|
Title: Cyber Security Post by: OldFatGuy on October 18, 2008, 07:24AM This is the first in our new series of Cyber Security articles. We hope you find something helpful here. We'll start a separate thread for questions and comments.
Debunking Some Common Myths There are some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself. How are these myths established? There is no one cause for these myths. They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source. As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true. Why is it important to know the truth? While believing these myths may not present a direct threat, they may cause you to be more lax about your security habits. If you are not diligent about protecting yourself, you may be more likely to become a victim of an attack. What are some common myths, and what is the truth behind them? * Myth: Anti-virus software and firewalls are 100% effective. Truth: Anti-virus software and firewalls are important elements to protecting your information. However, neither of these elements is guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk. * Myth: Once software is installed on your computer, you do not have to worry about it any more. Truth: Vendors may release patches or updated versions of software to address problems or fix vulnerabilities. You should install the patches as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important. * Myth: There is nothing important on your machine, so you do not need to protect it. Truth: Your opinion about what is important may differ from an attacker's opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people. * Myth: Attackers only target people with money. Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage. * Myth: When computers slow down, it means that they are old and should be replaced. Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, you may be experiencing a denial-of-service attack or have spyware on your machine. Title: Re: Cyber Security Post by: OldFatGuy on October 25, 2008, 07:42AM Understanding Hidden Threats: Rootkits and Botnets
Attackers are continually finding new ways to access computer systems. The use of hidden methods such as rootkits and botnets has increased, and you may be a victim without even realizing it. What are rootkits and botnets? A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it. Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected. Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks. Why are they considered threats? The main problem with both rootkits and botnets is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect. Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms. What can you do to protect yourself? If you practice good security habits, you may reduce the risk that your computer will be compromised: * Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software. * Install a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send. Some operating systems actually include a firewall, but you need to make sure it is enabled. * Use good passwords - Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. Do not choose options that allow your computer to remember your passwords. * Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. * Follow good security practices - Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection. Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem, and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator. As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system. Title: Re: Cyber Security Post by: OldFatGuy on November 05, 2008, 09:08AM Using Caution with USB Drives
USB drives are popular for storing and transporting data, but some of the characteristics that make them convenient also introduce security risks. What security risks are associated with USB drives? Because USB drives, sometimes known as thumb drives, are small, readily available, inexpensive, and extremely portable, they are popular for storing and transporting files from one computer to another. However, these same characteristics make them appealing to attackers. One option is for attackers to use your USB drive to infect other computers. An attacker might infect a computer with malicious code, or malware, that can detect when a USB drive is plugged into a computer. The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer. Some attackers have also targeted electronic devices directly, infecting items such as electronic picture frames and USB drives during production. When users buy the infected products and plug them into their computers, malware is installed on their computers. Attackers may also use their USB drives to steal information directly from a computer. If an attacker can physically access a computer, he or she can download sensitive information directly onto a USB drive. Even computers that have been turned off may be vulnerable, because a computer's memory is still active for several minutes without power. If an attacker can plug a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer's memory, including passwords, encryption keys, and other sensitive data, onto the drive. Victims may not even realize that their computers were attacked. The most obvious security risk for USB drives, though, is that they are easily lost or stolen. If the data was not backed up, the loss of a USB drive can mean hours of lost work and the potential that the information cannot be replicated. And if the information on the drive is not encrypted, anyone who has the USB drive can access all of the data on it. How can you protect your data? There are steps you can take to protect the data on your USB drive and on any computer that you might plug the drive into: * Take advantage of security features - Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information backed up in case your drive is lost. * Keep personal and business USB drives separate - Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer. * Use and maintain security software, and keep all software up to date - Use a firewall, anti-virus software, and anti-spyware software to make your computer less vulnerable to attacks, and make sure to keep the virus definitions current. Also, keep the software on your computer up to date by applying any necessary patches. * Do not plug an unknown USB drive into your computer - If you find a USB drive, give it to the appropriate authorities (a location's security personnel, your organization's IT department, etc.). Do not plug it into your computer to view the contents or to try to identify the owner. Title: Re: Cyber Security Post by: OldFatGuy on November 15, 2008, 06:01PM Avoiding the Pitfalls of Online Trading
Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim. What is online trading? Online trading allows you to conduct investment transactions over the internet. The accessibility of the Internet makes it possible for you to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) you have to devote to managing these accounts and transactions. What are the risks? Recognizing the importance of safeguarding your money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage's database makes it valuable; this information can be traded or sold for personal profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code. Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks. With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince you to provide them with financial information that they can then use or sell. If you have been victimized, both your money and your identity may be at risk. How can you protect yourself? · Research your investment opportunities - Take advantage of resources such as the U.S. Securities and Exchange Commission's EDGAR database and your state's securities commission (found through the North American Securities Administrators Association) to investigate companies. · Be wary of online information - Anyone can publish information on the internet, so try to verify any online research through other methods before investing any money. Also be cautious of "hot" investment opportunities advertised online or in email. · Check privacy policies - Before providing personal or financial information, check the web site's privacy policy. Make sure you understand how your information will be stored and used. · Make sure that your transactions are encrypted - When information is sent over the Internet, attackers may be able to intercept it. Encryption prevents the attackers from being able to view the information. · Verify that the web site is legitimate - Attackers may redirect you to a malicious web site that looks identical to a legitimate one. They then convince you to submit your personal and financial information, which they use for their own gain. Check the web site's certificate to make sure it is legitimate. · Monitor your investments - Regularly check your accounts for any unusual activity. Report unauthorized transactions immediately. · Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, because attackers are continually writing new viruses, it is important to keep your virus definitions current. · Use anti-spyware tools - Spyware is a common source of viruses, and attackers may use it to access information on your computer. You can minimize the number of infections by using a legitimate program that identifies and removes spyware. · Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Enable automatic updates if the option is available. · Evaluate your security settings - By adjusting the security settings in your browser, you may limit your risk of certain attacks. The following sites offer additional information and guidance: * U.S. Securities and Exchange Commission - http://www.sec.gov/investor/pubs/cyberfraud.htm (http://www.sec.gov/investor/pubs/cyberfraud.htm) * National Consumers League - http://www.fraud.org/tips/internet/investment.htm (http://www.fraud.org/tips/internet/investment.htm) Title: Re: Cyber Security Post by: OldFatGuy on November 20, 2008, 06:37PM In light of some recent events, I decided to post this week's essay a little early.
Dealing with Cyberbullies Bullies are now taking advantage of technology to intimidate and harass their victims. Dealing with cyberbullying can be difficult, but there are steps you can take. What is cyberbullying? Cyberbullying refers to the new, and growing, practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are new tools that can be applied to an old practice. Forms of cyberbullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyberbullying is a growing problem in schools. Why has cyberbullying become such a problem? The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it easier to be more vicious because there is no personal contact. Unfortunately, the internet and email can also increase the visibility of the activity. Information or pictures posted online or forwarded in mass emails can reach a larger audience faster than more traditional methods, causing more damage to the victims. And because of the amount of personal information available online, bullies may be able to arbitrarily choose their victims. Cyberbullying may also indicate a tendency toward more serious behavior. While bullying has always been an unfortunate reality, most bullies grow out of it. Cyberbullying has not existed long enough to have solid research, but there is evidence that it may be an early warning for more violent behavior. How can you protect yourself? * Be careful where you post personal information - By limiting the number of people who have access to your contact information or details about your interests, habits, or employment, you reduce your exposure to bullies that you do not know. This may limit your risk of becoming a victim and may make it easier to identify the bully if you are victimized. * Avoid escalating the situation - Responding with hostility is likely to provoke a bully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, if you are receiving unwanted email messages, consider changing your email address. If the bully does not have access to the new address, the problem may stop. If you continue to get messages at your new account, you may have a stronger case for legal action. * Document the activity - Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy. * Report cyberbullying to the appropriate authorities - If you are being harassed or threatened, report the activity to the local authorities. Law enforcement agencies have different policies, but your local police department or FBI branch are good starting points. Unfortunately, there is a distinction between free speech and punishable offenses, but the legal implications should be decided by the law enforcement officials and the prosecutors. Depending on the activity, it may also be appropriate to report it to school officials who may have separate policies for dealing with activity that involves students. Protect your children by teaching them good online habits. Keep lines of communication open with your children so that they feel comfortable telling you if they are being victimized online. Reduce their risk of becoming cyberbullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.). Title: Re: Cyber Security Post by: OldFatGuy on December 06, 2008, 11:54AM 'Tis the season..............
Shopping Safely Online Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online. Why do online shoppers have to take special precautions? The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else. How do attackers target online shoppers? There are three common ways that attackers can take advantage of online shoppers: · Targeting vulnerable computers - If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases. · Creating fraudulent sites and email messages - Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information. · Intercepting insecure transactions - If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted. How can you protect yourself? · Use and maintain anti-virus software, a firewall, and anti-spyware software - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files · Keep software, particularly your web browser, up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. · Evaluate your software's settings - The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need. · Do business with reputable vendors - Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. · Take advantage of security features - Passwords and other security features add layers of protection if used appropriately. · Be wary of emails requesting information - Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. · Check privacy policies - Before providing personal or financial information, check the web site's privacy policy. Make sure you understand how your information will be stored and used. · Make sure your information is being encrypted - Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a lock icon in the bottom right corner of the window. · Use a credit card - Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can further minimize damage by using a single credit card with a low credit line for all of your online purchases. · Check your statements - Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately. Title: Re: Cyber Security Post by: OldFatGuy on January 16, 2009, 06:45AM What is spyware?
Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes. Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications: • What information is being gathered? • Who is receiving it? • How is it being used? How do you know if there is spyware on your computer? The following symptoms may indicate that spyware is installed on your computer: • you are subjected to endless pop-up windows • you are redirected to web sites other than the one you typed into your browser • new, unexpected toolbars appear in your web browser • new, unexpected icons appear in the task tray at the bottom of your screen • your browser's home page suddenly changed • the search engine your browser opens when you click "search" has been changed • certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form) • random Windows error messages begin to appear • your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.) How can you prevent spyware from installing on your computer? To avoid unintentionally installing it yourself, follow these good security practices: • Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the title bar instead of a "close" link within the window. • Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the title bar. • Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs. • Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating. As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action: • Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting. How do you remove spyware? • Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically. • Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Webroot's SpySweeper, PestPatrol, and Spybot Search and Destroy. • Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems. Title: Re: Cyber Security Post by: OldFatGuy on January 28, 2009, 07:36AM Understanding Web Site Certificates
You may have been exposed to web site, or host, certificates if you have ever clicked on the padlock in your browser or, when visiting a web site, have been presented with a dialog box claiming that there is an error with the name or date on the certificate. Understanding what these certificates are may help you protect your privacy. What are web site certificates? If an organization wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. Some steps you can take to help determine if a site uses encryption are to look for a closed padlock in the status bar at the bottom of your browser window and to look for "https:" rather than "http:" in the URL. By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit anything. If a web site has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organization. When you type a URL or follow a link to a secure web site, your browser will check the certificate for the following characteristics: 1. the web site address matches the address on the certificate 2. the certificate is signed by a certificate authority that the browser recognizes as a "trusted" authority Can you trust a certificate? The level of trust you put in a certificate is connected to how much you trust the organization and the certificate authority. If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you want to visit is actually the site that you are visiting. However, unless you personally verify that certificate's unique fingerprint by calling the organization directly, there is no way to be absolutely sure. When you trust a certificate, you are essentially trusting the certificate authority to verify the organization's identity for you. However, it is important to realize that certificate authorities vary in how strict they are about validating all of the information in the requests and about making sure that their data is secure. By default, your browser contains a list of more than 100 trusted certificate authorities. That means that, by extension, you are trusting all of those certificate authorities to properly verify and validate the information. Before submitting any personal information, you may want to look at the certificate. How do you check a certificate? There are two ways to verify a web site's certificate in Internet Explorer or Mozilla. One option is to click on the padlock in the status bar of your browser window. However, your browser may not display the status bar by default. Also, attackers may be able to create malicious web sites that fake a padlock icon and display a false dialog window if you click that icon. A more secure way to find information about the certificate is to look for the certificate feature in the menu options. This information may be under the file properties or the security option within the page information. You will get a dialog box with information about the certificate, including the following: • who issued the certificate - You should make sure that the issuer is a legitimate, trusted certificate authority (you may see names like VeriSign, thawte, or Entrust). Some organizations also have their own certificate authorities that they use to issue certificates to internal sites such as intranets. • who the certificate is issued to - The certificate should be issued to the organization who owns the web site. Do not trust the certificate if the name on the certificate does not match the name of the organization or person you expect. • expiration date - Most certificates are issued for one or two years. One exception is the certificate for the certificate authority itself, which, because of the amount of involvement necessary to distribute the information to all of the organizations who hold its certificates, may be ten years. Be wary of organizations with certificates that are valid for longer than two years or with certificates that have expired. When visiting a web site, you may have been presented with a dialog box that claims that there is an error with the site certificate. This may happen if the name the certificate is registered to does not match the site name, you have chosen not to trust the company who issued the certificate, or the certificate has expired. You will usually be presented with the option to examine the certificate, after which you can accept the certificate forever, accept it only for that particular visit, or choose not to accept it. The confusion is sometimes easy to resolve (perhaps the certificate was issued to a particular department within the organization rather than the name on file). If you are unsure whether the certificate is valid or question the security of the site, do not submit personal information. Even if the information is encrypted, make sure to read the organization's privacy policy first so that you know what is being done with that information. Title: Re: Cyber Security Post by: OldFatGuy on February 08, 2009, 04:36PM Defending Cell Phones and PDAs Against Attack
As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device. What unique risks do cell phones and PDAs present? Most current cell phones have the ability to send and receive text messages. Some cell phones and PDAs also offer the ability to connect to the internet. Although these are features that you might find useful and convenient, attackers may try to take advantage of them. As a result, an attacker may be able to accomplish the following: * abuse your service - Most cell phone plans limit the number of text messages you can send and receive. If an attacker spams you with text messages, you may be charged additional fees. An attacker may also be able to infect your phone or PDA with malicious code that will allow them to use your service. Because the contract is in your name, you will be responsible for the charges. * lure you to a malicious web site - While PDAs and cell phones that give you access to email are targets for standard phishing attacks, attackers are now sending text messages to cell phones. These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file. * use your cell phone or PDA in an attack - Attackers who can gain control of your service may use your cell phone or PDA to attack others. Not only does this hide the real attacker's identity, it allows the attacker to increase the number of targets. * gain access to account information - In some areas, cell phones are becoming capable of performing certain transactions (from paying for parking or groceries to conducting larger financial transactions). An attacker who can gain access to a phone that is used for these types of transactions may be able to discover your account information and use or sell it. What can you do to protect yourself? * Follow general guidelines for protecting portable devices - Take precautions to secure your cell phone and PDA the same way you should secure your computer. * Be careful about posting your cell phone number and email address - Attackers often use software that browses web sites for email addresses. These addresses then become targets for attacks and spam. Cell phone numbers can be collected automatically, too. By limiting the number of people who have access to your information, you limit your risk of becoming a victim. * Do not follow links sent in email or text messages - Be suspicious of URLs sent in unsolicited email or text messages. While the links may appear to be legitimate, they may actually direct you to a malicious web site. * Be wary of downloadable software - There are many sites that offer games and other software you can download onto your cell phone or PDA. This software could include malicious code. Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate. If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it. * Evaluate your security settings - Make sure that you take advantage of the security features offered on your device. Attackers may take advantage of Bluetooth connections to access or download information on your device. Disable Bluetooth when you are not using it to avoid unauthorized access. Title: Re: Cyber Security Post by: OldFatGuy on March 15, 2009, 07:15AM Coordinating Virus and Spyware Defense
Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems. Isn't it better to have more protection? Spyware and viruses can interfere with your computer's ability to process information or can modify or destroy data. You may feel that the more anti-virus and anti-spyware programs you install on your computer, the safer you will be. It is true that not all programs are equally effective, and they will not all detect the same malicious code. However, by installing multiple programs in an attempt to catch everything, you may introduce problems. How can anti-virus or anti-spyware software cause problems? It is important to use anti-virus and anti-spyware software. But too much or the wrong kind can affect the performance of your computer and the effectiveness of the software itself. Scanning your computer for viruses and spyware uses some of the available memory on your computer. If you have multiple programs trying to scan at the same time, you may limit the amount of resources left to perform your tasks. Essentially, you have created a denial of service against yourself It is also possible that in the process of scanning for viruses and spyware, anti-virus or anti-spyware software may misinterpret the virus definitions of other programs. Instead of recognizing them as definitions, the software may interpret the definitions as actual malicious code. Not only could this result in false positives for the presence of viruses or spyware, but the anti-virus or anti-spyware software may actually quarantine or delete the other software. How can you avoid these problems? * Investigate your options in advance - Research available anti-virus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes, and try to find out how frequently the virus definitions are updated. Also check for known compatibility issues with other software you may be running on your computer. * Limit the number of programs you install - Many vendors are now releasing packages that incorporate both anti-virus and anti-spyware capabilities together. However, if you decide to choose separate programs, you really only need one anti-virus program and one anti-spyware program. If you install more, you increase your risk for problems. * Install the software in phases - Install the anti-virus software first and test it for a few days before installing anti-spyware software. If problems develop, you have a better chance at isolating the source and then determining if it is an issue with the software itself or with compatibility. * Watch for problems - If your computer starts processing requests more slowly, you are seeing error messages when updating your virus definitions, your software does not seem to be recognizing malicious code, or other issues develop that cannot be easily explained, check your anti-virus and anti-spyware software. Title: Re: Cyber Security Post by: OldFatGuy on March 26, 2009, 06:58AM Beware Conficker worm come April 1
Windows users - click here (http://tech.yahoo.com/blogs/null/128643/beware-conficker-worm-come-april-1/). And thank to Bill/CWFan2 for the heads up. Title: Re: Cyber Security Post by: OldFatGuy on March 27, 2009, 06:10PM SAN FRANCISCO (AP) - The fast-moving Conficker computer worm, a scourge of the Internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday - April Fools' Day.
That's when many of the poisoned machines will get more aggressive about "phoning home" to the worm's creators over the Internet. When that happens, the bad guys behind the worm will be able to trigger the program to send spam, spread more infections, clog networks with traffic, or try and bring down Web sites. Technically, this could cause havoc, from massive network outages to the creation of a cyberweapon of mass destruction that attacks government computers. But researchers who have been tracking Conficker say the date will probably come and go quietly. More likely, these researchers say, the programming change that goes into effect April 1 is partly symbolic - an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage. "I don't think there will be a cataclysmic network event," said Richard Wang, manager of the U.S. research division of security firm Sophos PLC. "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the Internet they can't make any money." Previous Internet threats were designed to cause haphazard destruction. In 2003 a worm known as Slammer saturated the Internet's data pipelines with so much traffic it crippled corporate and government systems, including ATM networks and 911 centers. Far more often now, Internet threats are designed to ring up profits. Control of infected PCs is valuable on the black market, since the machines can be rented out, from one group of bad guys to another, and act as a kind of illicit supercomputer, sending spam, scanning Web sites for security holes, or participating in network attacks. The army of Conficker-infected machines, known as a "botnet," could be one of the greatest cybercrime tools ever assembled. Conficker's authors just need to figure out a way to reliably communicate with it. Infected PCs need commands to come alive. They get those commands by connecting to Web sites controlled by the bad guys. Even legitimate sites can be co-opted for this purpose, if hackers break in and use the sites' servers to send out malicious commands. So far, Conficker-infected machines have been trying to connect each day to 250 Internet domains - the spots on the Internet where Web sites are parked. The bad guys need to get just one of those sites under their control to send their commands to the botnet. (The name Conficker comes from rearranging letters in the name of one of the original sites the worm was connecting to.) Conficker has been a victim of its success, however, because its rapid spread across the Internet drew the notice of computer security companies. They have been able to work with domain name registrars, which administer Web site addresses, to block the botnet from dialing in. Now those efforts will get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet will randomly select 500 for the machines to actually query. The bad guys still need to get only one of those up and running to connect to their botnet. And the bigger list of possibilities increases the odds they'll slip something by the security community. Researchers already know which domains the infected machines will check, but pre-emptively registering them all, or persuading the registrars to neutralize all of them, is a bigger hurdle. "We expect something will happen, but we don't quite know what it will look like," said Jose Nazario, manager of security research for Arbor Networks, a member of the "Conficker Cabal," an alliance trying to hunt down the worm's authors. "With every move that they make, there's the potential to identify who they are, where they're located and what we can do about them," he added. "The real challenge right now is doing all that work around the world. That's not a technical challenge, but it is a logistical challenge." Conficker's authors also have updated the worm so infected machines have new ways to talk to each other. They can share malicious commands rather than having to contact a hacked Web site for instructions. That variation is important because it shows that even as security researchers have neutralized much of what the botnet might do, the worm's authors "didn't lose control of their botnet," said Michael La Pilla, manager of the malicious code operations team at VeriSign Inc.'s iDefense division. The Conficker outbreak illustrates the importance of keeping current with Internet security updates. Conficker moves from PC to PC by exploiting a vulnerability in Windows that Microsoft Corp. (MSFT) fixed in October. But many people haven't applied the patch or are running pirated copies of Windows that don't get the updates. Unlike other Internet threats that trick people into downloading a malicious program, Conficker is so good at spreading because it finds vulnerable PCs on its own and doesn't need human involvement to infect a machine. Once inside, it does nasty things. The worm tries to crack administrators' passwords, disables security software, blocks access to antivirus vendors' Web sites to prevent updating, and opens the machines to further infections by Conficker's authors. Someone whose machine is infected might have to reinstall the operating system. (Reprinted by permission) Title: Re: Cyber Security Post by: OldFatGuy on March 29, 2009, 08:45AM Update on Conficker worm: (a.k.a. "downadup")
(http://www.ropescorner.com/cw/autoplay.jpg) Figure 1 The option Open folder to view files — Publisher not specified was added by the worm. The web site for F-SECURE.com has posted a very good blog titled Questions and Answers: Conficker and April 1st. It is located at http://www.f-secure.com/weblog/archives/00001636.html (http://www.f-secure.com/weblog/archives/00001636.html). It should answer most of your questions, and it provides a link to their free cleaning tool. Symantec (Norton Antivirus software) has published an excellent document titled The Downadup Codex - A comprehensive guide to the threat’s mechanics. This is a large (37 pages, >5 MB) PDF file, and it may be a challenge to get through some of the techno-speak. But it will answer most of your questions about this threat. We have made it available here: http://www.ropescorner.com/cw/the_downadup_codex_ed1.pdf (http://www.ropescorner.com/cw/the_downadup_codex_ed1.pdf). Notes: we will not be shutting down the forum on 1st April, and we don't advise any other web site or forum owner/administrator to do so. It simply isn't necessary. We urge our members to always use discretion and good judgment when surfing the web and downloading software from non-trusted sources. Configure your Windows updates to automatically download and install high priority security patches and updates, and keep virus definitions up to date at all times. Make sure your antivirus in running 24/7, and is configured to auto-scan all downloads and incoming email messages. Title: Re: Cyber Security Post by: OldFatGuy on April 23, 2009, 12:39PM Staying Safe on Social Network Sites
The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so you should take certain precautions. What are social networking sites? Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections. Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, and instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest. What security implications do these sites present? Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because * The internet provides a sense of anonymity * The lack of physical interaction provides a false sense of security * They tailor the information for their friends to read, forgetting that others may see it * They want to offer insights to impress potential friends or associates. While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data. Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer without your knowledge. How can you protect yourself? * Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections. * Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines. * Be wary of strangers - The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person. * Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action. * Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile. You can customize your settings to restrict access to only certain people. However, there is a risk that evens this private information could be exposed, so don't post anything that you wouldn't want the public to see. Also, be cautious when deciding which applications to enable, and check your settings to see what information the applications will be able to access. * Use strong passwords - Protect your account with passwords that cannot easily be guessed. If your password is compromised, someone else may be able to access your account and pretend to be you. * Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam. Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join. * Use and maintain anti-virus software - Anti-virus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Children are especially susceptible to the threats that social networking sites present. Although many of these sites have age restrictions, children may misrepresent their ages so that they can join. By teaching children about internet safety, being aware of their online habits, and guiding them to appropriate sites, parents can make sure that the children become safe and responsible users. Title: Re: Cyber Security Post by: OldFatGuy on June 17, 2009, 02:20PM Understanding Firewalls
When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall. What do firewalls do? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on "always on" connections such as cable or DSL modems. What type of firewall is best? Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use. * Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called “routers” that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, but many products are available for less than $100 (and there are even some for less than $50). * Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don't have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If you do download software from the Internet, make sure it is a reputable, secure website. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you're trying to protect may hinder the firewall's ability to catch malicious traffic before it enters your system. How do you know what configuration settings to apply? Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a website). Also, alerts about current viruses or worms sometimes include information about restrictions you can implement through your firewall. Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as anti-virus software and "safe" computing practices) will strengthen your resistance to attacks. Title: Re: Cyber Security Post by: OldFatGuy on August 13, 2009, 11:52AM Benefits of BCC
Although in many situations it may be appropriate to list email recipients in the To: or CC: fields, sometimes using the BCC: field may be the most desirable option. What is BCC? BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Addresses in the To: field and the CC: (carbon copy) field appear in messages, but users cannot see addresses of anyone you included in the BCC: field. Why would you want to use BCC? There are a few main reasons for using BCC: * Privacy - Sometimes it's beneficial, even necessary, for you to let recipients know who else is receiving your email message. However, there may be instances when you want to send the same message to multiple recipients without letting them know who else is receiving the message. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. You may also want to avoid listing an internal email address on a message being sent to external recipients. Another point to remember is that if any of the recipients use the "reply to all" feature to reply to your messages, all of the recipients listed in the To: and CC: fields will receive the reply. If there is potential for a response that is not appropriate for all recipients, consider using BCC. * Tracking - Maybe you want to access or archive the email message you are sending at another email account. Or maybe you want to make someone, such as a supervisor or team member, aware of the email without actually involving them in the exchange. BCC allows you to accomplish these goals without advertising that you are doing it. * Respect for your recipients - People often forward email messages without removing the addresses of previous recipients. As a result, messages that are repeatedly sent to many recipients may contain long lists of email addresses. Spammers and email-borne viruses may collect and target those addresses. To reduce the risk, encourage people who forward messages to you to use BCC so that your email address is less likely to appear in other people's inboxes and be susceptible to being harvested. To avoid becoming part of the problem, in addition to using BCC if you forward messages, take time to remove all existing email addresses within the message. The additional benefit is that the people you're sending the message to will appreciate not having to scroll through large sections of irrelevant information to get to the actual message. How do you BCC an email message? Most email clients have the option to BCC listed a few lines below the To: field. However, sometimes it is a separate option that is not listed by default. If you cannot locate it, check the help menu or the software's documentation. If you want to BCC all recipients and your email client will not send a message without something in the To: field, consider using your own email address in that field. In addition to hiding the identity of other recipients, this option will enable you to confirm that the message was sent successfully. Title: Re: Cyber Security Post by: OldFatGuy on November 04, 2009, 10:36AM Understanding Denial-of-Service Attacks
You may have heard of denial-of-service attacks launched against websites, but you can also be a victim of these attacks. Denial-of-service attacks can be difficult to distinguish from common network activity, but there are some indications that an attack is in progress. What is a denial-of-service (DoS) attack? In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site. An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages. What is a distributed denial-of-service (DDoS) attack? In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack. How do you avoid being part of the problem? Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers: * Install and maintain anti-virus software. * Install a firewall, and configure it to restrict traffic coming into and leaving your computer. * Follow good security practices for distributing your email address. Applying email filters may help you manage unwanted traffic. How do you know if an attack is happening? Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack: * Unusually slow network performance (opening files or accessing websites) * Unavailability of a particular website * Inability to access any website * Dramatic increase in the amount of spam you receive in your account What do you do if you think you are experiencing an attack? Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance. * If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked. * If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action. Title: Re: Cyber Security Post by: OldFatGuy on November 04, 2009, 09:35PM What do firewalls do?
Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on "always on" connections such as cable or DSL modems. What type of firewall is best? Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use. Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called "routers" that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. * Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, but many products are available for less than $100 (and there are even some for less than $50). * Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don't have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If you do download software from the Internet, make sure it is a reputable, secure website. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you're trying to protect may hinder the firewall's ability to catch malicious traffic before it enters your system. How do you know what configuration settings to apply? Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a website). Also, alerts about current viruses or worms sometimes include information about restrictions you can implement through your firewall. Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as anti-virus software and "safe" computing practices) will strengthen your resistance to attacks. Title: Re: Cyber Security Post by: OldFatGuy on November 22, 2009, 09:39AM Recognizing and Avoiding Spyware
Because of its popularity, the internet has become an ideal target for advertising. As a result, spyware, or adware, has become increasingly prevalent. When troubleshooting problems with your computer, you may discover that the source of the problem is spyware software that has been installed on your machine without your knowledge. What is spyware? Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes. Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications: * What information is being gathered? * Who is receiving it? * How is it being used? How do you know if there is spyware on your computer? The following symptoms may indicate that spyware is installed on your computer: * you are subjected to endless pop-up windows * you are redirected to web sites other than the one you typed into your browser * new, unexpected toolbars appear in your web browser * new, unexpected icons appear in the task tray at the bottom of your screen * your browser's home page suddenly changed * the search engine your browser opens when you click "search" has been changed * certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form) * random Windows error messages begin to appear * your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.) How can you prevent spyware from installing on your computer? To avoid unintentionally installing it yourself, follow these good security practices: * Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the title bar instead of a "close" link within the window. * Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the title bar. * Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs. * Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating. As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action: * Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting . How do you remove spyware? * Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically. * Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's Window Defender, Webroot's SpySweeper, and Spybot Search and Destroy. * Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems. Title: Re: Cyber Security Post by: OldFatGuy on December 03, 2009, 03:29PM Protecting Portable Devices: Physical Security
Many computer users, especially those who travel for business, rely on laptops and PDAs because they are small and easily transported. But while these characteristics make them popular and convenient, they also make them an ideal target for thieves. Make sure to secure your portable devices to protect both the machine and the information it contains. What is at risk? Only you can determine what is actually at risk. If a thief steals your laptop or PDA, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or PDA, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself. Sensitive corporate information or customer account information should not be accessed by unauthorized people. You've probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn't any sensitive corporate information on your laptop or PDA, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc. How can you protect your laptop or PDA? * Password-protect your computer - Make sure that you have to enter a password to log in to your computer or PDA. * Keep your laptop or PDA with you at all times - When traveling, keep your laptop with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary as these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms. * Downplay your laptop or PDA - There is no need to advertise to thieves that you have a laptop or PDA. Avoid using your portable device in public areas, and consider non-traditional bags for carrying your laptop. * Be aware of your surroundings - If you do use your laptop or PDA in a public area, pay attention to people around you. Take precautions to shield yourself from "shoulder surfers" and make sure that no one can see you type your passwords or see any sensitive information on your screen. * Consider an alarm or lock - Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture. * Back up your files - If your portable device is stolen, it's bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location. Not only will you still be able to access the information, but you'll be able to identify and report exactly what information is at risk. What can you do if your laptop or PDA is lost or stolen? Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly. Title: Re: Cyber Security Post by: OldFatGuy on December 19, 2009, 07:57AM Understanding Digital Signatures
Digital signatures are a way to verify that an email message is really from the person who supposedly sent it and that it hasn't been changed. What is a digital signature? There are different types of digital signatures; this tip focuses on digital signatures for email messages. You may have received emails that have a block of letters and numbers at the bottom of the message. Although it may look like useless text or some kind of error, this information is actually a digital signature. To generate a signature, a mathematical algorithm is used to combine the information in a key with the information in the message. The result is a random-looking string of letters and numbers. Why would you use one? Because it is so easy for attackers and viruses to "spoof" email addresses, it is sometimes difficult to identify legitimate messages. Authenticity may be especially important for business correspondence; if you are relying on someone to provide or verify information, you want to be sure that the information is coming from the correct source. A signed message also indicates that changes have not been made to the content since it was sent; any changes would cause the signature to break. How does it work? Before you can understand how a digital signature works, there are some terms you should know: * Keys - Keys are used to create digital signatures. For every signature, there is a public key and a private key. + Private key - The private key is the portion of the key you use to actually sign an email message. The private key is protected by a password, and you should never give your private key to anyone. + Public key - The public key is the portion of the key that is available to other people. Whether you upload it to a public key ring or send it to someone, this is the key other people can use to check your signature. A list of other people who have signed your key is also included with your public key. You will only be able to see their identities if you already have their public keys on your key ring. * Key ring - A key ring contains public keys. You have a key ring that contains the keys of people who have sent you their keys or whose keys you have gotten from a public key server. A public key server contains keys of people who have chosen to upload their keys. * Fingerprint - When confirming a key, you will actually be confirming the unique series of letters and numbers that comprise the fingerprint of the key. The fingerprint is a different series of letters and numbers than the chunk of information that appears at the bottom of a signed email message. * Key certificates - When you select a key on a key ring, you will usually see the key certificate, which contains information about the key, such as the key owner, the date the key was created, and the date the key will expire. * "Web of trust" - When someone signs your key, they are confirming that the key actually belongs to you. The more signatures you collect, the stronger your key becomes. If someone sees that your key has been signed by other people that he or she trusts, he or she is more inclined to trust your key. Note: Just because someone else has trusted a key or you find it on a public key ring does not mean you should automatically trust it. You should always verify the fingerprint yourself. The process for creating, obtaining, and using keys is fairly straightforward: 1. Generate key using software such as PGP, which stands for Pretty Good Privacy, or GnuPG, which stands for GNU Privacy Guard. 2. Increase the authenticity of your key by having your key signed by co-workers or other associates who also have keys. In the process of signing your key, they will confirm that the fingerprint on the key you sent them belongs to you. By doing this, they verify your identity and indicate trust in your key. 3. Upload your signed key to a public key ring so that if someone gets a message with your signature, they can verify the digital signature. 4. Digitally sign your outgoing email messages. Most email clients have a feature to easily add your digital signature to your message. There are a variety of mechanisms for creating digital signatures, and these mechanisms may operate differently. For example, S/MIME does not add a visible block of letters and numbers within the message, and its digital signatures are verified indirectly using a certificate authority instead of directly with other users in a web of trust. You may just see an icon or note on the message that the signature has been verified. If you get an error about a digital signature, try to contact the sender through a phone call or a separate email address that you know is valid to verify the authenticity of the message. Title: Re: Cyber Security Post by: OldFatGuy on January 30, 2010, 08:22AM Protecting Portable Devices: Data Security
In addition to taking precautions to protect your portable devices, it is important to add another layer of security by protecting the data itself. Why do you need another layer of protection? Although there are ways to physically protect your laptop, PDA, or other portable device, there is no guarantee that it won't be stolen. After all, as the name suggests, portable devices are designed to be easily transported. The theft itself is, at the very least, frustrating, inconvenient, and unnerving, but the exposure of information on the device could have serious consequences. Also, remember that any devices that are connected to the Internet, especially if it is a wireless connection, are also susceptible to network attacks. What can you do? * Use passwords correctly - In the process of getting to the information on your portable device, you probably encounter multiple prompts for passwords. Take advantage of this security. Don't choose options that allow your computer to remember passwords, don't choose passwords that thieves could easily guess, use different passwords for different programs, and take advantage of additional authentication methods. * Consider storing important data separately - There are many forms of storage media, including CDs, DVDs, and removable flash drives (also known as USB drives or thumb drives). By saving your data on removable media and keeping it in a different location (e.g., in your suitcase instead of your laptop bag), you can protect your data even if your laptop is stolen. You should make sure to secure the location where you keep your data to prevent easy access. It may be helpful to carry storage media with other valuables that you keep with you at all times and that you naturally protect, such as a wallet or keys. * Encrypt files - By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data. * Install and maintain anti-virus software - Protect laptops and PDAs from viruses the same way you protect your desktop computer. Make sure to keep your virus definitions up to date. If your anti-virus software doesn't include anti-spyware software, consider installing separate software to protect against that threat. * Install and maintain a firewall - While always important for restricting traffic coming into and leaving your computer, firewalls are especially important if you are traveling and using different networks. Firewalls can help prevent outsiders from gaining unwanted access. * Back up your data - Make sure to back up any data you have on your computer onto a CD-ROM, DVD-ROM, or network. Not only will this ensure that you will still have access to the information if your device is stolen, but it could help you identify exactly which information a thief may be able to access. You may be able to take measures to reduce the amount of damage that exposure could cause. Title: Re: Cyber Security Post by: OldFatGuy on February 28, 2010, 09:37AM Understanding Encryption
Encrypting data is a good way to protect sensitive information. It ensures that the data can only be read by the person who is authorized to have access to it. What is encryption? In very basic terms, encryption is a way to send a message in code. The only person who can decode the message is the person with the correct key; to anyone else, the message looks like a random series of letters, numbers, and characters. Encryption is especially important if you are trying to send sensitive information that other people should not be able to access. Because email messages are sent over the internet and might be intercepted by an attacker, it is important to add an additional layer of security to sensitive information. How is it different from digital signatures? Like digital signatures, public-key encryption utilizes software such as PGP, converts information with mathematical algorithms, and relies on public and private keys, but there are differences: * The purpose of encryption is confidentiality - concealing the content of the message by translating it into a code. The purpose of digital signatures is integrity and authenticity - verifying the sender of a message and indicating that the content has not been changed. Although encryption and digital signatures can be used independently, you can also sign an encrypted message. * When you sign a message, you use your private key, and anybody who has your public key can verify that the signature is valid. When you encrypt a message, you use the public key for the person you're sending it to, and his or her private key is used to decrypt the message. Because people should keep their private keys confidential and should protect them with passwords, the intended recipient should be the only one who is able to view the information. How does encryption work? 1. Obtain the public key for the person you want to be able to read the information. If you get the key from a public key ring, contact the person directly to confirm that the series of letters and numbers associated with the key is the correct fingerprint. 2. Encrypt the email message using their public key. Most email clients have a feature to easily perform this task. 3. When the person receives the message, he or she will be able to decrypt it. Title: Re: Cyber Security Post by: OldFatGuy on March 26, 2010, 07:58AM Securing Wireless Networks
Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information. How do wireless networks work? As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area. Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an internet connection. This provides a "hotspot" that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID. What security threats are associated with wireless networks? Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving (http://en.wikipedia.org/wiki/Wardriving) involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot. What can you do to minimize the risks to your wireless network? * Change default passwords - Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Changing default passwords makes it harder for attackers to take control of the device. * Restrict access - Only allow authorized users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network. * Encrypt the data on your network - WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data. * Protect your SSID - To avoid outsiders easily accessing your network, avoid publicizing your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess. * Install a firewall - While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall; a host-based firewall will add a layer of protection to the data on your computer. * Maintain anti-virus software - You can reduce the damage attackers may be able to inflict on your network and wireless computer by installing anti-virus software and keeping your virus definitions up to date. Many of these programs also have additional features that may protect against or detect spyware and Trojan horses. Title: Re: Cyber Security Post by: OldFatGuy on June 09, 2010, 06:50AM How Anonymous Are You?
You may think that you are anonymous as you browse websites, but pieces of information about you are always left behind. You can reduce the amount of information revealed about you by visiting legitimate sites, checking privacy policies, and minimizing the amount of personal information you provide. What information is collected? When you visit a website, a certain amount of information is automatically sent to the site. This information may include the following: * IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet. This is a dynamic IP address. You can determine your computer's IP address at any given time by visiting http://www.showmyip.com (http://www.showmyip.com). * Domain name - The internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use. Many countries also have specific domain names. The list of active domain names is available from the Internet Assigned Numbers Authority (IANA). * Software details - It may be possible for an organization to determine which browser, including the version, that you used to access its site. The organization may also be able to determine what operating system your computer is running. * page visits - Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine is often available to the organization operating the website. If a website uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you've visited. If the site you're visiting is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk. How is this information used? Generally, organizations use the information that is gathered automatically for legitimate purposes, such as generating statistics about their sites. By analyzing the statistics, the organizations can better understand the popularity of the site and which areas of content are being accessed the most. They may be able to use this information to modify the site to better support the behavior of the people visiting it. Another way to apply information gathered about users is marketing. If the site uses cookies to determine other sites or pages you have visited, it may use this information to advertise certain products. The products may be on the same site or may be offered by partner sites. However, some sites may collect your information for malicious purposes. If attackers are able to access files, passwords, or personal information on your computer, they may be able to use this data to their advantage. The attackers may be able to steal your identity, using and abusing your personal information for financial gain. A common practice is for attackers to use this type of information once or twice, then sell or trade it to other people. The attackers profit from the sale or trade, and increasing the number of transactions makes it more difficult to trace any activity back to them. The attackers may also alter the security settings on your computer so that they can access and use your computer for other malicious activity. Are you exposing any other personal information? While using cookies may be one method for gathering information, the easiest way for attackers to get access to personal information is to ask for it. By representing a malicious site as a legitimate one, attackers may be able to convince you to give them your address, credit card information, social security number, or other personal data. How can you limit the amount of information collected about you? * Be careful supplying personal information - Unless you trust a site, don't give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information. Although some sites require you to supply your social security number (e.g., sites associated with financial transactions such as loans or credit cards), be especially wary of providing this information online. * Limit cookies - If an attacker can access your computer, he or she may be able to find personal data stored in cookies. You may not realize the extent of the information stored on your computer until it is too late. However, you can limit the use of cookies. * Browse safely - Be careful which websites you visit; if it seems suspicious, leave the site. Also make sure to take precautions by increasing your security settings, keeping your virus definitions up to date, and scanning your computer for spyware. Title: Re: Cyber Security Post by: OldFatGuy on July 01, 2010, 05:56AM Reviewing End-User License Agreements
Before accepting an end-user license agreement, make sure you understand and are comfortable with the terms of the agreement. What is an end-user license agreement? An end-user license agreement (EULA) is a contract between you and the software's vendor or developer. Some software packages state that by simply removing the shrink-wrap on the package, you agree to the contract. However, you may be more familiar with the type of EULA that is presented as a dialog box that appears the first time you open the software. It usually requires you to accept the conditions of the contract before you can proceed. Software updates and patches may also include new or updated EULAs that have different terms than the original. Some EULAs only apply to certain features of the software, so you may only encounter them when you attempt to use those features. Unfortunately, many users don't read EULAs before accepting them. The terms of each contract differ, and you may be agreeing to conditions that you later consider unfair or that expose you to security risks you didn't expect. What terms may be included? EULAs are legal contracts, and the vendor or developer may include almost any conditions. These conditions are often designed to protect the developer or vendor against liability, but they may also include additional terms that give the vendor some control over your computer. The following topics are often covered in EULAs: * Distribution - There are often limitations placed on the number of times you are allowed to install the software and restrictions about reproducing the software for distribution. * Warranty - Developers or vendors often include disclaimers that they are not liable for any problem that results from the software being used incorrectly. They may also protect themselves from liability for software flaws, software failure, or incompatibility with other programs on your computer. The following topics, while not standard, are examples of other conditions that have been included in EULAs. They present security implications that you should consider before accepting the agreement. * Monitoring - Agreeing to the EULA may give the vendor permission to monitor your computer activity and communicate the information back to the vendor or to another third party. Depending on what information is being collected, this type of monitoring could have both security and privacy implications. * Software installation - Some agreements allow the vendor to install additional software on your computer. This may include updated versions of the software program you installed (the determination of which version you are running may be a result of the monitoring described above). Vendors may also incorporate statements that allow them or other third parties to install additional software programs on your computer. This software may be unnecessary, may affect the functionality of other programs on your computer, and may introduce security risks. Title: Re: Cyber Security Post by: OldFatGuy on July 01, 2010, 06:04AM Risks of File-Sharing Technology
File-sharing technology is a popular way for users to exchange, or "share," files. However, using this technology makes you susceptible to risks such as infection, attack, or exposure of personal information. What is file sharing? File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy. What risks does file-sharing technology introduce? * Installation of malicious code - When you use P2P applications, it is difficult, if not impossible, to verify that the source of the files is trustworthy. These applications are often used by attackers to transmit malicious code. Attackers may incorporate spyware, viruses, Trojan horses, or worms into the files. When you download the files, your computer becomes infected. * Exposure of sensitive or personal information - By using P2P applications, you may be giving other users access to personal information. Whether it's because certain directories are accessible or because you provide personal information to what you believe to be a trusted person or organization, unauthorized people may be able to access your financial or medical data, personal documents, sensitive corporate information, or other personal information. Once information has been exposed to unauthorized people, it's difficult to know how many people have accessed it. The availability of this information may increase your risk of identity theft. * Susceptibility to attack - Some P2P applications may ask you to open certain ports on your firewall to transmit the files. However, opening some of these ports may give attackers access to your computer or enable them to attack your computer by taking advantage of any vulnerabilities that may exist in the P2P application. There are some P2P applications that can modify and penetrate firewalls themselves, without your knowledge. * Denial of service - Downloading files causes a significant amount of traffic over the network. This activity may reduce the availability of certain programs on your computer or may limit your access to the internet. * Prosecution - Files shared through P2P applications may include pirated software, copyrighted material, or pornography. If you download these, even unknowingly, you may be faced with fines or other legal action. If your computer is on a company network and exposes customer information, both you and your company may be liable. How can you minimize these risks? The best way to eliminate these risks is to avoid using P2P applications. However, if you choose to use this technology, you can follow some good security practices to minimize your risk: * use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current. * install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer. Some operating systems actually include a firewall, but you need to make sure it is enabled. Title: Re: Cyber Security Post by: OldFatGuy on July 16, 2010, 08:44AM Effectively Erasing Files
Before selling or discarding an old computer, or throwing away a disk or CD, you naturally make sure that you've copied all of the files you need. You've probably also attempted to delete your personal files so that other people aren't able to access them. However, unless you have taken the proper steps to make sure the hard drive, disk, or CD is erased, people may still be able to resurrect those files. Where do deleted files go? When you delete a file, depending on your operating system and your settings, it may be transferred to your trash or recycle bin. This "holding area" essentially protects you from yourself - if you accidentally delete a file, you can easily restore it. However, you may have experienced the panic that results from emptying the trash bin prematurely or having a file seem to disappear on its own. The good news is that even though it may be difficult to locate, the file is probably still somewhere on your machine. The bad news is that even though you think you've deleted a file, an attacker or other unauthorized person may be able to retrieve it. What are the risks? Think of the information you have saved on your computer. Is there banking or credit card account information? Tax returns? Passwords? Medical or other personal data? Personal photos? Sensitive corporate information? How much would someone be able to find out about you or your company by looking through your computer files? Depending on what kind of information an attacker can find, he or she may be able to use it maliciously. You may become a victim of identity theft. Another possibility is that the information could be used in a social engineering attack. Attackers may use information they find about you or an organization you're affiliated with to appear to be legitimate and gain access to sensitive data. Can you erase files by reformatting? Reformatting your hard drive or CD may superficially delete the files, but the information is still buried somewhere. Unless those areas of the disk are effectively overwritten with new content, it is still possible that knowledgeable attackers may be able to access the information. How can you be sure that your information is completely erased? Some people use extreme measures to make sure their information is destroyed, but these measures can be dangerous and may not be completely successful. Your best option is to investigate software programs and hardware devices that claim to erase your hard drive or CD. Even so, these programs and devices have varying levels of effectiveness. When choosing a software program to perform this task, look for the following characteristics: * data is written multiple times - It is important to make sure that not only is the information erased, but new data is written over it. By adding multiple layers of data, the program makes it difficult for an attacker to "peel away" the new layer. Three to seven passes is fairly standard and should be sufficient. * use of random data - Using random data instead of easily identifiable patterns makes it harder for attackers to determine the pattern and discover the original information underneath. * use of zeros in the final layer - Regardless of how many times the program overwrites the data, look for programs that use all zeros in the last layer. This adds an additional level of security. While many of these programs assume that you want to erase an entire disk, there are programs that give you the option to erase and overwrite individual files. An effective way to ruin a CD or DVD is to wrap it in a paper towel and shatter it. However, there are also hardware devices that erase CDs or DVDs by destroying their surface. Some of these devices actually shred the media itself, while others puncture the writable surface with a pattern of holes. If you decide to use one of these devices, compare the various features and prices to determine which option best suits your needs. Title: Re: Cyber Security Post by: OldFatGuy on November 18, 2010, 08:10AM Understanding Voice over Internet Protocol (VoIP)
With the introduction of VoIP, you can use the internet to make telephone calls instead of relying on a separate telephone line. However, the technology does present security risks. What is voice over internet protocol (VoIP)? Voice over internet protocol (VoIP), also known as IP telephony, allows you to use your internet connection to make telephone calls. Instead of relying on an analog line like traditional telephones, VoIP uses digital technology and requires a high-speed broadband connection such as DSL or cable. There are a variety of providers who offer VoIP, and they offer different services. The most common application of VoIP for personal or home use is internet-based phone services that rely on a telephone switch. With this application, you will still have a phone number, will still dial phone numbers, and will usually have an adapter that allows you to use a regular telephone. The person you are calling will not likely notice a difference from a traditional phone call. Some service providers also offer the ability to use your VoIP adapter any place you have a high-speed internet connection, allowing you to take it with you when you travel. What are the security implications of VoIP? Because VoIP relies on your internet connection, it may be vulnerable to many of the same problems that face your computer and even some that are specific to VoIP technology. Attackers may be able to perform activities such as intercepting your communications, eavesdropping, taking control of your phone, making fraudulent calls from your account, conducting effective phishing attacks by manipulating your caller ID, and causing your service to crash. Activities that consume a large amount of network resources, like large file downloads, online gaming, and streaming multimedia, may affect your VoIP service. There are also inherent problems to routing your telephone over your broadband connection. Unlike traditional telephone lines, which operate despite an electrical outage, if you lose power, your VoIP may be unavailable. VoIP services may also introduce problems for location-dependent systems such as home security systems or emergency numbers such as 911. How can you protect yourself? * Keep software up to date - If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities. * Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current. * Take advantage of security options - Some service providers may offer encryption as one of their services. If you are concerned about privacy and confidentiality, you may want to consider this and other available options. * Install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer. Some operating systems actually include a firewall, but you need to make sure it is enabled. * Evaluate your security settings - Both your computer and your VoIP equipment/software offers a variety of features that you can tailor to meet your needs and requirements. However, enabling certain features may leave you more vulnerable to being attacked, so disable any unnecessary features. Examine your settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. Title: Re: Cyber Security Post by: OldFatGuy on December 07, 2010, 05:29PM Shopping Safely Online
Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the internet has unique risks, so it is important to take steps to protect yourself when shopping online. Why do online shoppers have to take special precautions? The internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else. How do attackers target online shoppers? There are three common ways that attackers can take advantage of online shoppers: * Targeting vulnerable computers - If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases. * Creating fraudulent sites and email messages - Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious websites that appear to be legitimate or email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information. * Intercepting insecure transactions - If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted. How can you protect yourself? * Use and maintain anti-virus software, a firewall, and anti-spyware software - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files. * Keep software, particularly your web browser, up to date - Install software updates so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. * Evaluate your software’s settings - The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need. * Do business with reputable vendors - Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Attackers may obtain a site certificate for a malicious website to appear more authentic, so review the certificate information, particularly the "issued to" information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. * Take advantage of security features - Passwords and other security features add layers of protection if used appropriately. * Be wary of emails requesting information - Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email, and use caution when clicking on links in email messages. * Check privacy policies - Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be stored and used. * Make sure your information is being encrypted - Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser. * Use a credit card - There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection for your debit card. Additionally, because a debit card draws money directly from your bank account, unauthorized charges could leave you with insufficient funds to pay other bills. You can further minimize damage by using a single credit card with a low credit line for all of your online purchases. * Check your statements - Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately. |