To date, Facebook is perhaps the most successful and widespread social networking site. It has transcended age and race, and practically everyone I know has an account. It has so much to offer, hence the amount of time that the average person spends on Facebook has skyrocketed in the past months. Even businesses and employers use Facebook to make their presence felt online!

But in spite of the allure and usefulness of Facebook, it does have some security issues. All the information that one enters can be accessed by the site AND its third party partners. With each application a user “allows,” his information is accessed, probably even shared with others. Unless a user changes the default privacy settings, practically anyone can access his information. This is something that not everyone really thinks about.

But the Canadian government found these issues important. In fact, the pressured Facebook to create some changes with regard to security. Thanks to them, several tweaks have been enacted. PCWorld featured this move and outlined the fixes.

One, Facebook had to fix the way applications access users data:

Apps will have to tell the user what information it wants and get express consent from the user beforehand. Information will be split into categories, which the user can check off before installing. Developers will also have to explain how that personal data will be used.

Two, what happens to a user’s information if he deactivates his account?

Users will be given an option to either deactivate or delete their accounts. Upon deactivation, they’ll be notified of the option to delete, and can elect to do so should they want all their data gone for good.

Three, what will happen to your account if you die?

Facebook will explain in its privacy policy what happens to an account after its owner passes away.

My thoughts – one and two are quite valid. Three, I am not so sure. You’ll be dead, why would you care? In any case, I wonder if Facebook will apply these fixes to the whole system or just for their Canadian users?

Tags: facebook, privacy settings, security, Social Networking, web sites

Categories: News, Privacy & Anonymity, Real-World Issues

Leave a Comment

Yup, 46! That is one heck of a lot of security flaws, don’t you think? Considering that the iPhone is being used by a lot of people to go online, it seems quite irresponsible of Apple to release a product that has so many flaws. Still, that has not stopped people from buying the iPhone. Indeed, the major reason people do not get one is the price and not the existence of security flaws. In any case, the recent iPhone 3.0 update has fixed those flaws.

Of the 46, six of the security flaws involve CoreGraphics. Without the update, if a user views a maliciously coded image, the application he is using may terminate suddenly. Alternatively, it can lead to arbitrary code execution. What that can lead to, who knows? Another flaw involves opening and viewing PDF files. Apple provides the same result: either application termination or arbitrary code execution.

There is also a flaw with regard to the mail client. Without the update, remote images in HTML messages are automatically fetched and loaded. There is no option to turn off this feature. With the update, this potential security flaw has been fixed.

Meanwhile, Safari can now be totally wiped clean – history of visited web pages and searches together – by accessing the option in the Setting menu. Previously, only the history of web sites was removed, and the searches remained. Now, iPhone users can rest easy knowing that they’ve left no traces behind.

Of course, there are other features to the updates, many of them not solely related to security.

Categories: E-mail, News, Operating Systems, Privacy & Anonymity, Web browsers

Leave a Comment

Seems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!

Categories: Cryptography, E-mail, General, IM, IT Security Basics, Malware, News, Privacy & Anonymity, Real-World Issues, Spyware, Tips, Web browsers, Wireless Security

Leave a Comment

Who said that Obama does not have a techie side to him? If reports earlier this month are to be believed, the newbie President is not ignoring the importance of cyber space. Iain Thomson of Vnunet.com had this report early this month:

US president Barack Obama has ordered an immediate 60-day review of the online security of government IT systems to check for vulnerabilities.

“The national security and economic health of the US depend on the security, stability and integrity of our nation’s cyber space, both in the public and private sectors,” said John Brennan, assistant to the president for counter-terrorism and homeland security.

First thoughts…this is wonderful; this coming from the head of the country, it should be a good sign. However, I was thinking about the 60-day limit – would this be enough? More so, are the intelligence arms going to be part of this review? I doubt that the CIA, the FBI, and the NSA will allow anyone to take a look into their systems. Maybe the review is just for the less sensitive government agencies. Who knows?
In any case, I was just thinking of those people who love hacking systems to get credit card numbers, bank account numbers, and the like. Those days will probably be gone pretty soon, don’t you think?

Categories: Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

Did you know that starting March of this year, every single email that is sent and received in the UK will be monitored? Yep, following the law, all Internet Service Providers (ISPs) in the UK will be required to store email information for a year. Though this law requires information to be kept, the actual content of the emails are not included in the requirement.

However, the fact that information is being monitored – even private emails – has got a lot of people shifting in discontent. The details of the law were published by BBC:

-To keep details of every e-mail sent in the UK for a year
-Internet Service Providers will have to record who sent the email, to whom and when
-The e-mail’s content will not be stored
-Data can be accessed by more than 600 public bodies, such as the police and councils, if they make a valid request
-Part of a European Commission directive

Although the contents of emails are not part of the law, it does not take a rocket scientist to figure out that this gives rise to potential security breaches – BIG TIME. It is a given that the idea behind the law was born out of goodwill. After all, we do know that there are a lot of unscrupulous people out there who take advantage of the technology.

However, who is to say that this database of information will be kept secure and that no one will be able to make unauthorized use of it? That, my friends, is the biggest question. Am sure glad I am not in the UK right now.

Categories: Privacy & Anonymity, Real-World Issues, Security Policies

1 Comment

We all know that some people using the web for success are desperate and regardless if the message comes to you via email, comments or an instant message, do not click! It is easy to spot suspicious messages. For one, if there is no sane explanation on why you should check it out, refrain from doing so. The difference between clicking may make the difference as far as safety and security for your computer or workstation is concerned.

For most, this may seem redundant. Who in his right mind would click a link gone unsolicited? Well that is true but we forget to consider that not all people are aware of the benefits and dangers that await them on the web.

Just like in modern society, you can expect some tactics that can really deceive you. They are not obvious and in fact can come in any from. In fact, you can even get them from friends who may think that such links to site as harmless. Leading the pack for suspicious links would include:

1. Free software links
2. Files or Images
3. Money making scheme programs
4. Unsolicited Sign Ups

Of course, you would have to consider, to get people to click on links, it has to be entirely in their interest. For most, it is too tempting to resist. Especially if you have not encountered them or have been educated of these threats, chances are you may experience them first hand and may become a forgettable one for overlooking the value of security on the web.

Tags: hyperlinks, identity-theft, messaging, phishing

Categories: Instant Messaging, IT Security Basics, Malware, Privacy & Anonymity, Spyware

Leave a Comment

The problem with spam and phishing has become so much of a problem that Google, has resorted to using Yahoo’s patented DomainKeys technology to protect their email users through Gmail with the security system. DomainKeys was patented and developed by Yahoo but was released under a dual license under the GNU General Public License which allowed the software technology to become a widely accepted internet standard. It uses encryption technology to verify that the domain from which mail comes from is in fact the true source of the sent mail blocking re-directed spam and other malware from taking flight. These types of technology have been vital in the protection of consumers who do online shopping, many of whom fall victim to fake and phishing scams resulting in financial losses.
Internet companies themselves get victimized in terms of the resources they have to allocate to resolve such incidents that start from eBay transactions gone bad that hackers use as phishing tools. Once these people get their hands on the account information of legit users, they go on expensive shopping sprees that costs the e-commerce industry a lot of lost revenue. It also causes a lot of misinformation on the security and reliability of online stores (some are truly legit but most are well…..). Hopefully more and more fake PayPal and eBay scams would be denied giving people more time to develop better protection systems. There are a lot of tips on the internet about online safety with regards to these email and other scams so you’d better brush up and stay informed of the latest news if you love online shopping and haggling over eBay. Safe online Shopping everyone!!

Tags: eBay, eCommerce, Gmail, Online Safety, Online Shopping, phishing

Categories: General, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

The admittance by an executive from within the industry was sure to happen and doing so may have given more importance on how you implement online security at home and in the office for knowing you are never always protected is the norm of the internet. There is no one software or provider that can promise total protection whatever the case and you are always infected with one form or the other how ever expensive the anti-virus software you have installed on your computer system. The industry is also in a dilemma of how best to present information on the ones that got away and caused mayhem before they caught it and issued a cure. You only hear of the ones they get and not the other way round, why, it’s bad for business. Getting your clients to know that they are not the total solution might get them thinking that if that’s the case, why spend hundreds if not thousands of dollars a year for something that may be effective? There are even instances that these programs that are designed to protect us from viruses and malware being infected and doing the dirty work themselves.
All the hype about technology and new software development tools also mean nothing for the very people who does the programming for these anti-virus programs also have the ability to use it for no good. The reality of using the net is to accept the fact that every click may be your last and that is the gauntlet you walk each and every day as you surf, download and do whatever you wish over the internet. True that it has allowed us more freedom and information but it also opened up the world to these scoundrels who are up to no good.

Tags: anti-virus, anti-virus-software, hackers, Malware, Software development

Categories: General, IT Security Basics, Malware, Network Security, Privacy & Anonymity, Programming, Real-World Issues, Security Policies, Spyware

Leave a Comment

The Anti-Virus industry has been rendered ineffective for quite sometime and this came into attention only with one industry expert speaking out of the crowd to say so “AS IS”. We have all been under the impression that the security of our PC’s, Laptops and other computers has been quite effective and robust with online active updates that allows them to deal with evolving threats. The problem is as the discussion states, how do you deal with today’s millions upon millions of viruses and other forms of threats without super-computing status? You can’t, that is the reality we have to face that there is no one solution to the problem and that it is going to stay that way.
Anti-virus software engineers do their jobs round the clock to prevent these malware form doing the most harm on the millions if not billions of computers around the world that connects to the internet daily. As one sector of the globe goes to sleep, another wakes up to a new day of infections and threats that is exaggerated more by the constant online status of some pc’s meaning they are always connected whatever time of day it is. Imagine scanning through a database that can give you the ability to determine a virus among the millions of known types, variants and mutations (even with a super-computer it takes time) every time you download a file or click on an internet link, that would be unfathomable. The best these guys can do and hope for is that they (the many anti-virus vendors) get to the problem early on when the virus or malware is still propagating when they can still reverse engineer it, then issue the proper identifiers along with the removal instructions that they send out to their respective clients hoping they are still not infected and spreading the virus themselves.
If they already are infected, it takes more time to formulate an approach on how to remove the problem form the computer system leaving it untouched and without the threat. This is almost next to impossible for any seasoned PC user knows that anything that is installed stays installed (even fragments of files and other programs) long after the known un-install procedure has been done. The only sure way to clear an infected system would be to re-format the hard drive and then re-install the whole myriad of software and drivers that came out with the PC (most of them are lost during the years necessitating an online search from manufacturer sites and other help sites which may also be infected), losing them is suicide for a PC without proper drivers is like a car without brakes that constantly breaks down and has to try to get itself to run to a level of its former self.

Tags: anti-virus, Malware, Software development, viruses

Categories: General, IT Security Basics, Malware, Network Security, News, Operating Systems, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware, Tips

Leave a Comment

He has ruled the computer industry for a long time with the introduction of Windows through Microsoft and has left his mark on the lives of most if not all those who have used their software, Bill Gates has finally stepped out (for real this time) of the Microsoft management for good. Even as the news was still warm and getting out into the wild, another attack on the software giant has been detected and reported by the security provider WebSense about a fake OS patch that is aimed to address some vulnerabilities in Microsoft software. The supposed patch redirects users to a malicious web page that installs malware on the unsuspecting user.

“It’s a deception attack, where it is made to look like a Microsoft update and the user has to take action, rather than an exploit where the user gets infected without saying yes to the download,” Hubbard said. (Hubbard is a Chief Technology Officer at Websense)

Most seasoned users of Microsoft products, know that the company does not send notification of software patches through email (which is done by their AutoUpdate system that automatically does all the work for you…. well, even without you for some updates are unstoppable if you have your system on automatic mode). Any unsuspecting user that clicks on the “Yes” button to get the said update gets a backdoor program installed instead without any warnings. The wide open door can then be used by hackers to obtain information about the user or even take over the victim computer as another minion in the never ending battle between malware and security experts. The hackers managed to go around spam filtering systems by using a redirection path that aims the browser to the web site of the US Secret Service which is a sure sign of more devious acts to come.
The complexity and knowledge of hackers on how to circumvent security is very much a threat to all internet users and still remains a real threat for all of us who use the internet each day.

Source : SC Magazine

Tags: Backdoor, Malware, Redirected Sites

Categories: General, IT Security Basics, Malware, Network Security, News, Operating Systems, Privacy & Anonymity, Real-World Issues, Security Policies, Tips

Leave a Comment