There are different ways of creating passwords for your computer and online accounts. It seems like these days, the usual six characters as length of passwords is not enough. There are sites that when you sign up and you give your desired password, they will let you know whether or not your password is strong. Most of the sites that have it even point out that it is better to have characters that are more than six characters long. For another, they usually recommend that you have numbers and letters in your password. Mixing up uppercase characters along with it is also recommended. Sounds tough, right? Because the the passwords would seem random or something like it.

Here are some tips from different people so that you could have more secure passwords that you could easily remember:
1. Use two words with six characters each.
If you have two words, you have a twelve character long password. But here’s the clincher. You have to make some funky code that you would be replacing some of the letters with numbers. So it could be that every two letter you could replace the letters with numbers that have some signifance or maybe some random numbers.
There are people would use the names of their pets and something else that is totally random and those are combined by mixing the letters, alternating each letter.
2. Use some other language and make a phrase. Then turn it into leet speak.
It is similar to the first suggestion. However this takes it a step further because it will involve other countries’ languages. It is as if you are writing code indeed.
3. Have around three sets of passwords.
Rotate among these three passwords that you have. And change your passwords every so often. At least this makes it more difficult for others to find you your passwords.

Tags: IT Security Basics, Tips

Categories: IT Security Basics, Tips

Leave a Comment

Blogs are popularly being read on RSS aggregators these days. That or via Atom feeds and recently, it has been said that attackers could use Javascript to take advantage of this. According to an article on USA Today, this could be any kind of information as long as it is in this format. In the said article, you could also find out the list of vulnerable readers: Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader.

This kind of news is actually not so new. Mark Pilgrim was one of the bloggers who has written about this before. He even set up an experiment of sorts, wherein subscribers to his blog feed saw a screen full of platypi. He has mentioned in his blog entry that the difficulty with RSS is that there is a lot of arbitrary HTML and it could include Javascript — it could be malicious Javascript as designed by some attackers. Mark Pilgrim even listen down the elements that should be stripped off by RSS readers, just to be safe:
script tags, embed tags, object tags, frameset tags, iframe tags, meta tags, link tags, style tags, style attributes from every tag.

If you are always subscribing to different blogs, forums and mailing lists through RSS, you should be careful about it. If there are comments RSS, you could also take precautionary measures by not subscribing to it. It is possible to get attacked through the RSS of comments. Aside from that, if you have set up your own personal aggregator, make sure that you have a ’smart’ aggregator which strips off the said tags. If you have an aggregator on your computer, check if it is vulnerable. Maybe you could install something else that isn’t prone to attacks via RSS. It is better to be secure after all.

Tags: IT Security Basics, Malware, News, Tips

Categories: IT Security Basics, Malware, News, Tips

Leave a Comment

Phishing over the web can be typified with that of trying to get personal information for mischievous use. Receiving unsolicited emails coming from unknown origins which would make you believe that you have won something in a lottery or a sweepstakes contest are the common forms of phishing.

The people who send you these emails are merely after your personal information. They would get information such as credit card numbers, bank accounts, and other useful information to which they can use over the web, an open space of being able to transact with a lot of security breaches that most people know today.

Some would even provide links to certain pages which are professionally done, all the more deceiving a person that the offer is for real. But the next time you get such e-mails from an unknown source, all you have to do is just think about it for a second. How can you get such mails from someone or something that you don’t even remember joining? The rest is history.

Tags: deception, e-mails, phishing, spam, web-extortion, web-swindling

Categories: IT Security Basics, Privacy & Anonymity, Tips

Comments Off

Among the features that most mobile phones have today is that of features that include the Bluetooth and Infrared connectivity as a means of wireless connections. While such advancements has made it easier for people to transfer files such as images and sounds from one phone to another, it also becomes a loophole to allow viruses to infect the operating system of mobile phones today.

Worms such as Cabir, have become the onslaught of rampant mobile phone intrusions, something that uses the Bluetooth connectivity as a means of infecting mobile phones of today. Once they get through, malfunctions and error messages are sure to ensue, making it a need for the software systems of mobile phones of today to be either formatted or disinfected with available anti-virus and worm removers such as Panda Software.

Inconvenient as it may seem, it is advisable for mobile phone owners to refrain from activating their Bluetooth connections to avoid such infections and untoward intrusions at any time.

Tags: bluetooth, cabir, connectivity, viruses, worms

Categories: IT Security Basics, Malware, Operating Systems, Real-World Issues, Spyware, Tips, Wireless Security

Comments Off

Greg Schulz of Computerworld shared some guidelines of tape virtualization. Tape virtualization is one of the popular topics when it come to storage. Some of the said advantages of making virtual tape libraries would include improvement of the performance of the back up, archiving and other related processes and smooth transition (from tape-based to disk-based).

Here are the ten points he raised in his article:

1. Integration of VTL in your business continuity, conditions of your site/location.
2. Storage devices to be attached to the VTL.
3. Projected storage capacity needed in the future.
4. Backup, archiving, etc. software supported.
5. Support of differencing or single-instance repository capabilities.
6. Determine if you are looking for a turnkey solution.
7. Resiliency and redundancy needed.
8. Security level needed.
9. Tape device and library emulation for your environment.
10. Necessary changes to your current setup.

The questions he raised in his article really make you consider your needs and the conditions of your system. All these questions will help you evaluate if you would use virtualization. You cannot just decide right away if you will use VTL because it could affect your system in a major way.

It is always good to look at the possibilities before arriving at some decisions like this one. It is best to do a full study before you spend on it. One of the important things you also have to consider would be the people who would be in charge of this project in your company. Who will be the ones in charge of the study and the follow up in case you do push through with it. Your data will be at stake so it is better to be safe than sorry.

Tags: Backups, Physical Security, Storage, Tips

Categories: Backups, Physical Security, Storage, Tips

Leave a Comment

Living at home means that you have to share your computer with other people. In some companies, people also share workstations in case that they have different work shifts. In any case, it is important for you to make sure that your files are safe. Especially those that you use for work and those that contain confidential information.

Here are some tips for you:

• Make sure you are using a password that is not easy to guess.
  If people know you well enough, they could probably figure out what password you will use. People tend to use passwords based on words, names and dates that important to them. Examples are pets‘ names and anniversaries. If you do this, chances are those who know you will be able to log in your computer using your account. Try changing your passwords every so often and make sure that they will be easy for you to remember but difficult to guess. Think of some cipher for it.
• Set permissions on your files and directories.
  You could set that your files and directories will only be accessible to you. Do a chmod on them. Then again, whoever has root access will be able to get through. Maybe it would be easy for you to do this if you are the one with root access.
• Protect your files with passwords.
  Although not everyone agrees with this, some people do this for their own sake. They feel better to have password protected files. A drawback, of course, is that if it has a difficult password to remember, you might as well have deleted your files.
• Log out of your account or profile.
  If you have set your file permissions that you are the only one who can view, edit and execute the files, it will be pointless if you don’t log out. When you are the one who is still logged on, you leave your entire session open for intrusion.

Hopefully these tips have helped you deal with some of your dilemmas with regards to sharing your computer with other users.

Tags: computers, General, IT Security Basics, omputers, people, Privacy-&-Anonymity, Real-World Issues, security, Tips

Categories: General, IT Security Basics, Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

I have become more active on Tweeter in the past months, mainly due to a self-imposed Facebook hiatus. I just found Facebook to be so tiresome and irritating (not just the platform but the people using it). I have had my Twitter account for many years now but I rarely use it. Now that I have been using it a lot, though, I realized that it is NOT exempt from spam.

What am I talking about?

Direct message spam. This is one of the most common things I get. I receive DMs from people I don’t know.

Retweets. I love how you can retweet messages on Twitter but sometimes, they just clutter up my timelines! What’s even worse is that I am not even interested in what some people retweet.

Tweets from those I follow. Yep, they can inundate my timeline as well.

The bottom line here is to KNOW who you follow and who follows you. Every single day, I get “follow” e-mails and many times, I have no idea who they are. Now I know better than to follow people I don’t really know. Once, I even got a “The Real Carrie Underwood is now following you” e-mail. Guess what? It wasn’t the real Carrie Underwood.

More so, disable the autofollow feature. This doesn’t make sense as you get all sorts of followers trying to fish for their own followers. Again, filter those you follow.

Another thing you can do is go to this link: http://twitter.com/spam. They have some practical and useful tips that can help you address Twitter spam issues.

Tags: social media, spam, Twitter

Categories: Tips

Leave a Comment

Viruses and malware issues are far from being a thing of the past. On the contrary, they seem to grow large by numbers as each day passes. Thus the works of security software companies have their work cut out for them. There is not definite date to which such threats and intrusions would wholly be resolved.

For the time being, it would be advisable for people to scan third party storage devices such as diskettes, USB drives and mobile storages to be safe and sound. These wandering viruses can attack at any time and this is a fact anywhere computer related materials are concerned.

Files can go as far as infecting the executable files, hence document, excel and compiled scripts are baits for immediate infection and malicious intrusions. Software applications also have their limits as their development teams cater only to a specific genre for known harmful files. But it is better to lower the risk of intrusion than not having protection at all.

[tags]scan, spyware, virus, infections, spyware, malware, trojans[/tags]

Tags: infections, Malware, scan, Spyware, trojans, virus

Categories: Backups, IT Security Basics, Malware, Network Security, Operating Systems, Programming, Real-World Issues, Security Policies, Spyware, Storage, Tips, Wireless Security

Comments Off

If there is one thing that a lot of people do but deny doing so, it is buying fake software. This is actually understandable if you think about it. Licensed software is just so expensive and with the way things are going financially right now, people are always looking for ways to save a dime here and there. And if you buy unlicensed software, you will definitely save more than a dime!

Then again, if you are talking about security software, I do not really think that it is such a good idea to buy fake software. After all, you are talking about staying safe here, and who knows where all that fake software comes from?

Microsoft has actually issued statements regarding fake security software. Naturally, many will be skeptical about the statements – it is from the largest software company in the world. Of course they will tell you to stay away from fake products, right?

But they do have a very valid point, one which we will all benefit from. Canada.com has a report on this:

Fake computer security software, created by cyber criminals as smokescreens for viruses, is the No. 1 threat to computer security in Canada, software giant Microsoft said Wednesday in its latest biannual security report.

And experts blame hackers for playing on people’s fears of infectious malicious software, such as the Conficker worm.

According to Microsoft’s report, rogue security software, also called scareware, was found in 5.9 million computers, a rise of 66 per cent in the last six months.

What should you do? Make sure you are buying 100% legit software.

“If you see a message pop up (from a website) no matter how dire it is don’t click on it because almost 100 per cent of the time that message is a fake message,” said Mohammad Akif.

“Norton, Symatec, Microsoft — none of these companies sell their software this way.”

Sounds like a plan to me!

Categories: General, IT Security Basics, Malware, Spyware, Tips

Leave a Comment

And the joke will be on whom? It is not a good joke, actually. In fact, if it indeed happens, it will be one of the worst jokes in cyber security. The Conficker worm has been the subject of many discussions and the target of many security experts’ attention; and rightly so. This worm has infected millions and millions of machines worldwide and has proved to be a headache.

Now, the rumor is that on April’s Fools Day of this year, the third version of the worm will be activated. Those behind the worm designed the first two versions to spread like wildfire. According to experts, those two versions are nothing compared to the third one, 32.Downadup.C, which is supposed to “solidify its position.”

The good news is that the first two versions of the Conficker worm have been thoroughly scrutinized and reverse engineered by security experts. These activities have given them an understanding of how the worm works. The bad news is that the creators of the virus know this, and they will definitely work on creating a “better” version this time around.

Experts say that while the first two versions are able to contact 32 web addresses out of 250 per attempt, the third version could probably generate about 500 domains. More so, the activation of the third version will mean that computers that are already infected can connect to each other AND receive updates of the worm. Worse, the third version will probably be able to fight off security bots. This is more than enough reason to be ultra careful come April 1.

Photo from http://nuevayolblog.net/wp-content/uploads/2009/02/conficker.png

Categories: Malware, Real-World Issues, Tips

Leave a Comment