Health information from Healthkut

Healthkut.com is a health blog provides latest buzz on current health events and current health articles. its also a leading platform for informative articles on various diseases and conditions, womans health, infertility etc wide range of health and medical topics.

I'm reading: Health information from Healthkut

Find out more...

How to Pump Massive Targeted Traffic From Google

Search Engine TYphoon

How to get massive traffic from Google
Got a website where you're selling a product, but your hit counter is jammed, not making any sales despite the fact that your product is in demand from customers? Let's get that hit counter spinning like a top within minutes and without any kind of pay per click or additional costs!

Discover how to use free Google tools to quickly generate highly targeted leads within 15 minutes!

CheckmarkSee how to drive unlimited targeted traffic to any website in any niche!

CheckmarkStop paying thousands on advertising when there's a deceptively simple system that can send free targeted leads in any niche ... within 15 minutes!

Join now!

I'm reading: How to Pump Massive Targeted Traffic From Google

Find out more...

SimFree, Contract & PayAsYouGo Mobile Phones.

Most popular pay monthly phone deals in the last 24 hours. Free on O2 with 600 minutes and unlimited texts for �25 per month, plus you can claim 7 months half price line rental via cash back. Stock is due within a few days.

pay as you mobile phones

Cheap Line Rental Contract Mobile Phone Deals of 3, Orange and T Mobile Phone with Free 3g Mobile Phones.

Cheap Line Rental 3 Contract Mobile Phone Deals with Free Latest Mobile Phones.

Great prices on all mobile phones, Contracts, pay as you go mobiles, ringtones, logos and accessories. Suppliers of Nokia, Ericsson mobiles, Motorola,and Sony phones on Vodafone, Orange, O2 or T-Mobile networks. Mobile Phone Shop.
payasyougo mobile phones

I'm reading: SimFree, Contract & PayAsYouGo Mobile Phones.

Find out more...

Internet Marketing Bootcamp - Profit Copilot

Discover The Easiest Way To Make A 6 Figure Income; And That's Before You Even Look At The Course Material! It won't happen overnight but it is the fastest and easiest route to longterm success!

What Do You See When You Picture The Life You've Always Dreamed?
How Does It Feel When You Imagine More Money Than You Need?
Do You Have The Power To Visualize Becoming Your Own Boss?
Imagine How Soon Could You Start Working From Home
Can You Focus On Creating A Highly Profitable Home Business?

Now, If you decide this is for you, firstly you'll need to understand:

Most Of The Hard Work Is Already Done For You
This Is The Only Product You'll Ever Need

Join now: Internet Marketing Bootcamp - Profit Copilot

I'm reading: Internet Marketing Bootcamp - Profit Copilot

Find out more...

HostingISO - an other way to host

HostingISO is an other way to host your website. They have a lot of services where you can choose at cheap prices.
Register & transfer domains for less. Reliable hosting. Easy-to-use site builders. Affordable SSL certificates. eCommerce solutions. ICANN-accredited.

The great part is that they offer Linux and Windows plans for hosting your services.

I use their service and I'm very excited. I encourage you to use it too.

http://www.hostingiso.com

I'm reading: HostingISO - an other way to host

Find out more...

RockVPS - web hosting

RockVPS, Inc is a web hosting provider built upon a zealous commitment to customers. RockVPS originally served the needs of individual webmasters and small businesses. Now, the business operates its own network and server facilities to handle customer growth and a broader range of service offerings.

Mission Statement

RockVPS will provide for the hosting needs of customers above and beyond what is expected of unmanaged hosting. We care for our customers and want them to know that not only will they have 99.9% uptime per our SLA, they will also have unparalleled customer support.

Skills

Our skilled IT professionals are available 24/7 to assist you whether it be PHP, MySQL, APACHE, etc. We know we dominate the competition with our knowledgeable staff and can't-be-beat pricing.

I'm reading: RockVPS - web hosting

Find out more...

Spotagel - New E-Commerce Website

Spotagel.com is a new e-commerce site where you can buy different things at very cheap prices. Here you can find anything you want at a good price. The site has a user-friendly interface, easy to use and provides a filtered search to quickly find all you need. This site is new, but has a very promising future. Personally I use and I am very excited about it. I personally highly encourage you to use this new website.

I'm reading: Spotagel - New E-Commerce Website

Find out more...

How To Choose A Web Host For Your Business Website

The internet is one of the most important tools in the modern times. What started off as simply a mode of transfer of data is today used for a wide variety of purposes. Today, it plays a very important role in commerce and finance, all across the globe. These days, a large number of products are sold over the net. So, you will find products ranging from safety pins to cars and nails to large factories on sale on the internet. It is perhaps due to this ever growing popularity, that a large number of firms, enter the arena of internet marketing.

As a result of this, more and more websites are coming up each day. As a matter of fact, it does not seem to be a distant reality, that some day, every person would be having a separate website of his or her own. In order to cater to this growing demand for websites, web hosting services have come up as an effective tool. In recent times, a number of portals have come up, which offer web hosting services. These websites offer various web hosting plans that you can choose from, depending upon your requirements. However, one of the most important aspects in this regard, is to select the appropriate web hosting service. It gets typically difficult, to select an appropriate service which can help you achieve your objective.

You can also opt for green hosting services and contribute towards environmental cause. Green web hosts are those, which make use of renewable sources of energy, for running their datacenters.

You can try this web hosting service.

I'm reading: How To Choose A Web Host For Your Business Website

Find out more...

Google patches Chrome days before hacking contest

"Only browser predicted to survive Pwn2Own gets 11 fixes by Gregg Keizer"

Google has patched 11 vulnerabilities in the Windows version of Chrome, including one that earned its finder the first $1,337 check from the company's new bug bounty program.

Like Apple , which updated Safari last week , Google beefed up the security of its browser just days before the Pwn2Own browser hacking contest was to kick off in Canada.

The update to Chrome 4.1.249.1036 fixes six flaws rated "high," the second-most-severe ranking in Google's four-step threat system; plugs three "medium" holes; and quashes two "low" bugs.

Danish vulnerability tracker Secunia rated the update as "highly critical."

Although Google typically hides technical details of the most serious vulnerabilities when it issues an update -- it blocks bug tracker entries to prevent attackers from using the information -- all of the 11 bugs are behind the wall this time.

"The referenced bugs may be kept private until a majority of our users are up to date with the fix," explained Orit Mazor, a technical program manager with the Chrome team, in a blog entry Wednesday.

A bug in WebKit, the open-source browser engine that powers Chrome as well as Safari, earned researcher Sergey Glazunov a check for $1,337, the maximum Google pays for vulnerabilities as part of a bounty program that debuted last January. Most flaws earn their finders just $500, but "particularly severe or particularly clever" bugs reap rewards of $1,337 each. The amount is a reference to "leet," a kind of geek-speak used by some researchers; there, "leet" is rendered as "1337."

Other vulnerabilities were credited to Mark Dowd, a noted browser and OS vulnerability researcher who is working under contract for Google; Robert "RSnake" Hansen, CEO of SecTheory; and Aki Helin of OUSPG (Oulu University Secure Programming Group), Oulu University in Finland.

Altogether, Google paid out $3,337 in bounties for the bugs it patched Wednesday.

Only the Windows "stable" channel -- a term Google uses in place of "final" -- was patched; the Mac and Linux versions of Chrome have not yet left the "beta" channel.

Google added several non-security features to Wednesday's update, including integrated language translation and new private browsing settings, that had made their way into the beta earlier this month.

Chrome is the second browser to be patched in seven days. On March 11, Apple fixed 16 flaws in Safari. Both browsers' updates were timely: Starting next Wednesday, Chrome, Safari, Microsoft 's Internet Explorer 8 (IE8) and Mozilla's Firefox will go head-to-head with an unknown number of hackers who will try to exploit unpatched vulnerabilities and win $40,000 in cash at Pwn2Own, the annual contest sponsored by 3Com's TippingPoint. On Thursday, Aaron Portnoy, a security research team lead at TippingPoint and the organizer of this year's Pwn2Own, predicted that Safari would fall to attack on the second of the contest's three days, while Chrome would be the sole survivor .

The last time Google patched the stable build of Chrome for Windows was in late January.

Chrome is now the third-most-used browser on the planet, having grabbed the No. 3 spot from Safari in December 2009, and as of last month, accounted for approximately 6% of all browsers in use, according to Web measurement vendor NetApplications.com.

Google Chrome can be downloaded for Windows XP, Vista and Windows 7 from the company's site. Users running the stable build will receive the update automatically.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

I'm reading: Google patches Chrome days before hacking contest

Find out more...

Hackers love to exploit PDF bugs, says researcher

"Last month's Adobe Reader vulnerability now under attack, says F-Secure and Microsoft by Gregg Keizer"

Hackers adore Adobe Reader, and have pushed it into first place as the software most often exploited in targeted attacks, a Finnish security company said today.

Helsinki-based F-Secure also urged users to update to the newest version of Reader to protect themselves against new attacks taking advantage of a vulnerability patched just three weeks ago.

According to F-Secure , 61% of the nearly 900 targeted attacks it's tracked in the first two months of 2010 exploited a vulnerability in Reader, Adobe's popular PDF viewer. By comparison, Microsoft 's Word was exploited in just 24% of the attacks, and bugs in its Excel spreadsheet and PowerPoint presentation maker were leveraged only a combined 14% of the time.

Reader's slice of the targeted attack "market" climbed from 29% in 2008 to almost 50% last year, but at its pace so far this year, exploits aimed at Adobe's software are on track to account for nearly two out of every three attacks.

Microsoft's portion of targeted attack exploits, meanwhile, has steadily declined. Last year, for example, Word, Excel and PowerPoint exploits accounted for approximately 51% of attacks aimed at specific individuals or organizations. In 2008, exploits of those three Microsoft Office applications made up 71% of all targeted attacks.

Word, Excel and PowerPoint accounted for only 39% of all attacks so far this year, F-Secure said.

Targeted attacks can be disastrous to victimized companies and organizations. Google, for instance, was one of scores of Western corporations hit late last year and early this year by targeted attacks thought to originate from China . In Google's case, the attacks, which exploited a then-unpatched bug in Internet Explorer 6 (IE6), made off with company secrets. Intel was also attacked in January, but the chip maker has denied any connection between what hit its network and the Google-China attacks.

Earlier this week, the U.S. Federal Deposit Insurance Corporation (FDIC) said that hackers stole more than $120 million in just three months from small businesses' banking accounts, in some cases using malware carried by targeted attacks.

Adobe said it wasn't surprised at F-Secure's data. "Given the relative ubiquity and cross-platform reach of many of our products, Adobe has attracted -- and will likely continue to attract -- increasing attention from attackers," said spokeswoman Wiebke Lips in an e-mail.

She also urged users to update to the newest versions of Reader and other Adobe products. "The majority of attacks we are seeing are exploiting software installations that are not up-to-date on the latest security updates," she said.

F-Secure and Microsoft echoed Lips' recommendation, as both have discovered in-the-wild attacks exploiting a vulnerability Adobe patched less than a month ago.

On Feb. 16, Adobe issued an emergency update for Reader and Acrobat to patch a pair of flaws, including one tagged as CVE-2010-0188 in the Common Vulnerabilities and Exposures (CVE) database. Microsoft reported that bug to Adobe via its Microsoft Vulnerability Research Program (MSVR), where the company's security researchers submit flaws they find in third-party software to the programs' makers.

F-Secure's claim that Reader leads the exploit pack isn't the first time that a security company has awarded Adobe dubious honors. Last month, ScanSafe of San Bruno, Calif. said that malicious PDF files comprised 80% of all exploits at the end of last year.

The most up-to-date editions of Adobe Reader, 9.3.1 and 8.2.1, can be downloaded using links on Adobe's security site .

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

I'm reading: Hackers love to exploit PDF bugs, says researcher

Find out more...

Online Computer Scan

If you are apprehensive regarding the competence of your current anti-virus software, do not fret. You can replace it with another one as long as you want but eventually you will grow tired of choosing which is really reliable. With that said, what would be a good alternative?

Online scanning has been around and while many don’t trust them, at least there is a separate device that can thoroughly check your computer and see if there are issues as far as viruses and malware is concerned. For sure, you will be getting reports on which files may need scrutiny. There will be definitely some high risk files, normally found in the cookies or temporary Internet folder, that can be detected.

Now comes the hard part. When they detect these malicious files, they can clean it as well. But before that happens, you have to pay them a hefty sum to do it. The scanning part is the freebie, it is the cleaning that will really cost you.

It is a familiar site we see from trialware software. Before you can enjoy the full protection, you have to register and pay for it. The same is the concept of online scanning services. Panda Software, McAfee, BitDefender and so on have been offering this service and they are surely better and safer.

Accuracy is not a problem. You can even see for yourself by basing the performance after it has been cleaned. You may be surprised to find that your computer operates faster than before.

I'm reading: Online Computer Scan

Find out more...

Catch a Network Worm

Worms and Trojans can make their way into local intranets fast if you don’t have a good firewall to protect your networking environment. Most of it originates from overlooked files like granting access to the Internet for specified users. But rest assured, unless you document and orient these people on potential risks, chances are the ones to whom you grant access will be the bane of your network security issues.

A worm can multiply fast if not contained immediately. For one, it can affect the whole network. So how do you go about it?

1. Unplug all the computers from the network. Cable disconnection would be a good start. If they are not connected, then there is no place for them to go. Depending on the number of workstations, you may have your work cut out for you. But at least it defeats the need to come and go from one workstation to the other once one is cleaned.

2. Scan the computers manually using a CD. As much as possible use a write-once optical disc. This way, if you find the worm or virus, you have it cornered. There is no place to hide nor go for them.

3. Restart and make a second check. Make sure everything is clean for one workstation. Do this for the rest of the computers that have been potentially affected.

This process requires a lot of patience. But it beats having to turn to the usual formatting and clean everything from scratch. It is indeed demoralizing, but the thing is, you just have to deal with it since better security policies need to be enforced on your end as far as users are concerned.

I'm reading: Catch a Network Worm

Find out more...

China search engine to be eliminated according to Google

Quoted on a latest study conducted, “a person familiar with the company’s thinking,” there is a 99.9 percent chance that Google will decide on cutting its ties with the China-based search engine.
The recent update from The Financial Times announces that the multi-national search technologies company is now finalizing its resolution with regards to shutting down the system of Google.cn. The reason for this is that there had been conflicts between Google and the Chinese authorities during their discussions.
The main concern, however, of the ministers of China was that the government wanted Google.cn to reduce the results coming out from searching through Google.cn. And, if Google does not comply with the said agreement, then the company will suffer the outcome of this ordeal.
Search engines results are now uncensored Google was hacked by some unknown Chinese thugs and a part of its intellectual property was stolen on January 12. Thus, this large internet company came up with the decision of stopping search results in China from being filtered. The following days will then be used for Google’s negotiations with the government regarding the functioning of the engine without censoring the search results as per the China law.

On-going discussions between Google and a number of Chinese ministries are already taking place as of the moment. And, as the meetings are being held, Google complies with the censorship agreed upon by the two parties. But then, as a consequence, distribution of the two Google Android phone in China market was delayed. Also, the company decided to disallow the Chinese users from utilizing the Google phone applications on the leading Android handsets.
Shutting down as the only option According to a statement made by Eric Schmidt during the earlier part of March, the final resolution will be announced as soon as possible. However, it will take a certain period of time before Google follows through with the cutting of ties. In addition to this, the company is still thinking of methods in order to secure its employees from the unfavorable charges that the Chinese government might hold against them.
Even though Google still desires to maintain their other ventures, the company dreads that there may come a time that the authorities will find ways in order to retaliate against them due to the shutting down of Google.cn.
Written on a blog post created on January 12, Google thought of no other ways but to cut off its ties with China by closing Google.cn and all of its other offices in the country. Eric Shcmidt, a CEO of Google, defended the fact that they had a successful business with China and shutting down the country-based search engine was not due to any other reasons except the censorship issue.

I'm reading: China search engine to be eliminated according to Google

Find out more...

Mariposa Botnet Malware Found On Vodafone HTC Magic

A pretty ballsy attack here. We’ve long been afraid of backdoors being added to vendor source code – be that OS or Firmware; in the form of an environmental variable, secret user accounts or even the more subtle route of intentional “bugs”. But a standard botnet worm spreading to PCs through phones “right out of the box”? Not very subtle as we can see from how quickly this was discovered and analyzed. Seems like just another vector for the Spanish botnet recently shut down and reported on in HNNCast. The real news here is that unlike P2P, USB and HTML links, THIS vector demonstrates the compromise of Vodafone deep enough inside to actually alter shipping product. What we DON’T know yet is whether this is related to a recent Vodafone website compromise, an unrelated Internet compromise, a physical break-in, an attacker getting “the right job” or what. We think this will become an interesting story as the details get filled in.

I'm reading: Mariposa Botnet Malware Found On Vodafone HTC Magic

Find out more...

Attention Bank Security folks: BIN Feed

The BIN (Bank Identification Number) Feed comprises a near-real-time list of bank accounts and credit cards that have been identified by Team Cymru as potentially compromised. This data comes from Team Cymru's unique insight into the Underground Economy. This service is provided to verified financial institutions at no cost to them.

The BIN Feed is provided through a secure web portal to vetted and verified financial institutions only. Data is carefully isolated, so that each financial institution can only view data on their own customers' potentially compromised accounts. Representatives of financial institutions may contact the Team Cymru Outreach Team at outreach@cymru.com with details of their BIN/IIN numbers to request access to this data. Please provide details of your institutional affiliation and allow time for us to verify and validate your request.

I'm reading: Attention Bank Security folks: BIN Feed

Find out more...

ICANN president criticized for remarks on DNS security

While speaking at the Government Advisory Committee meeting on Tuesday, Beckstrom said more concerted efforts are needed to protect the DNS because it is under more attacks, is fragile and vulnerable, and “can stop any time.”

In the session with the GAC and board members, Beckstrom addressed DNS abuse cases by some unspecified countries and promised to write to GAC members for more information and advice on DNS in their countries.

“The domain name system is under attack today as it has never been before. I have personally consulted with over 20 CEOs of the top registries and the top registrars globally, all of whom are seeing increasing attacks and complexity of attacks and who are extremely concerned,” Beckstrom said.


Chris Disspain, chairman of the Country Code Name Supporting Organization (ccNSO) council, took issue with the statement to the GAC, terming it “inflammatory” and capable of rolling back the gains made by ccTLD managers and government officials in relation to DNS security.

“Your inflammatory comments to governmental representatives regarding — in your view — the precarious state of the security of the DNS, have the potential to undermine the effective and productive relationships established under ICANN's multi-stakeholder model,” said Disspain. “This could cause great concern among governments regarding how elements of critical Internet resources are operated and managed in their countries.”

… Although Disspain admitted that Beckstrom has a responsibility to address those issues, he added that Beckstrom's statement discounted huge efforts made by the ICANN community to ensure DNS security and stability.

I'm reading: ICANN president criticized for remarks on DNS security

Find out more...

TJX Hacking Conspirator Gets 4 Years

Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.

Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers.

I'm reading: TJX Hacking Conspirator Gets 4 Years

Find out more...

How to catch a "Phish"

Phishing is a form of Social Engineering, involving the sending of legitimate looking emails aimed at fraudulently extracting sensitive information from recipients, usually to gain access to systems or for identity theft. This article discusses phishing in more detail, outlines some common characteristics of a phishing email and explains what to do if you receive one.

A common component of a phishing email is the presence of one or more hyperlinks within the body of the message. The email will usually be written in such a way to fool you into clicking the link, which will take you to a legitimate looking website, where you may be asked to part with sensitive company or personal information. Alternatively, the website may automatically download malicious software (malware) onto your computer.

Early phishing emails were simple to identify, as they were basic, full of irrelevant content and contained many grammatical and spelling errors. However, phishing emails sent today are often of the ‘Spear Phishing’ variety, which are specifically targeted at you individually. These spear phishing emails are difficult to catch as the content is contextually relevant, pertaining to organizations that you associate with, so appear extremely authentic.

Characteristics of a Phishing Email

Phishing emails commonly have one or more of the following characteristics:

• Sent from an unknown or untrusted sender
• Generically addressed (e.g. Dear valued customer…), rather than addressing you by name
• Unexpected or unsolicited content
• Contextually relevant content from unknown senders
• Content that appears to add legitimacy (e.g. an account number), but verification would prove otherwise
• Threatening action (e.g. your account will be disabled if you don’t do this…)
• Displayed link does not match the underlying hyperlink
• Expressions of urgency or immediate requests for action
• Requests for sensitive company or personal information
• Requests to upload or download data
• Spelling or grammatical errors

A well constructed, targeted phishing email is very difficult to spot and you must be alert and aware at all times.

Phishing Example

Here is an example phishing email sent from a fictitious bank that contains many of the characteristics mentioned previously. These telling characteristics are discussed in detail below.

1. This sender sounds official, but how can you be sure? Emails can appear to be sent from any address, so it is easy to fake something that looks official.
2. Notice the sense of urgency expressed in the subject. Apparently, it’s a final reminder. Do you remember receiving any previous emails on this subject?
3. This is rather generically and impersonally addressed for such an important subject. Why didn’t they explicitly address you by name?
4. The statement about not logging in for a while could well be true, lending to the legitimate appearance of the email. Do not be fooled by this tactic.
5. “We must to suspend your online account” – notice the grammatical error here
6. Facilty – spelling mistake. I think they mean facility. The same mistake is made throughout the email.
7. Request for sensitive information. Reputable banks or financial institutions will never request sensitive information by email.
8. Threat of account suspension adds weight to the sense of urgency and importance.
9. The URL in the email appears legitimate, but when you hold the mouse over it, you see that the actual hyperlink ends in ‘royaibank.com’ not ‘royalbank.com’ as stated
10. Another grammatical error. I think they meant to say ‘inconvenience’ rather than ‘convenience’.
11. Stating that the email has come from the security team is yet another tactic to appear legitimate.

Receiving a Phishing Email

As phishing emails are so common, you will almost certainly receive one at some point in the future. Treat any email asking for sensitive company or personal information as suspicious. If you suspect you may have received a phishing email:

• Do not click on any links or open any attachments in the email
• Try to verify the authenticity of the email, by phoning the sender
• If the email is requesting sensitive company information, report it to your company immediately

Lastly, if you think you may have fallen victim to a phishing attempt and provided sensitive information, report it immediately.

I'm reading: How to catch a "Phish"

Find out more...

Preventing the Spread of Malware

Malware is a term used to describe all types of malicious software. Malicious software includes, but is not limited to, Viruses, Trojans, Worms and Spyware. Malware is primarily designed to infiltrate systems and the information stored on them for criminal, commercial or destructive purposes. This article outlines common ways malware is spread, how to prevent a malware infection and what to do if you suspect your computer has been infected.

Malware varies greatly in both form and functionality. Some malware is used to steal information such as credit card numbers, identities or sensitive business information from the computer it infects. Other malware may take over your computer and use it for attacking other systems. Alternatively, the malware may just be malicious, with a sole purpose to destroy or corrupt information on your computer. Either way, prevention is better than cure, so it pays to understand how you can prevent malware from spreading to your computer.

How is Malware Spread?

Criminals continually come up with new and innovative ways to get malware onto your computer. Here are some of the more common ways in which malware is spread and the preventative measures you can take to stop this from happening.

Email
Malware is often present in email attachments, or can be automatically downloaded and installed on your computer when you click on links within emails.
- Be suspicious of all email attachments – even those sent from friends or co-workers. Scan all attachments for malware before opening them.
- Never open attachments or click on links in emails sent from unknown or untrusted senders.

Websites
Malware can be inadvertently downloaded from websites, or automatically downloaded when visiting some websites.
- Be suspicious of requests to download applications or to install ‘Add-Ons’, such as suspicious ActiveX components or strange media players.
- Never download or install software from unknown or untrusted websites.

Pop-Ups
A fairly new tactic to spread malware is through the use of cleverly disguised pop up adverts that appear as legitimate looking Windows alerts or messages.
- Never buy software in response to unexpected pop-up messages or emails.
- Be especially wary of hoax adverts that claim to have scanned your computer and detected malware.

Social Networking Sites
Malware is increasingly spread through social networking sites by installing dubious 3rd party add-on applications or by clicking on web links in messages. There is a false sense of security when using these sites, so you must remain vigilant at all times.
- Only install 3rd party social networking applications that are well known and trusted.
- Never click links in messages from unknown or untrusted contacts, and avoid clicking on message links sent from trusted contacts unless you are certain where it will lead you.

Software
Malware located in legitimate looking software is one of the most common ways it is spread. Peer to Peer software and cracked or pirate software (e.g. ‘warez’), often facilitates the spread of malware.
- Never install unauthorized, unlicensed or unapproved software on your computer.
- Be suspicious of all free software – ensure you read and understand the licensing terms and privacy policies before installing.

Computer Media
Malware can be easily spread through the shared use of computer storage media such as DVDs, CDs, and USB drives.
- Do not insert untrusted computer media into your computer.
- Always scan files stored on shared computer media for malware before copying or opening them.

Mobile Devices
Malware has been known to spread through mobile devices such as cell phones. As devices become more and more like mini computers, the threat of malware on these devices will increase.
- Never install unverified or unsigned software on your mobile device.
- Be alert of unsolicited text or other message requests for software installs or links to unknown or untrusted locations.

What Controls will Help me Prevent Malware?

Malware is a very real and constant threat to the security of information. Consequently, specific security controls can be put in place to help protect against malware. The following controls will help prevent malware from getting onto your computer.

Use Anti-Virus Software
- Install a good anti-virus and anti-spyware program and ensure it is activated. There are many good, free malware prevention programs that can be used such as Microsoft Security Essentials, Comodo Anti-Virus and AVG Free.
- Configure the software to perform daily updates in order to keep up to date with the latest virus definitions.

Update all Software
- Configure your Operating System is to automatically download and install all updates.
- Regularly check that all other software on your computer is updated with the latest security updates

Use a Firewall
- Install and activate a personal firewall on your computer.
- Ensure the firewall is configured to block all uninitiated incoming traffic.
- Do not simply allow every connection request – try to understand what is trying to connect through the firewall and disallow anything you don’t know or trust.

Do not use the Administrator Account
- Never use an administrative user account for your daily computing, as this will prevent malware from obtaining administrator rights on your PC and aid in limiting any potential damage caused.
- The default user account on Windows usually has local administrator rights and should not be used. Instead, create or use a different user account with basic user rights.

Pro-Actively Scan for Malware
- Scan all downloaded files, copied files or email attachments for malware before opening or running them.
- Perform regular (at least monthly) scans of your computer for viruses, spyware or any other malware infections.

Turn on Spam & Phishing Filters
- Ensure you have activated the Spam and Phishing filters for your email and your Internet browser.
- Delete all spam that gets through. Never reply to, or click the links in, suspected spam or phishing emails.

Turn on Pop-Up Blockers
- Ensure you have your Internet browser pop-up blocker turned on and only disable it for sites that you know and trust.

Help, I think I have a Virus!

You should continually monitor your computer for unusual or irregular behaviour. If you think your computer may have be infected with malware, you should do something about it immediately. Firstly, do not perform any further activities that involve the transmission of sensitive information (e.g. online shopping or banking), then follow the steps below to check, identify and fix malware infections.

• Update your anti-virus, anti-spyware and any other malware prevention software with the latest updates and definitions.
  (Note: some malware may prevent you from performing this first step).
• Disconnect your computer from the internet (i.e. unplug the network cable or turn off your wireless)
• Scan your computer for malware using your installed anti-virus, anti-spyware and adware programs
• If malware is detected, delete or clean the files in question
• Reboot the computer.
• Run a second scan for malware to ensure no further viruses are detected.
• Once you are certain the computer is clean, you can reconnect to the internet.

Follow the preventative measures outlined in this article to help ensure you do not get further malware.

I'm reading: Preventing the Spread of Malware

Find out more...

Using Bluetooth Securely

Bluetooth is a wireless technology that allows devices to connect and exchange information between them. Bluetooth has a number of benefits, such as making it easy to share files, convenient data synchronization and allowing for hands free communication. However, as a wireless networking technology, Bluetooth also carries a number of security threats that you need to be aware of. This article looks at some known Bluetooth threats and outlines measures for using Bluetooth securely.

Known Bluetooth Threats

Attacks against insecure Bluetooth devices can result in unauthorized access to sensitive company and personal information, and enable unauthorized use of compromised devices to gain access to the other systems and devices that they are connected to. Bluetooth enabled devices are susceptible to many security threats and some of these are listed below.

• Bluejacking, also known as Bluespamming, sends anonymous text messages or business cards to other Bluetooth devices within range of the attacker.

• Bluesnarfing allows a malicious attacker to access and copy information stored on a Bluetooth enabled device without the knowledge of the device owner.

• Bluebugging allows attackers to take full control of a device and access mobile phone commands via Bluetooth, allowing phone calls to be made, text messages to be sent and access to the data stored on the device.

• Bluesniping involves the use of a directional antenna (or aerial) to connect with and access the data on Bluetooth devices that are over half a mile away.

• Interception involves the use of a special Bluetooth device to interrupt paired device communication, request a re-pairing, then intercepting the re-pairing PIN to gain access to a device.

• Denial of Service (DoS) attacks send a flood of response requests to a specfic Bluetooth device, rendering the device inoperable and draining the device battery life.

This is by no means a complete list, Bluetooth devices are also susceptible to many other attacks including eavesdropping on phone call conversations and malware infections.

Using Bluetooth Securely

The following measures will help to ensure you use Bluetooth securely and help prevent your devices from becoming a target for attack.

Protect Your Device
- Install mobile security software on your Bluetooth device such as antivirus, firewall, anti-spam and device encryption and ensure all installed software has the latest security updates.
- This will help prevent, or reduce the impact of, known Bluetooth attacks and ensure that information stored on the device remains protected.

Turn Bluetooth Off
- Turn off the Bluetooth functionality when not in use.
- This will limit your exposure to potential attacks to only the periods when you are actively using Bluetooth.

Remain ‘Undiscoverable`
- Ensure the Bluetooth device is configured to be ‘undiscoverable’, ‘hidden’ or invisible.
- This will prevent the device from publicly broadcasting its Bluetooth device name or identifier for others to see and target for attack.

Change the Device Name
- Change the default name of the Bluetooth device to something anonymous and without meaning.
- By default, the name of the device usually identifies the model and type of device (e.g. Blackberry 8830), which could make it a target of attack.

Verify Transmissions Before Accepting
- Do not simply ‘accept’ transmissions such as messages, files and images from unknown or untrusted devices.
- These transmissions could contain malicious code that allow your device to be taken over, or allow the data stored on your device to be compromised.

Use Strong Pins
- Where possible, always use a strong pin when pairing devices and change the default pin on the device to something more secure.
- Pins should be random and at least 8 characters (where technically possible) to prevent guessing by malicious individuals.

Pair in Private
- Only pair/connect two devices together in a secure, private location indoors.
- This will help prevent attackers from listening in and obtaining your PIN, or intercepting pairing messages.

No Unknown Pairings
- Never pair/connect with unknown or untrusted devices and do not respond to messages requesting your PIN, unless you are certain the request is from a trusted device.
- This will ensure that your device is only paired with known and trusted devices.

Maintain your Pairings
- Remove all pairings for devices that have been lost or stolen and regularly check to ensure devices are only paired with current and known devices.
- This will prevent attackers from using a lost or stolen device to access the other Bluetooth devices that it was paired with. It will also ensure your device pairings stay current and you are made aware of any unauthorised pairings.

Encrypt Communication
- Ensure sensitive information transmissions over Bluetooth, such as connections to company networks, are encrypted.
- This will ensure that the transmitted information is protected and unreadable to unauthorized individuals.

Walk Away
- If your device is behaving strangely and you suspect that someone may be attacking your device, simply walk away or turn off the Bluetooth function.
- Be alert when openly using Bluetooth in public, looking out for any suspicious activity, as your device could be a target.

I'm reading: Using Bluetooth Securely

Find out more...

Preventing and Limiting Spam Email

Spam is unsolicited email sent in bulk to many individuals, usually for commercial gain, but increasingly for spreading malware. It is one of the great annoyances when using email and affects everyone. This article outlines measures to help prevent spam from occurring and to help limit the amount of spam you receive.

Whilst it is pretty much impossible to prevent spam altogether, the amount of spam you receive is directly related to how you handle your activities online and who you share your email address with.


Don’t Post Addresses Online
- Never post email addresses online such as in message boards, forums or on websites for all to see. Spammers (and Phishers) have automated processes that can ‘harvest’ these. If you must post it, then disguise the format (e.g. john.smithATgmailDOTcom).
- If you receive a lot of spam, a web search for your email address may reveal whether it is posted anywhere online and you can remove it.

Avoid Common, Guessable Formats
- The more complicated your email address, the less likely it will become a target for spam. Spammers use software that trys to guess email addresses and a commonly used format such as firstname.surname@company.com will be a greater target of attack than firstname1_surname1@company.com.
- Obviously, the trade-off is that your email address will not be quite as memorable or look as nice.

Sharing of Addresses
- The more you share your email address, the more spam you will receive, it is that simple.
- Never share your primary personal or work email addresses with those you don’t know or trust.


Use ‘Disposable’ Addresses
- Many stores and online services request email addresses for things like account registration, mailing lists and discounts. Set up an email address specifically for these cases, so you do not have to use your primary personal or work email address.
- When spam becomes an issue for this additional email address, simply dispose of it and set up a new one. Services such as Gmail allow you to check and send from different email addresses in one place, facilitating easy management of multiple addresses.

No Email Based Screen Names
- If you participate in message boards, chatrooms, Twitter or similar where you display an on-screen name, don’t use your email address before the @ sign as the screen name.
- Spammers will often take screen names and add common email endings such as @gmail.com, @yahoo.com and @hotmail.com, in order to guess legitimate email addresses.

Delete without Opening
- It is often obvious from the subject line that an email is spam.
- Simply add the sender to your spam filter and delete the email without even opening it. If you do not open it, there is no possibility of the spammer being informed that your email account is active.

Disable Automatic Content Downloads
- Automatically downloading images or other dynamic content in emails might make them look nice, but can reveal to the spammer that your email account is active.
- As a minimum, turn off automatic image downloads in your emails until you are sure the email is trusted and not spam or a phishing email. Specifying to read messages in plain text only will add a further level of security, as all dynamic content will be blocked from download.

Don’t Forward Spam
- Be wary of emails from anyone asking you to forward the email on, such as petition, chain or joke emails. By forwarding these emails, you are effectively spamming others.
- In addition, these emails are used by spammers to obtain legitimate email addresses for spamming, as they contain the email address of everyone who has forwarded the message along with the addresses of everyone each person forwarded it to.

Never Reply or Click the Links
- Clicking links, including the ubiquitous ‘unsubscribe’ link, in spam emails or replying to spam, will confirm to the spammer that your email account is active, resulting in more spam being received. It may also direct you to a website that contains malware.
- Never reply to spam and avoid clicking links in spam emails. Only click the ‘unsubscribe’ link for marketing emails you remember signing up for.

Never Purchase anything from Spam
- Don’t fall for products or services advertised in spam emails, no matter how good they may sound. If it sounds too good to be true, it usually is.
- Buying something advertised in spam only supports the case for spamming and will likely increase the amount of spam you receive, as the spammers now know you are willing to buy.

Avoid Opting In
- When purchasing or registering something online, there are usually one or more checkboxes allowing you to opt out of marketing communications or sharing of your information with other ‘partners’. If you opt in, you may be opting in to a lot of future spam.
- Always read the opt-out messages with care, as these are cleverly worded to get you to opt-in. Some of them require either selection or de-selection to opt out, whilst others require a mix of selection and de-selection to fully opt out!

Privacy Policies
- Always read the website’s privacy policy before purchasing products or registering your details for software or services online.
- Understand how your email address may be used and whether they can share or sell it to other third parties, who could be spammers.



Use a Spam filter
- Activate Phishing and Spam filters on your email account and in your Internet browser to help ensure you avoid receiving spam in the first place.
- Most reputable email service providers will have spam filters that you can turn on, some of which allow very granular policies to be set.



Report Spam
- Report spam that does slip through the net to your email service provider or your company, as applicable.
- This will add the sender to their spam filters, identify whether spam filter policies need to be updated and will block future spam from that sender appearing in your inbox again. Reporting spam can also result in the spammer being identified and criminally prosecuted.

Anti-Virus Software Updated
- Ensure your anti-virus software is kept up to date and download the latest signatures on a daily basis.
- A lot of malware is designed to access your email contacts and send spam or malware to them from your email account without you even realising.



If it all gets too much…
- Finally, if the amount of spam becomes too much to control, you may simply have to start again and obtain a new email address.
- Monitor the old email account in parallel to ensure that all legitimate contacts have your new email address, then delete the old one.

I'm reading: Preventing and Limiting Spam Email

Find out more...

Securing your Information with Free Security Software

Securing your computer and the information stored on it does not have to cost money. There are many reputable and free security solutions available that can help and this article list some of the best. Just because they are free, it does not mean they are no good. In fact many free security solutions are at least as good as, or even better than, their paid-for counterparts.

All of the software listed below is 100% free for unlimited personal use and some products are even free for commercial use. This means there are no trials or time limits for use and you will not be asked for your credit card. If you come across a sign-up page requesting credit card details, you are not signing up for the free version.

Avoid using download sites such as download.com to download any of the listed software and instead, download directly from the software vendor’s website. This is always best practice and will help ensure you are downloading a legitimate and trusted version of the software. The links provided in this article all link directly to the vendor websites and were all working at time of publication – please let me know of any dead links.

The software has been divided up into categories as follows:

* Security Updaters – Discover if any software is out of date or is missing security patches
* Malware Prevention & Detection – Prevent, detect & fix malware on your computer
* Firewalls – Block unauthorised connections and malware attacks with a good firewall
* Secure Internet Browsers – Ensure you have the latest Internet browsers installed
* File & Disk Encryption – Encrypt your sensitive personal or business information
* Email Encryption – Easily encrypt and/or digitally sign your sensitive emails
* Password Vaults – Never forget another password when you use a secure password vault
* Secure Online Backup – Backup your data securely off-site in case of disaster or disk failure
* VPN Software – Encrypt all your communications when using insecure public wireless networks
* Secure Deletion – Permanent, unrecoverable deletion of stored files.



Security Updaters

Windows Update
http://windowsupdate.microsoft.com/
Windows update comes bundled with Windows and you should ensure it is turned on and that you install all security updates and reboot when asked to do so. Clicking on the URL listed above will take you to the online version of Windows Update, allowing you to perform a scan of your computer and discover if any updates are missing. Note: Windows Update only checks for updates to Microsoft products.

FileHippo Update Checker
http://www.filehippo.com/updatechecker/
The Update Checker will scan your computer for some of the most commonly installed software, check the software versions and see if newer releases exist. These are then neatly displayed in your browser for you to download. It’s a quick solution that is easy to use.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
The Secunia PSI is a free security tool designed with the sole purpose of helping you secure your computer against vulnerabilities in programs. It checks all of the software installed on your PC for security updates and alerts you of any vulnerabilities or software upgrades. This solution is one of the best, but you must be logged in as an administrator for it to run.



Malware Prevention & Detection

Panda Cloud Antivirus
http://www.cloudantivirus.com/
Panda Cloud Antivirus offers free malware protection in a lightweight package with a fresh user interface. The advantage of this software is that is stays constantly updated (i.e. there is no need to download virus signatures) and the footprint is lightweight, that makes it good for a netbook.

AVG Free
http://free.avg.com/ww-en/download-avg-anti-virus-free-edition
AVG Free provides you with basic antivirus and antispyware protection for Windows

Microsoft Security Essentials
http://www.microsoft.com/Security_Essentials/
Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Avast! Home Edition
http://www.avast.com/eng/avast_4_home.html
Version 5 is scheduled for release in January 2010 offering Windows 7 compatibility and a new, improved interface.



Firewalls

Comodo Internet Security
http://www.comodo.com/home/internet-security/free-internet-security.php
Comodo Internet Security combines powerful antivirus protection, an enterprise class packet filtering firewall, and an advanced host intrusion prevention system. The firewall is consistently rated as the best available and can be installed as a standalone solution or together with the anti-virus protection.

ZoneAlarm Free Firewall
http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
ZoneAlarm Free Firewall detects and prevents intrusions, keeping your PC free from viruses that slow down performance, and spyware that steals your personal information, passwords, and financial data. ZoneAlarm is noted for its ease of use.

PC Tools Firewall Plus
http://www.pctools.com/firewall/
PC Tools Firewall Plus is another powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

Windows Firewall
Windows Firewall comes bundled with XP Service Pack 2, Vista and Windows 7. The firewall offers adequate inbound protection, but only basic outbound protection. The Windows 7 Firewall is an improvement over previous versions, although still does not offer the protection that a dedicated 3rd party firewall can offer.



Secure Internet Browsers

Internet Explorer 8 (IE8)
http://www.microsoft.com/windows/Internet-explorer/default.aspx
Internet Explorer version 8 offers a host of security updates and features over version 7 and below. If you use Internet Explorer as your browser of choice, then you should ensure you are running version 8. Note: IE8 comes with Windows 7 and is available as a download for all other Windows versions.

Mozilla Firefox 3.5
http://www.mozilla.com/en-US/firefox/ie.html
Firefox offers a viable, open-source alternative to Internet Explorer and offers a number of security features as well as a whole raft of installable plug-ins that let you extend the functionality of the browser. Being open-source, a world of security researchers get involved in fixing bugs and building stronger security features and the wide community of testers help to find and fix security issues very promptly.



File & Disk Encryption

TrueCrypt
http://truecrypt.org/
TrueCrypt is a free open-source encryption application for Windows 7/Vista/XP, Mac OS X, and Linux. It can create a virtual encrypted disk within a file and mount it as a real disk. It can encrypt an entire partition or storage device such as USB flash drive or hard drive. It can also encrypt a partition or drive where Windows is installed. Truecrypt is the best free encryption software available and is better than many paid solutions.

Comodo Disk Encryption
http://www.comodo.com/home/data-storage-encryption/disk-encryption.php
Comodo Disk Encryption software protects sensitive information by enabling encryption of any drive on your system. Comodo Disk Encryption works on the fly, so there’s no need to shut down or reboot the PC to encrypt your private data.



Email Encryption

Comodo Email Certificate
http://www.comodo.com/home/internet-security/free-email-certificate.php
Using a free Comodo email certificate means you’ll enjoy the same level of security as their commercial clients. This certificate will allow you digitally sign your email to ensure authenticity and integrity and will allow you to encrypt any of your emails to ensure they are sent securely. Comodo is the world’s second largest Certification Authority and their digital Certificates are fully trusted by 99 percent of email clients.



Password Vaults

Password Safe
http://passwordsafe.sourceforge.net/
Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single “Master Password” of your choice in order to unlock and access your entire user name/password list.

KeePass Password Safe
http://keepass.info/
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.



Secure Online Backup

Mozy Home Online Backup
http://mozy.com/home
Mozy, the trusted leader in online backup, saves you time and money with a simple, secure, and affordable backup solution. Enjoy peace of mind in knowing that your data is backed up, encrypted and stored in a safe, remote location. The first 2Gb of backup data is free for personal use.



VPN Software

Comodo TrustConnect
http://www.comodo.com/home/internet-security/wifi-security.php
Free TrustConnect URL: https://accounts.comodo.com/trustconnectfree/management/signup
TrustConnect makes surfing the web safe while at coffee shops, hotels, airports, libraries…anywhere you’re using the Internet, for both wired and wireless connections. It ensures that all communication between your computer and the internet is encrypted. Note: TrustConnect comes with Comodo Internet Security Pro, but is also offered for free by clicking the second link above.



Secure Deletion

Heidi Eraser
http://eraser.heidi.ie/
Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. The software erases files, folders and their previous deleted counterparts. An intuitive user interface and simple right-click deletion of any file on your PC make this a great tool.

Darik’s Boot and Nuke (DBAN)
http://www.dban.org/
Darik’s Boot and Nuke (”DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. This is a great tool to use if you are disposing of a hard drive or selling/donating a PC and want to ensure all of your data is removed beforehand.

I'm reading: Securing your Information with Free Security Software

Find out more...

Keep away from Fake Security Software

If there is one thing that a lot of people do but deny doing so, it is buying fake software. This is actually understandable if you think about it. Licensed software is just so expensive and with the way things are going financially right now, people are always looking for ways to save a dime here and there. And if you buy unlicensed software, you will definitely save more than a dime!

Then again, if you are talking about security software, I do not really think that it is such a good idea to buy fake software. After all, you are talking about staying safe here, and who knows where all that fake software comes from?

Microsoft has actually issued statements regarding fake security software. Naturally, many will be skeptical about the statements – it is from the largest software company in the world. Of course they will tell you to stay away from fake products, right?

But they do have a very valid point, one which we will all benefit from.


Canada.com has a report on this:

Fake computer security software, created by cyber criminals as smokescreens for viruses, is the No. 1 threat to computer security in Canada, software giant Microsoft said Wednesday in its latest biannual security report.

And experts blame hackers for playing on people’s fears of infectious malicious software, such as the Conficker worm.

According to Microsoft’s report, rogue security software, also called scareware, was found in 5.9 million computers, a rise of 66 per cent in the last six months.

What should you do? Make sure you are buying 100% legit software.

“If you see a message pop up (from a website) no matter how dire it is don’t click on it because almost 100 per cent of the time that message is a fake message,” said Mohammad Akif.

“Norton, Symatec, Microsoft — none of these companies sell their software this way.”

I'm reading: Keep away from Fake Security Software

Find out more...

An Internet of Criminals

The world of cyber-crime has grown so much in these past few years due to the explosion of growth with respect to the number of internet users the world over. It has not only expanded on the side of normal people but on the side of cyber-criminals who now operate on their own networks, spanning the globe and ready to spread their products, malicious code that first scans the globe for weak points in the security net that we all put up to somewhat give us a sense of security from the ever-growing threat which is actually futile to some extent.


This was admitted by a renowned security expert who worked for one of the biggest security firms the world over for a new infection tends to be a game of cat-and-mouse that begins when a new threat is detected. The game begins with experts dissecting the captured malicious program and then they race to create a cure, much like the race to come up with a vaccine for the quickly spreading “swine-flu” virus that caught the human race off-guard. Once the malicious code is understood, a cure is issued and is swiftly sent out to allow the installedsecurity software to cope with the infection. By this time, the infection has already spread and the cure is not to reverse any damage already done but to halt the spread and prevent infection of still un-hit computers.
Meanwhile, the cure the anti-virus programmers are not always perfect, so it can be considered a first response which may not fully contain the situation. This is where people make the biggest mistake in theirsecurity platform, that the programs they have installed are there to protect and prevent whilst the truth cannot be farther from the truth for the infection has already been active, way before it was detected. The follow-upsecurity updates to security software makes the necessary adjustments enough to cope with the spread, halting it in it’s track, hopefully. The false security we feel works only if the threat is known which is true for variants of already known threats. New viruses are only known as much as the programmers who race to find a cure for it can work.
The internet of criminals is here and is currently working, ready to exploit the latest security flaw left un-patched by the millions of developers the world over. The threat is real and the well publicized closure of an identified malware spreading site and the arrest and conviction of a bot net creator/manager is only the tip of the iceberg. Even the experts know of this which makes knowledge the key to surviving the internet and the malware it brings to our doors. Our saying that security software is quite futile doesn’t say it is totally useless, but rather to provide us with better chances of surviving the problems we face each day. having security software is only effective against known threats but at least it’s a start.
The internet will never be truly a safe place for any of us mere humans who are becoming victims of the technology we ourselves have created. Havingsecurity is a start, but knowing what to do and to help make the better world by reporting malware sites and spam is another little way we can all help each other, to survive the monster and friend we all use everyday, the monster that is the internet that brings harm to our desktops each and every minute of the connected day.

I'm reading: An Internet of Criminals

Find out more...

Google Chrome More Secure

From Internet Explorer to Mozilla Firefox to Google Chrome – that’s the path that many computer users have followed in the past years. Personally, I have stuck to Mozilla but I do use Chrome every now and then when I want things to go much faster. But did you know that Google’s streamlined browser has its share ofsecurity issues as well?

This is not really that surprising. After all, most any product you see in the market will be exploited by those who want to do so. In any case, Google has come out with updates to their browser, making it more secure for us users.

The most recent update for Google Chrome fixes some issues on how the browser handles Javascript and XML. For the Javascript engine, the fix makes sure that an infected web site will not allow malicious Javascript to run arbitrary code. You and I know very well that the phrase “run arbitrary code” simply translates to “install malware.” With this problem supposedly fixed, Chrome is definitely safer.

Another fix deals with the possibility of a web page using XML to, again, run arbitrary code. This happens when the malicious XML crashes a Chrome tab.

Last, the Chrome update will not allow you to connect to “HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms.” The reason for this is that these algorithms are prone to hacking and that it is relatively easy to pose as a fake HTTPS site.

For more detailed info, read it from Google’s own blog.

I'm reading: Google Chrome More Secure

Find out more...

Scan your storage devices before use them

Viruses and malware issues are far from being a thing of the past. On the contrary, they seem to grow large by numbers as each day passes. Thus the works of security software companies have their work cut out for them. There is not definite date to which such threats and intrusions would wholly be resolved.

Scanning Protocol

For the time being, it would be advisable for people to scan third party storage devices such as diskettes, USB drives and mobile storages to be safe and sound. These wandering viruses can attack at any time and this is a fact anywhere computer related materials are concerned.

Files can go as far as infecting the executable files, hence document, excel and compiled scripts are baits for immediate infection and malicious intrusions. Software applications also have their limits as their development teams cater only to a specific genre for known harmful files. But it is better to lower the risk of intrusion than not having protection at all.

I'm reading: Scan your storage devices before use them

Find out more...

To-Do List for better protect your digital data

This is a small but important to-do list you should know and learn:

Piggybacking:
Gaining access to a restricted communications channel by using the session another user already established. Piggybacking can be defeated by logging out before leaving a workstation or terminal or by initiating a protected mode, such as via a screensaver, that requires re-authentication before access can be resumed

• Secure your sensitive information not on local drives, use network storage devices

• Secure your sensitive information using strong and approved encryption

• Watch out for your mobile devices, laptops, black berry devices and so on - don't forget to lock them or used by unauthorized persons

• Lock your computer every time you walk away from your computer, in schools or offices

• Be discrete with sensitive print jobs - use printers that allow PIN as a matter of security

• Eavesdropping - discuss sensitive information only in secure areas

• Phishing - Also known as brand spoofing and carding. A popular Internet e-mail scam that involves unsolicited e-mail (i.e., spam) contact in which the scam artist attempts to gain valuable information from the 0 90 180 270 360 0 90 180 270 360 target by gaining that person's confidence through various social engineering techniques and technical subterfuge. The term phishing was coined in the 1996 timeframe by crackers (malicious computer hackers) to describe the process of fishing for suckers by using some sort of lure or bait. (Hackers commonly replace f with ph, phor reasons that are entirely unphathomable to the rest of us.) Phishing commonly involves phony e-mails from banks, credit card companies, e-tailers, insurance companies, mortgage brokers, or other financial institutions warning that your account has been subjected to fraud or perhaps that your credit card is due to expire, and that you must confirm certain information such as an account number and password, or perhaps your social security number. The mail includes a hyperlink to a phony website that quite closely matches the legitimate website. If the scam is successful, the unsuspecting target clicks on the link and divulges information necessary for the scam artist to perhaps wipe out a bank account, max out a credit card, or even steal a person's identity, incur extraordinary debts in his name, and generally ruin his credit

• Delete suspicious emails

• Don't open email attachments from senders you don't know

• Protect electronic media and devices with authentication, encryption, digital signatures, digital certificates and always have backup plan.

I'm reading: To-Do List for better protect your digital data

Find out more...

Cyber Attacks on Websites of Governament - funny for some people?

Recently Estonia has been subject to massive cyber attacks on Web sites of the government, banks, telecommunications companies, Internet service providers and news organizations.

What is your personal attitude to hackers? Do they do it for fun? Do they do it for money? Or other motives?

This guy said: "A hacker is a sort of Google...a very smart man.." yes indeed...
The fact is that nowadays many kids, around the world, do or at least try to hacking just for fun or just to prove that they can do harm and they are smarter than the inventors of computer security...

I'm reading: Cyber Attacks on Websites of Governament - funny for some people?

Find out more...

The Future of IDSs

Although the system audit function that represents the original vision of IDSs has been a formal discipline for almost fifty years, the IDS research field is still young, with most research dating to the 1980s and 1990s. Furthermore, the wide-scale commercial use of
IDSs did not start until the mid-1990s.
However, the Intrusion Detection and Vulnerability Assessment market has grown into a significant commercial presence. Technology market analysts predict continued growth in the demand for IDS and other network security products and services for the foreseeable
future (with IDS product sales projected to reach $978 million by 2003.)

Even while the IDS research field is maturing, commercial IDSs are still in their formative
years. Some commercial IDSs have received negative publicity due to their large number
of false alarms, awkward control and reporting interfaces, overwhelming numbers of attack
reports, lack of scalability, and lack of integration with enterprise network management
systems. However, the strong commercial demand for IDSs will increase the likelihood that
these problems will be successfully addressed in the near future.
We anticipate that the improvement over time in quality of performance of IDS products
will likely parallel that of anti-virus software. Early anti-virus software created false alarms
on many normal user actions and did not detect all known viruses. However, over the past
decade, anti-virus software has progressed to its current state, in which it is transparent to
users, yet so effective that few doubt its effectiveness.
Furthermore, it is very likely that certain IDS capabilities will become core capabilities of
network infrastructure (such as routers, bridges and switches) and operating systems. In this
case, the IDS product market will be able to better focus its attention on resolving some of
the pressing issues associated with the scalability and manageability of IDS products.
There are other trends in computing that we believe will affect the form and function of
IDS products including the move to appliance-based IDSs. It is also likely that certain IDS
pattern-matching capabilities will move to hardware in order to increase bandwidth.
Finally, the entry of insurance and other classic commercial risk management measures to
the network security arena will drive enhanced IDS requirements for investigative support
and features.

Conclusion
IDSs are here to stay, with billion dollar firms supporting the development of commercial
security products and driving hundreds of millions in annual sales. However, they remain
difficult to configure and operate and often can’t be effectively used by the very novice
security personnel who need to benefit from them most. Due to the nationwide shortage of
experienced security experts, many novices are assigned to deal with the IDSs that protect
our nation’s computer systems and networks. Our intention, in writing this document, is to
help those who would take on this task.
We hope that this publication, in providing actionable information and advice on the topics,
serves to acquaint novices with the world of IDSs and computer attacks. The information
provided in this bulletin is by no means complete and we recommend further reading and
formal training before one takes on the task of configuring and using an intrusion detection
system.

I'm reading: The Future of IDSs

Find out more...