There have been many flame wars, there have been different studies made regarding the security of each operating system mentioned in the title. The studies are sometimes said to be biased because it depends on what organization or company has funded the studies. At the end of the day, however, we must realize that no matter what operating system we use on our computers, we should be responsible enough to download security patches and the like.

Sometimes articles and threads on forums and blogs end up in fanaticism. Some of the points raised when it comes to vulnerability and operating systems would be:

The popularity of the operating system
Take for example Windows. It is probably the most popular operating system and some say that that is one of the main reasons why it is most attacked by hackers and creators of malware. They say that there is no point in attacking an operating system that is not used by many. The logic, they say, is that if you are going to do something, make sure it will be something big. (This is why there are people who seem to insist on getting a Mac — more stable and secure that way, as they say.)

Linux, BSD are operating systems that you can’t even run right away/properly/(insert phrase here)…
It sounds so petty, doesn’t it? But there are those who argue with Linux and BSD users that the difficulty with their operating system is that it is not easy to run it. Would an average computer users be able to use it and run it without much fiddling around? Truth be told, it looks like it is possible. But that depends on which Linux distribution you would run. In any case, the argument is more along the lines of “If you can’t even have the OS running properly, who would bother attacking it?”

Everyone must learn how to set up security measures. Be it setting up a firewall, being careful about which sites to check out, downloading patches — each of us will have different needs and we will have different experiences.

[tags]security, windows,linux,mac[/tags]

Tags: General, IT Security Basics, linux, mac, Operating Systems, security, windows

Categories: General, IT Security Basics, Operating Systems

Leave a Comment

Yes, you have probably read it before on different news sites and blogs. An ad on MySpace spread spyware. As reports have mentioned, the banner ad was the one used to spread it. For Windows users who did not get the patches, they were affected by it as it was a WMF vulnerability that was exploited. Average computer users would probably be the ones who were greatly affected by this and they probably did not even notice anything.

There are articles that even mention the other browser, which is Mozilla Firefox. They said that those who use it were probably not affected by it unless the user downloaded the WMF file and opened it on their computers that are running on Windows. It is mainly something that affects Windows users who browse using Internet Explorer.

Things like this incident make the IT department of different companies become more wary, hence banning of more sites if they lean towards paranoia. In the first place, when there are patches released, they are the ones who should take charge and informing others about it. Or they should take the initiative to handle it. Also, users must be more aware of these matters. Security patches are not released without any reason. In this age where computer users are very much connected to one another via the Internet, incidents like this one could happen very often. As the adage goes, an ounce of prevention is better than a pound of cure. Have you checked if you have been able to patch up your Windows machine? If not, get those patches now!

[tags]myspace,windows,spyware[/tags]

Tags: myspace, News, Real-World Issues, Spyware, windows

Categories: News, Real-World Issues

1 Comment

Related to the Yahoo instant messenger post, this entry is to remind you that you have to take note of the messages that you receive via IM. There are ways to hack your accounts and it will too much trouble to deal with them, if you think about it. Especially when you have a lot of contacts from different cities in the world that you have to warn about it.

Instant messaging
It is convenient to have instant messaging. It makes you accessible to anyone and everyone all the time. You can look at your buddy list and send them IMs no matter how far apart you are and you do not have to spend so much on calls or SMS for that matter. But apparently it is also convenient for hackers to take advantage of.

Who is sending you messages?
Are you sure that you know the people in your buddy list? Sometimes people you do not know well add you to their buddy lists just because. Sometimes you meet other people and you exchange contact information, including Yahoo IDs, or whatever you are using. If you chat with them often enough, you would get used to messages suddenly popping out saying they came from these trusted sources. But you actually never know.

Check the links
Links that come from your buddies do not always come from them. If their accounts have been hacked you could get links to sites that have content you do not really like. What you could do is ask them before clicking the links. That way both of you would be aware. If you and your buddy always talk about home improvement, wouldn’t it be a bit strange if you get a link about dating. Especially if this online buddy is more of a professional contact.

Tags: Privacy-&-Anonymity, Real-World Issues, Tips

Categories: Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

If you are a Yahoo! user who regularly talks on Yahoo Instant Messenger, you have to beware of links that appear to have come from your contacts or buddies. There are some incidents of Yahoo accounts being hacked because of those links.

Modus operandi
What usually happens is that a buddy of yours will supposedly give you a link to something. It might be a Geocities page or a Yahoo photos page. Sometimes it seems as though it is a random page on your buddy’s Yahoo photos page or Geocities account. It would usually seem innocent enough. If you click it, it will direct you to a page that will require you to log in. You will probably just get stuck on that page. As if nothing has been going on. But the bad thing is that if you did try to log in, your password is already known by the person who created that page.

Have you encountered anything similar? If you have, maybe it is time to change your password.

The effects
Your Yahoo account gets hacked. The terrible thing is that you will seem to pass on different links to people on your buddy list. It would have been ok if it was some useful link like DIY stuff or something similar. But no – it leads to the spoofed Geocities or Yahoo photos site. The bad thing is that you won’t even know until you get contacted by the people on your buddy list. If you have friends from different countries, the time zones would affect how you would try to tell them that your Yahoo account got hacked. There are some messaging clients that use the Yahoo protocol that does not seem to support mass messaging so you have to do it as soon as you catch them online or you would have to send them all emails somehow.

This tip is not necessarily about your computer and the data in it per se, but it is more for you and your online identity.

Tags: Privacy-&-Anonymity, Real-World Issues

Categories: Privacy & Anonymity, Real-World Issues

Leave a Comment

Do you socialize a lot online? Is it through chat, email or voice over internet telephony? Do you make a lot of online transactions? Where? Ebay?

If you have answered yes to a lot of those questions, here is another question for you: Do you read the terms of service of the sites that you sign up for in order to utilize their services? If yes, do you make sure that you even have a copy of it? If not, maybe it is time you should.

When we sign up for online services, we give out a lot of information about us. Some might be as detailed as including bank account numbers and credit card numbers too, especially if these are banking services and/or online auctions. There are different terms of service and privacy statements. Sometimes we just sign up without bothering to read on those. There are actually some sites that change their terms of service without notifying the users. Same thing goes for their privacy clause.

Usually privacy clauses would say that the information you provide is confidential and that they would not be passed on to others. However you cannot be too sure about them all the time. There are different cases linked to identity theft because of the information others have taken off the Internet. In America, there are some documentaries already and hopefully there will be sensible actions to be done about it. You don’t want to worry too much about buying flowers for your wife using your credit card. It is better to be aware rather than to feel sorry in the end.

Tags: General, Privacy-&-Anonymity, Real-World Issues

Categories: General, Privacy & Anonymity, Real-World Issues

Leave a Comment

An article in Computerworld shows that the Automatic Data Processing Center gave its shareholder information to an unauthorized party. This unauthorized party has been said impersonate corporate officers. The information included were not just names but also addresses and the number of shares they had. There are further investigations on the matter. The number of affected accounts remain undisclosed.

There are different ways in which security is breached. The intrusion may happen within your own company or outside of it. You could never tell which one will happen. The difficulty about having security breached internally is that you have placed your trust among certain people and you could never tell which one of them did it or why it has come to pass.

For such cases, there has to be a policy that will prevent this from happening. It looks as though they have given the data without much careful thinking as it was an ‘unauthorized party’ they gave it to. This is difficult to accept. Policies should be strictly imposed too. And also, maybe there is something lacking in the way personnel are trained in handling such information. If that might have been the case, they should be trained to analyze situations carefully before giving out any kind of information, especially confidential ones. The only consolation in this case, perhaps, is that account numbers and Social security numbers were not included in the information that was given.

Tags: General, Privacy-&-Anonymity, Real-World Issues

Categories: General, Privacy & Anonymity, Real-World Issues

Leave a Comment

Dreaming of the perfect software? It might still be something of a dream but researchers in Colorado State University are on to making models that you could use to predict the number of flaws in an application or operating system. They aim to present the results of their study in a conference on secure computing in September.

In achieving this goal,they are testing their models on the Apache Web server and the Microsoft IIS server. They are hoping that this would be useful in reducing the number of flaws, especially those involving security. So far, the researchers have found out the number of vulnerabilities found in Windows 95, Windows NT and Red Hat 7.1, in the web servers Apache and IIS all fit their model well. They also found out that there is an S-curve relationship for the vulnerabilities.

Better decision-making

This research would be helpful in decision-making. This would be a good way of gauging the readiness of the software the developers are about to release. It would be difficult to ship the software without the knowledge of how vulnerable it is. The difficulty in the case of software that are released immediately is that there might be a lot of flaws. Think of the number of times you might have had to download security patches for the software you are using. That is not just a hassle on your end, but think of how much damage your system could have suffered.

Learning from mistakes

There are many causes of flaws and vulnerabilities. Even so, there is an opportunity to improve the quality of the software being developed. There are people who are continuously working on the security issues and these researchers are going to be part of this group. It is not an easy task and having tools like this could create an impact on the software industry.

Tags: News, Operating Systems, Real-World Issues

Categories: News, Operating Systems, Real-World Issues

Leave a Comment

Computer Associates recently conducted a poll of 642 US enterprise associates. Some of the results of the study, at least what they have reported:

54% loss of productivity
25% public embarrassment
20% losses in revenue (most likely related to insurance concerns)

It is sad to note that 38% of those who have reported about the IT security breaches have been internal. In a way, it is ironic as there are preparations to prevent or combat breaches from external sources.

Other important information from the poll deal with issues of improving security in the enterprise. It is critical to formulate policies and procedures that would enhance the security or else, they will not achieve their desired results which include increase in productivity.

From the study it is apparent that even though they admit that there is an increase in security failures, they are also doing the necessary steps in order to prevent them. Aside from that they are also are concerned with the need to educate everyone about practices in IT security. Businesses concerned with finance are noted in the study as well.

The steps in making sure that everything is secure is not just about your computer and making sure that everything is intact and that your network is not vulnerable to attacks. It is also affected by the way you view it. Educating the users is still one important aspect that has to be dealt with. Maybe there is something about the corporate culture that affects the way everyone views IT security. It is something that each company would have to study individually if that is the case.

Studying security breaches in the enterprise is good. It opens up the eyes of the decision makers as to what still needs to be done. Without such studies, breaches could still go on and nobody would do anything about them and that is terrible for the enterprise.

Tags: Network Security, News, Real-World Issues

Categories: Network Security, News, Real-World Issues

Leave a Comment

Utica College, Lexis-Nexis and the FBI and US Secret Service have teamed up to form a center for identity theft research. It is dubbed as Center for Identity Management and Information Protection. There are other founding members such as Carnegie Mellon University, Indiana University, Syracuse University and IBM.

The center is said to focus on the following:

• causes, detection and prevention of identity theft
• criminal threats
• legislation and policy making
• improvement of authentication systems
• uses of technology in the prevention of identity theft

Projects that the CIMIP would be working on:
The CIMIP will be working with the Bureau of Justice Assistance in examining criminal groups and their methods in perpetrating identity theft. Also, there will a continuing series of conferences and papers from ECI/LexisNexis. This could be seen as a part of their desire to share their research results to the key decision makers in the academe, the government and the businesses (maybe this is going to benefit a lot of those in the pre-need sector).

Identity theft is becoming a prevalent crime. There are different ways for people to commit this kind of crime and sometimes no matter how secure we think our personal information is, it might still be compromised. Technology in this matter is both a blessing and curse as it is a tool which some people abuse. It is good that different sectors of the society have grouped together to research more about it and help us solve the dilemmas caused by it. Their work is very important all the more now that many of us make online transactions, hence the need to safeguard our identities. Maybe it just takes one click on your computer and you put yourself in that position of vulnerability.

Tags: News, Privacy-&-Anonymity

Categories: News, Privacy & Anonymity

1 Comment