Category Archives: Internet
Some great advice and tips to follow when connecting your computer via Wi-Fi.
It’s a good idea to connect to public networks that require passwords when possible, as they tend to be more secure. Many public networks have a legal disclaimer stating network use and security. It pays to read these before connecting.
Turn Wi-Fi off We don’t mean you should turn your Wi-Fi off permanently, rather, when you’re not using your device, or are connected to another network, e.g., mobile data, turn your Wi-Fi connection off. If you have Wi-Fi on while connected to another network, your device can and will actively search for networks to connect to and often connect to an unsecure network, unintentionally exposing your information.
Use HTTPS when possible HTTPS stands for Hypertext Transfer Protocol with Secure Sockets Layer SSL. In layman’s terms this is a website that has been built with security of user’s data in mind. Many popular websites have a HTTPS version that can be accessed by typing in https://www.sitename.com. Using HTTPS makes websites a lot harder to hack, and it’s a good idea to get into the habit of using them when on a public network or connected to Wi-Fi outside of the office.
Use data not public hotspots Hotspots are public Wi-Fi connections usually provided by a company e.g., many coffee shops have Wi-Fi, this is a hotspot. These can be unsafe, so it’s much better to invest in a data connection for your device, or a mobile Internet stick, which are considerably safer as the data is encrypted before it’s transferred from the cell tower to your device.
Use a VPN A Virtual Private Network – VPN – connects multiple computers in different locations to the same network via the Internet. Many companies use this to connect and share data with satellite offices, as the data is encrypted and secure. The main benefit to VPNs is that you can connect to a public Wi-Fi network, and transfer data securely using the network’s bandwidth. Many businesses use some form of VPN, which makes it easy for you to keep your business data secure while out of the office.
There are also VPNs that allow you to securely access the Internet via a public Wi-Fi connection, while encrypting all data sent and making your computer anonymous.
The key is to make it as difficult as possible for someone to hack into your computer.
Scanning for BGP hosts that are vulnerable? From the ISC:
ISC reader Yew Chuan reports that he is seeing a steady increase in probes to tcp/79 (“finger”). Our own DShield sensors confirm this observation, as is visible on the image below. It’s been a while since we last had exploit attempts on tcp/79, and hardly anybody is using/running “finger” anymore these days. So .. what’s up? Anyone got packets?
Update 1330 UTC: Scanning for tcp/79 has been seen by many ISC readers, and most say the IP blocks it originated from are in China and Taiwan. No packets yet – looks like everyone has tcp/79 blocked, and only recorded the initial “SYN”.
For more info from the comments check out: ISC Diary | What’s up with port 79 ?.
Another successful sting:
The FBI orchestrated a two-year cybercrime sting that resulted in 24 arrests, with some alleged hackers facing more than 20 years in prison for allegedly profiting from stolen information such as credit card and bank account numbers, law enforcement authorities announced today.
The U.S attorney’s office in Manhattan and the FBI announced the arrests and provided details of the sting operation, which involved FBI agents posing as hackers while the bureau set up a fake “carding” forum, according to the press release (see the full release below). Carding is the term for crimes associated with exploiting stolen personal information for profit. The forums helped “carders” communicate and, in some cases, find mailing addresses — usually empty apartments or houses — for products purchased with stolen credit-card data.
- Global financial cybercrime sting yields 24 arrests (money.cnn.com)
- FBI arrests six British ‘hackers’ in ‘biggest ever’ undercover sting into global online fraud (dailymail.co.uk)
- Huge Hacking Group Busted in FBI Sting Operation (jdjournal.com)
Great tips on network troubleshooting from the CompTia IT Pro networking blog.
- Problem at the physical layer: Many times, I’ve found that slow networks occur because of some sort of problem with a particular device(e.g., a cable modem or a switch), or even the network cable itself. If you’re using a cable modem, try restarting it before contacting anyone or going any further. Check to see that all physical connections are sound; a loose wire can mimic other problems. Start here, and you’ll be able to move forward with confidence. Additional issues can include firmware update problems. One time, I had a cable modem that simply “bricked” because my ISP’s automatic update procedure failed. Other times, I’ve found that a cable modem hasn’t fully installed a firmware update, causing slowness. Sometimes you need to get a new modem; other times, you simply need to either complete the firmware update or simply restart it.
- Network service problem: Start with diagnosing DNS issues. We all know what a completely failed DNS server can do to you. But have you ever been in a situation where you go to a familiar URL (e.g., http://www.bbc.co.uk) and then the browser tells you that it is “looking up” or “resolving” the URL? It will eventually find the URL and resolve it for you. This problem is likely due to a problem with your DNS server of that of your ISP. Restart the service if it’s your own; if you’re using a DNS server provided by the ISP, either switch to a backup server or inform them that there’s a problem. As with the previous piece of advice, actually restarting your computer can help resolve this issue, too. Additional services to consider include domain controllers, Microsoft networking / Samba servers, and torrent services. In some cases, network traffic will run slow because your network isn’t configured to prioritize certain traffic types. In other cases, you’ll need to set up port forwarding so that certain traffic types on your network will be properly forwarded by your router. For those of you interested in how an enterprise network prioritizes traffic, check out the following link about QoS.
- Computing device issue: I once had a friend of mine who was convinced that his company’s ISP was at fault for slow network speeds. It turned out that his system was infested with spyware, causing a serious slowdown in networking. Removing the spyware solved the problem. In another case, the computing device had a problem because it had the wrong software driver installed for the network card. Resolving that issue resolved the slowdown issue nicely.
Head to the source to find out some other things to investigate when dealing with a slow network connection.
- FBI Report on DNSChanger Malware (bespacific.com)
- Google Public DNS serves 70 billion daily requests (slashgear.com)
Thanks to “Man in the Browser”, even up-to-date anti-virus software combined with the latest generation of online banking security doesn’t protect those using online banking.
A test witnessed as part of a BBC Click investigation suggests even those with up-to-date anti-virus software could be at risk.
There is no specific risk to any one individual bank.
In the test the majority of web security software on standard settings did not spot that a previously unseen piece of malware created in the software testing lab was behaving suspiciously.
The threat does not strike until the user visits particular websites.
Called a Man in the Browser (MitB) attack, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered.
Some versions of the MitB will change payment details and amounts and also change on-screen balances to hide its activities.
With the additional security devices, the risk of fraud is only present for one transaction, and only if the customer falls for the “training exercise”.
“The man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking,” said Daniel Brett, of malware testing lab S21sec.
“[Although] many products won’t pick this up, they’ve got a much bigger scope, they’re having to defend against all the viruses since the beginning of time.”
Every time a new update to the malware is released, it takes the security companies a number of weeks to learn how to spot it – to learn its common features.
But one security company did privately concede that, if this threat had come from a source not known to be bad and started communicating with a web address also not on the black-list of “bad” sites – until they had discovered and analysed it – it probably would have beaten their protection.
The key in this cat-and-mouse game continues to be the user and how high they set want to set their security settings on anti-virus software. But even then NOTHING is 100% secure when it comes to data.
- Hackers outwit online banking identity security systems (annozijlstra.wordpress.com)
- Hackers may be able to ‘outwit’ online banking security devices (go.theregister.com)
- New ‘Man In The Browser’ Attack Bypasses Banks’ Two-Factor Authentication Systems (gizmodo.com.au)
As a result of massive opposition, SOPA has been pulled in the House.
Lamar Smith, the chief sponsor of SOPA, said on Friday that he is pulling the bill “until there is wider agreement on a solution.”
“I have heard from the critics and I take seriously their concerns regarding proposed legislation to address the problem of online piracy,” Smith (R-Texas) said. “It is clear that we need to revisit the approach on how best to address the problem of foreign thieves that steal and sell American inventions and products.”
In addition Senator Harry Reid has cancelled a scheduled vote on its counterpart.
“In light of recent events, I have decided to postpone Tuesday’s vote on the PROTECT IP Act,” said Senate Majority Leader Harry Reid (D-Nev.) in a statement Friday morning.
It’s a step in the right direction when it comes to an overreaching attempt to control a free Internet.
- SOPA and PIPA Defeated? Smith Postpones Bill (techgopher.wordpress.com)
- Senator Reid postpones vote on PROTECT IP Act, Romney and Gingrich come out against SOPA (digiphile.wordpress.com)
Beware! There is a new trojan horse virus that not only raids your bank account, it reportedly covers it’s tracks as well.
The best way to protect yourself from an online financial scam is to diligently check your bank accounts. At least, until now.
Israeli-based Security firm Trusteer has found an elaborate new computer virus that not only helps fraudsters steal money from bank accounts — it also covers its tracks.
Think of a crime plot involving a spy who plans to break into a high-security building and begins by swapping out security camera video so guards don’t notice anything is amiss. Known as a surveillance camera hack, the technique has been used in dozens of movies.
A new version of the widely prevalent SpyEye Trojan horse works much the same way, only it swaps out banking Web pages rather than video, preventing account holders from noticing that their money is gone.
Here’s how it works:
The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies in wait until a customer with an infected computer visits an online banking site, steals their login credentials and tricks the victim into divulging additional personal information such as debit card information. Then, after the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim’s banking site and scrubs transaction records clean of any fraud. That prevents — or at least delays — consumers from discovering fraud and reporting it to the bank, buying the fraudster critical extra time to complete the crime.
Head to the source for additional details, including why this is a very scary tactic being employed.
- New Banking Malware Spends Your Money, Hides the Evidence [VIDEO] (mashable.com)
- SpyEye malware borrows Zeus trick to mask fraud (infoworld.com)
Overcoming stiff competition from MIT and Waterloo, Princeton won this year’s Facebook College Hackathon finals. Over the past few months, Facebook conducted run-off competitions at fourteen colleges across the United States and Canada, and this Friday held the finals at Facebook headquarters in Palo Alto. The Princeton team was the only one comprised mainly of women, and their winning project Color Me Bold allowed users to submit a photo of an outfit and receive instant, algorithmic fashion suggestions for how to improve its color scheme.
My personal favorite was MIT’s 2toBrowse, a Chrome extension that allowed two people on separate computers to both control active cursors and collaboratively browse the web. One users installs the extension, receives a special URL, and another can click it to instantly begin browsing together without having to download anything. The extension could help people teach their parents how to use a specific website, allow customer service departments to walk customers through solutions to problems, or provide entertainment.
The College Hackathon, also known as the Camp Hackathon, serves as a powerful recruiting tool for Facebook. By finding top young engineers and bringing them to the headquarters, Facebook increases the chance they’ll want to work for the company once they graduate — or drop-out like Facebook’s founders.
Go to the source to see some awesome video of the Facebook Hackathon.
- Facebook Holds All-Night Hackathon for College Teams [VIDEO] (mashable.com)
- Management Hackathon: Building Communities of Passion (news.dice.com)
- Granicus Hosts CityCampSF Hackathon to Promote Civic Innovation & Open Government (prweb.com)
It’s a fair question considering this.
Judging from the headlines appearing this week on tech Web sites, you’d guess anyone using a browser other than Internet Explorer was a fool.
After all, IE version 9 scored a whopping 99.2 percent in NSS Labs’ worldwide test (PDF) of the ability of top browsers to detect socially engineered malware. IE 8 wasn’t far behind at 96 percent–the difference attributed by NSS Labs to the Application Reputation component added to IE 9‘s SmartScreen technology.
By comparison, the four other browsers tested were veritable social-malware sieves: Google Chrome 12 had a 13.2-percent detection rate, Firefox 4 and Safari 5 detected 7.6 percent, and Opera 6.1 percent.
Such dramatic results should be easy to corroborate, but a search for similar results from other sources came up empty. Every other browser comparison I could find rated Firefox, Chrome, and (usually) Opera above IE in terms of security. In fact, SecurityFocus lists 62 current vulnerabilities in IE 8, some dating back more than two years. The site reports 17 vulnerabilities in IE 9 (note that some of the vulnerabilities for each browser are listed as “retired”).
By comparison, there are no vulnerabilities reported currently for Chrome 13, Firefox 6, Safari 5, or Opera 11.
Whichever browser you prefer, ensure that you’re using the most recent version. Google Chrome updates automatically, IE gets its patches as part of Windows updates, and Safari is kept current via Apple Software Update. To set Firefox to update automatically, click Tools > Options > Advanced > Update (Windows) or the Firefox menu > Preferences > Advanced > Update (Mac) and make sure “Automatically download and install the update” is selected.
- Chrome Improves Anti-Malware Blocking Score by 340% (pcworld.com)
- Microsoft IE9 Blocks Malware Best (informationweek.com)
- Updated: Choosing the Safest Browser, Part One (benwoelk.wordpress.com)