Cookies may sound like they have something to do with delicious baked goods, but in terms of the Internet, they are simply small text files that allow a website to store information related to the user of the computer. These files are contained on the user’s computer, usually in the web browser’s folder.
The web browser itself will look for cookies in the computer folder specified for storing cookies. The browser will then open the file that is requested from a certain website, if one exists. If no cookie file exists, a new one will be created.
In addition, browsers regularly maintain cookies. Cookies also specify expiration dates. When these dates are reached, the browser will automatically delete the file from the computer.
Cookies provide an easy way to customize and maintain the look of webpages to a user’s need, and it streamlines the services they provide. However, many people believe cookies may be a threat to personal security. While it is true that cookies collect a user’s information, they are not programs that can be run on the computer. Therefore, they are not viruses or any malicious programs that can read or erase information from a hard drive, and they will not cause pop-ups.
There are still drawbacks. Cookies can be intercepted as they are being relayed from website to computer. Recently a cookie exploitation called Firesheep, and allowed people to log on other users’ Facebook and Twitter accounts.
While people still debate whether the benefits of cookies outweigh the threats that they may pose, in the long run, cookies make the Internet more convenient and dynamic.
adapted via thetartan.org
Have you encountered this before: a pop-up pops and it looks like a window on your computer. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window mimicking your computers characteristics then tricking you into clicking on links. The scan tells you that a virus has infected your computer. And for low price of “$49.95” you can download software that magically appears just in time to save the day. If you not to download and install the software, your computer goes crazy and pop-ups will invade you like bedbugs in New York City hotel.
Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents. The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their computer. Once connected remotely, the scammer can potentially retrieve documents to steal your identity.
Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.
The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your computer, or just junk software that does nothing of value.
What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.
1. Use the most updated browser: Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser. Also keep Flash and Adobe Reader (Acrobat) up to date.
2. Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scare-ware.
3. If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.
4. Never click links in pop-ups. If the pop-ups are out of your control, do a hard shutdown before you start clicking links.
5. Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.
6. Install the most recent versions of anti-virus and keep it set to automatically update your virus definitions.
7. Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Don’t click the little red X in the upper right corner. Alt-F4 should close the pop-up window, and if it does not, then Ctrl-Alt-Del and use the Task Manager to kill the whole IE/FF browser etc (including any other running copies)
adapted via finextra.com.
The abundance of free/cheap and open Wi-Fi networks in restaurants, airports, offices and hotels is a great perk to the traveling user; it makes connectivity and remote access much easier than it used to be. But you need to be informed and understand the risks.
Unfortunately, most of those “Open” networks don’t employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that’s transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open.
Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be ‘sniffed’ by someone on the same network segment; that’s what Firesheep does automatically. With the cookie in hand, it’s simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites.
USE SSL/HTTPS only if the website supports it — is quite simple: after you connect, the site should keep your session secure using SSL or https. Some sites, including most banking sites, already do this. However, encryption requires more overhead and more server muscle, so many sites (Facebook, Twitter, etc.) only use it for the actual login. Gmail has an option to require https and has made it the default setting, but you should make sure that it’s enabled if you use Gmail (Google Apps has a similar feature). This also doesn’t necessarily help if you’re using an embedded browser in an iPhone or iPad app, where the URL is hard-coded.
Protecting yourself from Firesheep if you use Firefox or Chrome is possible with extensions like the EFF’s HTTPS Everywhere, Secure Sites or Force-TLS. These work by forcing a redirect to the secure version of a site, if it exists. The obvious problems with these solutions are: a) you have to install one for each browser (and we have not yet found one for Safari), and b) it only works if a secure version of the site exists.
A) Don’t use open networks.
B) Use a SOCKS proxy and SSH tunnel.
C) Use a VPN.
adapted via tuaw.com
Without a doubt the largest threat to the security of your computer and consequently your identity, and bank account is YOU, followed closely by ScareWare. The best firewalls and most effective antivirus won’t help a bit if you, the user, click on Rogue Security Software and fake warnings. Known also as Scareware, this thief is fooling you big time. When it knocks, do not open the door.
Every day we have people describing ScareWare that has taken over their system. They are unable to run their antivirus because they can’t get to the sites they need. The Rogue AntiVirus has hijacked their browser and will not let them near a site that could help. Not being able to access a site or download a removal program is the work of the infection. The user receives a warning, clicks on a link to download an update and BAM! They’re infected.
What Do I Look For?
Any warning or suggestion that you are somehow infected is to be treated as possible scareware. You can be casually surfing the web or simply working with a program on your system when these false warnings arrive. Don’t click on them. Just because they’re knocking, don’t let them in. The same is true for any popup suggesting you need to download the latest version of a program or video player. Treat them all as suspect.
Looking for security software? You better know the software your reviewing. Even something as simple as a Google search can produce the very Rogue you are trying to avoid. Just because it shows up in a Google search doesn’t mean it’s safe. If you don’t know it, don’t let it in the door.
How Does It Hurt Me?
The most obvious damage but also the least troublesome, is that it prevents you from using your computer. It wastes your time looking for a way to rid yourself of the pest and get where you want to go. Consider yourself lucky if you realize you are infected and are successful removing it.
The next obvious damage is a little more frightening. It simply steals your money by duping you into buying the rogue program. Your immediate monetary loss may only be a few bucks but do you really think that is the end of it? Do you really want your credit card in the hands of people who duped you to begin with? Do you think they will keep your information safe? Just the thought of it is enough to make me shiver.
adapted via PCpitstop.com
Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.While many of today’s threats are designed specifically to go undetected, there are still some tell-tale signs that a system has been compromised.
9 signs of infection
1. Your computer is running extremely slowly. This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.
2. Your applications won’t start. How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. As in the previous case, this could be another type of problem, but at the very least it’s a symptom that tells you that something is wrong.
3. Your computer speaks to you. There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection… This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus (also called “rogueware”).
4. You cannot connect to the Internet or it runs very slowly. Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it practically impossible to use the Internet.
5. When you connect to the Internet, all types of windows open or the browser displays pages you have not requested. This is another certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation.
6. Your files are gone. Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information, to move documents from one place to another- If you find yourself in this situation, you really ought to start worrying.
7. Your antivirus has disappeared, my firewall is disabled. Another typical characteristic of many threats is that they disable security systems installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.
8. Your library files for running games, programs, etc. have disappeared from your computer. Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.
9. Your computer has gone crazy… literally. If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own – your system could be compromised by malware.
adapted via PandaLabs
How to protect yourself:
2. Failing to update Microsoft Windows OS /Java / Adobe Reader / Adobe Flash
How to protect yourself:
3. Searching for celebrity gossip, incriminating material (i.e. sex tapes)
How to protect yourself:
4. Using BitTorrent to download copyrighted music/software/film/TV shows
How to protect yourself:
5. Online gaming (free to play, social games on Facebook and beyond)
How to protect yourself:
6. Leaving Facebook privacy settings wide open, therefore exposing personal info to all
How to protect yourself:
7. Connecting to unknown wireless networks
How to protect yourself:
8. Using the same password for every single online account
How to protect yourself:
9. Trying to get a free iPad, PlayStation 3 or similar gadgets (scams/phishing)
How to protect yourself:
Many people tend to trust well known companies such as Google and Yahoo, but sometimes these search companies serve up some troubling links in their search results. There are many people who use these search sites to find out information about how to remove viruses, etc., but if a user types in “Security Tool Removal,” they are served up dangerous links that go to malicious websites. These websites can create even more of a security risk without the user even knowing.
All links in the SERP (Search Engine Results Page) that are marked red indicate that these sites are dangerous. The red indicator is from the WOT (Web of Trust) Firefox and Internet Explorer add-on. The WOT add-on shows you which websites you can trust for safe surfing, shopping and searching on the web.
When searching “Security Tool Removal” look at how many dangerous websites are marked red. The chances of someone clicking on one of those dangerous links are pretty good.
I encourage and recommend that you download the WOT add-on for Firefox and or Internet Explorer so that you know what links are marked dangerous preventing you from clicking on links that go to malicious websites.
Wi-Fi has become virtually a staple in our technologically-enhanced lives. Its convenience increases productivity in countless industries, academics and even the family home. Retail establishments such as Panera Bread, McDonald’s and Barnes & Noble offer free Wi-Fi in their stores as an amenity to get customers to browse and buy their products. While “free Wi-Fi” might seem like a no-brainer, customers should keep in mind the inherent risks of free Wi-Fi.
What’s the Big Deal? It’s free
Since it’s free, most establishments do not use Wi-Fi encryption to secure their respective networks thus offering hackers a way to steal your usernames and passwords. Some explained the reason for using unencrypted 802.11g was to ensure maximum compatibility between communication devices.
A Hacker’s Hotspot
“Wardriving” is the idea of driving around town and looking for a Wi-Fi network that is unencrypted or has weak encryption and can be easily cracked. With zero or minimal security, a Wardriving Hacker can intercept, unscramble and figure out the information being sent between a customer’s laptop to the Wireless Access Point of an establishment. Another tactic that can easily swipe your login credentials is a Rogue Access Point. In this case, a hacker can set up a Wireless Access Point that imitates the true Access Point. If your notebook connects to this Rogue Access Point, you won’t see any difference as the hacker can duplicate the log-in screen with near 100% accuracy. This is like phishing, where you receive an alert email from your bank or credit card company asking you to click on their link and “verify” your account is okay by logging in.
What You Can Do
There are a few steps you can take to minimize the chance of your information getting stolen:
By knowing the risks associated with free Wi-Fi service, you can minimize the chance of a security breach and possible identity theft.
Adapted via Geeks.com
Pop ups and other intrusive types of advertising are now used to thrust an ad in your face that you have no choice but to at least acknowledge. Regardless of the nature of the ad, pop ups are a nuisance, and there are now many options available for keeping them off of your computer screen all together.
1. Internet Explorer 8 (Windows Users)
The pop up blocker is integrated into the browser and can be customized by browsing to the “Tools” tab at the top of the program. Like many pop up blocker applications, personal preferences can be set to allow/block pop ups from certain sites, as well as providing customization for how the user is alerted to the fact that a pop up has been blocked.
2. Other Web Browsers (Windows, Linux, and Mac users)
There are other choices for web browsers available, and many have included a pop up blocker long before Microsoft decided to include one with Internet Explorer. Since Mozilla Firefox browser was officially released on November 9th it has included a pop up blocker. Also, check out Google Chrome and Apple Safari.
3. Browser Tool Bars
Many toolbars offer unique features intended to enhance the user’s web browsing experience in different ways, but they generally also include a pop up blocker. Although there are toolbars available from dozens of websites, Google and Yahoo are the two best available. The installation of these toolbars is quick and easy, and the most difficult part may be reading the fine print in the license agreements. Although these toolbars may do an excellent job blocking pop ups, they may also be retrieving data on your web surfing / search habits. If you feel a toolbar may be the right solution for you, stick with one from a trusted name, and just be sure to read the fine print. By the way we prefer the Google Toolbar.
4. Pop Up Blocker Software
Stand alone pop up blocking software is available from hundreds of different sources. With various interfaces, and prices ranging from free to $30 (and higher). The main drawback to this type of pop up blocking solution is that you now have another independent application running on your computer. Although they are generally not resource intensive, why run a program to do something that can be handled by one that is already running anyway? Additionally, with so many reliable solutions available to eliminate pop ups for free, spending money on one is hard to justify. We suggest you pick from options 1,2, or 3 above.
Pop ups are a fact of life on the internet, but that does not mean you need to put up with them. Among the general solutions presented above, there are literally hundreds of options available for eliminating the clutter of pop up ads, allowing you to enjoy only the content you intended to see.