Tag Archive

Tag Archives for " Internet "

How cookies work in your browser.

Cookies may sound like they have something to do with delicious baked goods, but in terms of the Internet, they are simply small text files that allow a website to store information related to the user of the computer. These files are contained on the user’s computer, usually in the web browser’s folder.

The web browser itself will look for cookies in the computer folder specified for storing cookies. The browser will then open the file that is requested from a certain website, if one exists. If no cookie file exists, a new one will be created.

In addition, browsers regularly maintain cookies. Cookies also specify expiration dates. When these dates are reached, the browser will automatically delete the file from the computer.

Websites can also use cookies for statistical information, like tracking how many users visit the site, how many return, and which pages they visit. This is possible because websites can assign user IDs to computers, which are tracked using cookies. A counter in the cookie file can be set to increase every time the website is accessed by a computer with the same ID.

Cookies provide an easy way to customize and maintain the look of webpages to a user’s need, and it streamlines the services they provide. However, many people believe cookies may be a threat to personal security. While it is true that cookies collect a user’s information, they are not programs that can be run on the computer. Therefore, they are not viruses or any malicious programs that can read or erase information from a hard drive, and they will not cause pop-ups.

There are still drawbacks. Cookies can be intercepted as they are being relayed from website to computer. Recently a cookie exploitation called Firesheep, and allowed people to log on other users’ Facebook and Twitter accounts.

While people still debate whether the benefits of cookies outweigh the threats that they may pose, in the long run, cookies make the Internet more convenient and dynamic.

adapted via thetartan.org

  • 11/02/2010
  • IT

Seven Ways to fight Scare-Ware

Have you encountered this before: a pop-up pops and it looks like a window on your computer. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window mimicking your computers characteristics then tricking you into clicking on links. The scan tells you that a virus has infected your computer. And for low price of “$49.95” you can download software that magically appears just in time to save the day. If you not to  download and install the software, your computer goes crazy and pop-ups will invade you like bedbugs in New York City hotel.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents. The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their computer.  Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your computer, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

1. Use the most updated browser: Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser. Also keep Flash and Adobe Reader (Acrobat) up to date.

2. Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scare-ware.

3. If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.

4. Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

5. Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.

6. Install the most recent versions of anti-virus and keep it set to automatically update your virus definitions.

7.  Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Don’t click the little red X in the upper right corner. Alt-F4 should close the pop-up window, and if it does not, then Ctrl-Alt-Del and use the Task Manager to kill the whole IE/FF browser etc (including any other running copies)

adapted via finextra.com.

  • 10/29/2010
  • IT

Guard yourself from Firesheep and Wi-Fi snooping

The abundance of free/cheap and open Wi-Fi networks in restaurants, airports, offices and hotels is a great perk to the traveling user; it makes connectivity and remote access much easier than it used to be. But you need to be informed and understand the risks.

Unfortunately, most of those “Open” networks don’t employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that’s transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open.

Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be ‘sniffed’ by someone on the same network segment; that’s what Firesheep does automatically. With the cookie in hand, it’s simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites.

The solution

USE SSL/HTTPS only if the website supports it — is quite simple: after you connect, the site should keep your session secure using SSL or https. Some sites, including most banking sites, already do this. However, encryption requires more overhead and more server muscle, so many sites (Facebook, Twitter, etc.) only use it for the actual login. Gmail has an option to require https and has made it the default setting, but you should make sure that it’s enabled if you use Gmail (Google Apps has a similar feature). This also doesn’t necessarily help if you’re using an embedded browser in an iPhone or iPad app, where the URL is hard-coded.

Protecting yourself from Firesheep if you use Firefox or Chrome is possible with extensions like the EFF’s HTTPS Everywhere, Secure Sites or Force-TLS. These work by forcing a redirect to the secure version of a site, if it exists. The obvious problems with these solutions are: a) you have to install one for each browser (and we have not yet found one for Safari), and b) it only works if a secure version of the site exists.

Even better.

A) Don’t use open networks.
B) Use a SOCKS proxy and SSH tunnel.
C) Use a VPN.

adapted via tuaw.com

  • 10/26/2010
  • IT

The 2 Biggest Security Threats: ScareWare & You

Without a doubt the largest threat to the security of your computer and consequently your identity, and bank account is YOU, followed closely by ScareWare. The best firewalls and most effective antivirus won’t help a bit if you, the user, click on Rogue Security Software and fake warnings. Known also as Scareware, this thief is fooling you big time. When it knocks, do not open the door.

Every day we have people describing ScareWare that has taken over their system. They are unable to run their antivirus because they can’t get to the sites they need. The Rogue AntiVirus has hijacked their browser and will not let them near a site that could help. Not being able to access a site or download a removal program is the work of the infection. The user receives a warning, clicks on a link to download an update and BAM! They’re infected.

What Do I Look For?

Any warning or suggestion that you are somehow infected is to be treated as possible scareware. You can be casually surfing the web or simply working with a program on your system when these false warnings arrive. Don’t click on them. Just because they’re knocking, don’t let them in. The same is true for any popup suggesting you need to download the latest version of a program or video player. Treat them all as suspect.

Looking for security software? You better know the software your reviewing. Even something as simple as a Google search can produce the very Rogue you are trying to avoid. Just because it shows up in a Google search doesn’t mean it’s safe. If you don’t know it, don’t let it in the door.

How Does It Hurt Me?

The most obvious damage but also the least troublesome, is that it prevents you from using your computer. It wastes your time looking for a way to rid yourself of the pest and get where you want to go. Consider yourself lucky if you realize you are infected and are successful removing it.

The next obvious damage is a little more frightening. It simply steals your money by duping you into buying the rogue program. Your immediate monetary loss may only be a few bucks but do you really think that is the end of it? Do you really want your credit card in the hands of people who duped you to begin with? Do you think they will keep your information safe? Just the thought of it is enough to make me shiver.

adapted via PCpitstop.com

  • 08/25/2010
  • IT

How can I know if my computer is infected?

Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.While many of today’s threats are designed specifically to go undetected, there are still some tell-tale signs that a system has been compromised.

9 signs of infection

1. Your computer is running extremely slowly. This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

2. Your applications won’t start. How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. As in the previous case, this could be another type of problem, but at the very least it’s a symptom that tells you that something is wrong.

3. Your computer speaks to you. There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection… This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus (also called “rogueware”).

4. You cannot connect to the Internet or it runs very slowly. Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it practically impossible to use the Internet.

5. When you connect to the Internet, all types of windows open or the browser displays pages you have not requested. This is another certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation.

6. Your files are gone. Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information, to move documents from one place to another- If you find yourself in this situation, you really ought to start worrying.

7. Your antivirus has disappeared, my firewall is disabled. Another typical characteristic of many threats is that they disable security systems installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

8. Your library files for running games, programs, etc. have disappeared from your computer. Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

9. Your computer has gone crazy… literally. If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own – your system could be compromised by malware.

adapted via PandaLabs

  • 08/24/2010
  • IT

9 Dangerous Things You Can Do Online

Below are 9 potentially dangerous things, and what you can to do to make doing them safer.

1. Checking the “Keep me signed in” box on public PCs

How to protect yourself:

  • NEVER, ever, check the “keep me signed in” box if you’re not using your personal laptop or home desktop
  • Be careful with work computers. Your office PC might feel “yours” but others can easily snoop when you’re away from your desk. They could do something as simple as forward all your messages to their own private email account
  • If you just signed IN to Google, eBay, Amazon or other site from a public PC, make sure to sign OFF once you’re done
  • Delete your browser history from the browser tools when completed to protect your privacy
  • Using your browser’s privacy mode while browsing prevents information such as the websites you visited from being stored. Internet Explorer 8 calls it “InPrivate Browsing” and Google Chrome calls it a “New incognito window”
  • Never save passwords even when prompted to do so by your browser because someone else using your computer later would have access to your accounts

2. Failing to update Microsoft Windows OS /Java / Adobe Reader / Adobe Flash

How to protect yourself:

  • Java / Adobe Reader / Adobe Flash are responsible for an astounding number of PC infections due to security exploits. The best way to avoid becoming a target is to update all three pieces of software as often as you can. Flash will prompt you automatically, but you can tell Java to search for updates daily, instead of bi-monthly. Sign in for automatic updates with Adobe Reader as well
  • Make sure to update your windows operating system. One way to do this is to set your windows updates to install automatically. This will reduce your exposure to hackers exploiting vulnerabilities in the windows operating system

3. Searching for celebrity gossip, incriminating material (i.e. sex tapes)

How to protect yourself:

  • This one is a no-brainer. Always be cautious while accessing this material. Malware authors know that people naturally gravitate towards the sex/celebrity combo, so new attacks are targeted specifically towards this crowd
  • If you must, search for your news on Google News, Bing News or other aggregator. These services do a basic triage of sites, so chances are you’ll be kept from reaching infected blogs/web pages
  • When searching on Google use https://www.google.com instead of the common http://www.google.com, which will send your search request through an encrypted SSL connection. CyberDefender has found that doing so reduces the risk of being infected from search results.

4. Using BitTorrent to download copyrighted music/software/film/TV shows

How to protect yourself:

  • Stick to official downloads/streams such as iTunes, Hulu and legitimate websites. Avoid torrent sites at all costs – even if legit (not malicious), some of the ads found in torrent sites could be compromised. Drive-by downloads are often found in compromised ads and can infect computers without any sort of user input. Visit site -> get infected automatically
  • Do not download pirated material
  • Do not download pirated material 🙂

5. Online gaming (free to play, social games on Facebook and beyond)

How to protect yourself:

  • Be careful when downloading free to play (F2P) clients. If the client software is malicious – or quality assurance happens to be spotty – you could be putting your PC at risk
  • Don’t give out your login information to strangers. In fact, don’t give out ANY kind of information, personal or not, to people you meet gaming. At the very least, you could have your virtual items stolen. At worst, you could lose real money
  • Avoid falling for the old “FarmVille Secrets” scam. You will either download a Trojan or expose your Facebook login info to criminals

6. Leaving Facebook privacy settings wide open, therefore exposing personal info to all

How to protect yourself:

  • Carefully review your privacy settings on Facebook. Err on the side of caution – don’t let “friends of friends” see your birthday, cell phone number, etc. All of these could be used in an attempt to impersonate you to credit cards, credit unions, etc
  • Only friends should have access to the more personal layer of information we all have. So choose your friends wisely – “serial friending” would expose you just as well

7. Connecting to unknown wireless networks

How to protect yourself:

  • In public places, like airports and hotels, be careful about logging into unknown (private) wireless networks. In a hotel for instance, be sure you choose the official one, not another in the neighborhood. Bad guys can eavesdrop as you use your computer, “imitating” a real, safe environment
  • Public settings for your laptop are a whole lot more secure – e.g. no file sharing, increased firewall settings, etc

8. Using the same password for every single online account

How to protect yourself:

  • It’s hard work to remember several different passwords, so no wonder some use the same password over and over again. But if that one password leaks out to cybercriminals, your entire online life is suddenly open to the world
  • Keep different passwords for different purposes. Keep email and social media passwords separate, for example
  • Certain browsers can also help with a “master password” that keeps a multitude of passwords in check. So even if you have different passwords for different services, you only have to remember the master password Using a tool (Roboform or Password Vault) for this purpose that encrypts password information and uses best practices to generate passwords is an even better idea

9. Trying to get a free iPad, PlayStation 3 or similar gadgets (scams/phishing)

How to protect yourself:

  • Oldie but goodie: there’s no such thing as a free lunch
  • If an online offer sounds too good to be true, it usually is
  • Avoid any kind of giveaway that’s not supported in a big way by a known brand, even if it happens to be an online brand (like Zappos, for example)
  • Keep a security suite fully updated, since most of them can catch phishing attempts resulting from this kind of scam
adapted via gizmodo.com

Searching for “Virus Removal” Tools Can Lead to an Even Worse Outcome

Many people tend to trust well known companies such as Google and Yahoo, but sometimes these search companies serve up some troubling links in their search results. There are many people who use these search sites to find out information about how to remove viruses, etc., but if a user types in “Security Tool Removal,” they are served up dangerous links that go to malicious websites. These websites can create even more of a security risk without the user even knowing.

All links in the SERP (Search Engine Results Page) that are marked red indicate that these sites are dangerous. The red indicator is from the WOT (Web of Trust) Firefox and Internet Explorer add-on. The WOT add-on shows you which websites you can trust for safe surfing, shopping and searching on the web.

When searching “Security Tool Removal” look at how many dangerous websites are marked red. The chances of someone clicking on one of those dangerous links are pretty good.

I encourage and recommend that you download the WOT add-on for Firefox and or Internet Explorer so that you know what links are marked dangerous preventing you from clicking on links that go to malicious websites.

Download the WOT plugin

  • 08/13/2010
  • IT

Free Wi-Fi – Worth the risk?

Wi-Fi has become virtually a staple in our technologically-enhanced lives. Its convenience increases productivity in countless industries, academics and even the family home. Retail establishments such as Panera Bread, McDonald’s and Barnes & Noble offer free Wi-Fi in their stores as an amenity to get customers to browse and buy their products. While “free Wi-Fi” might seem like a no-brainer, customers should keep in mind the inherent risks of free Wi-Fi.

What’s the Big Deal? It’s free
Since it’s free, most establishments do not use Wi-Fi encryption to secure their respective networks thus offering hackers a way to steal your usernames and passwords. Some explained the reason for using unencrypted 802.11g was to ensure maximum compatibility between communication devices.

A Hacker’s Hotspot
“Wardriving” is the idea of driving around town and looking for a Wi-Fi network that is unencrypted or has weak encryption and can be easily cracked. With zero or minimal security, a Wardriving Hacker can intercept, unscramble and figure out the information being sent between a customer’s laptop to the Wireless Access Point of an establishment. Another tactic that can easily swipe your login credentials is a Rogue Access Point. In this case, a hacker can set up a Wireless Access Point that imitates the true Access Point. If your notebook connects to this Rogue Access Point, you won’t see any difference as the hacker can duplicate the log-in screen with near 100% accuracy. This is like phishing, where you receive an alert email from your bank or credit card company asking you to click on their link and “verify” your account is okay by logging in.

What You Can Do
There are a few steps you can take to minimize the chance of your information getting stolen:

  1. Make sure your passwords are long and are fairly unique. Having “SMITH_1980” as one of your passwords wouldn’t be difficult to crack.
  2. Turn on you computers firewall and make sure your security software is up to date.
  3. When logging in, pay attention to the URL address along with any inconsistencies with the log-in page (i.e. spelling, inaccurate pictures).
  4. Check to make sure your laptop is connected to the correct Wi-Fi network and not to one with a questionable name.
  5. Access your banking and credit card accounts at home so as to minimize the chance of being a victim of financial identity theft.
  6. Speak to your employer’s IT department about a VPN connection. VPN stands for Virtual Private Network and allows you to connect to your company’s network in a secure way.

In Conclusion
 By knowing the risks associated with free Wi-Fi service, you can minimize the chance of a security breach and possible identity theft.

Adapted via Geeks.com

  • 08/12/2010
  • IT

Ways to Block Pop Ups

Pop ups and other intrusive types of advertising are now used to thrust an ad in your face that you have no choice but to at least acknowledge. Regardless of the nature of the ad, pop ups are a nuisance, and there are now many options available for keeping them off of your computer screen all together.


1. Internet Explorer 8 (Windows Users)
The pop up blocker is integrated into the browser and can be customized by browsing to the “Tools” tab at the top of the program. Like many pop up blocker applications, personal preferences can be set to allow/block pop ups from certain sites, as well as providing customization for how the user is alerted to the fact that a pop up has been blocked.

2. Other Web Browsers (Windows, Linux, and Mac users)
There are other choices for web browsers available, and many have included a pop up blocker long before Microsoft decided to include one with Internet Explorer. Since Mozilla Firefox browser was officially released on November 9th it has included a pop up blocker. Also, check out Google Chrome and Apple Safari.

3. Browser Tool Bars
Many  toolbars offer unique features intended to enhance the user’s web browsing experience in different ways, but they generally also include a pop up blocker. Although there are toolbars available from dozens of websites, Google and Yahoo are the two best available. The installation of these toolbars is quick and easy, and the most difficult part may be reading the fine print in the license agreements. Although these toolbars may do an excellent job blocking pop ups, they may also be retrieving data on your web surfing / search habits. If you feel a toolbar may be the right solution for you, stick with one from a trusted name, and just be sure to read the fine print. By the way we prefer the Google Toolbar.

4. Pop Up Blocker Software
Stand alone pop up blocking software is available from hundreds of different sources. With various interfaces, and prices ranging from free to $30 (and higher). The main drawback to this type of pop up blocking solution is that you now have another independent application running on your computer. Although they are generally not resource intensive, why run a program to do something that can be handled by one that is already running anyway? Additionally, with so many reliable solutions available to eliminate pop ups for free, spending money on one is hard to justify. We suggest you pick from options 1,2, or 3 above.

Final Words
Pop ups are a fact of life on the internet, but that does not mean you need to put up with them. Among the general solutions presented above, there are literally hundreds of options available for eliminating the clutter of pop up ads, allowing you to enjoy only the content you intended to see.

  • 08/09/2010
  • IT