewalls is that you have to teach it what programs are good ones to allow those to communicate with the Internet, and which ones to block. This takes some time and patience, but the level of protection is worth it.

Twitter Password Resets

Andrew — Wed, 03 Feb 2010 16:03:35 +0000

Twitter is sending out messages to a number of users requesting that they change their passwords.

It seems that they have detected some unusual activities in a number of accounts and they suspect fraudulent use. It appears that someone has been creating malware-laden Internet services and collecting usernames and passwords. Since people have a bad habit of using the same username and password for different services, so credentials gathered in one attack can be used to attack another service (in this case Twitter).

The message is to update your Twitter password if you receive a notice or suspect your account could be compromised (go directly to https://twitter.com), and use a separate, strong password for each service you use.

Security Features in Windows 7

Andrew — Tue, 02 Feb 2010 13:42:25 +0000

Windows 7 has some good security features that make it a worthwhile investment.

A recent article in Network World has outlined some of the features you should know about:

internal code protection
hard drive and portable drive encryption
IE 8 (although Firefox is often a better choice because it is targeted less often)
free antivirus programs
application restrictions for untrusted users
better user account control and security dialogues
better backup and restore

Upgrading Applications Important for Security

Andrew — Sun, 31 Jan 2010 19:30:58 +0000

Whenever I travel and cross borders, the agents ask where I am going to or coming from. When I tell them that I attend Internet Security conferences, it usually starts a long conversation.

A recent one was a border agent in Philadelphia who had just bought a new computer. He had bought an antivirus package and wanted to know if he had bought a good one — he had. He also wanted to know what else he should be doing to keep himself safe.

I mentioned keeping the operating system up-to-date, and he knew that was important. But I also mentioned keeping the applications up-to-date (Office package, Adobe applications, etc.) and he did not know this was important. He was not aware that the application updates he was offered were important for security.

So I explained how the bad guys had often moved on from attacking the operating system to attacking the applications because they are often easier targets.

Hopefully, one more computer system is now a little bit safer because of a random encounter in the airport.

Creating Good Passwords

Andrew — Sat, 23 Jan 2010 15:48:00 +0000

Here are some good tips are creating secure passwords.

IE patch is out, do it now

Andrew — Fri, 22 Jan 2010 14:01:50 +0000

The patch for IE that fixes the flaw used in the Aurora attack from China has now been released.

You should apply the update now because the flaw is being used in dozens of attacks host on a wide range of web sites you might visit.

And, as always, my advice is not to run IE, but instead use Firefox or Chrome.

Internet Explorer Flaws Being Exploited

Andrew — Sun, 17 Jan 2010 04:26:41 +0000

The Internet Explorer flaw that allowed recent attacks against Google, Adobe, and others has now been published. Until the flaw is fixed, you should be using Firefox or another alternate browser.

The IE flaw is serious, especially for Windows XP systems running IE 6. The flaw allows bad guys to run programs on machines after a victim simply visits a rigged web site. These bad programs recently allowed attackers to roam around a number of corporate networks and steal valuable software code (an attacked being called “Aurora”).

Beware of Trojan Dialers on Mobile Phones

Andrew — Sun, 17 Jan 2010 01:27:37 +0000

CA is reporting bad Java programs for mobile phones that run-up large telephone bills.

Once these bad programs are installed on mobile phones (perhaps by being disguised as a useful application or an offer for free porn), they will send SMS messages to high cost numbers and run-up large bills. As always, be careful about what you install on your electronic devices.

Gmail Made Secure by Default

Andrew — Thu, 14 Jan 2010 01:33:36 +0000

Google has announced that their gmail service will now use secure https connections by default. Prior to this change, you had to select an option to enable https connections.

This is important because without the secure connection your interactions with gmail could be intercepted on insecure networks. This means that when you use WiFi networks at coffee shops and other public locations, people could eavesdrop on your interactions with gmail. This will not longer be a risk for when using gmail.

Time to Update Facebook Privacy Settings

Andrew — Thu, 10 Dec 2009 01:01:24 +0000

Facebook is making changes to their privacy settings system. This means that it is time to review and set all your privacy options, including the options for your profile, search, newsfeed, and applications.

The most important change is to the “everyone” setting. “Everyone” now includes everyone connected to the Internet, even if they are not logged into Facebook. This includes search engines and any other Internet service that wants to use Facebook data. You will need to think about how widely you want to share information about yourself.

Beware When Filing Taxes Online

Andrew — Tue, 08 Dec 2009 23:29:29 +0000

Even filing taxes can be a risky activity on the Internet. In 2006, a scammer lured people to false tax sites and convinced them to file their tax returns there. He then changed the bank information and diverted the refunds to his own account.

Maxim Maltsev, 24, of the Siberian city of Novosibirsk, ran the caper while he was living in the sunnier climes of San Diego in 2006, according to court records. Maltsev used a spam campaign to trick people into submitting their tax returns to his fake e-filing site. Before re-submitting them to a real e-filing website, he modified the returns to direct the refunds into bank accounts he and his accomplices opened at several San Diego banks.

This fraudster was caught, but we always have to be careful when reading email messages. It is best to not click on links provided in emails, but instead navigate directly to the site.

Don’t Accept All Friend Requests

Andrew — Tue, 08 Dec 2009 05:36:05 +0000

Be careful when you receive friend requests on social network sites such as Facebook. When you accept someone as a friend, you are giving away a lot of personal, private information (e.g., name, birth date, school, workplace, location) depending on your privacy settings. This information could be used by identity thieves.

To illustrate the problem, Sophos did an experiment on Facebook where they created two fictitious identities, one using a picture of a rubber duck, and sent out friend requests to random people.

This time we created two female Australian Facebook users, Daisy Feletin 21, single and Dinette Stonily 56, married. Each sent a friend request to 100 randomly-selected contacts in their age group, and waited two weeks to see who would respond.

The results were that about 43% of the Facebook users accepted the friend requests from these random strangers and, in doing so, they often revealed a lot of private information.

When making friends online, make sure you really know them and think about what information you are sharing. Learn the privacy settings available in the service, and check them every once in a while.

Fake Swine Flu Emails

Andrew — Thu, 03 Dec 2009 15:56:46 +0000

Fake email messages are circulating pretending to be information about H1N1 vaccinations from the Centers for Disease Control.

The email messages point the reader to a fake web site, which in turn invites you to download a tool to create a vaccination profile. This tool is actually a bad program, the Zeus Trojan, which attempts to steal bank information.

Fake Flash Player Upgrades

Andrew — Thu, 26 Nov 2009 16:50:43 +0000

Watch for fake Flash Player upgrades arriving by email.

There are nasty email messages circulating that offer to upgrade the security mode of your inbox. If you click on the link provided in the message, you will be asked to upgrade your Flash Player. This is not a true upgrade, but instead a Trojan Horse program designed to steal financial data.

The email requests that recipients click on a link in the body of the email to update the “security mode” of their emailboxes, according to researchers at Red Condor, an email security tool vendor.

Users who click on the link are taken to a Website that advises them to update to the latest version of the Macromedia Flash Player by downloading “flashinstaller.exe.” This executable is actually a banking Trojan that is known to disable firewalls, steal sensitive financial data, and provide hackers with remote access capabilities, Red Condor says.

Testing AntiVirus Programs

Andrew — Wed, 25 Nov 2009 15:28:19 +0000

Antivirus programs are not all the same — some do better than others at detecting known and new malware.

In a recent round of testing, G Data Antivirus performed the best:

…an impressive 99.95 percent block rate for traditional, signature-based detection of known malware, a rate better than that of any other app we tested. It was likewise strong at blocking annoying adware, running up a 99.8 percent score, and these strengths helped it earn top billing.

The reviewers found it slightly more complicated to use than other programs, but worth the effort. The second place finisher was Norton Antivirus.

Choosing a Strong Password

Andrew — Tue, 24 Nov 2009 18:12:11 +0000

Choosing a password that is difficult to guess is very important for maintaining your security.

You can try a variety of techniques for creating a good password that is easy to remember, or you can use a password manager to generate strong passwords for you and store them away. This article provides some good advice… Choose a strong password

Another Vulnerability in Internet Explorer

Andrew — Tue, 24 Nov 2009 16:49:21 +0000

Microsoft has confirmed another vulnerability in its Internet Explorer (IE) web browser.

This one is related to how the browser handles style sheets and the flaw could allow bad guys to run bad programs on your computer. IE 6 and IE 7 are vulnerable but apparently IE 8 is OK. If you must use these older versions of IE, then set your security level for the Internet zone to HIGH and watch for patches from Microsoft.

It is very important that you keep your browser software up to date, so get IE 8. I also recommend running Firefox or Google Chrome instead of IE since they have fewer of these kinds of problems.

Simple Safety Tips for Kids

Andrew — Fri, 20 Nov 2009 01:56:24 +0000

I am always on the lookout for some clear, simple Internet safety tips that can be taught to children to help them avoid luring by predators and becoming infected with bad programs.

Tomorrow is Universal Children’s Day and in recognition…

Panda Security has drawn up a list of practical guidelines to help children avoid these dangers and use the Internet and social networks more safely.

Beware of Twilight Web Sites

Andrew — Fri, 20 Nov 2009 01:35:35 +0000

The bad guys are taking advantage of another cultural trend, this time the popularity of the Twilight movies.

If you search for the Twilight New Moon film on the Internet, some of the results will point to web sites run by the bad guys. One trick is to warn you that your PC is infected with a virus and encourage you to download an anti-virus program.

As always, be very careful of candy offered by strangers, and keep your garlic handy.