|
HomeSecurity-In The Home
|
|
|
Tips and Info concerning the secure use of the internet.
More Than 40 Percent Of U.K. Users Say They Have
Been Fraud Victims
44 percent of respondents said they have suffered from bank or credit
card fraud, and 42 percent have had their identity stolen. The average amount
stolen was nearly $3,000 per person, and 37 percent did not get their money back
from the bank.
http://darkreading.com/shared/printableArticle.jhtml?articleID=224600470
Do you get e-mail rage?
We hold our breath while cranking out e-mails and doctors confirmed their
suspicions. When we hold our breath, the brain is momentarily oxygen deprived
and hits the flight or fight response, fueling a more emotional reaction to the
words shooting out of our fingers. What can seem like innocent or understandable
venting can cost you your job, damage your reputation and crater your chances
for promotion… 26 percent of the nearly 600 companies said they'd fired an
employee for e-mail misuse.
http://www.cnn.com/2010/LIVING/worklife/05/03/cb.got.email.rage/index.html?hpt=Sbin
WORTH REPEATING
Google said that between January 2009 and the end of January 2010, its
malware detection infrastructure found some 11,000 malicious or hacked Web pages
that attempted to foist fake anti-virus on visitors.
http://krebsonsecurity.com/2010/04/fake-anti-virus-peddlers-outmaneuvering-legitimate-av/#more-2701 WORTH REPEATING If you suspect your bank account has been compromised or spot any activity you have not authorized, follow these guidelines; - Notify your bank and credit card companies immediately - Close all affected accounts - Notify the major credit reporting agencies - File a report with the Garda Síochána
Security experts warns firms that lower risk flaws are higher risk
Security experts have warned businesses that hackers
are moving their focus on flaws designated as high risk by software vendors to
flaws normally seen as lower risks. "…they're not going for the normal high risk
flaws, they're going for the medium risk ones. In the patch management cycle,
the medium risk flaws [considered lower risk] are been patched later." That
delay in patching is also being exacerbated by hackers combining the lower risk
flaws to create so-called blended threats… By combining two lower risk
flaws, hackers can cause high risk threats to an organisation.
http://www.v3.co.uk/computing/news/2259522/security-experts-warns-firms
Password reset questions dead easy to guess Hackers stand a one in 80 chance of guessing common security questions such as someone’s mother’s maiden name or their first school within three attempts. …Online research about a subject or a pre-existing relationship makes the chances of figuring out the answer to password reset questions still easier.
http://www.theregister.co.uk/2010/03/11/password_reset_insecurity/
Securing Wireless Networks
It is possible for attackers who are within range to hijack or intercept
an unprotected connection. … Most network devices, including wireless
access points, are pre-configured with default administrator passwords to
simplify setup. These default passwords are easily found online, so they don't
provide any protection. Changing default passwords makes it harder for attackers
to take control of the device…
http://www.us-cert.gov/cas/tips/ST05-003.html
File sharing networks open door to identity theft
Cyber thieves are targeting their newest identity victims through the use
of file-sharing networks. Consumers and their family members need to be wary
about with whom they share music, photos or documents online because criminals
could be downloading the information stored on personal computers, including
Social Security numbers, home addresses and even health information. Users of
file-sharing networks can inadvertently expose the contents of entire hard
drives containing personal information to others on the network.
http://www.net-security.org/secworld.php?id=9005
WORTH REPEATING
What is worth mentioning again, and again, and again, is the importance
of applying patches and updates in a timely manner, employing anti-malware
security software and keeping it up to date to detect current threats, and
continuing to educate users to not click on links or open attachments in
messages.
Patchy Windows patching leaves users insecure Windows users need to patch their systems an average of every five days to stay ahead of security vulnerabilities, according to a study this week. …the average home user needs an average of 75 patches from 22 different vendors to be fully secure. The complexity of patching means that most users are not even in the race, meaning that hackers hoping to exploit software vulnerabilities to infect vulnerable systems stay well ahead of the game.
http://www.theregister.co.uk/2010/03/07/windows_patching_pain/
It's official: Adobe Reader is world's most-exploited app
Adobe's ubiquitous Reader application has replaced Microsoft Word as the
program that's most often targeted in malware campaigns… PowerPoint attacks
dropped from almost 17 percent in 2008 to less than five percent last year.
http://www.theregister.co.uk/2010/03/09/adobe_reader_attacks/
WORTH REPEATING
According to a study by research firm Gartner Group, 43 percent of
companies were immediately put out of business by a “major loss” of computer
records, and another 51 percent permanently closed their doors within two years
— leaving a mere six percent “survival” rate.
XP and Windows 2000: Time running out on support
Businesses using Windows XP will need to upgrade to Service Pack 3 (SP3) of the
operating system by July in order to continue receiving support from Microsoft.
Mystery/Secret Shopper Schemes
…applicants are requested to provide bank account information to have
money directly deposited into their accounts. The fraudster then has acquired
access to these victims' accounts and can withdraw money, which makes the
applicant a victim of identity theft. No legitimate mystery/secret shopper
program will send payment in advance and ask the employee to send a portion of
it back.
http://www.fbi.gov/cyberinvest/escams.htm
WORTH REPEATING
When you search for breaking news, be aware that attackers often publish links
faster than the legitimate media. Get in the habit of using Yahoo! News, Google
News, or another trusted service. Only news published by trusted media sources
are aggregated onto these services, unlike a regular search using your favorite
search engine.
http://www.sophos.com/blogs/chetw/g/2010/02/27/tsunami-blackhat-seo-attack/
Disasters are a boon to malware...
Whenever there is a big disaster people rush to the Internet to find the
latest news. But that can lead them into trouble because malware distributors
will quickly put up web pages related to that disaster, but containing malicious
code.
http://blogs.zdnet.com/Foremski/?p=1208&tag=content;col1
WORTH
REPEATING
Consider the smart phone. At any given moment, it - and therefore your
carrier - knows within a few feet exactly where you're standing. It knows when
you're stationary or walking - and the direction you're heading. It knows who
you stood next to on the transit bus, that you walked through Washington Square
today when a political rally took place. It knows what time you went to the
polls to vote. It can detect your conversations and background noises. It knows
where and when you took every photograph. And it watches your every text and
e-mail message. For better or worse, much of this information is being
monitored, crunched aggregated and analyzed.
http://blogs.computerworld.com/15618/is_your_iphone_a_snitch_or_a_tool_for_social_good
How To Identify Phishing Attacks
Web browsers and security software usually offer built in phishing
protection. These rely heavily on user submissions which means that they protect
well against known phishing sites and attacks but often fail when new phishing
attacks emerge.
http://loginhelper.com/login-security/identify-phishing-attacks/
The Phishing Flow Chart
Here is a handy phishing flow chart that can help inexperienced computer
users in analyzing potentially dangerous emails.
http://loginhelper.com/email/phishing-flow-chart/
WORTH
REPEATING
"Simply because a message appears to come from a friend doesn't mean the
recipient shouldn't question its validity. Think twice, ask questions, and don't
be so quick to click."
Four Signs of an Easy Victim on Social Networks
…
these social networks, by nature of how they work, make
it possible for criminals to cyber stalk potential victims. Users at risk for
this kind of attack might be a person who has access to something or somebody
that the criminal wants. You might be the executive assistant to a corporate
CEO, or a human resources representative who has access to all of your company's
employee files. You may not think anyone notices, but this makes you a desirable
target… (If you work for the government, you are a desirable target- editor)
http://www.csoonline.com/article/542913/Four_Signs_of_an_Easy_Victim_on_Social_Networks
If Your Password Is 123456, Just Make It HackMe
People favor simple passwords, despite Internet security scares like the
recent attacks on Google’s e-mail service.
http://www.nytimes.com/2010/01/21/technology/21password.html?th&emc=th
WORTH
REPEATING
Security experts say employee awareness and training are a crucial
defense. Often, malware infections are a result of high-tech twists on
old-fashioned cons. One scam, for example, involves small U.S.B. flash drives,
left in a company parking lot, adorned with the company logo. Curious employees
pick them up, put them in their computers and open what looks like an innocuous
document. In fact, once run, it is software that collects passwords and other
confidential information on a user’s computer and sends it to the attackers.
More advanced malware can allow an outsider to completely take over the PC and,
from there, explore a company’s network.
http://www.nytimes.com/2010/01/18/technology/internet/18defend.html
The Decade’s 10 Most Dastardly Cybercrimes
http://www.wired.com/threatlevel/2009/12/ye_cybercrimes/
Greatest security threats to education
http://www.net-security.org/secworld.php?id=8658
HOLIDAY SCAMS
Password Robbery Password theft is rampant during the holidays. Thieves use low-cost tools to uncover a person’s password and send out malware to record keystrokes, called keyloggers. Once criminals have access to one or more passwords, they gain vast access to consumers’ bank and credit card details and clean out accounts within minutes. They also commonly send out spam from a user’s account to their contacts.
http://www.foxnews.com/story/0,2933,576358,00.html
Job-Related E-mail Rip-offs Scammers are preying on desperate job-seekers, with the promise of high-paying jobs and work-from-home moneymaking opportunities. Once interested persons submit their information and pay a set-up fee, hackers steal their money instead of following through on the promised employment opportunity.
http://www.foxnews.com/story/0,2933,576358,00.html
Online Identity Theft As bargain hunters surf for deals using free wireless networks at the local cafe, hackers can spy on their activity and steal their personal information.
http://www.foxnews.com/story/0,2933,576358,00.html
The security nightmare formula
-
Easy-to-guess passwords and password reuse
-
Inconsistent patching
-
Getting too personal
-
Overdose of trust
-
Outdated virus protection
-
Not using available security products
-
“It won’t happen to me” syndrome
http://www.net-security.org/secworld.php?id=8602
WORTH
REPEATING
Beware of e-mails that appear to come from government e-mail addresses
that direct you to a file hosting websites such as rapidshare.com, zeropaid.com,
or sendspace.com. Legitimate government business is not conducted on these
websites, but Trojan horse viruses are. The five most frequent Holiday scams - Fake Holiday eCards: Don't recognize the sender? Delete it. If the email is not addressed to you specifically, delete it. If you're instructed to download an "executable program," delete it. - Fake Holiday Products: If you don't recognize a company, don't order anything from them until you're sure they really exist. - PayPal/eBay: Avoid following links that are provided for you in any email, especially if you are unsure of the sender. A frequent trick from spammers during the holidays is a link to a fake eBay or PayPal login page. Rather than follow links in emails, type it directly into your browser. - Bank Phishing: Banks will never ask for your personal information, or provide your personal information, in an email. Also, keep an eye out for poor spelling and grammar. If you are not specifically addressed in the email, delete it.
-
Letters from Santa:
Although a nice idea for the kids, do your research. There are
many fake companies out there. Check in with the Better Business
Bureau to confirm existing companies.
http://www.bsminfo.com/article.mvc/Tis-the-Season-For-Cyber-Crime-0001?VNETCOOKIE=NO
|
|
Send mail to
webmaster@aradag.ie with
questions or comments about this web site.
|