Security

How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc. ...

Jerome Segura, a Security Analyst at ParetoLogic of Victoria, B.C., Canada, just posted a nice piece on computer security practices with a different perspective in his “Malware Diaries” Blog. He begins his list of security tips by considering four classes of users: the pre-baby boomers: These folks rarely touched a computer in their lives and if they did, kudos! Typical use: Work, Solitaire, Printing stuff. the early and late baby boomers: They have been interacting with computers pre-Internet and have good notions but lack the ‘modern day stuff’. Typical use: Work, e-mail, Online searches. the 70’s – 80’s users: These guys are definitely into computers, maybe a bit more gaming and such. They possess quite a good sense of computing. Typical use: Games, Work, E-mail, Online Dating, Forums 90’s to present: Some of them were born with a computer or handheld device. Their lives would not be possible without the MSN, Skype and more recently all the social engineering glitter. Typical use: Twittering, Facebooking, Online shopping. then makes further distinctions by level of security knowledge and awareness: ...

Lately, a Google work at home scam has been plastering its way throughout the Internet. The scam site is designed to look like a convincing news paper article and is currently circulating heavily through social networks (hacked and spam accounts) and ad networks. Example of the scam wall post on Facebook from a hacked account: The scam site: ...

SafetyAntispyware is a new rogue anti-spyware application. However, the functionality follows the same pattern as other rogues. First, it will detect some fake infections. Then it will ask the user to license the product to remove these “threats”. It will also keep reminding the user about these fake infections and will urge the user to activate the software. ...

Sunbelt analyst Adam Thomas came across this ugly new social engineering technique when he analyzed the DefenceLab rogue security product. It does the usual scare-ware stuff: a fake scan and fake “Windows Security Center” alert: Then it directs the potential victim to a Microsoft Support page, but injects html code into the page in his or her browser to make it appear as though Microsoft is suggesting the purchase of the rogue. This is the real Microsoft page: ...

Three basic types of firewalls are available for you to choose from: Software firewalls Hardware routers Wireless routers To determine which type of firewall is best for you, answer these questions and record your answers: How many computers will use the firewall? What operating system do you use? (This might be a version of Microsoft Windows, Apple Macintosh, or Linux.) That’s it. You are now ready to think about what type of firewall you want to use. There are several options, each with its own pros and cons. ...

Checklist: Protecting your business, your employees and your customers Do Unsubscribe from legitimate mailings that you no longer want to receive. When signing up to receive mail, verify what additional items you are opting into at the same time. De-select items you do not want to receive. Be selective about the Web sites where you register your email address. Avoid publishing your email address on the Internet. Consider alternate options – for ex-ample, use a separate address when signing up for mailing lists, get multiple addresses for multiple purposes, or look into disposable address services. Using directions provided by your mail administrators report missed spam if you have an option to do so. Delete all spam. Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages. Always be sure that your operating system is up-to-date with the latest updates, and em-ploy a comprehensive security suite. Consider a reputable antispam solution to handle filtering across your entire organization such as Symantec Brightmail messaging security family of solutions. Keep up to date on recent spam trends by visiting the Symantec State of Spam site which is located here. Do Not Open unknown email attachments. These attachments could infect your computer. Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam. Fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details via email. When in doubt, contact the company in question via an independent, trusted mechanism, such as a veri-fied telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message). Buy products or services from spam messages. Open spam messages. Forward any virus warnings that you receive through email. These are often hoaxes.

A firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. A personal firewall differs from a conventional firewall in terms of scale. Personal firewalls are typically designed for use by end-users. As a result, a personal firewall will usually protect only the computer on which it is installed. Many personal firewalls are able to control network traffic by prompting the user each time a connection is attempted and adapting security policy accordingly. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted. ...

There are good reasons to be suspicious of e-mail. Some e-mail messages might be phishing scams, some might carry viruses. Images in spam e-mail might turn out to be pornographic, or to include Web beacons, which can be adapted to secretly send a message back to the sender. Follow these guidelines to help protect yourself when suspicious mail shows up in your Inbox. If you receive a phishing e-mail message, do not respond to it. Don’t open junk mail at all If an e-mail looks suspicious, don’t risk your personal information by responding to it. Delete junk e-mail messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk. Don’t reply to e-mail unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.” Do not “unsubscribe” unless the mail is from a known or trusted sender. Use the junk mail tools in your e-mail program. For example, Windows Live Hotmail gives you the option to unsubscribe from mail that you previously had trusted or requested. This sends a notice back to the sender to have you removed from their list, while at the same time automatically adding the sender to your block list. Approach links in e-mail messages with caution Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL. ...

A few clues can help you spot fraudulent e-mail messages or links within them. What does a phishing e-mail look like? Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data. Phishing e-mail messages take a number of forms: They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site. They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don’t respond. They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages. They might include links to spoofed Web sites where you are asked to enter personal information. Here is an example of what a phishing scam in an e-mail message might look like. ...