Fuzz testing may sound like a term far removed from the IT world, but fuzzing is a good way of discovering weaknesses in a network, application or server before others do. Fuzzing involves bombarding a program with randomly generated data to see if it’ll withstand the overload. If it fails, either by crashing or not executing a specific code, then there’s a defect you need to find and correct. Hackers can use fuzzing to find what bugs exist in an application, for example, a web browser, and then create specific code to exploit the application’s weaknesses. But if these bugs are discovered before they can be exploited then a way can be found to fix these exploitable bugs.

Testers can use fuzz testing to find out if the current software being used have easily exploitable vulnerabilities. It is probably the closest approximate to a real-world situation when data coming into a system or application doesn’t always follow validation rules. While fuzzing, testers keep a record of all the data they create, so it’s easy can keep track of what specifically caused any errors. It’s also relatively cheap to perform fuzz testing, and it can be used to compare the security of different programs and operating systems. Open source fuzzing tools and tests for different applications and systems are now available online. Though fuzzing doesn’t guarantee to find every error-producing event and bug that can occur on your system, it does give an idea of where intruders might try to attack. Errors like buffer overruns and attacks on cross-site scripting can be prevented by fuzz testing.

[tags]fuzzing,bugs,buffers,phishing,pharming,software,errors,intruders[/tags]

Tags: buffers, bugs, errors, fuzzing, intruders, IT Security Basics, pharming, phishing, software, Tips

Categories: IT Security Basics, Tips

Comments Off

Chances are that when you open your inbox today you’ll find an e-mail claiming to be from your bank, an e-commerce site, or another online site you’ve visited. They might offer you an upgrade to your account, inform you that there’s been changes to their, and asks you to verify your account information. This could be a phishing attempt to get sensitive information like your personal information or passwords. Fortunately, you can avoid getting scammed by taking these precautions:

• Be suspicious of any email with urgent requests for personal financial information. Phishers are getting more sophisticated in their attempts, so even if an e-mail appears to be legitimate, look for proof that it came from your e-commerce company. They should be personalized and carry information that only you and your company would know. They might show partial account numbers or other verification tools.
• Use anti-virus software and a firewall, and keep them up to date. Phishers sometimes include script that can track your activities on the internet without your knowledge.
• Never use the links in an e-mail to go to any webpage. Phishers will redirect you to a bogus site to trick you into logging in your account number and password. Log onto the website by typing in the web address to your browser. At the same time, never call any numbers in the e-mail. It could lead you to a VoIP provider that isn’t connected to your company at all.
• Never fill out forms in e-mail messages asking for your personal financial information. Your e-commerce company would never ask you to send sensitive information in that manner.
• Check your bank, credit, and debit card statements regularly to see if all your transactions are legitimate. Report any suspicious withdrawals immediately.
• Finally, report the phishing attempt you received to your company and other anti-phishing groups.

[tags]phishing,spam,spoof emails,indentity theft,pharming,spam filtering[/tags]

Tags: General, identity-theft, pharming, phishing, Privacy-&-Anonymity, Real-World Issues, spam, spam-filtering, spoof-emails, Tips

Categories: General, Privacy & Anonymity, Real-World Issues, Tips

Comments Off

Are you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Tags: e-commerce, IT Security Basics, online-security, Operating Systems, passwords, phishing, Security Policies, Tips

Categories: IT Security Basics, Security Policies, Tips

Comments Off

There are different ways of creating passwords for your computer and online accounts. It seems like these days, the usual six characters as length of passwords is not enough. There are sites that when you sign up and you give your desired password, they will let you know whether or not your password is strong. Most of the sites that have it even point out that it is better to have characters that are more than six characters long. For another, they usually recommend that you have numbers and letters in your password. Mixing up uppercase characters along with it is also recommended. Sounds tough, right? Because the the passwords would seem random or something like it.

Here are some tips from different people so that you could have more secure passwords that you could easily remember:
1. Use two words with six characters each.
If you have two words, you have a twelve character long password. But here’s the clincher. You have to make some funky code that you would be replacing some of the letters with numbers. So it could be that every two letter you could replace the letters with numbers that have some signifance or maybe some random numbers.
There are people would use the names of their pets and something else that is totally random and those are combined by mixing the letters, alternating each letter.
2. Use some other language and make a phrase. Then turn it into leet speak.
It is similar to the first suggestion. However this takes it a step further because it will involve other countries’ languages. It is as if you are writing code indeed.
3. Have around three sets of passwords.
Rotate among these three passwords that you have. And change your passwords every so often. At least this makes it more difficult for others to find you your passwords.

Tags: IT Security Basics, Tips

Categories: IT Security Basics, Tips

Leave a Comment

Blogs are popularly being read on RSS aggregators these days. That or via Atom feeds and recently, it has been said that attackers could use Javascript to take advantage of this. According to an article on USA Today, this could be any kind of information as long as it is in this format. In the said article, you could also find out the list of vulnerable readers: Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader.

This kind of news is actually not so new. Mark Pilgrim was one of the bloggers who has written about this before. He even set up an experiment of sorts, wherein subscribers to his blog feed saw a screen full of platypi. He has mentioned in his blog entry that the difficulty with RSS is that there is a lot of arbitrary HTML and it could include Javascript — it could be malicious Javascript as designed by some attackers. Mark Pilgrim even listen down the elements that should be stripped off by RSS readers, just to be safe:
script tags, embed tags, object tags, frameset tags, iframe tags, meta tags, link tags, style tags, style attributes from every tag.

If you are always subscribing to different blogs, forums and mailing lists through RSS, you should be careful about it. If there are comments RSS, you could also take precautionary measures by not subscribing to it. It is possible to get attacked through the RSS of comments. Aside from that, if you have set up your own personal aggregator, make sure that you have a ‘smart’ aggregator which strips off the said tags. If you have an aggregator on your computer, check if it is vulnerable. Maybe you could install something else that isn’t prone to attacks via RSS. It is better to be secure after all.

Tags: IT Security Basics, Malware, News, Tips

Categories: IT Security Basics, Malware, News, Tips

Leave a Comment

Phishing over the web can be typified with that of trying to get personal information for mischievous use. Receiving unsolicited emails coming from unknown origins which would make you believe that you have won something in a lottery or a sweepstakes contest are the common forms of phishing.

The people who send you these emails are merely after your personal information. They would get information such as credit card numbers, bank accounts, and other useful information to which they can use over the web, an open space of being able to transact with a lot of security breaches that most people know today.

Some would even provide links to certain pages which are professionally done, all the more deceiving a person that the offer is for real. But the next time you get such e-mails from an unknown source, all you have to do is just think about it for a second. How can you get such mails from someone or something that you don’t even remember joining? The rest is history.

Tags: deception, e-mails, phishing, spam, web-extortion, web-swindling

Categories: IT Security Basics, Privacy & Anonymity, Tips

Comments Off

Among the features that most mobile phones have today is that of features that include the Bluetooth and Infrared connectivity as a means of wireless connections. While such advancements has made it easier for people to transfer files such as images and sounds from one phone to another, it also becomes a loophole to allow viruses to infect the operating system of mobile phones today.

Worms such as Cabir, have become the onslaught of rampant mobile phone intrusions, something that uses the Bluetooth connectivity as a means of infecting mobile phones of today. Once they get through, malfunctions and error messages are sure to ensue, making it a need for the software systems of mobile phones of today to be either formatted or disinfected with available anti-virus and worm removers such as Panda Software.

Inconvenient as it may seem, it is advisable for mobile phone owners to refrain from activating their Bluetooth connections to avoid such infections and untoward intrusions at any time.

Tags: bluetooth, cabir, connectivity, viruses, worms

Categories: IT Security Basics, Malware, Operating Systems, Real-World Issues, Spyware, Tips, Wireless Security

Comments Off

Greg Schulz of Computerworld shared some guidelines of tape virtualization. Tape virtualization is one of the popular topics when it come to storage. Some of the said advantages of making virtual tape libraries would include improvement of the performance of the back up, archiving and other related processes and smooth transition (from tape-based to disk-based).

Here are the ten points he raised in his article:

1. Integration of VTL in your business continuity, conditions of your site/location.
2. Storage devices to be attached to the VTL.
3. Projected storage capacity needed in the future.
4. Backup, archiving, etc. software supported.
5. Support of differencing or single-instance repository capabilities.
6. Determine if you are looking for a turnkey solution.
7. Resiliency and redundancy needed.
8. Security level needed.
9. Tape device and library emulation for your environment.
10. Necessary changes to your current setup.

The questions he raised in his article really make you consider your needs and the conditions of your system. All these questions will help you evaluate if you would use virtualization. You cannot just decide right away if you will use VTL because it could affect your system in a major way.

It is always good to look at the possibilities before arriving at some decisions like this one. It is best to do a full study before you spend on it. One of the important things you also have to consider would be the people who would be in charge of this project in your company. Who will be the ones in charge of the study and the follow up in case you do push through with it. Your data will be at stake so it is better to be safe than sorry.

Tags: Backups, Physical Security, Storage, Tips

Categories: Backups, Physical Security, Storage, Tips

Leave a Comment

Living at home means that you have to share your computer with other people. In some companies, people also share workstations in case that they have different work shifts. In any case, it is important for you to make sure that your files are safe. Especially those that you use for work and those that contain confidential information.

Here are some tips for you:

• Make sure you are using a password that is not easy to guess.
  If people know you well enough, they could probably figure out what password you will use. People tend to use passwords based on words, names and dates that important to them. Examples are pets‘ names and anniversaries. If you do this, chances are those who know you will be able to log in your computer using your account. Try changing your passwords every so often and make sure that they will be easy for you to remember but difficult to guess. Think of some cipher for it.
• Set permissions on your files and directories.
  You could set that your files and directories will only be accessible to you. Do a chmod on them. Then again, whoever has root access will be able to get through. Maybe it would be easy for you to do this if you are the one with root access.
• Protect your files with passwords.
  Although not everyone agrees with this, some people do this for their own sake. They feel better to have password protected files. A drawback, of course, is that if it has a difficult password to remember, you might as well have deleted your files.
• Log out of your account or profile.
  If you have set your file permissions that you are the only one who can view, edit and execute the files, it will be pointless if you don’t log out. When you are the one who is still logged on, you leave your entire session open for intrusion.

Hopefully these tips have helped you deal with some of your dilemmas with regards to sharing your computer with other users.

Tags: computers, General, IT Security Basics, omputers, people, Privacy-&-Anonymity, Real-World Issues, security, Tips

Categories: General, IT Security Basics, Privacy & Anonymity, Real-World Issues, Tips

Leave a Comment

I have become more active on Tweeter in the past months, mainly due to a self-imposed Facebook hiatus. I just found Facebook to be so tiresome and irritating (not just the platform but the people using it). I have had my Twitter account for many years now but I rarely use it. Now that I have been using it a lot, though, I realized that it is NOT exempt from spam.

What am I talking about?

Direct message spam. This is one of the most common things I get. I receive DMs from people I don’t know.

Retweets. I love how you can retweet messages on Twitter but sometimes, they just clutter up my timelines! What’s even worse is that I am not even interested in what some people retweet.

Tweets from those I follow. Yep, they can inundate my timeline as well.

The bottom line here is to KNOW who you follow and who follows you. Every single day, I get “follow” e-mails and many times, I have no idea who they are. Now I know better than to follow people I don’t really know. Once, I even got a “The Real Carrie Underwood is now following you” e-mail. Guess what? It wasn’t the real Carrie Underwood.

More so, disable the autofollow feature. This doesn’t make sense as you get all sorts of followers trying to fish for their own followers. Again, filter those you follow.

Another thing you can do is go to this link: http://twitter.com/spam. They have some practical and useful tips that can help you address Twitter spam issues.

Tags: social media, spam, Twitter

Categories: Tips

Leave a Comment