Friday, May 29, 2009

The Word Hacked

The Scrap Value of a Hacked PC

Security Fix - Brian Krebs, May 26, 2009

Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use.

More here

I think that I understand why Brian Krebs used the word hacked in this blog post on Security fix.  He wanted to reach out to the public and especially to people who say, I don’t have anything on my computer that is of any value to a cyber-criminal.  To reach out to them with this very useful information, it is understandable that you must use basic terms.  Terms that anyone can relate to in order to gain knowledge.

The word hacked brings up the controversy of the word hacker or cracker to me.  My personal opinion is that you should call people by their name.  An example of this is that an Identity Thief steals identities.  An Identity Thief can be further categorized as a cyber-criminal, if they use a computer to commit the crime.  The word hacker is best described by Bruce Schneier in his book “Beyond Fear.”

Hackers are as old as curiosity, although the term itself is modern. Galileo was a hacker. Mme. Curie was one, too. Aristotle wasn't. (Aristotle had some theoretical proof that women had fewer teeth than men. A hacker would have simply counted his wife's teeth. A good hacker would have counted his wife's teeth without her knowing about it, while she was asleep. A good bad hacker might remove some of them, just to prove a point.)   Bruce Schneier

My husband had a great idea of getting out of Canada as fast as we could on way home from Alaska. His plan was to cut down to the United States from Calgary instead of Winnipeg. We came out in Montana and drove Highway 90 through Wyoming and South Dakota. I will never forget that leg of the journey because we ended up driving through Sturgis, South Dakota in August. I do not know anything about motorcycles , but to see that many Harleys in one location is a breathtaking event. The reason I mention this story was that the motorcycle enthusiasts that flock to Sturgis once a year come from all different professions and have had bad encounters with the media. This led me to realize that they could be compared to hackers in the sense that you cannot judge the entire group only by the ones that receive bad press.

I could name just as many good hackers as bad hackers, but understand that anyone can learn many valuable lessons from both of them.  This in itself is a double edged sword.  Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.  Douglas Adams

 

Posted by at No comments:

Thursday, May 28, 2009

Gmail - Enabling the HTTPS setting

I have been wanting to write about this for a while.  When you send an email without the encrypted settings set in Gmail, your email messages can be read in plain text during transit.  If you use web-based email it is better from a security or privacy perspective to use HTTPS (if it is available).  This point can be can be argued both ways, but the basis of Defense in Depth is that your use a layered approach and avoid a single point of failure. 

    Updated 29 April 2009

    If you sign in to Gmail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. We recommend selecting the 'Always use https' option in Gmail any time your network may be non-secure. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.

    -To enable this feature in Gmail:

    1. Sign in to Gmail.

    2. Click Settings at the top of any Gmail page.

    3. Set 'Browser Connection' to 'Always use https.'

    4. Click Save Changes.

    5. Reload Gmail.

        6. More here

      Please read the warnings and incompatibilities from the Gmail support page.  Number three of the steps above is under the General tab and located at the bottom of the page. 

      Posted by at 1 comment:

      Friday, May 22, 2009

      TechBite Highlights PC Pitstop

      TechBite Technology is Steve Bass's Weekly Newsletter.  I have read and enjoyed many of his PCWorld articles over the years.  This week he highlights PC Pitstop’s Full Tests  and other free tools.  If you are familiar with PC Pitstop, they are in the process of transitioning from the old Full Tests to OverDrive.  

      Free Super Sites and Tools to Test Your PC

      By Steve Bass, Newsletter #29, 20 May 2009

      Are you sure your PC's healthy? Think back to when you heard that kerchunk sound coming from your hard drive. Or the last time your Internet connection was down -- and I don't mean just suffering from the blues. My advice: Check inside your computer's case with these free diagnostic tools and see if anything's amiss before disaster strikes.

      -PC Pitstop: The Best of the Best

      There are lots of testing sites around, but if you want to visit just one site to test your PC, I'd recommend PC Pitstop.

      More here…..

      PC Pitstop has a great forum with friendly staff and members.  Even if you think that you cannot learn anything about computers, PC Pitstop is the place to go to learn.  If you encounter problems running OverDrive, this is their forum for help.  If you need help interpreting the results or have any questions about the test, go here.  They allow you to run the test anonymously, but if you wish to post in these forums or provide a TechExpress link you must be a registered member first.  

      This is from Steve’s Time Waster section. The video shows lighthouses in a very different light.

      http://stevebass.posterous.com/so-you-want-to-live-in-a-lighthouse

      You can subscribe to TechBite here.

      Posted by at No comments:

      Friday, May 15, 2009

      SpywareHammer – Social Media Security Forum

      SpywareHammer is a great new anti-spyware forum.  They went live in September 2008 and currently have over 2000 registered members.  The experts will happily assist you with malware removal and more.  They have HJT, Rootkit Removal, Hardware, and Software troubleshooting.  Bugbatter is an Administrator at SpywareHammer and a fellow Microsoft Consumer Security MVP.  She has created a dedicated forum for Social Media Security at SpywareHammer.   Her latest two posts highlighted Facebook and were from the article excerpts below. 

      New Websense Security Labs Research Finds Cybercriminals Imitating Social Networks to Spread Malware

      Fraudsters Create Hundreds of Thousands of Facebook Clones to Target Users at Work

      SAN DIEGO, CA, May 13, 2009 (MARKETWIRE via COMTEX News Network) -- Websense, Inc. (NASDAQ: WBSN) today released the results of new research conducted by Websense Security Labs that reveals a growing domain-name cloning trend among cybercriminals seeking to take advantage of the huge number of social networking users, particularly those using Facebook, MySpace and Twitter.

      Criminals are increasingly using domain names that include words like Facebook, MySpace and Twitter, with no official connection to the real sites, to trick unsuspecting visitors to visit fake Web sites and lure them to input sensitive information or download malicious code. In fact, Websense Security Labs research indicates that in a research sample taken from the Websense URL database, more than 200,000 phony copycat sites were found, all using the terms Facebook, MySpace or Twitter in their URLs. Examples similar to samples found include, unblock.facebookproxy.com, buy.viagra.twitter.1234.com or hotbabesofmyspace999.com (note these are just sample site names that are similar to the sites researchers found).

      Further research shows that the hackers are taking steps to create these cloned domains to circumvent security measures put in place by organizations to filter the original domain in a business setting. Many of the domains are proxy avoidance sites which are used to try to evade traditional Web filtering technology.

      More……

      and-

      The Inside Facebook Guide to Protecting Your Privacy on Facebook

      by Jessica Lee May 13th, 2009

      Now that everyone from family to colleagues are connecting on Facebook, how do you continue sharing freely while maintaining your privacy and reputation in the years to come?

      Facebook allows users to customize their privacy settings at a granular level, but a surprisingly low percentage of users actively manage their privacy settings. Many users who complain about the lack of privacy on Facebook aren’t even aware of the privacy configurations available to them. Below, Inside Facebook guides you through all the steps you need to know to protect your privacy on Facebook.

      More…..

      While these articles are about FaceBook, the discussions can cover any Social Media applications.  I will see a news article and go to post it only to find that Bugbatter has beaten me to it.  Keep up the great work!  Please feel free to register at SpywareHammer and comment, discuss any concerns, contribute your own lessons learned, or ask questions.

      Posted by at No comments:

      Sunday, May 3, 2009

      Microsoft Windows 7 Release Candidate

      I am very interested in Beta Testing.  The valuable lesson that I learned from Office 2007 Beta was that in no circumstances should you ever Beta Test anything on a computer that you are not ready to reformat before installing the final application.  Due to the availability of Windows 7 Release Candidate (RC) and the fact that it will be free for at least a year, I will definitely be testing it. 

      You can follow the Windows Springboard Series on Twitter (MSspringboard) and this is a link to the Featured Windows 7 Resources on Microsoft TechNet.  Just keep in mind that you are forewarned that the Windows 7 RC will expire June 1, 2010 and the bi-hourly shutdowns will begin on March 1, 2010.

      These are two interesting articles that relate to Windows 7 RC.

      Windows 7 setup secrets
      Ed Bott, May 1st, 2009

      On May 5, the general public will finally be allowed to download the official Windows 7 Release Candidate. It’s been up on BitTorrent networks for more than a week, and developers with MSDN or TechNet subscriptions have had access to it since early this morning. But those groups constitute a tiny fraction of the people who will be seeing the Windows 7 release candidate for the first time next week.


      For the benefit of the early adopters and those who patiently wait, I’ve been gathering information on the right and wrong ways to set up Windows 7. For the past week or so I’ve been installing and upgrading the RC code on a wide variety of systems—notebooks and desktops, with and without touch and tablet capabilities, with and without TV tuners and Blu-ray drives, as clean installs and upgrades, in x86 and x64 flavors, documenting the process.


      In this post, I want to share seven of the lessons I’ve learned along the way, including a few setup secrets that even some Windows experts don’t know about.


      Secret #1: Choose the right Setup option
      Secret #2: Start with a clean disk
      Secret #3: Back up your old drivers first
      Secret #4: Do a nondestructive clean install
      Secret #5: You need less disk space than you think
      Secret #6: Unblock the upgrade path for Windows 7 beta
      Secret #7: Unlock those extra editions

      More.........   here

      and

      Microsoft to give away free Windows 7 Release Candidate for a year
      Son Huynh, April 30th 2009


      On May 5th, general users will have access to an entire year of Microsoft's brand new operating system, Windows 7 RC, for free! It is already available to download for MSDN and TechNet subscribers. This version is only the Release Candidate and will expire June 1, 2010. The Release Candidate is merely the near finished product and is basically the final stage in testing. It's supposed to have all the features of the final version. We don't know when the final version will be released but rumors say it'll be either late 2009 or early 2010.


      A beta version of Windows 7 was released some time ago, and from using it for a short time, I can gather that it was much faster and more friendly than Windows Vista. Indeed for those of you who hated Vista, Windows 7 is Vista done right. Windows 7 boasts a lot of new features including a new taskbar, libraries, jump lists, etc. Windows 7 will also come packaged with the newest Internet Explorer (IE8).


      The biggest improvement with Windows 7 is the performance. It will no longer take 5-10 minutes to boot up your machine. Windows 7 now has a much faster startup time, beating out both Vista and XP. We will also see a new feature called Windows XP mode which lets you run native XP programs on your machine.
      People are saying good things about this Windows. Microsoft hopes it will make up for all the bad things about its previous version. I've heard news about IT developers leap-frogging Vista and going straight to 7 in their companies.

      More.... here

      Posted by at No comments:

      Saturday, May 2, 2009

      MVP Spotlight - Hosts File & Other Helpful Topics

      This is the Microsoft MVP Spotlight for Mike Burgess.

      Security MVP Offers Malware Protection

      Consumer Security MVP Mike Burgess's Hosts file continues to lead the fight against malware and security threats from around the world. The internet can be a harsh place to surf, but Mike’s Hosts file for Windows, can be used to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most web browser hijackers. This is accomplished by blocking the internet connection to malware sites.

      Currently, he has over 10,000 mailing list members, with 126 updates last year, and accolades from Pricelesswarehome.org, and the "Hype-Free" security blog. Mike's contribution towards Windows is a strong piece of armor in the constant fight for internet security.

      Learn more about how the Hosts file can protect Windows users by clicking here.

      http://www.mvps.org/winhelp2002/hosts.htm

      From URL: http://blogs.msdn.com/mvpawardprogram/archive/2009/04/30/security-mvp-offers-malware-protection.aspx

      What I thought was neat was that you can select from 11 different helpful topics with the drop down arrow (at the top of the page). This is just a small example  of what Mike Burgess has to offer, in addition to the invaluable information about the Hosts file.

      Security Issues for Windows and IE

      Practice Safe Hex!  - Browsing the Internet without protection is just plain foolish!

      It can't be stressed enough on how important it is to keep your system up-to-date. This not only involves Windows Update, but also all the other programs on your machine. The vast majority of user problems (hijacks, adware/spyware) I see are due to failure to keep Windows patched, and lack of a proper "Layer of Protection".

      -Preventing Vulnerabilities in Windows and Internet Explorer

      * Tighten the Settings in Internet Explorer

      * Do NOT run as Administrator or an account with Administrator privileges

      * Build a Layer of Protection - there are enough freeware products available on the Internet that there is no excuse for not having an adequate defense. Add an anti-spyware program that has "real-time" protection such as Microsoft's Windows Defender (freeware)

      More......

      From URL: http://www.mvps.org/winhelp2002/security.htm

      Posted by at No comments:
      Subscribe to: Posts (Atom)