Security

We recently alerted our readers to spam campaigns using the H1N1 vaccination program to prompt recipients to open the mail. And we have frequently mentioned that crooks love to take advantage of news, disasters, and other events. Now that the final draw for the FIFA World Cup in South Africa next year has taken place, it is time to remind you that sports events are no exception to the rule. I’ve already found some examples. The first is a fake lottery. In this case, the source claims the recipient has won a large sum of money from the South African Football Association. After contacting the lottery manager, the victim of the scam will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. Don’t expect to ever see a payment. ...

Sunbelt analyst Adam Thomas came across this ugly new social engineering technique when he analyzed the DefenceLab rogue security product. It does the usual scare-ware stuff: a fake scan and fake “Windows Security Center” alert: Then it directs the potential victim to a Microsoft Support page, but injects html code into the page in his or her browser to make it appear as though Microsoft is suggesting the purchase of the rogue. This is the real Microsoft page: ...

Conficker (also known as Downadup) has dominated security headlines for months. Today — April 1, 2009 — media coverage peaks because variant Conficker.C is programmed to check a larger set of domain names for update instructions. The worm has not melted the internet overnight, but the attention is useful if it pushes lagging patches out the door. Defense is mostly discipline, not mystery. How It Spreads Conficker exploits failures administrators have warned about for years: ...

It’s not possible to emphasise enough the importance of using sensible passwords on your network. Not just on the areas of your network that you don’t want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003. One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords. ...

Treat your passwords with as much care as you treat the information that they protect. Use strong passwords to log on to your computer and to any site where you enter your credit card number, or any financial or personal information—including social networking sites. Never provide your password over e-mail or in response to an e-mail request. Internet “phishing” scams use fraudulent e-mail messages to entice you to reveal your user names and passwords, steal your identity, and more. Learn more about phishing scams. Do not type passwords on computers that you do not control Computers such as those in Internet cafes, computer labs, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Cyber criminals can purchase keystroke logging devices which gather information typed on a computer, including passwords. Don’t reveal passwords to others Keep your passwords hidden from friends or family members (especially children) who could pass them on to other, less trustworthy individuals. Protect any recorded passwords Don’t store passwords on a file in your computer, because criminals will look there first. Keep your record of the passwords you use in a safe, secure place. Use more than one password Use different passwords for different Web sites and services.

Communicating by using an instant messaging (IM) program has some of the same security and privacy risks as e-mail, but there are a few dangers that are unique to IM. Never open pictures, download files, or click links in messages from people you don’t know. If they come from someone you do know, confirm with the sender that the message (and its attachments) is trustworthy. If it’s not, close the instant message. ...

Social networking Web sites like MySpace, Facebook, Twitter, and Windows Live Spaces are services people can use to connect with others to share information like photos, videos, and personal messages. As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic. Read these tips to help protect yourself when you use social networks. Use caution when you click links that you receive in messages from your friends on your social Web site. Treat links in messages on these sites as you would links in e-mail messages. ...

Strong passwords are important protections to help you have safer online transactions. Keys to password strength: length and complexity An ideal password is long and has letters, punctuation, symbols, and numbers. Whenever possible, use at least 14 characters or more. The greater the variety of characters in your password, the better. Use the entire keyboard, not just the letters and characters you use or see most often. Create a strong password you can remember There are many ways to create a long, complex password. Here is one way that may make remembering it easier: ...

Three basic types of firewalls are available for you to choose from: Software firewalls Hardware routers Wireless routers To determine which type of firewall is best for you, answer these questions and record your answers: How many computers will use the firewall? What operating system do you use? (This might be a version of Microsoft Windows, Apple Macintosh, or Linux.) That’s it. You are now ready to think about what type of firewall you want to use. There are several options, each with its own pros and cons. ...

Checklist: Protecting your business, your employees and your customers Do Unsubscribe from legitimate mailings that you no longer want to receive. When signing up to receive mail, verify what additional items you are opting into at the same time. De-select items you do not want to receive. Be selective about the Web sites where you register your email address. Avoid publishing your email address on the Internet. Consider alternate options – for ex-ample, use a separate address when signing up for mailing lists, get multiple addresses for multiple purposes, or look into disposable address services. Using directions provided by your mail administrators report missed spam if you have an option to do so. Delete all spam. Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages. Always be sure that your operating system is up-to-date with the latest updates, and em-ploy a comprehensive security suite. Consider a reputable antispam solution to handle filtering across your entire organization such as Symantec Brightmail messaging security family of solutions. Keep up to date on recent spam trends by visiting the Symantec State of Spam site which is located here. Do Not Open unknown email attachments. These attachments could infect your computer. Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam. Fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details via email. When in doubt, contact the company in question via an independent, trusted mechanism, such as a veri-fied telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message). Buy products or services from spam messages. Open spam messages. Forward any virus warnings that you receive through email. These are often hoaxes.