Pages: [1] 2   Go Down
  Print  
Author Topic: Cyber Security  (Read 50108 times)
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« on: October 18, 2008, 07:24AM »

This is the first in our new series of Cyber Security articles.  We hope you find something helpful here.  We'll start a separate thread for questions and comments.

Debunking Some Common Myths

There are some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself.

How are these myths established?

There is no one cause for these myths. They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source. As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true.

Why is it important to know the truth?

While believing these myths may not present a direct threat, they may cause you to be more lax about your security habits. If you are not diligent about protecting yourself, you may be more likely to become a victim of an attack.

What are some common myths, and what is the truth behind them?

* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to protecting your information. However, neither of these elements is guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.
* Myth: Once software is installed on your computer, you do not have to worry about it any more.
Truth: Vendors may release patches or updated versions of software to address problems or fix vulnerabilities. You should install the patches as soon as possible; some software even offers the option to obtain updates automatically.
Making sure that you have the latest virus definitions for your anti-virus software is especially important.
* Myth: There is nothing important on your machine, so you do not need to protect it.
Truth: Your opinion about what is important may differ from an attacker's opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people.
* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and
used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage.
* Myth: When computers slow down, it means that they are old and should be replaced.
Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other
processes or programs running in the background. If your computer has suddenly become slower, you may be experiencing a denial-of-service attack or have spyware on your machine.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #1 on: October 25, 2008, 07:42AM »

Understanding Hidden Threats: Rootkits and Botnets

Attackers are continually finding new ways to access computer systems. The use of hidden methods such as rootkits and botnets has increased, and you may be a victim without even realizing it.

What are rootkits and botnets?

A rootkit  is a piece of software that can be installed and hidden on your  computer  without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage  of a vulnerability on your computer or has convinced you to download  it.  Rootkits  are not necessarily malicious, but they may  hide  malicious  activities.  Attackers  may  be  able  to access information,  monitor  your actions, modify programs, or perform other functions on your computer without being detected.

Botnet  is  a  term derived from the idea of bot networks. In its most basic  form,  a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control  by  infecting  the  computers with a virus or other malicious code  that  gives  the attacker access. Your computer may be part of a botnet  even  though  it appears to be operating normally. Botnets are often  used  to  conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks.

Why are they considered threats?

The  main  problem  with  both  rootkits  and botnets is that they are hidden.  Although  botnets  are  not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity.  If  a rootkit has been installed, you may not be aware that your   computer  has  been  compromised,  and  traditional  anti-virus software  may  not be able to detect the malicious programs. Attackers are  also  creating more sophisticated programs that update themselves so that they are even harder to detect.

Attackers  can  use rootkits and botnets to access and modify personal information,  attack  other  computers,  and  commit other crimes, all while  remaining  undetected.  By  using multiple computers, attackers increase  the  range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring  online  activity, or collecting the information entered in online forms.

What can you do to protect yourself?

If  you  practice  good  security habits, you may reduce the risk that your computer will be compromised:
* Use   and  maintain  anti-virus  software  -  Anti-virus  software recognizes  and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any   damage.   Because  attackers  are  continually  writing  new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.
* Install  a  firewall - Firewalls may be able to prevent some types of  infection  by  blocking  malicious traffic before it can enter your computer and limiting the traffic you send. Some operating systems actually include a firewall, but you need to make sure it is enabled.
* Use  good  passwords - Select passwords that will be difficult for attackers  to  guess,  and  use  different passwords for different programs  and  devices. Do not choose options that allow your computer to remember your passwords.
* Keep  software  up  to  date  -  Install  software patches so that attackers    can't   take   advantage   of   known   problems   or vulnerabilities. Many  operating systems offer automatic updates. If this option is available, you should enable it.
* Follow good security practices - Take appropriate precautions when using  email and web browsers to reduce the risk that your actions will  trigger  an  infection.

Unfortunately,  if  there is a rootkit on your computer or an attacker is  using  your computer in a botnet, you may not know it. Even if you do  discover  that  you  are a victim, it is difficult for the average user  to  effectively recover. The attacker may have modified files on your  computer,  so  simply removing the malicious files may not solve the  problem,  and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator.

As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and  remove  the  infection,  you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a  new  computer.  Note  that  reinstalling or restoring the operating system  typically erases all of your files and any additional software that  you  have installed on your computer. Also, the infection may be located  at  such  a  deep  level  that it cannot be removed by simply reinstalling or restoring the operating system.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #2 on: November 05, 2008, 09:08AM »

Using Caution with USB Drives

USB drives are popular for storing and transporting data, but some of the characteristics that make them convenient also introduce security risks.

What security risks are associated with USB drives?

Because USB drives, sometimes known as thumb drives, are small, readily available, inexpensive, and extremely portable, they are popular for storing and transporting files from one computer to another. However, these same characteristics make them appealing to attackers.

One option is for attackers to use your USB drive to infect other computers.  An attacker might infect a computer with malicious code, or malware, that can detect when a USB drive is plugged into a computer. The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer.

Some attackers have also targeted electronic devices directly, infecting items such as electronic picture frames and USB drives during production.  When users buy the infected products and plug them into their computers, malware is installed on their computers.

Attackers may also use their USB drives to steal information directly from a computer. If an attacker can physically access a computer, he or she can download sensitive information directly onto a USB drive. Even computers that have been turned off may be vulnerable, because a computer's memory is still active for several minutes without power. If an attacker can plug a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer's memory, including passwords, encryption keys, and other sensitive data, onto the drive.  Victims may not even realize that their computers were attacked.

The most obvious security risk for USB drives, though, is that they are easily lost or stolen. If the data was not backed up, the loss of a USB drive can mean hours of lost work and the potential that the information cannot be replicated. And if the information on the drive is not encrypted, anyone who has the USB drive can access all of the data on it.

How can you protect your data?

There are steps you can take to protect the data on your USB drive and on any computer that you might plug the drive into:

* Take advantage of security features - Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information  backed  up in case your drive is lost.
* Keep personal and business USB drives separate - Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer.
* Use and maintain security software, and keep all software up to date - Use a firewall, anti-virus software, and anti-spyware software to make your computer less vulnerable to attacks, and make sure to keep the virus definitions current. Also, keep the software on your computer up to date by applying any necessary patches.
* Do not plug an unknown USB drive into your computer - If you find a USB drive, give it to the appropriate authorities (a location's security personnel, your organization's IT department, etc.). Do not plug it into your computer to view the contents or to try to identify the owner.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #3 on: November 15, 2008, 06:01PM »

Avoiding the Pitfalls of Online Trading

Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim.

What is online trading?

Online trading allows you to conduct investment transactions over the internet. The accessibility of the Internet makes it possible for you to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) you have to devote to managing these accounts and transactions.

What are the risks?

Recognizing the importance of safeguarding your money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage's database makes it valuable; this information can be traded or sold for personal profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code.

Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks. With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince you to provide them with financial information that they can then use or sell. If you have been victimized, both your money and your identity may be at risk.

How can you protect yourself?

·   Research your investment opportunities - Take advantage of resources such as the U.S. Securities and Exchange Commission's EDGAR database and your state's securities commission (found through the North American Securities Administrators Association) to investigate companies.
·   Be wary of online information - Anyone can publish information on the internet, so try to verify any online research through other methods before  investing  any money. Also be cautious of "hot" investment opportunities advertised online or in email.
·   Check  privacy  policies  - Before providing personal or financial information, check  the  web site's privacy policy. Make sure you understand how your information will be stored and used.
·   Make sure that your transactions are encrypted - When information is sent over the  Internet, attackers may be able to intercept it. Encryption prevents the attackers from  being able to view the information.
·   Verify that the web site is legitimate - Attackers may redirect you to a malicious web site that looks identical to a legitimate one. They then convince you to submit your personal and financial information, which they use for their own gain. Check the web site's certificate to make sure it is legitimate.
·   Monitor your investments - Regularly check your accounts for any unusual activity. Report unauthorized transactions immediately.
·   Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, because attackers are continually writing new viruses, it is important to keep your virus definitions current.
·   Use anti-spyware tools - Spyware is a common source of viruses, and attackers may use it to access information on your computer. You can minimize the number of infections by using a legitimate program that identifies and removes spyware.
·   Keep software up to date - Install software patches so that attackers can't  take  advantage  of  known problems or vulnerabilities. Enable automatic updates if the option is available.
·   Evaluate your security settings - By adjusting the security settings in your browser, you may limit your risk of certain attacks.

The following sites offer additional information and guidance:
* U.S. Securities and Exchange Commission - http://www.sec.gov/investor/pubs/cyberfraud.htm
* National Consumers League - http://www.fraud.org/tips/internet/investment.htm


Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #4 on: November 20, 2008, 06:37PM »

In light of some recent events, I decided to post this week's essay a little early.

Dealing with Cyberbullies

Bullies are now taking advantage of technology to intimidate and harass their victims. Dealing with cyberbullying can be difficult, but there are steps you can take.

What is cyberbullying?

Cyberbullying refers to the new, and growing, practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as  physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are new tools that can be applied to an old practice.

Forms of cyberbullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyberbullying is a growing problem in schools.

Why has cyberbullying become such a problem?

The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it easier to be more vicious because there is no personal contact. Unfortunately, the internet and email can also increase the visibility of the activity. Information or pictures posted online or forwarded in mass emails can reach a larger audience faster than more traditional methods, causing more damage to the victims. And because of the amount of personal information available online, bullies may be able to arbitrarily choose their victims.

Cyberbullying may also indicate a tendency toward more serious behavior. While bullying has always been an unfortunate reality, most bullies grow out of it. Cyberbullying has not existed long enough to have solid research, but there is evidence that it may be an early warning for more violent behavior.

How can you protect yourself?

* Be careful where you post personal information - By limiting the number of people who have access to your contact information or details about your interests, habits, or employment, you reduce your exposure to bullies that you do not know. This may limit your risk of becoming a victim  and  may  make  it easier to identify the bully if you are victimized.
* Avoid escalating the situation - Responding with hostility is likely to provoke a bully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, if you are receiving unwanted email messages, consider changing your email  address. If the bully does not have access to the new address, the problem may stop. If you continue to get messages at your new account, you may have a stronger case for legal action.
* Document the activity - Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy.
* Report cyberbullying to the appropriate authorities - If you are being harassed or threatened, report the activity to the local authorities. Law enforcement agencies have different policies, but your local police department or FBI branch are good starting points. Unfortunately, there is a distinction between free speech and punishable offenses, but the legal implications should be decided by the law enforcement officials and the prosecutors.  Depending  on the activity, it may also be appropriate to report it to school officials who may have separate policies for dealing with activity that involves students.

Protect your children by teaching them good online habits. Keep lines of communication open with your children so that they feel comfortable telling you if they are being victimized online. Reduce their risk of becoming cyberbullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.).
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #5 on: December 06, 2008, 11:54AM »

'Tis the season..............

Shopping Safely Online

Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online.

Why do online shoppers have to take special precautions?

The Internet offers a convenience that is not available from any other shopping outlet.  From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How do attackers target online shoppers?

There are three common ways that attackers can take advantage of online shoppers:
· Targeting vulnerable computers  - If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases.
· Creating fraudulent sites and email messages - Unlike traditional shopping, where you know that a store is actually the store it claims  to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source.  Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information.
· Intercepting insecure transactions -  If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted.

How can you protect yourself?

· Use and maintain anti-virus software, a firewall, and anti-spyware software - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date.  Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files
· Keep software, particularly your web browser, up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities.  Many operating systems offer automatic updates. If this option is available, you should enable it.
· Evaluate your software's settings - The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer.  It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.).  Apply the highest level of security available that still gives you the functionality you need.
· Do business with reputable vendors - Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill.
· Take advantage of security features - Passwords and other security features add layers of protection if used appropriately.
· Be wary of emails requesting information - Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email.
· Check privacy policies  - Before providing personal or financial information, check the web site's privacy policy. Make sure you understand how your information will be stored and used.
· Make sure your information is being encrypted - Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a lock icon in the bottom right corner of the window.
· Use a credit card - Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can further minimize damage by using a single credit card with a low credit line for all of your online purchases.
· Check your statements - Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #6 on: January 16, 2009, 06:45AM »

What is spyware?

Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:
•   What information is being gathered?
•   Who is receiving it?
•   How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

•   you are subjected to endless pop-up windows
•   you are redirected to web sites other than the one you typed into your browser
•   new, unexpected toolbars appear in your web browser
•   new, unexpected icons appear in the task tray at the bottom of your screen
•   your browser's home page suddenly changed
•   the search engine your browser opens when you click "search" has been changed
•   certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form)
•   random Windows error messages begin to appear
•   your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

•   Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the title bar instead of a "close" link within the window.
•   Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the title bar.
•   Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
•   Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.
As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:
•   Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.

How do you remove spyware?

•   Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically.
•   Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Webroot's SpySweeper, PestPatrol, and Spybot Search and Destroy.
•   Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #7 on: January 28, 2009, 07:36AM »

Understanding Web Site Certificates

You may have been exposed to web site, or host, certificates if you have ever clicked on the padlock in your browser or, when visiting a web site, have been presented with a dialog box claiming that there is an error with the name or date on the certificate. Understanding what these certificates are may help you protect your privacy.

What are web site certificates?

If an organization wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. Some steps you can take to help determine if a site uses encryption are to look for a closed padlock in the status bar at the bottom of your browser window and to look for "https:" rather than "http:" in the URL. By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit anything.
If a web site has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organization. When you type a URL or follow a link to a secure web site, your browser will check the certificate for the following characteristics:

1.   the web site address matches the address on the certificate
2.   the certificate is signed by a certificate authority that the browser recognizes as a "trusted" authority

Can you trust a certificate?

The level of trust you put in a certificate is connected to how much you trust the organization and the certificate authority. If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you want to visit is actually the site that you are visiting. However, unless you personally verify that certificate's unique fingerprint by calling the organization directly, there is no way to be absolutely sure.

When you trust a certificate, you are essentially trusting the certificate authority to verify the organization's identity for you. However, it is important to realize that certificate authorities vary in how strict they are about validating all of the information in the requests and about making sure that their data is secure. By default, your browser contains a list of more than 100 trusted certificate authorities. That means that, by extension, you are trusting all of those certificate authorities to properly verify and validate the information. Before submitting any personal information, you may want to look at the certificate.

How do you check a certificate?

There are two ways to verify a web site's certificate in Internet Explorer or Mozilla. One option is to click on the padlock in the status bar of your browser window. However, your browser may not display the status bar by default. Also, attackers may be able to create malicious web sites that fake a padlock icon and display a false dialog window if you click that icon. A more secure way to find information about the certificate is to look for the certificate feature in the menu options. This information may be under the file properties or the security option within the page information. You will get a dialog box with information about the certificate, including the following:

•   who issued the certificate - You should make sure that the issuer is a legitimate, trusted certificate authority (you may see names like VeriSign, thawte, or Entrust). Some organizations also have their own certificate authorities that they use to issue certificates to internal sites such as intranets.
•   who the certificate is issued to - The certificate should be issued to the organization who owns the web site. Do not trust the certificate if the name on the certificate does not match the name of the organization or person you expect.
•   expiration date - Most certificates are issued for one or two years. One exception is the certificate for the certificate authority itself, which, because of the amount of involvement necessary to distribute the information to all of the organizations who hold its certificates, may be ten years. Be wary of organizations with certificates that are valid for longer than two years or with certificates that have expired.
When visiting a web site, you may have been presented with a dialog box that claims that there is an error with the site certificate. This may happen if the name the certificate is registered to does not match the site name, you have chosen not to trust the company who issued the certificate, or the certificate has expired. You will usually be presented with the option to examine the certificate, after which you can accept the certificate forever, accept it only for that particular visit, or choose not to accept it. The confusion is sometimes easy to resolve (perhaps the certificate was issued to a particular department within the organization rather than the name on file). If you are unsure whether the certificate is valid or question the security of the site, do not submit personal information. Even if the information is encrypted, make sure to read the organization's privacy policy first so that you know what is being done with that information.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #8 on: February 08, 2009, 04:36PM »

Defending Cell Phones and PDAs Against Attack

 As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.

What unique risks do cell phones and PDAs present?

 Most current cell phones have the ability to send and receive text messages.   Some cell phones and PDAs also offer the ability to connect to the internet.   Although these are features that you might find useful and convenient, attackers may try to take advantage of them. As a result, an attacker may be
 able to accomplish the following:

     * abuse your service - Most cell phone plans limit the number of text messages you can send and receive. If an attacker spams you with text messages, you may be charged additional fees. An attacker may also be able to infect your phone or PDA with malicious code that will allow them to use your service. Because the contract is in your name, you will be responsible for the charges.
     * lure you to a malicious web site - While PDAs and cell phones that give you access to email are targets for standard phishing attacks, attackers are now sending text messages to cell phones. These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file.
     * use your cell phone or PDA in an attack - Attackers who can gain control of your service may use your cell phone or PDA to attack others. Not only does this hide the real attacker's identity, it allows the attacker to increase the number of targets.
     * gain access to account information - In some areas, cell phones are becoming capable of performing certain transactions (from paying for parking or groceries to conducting larger financial transactions). An
attacker who can gain access to a phone that is used for these types of transactions may be able to discover your account information and use or sell it.

What can you do to protect yourself?

     * Follow general guidelines for protecting portable devices - Take precautions to secure your cell phone and PDA the same way you should secure your computer.
     * Be careful about posting your cell phone number and email address - Attackers often use software that browses web sites for email addresses.  These addresses then become targets for attacks and spam. Cell phone numbers can be collected automatically, too. By limiting the number of people who have access to your information, you limit your risk of becoming a victim.
     * Do not follow links sent in email or text messages - Be suspicious of URLs sent in unsolicited email or text messages. While the links may appear to be legitimate, they may actually direct you to a malicious web site.
     * Be wary of downloadable software - There are many sites that offer games and other software you can download onto your cell phone or PDA. This software could include malicious code. Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate. If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.
     * Evaluate your security settings - Make sure that you take advantage of the security features offered on your device. Attackers may take advantage of Bluetooth connections to access or download information on your device. Disable Bluetooth when you are not using it to avoid unauthorized access.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #9 on: March 15, 2009, 07:15AM »

Coordinating Virus and Spyware Defense

Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems.

Isn't it better to have more protection?

Spyware and viruses can interfere with your computer's ability to process information or can modify or destroy data. You may feel that the more anti-virus and anti-spyware programs you install on your computer, the safer you will be. It is true that not all programs are equally effective, and they will not all detect the same malicious code. However, by installing multiple programs in an attempt to catch everything, you may introduce problems.

How can anti-virus or anti-spyware software cause problems?

It is important to use anti-virus and anti-spyware software. But too much or the wrong kind can affect the performance of your computer and the effectiveness of the software itself.

Scanning your computer for viruses and spyware uses some of the available memory on your computer. If you have multiple programs trying to scan at the same time, you may limit the amount of resources left to perform your tasks. Essentially, you have created a denial of service against yourself It is also possible that in the process of scanning for viruses and spyware, anti-virus or anti-spyware software may misinterpret the virus definitions of other programs. Instead of recognizing them as definitions, the software may interpret the definitions as actual malicious code. Not only could this result in false positives for the presence of viruses or spyware, but the anti-virus or anti-spyware software may actually quarantine or delete the other software.

How can you avoid these problems?

     * Investigate your options in advance - Research available anti-virus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes, and try to find out how frequently the virus definitions are updated. Also check for known compatibility issues with other software you may be running on your computer.
     * Limit the number of programs you install - Many vendors are now releasing packages that incorporate both anti-virus and anti-spyware capabilities together.  However, if you decide to choose separate programs, you really only need one anti-virus program and one anti-spyware program. If you install more, you increase your risk for problems.
     * Install the software in phases - Install the anti-virus software first and test it for a few days before installing anti-spyware software. If problems develop, you have a better chance at isolating the source and then determining if it is an issue with the software itself or with compatibility.
     * Watch for problems - If your computer starts processing requests more slowly,  you  are  seeing  error messages when updating your virus definitions, your software does not seem to be recognizing malicious code, or other issues develop that cannot be easily explained, check your anti-virus and anti-spyware software.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #10 on: March 26, 2009, 06:58AM »

Beware Conficker worm come April 1

Windows users - click here. And thank to Bill/CWFan2 for the heads up.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #11 on: March 27, 2009, 06:10PM »

SAN FRANCISCO (AP) - The fast-moving Conficker computer worm, a scourge of the Internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday - April Fools' Day.

That's when many of the poisoned machines will get more aggressive about "phoning home" to the worm's creators over the Internet. When that happens, the bad guys behind the worm will be able to trigger the program to send spam, spread more infections, clog networks with traffic, or try and bring down Web sites.

Technically, this could cause havoc, from massive network outages to the creation of a cyberweapon of mass destruction that attacks government computers. But researchers who have been tracking Conficker say the date will probably come and go quietly.

More likely, these researchers say, the programming change that goes into effect April 1 is partly symbolic - an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage.

"I don't think there will be a cataclysmic network event," said Richard Wang, manager of the U.S. research division of security firm Sophos PLC. "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the Internet they can't make any money."

Previous Internet threats were designed to cause haphazard destruction. In 2003 a worm known as Slammer saturated the Internet's data pipelines with so much traffic it crippled corporate and government systems, including ATM networks and 911 centers.

Far more often now, Internet threats are designed to ring up profits. Control of infected PCs is valuable on the black market, since the machines can be rented out, from one group of bad guys to another, and act as a kind of illicit supercomputer, sending spam, scanning Web sites for security holes, or participating in network attacks.

The army of Conficker-infected machines, known as a "botnet," could be one of the greatest cybercrime tools ever assembled. Conficker's authors just need to figure out a way to reliably communicate with it.

Infected PCs need commands to come alive. They get those commands by connecting to Web sites controlled by the bad guys. Even legitimate sites can be co-opted for this purpose, if hackers break in and use the sites' servers to send out malicious commands.

So far, Conficker-infected machines have been trying to connect each day to 250 Internet domains - the spots on the Internet where Web sites are parked. The bad guys need to get just one of those sites under their control to send their commands to the botnet. (The name Conficker comes from rearranging letters in the name of one of the original sites the worm was connecting to.)

Conficker has been a victim of its success, however, because its rapid spread across the Internet drew the notice of computer security companies. They have been able to work with domain name registrars, which administer Web site addresses, to block the botnet from dialing in.

Now those efforts will get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet will randomly select 500 for the machines to actually query.

The bad guys still need to get only one of those up and running to connect to their botnet. And the bigger list of possibilities increases the odds they'll slip something by the security community.

Researchers already know which domains the infected machines will check, but pre-emptively registering them all, or persuading the registrars to neutralize all of them, is a bigger hurdle.

"We expect something will happen, but we don't quite know what it will look like," said Jose Nazario, manager of security research for Arbor Networks, a member of the "Conficker Cabal," an alliance trying to hunt down the worm's authors.

"With every move that they make, there's the potential to identify who they are, where they're located and what we can do about them," he added. "The real challenge right now is doing all that work around the world. That's not a technical challenge, but it is a logistical challenge."

Conficker's authors also have updated the worm so infected machines have new ways to talk to each other. They can share malicious commands rather than having to contact a hacked Web site for instructions.

That variation is important because it shows that even as security researchers have neutralized much of what the botnet might do, the worm's authors "didn't lose control of their botnet," said Michael La Pilla, manager of the malicious code operations team at VeriSign Inc.'s iDefense division.

The Conficker outbreak illustrates the importance of keeping current with Internet security updates. Conficker moves from PC to PC by exploiting a vulnerability in Windows that Microsoft Corp. (MSFT) fixed in October. But many people haven't applied the patch or are running pirated copies of Windows that don't get the updates.

Unlike other Internet threats that trick people into downloading a malicious program, Conficker is so good at spreading because it finds vulnerable PCs on its own and doesn't need human involvement to infect a machine.

Once inside, it does nasty things. The worm tries to crack administrators' passwords, disables security software, blocks access to antivirus vendors' Web sites to prevent updating, and opens the machines to further infections by Conficker's authors.

Someone whose machine is infected might have to reinstall the operating system.

(Reprinted by permission)
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #12 on: March 29, 2009, 08:45AM »

Update on Conficker worm: (a.k.a. "downadup")

  • Conficker infects only Windows machines. If you use any other operating system, you are not at risk.
  • If you are running antivirus software and have kept it up to date, your machine is probably not infected.
  • If you have downloaded and installed the latest updates and patches from Microsoft, including the "Malicious Software Removal Tool", your machine is probably not infected.
  • If you are in doubt, run the free Windows Live OneCare safety scanner, available at http://onecare.live.com/site/en-us/default.htm. This scan will detect and remove the infection.
  • The worm might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog will show one additional option (Figure 1).
  • In the screen shot of the Autoplay dialog box below, the option Open folder to view files — Publisher not specified was added by the worm. The highlighted option — Open folder to view files — using Windows Explorer is the option that Windows provides and the option you should use. If you select the first option, the worm executes and can begin to spread itself to other computers.
  • If your machine becomes infected, or has been infected, it will become part of a "botnet" - a network currently estimated at 9 million computers worldwide.
  • Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines.
  • What happens on April Fool's Day is anyone's guess.  The program could delete all of the files on a person's computer, use zombie PCs -- those controlled by a master -- to overwhelm and shut down Web sites or monitor a person's keyboard strokes to collect private information like passwords or bank account information, experts said.  More likely, though, the virus may try to get computer users to buy fake software or spend money on other phony products.


Figure 1
The option Open folder to view files — Publisher not specified was added by the worm.

The web site for F-SECURE.com has posted a very good blog titled Questions and Answers: Conficker and April 1st.  It is located at http://www.f-secure.com/weblog/archives/00001636.html. It should answer most of your questions, and it provides a link to their free cleaning tool.

Symantec (Norton Antivirus software) has published an excellent document titled The Downadup Codex - A comprehensive guide to the threat’s mechanics.  This is a large (37 pages, >5 MB) PDF file, and it may be a challenge to get through some of the techno-speak.  But it will answer most of your questions about this threat.  We have made it available here: http://www.ropescorner.com/cw/the_downadup_codex_ed1.pdf.

Notes:  we will not be shutting down the forum on 1st April, and we don't advise any other web site or forum owner/administrator to do so.  It simply isn't necessary.  We urge our members to always use discretion and good judgment when surfing the web and downloading software from non-trusted sources.  Configure your Windows updates to automatically download and install high priority security patches and updates, and keep virus definitions up to date at all times.  Make sure your antivirus in running 24/7, and is configured to auto-scan all downloads and incoming email messages.
« Last Edit: March 29, 2009, 08:51AM by OldFatGuy » Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #13 on: April 23, 2009, 12:39PM »

Staying Safe on Social Network Sites

The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so you should take certain precautions.

What are social networking sites?

Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.

Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, and instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest.

What security implications do these sites present?

Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because
     * The internet provides a sense of anonymity
     * The lack of physical interaction provides a false sense of security
     * They tailor the information for their friends to read, forgetting that others may see it
     * They want to offer insights to impress potential friends or associates.

While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you.  Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer without your knowledge.

How can you protect yourself?

     * Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.
     * Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines.
     * Be wary of strangers - The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
     * Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.
     * Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile. You can customize your settings to restrict access to only certain people.  However, there is a risk that evens this private information could be exposed, so don't post anything that you wouldn't want the public to see.  Also, be cautious when deciding which applications to enable, and check your settings to see what information the applications will be able to access.
     * Use strong passwords - Protect your account with passwords that cannot easily be guessed. If your password is compromised, someone else may be able to access your account and pretend to be you.
     * Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam. Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
     * Use and maintain anti-virus software - Anti-virus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Children are especially susceptible to the threats that social networking sites present. Although many of these sites have age restrictions, children may misrepresent their ages so that they can join. By teaching children about internet safety, being aware of their online habits, and guiding them to appropriate sites, parents can make sure that the children become safe and responsible users.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
OldFatGuy
Bodhrán Player
********
Posts: 7,905



WWW
« Reply #14 on: June 17, 2009, 02:20PM »

Understanding Firewalls

When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall.

What do firewalls do?

Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on "always on" connections such as cable or DSL modems.

What type of firewall is best?

Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.

* Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called “routers” that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, but many products are available for less than $100 (and there are even some for less than $50).
* Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don't have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If you do download software from the Internet, make sure it is a reputable, secure website. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you're trying to protect may hinder the firewall's ability to catch malicious traffic before it enters your system.

How do you know what configuration settings to apply?

Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a website). Also, alerts about current viruses or worms sometimes include information about restrictions you can implement through your firewall.

Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as anti-virus software and "safe" computing practices) will strengthen your resistance to attacks.
Logged

If anyone has my r_ropes@bellsouth.net email address saved, you can delete it. I got tired of subsidizing AT&T.
Pages: [1] 2   Go Up
  Print  
 
Jump to: