Thursday, April 22, 2010

Phishing counter measures

Do not forget to turn on the phishing facility that comes with the IE 7.0 browser. Most of the users turn off this facility thinking this is reducing the performance. But this is actually protecting you from getting hooked on to malicious websites. Security comes with a small cost to pay but it is worth paying that .

Tuesday, April 20, 2010

Protecting yourself from Malicious Website-Based malware

Users when surfing the Internet bring malware into the home based networks. Email links are sent to the user to perform a client-side exploit and when clicked loads various types of malware on their systems. Install the latest security updates on a daily basis for all applications you use and keep your system free of any exploits.

Use antimalware tools from security vendors to defend yourself from these malwares. However, thse tools are only as good as the system they are protecting. A vulnerable or infected system will bring down the antimalware tool and prevent it from protecting the operating system from further infection. Upgrade your browser if you have not yet done so because today's browsers (Google chrome, Firefox,...)do warn you if the site you are visiting is a suspected malicious site.

Filter your HTTP traffic

Today 1 in 20 websites are malicious. You visit them and you are bound to download trojan or malicious software than can give control of your system and resources to bad guys. When choosing an antivirus verify if it supports filtering HTTP traffic to malicious sites. Also your keep your browsers which ever you use upto date with patches as the exploits in these browsers are most commonly used as an attack platform to gain control on the systems.

Spear phishing

The most deadly form of email exploits today are known as spear phishing or rock phishing. This is where the malware distributor or writer sends out a skillfully crafted email from either a forged address, which the user in the organization trusts, and/or from an organization known to the user.

Combat Email threats to protect your information

When checking mails in your inbox understanding them is the most important step towards protecting you from malware infections. You should enable view file extensions to check if these belong to any of the well known malware categories and are able to take control of your system. Ofcourse google is always there for searching if you suspect the files attached in your mails are malware.

Never open an executable file type from anyone unless you have requested that file, espeically since malware will typically come from someone you know. Anytime you would like to receive an exe or zip file, then request your friends or colleagues to rename the extension of the file and send it to you. Delete key is your best friend for suspicious attachments and mails. Don't think when you need to use it.

Always patch your systems and check for updates. Preferable would be to use systems that provide push updates rather than clients looking for updates. Windows update does look for updates when a machine is restarted or may be even logged in. Updates must be checked at least once in a day. I hardly know any softwares that provide push updates. Hope the major antimalware companies would shift to push updates rather than pull options.

Monday, April 19, 2010

Emails or Attachments

Don’t open emails or attachments from even trusted sources without truly vetting them by the trusted sender. Today you are the last line of defense.

Thursday, March 25, 2010

Malware file types you should be aware of

Malware authors want money, and the easiest way to get it is to steal it from you.

They lure you into clicking on different types of files infected by malware. You must not click on files which you do not trust is from a good source like executable, Microsoft office documents, Adobe pdfs or compressed zip files. These files could be delivered through no.of channels like social engineering through Instant messengers, peer to peer networks, enterprise network file sharing, USB devices.

Malwares are also delivered in the form of downloadable flash games, simple graphic design animations, powerpoint slides. If you don't execute these files your system will not be infected by malware.

Some familiar files that are being used as malware on windows platform are:

.exe, .pdf, .flv, .doc, .ppt, .xls, .bat

Wednesday, March 24, 2010

Protecting Home Network

If you have a Windows XP Service Pack 2 System then have your Firewall turned on to prevent any intruder from accessing your systems resources or services from Internet. Additionally you can also download the windows defender to protect your system from malware.

This also significantly reduces the entry of worms affecting your home network and systems.

Keep your systems updated with latest patches using the online Microsoft updates.

If you have a router that connects you to Internet then enable Firewall on the router, which builds another layer of security for your home network.

Have your wireless home network protected by using WPA instead of WEP which can be broken very easily. As an additional layer of security also enable the MAC address filtering on your Wireless router.

Friday, March 19, 2010

Identity Theft 911 Offers Tips for National Data Privacy Day

January 28, 2010 07:06 PM
PRNewswire

SCOTTSDALE, Ariz., Jan. 28 /PRNewswire/ --

WHAT: Consumers and businesses globally spend hours each day exploring the Internet for news, information, and communications purposes. Today's National Data Privacy Day serves as an important reminder that consumers need to protect their own personal information when accessing the World Wide Web and businesses need to safeguard the information which they are responsible for collecting and storing.

Identity Theft 911, a leader in identity theft services for businesses and consumers worldwide, offers the following tips to protect personal data and information:

1. Use credit cards for online purchases, not debit cards. Debit cards automatically deduct money from your bank account.
2. Only shop on secure sites. To see if a Web site is secure, look for "https" in the address bar. Also, there's usually a small yellow padlock logo at the right of your Web browser address bar.
3. Shopping Web sites have no reason to ask for your Social Security number, or passwords to your e-mail and bank accounts as part of the buying process. Never provide them.
4. Use different "strong" passwords (those that are more secure) for online retailers and your personal e-mail accounts. A strong password is composed of numbers, upper- and lower-case letters and symbols. For example, a password like "3Dogz$$!" is a better option than "1006."
5. Before purchasing anything on a Web site, read site reviews or blog comments by other people. Use sites such as Pricegrabber.com or Froogle.com (Google shopping) for comparing prices and to read users' reviews of the retail Web site.
6. Businesses should deploy a firewall that tracks network connections and application-level filters and firewalls that provide protection against Web-based attacks.
7. Develop a corporate security policy for every operational unit and perform annual security training of all employees.
8. Install central anti-virus software and anti-malware. Ensure that all hosts are receiving daily signature update.
9. Keep operating systems up-to-date, as well as installed applications with the latest security patches.
10. Be informed about network security trends. Security is not a product, but a process, and securing strategies are constantly changing.


WHO: Identity Theft 911 executives available for comment immediately include:

* Adam K. Levin, Chairman
* Matthew Cullina, Chief Executive Officer
* Eduard Goodman, Chief Privacy Officer
* Ondrej Krehel, Information Security Officer


ABOUT: Protecting more than 30 million Americans, Identity Theft 911 is a leader in identity management and identity theft remediation and resolution services to businesses and consumers on behalf of its 450 client institutions, as well as in comprehensive data breach preparedness (including incidence response plans), compliance, and notification and remediation services that are currently found in more than 150,000 businesses. Identity Theft 911 provides innovative, enterprise-level solutions and consumer education to Fortune 500 companies and emerging markets, many of America's largest insurance carriers, corporate benefit providers and a wide spectrum of other financial institutions, including banks and credit unions.

FOR PRESS INTERVIEWS:

* Andrew Worob, Ruder Finn, (212) 715-1536, woroba@ruderfinn.com
* Christopher Bacey, Identity Theft 911, (480) 316-0211, cbacey@identitytheft911.com


SOURCE Identity Theft 911

Thursday, March 11, 2010

A dedicated computer for your online banking

Something which i had read on SANs:

The American Bankers Association recommends using a dedicated computer
for online banking. Using a dedicated computer for your online banking transactions has become now more affordable as the prices of laptops have come down. With the arrival of nettops in the market it becomes more easy to own a system which can be used only for online usage.

But this system must be kept away from your kids, as kids are prone to clicking on here and there. This can be overcome by having the kids to use another system dedicated only for them and educate the kids on how to surf the web safely.

Tips:
* Keep your dedicated computer out of reach, or even better, under lock and key
* Set a strong password for the Administrator account
* Create a second account that has limited privileges and always use
this account for your online banking
* Contact your computer support provider for information about how to
add, remove and change user accounts
* Turn your dedicated computer off when not in use to help prevent
network-based intrusions
* Keep the operating system secure by applying patches and updates promptly
* Don't scrimp on security software; install a good-quality security
suite and keep it updated
* Never use a wireless connection for online banking
* Use a strong password for your online banking account, and do not use
that password anywhere else