Phishing over the web can be typified with that of trying to get personal information for mischievous use. Receiving unsolicited emails coming from unknown origins which would make you believe that you have won something in a lottery or a sweepstakes contest are the common forms of phishing.

The people who send you these emails are merely after your personal information. They would get information such as credit card numbers, bank accounts, and other useful information to which they can use over the web, an open space of being able to transact with a lot of security breaches that most people know today.

Some would even provide links to certain pages which are professionally done, all the more deceiving a person that the offer is for real. But the next time you get such e-mails from an unknown source, all you have to do is just think about it for a second. How can you get such mails from someone or something that you don’t even remember joining? The rest is history.

Tags: deception, e-mails, phishing, spam, web-extortion, web-swindling

Categories: IT Security Basics, Privacy & Anonymity, Tips

Comments Off

Living at home means that you have to share your computer with other people. In some companies, people also share workstations in case that they have different work shifts. In any case, it is important for you to make sure that your files are safe. Especially those that you use for work and those that contain confidential information.

Here are some tips for you:

• Make sure you are using a password that is not easy to guess.
  If people know you well enough, they could probably figure out what password you will use. People tend to use passwords based on words, names and dates that important to them. Examples are pets‘ names and anniversaries. If you do this, chances are those who know you will be able to log in your computer using your account. Try changing your passwords every so often and make sure that they will be easy for you to remember but difficult to guess. Think of some cipher for it.
• Set permissions on your files and directories.
  You could set that your files and directories will only be accessible to you. Do a chmod on them. Then again, whoever has root access will be able to get through. Maybe it would be easy for you to do this if you are the one with root access.
• Protect your files with passwords.
  Although not everyone agrees with this, some people do this for their own sake. They feel better to have password protected files. A drawback, of course, is that if it has a difficult password to remember, you might as well have deleted your files.
• Log out of your account or profile.
  If you have set your file permissions that you are the only one who can view, edit and execute the files, it will be pointless if you don’t log out. When you are the one who is still logged on, you leave your entire session open for intrusion.

Hopefully these tips have helped you deal with some of your dilemmas with regards to sharing your computer with other users.

Tags: computers, General, IT Security Basics, omputers, people, Privacy-&-Anonymity, Real-World Issues, security, Tips

Categories: General, IT Security Basics, Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

To date, Facebook is perhaps the most successful and widespread social networking site. It has transcended age and race, and practically everyone I know has an account. It has so much to offer, hence the amount of time that the average person spends on Facebook has skyrocketed in the past months. Even businesses and employers use Facebook to make their presence felt online!

But in spite of the allure and usefulness of Facebook, it does have some security issues. All the information that one enters can be accessed by the site AND its third party partners. With each application a user “allows,” his information is accessed, probably even shared with others. Unless a user changes the default privacy settings, practically anyone can access his information. This is something that not everyone really thinks about.

But the Canadian government found these issues important. In fact, the pressured Facebook to create some changes with regard to security. Thanks to them, several tweaks have been enacted. PCWorld featured this move and outlined the fixes.

One, Facebook had to fix the way applications access users data:

Apps will have to tell the user what information it wants and get express consent from the user beforehand. Information will be split into categories, which the user can check off before installing. Developers will also have to explain how that personal data will be used.

Two, what happens to a user’s information if he deactivates his account?

Users will be given an option to either deactivate or delete their accounts. Upon deactivation, they’ll be notified of the option to delete, and can elect to do so should they want all their data gone for good.

Three, what will happen to your account if you die?

Facebook will explain in its privacy policy what happens to an account after its owner passes away.

My thoughts – one and two are quite valid. Three, I am not so sure. You’ll be dead, why would you care? In any case, I wonder if Facebook will apply these fixes to the whole system or just for their Canadian users?

Tags: facebook, privacy settings, security, Social Networking, web sites

Categories: News, Privacy & Anonymity, Real-World Issues

Leave a Comment

Yup, 46! That is one heck of a lot of security flaws, don’t you think? Considering that the iPhone is being used by a lot of people to go online, it seems quite irresponsible of Apple to release a product that has so many flaws. Still, that has not stopped people from buying the iPhone. Indeed, the major reason people do not get one is the price and not the existence of security flaws. In any case, the recent iPhone 3.0 update has fixed those flaws.

Of the 46, six of the security flaws involve CoreGraphics. Without the update, if a user views a maliciously coded image, the application he is using may terminate suddenly. Alternatively, it can lead to arbitrary code execution. What that can lead to, who knows? Another flaw involves opening and viewing PDF files. Apple provides the same result: either application termination or arbitrary code execution.

There is also a flaw with regard to the mail client. Without the update, remote images in HTML messages are automatically fetched and loaded. There is no option to turn off this feature. With the update, this potential security flaw has been fixed.

Meanwhile, Safari can now be totally wiped clean – history of visited web pages and searches together – by accessing the option in the Setting menu. Previously, only the history of web sites was removed, and the searches remained. Now, iPhone users can rest easy knowing that they’ve left no traces behind.

Of course, there are other features to the updates, many of them not solely related to security.

Categories: E-mail, News, Operating Systems, Privacy & Anonymity, Web browsers

Leave a Comment

Seems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!

Categories: Cryptography, E-mail, General, IM, IT Security Basics, Malware, News, Privacy & Anonymity, Real-World Issues, Spyware, Tips, Web browsers, Wireless Security

Leave a Comment

Who said that Obama does not have a techie side to him? If reports earlier this month are to be believed, the newbie President is not ignoring the importance of cyber space. Iain Thomson of Vnunet.com had this report early this month:

US president Barack Obama has ordered an immediate 60-day review of the online security of government IT systems to check for vulnerabilities.

“The national security and economic health of the US depend on the security, stability and integrity of our nation’s cyber space, both in the public and private sectors,” said John Brennan, assistant to the president for counter-terrorism and homeland security.

First thoughts…this is wonderful; this coming from the head of the country, it should be a good sign. However, I was thinking about the 60-day limit – would this be enough? More so, are the intelligence arms going to be part of this review? I doubt that the CIA, the FBI, and the NSA will allow anyone to take a look into their systems. Maybe the review is just for the less sensitive government agencies. Who knows?
In any case, I was just thinking of those people who love hacking systems to get credit card numbers, bank account numbers, and the like. Those days will probably be gone pretty soon, don’t you think?

Categories: Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

I was only able to fit in two tips in the previous post but no worries, here are more things for you to look at.

To subscribe or unsubscribe? What to do?
You know those e-mail messages informing you of one thing or another and then at the bottom it says “To unsubscribe to this service, click on this link…” or something like that? Well, many are legit but here’s the thing – this tactic is also being used to get you to click on the link and gather information from you. What you should do, instead of immediately unsubscribing, is to first double check if you really have subscribed to that service. Otherwise, you just might find more spam mails in your Inbox. If you’re unsure, just mark the address as spam so that it can be filtered in the future.

Guard “important” e-mail addresses
Some people guard their phone numbers zealously. They would only give their numbers to people they know very well and people who they are ok with contacting them. How come, when it comes to e-mail, it seems that people are less guarded? It shouldn’t be the case. You don’t know who will end up knowing your e-mail address and start sending you stuff that you don’t need or worse, malware. If I were you, I’d set up another web e-mail account that is separate from your main e-mail account.

Remember: There is no such thing as absolute privacy
Whatever you code into your computer and send through e-mail is never ever really totally private. Just bear this in mind when writing anything. It will keep you safe.

Categories: E-mail, Privacy & Anonymity, Real-World Issues

Leave a Comment

Did you know that starting March of this year, every single email that is sent and received in the UK will be monitored? Yep, following the law, all Internet Service Providers (ISPs) in the UK will be required to store email information for a year. Though this law requires information to be kept, the actual content of the emails are not included in the requirement.

However, the fact that information is being monitored – even private emails – has got a lot of people shifting in discontent. The details of the law were published by BBC:

-To keep details of every e-mail sent in the UK for a year
-Internet Service Providers will have to record who sent the email, to whom and when
-The e-mail’s content will not be stored
-Data can be accessed by more than 600 public bodies, such as the police and councils, if they make a valid request
-Part of a European Commission directive

Although the contents of emails are not part of the law, it does not take a rocket scientist to figure out that this gives rise to potential security breaches – BIG TIME. It is a given that the idea behind the law was born out of goodwill. After all, we do know that there are a lot of unscrupulous people out there who take advantage of the technology.

However, who is to say that this database of information will be kept secure and that no one will be able to make unauthorized use of it? That, my friends, is the biggest question. Am sure glad I am not in the UK right now.

Categories: Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

It is perhaps the headache of any IT head when it comes to implement policies to have a smooth running network and department. But while the essence of a good security system is evident, it is really the implementation part that is hard to accomplish.

For one, the transition and building of security awareness from various threats that can easily make their way towards an acclaimed secure network is abundant. Manually or transmitted, suspicious files will always find a way especially if you are not that adamant towards making sure that all bases are covered as far as the security of your system and data is concerned.

Many people fail to appreciate that value of the data they have gathered. They fail to appreciate the value of a strict IT policy mainly because all they care about is a workstation to use and opening files (both internal and external) as they please. So if you put all these things together, you can imagine the problems that an IT guy has to work with. But to some, taking the initiative such as passwords and some hardware exclusions has to be made.

If you notice, some drives like the usual floppy drives or even USB ports are either missing or disabled. To make them work, certain permissions and passwords are set for them to be enabled. Only the IT administrator would know these security measures and basic as they may seem, they really help a lot.

This is just a basic but effective way that IT personnel use. There are the usual network policies but for the sake of people who want to making it doubly sure, old and basic practices such as this is perhaps the best way to go.

Tags: it, management, policy

Categories: IT Security Basics, Network Security, Operating Systems, Physical Security, Privacy & Anonymity, Security Policies

Leave a Comment

We all know that some people using the web for success are desperate and regardless if the message comes to you via email, comments or an instant message, do not click! It is easy to spot suspicious messages. For one, if there is no sane explanation on why you should check it out, refrain from doing so. The difference between clicking may make the difference as far as safety and security for your computer or workstation is concerned.

For most, this may seem redundant. Who in his right mind would click a link gone unsolicited? Well that is true but we forget to consider that not all people are aware of the benefits and dangers that await them on the web.

Just like in modern society, you can expect some tactics that can really deceive you. They are not obvious and in fact can come in any from. In fact, you can even get them from friends who may think that such links to site as harmless. Leading the pack for suspicious links would include:

1. Free software links
2. Files or Images
3. Money making scheme programs
4. Unsolicited Sign Ups

Of course, you would have to consider, to get people to click on links, it has to be entirely in their interest. For most, it is too tempting to resist. Especially if you have not encountered them or have been educated of these threats, chances are you may experience them first hand and may become a forgettable one for overlooking the value of security on the web.

Tags: hyperlinks, identity-theft, messaging, phishing

Categories: IT Security Basics, Instant Messaging, Malware, Privacy & Anonymity, Spyware

Leave a Comment