Hello all! After a lengthy absence from these pages, I have returned. It is my goal to provide some helpful information to you at least weekly, and to try to keep you abreast of any current threats or trends of which you need to be aware.
In that vein, let’s talk about the security of your personal e-mail accounts. Most people now have personal as well as business e-mail accounts. Sites like Yahoo, GMail, Mail.com, Hotmail, AOL, etc all offer free e-mail with lots of storage space. It make it easy to keep touch with friends and family, get notifications from your bank or online vendors, etc. But have you ever thought about the amount of personal information someone could obtain from you e-mail account? Continue reading
How many of you have heard the phrase used in the title? Essentially, it refers to a professional being so busy with work that their own family lacks the very services they provide to others.
I had occasion to reflect on this statement as I worked on my wife’s laptop this weekend. Yes, I am ashamed to admit that my own wife’s computer was infected with malware! You would think a computer security professional’s computers would be safe, right?
The latest phishing campaign I have been seeing targets users of AOL Instant Messenger. Users are sent an e-mail with a subject line reading something like “Your AIM account is flagged as inactive”. If you open the message, the body of the email will read somehting like this:
Dear AOL Instant Messenger (AIM) user,
Your AIM account is flagged as inactive. Within the following 72 hours it’ll be deleted from the system.
If you plan to use this account in the future, you have to download and launch the latest update for the AIM. This update is critical.
In order to install the update use the following link. This link is generated exclusively for your account and is available within a certain period of time. As soon as this link is not available anymore you will get another letter.
AIM Service Team
This e-mail has been sent from an e-mail address that is not monitored. Please do not reply to this message. We are unable to respond to any replies.
Of course, downloading and running the application at the linked site merely installs a Trojan, which makes your computer a part of a bot-net and can be used to steal you personal and financial information.
Happy New Year! Yes, I know the New Year is almost a month old, but since this is my first blog post this year, I thought I would say it anyway.
Now to the important stuff. There was a new bug discovered in Microsoft’s Internet Explorer. This bug was considered to be such a serious security hole that they took the unusual step of issuing an “out of band” hotfix – meaning that they issued it right away, rather than wait until the normal Patch Tuesday release.
According to SC Magazine:
Microsoft on Thursday delivered an emergency patch to correct seven Internet Explorer vulnerabilities, including at least one known to have been used in the highly publicized attacks against more than 30 brand companies.
Microsoft was forced to acknowledge the flaw last week, when McAfee reported that an IE exploit was one of the malware samples being used to spread data-stealing, espionage trojans to Google, Adobe, Northrop Grumman, Juniper and more than 25 other large companies.
If you have your home PC set up to automatically download and install updates, your system should be protected. However, if you like to manually install updates, you should download and install the update as soon as possible.
There are some reports that this vulnerability is what was used by hackers to compromise the GMail accounts of Chinese dissidents. However, that attack was accomplished using a piece of malware called the Hydraq trojan.
As always, keeping your system updated and your anti-virus current is your first line of defense.
When people think of “cyber-crime” most people think of hackers, viruses and other malware, etc. In other words, they think in terms of attacks based on technology, and that can be defeated by technology such as antivirus software, firewalls, etc.
In reality, most cyber-criminals rely more on human nature than technology to achieve their goals. This is called “social engineering”, and it is on what most online scams are based. The criminals rely on greed, on the trusting nature of people, or on the compassion for others to either get your personal information, or in some cases, get you to give them your money willingly.
This is a little off the topic of security per se, but I though this was a good wake up call for parents of kids who might be sharing their CD collection online with their friends:
A federal judge in Boston today formally signed off on a $675,000 fine that a jury assessed against Boston University doctoral student Joel Tenenbaum for illegally sharing 30 copyrighted songs. (“Update: Judge affirms $675k verdict in RIAA music piracy case”, ComputerWorld.com, 12/8/09)
Today’s topic may be a little technical for the average user, but I’ll try to make it easy for even non-technical users to follow. If you read this article and are interested, but don’t understand something, feel free to post a comment and I’ll try to help.
So we have talked about a number of ways to protect your personal and financial information, mostly in the context of a Microsoft Windows environment. But there is another way to make sure that you don’t have Trojans stealing your information when you are banking or doing online shopping – don’t use Windows! No, I’m not suggesting that you go out and buy a Mac, or that you install another operating system. I’m suggesting you use a Live CD when you do any financial transactions.
Well, it is almost time for “patch Tuesday”. On the 2nd Tuesday of every month, Microsoft releases updates and patches for its operating systems (OS) and applications. In particular, this is the day each month that MS patches the critical security flaws that have been discovered in the preceding months. When previous OS versions have been released, such as XP and Vista, the first few months saw a flurry of critical updates as holes were discovered and patched.
Looking at the advance notification of what is to be released next Tuesday, there appears to be only one patch affecting Windows 7. Actually, the patch is for Internet Explorer 8, but the vulnerability affects all version of the OS running IE8, including Windows 7.
With the discovery last month of a flaw that could allow an attack that could cause the system to “blue screen”, this is only the 2nd critical update for Windows 7. From a security standpoint, that is unprecedented for a Microsoft OS. It appears that Microsoft gave more than lip service to the focus on delivering a more stable and secure platform this time. And speaking for myself, I find Windows 7 much easier and more enjoyable to use than Vista ever was.
So if you are considering buying a new PC for Christmas, and you are worried about Windows 7 being fairly new, my advice is – don’t worry. From all evidence so far, it is much superior to Vista, and should provide you with a good computing experience.
(Of course, you should always keep your system updated with the latest patches as they are released.)
Well, it was only a matter of time until someone figured out how to use the H1N1 “swine flu” scare as a part of a scam.
People are probably going to get tired of reading this, but it is one of the most important lessons you can learn to protect yourself online. Whenever you receive an e-mail with a link or visit a new website, think carefully before clicking! So many of the viruses and other malware being spread today only succeed because the cyber-crimimals are able to persuade users to click on a link that launches the attack.