Windows Fanatics
Lockergnome
Home

Archive for the 'Security' Category

Cleaning Malware On Windows: A Lesson By Mark Russinovich

Thursday, April 10th, 2008

Mark Russinovich, a Microsoft Technical Fellow, presented a very good session at the TechEd IT Forum last year on the topic of advanced eradication of malware on Windows machines. It’s a great session and has some useful advanced techniques for removal. It is also a very good resource for those who want to better understand how malware infects and what some of the risks are. Lots of practical information and how-tos in this one.

Fortunately, the session was recorded and is available online for anyone who wants to see it. If viruses and malware are a part of your job or if this type of security topic is of interest to you, it’s an hour and twelve minutes well-spent. I went looking for this session online hoping to find the PowerPoint and found the whole session with video and demo and everything — terrific stuff.

Top 5 Tips For Upgrading To WPA2 Security

Monday, April 7th, 2008

Gnomie John writes:

Why upgrade? Chances are you have bought something online with a credit card, used internet banking, or dealt with confidential information on your computer. If you use a wireless router with anything less than WPA2 encryption, your information may not be as secure as you think.

“WPA2 security is definitely worth the modest amount of effort required to set it up. The original WPA security standard can be cracked with relative ease unless you use a passphrase that is longer than 20 characters and is not merely composed of words that can be found in a dictionary.” [Quote from the PC World article: Wireless Tips: Your Wireless Network Needs a Security Update]

  1. Check current devices for compatibility. Your router and wireless network card may already support WPA2; Google your devices and find out. If they do, download the latest drivers for your wireless network card and update the firmware on your wireless router (very easy to do, but follow the manufacturer’s instructions carefully).

    If your devices don’t support WPA2, and the security of the information transferred over your network is important to you, consider buying a wireless network card and router that support WPA2. Most recent wireless devices have WPA2 as standard.

  2. Download the WPA2 Hotfix for Windows XP. This threw me when I was setting up my network. You need to download this hotfix or WPA2 will not work. It’s that simple. The hotfix is #KB893357 available from the Microsoft Web site.
  3. Set a strong password for both network key and wireless router. What’s the point of all this if you set a one word password? So make it greater than 20 characters, consisting of numbers, uppercase and lowercase letters, and obscure characters such as @ and &. Randomize it — be creative. Get your pets to walk on your keyboard. Just don’t be predictable. Pretend you’re Jack Bauer and this is a matter of national security.
  4. Don’t bother with MAC filtering or Hide SSID. They add little or nothing to your security. Unless you have a specific reason for doing so, activating them generally only makes your life more stressful.
  5. Use TKIP & AES encryption when selecting the encryption settings on your wireless router and on your computer; select WPA2-Personal with TKIP & AES encryption. This is a very high level of security for today’s standards.

HOT TIP: WPA2 Personal is the one to use unless you run a large enterprise.

BONUS TIP: Use the Windows Wireless Assistant built into Windows rather than the one your wireless network card came with. It generally works with less conflict and generally uses less system resources. It’s one less “Yet Another Program That Wants To Load At Startup.”

Top 5 Anti-Viruses

Tuesday, March 25th, 2008

Gnomie fendabenda writes in with his top 5 favorite anti-viruses:

  1. Kaspersky Anti-Virus Personal
    Kaspersky Anti-Virus Personal offers excellent anti-virus protection, perhaps unsurpassed in its ability to unpack and scan compressed files — something that trips up a lot of other vendors. Should be used in conjunction with a firewall.

  2. BitDefender Antivirus Plus
    Softwin’s BitDefender Professional protects against viruses, spyware, and instant messaging threats, as well as offering firewall rules to block undesirable traffic and a privacy gateway to keep your identity and preferences private while surfing the Internet.

  3. McAfee VirusScan Plus
    McAfee VirusScan Plus is an ideal candidate for those seeking an anti-virus/firewall combination without all the bloat of traditional Internet security suites. McAfee VirusScan Plus makes an easy job of removing adware and spyware, something not all anti-virus products deliver.

  4. Eset Nod32
    Nod32 features a small footprint, low performance hit, and fast scan speeds, providing focused virus protection ideal for gamers or those with an older PC. Should be used in conjunction with a firewall. This is also a very nice anti-virus for computer experts, and nerds like Chris himself :) As it provides more use for those smarter few of us that want more features and need more protection.

  5. Panda Antivirus 2007
    Panda Antivirus 2007 combines anti-virus, anti-spyware, and anti-phishing with its highly touted behavior-based TruPrevent Technology. License covers use on two computers and includes free tech support via email (telephone support options are also available).

New Free Wireless Network Security Scan

Wednesday, March 12th, 2008

Pure Networks, a leading provider of networking software, has debuted its new Pure Networks Security Scan tool. The online free wireless network security scan lets anyone quickly check for security issues on their individual computers and their wireless networks. The tool is ideal for home users, as well as those in small office/home office (SOHO) environments, providing a quick assessment of potential network security problems.

The easy-to-use tool checks a user’s network for potential issues and vulnerabilities and then provides a “score card” with detailed self-help information about how to fix wireless network security problems that are network related and security problems that are computer specific.

According to Jeff Erwin, CEO of Pure Networks, “Consumers are becoming more aware of the need for security and protection, but they often select tools that merely diagnose one computer, rather than an entire network. This can leave them unknowingly vulnerable. As experts in network security, Pure Networks understands that most users don’t have the time, inclination or often the knowledge to manage and secure their home or small office networks. Similarly, having a separate tool for network security and computer security is a hassle. To address this issue, we created a free tool that gives everyday computer users the ability to better understand the security on their PCs, the security of their networks, and what they need to do to address risk areas.”

Examples of the vulnerabilities Pure Networks Security Scan checks for include:

  • Unknown computers or devices on the network
  • Use of a default password for the wireless network router
  • Changed or opened ports on the wireless network router
  • Manipulated settings that redirect to malicious Web sites
  • Up-to-date antivirus software

You Might Get A Call From The FBI (But Confirm It’s Really The FBI)

Thursday, June 14th, 2007

The FBI is contacting more than one million computer owners and operators whose computers have been victimized and taken over by fraudsters and other criminals who have installed “bots” which they then use to launch distributed criminal computer attacks and fraud scams.

“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. “An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”

So, if the FBI calls, you might want to cooperate. But - exercise some common sense and a little caution: if you get a call or contact, be sure to confirm it’s actually the FBI. The classic technique used by scammers is to take commonly used communication methods and closely mirror or duplicate them in order to make you think you’re providing sensitive data to a legitimate business or agency, when in fact it’s the bad guy in disguise. So verify, verify, verify.

The FBI press release is here. Snipped from the press release, an important warning about being wary of potential malicious information requests:

“The FBI will not contact you online and request your personal information so be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center, www.ic3.gov.”

Tags: , ,

More Norton Malarkey

Thursday, April 19th, 2007

Gnomie Ken Goldstein of Computer-Aided Technologies International, Inc. writes:

Aloha, Chris:

I just read the blog on the other poor sap who got burned by Symantec, and that prompted me to drop you a note.

My company had (not “has”) been a Symantec reseller since the early DOS days, 1986 to be exact. When Peter Norton was at the helm, I could expect almost real-time response to any problems with his software, via his toll-free number. But today, Symantec just isn’t worth the trouble to deal with.

I should first mention that I first started using computers in 1959, have my doctorate in Systems Engineering, and hold various professional certifications like MCSE and CNE. The major Symantec problems started arising with Norton AntiVirus 2005. As a computer consultant, I had always advised my clients to keep the latest version of NAV on their computers, usually through a suite like Norton SystemWorks, but after the first dozen panicked calls, I wasn’t blind enough to miss the pattern.

As I had not upgraded my own copy of NAV from 2004 at that point, I took one of my in-house computers (a Pentium 4 running Windows 2000 Pro) that was running perfectly with NAV 2004, and imaged it using Ghost. I then carefully followed every instruction that came with NAV 2005 and installed the upgrade. After several reboots, I found that the CPU usage was averaging 72 percent without anything else running. I then started in Safe Mode, where the CPU usage dropped all the way down to 70 percent. Hmm, big problem there.

I ran MSCONFIG, and double-checked that nothing unusual had been installed by NAV - nope, nothing at all. Just for grins, I did the same procedure on an old Pentium III laptop, but stopped when the CPU usage refused to go below 99 percent no matter what I tried. I decided to place a call to Symantec reseller technical support, and shouldn’t have been surprised when I eventually got a voice prompt to leave my company name and the reason for my call, as they were “experiencing high call volumes.” I waited for a few days, but after no response, I e-mailed a Symantec technician who I knew, gave her a brief explanation, and asked for a quick return call. Hoo-boy! Did that open the gates of hell!!

Within an hour, I got a call back from a person identifying himself as Symantec’s Director of Quality Control. But Mr. QC wasn’t calling to help solve my problem, oh, no - he was calling to tell me how uneducated I was, how my equipment must be completely faulty, and how I probably hadn’t even installed my operating system correctly or bathed lately. Being a martial arts instructor, Chris, I was torn between ripping him a new orifice (verbally or physically, his choice), or trying to get a word in edgewise. He finally ran out of vituperative phrases, and I asked him whether anyone else was having the same problems. He screamed that all the resellers he had spoken with so far were all as uneducated, etc. as I was, and slammed down the phone.

I guess I got my answer.

So I reinstalled everything on my P4 using the Ghost image, and found the CPU usage was down to its normal and expected 2-3%, running happily with NAV 2004. I then called back the dozen clients who had followed my recommendation to install the latest NAV, and told them that I would be happy to come by and remove all traces of Symantec products at no charge, and to install the free version of GriSoft’s AVG until we could decide on a permanent anti-virus solution.

You probably won’t be surprised, Chris, when I tell you that Symantec didn’t renew my master reseller contract, will you? Or how little I cared. Keep up the good work.

Tags: , ,

Using Online File Backup Services?

Thursday, April 12th, 2007

There is one major problem with most computer backup procedures. Usually after a backup is made, all of the information and data stays in the same place as it always was. However, there are many disasters that could befall your data and computer that make it worthwhile to look into online backups as a precautionary measure. Online data backups will allow you to save a copy of your file or files in a hard drive that cannot be destroyed at the same time as your computer. This way, even if you experience theft or a natural disaster such as a fire or flood you will still have your data.

Is it safe? Many people are a little bit unsure of putting their data online. After all, if the information can be accessed by them from any computer, doesn’t that mean that the data can be accessed by everybody? Yes and no. While it is theoretically possible for a different person to get into your data as it is stored through an online data backup, the chances of this actually happening are slim to none as long as you’re using a reputable service.

You also have the option of doing something on your end to make sure that the data stays secure. If you can get your hands on any backup software that can encrypt the data, then you should do this. Encrypted data cannot be stolen without considerable effort. Just make sure that you remember what program you used to encrypt it in the first place.

Are online backups easy to use? Yes! Online data backup services generally only require that you upload the files that you want saved. Then, the files are saved for you, and that’s it! As you can imagine, online data backup services are becoming more and more widespread. You should also be able to access your online data backup from anywhere in the world. While I do not recommend using this as your only form of data backup I highly recommend using an online data back solution as part of a holistic approach to data security.

How fast are they? This is going to depend by and large on the type of Internet connection that you have. If you are still going online with a dialup connection, then you should not look into this type of data backup. It will just take far too long to get your backup done, and during that time, you could easily have just put all the files onto DVDs and give them to a friend for safekeeping. If you have a high-speed internet connection - either cable or DSL, then you’re in luck and this will not be a problem at all. Just log in, get an account, and upload to your heart’s content.

How much space will you have? This is going to depend on the backup service that you choose in the end. However, most of the spaces available range between about 100MB and several GB of space with most of them offering at least 1GB of storage space to get started with.

Online data backups are going to become an absolute necessity for the smart computer owner. I wouldn’t live without one and use mine every single day at the very least.

[Niall Roche]

Finding a reliable online data backup service doesn’t need to be a nightmare. Check out BackupAdvice.com today for more information and advice.

Tags: , ,

External Hard Drives To Keep Your Data Safe

Monday, April 9th, 2007

If you want to keep your data completely safe, you should look into types of data backup that do not require constant power supplies. While discs such as CDs and DVDs are a good way to make a smaller, permanent backup, external hard drives are another great way to back up your data safely. Just make sure that the drives do not stay connected to your computer and on - otherwise they’ll be as at risk as your normal internal drives. You don’t want your backup to be damaged in the same disaster that takes out your computer!

External hard drives are not actually new technology. In fact, these drives work in much the same way as a normal hard drive. Before external drives were affordable, there are some computer users who made external drives by setting internal drives into an outer casing. These worked fairly well, but they did not stand up to being moved around as much.

Over the last several years, external drives have become affordable, small, and easy to use. There are even some compact USB hard drives that can fit in a pocket. These drives are also much faster than they used to be, something that is being helped by the switch from serial and parallel connections to USB and FireWire.

How much data can an external hard drive store? Most external hard drives are about the same size as a normal hard disk inside of your computer. In fact, one of the smallest capacities is just 60GB. However, there are many other disk sizes available at this point in time. Recently, external hard drives with as much as 1000GB of space have begun to appear on the market. It won’t be long before we move into true Terabyte territory. These huge storage capacities are the main reason why external hard drives are rapidly becoming the most popular form of computer backup for the normal computer user.

If you do not want to pick and choose through the files on your computer to determine which ones you want to save, don’t worry! Most of the hard drives will come with a CD that has drivers and some basic backup software on it. In most cases all you have to do is install the software, plug in the drive, and click “backup” and the software takes care of protecting your email, My Documents folder and all the most commonly backed up items.

Once again, if you are using an external hard disk for computer backup, do not leave the external drive connected to your computer. Additionally, you should also have more than one backup of your important information. You can do this by using an online backup service, or by burning your most important files to a DVD or five.

The best hard drives out there are going to be the ones built by major name brands. Maxtor, Iomega and Western Digital drives are known to be high quality and will last a long time. Purchasing a cheap, no-name external hard drive will save you money up front, but it is very likely that you will end up regretting it when it breaks down and you find out that your warranty is worthless

[Niall Roche]

Wanna know what the best external hard drives are? Why not visit BackupAdvice.com for more information on external hard drives and computer backups.

Tags: , , , ,

Patch Management For Home Users

Thursday, January 18th, 2007

For server administrators, patch management can be a way of life. But for most home users, patch management is a distant thought. Knowing when to patch products and how often patches need to be applied are some of the questions that most home users never think about. Knowing what to patch and when can make a difference in the security of your home computer or network.

Automating Patch Management
More and more programs are now offering auto updates of their software, applying patches every time the program needs to be updated. Although these updates don’t always mean they’re for the sake of security, a security patch may be issued along with the update. Microsoft Windows now offers Windows updates automatically. So updating Windows is easier than ever when users choose this option.

Problems with Patches
One problem with patching software is breaking other programs. This is usually only the case with updates from larger programs that other programs hang on, such as operating systems, anti-virus software, etc. Smaller programs that other programs don’t rely on are usually immune to this. During automated patch management, this may happen and you don’t realize it has happened. The problem can be combated with manual patches, but knowing when and what to patch may be a hassle for home users.

What to Patch
Any program that acts as server or accesses the Internet is a potential avenue for attack. These programs need to be patched if a patch is available. Smaller programs that don’t access the Internet or don’t have any real threat outside the current working environment may not need to be patched, as most of these programs will not have patches available. Programs like email, Internet Explorer, Firefox, etc. need to be patched if a patch is available. These programs that access the Internet need patches as new vulnerabilities arise for them regularly.

Smaller programs like Solitaire or Notepad that don’t have Internet access will not need to be updated, although they may be updated when another patch is available for larger programs such as an operating system patch. Usually when this happens, the patch is to fix a problem with the larger program breaking the smaller program.

When to Patch?
It’s a good idea to check for patches to your software products at least once per month. If you use your computer on a daily basis, or the computer stays online constantly, such as with high speed connections, you may need to opt for a stricter schedule on patches, such as weekly or bi-weekly. Of course, using automated patch management software can eliminate the need for such time consuming tasks.

As mentioned, automating patch management can save much time and energy. Check with your software vendor for information on when patches are usually available. Also check if the program offers automatic updates to its software. This mundane task can be handled with little user intervention and may be possible to run at times when the computer is idle or late at night when it is not in use and doesn’t restrict your browsing bandwidth.

So keep your programs running smoothly and updated often. Remember the saying: “An ounce of prevention is worth a pound of cure.” This applies to computer security and patch management also. Don’t let your program cause problems just because you forgot to install the latest patch. You’ll be glad you did.

Jake Forrester writes security related articles for SX Security Computer and Network Security.

Article Source: Ezine Articles

Tags: , , , ,

There’s A Safer Way To Surf The Internet

Tuesday, January 16th, 2007

Almost everyone in the world has access to the Internet. If you don’t have Internet access at your home, you can get it at the library or a cyber cafe. The Internet has opened up a whole new world for people to communicate and to educate themselves. As the popularity of the Internet has increased, so have the number of attacks and exploits ran on your system. What do you do? Let’s discuss this, shall we?

Almost every computer is purchased with the default Microsoft browser, Internet Explorer. Internet Explorer works great if you’re not concerned with vulnerabilities and exploits. Since the majority of Internet users rely on Internet Explorer as their default Internet broswer this is what most of the attackers hit. Internet Explorer has competition. Did you know this? Well, they do!

Firefox, Opera, and Safari have come into the mix with safer and more dependable browsers. I have never used Opera or Safari, but I can sit at my desk and tell you that Firefox is the best thing to ever happen to the Internet!

What’s so great about it? Well, first of all it’s free. There is no charge in downloading the actual browser. Firefox blocks spyware, adware, and it blocks virus attempts. There is no way for the Firefox browser to download something without your approval. With Internet Explorer, you don’t really have this option. Internet Explorer relies on ActiveX. ActiveX is not built in with Firefox and therefore your computer is safer.

Firefox offers extensions and themes to modify the advanced browser any way you wish. You can download items that will accelerate download speeds, stop java script, virus scan on links, download embedded videos into your desktop, offer weather forecasts in your browser, and the list goes on and on. In the default version you can clear cookies, cache, sessions, and passwords without ever leaving Firefox.

With themes you can customize your browser to look the way you wish. For Halloween, you can have your buttons decorated as pumpkins and other Halloween flare. Firefox is a creative design and it’s Open Source. That means you can take the browser and design your own extensions if you wish.

Make the switch today or at least try it out. You’ll wonder how you ever surfed the net without it!

Jeffery S. Miller is the author of Higgins: An American Story and The Ballad of J.D. Higgins. Miller is an avid Firefox user and hasn’t regretted the switch from Internet Explorer. Browse the Net with confidence! The author is not getting paid for this endorsement. He actually believes in the product. Feel free to visit the author’s site here.

Article Source: Ezine Articles

Psychological Internet Security: Drawing A Spider To The Web

Monday, January 15th, 2007

Even if everyone knew exactly what they wanted and where to get it on the Internet, they would not be safe from this. While anti-virus solutions and computer protection software are evolving to identify these scams, many are still evading Internet security solutions. These scams can affect everyone and can be summed up in one word: Pharming.

While you have probably heard about pharming as well as the dangers that come from surfing to sites containing pornography, warez (illegal downloads) and other underground-related sites, pharming can virtually affect any topic of any industry. As long as sensitive information can be extracted from you, pharming scams will be developed. After all, people can act like lemmings on the Internet; one by one, they will stumble into the pharming scam and do exactly what the scam artists want them to do.

So you’re probably wondering what pharming is and how it can compromise your computer protection and Internet security. Simply put, it is like an evolved form of phishing. Instead of the scam artists trying to convince you to visit a fraudulent site, they just build tons of fraudulent sites and let you visit them through redirection tactics. While the details of these redirection tactics are beyond the scope of this article, it is important to know that financially-related Web sites are the primary targets of pharming scams.

As you can understand, it is extremely difficult to identify pharming scams because you have no idea when you visit one. But is this really the case? For many, the warnings literally pop up in front of their eyes, but they have simply trained themselves to ignore the computer protection and Internet security signs. The question is, are you one of these people?

Answer this: have you ever browsed to a place where you are greeted with an Internet security warning stating you just entered a site with an unsigned certificate? If you have, did you simply agree to view the site and not even bother to wonder why there was an unsigned certificate Internet security warning? Well, that warning box could mean the loss of your identity if you are not careful enough. For scammers to set up these pharming Web sites, they try to duplicate every aspect of the real site as possible, including the certificates. If you ignore these unsigned certificate warnings and enter your personal information, you literally send it all to the scammers.

To help identify these scams, click File > Properties in your browser and make sure the Web site is an actual domain name instead of an IP address. Simply looking at the address bar of a pharming site is not enough, for scammers have ways to cloak it. Also, make sure that yellow lock is in the bottom right-hand corner of your browser window. That lock signifies SSL, which means your information is being transferred over a securely encrypted channel.

When it comes to additional computer protection and Internet security, grab a free legitimate anti-phishing toolbar. Also make sure to install the most current updates for your anti-virus software.

In the end, remember Internet security and computer protection means using common sense and judgment when surfing the Web. For any sites that require you to enter personal information, make sure you analyze the Web site like discussed above. In spending the additional time it takes to do this, you will dramatically increase your computer protection and online security, all without spending a penny.

Josh George has been an active member in the computer security and Internet security community since 1998. He has made many presentations to groups that involved members from the FBI, DoD, and NSA and hopes to now help personal and small business users. To learn more about computer security and Internet security, the link below provides time-tested best practices and recommended tools: Computer Protection.

Article Source: Ezine Articles

Tags: , , , , ,

Enslaving The Airwaves: The Repercussions Of Insecure Wireless Networks

Tuesday, January 9th, 2007

There is no doubt that wireless technology has evolved the way we communicate. With the popular 2.4 GHz frequency being unlicensed and inexpensive, people all around the world have been able to do things that were nothing short of impossible in the past. While this may be the case, the same also applies to hackers; wireless technologies have allowed them to not only penetrate the impenetrable, but also break into personal networks with blazing speed (as in minutes and even seconds if the wireless network’s access point [AP] is completely insecure).

So what can happen if someone breaks into your network? Well for starters, it acts as a gateway for hackers to break into your system. On top of that, they can install sniffers (which allow them to steal such things as passwords and other sensitive information), adware, spyware, trojans, viruses, worms, backdoors, rootkits, and other malware as well as pursue wireless jamming attacks, encryption attacks, DoS attacks, and other various attacks. In short, given enough time, the sky is the limit on what a hacker could do when they get inside your AP.

At this point, many may say to themselves “Well, I have nothing of value on my computer, so I don’t care if they hack into it”. This couldn’t be any farther from the truth. If hackers compromise your computer, they’ll turn it into something called a “zombie” (in other words, their slave), which will do anything the hacker wants it to. This could be anything from helping crack (or decipher) passwords, to breaking into Web sites, to even breaking into other computers.

Here’s the kicker: if the hacker uses your computer to break into something and gets caught, guess who faces the consequences? Well, it was your computer that did the attacking, so it will be your fault, no matter if you knew about the attack or not. Whether it leads to fines or even jail time, you are stuck with a mess trying to prove that you are innocent, all while the hacker carries on with his life and pursues more targets.

Knowing about the consequences that can come from insecure APs, there are many things you can do to prevent outsiders from trying to break in. Ideally, you’ll use a “Defense in Depth” methodology, which means setting up multiple layers of security to try and deter hackers from breaking in. Now, some of these things discussed will not really add much in the way of security, but it is additional security nonetheless. Hackers love easy targets, so every layer of security you add makes it more difficult for them to break in, and thus acts as a deterrent. That being said, use the following security measures on your personal AP:

  1. Hide your SSID broadcast. Your SSID is simply the name of your AP. Without it, hackers will not know the difference between your AP and other ones in the vicinity.
  2. Change the name of your SSID. This may not sound like much but, the name can tell a hacker a lot about your AP. Using the default name probably means you are also using the default password, which can easily be found on the Internet.
  3. Use MAC address filtering. A MAC address is simply an address burned into each wireless card. Using this filtering means that only the entered MAC addresses can access your AP.
  4. Enable Encryption. Use the WPA or WPA2 (if available) security mode as well as the AES algorithm. This makes it way more troublesome for hackers to eavesdrop your communications.
  5. Use both hardware and software firewalls. Chances are there is a firewall embedded right in your AP, so make sure it is enabled as well as firewalls on the networked computers.
  6. Keep learning about new wireless security threats. Technology keeps evolving, so it is in your best interest to research computer protection articles and other related news sources.
  7. Invest in computer security tools. While it is important to use layered security on your AP, it is even more important to do the same for your computer in case the hacker breaks through.

When it comes to wireless networks, deterrence can be one of the most powerful things working for you, providing you implement a Defense in Depth methodology like described above. With the large amount of weak and insecure AP’s that are live today, layered security will play a vital role in whether or not outsiders try to break into your wireless network. In the end, taking the time to secure your AP now could be the difference of legal repercussions or identity theft down the road.

Josh George has been an active member in the computer security and Internet security community since 1998. He has made many presentations to groups that involved members from the FBI, DoD, and NSA and hopes to now help personal and small business users. To learn more about computer security and Internet security, the link below provides time-tested best practices and recommended tools: Computer Protection.

Article Source: Ezine Articles

Tags: , , , , ,

Tips To Keep Passwords Safe

Tuesday, January 2nd, 2007

Although the Internet has made information easier to access, it has also made our personal information more vulnerable to attacks. Our lives are floating around in cyberspace for anyone to see. In order to safeguard ourselves, we live behind a password-protected world. There are different login accounts for email, chats, forums, bank accounts, newspaper subscriptions, and online dating.

The trouble is remembering our various passwords. So instead we use simple reminders like our children’s names or our birthdays. Or we keep it simple and use the same password for all our logins. Hackers know and rely on people to do this. These are a few tips to avoid becoming a victim:

Make Passwords Strong
A strong password consists of a series of case-sensitive letters and numbers and is at least eight letters long. Microsoft says passwords longer than 14 characters are ideal. Typically, the longer the password, the more difficult and time consuming it is to hack.

Don’t use anything that can be found in a dictionary. Hackers use a dictionary attack method where a hacker will literally go through the entire dictionary, English and otherwise, trying to guess a password. This method typically takes less than a day to crack.

Another common hacking method is called brute force. Brute force is more time consuming than the dictionary attack, but it’s not impossible. This method basically goes through all the possible combinations of keys on a keyboard. Ideally, the longer the password the more difficult it is to hack.

Weak passwords include addresses, family names, pet names, your high school, Social Security number, 123456, ABCDEF, or any combination thereof. Never ever leave the field plain blank. These are surefire ways to let strangers into your personal information.

Don’t Forget
One of the most common mistakes in creating a strong password is forgetting your great new password. Now, not only can hackers not get into your personal information, but neither can you.

The goal of creating passwords with letters, numbers, and punctuation is to seem as random as possible. Find something that has meaning only to you. Get creative. A suggestion is to use the first letter of phrases, song lyrics, poetry, or make up license plate sayings. For example, “Spoiled Rotten” could be changed to “5Poi1edRa10.”

After creating your password, use it immediately and frequently during the course of the day. This will help with memorization.

Don’t use your great new password for everything. Think of a new one for all login accounts. This may seem like a hassle, but this way if one account is hacked or compromised, at least the others are safe.

There is some debate as to printing or writing passwords down. It is argued that if there is a hard copy, then anyone can hack into your system. If you do decide to print a master copy, be sure to lock it in a safe to which only you have the key.

Change it Up a Little
Change passwords regularly. This means changing them once every month or two. This may seem like a hassle, but there are plenty of people in the world that would love to have access to bank codes and credit card information. Microsoft suggests changing passwords every 30 to 90 days.

Although juggling and making up passwords can be annoying and time consuming, it is the safest way to surf the Internet. There is password software available to help manage the plethora of usernames and passwords associated with our modern computer world. These programs aid in creating passwords and automatically saving information. Think of it this way: We wouldn’t leave our homes unlocked and allow strangers to come in. Why would we do that with our computers?

Resources Used
Microsoft, (March 22, 2006). Help protect your personal information with strong passwords. Retrieved June 13, 2006.

Security Stats Inc., (2000). Password Security. Retrieved June 14, 2006.

Erin Monaghan is a reviewer/writer for TopTenREVIEWS.com. TopTenREVIEWS features expert reviews for technology and entertainment products and services. The company has served over 60 million Internet visitors, has over 400,000 pages of original content and provides users with free access to in-depth product and services reviews, side-by-side feature comparisons, and industry-related news and articles.

Article Source: Ezine Articles

Tags: , , , ,

Patch Management For Home Users

Friday, December 29th, 2006

For server administrators, patch management can be a way of life. But for home users, patch management is a distant thought in most home computer users. Knowing when to patch products and how often patches need to be applied are some of the questions that most home users never think about. Knowing what to patch and when can make a difference in the security of your home computer or network.

Automating Patch Management
More and more programs are now offering auto update of their software. Applying patches every time the program needs to be updated. Although these updates don’t always mean it is for the sake of security, a security patch may be issued along with the update. Microsoft Windows now offers Windows updates automatically. So updating Windows is easier than ever when users choose this option.

Problems with Patches
One problem with patching software is breaking other programs. This is usually only the case with updates from larger programs that other programs hang on. Such as operating systems, anti-virus software, etc. Smaller programs that other programs don’t rely on are usually immune from this. During automated patch management, this may happen and you don’t realize it has happened. The problem can be combated with manual patches, but knowing when and what to patch may be a hassle for home users.

What to patch
Any program that acts as server, accesses the Internet are all avenues for attack. These programs need to be patched if one is available. Smaller programs that don’t access the Internet or don’t have any real threat outside the current working environment may not need to be patched, as most of these programs will not have patches available. Programs like email, Internet Explorer, Firefox, etc. need to be patched if one is available. These programs that access the Internet need patches as new vulnerabilities arise for these programs regularly.

Smaller programs like solitaire or notepad that don’t have Internet access will not need to be updated. Although they may be updated when another patch is available for larger programs such as an Operating System patch. Usually when this happens, the patch to fix a problem with the larger program breaks the smaller program. And a patch must be applied to it to fix potential problems.

When to Patch?
It’s a good idea to check for patches to your software products at least once per month. If you use your computer on a daily basis, or the computer stays online constantly, such as with high-speed connections, you may need to opt for a stricter schedule on patches. Such as weekly or bi-weekly. Of course, using automated patch management software can eliminate this need for such time consuming tasks.

As mentioned, automating patch management can save much time and energy. Check with your software vendor for information on when patches are usually available. And also check if the program offers automatic updates to its software. This mundane task can be handled with little user intervention and may be possible to run at times when the computer is idle or late at night when it is not in use and doesn’t restrict your browsing bandwidth.

So keep your programs running smoothly and updated often. Remember the saying, an once of prevention is worth a pound of cure. This applies to computer security and patch management also. Don’t let your program cause problems just because you forgot to install the latest patch. You’ll be glad you did.

About the Author
Jake Forrester writes security related articles for SX Security Computer and Network Security.

Tags: , , , , , ,

Don’t Let A Data Disaster Ruin Your Holiday Gift

Thursday, December 28th, 2006

This holiday season, iPods, digital cameras, and other digital media players are expected to dominate the consumer electronics holiday gift market. With iTunes selling over 1.5 billion songs so far (including 1 million videos per week) and digital camera sales expected to top the 26 million mark, there’s a lot of digital content on laptops and desktops that consumers spent significant time, energy and money choosing, purchasing, capturing, downloading and organizing.

Clearly, content is king and the driving force behind why these portable devices are so popular. Unfortunately, this valuable data is in serious jeopardy because, in most cases, it is not properly backed up. Having your digital music collection on both your iPod and your computer is great, but relying on the iPod as a backup is a mistake. Since portable music players often take a beating, they are more prone to data loss than the main computer.

The place where consumers need to protect their data is on their home computers, since there’s a very good chance the hard drive on that computer will fail; a recent survey showed over 50% of consumers have lost data at some point, and these days it is pretty common that music and pictures are part of that data loss. So if it does fail, without significant backups in place, all of that time and money spent on music along with your priceless digital memories will be lost.

Don’t let a data disaster ruin your holiday gift - follow these easy steps from Ontrack Data Recovery to ensure data is as safe as it can be - and of course, if the worst case happens, you can always turn to data recovery:

  • Make regular backups of all of your important data - and don’t forget the music and photos. A recent study indicated that the average digital music collection includes more than 1,000 songs. At $0.99 a song, that’s a significant investment that should be protected.
  • External hard drives make the process a snap - CDs and DVDs still work well for backups, but external hard drives make the process incredibly fast, easy and even affordable. You can get a 250 GB drive for under $100 - more than enough to handle the average digital music collection and photo albums.
  • Store the backups away from the main computer - once you get all of your precious digital content backed up, make sure to store those backups in an alternate location away from the main computer. This protects the data in the event that something tragic happens (fire or flood) to the room where the computer sits.
  • If your digital content is lost there’s always hope. Ontrack Data Recovery, the leading data recovery company in the industry, are experts at saving the data off any hard drive and can actually recover from the digital device itself.

Tags: , , , , , , ,

Don’t Let A Data Disaster Ruin Your Holiday Gift

Tuesday, December 12th, 2006

This holiday season, iPods, digital cameras, and other digital media players are expected to dominate the consumer electronics holiday gift market. With iTunes selling over 1.5 billion songs so far (including 1 million videos per week) and digital camera sales expected to top the 26 million mark, there’s a lot of digital content on laptops and desktops that consumers spent significant time, energy, and money choosing, purchasing, capturing, downloading, and organizing.

Clearly, content is king and the driving force behind why these portable devices are so popular. Unfortunately, this valuable data is in serious jeopardy because, in most cases, it is not properly backed up. Having your digital music collection on both your iPod and your computer is great, but relying on the iPod as a backup is a mistake. Since portable music players often take a beating, they are more prone to data loss than the main computer.

The place where consumers need to protect their data is on their home computers, since there’s a very good chance the hard drive on that computer will fail; a recent survey showed over 50% of consumers have lost data at some point, and these days it is pretty common that music and pictures are part of that data loss. So if it does fail, without significant backups in place, all of that time and money spent on music along with your priceless digital memories will be lost.

Don’t let a data disaster ruin your holiday gift - follow these easy steps from Ontrack Data Recovery to ensure data is as safe as it can be - and of course, if the worst case happens, you can always turn to data recovery:

  • Make regular backups of all of your important data - and don’t forget the music and photos. A recent study indicated that the average digital music collection includes more than 1,000 songs. At $0.99 a song, that’s a significant investment that should be protected.
  • External hard drives make the process a snap - CDs and DVDs still work well for backups, but external hard drives make the process incredibly fast, easy, and even affordable. You can get a 250 GB drive for under $100 - more than enough to handle the average digital music collection and photo albums.
  • Store the backups away from the main computer - once you get all of your precious digital content backed up, make sure to store those backups in an alternate location away from the main computer. This protects the data in the event that something tragic happens (fire or flood) to the room where the computer sits.
  • If your digital content is lost, there’s always hope. Ontrack Data Recovery, the leading data recovery company in the industry, are experts at saving the data off any hard drive and can actually recover from the digital device itself.

Tags: , , , , , , ,

A New Worm Creeps All Over MySpace

Thursday, December 7th, 2006

It’s great to meet people online and befriend them, to share your thoughts, photographs, movies, and much more. Even better when the community Web site is easy to log in to and manage; until your network intermingles with the criminal gangs of the Web underground!

Security Experts at MicroWorld Technologies inform that a Worm named ‘Win32.Ofigel’ is spreading in large numbers across the world among a 70 million strong user base of the highly successful community portal, MySpace.com. Security experts have long raised concerns about the vast opportunity that Web sites like MySpace provide to online thieves and criminals in exploiting their open nature and easy access.

When a member of the community views an infected profile, a QuickTime movie carrying the Ofigel worm is played, which exploits an XSS vulnerability in the network using a Java script. The Worm then replaces the user’s MySpace menu with a fraudulent one and the menu items redirect the user to a phishing Web site identical to MySpace, where the username and password of the victim are captured.

Then the Worm logs onto certain Web sites to download the malicious QuickTime movie and adds it to the user’s profile. When a new user, mostly the victim’s contact, watches the movie, his or her computer gets infected and the chain goes on.

As if that’s not enough, Ofigel later harvests the email IDs of a victim’s contacts and starts sending spam mails to them with subject lines like: What else is there to do on a Sunday, You better not forget about this, Hehe that was so funny, Better see this one last time lol, Who’s coming to the party tonight, etc. All messages are quite in sync with the youth culture of MySpace.

“This is just one of the many recent incidents that goes on to prove how multi-tiered and multi-pronged the online threats have become in recent times,” says Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies. “The attack involves a worm, a media player, phishing and spamming. It also gives a clear indication that community Web sites are fast becoming one of the most preferred vectors of malware proliferation.”

MySpace officials inform that they are acting to minimize the impact of this worm on users by identifying the URLs attempting to exploit this vulnerability. Those URLs are being blocked, while the infected profiles being removed.

About the Author
Btv Raj is the Content Writer and Creative Visualizer of MicroWorld Technologies.

Tags: , , , , , ,

Defending Yourself In The Information Age

Friday, November 24th, 2006

Jason Savitt writes:

Hi Chris,

I have been a big fan of your Lockergnome newsletter for several years; I even watched you on ‘Call for Help’ back in the day. I would like to know if you would be interested in publishing a link to my new security ebook that explains to people how to protect themselves on the Internet. I am making it available for free for anyone to download.

I have put a lot of effort into writing it; now I am trying to promote it. I am making no money from publication of this book. It’s my way of trying to help others protect themselves. There is a lot of scary stuff on the Net, and this is my way of fighting back.

If you choose to include my submission, all the information (and 1.3M PDF download) can be found here.

Tags: , , , , , ,

Symantec AntiVirus Vulnerability

Friday, October 6th, 2006

Local exploitation of a design error vulnerability in Symantec Corp. AntiVirus can allow an attacker to execute arbitrary code with kernel privileges.

The vulnerability specifically exists due to improper address space validation when the NAVENG and NAVEX15 device drivers process IOCTL 0×222AD3, 0×222AD7, and 0×222ADB. An attacker can overwrite a user supplied address, including code segments, with a constant double word value by supplying a specially crafted Irp to the IOCTL handler function.

ANALYSIS
Successful exploitation allows an attacker to obtain elevated privileges by exploiting the kernel. This could allow the attacker to gain control of the affected system. However, local access is required for exploitation to be successful…

VENDOR RESPONSE
Symantec has released updated device drivers via LiveUpdate. More information regarding this issue can be found in Symantec’s Advisory SYM06-020.

Help? What’s THAT?

Wednesday, August 23rd, 2006

Ever submit a problem and have the vendor flat out say “It’s not our problem?” It’s more than a little annoying in this day and age. I really thought that the PC universe had evolved beyond that kind of blatant BS. Boy, was I wrong!
(more…)