There have been many flame wars, there have been different studies made regarding the security of each operating system mentioned in the title. The studies are sometimes said to be biased because it depends on what organization or company has funded the studies. At the end of the day, however, we must realize that no matter what operating system we use on our computers, we should be responsible enough to download security patches and the like.

Sometimes articles and threads on forums and blogs end up in fanaticism. Some of the points raised when it comes to vulnerability and operating systems would be:

The popularity of the operating system
Take for example Windows. It is probably the most popular operating system and some say that that is one of the main reasons why it is most attacked by hackers and creators of malware. They say that there is no point in attacking an operating system that is not used by many. The logic, they say, is that if you are going to do something, make sure it will be something big. (This is why there are people who seem to insist on getting a Mac — more stable and secure that way, as they say.)

Linux, BSD are operating systems that you can’t even run right away/properly/(insert phrase here)…
It sounds so petty, doesn’t it? But there are those who argue with Linux and BSD users that the difficulty with their operating system is that it is not easy to run it. Would an average computer users be able to use it and run it without much fiddling around? Truth be told, it looks like it is possible. But that depends on which Linux distribution you would run. In any case, the argument is more along the lines of “If you can’t even have the OS running properly, who would bother attacking it?”

Everyone must learn how to set up security measures. Be it setting up a firewall, being careful about which sites to check out, downloading patches — each of us will have different needs and we will have different experiences.

[tags]security, windows,linux,mac[/tags]

Tags: General, IT Security Basics, linux, mac, Operating Systems, security, windows

Categories: General, IT Security Basics, Operating Systems

Leave a Comment

In general, teaching people is a difficult task. You have to carefully plan on how to address them and be relevant. Each person would have different needs. Whether you plan to teach your staff and employees, or your family and friends, you have to brace yourself.

Some of the factors that would affect how you would teach them about IT security are as follows:

• the person’s experience with computers
  Has the person used a computer before? What has the person done so far? Install an operating system? Used some particular applications like word processing software or a web browser like Internet Explorer?
• the person’s experience with going online
  Each of us would have had different experiences when it comes to our online presence and habits like downloading, checking email and the like. When it comes to downloading materials be it e-books or anything else, it would be good to take a profile of the sites the person uses as resources.
• enthusiasm
  Whether you believe it or not, enthusiasm could affect the reception of the person to ideas and all that. Talking about security is not exactly the same as talking about your favorite car or favorite pet. Unless you think you could gush about firewalls and all those details, that is. Then again, it depends on the person’s experience, as said before.

No matter how easy or difficult it could be, no matter what background the person has, this is an important thing to learn. You are the one who can do it. May you teach them well.

Tags: Real-World Issues, Security Policies

Categories: Real-World Issues, Security Policies

Leave a Comment

Greg Schulz of Computerworld shared some guidelines of tape virtualization. Tape virtualization is one of the popular topics when it come to storage. Some of the said advantages of making virtual tape libraries would include improvement of the performance of the back up, archiving and other related processes and smooth transition (from tape-based to disk-based).

Here are the ten points he raised in his article:

1. Integration of VTL in your business continuity, conditions of your site/location.
2. Storage devices to be attached to the VTL.
3. Projected storage capacity needed in the future.
4. Backup, archiving, etc. software supported.
5. Support of differencing or single-instance repository capabilities.
6. Determine if you are looking for a turnkey solution.
7. Resiliency and redundancy needed.
8. Security level needed.
9. Tape device and library emulation for your environment.
10. Necessary changes to your current setup.

The questions he raised in his article really make you consider your needs and the conditions of your system. All these questions will help you evaluate if you would use virtualization. You cannot just decide right away if you will use VTL because it could affect your system in a major way.

It is always good to look at the possibilities before arriving at some decisions like this one. It is best to do a full study before you spend on it. One of the important things you also have to consider would be the people who would be in charge of this project in your company. Who will be the ones in charge of the study and the follow up in case you do push through with it. Your data will be at stake so it is better to be safe than sorry.

Tags: Backups, Physical Security, Storage, Tips

Categories: Backups, Physical Security, Storage, Tips

Leave a Comment

Yes, you have probably read it before on different news sites and blogs. An ad on MySpace spread spyware. As reports have mentioned, the banner ad was the one used to spread it. For Windows users who did not get the patches, they were affected by it as it was a WMF vulnerability that was exploited. Average computer users would probably be the ones who were greatly affected by this and they probably did not even notice anything.

There are articles that even mention the other browser, which is Mozilla Firefox. They said that those who use it were probably not affected by it unless the user downloaded the WMF file and opened it on their computers that are running on Windows. It is mainly something that affects Windows users who browse using Internet Explorer.

Things like this incident make the IT department of different companies become more wary, hence banning of more sites if they lean towards paranoia. In the first place, when there are patches released, they are the ones who should take charge and informing others about it. Or they should take the initiative to handle it. Also, users must be more aware of these matters. Security patches are not released without any reason. In this age where computer users are very much connected to one another via the Internet, incidents like this one could happen very often. As the adage goes, an ounce of prevention is better than a pound of cure. Have you checked if you have been able to patch up your Windows machine? If not, get those patches now!

[tags]myspace,windows,spyware[/tags]

Tags: myspace, News, Real-World Issues, Spyware, windows

Categories: News, Real-World Issues

1 Comment

Living at home means that you have to share your computer with other people. In some companies, people also share workstations in case that they have different work shifts. In any case, it is important for you to make sure that your files are safe. Especially those that you use for work and those that contain confidential information.

Here are some tips for you:

• Make sure you are using a password that is not easy to guess.
  If people know you well enough, they could probably figure out what password you will use. People tend to use passwords based on words, names and dates that important to them. Examples are pets‘ names and anniversaries. If you do this, chances are those who know you will be able to log in your computer using your account. Try changing your passwords every so often and make sure that they will be easy for you to remember but difficult to guess. Think of some cipher for it.
• Set permissions on your files and directories.
  You could set that your files and directories will only be accessible to you. Do a chmod on them. Then again, whoever has root access will be able to get through. Maybe it would be easy for you to do this if you are the one with root access.
• Protect your files with passwords.
  Although not everyone agrees with this, some people do this for their own sake. They feel better to have password protected files. A drawback, of course, is that if it has a difficult password to remember, you might as well have deleted your files.
• Log out of your account or profile.
  If you have set your file permissions that you are the only one who can view, edit and execute the files, it will be pointless if you don’t log out. When you are the one who is still logged on, you leave your entire session open for intrusion.

Hopefully these tips have helped you deal with some of your dilemmas with regards to sharing your computer with other users.

[tags]computers,people,security[/tags]

Tags: computers, General, IT Security Basics, people, Privacy-&-Anonymity, Real-World Issues, security, Tips

Categories: General, IT Security Basics, Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

In every office, you have to have some policies when it comes to sharing of files and downloading of files. Why? For one thing, those computers are the company’s resources. And it should be that during work hours, people ought to limit their downloads except for materials that are necessary for their work to get done.

How do you formulate your policies when it comes to these matters?

If you are working in a creative environment, anything could be used as your inspiration. That is why there are companies who allow surfing within office hours and it does not really matter what sites you visit. Although some of them do block some sites that are mainly of the personal nature like Friendster, My Space and other similar sites. There are also some that ban blogging services like Blogger. They would even issue memos regarding the matter.

If you work in a strictly confidential project, it would be difficult to try to make sure that nothing leaks out. If you are connected via the Internet, chances are your works could be intercepted in one way or another by hackers. So you have to be careful that you have firewall activated. As others would say, just block off everything except interoffice email.

Employees must be briefed carefully so that they will not be surprised in case they were surfing the ‘net one time and they find out that there are blocked sites. Also, you have to make sure you observe how the employees work. Those in the financial business would have to guard a lot of information. They would have to ensure that the employees understand the policies and that they would follow them in order to ensure that everything will be secure. After all, it is better to be safe than sorry. You would not want to lose your valuable clients.

[tags]work,office,security,internet[/tags]

Tags: internet, office, Real-World Issues, security, Security Policies, work

Categories: Real-World Issues, Security Policies

Leave a Comment

There are different ways of creating passwords for your computer and online accounts. It seems like these days, the usual six characters as length of passwords is not enough. There are sites that when you sign up and you give your desired password, they will let you know whether or not your password is strong. Most of the sites that have it even point out that it is better to have characters that are more than six characters long. For another, they usually recommend that you have numbers and letters in your password. Mixing up uppercase characters along with it is also recommended. Sounds tough, right? Because the the passwords would seem random or something like it.

Here are some tips from different people so that you could have more secure passwords that you could easily remember:
1. Use two words with six characters each.
If you have two words, you have a twelve character long password. But here’s the clincher. You have to make some funky code that you would be replacing some of the letters with numbers. So it could be that every two letter you could replace the letters with numbers that have some signifance or maybe some random numbers.
There are people would use the names of their pets and something else that is totally random and those are combined by mixing the letters, alternating each letter.
2. Use some other language and make a phrase. Then turn it into leet speak.
It is similar to the first suggestion. However this takes it a step further because it will involve other countries’ languages. It is as if you are writing code indeed.
3. Have around three sets of passwords.
Rotate among these three passwords that you have. And change your passwords every so often. At least this makes it more difficult for others to find you your passwords.

Tags: IT Security Basics, Tips

Categories: IT Security Basics, Tips

Leave a Comment

Related to the Yahoo instant messenger post, this entry is to remind you that you have to take note of the messages that you receive via IM. There are ways to hack your accounts and it will too much trouble to deal with them, if you think about it. Especially when you have a lot of contacts from different cities in the world that you have to warn about it.

Instant messaging
It is convenient to have instant messaging. It makes you accessible to anyone and everyone all the time. You can look at your buddy list and send them IMs no matter how far apart you are and you do not have to spend so much on calls or SMS for that matter. But apparently it is also convenient for hackers to take advantage of.

Who is sending you messages?
Are you sure that you know the people in your buddy list? Sometimes people you do not know well add you to their buddy lists just because. Sometimes you meet other people and you exchange contact information, including Yahoo IDs, or whatever you are using. If you chat with them often enough, you would get used to messages suddenly popping out saying they came from these trusted sources. But you actually never know.

Check the links
Links that come from your buddies do not always come from them. If their accounts have been hacked you could get links to sites that have content you do not really like. What you could do is ask them before clicking the links. That way both of you would be aware. If you and your buddy always talk about home improvement, wouldn’t it be a bit strange if you get a link about dating. Especially if this online buddy is more of a professional contact.

Tags: Privacy-&-Anonymity, Real-World Issues, Tips

Categories: Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

If you are a Yahoo! user who regularly talks on Yahoo Instant Messenger, you have to beware of links that appear to have come from your contacts or buddies. There are some incidents of Yahoo accounts being hacked because of those links.

Modus operandi
What usually happens is that a buddy of yours will supposedly give you a link to something. It might be a Geocities page or a Yahoo photos page. Sometimes it seems as though it is a random page on your buddy’s Yahoo photos page or Geocities account. It would usually seem innocent enough. If you click it, it will direct you to a page that will require you to log in. You will probably just get stuck on that page. As if nothing has been going on. But the bad thing is that if you did try to log in, your password is already known by the person who created that page.

Have you encountered anything similar? If you have, maybe it is time to change your password.

The effects
Your Yahoo account gets hacked. The terrible thing is that you will seem to pass on different links to people on your buddy list. It would have been ok if it was some useful link like DIY stuff or something similar. But no – it leads to the spoofed Geocities or Yahoo photos site. The bad thing is that you won’t even know until you get contacted by the people on your buddy list. If you have friends from different countries, the time zones would affect how you would try to tell them that your Yahoo account got hacked. There are some messaging clients that use the Yahoo protocol that does not seem to support mass messaging so you have to do it as soon as you catch them online or you would have to send them all emails somehow.

This tip is not necessarily about your computer and the data in it per se, but it is more for you and your online identity.

Tags: Privacy-&-Anonymity, Real-World Issues

Categories: Privacy & Anonymity, Real-World Issues

Leave a Comment

Do you socialize a lot online? Is it through chat, email or voice over internet telephony? Do you make a lot of online transactions? Where? Ebay?

If you have answered yes to a lot of those questions, here is another question for you: Do you read the terms of service of the sites that you sign up for in order to utilize their services? If yes, do you make sure that you even have a copy of it? If not, maybe it is time you should.

When we sign up for online services, we give out a lot of information about us. Some might be as detailed as including bank account numbers and credit card numbers too, especially if these are banking services and/or online auctions. There are different terms of service and privacy statements. Sometimes we just sign up without bothering to read on those. There are actually some sites that change their terms of service without notifying the users. Same thing goes for their privacy clause.

Usually privacy clauses would say that the information you provide is confidential and that they would not be passed on to others. However you cannot be too sure about them all the time. There are different cases linked to identity theft because of the information others have taken off the Internet. In America, there are some documentaries already and hopefully there will be sensible actions to be done about it. You don’t want to worry too much about buying flowers for your wife using your credit card. It is better to be aware rather than to feel sorry in the end.

Tags: General, Privacy-&-Anonymity, Real-World Issues

Categories: General, Privacy & Anonymity, Real-World Issues

Leave a Comment