In past posts about online security I've mentioned that if you receive an email that you weren't expecting, even if it appears to be from someone you know, you should be cautious in opening it. Most people aren't aware that the protocol used for sending email, SMTP, is not secure, and that it's relatively easy to "spoof" an email address and make an email look like it's coming from someone else. A lot of spammers and viruses/worms take advantage of this flaw in SMTP and use it to try to trick people into opening emails they probably wouldn't otherwise view.
Sometimes it's not enough to secure your own computer and practice safe computing. You may have friends and family who aren't as careful as you are, and if their computer or information gets compromised it can lead to a higher risk that you might be compromised as well.
The Financial Times recently reported on the series of hacks at Google, and one of the things that the attackers did to gain access was to compromise the computers of friends of people who work at Google and use their messaging accounts to trick Google employees into clicking on links that compromised their own machines.
Earlier this month I posted about protecting your online identity. One thing to keep in mind is that even if you lock down your social networking profile so that only your "friends" can see it, you have no way of knowing if one of the people who can see your information is as careful with their account as you are with yours. A friend who forgets to log out of Facebook at a public kiosk will expose any information you have shared with them to a curious stranger who logs onto the kiosk after them.
In this day and age the old adage "trust but verify" has never been more appropriate. Next time a friend sends you a link, make sure that you think twice before clicking, you really have no way to know exactly who is on the other end of that email or IM!
Thursday, January 28, 2010
Tuesday, January 26, 2010
Avast Releases New Version
Upgrade to the new avast! version 5
Avast has upgraded their free anti-virus to Version 5. This new version does away with some of the more annoying features of the older version (in particular, pop-ups that could interrupt what you were doing without warning).
If you already have Avast, click on the above link to upgrade. If you don't have it and are looking for free anti-virus software that does the job well, Avast is a good option!
Avast has upgraded their free anti-virus to Version 5. This new version does away with some of the more annoying features of the older version (in particular, pop-ups that could interrupt what you were doing without warning).
If you already have Avast, click on the above link to upgrade. If you don't have it and are looking for free anti-virus software that does the job well, Avast is a good option!
Thursday, January 21, 2010
Internet Explorer "Zero Day" Patch - Macintosh Security Patch
Microsoft Security Bulletin Advance Notification for January 2010
The above bulletin from Microsoft announces that later today they will be releasing an "out-of-band" patch to fix a security hole in Internet Explorer. Preliminary reports state that this patch should be released around 10:00am Pacific time today.
The security hole that this patch addresses is the same hole that was used to hack Google earlier this month. With all the press that this story has received, the exploit has been released to the Internet, and there are already several malicious programs and sites that are using this security hole in an attempt to compromise people's computers.
If you are a PC user, I highly recommend that you run Windows Update (or Microsoft Update) this afternoon and install this critical patch.
About Security Update 2010-001
On the Macintosh front, the above link points to a security bulletin released by Apple that addresses several security holes in OS X. Macintosh users would also be wise to run Software Update today and install any needed patches.
The upshot is, if you're running a Mac or a PC, today is the day to install updates!
The above bulletin from Microsoft announces that later today they will be releasing an "out-of-band" patch to fix a security hole in Internet Explorer. Preliminary reports state that this patch should be released around 10:00am Pacific time today.
The security hole that this patch addresses is the same hole that was used to hack Google earlier this month. With all the press that this story has received, the exploit has been released to the Internet, and there are already several malicious programs and sites that are using this security hole in an attempt to compromise people's computers.
If you are a PC user, I highly recommend that you run Windows Update (or Microsoft Update) this afternoon and install this critical patch.
About Security Update 2010-001
On the Macintosh front, the above link points to a security bulletin released by Apple that addresses several security holes in OS X. Macintosh users would also be wise to run Software Update today and install any needed patches.
The upshot is, if you're running a Mac or a PC, today is the day to install updates!
Tuesday, January 19, 2010
Protecting Your Personal Information
My last post regarding fraudulent fund raising for Haiti really demonstrates how in the modern age of social networking we have to be more careful than ever about protecting ourselves online. In today's post I want to talk a bit about how seemingly innocuous information can really put you at risk.
Entering your ZIP code into a website is a pretty common occurrence, and you'd think that this information wouldn't be very useful, however here are just two examples of things that use your ZIP code for security:
- Most gas pumps require your ZIP code when you use a credit card
- Some email services use your ZIP code as a part of a default password.
Now I know that you can't really have an online life without ever entering your ZIP code, I just wanted to point out that even information that you don't normally think twice about disclosing could possibly be exploited in the wrong hands.
So what do you do to keep safe?
First, keep your wits about you when you are entering any information into a browser. Check for security (https instead of http, the little lock in the address window or at the bottom of your browser, etc.) any time you're entering information that could be exploited. Most companies are very aware that consumers are concerned about security risks, and if their site isn't secure you shouldn't hesitate to call them and ask for another way to deliver your information. If an offer sounds too good to be true, it likely is... do your research! Make sure that links you click on in an email actually match once you've arrived there in a browser, just because it says www.yourbank.com doesn't mean that's where it leads (click that link and see what I mean).
When you are doing online banking, I always recommend that you close all other browser windows and tabs and use only your bank's site until you are done. When you finish an online banking session, use the "log out" or "log off" feature on the site and completely close your browser to clean out any remaining tokens or cookies from the banking session. I always recommend that you select a unique and strong password for your online banking, and that you never use that password for anything else. (This holds true for any financial website, such as your 401(k), stockbroker, or other investment site.)
Next, I'd recommend that you look into the security settings on any social-networking sites that you use. There are several great articles about how to securely use Facebook, Twitter, and other social networking services. Most of these services even offer their own guides regarding their privacy policy (Facebook's can be found here). Many services also have a method where you can check and see what a public user sees about you. If a site does not have this service, log out and do a search for yourself and see what you can see.
Once you've got your privacy settings squared away to your liking, the next thing to keep in mind is to think before you post. If "friends of friends" can see your information, you may want to refrain from posting "Just bought a new huge flatscreen TV and surround sound theatre, had to cancel alarm service in order to make payments" to your social networking site (especially if it's going to be followed by "Forgot the cables, have to go back to the store" ten minutes later). It's becoming more and more common for thieves to choose their targets carefully, and you don't want to give them any information that will make you a victim.
One final bit of advice would be to seperate out your personal online space from your games. There are many popular games on social networking sites, however as these games grow in popularity they also grow in risk, by having a seperate "gaming" avatar, you can protect your personal information and still have fun online. (Footnote: even with your personal information unexposed, there are still ways to get scammed playing these games, so please be careful out there!)
While it is wonderful that modern technology makes it so much easier to share information and connect with people, it comes with the responsibility of making sure that the technology is used in a safe way. Being aware of the risks where your personal information is involved, and taking steps to mitigate these risks, helps to avoid the problems that these new tools can bring without negating the benefits that this technology brings to our lives.
Entering your ZIP code into a website is a pretty common occurrence, and you'd think that this information wouldn't be very useful, however here are just two examples of things that use your ZIP code for security:
- Most gas pumps require your ZIP code when you use a credit card
- Some email services use your ZIP code as a part of a default password.
Now I know that you can't really have an online life without ever entering your ZIP code, I just wanted to point out that even information that you don't normally think twice about disclosing could possibly be exploited in the wrong hands.
So what do you do to keep safe?
First, keep your wits about you when you are entering any information into a browser. Check for security (https instead of http, the little lock in the address window or at the bottom of your browser, etc.) any time you're entering information that could be exploited. Most companies are very aware that consumers are concerned about security risks, and if their site isn't secure you shouldn't hesitate to call them and ask for another way to deliver your information. If an offer sounds too good to be true, it likely is... do your research! Make sure that links you click on in an email actually match once you've arrived there in a browser, just because it says www.yourbank.com doesn't mean that's where it leads (click that link and see what I mean).
When you are doing online banking, I always recommend that you close all other browser windows and tabs and use only your bank's site until you are done. When you finish an online banking session, use the "log out" or "log off" feature on the site and completely close your browser to clean out any remaining tokens or cookies from the banking session. I always recommend that you select a unique and strong password for your online banking, and that you never use that password for anything else. (This holds true for any financial website, such as your 401(k), stockbroker, or other investment site.)
Next, I'd recommend that you look into the security settings on any social-networking sites that you use. There are several great articles about how to securely use Facebook, Twitter, and other social networking services. Most of these services even offer their own guides regarding their privacy policy (Facebook's can be found here). Many services also have a method where you can check and see what a public user sees about you. If a site does not have this service, log out and do a search for yourself and see what you can see.
Once you've got your privacy settings squared away to your liking, the next thing to keep in mind is to think before you post. If "friends of friends" can see your information, you may want to refrain from posting "Just bought a new huge flatscreen TV and surround sound theatre, had to cancel alarm service in order to make payments" to your social networking site (especially if it's going to be followed by "Forgot the cables, have to go back to the store" ten minutes later). It's becoming more and more common for thieves to choose their targets carefully, and you don't want to give them any information that will make you a victim.
One final bit of advice would be to seperate out your personal online space from your games. There are many popular games on social networking sites, however as these games grow in popularity they also grow in risk, by having a seperate "gaming" avatar, you can protect your personal information and still have fun online. (Footnote: even with your personal information unexposed, there are still ways to get scammed playing these games, so please be careful out there!)
While it is wonderful that modern technology makes it so much easier to share information and connect with people, it comes with the responsibility of making sure that the technology is used in a safe way. Being aware of the risks where your personal information is involved, and taking steps to mitigate these risks, helps to avoid the problems that these new tools can bring without negating the benefits that this technology brings to our lives.
Friday, January 15, 2010
Out of Tragedy - Fraud
As we rally around the people of Haiti and think about what we can do to assist them in this time of dire need, it is important to make sure that our contributions are quickly distributed and spent in the areas most needed by those who are suffering in this disaster. Unfortunately, in this age of social networks and cell-phone donations it is also a time to be especially careful about how we offer our assistance.
There have already been several fraudulent emails and scams targeting users of email, Facebook, and SMS messaging. Not only to these schemes aim to steal the funds that so many are generously donating to Haiti, they are also stealing information about identities and gathering marketing data.
If you want to help the people of Haiti, be sure to take just a moment to investigate the person, organization, or method that you are using to contribute. A good resource to see where you can help is NPR’s website where they have posted a list of ways to help. Another good place to contribute is directly to the Red Cross. If you receive a solicitation for aid, you can check it out on Snopes.com, where you can perform a simple search to see if the plea is legitimate or not.
It’s times like these that we take our technology for granted, it’s important that we all do what we can, and that we see our aid is delivered quickly and honestly. After witnessing the tragedy in Haiti, it's important that we don't put ourselves at risk when we reach out to help.
There have already been several fraudulent emails and scams targeting users of email, Facebook, and SMS messaging. Not only to these schemes aim to steal the funds that so many are generously donating to Haiti, they are also stealing information about identities and gathering marketing data.
If you want to help the people of Haiti, be sure to take just a moment to investigate the person, organization, or method that you are using to contribute. A good resource to see where you can help is NPR’s website where they have posted a list of ways to help. Another good place to contribute is directly to the Red Cross. If you receive a solicitation for aid, you can check it out on Snopes.com, where you can perform a simple search to see if the plea is legitimate or not.
It’s times like these that we take our technology for granted, it’s important that we all do what we can, and that we see our aid is delivered quickly and honestly. After witnessing the tragedy in Haiti, it's important that we don't put ourselves at risk when we reach out to help.
Thursday, January 14, 2010
Critical Adobe Updates
Adobe - Security Bulletin APSB10-02 Security Advisory for Adobe Reader and Acrobat
Adobe has released a critical security patch that fixes a vulnerability in Acrobat and Reader which has been exploited by certain trojans and malware packages to infect computers. I've personally seen several machines that have been compromised through this hole, and you may have read the news that even Google was hacked via an exploit of this security hole.
Be sure to update your Adobe applications so that you don't become a statistic!
Adobe has released a critical security patch that fixes a vulnerability in Acrobat and Reader which has been exploited by certain trojans and malware packages to infect computers. I've personally seen several machines that have been compromised through this hole, and you may have read the news that even Google was hacked via an exploit of this security hole.
Be sure to update your Adobe applications so that you don't become a statistic!
Subscribe to:
Posts (Atom)
Posts
