Welcome

This blog is one of several resources intended to provide consumers with additional information related to my book on Information Security.

There are a number of other websites that I maintain that are related to this subject. In the list below, the first link is to my book on the subject which is the final repository for everything new that I learn. Information I obtain by reading other security related articles on the Internet first go into one of the listed eMagazines, and eventually the information gets incorporated into an update to the book. After the book is updated and republished, the articles are removed from the eMagazines, but the links are retained in the bibliography (on this blog) for anyone who wishes to read the original source information.

Here are links to the book, my Amazon author page, the eMagazines, and the presentation:

  1. Best Book About Computer Security (on Amazon.com)
  2. Author page (on Amazon.com)
  3. eMagazine (on Scoop.it) - Cybercrime and You
  4. eMagazine (on Scoop.it) - Best How-to Guides For Protecting Your Computer And Network
  5. eMagazine (on Scoop.it) - Help! I got a virus
  6. Best Presentation About Computer Security (on Slideshare.net)

The Menu Tabs of this blog contain lists of source articles, organized by book chapter, that provided the source material for the book (in addition to my own knowledge and experience). This information is provided for those who wish to explore or understand a topic better. The present and previous versions of the book are/were in e-Book format only. At some point, I will likely also provide a print edition. It is for that reason that, I am moving all of the links (URLs) in the book to this website so that both e-Book and printed book users can access the information via this website.

Spreading Malware By Torrents

Torrents of applications are often laden with malware. The application files may be unaltered, but the “crack” which provides a license code is where the danger lies. Videos, on the other hand, are safe. According to experts, embedding malware into a video file would be difficult, if not impossible. So how, then, do the bad guys distribute malware via popular video downloads such as TV episodes and movies?

Tactics vary, but the primary method of distributing malware via torrents of video files depends upon on getting downloaders to download additional files. This would likely tip off most people that something was up, but usually people become less alert when it comes to something they are eager to watch or play for free.

Several other common tactics include using an archive format like .rar or .zip to store malware disguised as a compressed file. or requiring you to download a specific codec, which could itself be a vehicle for malware.

Another tactic involves Torrenting a password protected file and then having to retrieve a password from another site or via email. This email scenario could be used to gather enormous numbers of legitimate emails, perhaps to be used for phishing attacks later on.

What might happen if one of your Facebook ‘Friends’ gets their account hacked

Whoever now controls your friend’s account not only has complete access to the Facebook information of the original account owner, but they can also access all of data on the people the owner was friends with.

Even the most privacy conscious individuals with everything set to ‘Friends Only’ are now exposed and at risk. Think of all the information they can collect and the damage they can do in just a short period of time.

Here are just a few ways they can exploit the ‘friends’ of the newly hacked account:

  • Monitor status updates of friends to know where they are and when they are not at home – for purposes of burglary.
  • Collect personal and private information to be used for phishing attempts (social engineering).
  • Use Photos and data obtained to create other fake profiles.
  • Install rogue Facebook applications and send spam and scam links to all of the friends of the original account owner.

If you are too complacent to protect your account for your own good, do it for your friends. Change your password to a very strong one, and not one that you use for any other on-line account. …..And while you are at it, why not ask your ‘friends’ to do the same to protect you.

‘More private’ social networks

Privacy-minded people don’t have to give up social networking. Plenty of options exist for friends, families, and even couples who want to communicate privately. If you feel that Facebook and Twitter are too public, you may want to take a look at private social networks. The following social networks are designed for close-knit groups who really want to connect with each other–not social butterflies who want to broadcast their lives across the Internet.

* Couple: A Formerly known as Pair, Couple is the ultimate private social network–a smartphone-based network designed expressly for couples. In fact, you can only have one friend on Couple: your significant other. Couple features a timeline that’s a bit like a souped-up text message exchange–you and your partner can add photos, reminders, important dates, drawings, and videos, along with regular text messages.

* Family Wall: If you’re looking for a slightly larger social network, FamilyWall helps you keep track of your entire family. At this private, Facebook-like social network for families, you can add dates and events, photos, videos, contacts, messages, and even Foursquare-style check-ins. You can also add “Family landmarks” such as schools, doctors, and fitness centers.

* 23snaps: Instead of posting photos of your children on Facebook or Instagram, try posting them to 23snaps, a smartphone-based social network that lets you create a unique, private online photostream. 23snaps lets you add photos, videos, and status updates to a special photostream of your child (you can add a stream for each child) and then share those photos with your friends and family. Another option is to co-manage a 23snaps account with your partner, so you can both add photos of your kids.

* Path: Perhaps the best-known private social network is Path. This smartphone-based social network limits your friends list to 150–the maximum number of friends a human being can realistically keep track of, according to studies. By virtue of being small, Path is one of the more private social networks you can join. But you’ll have to choose your friends wisely. Path may not also be as private as it once was. Users this week complained that a 2-month-old feature of the Path app that lets you invite contacts to join the network is actually spamming their address books with mass texts. Path says the texts are the result of user error.

* Nextdoor: If you want to restrict your social network communication to people you know in real life, the neighborhood social network Nextdoor might be right for you. Nextdoor requires all members to verify their address (the service sends you a physical postcard with a code on it) before allowing them to join their neighborhood’s group. As a result of this structure, the only people you can talk to on Nextdoor are those who live within shouting distance of your house.

Finally – there is the DIY approach. You can set up a shared folder with your family, and perhaps another with friends using one of the Cloud services like Dropbox, Skydrive, or the new peer-to-peer Bittorrent sync (http://labs.bittorrent.com/experiments/sync.html). Anything you put there will be synced with only those you care about.

Beware of Fake ‘Like’ and ‘Dislike’ buttons on web pages

Some of the newest tactics being used by cybercriminals are the insertion of fake Facebook “like” buttons on compromised web pages. These buttons can look identical to real ones but install malware.

Also, don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users recently.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

Research: 80% of dangerous websites are actually legitimate sites

One of the most striking statistics to emerge from recently completed research by SophosLabs is that 80% of dangerous websites are actually legitimate sites that have been compromised by criminal hackers.

This makes it clear that it is no longer possible to easily avoid malware attacks on the web. If you visit a fixed number of sites regularly, using trusted bookmarks, and don’t stray from your “short list.” then you will be far safer than if you follow links from one page to another just surfing aimlessly.

Another piece of research sponsored by Cisco (the 2013 Annual Security Report), further reveals that the highest concentration of online “risky” sites does not come from previously thought to be “high risk” sites such as pornography, overseas pharmaceutical, religious oriented content or gambling sites, but from everyday sites such as shopping and search. This was found to be the case because a not previously recognised source of threats revealed by the report is that sites that generate revenue through online advertisements are near the top of the list of those that deliver malicious content.

This is logical because if you are thinking like a criminal hacker, you want to have the opportunity to infect the most sites and therefore visitors to those sites. Since so many sites “survive” through advertising revenue, served up through advertising networks they participate in, then as a hacker, you will try to infect the ad networks so that the ads they serve also deliver your malicious payload as well.

Now that you know this, you can see why you could pre-determine how safe a site might be to visit based on the following criteria:

1.) How popular is the site?

Facebook is one of the most visited sites on the web and as a consequence attracts malware programmers and scammers like no other. More popular, more risk, less popular, less risk – all other things being equal.

2) Does the site accept third party advertisements?

For example, Amazon is less risky to visit because it does not display advertising from third party ad networks. Your favorite blogs probably serve up ads from one or more ad networks, on the other hand.

3.) Does the site directly control its content?

For example, your banking site is very safe because it is there for one purpose and doesn’t display content (or ads) from others. Search engines (Google, Bing, etc.), on the other hand, index pages and images from others that could be poisoned – although they take extraordinary efforts to avoid this. Sites like Facebook, Pinterest, and Twitter present content provided by others and can easily include links to malicious code.

4.) Is the site run by a large company?

Large companies can afford the IT staff required to keep the site “clean” of malware, whereas your mom and pop store or restaurant probably just doesn’t have the budget (and certainly not the in-house expertise) to perform the maintenance required to keep a website secure.

There are other criteria, to be sure, but the ones mentioned above should be obvious to anyone.

Why You Should Change Encryption Settings for Syncing Google’s Chrome Browser

Google’s Chrome browser has a syncing feature similar to Firefox to sync your saved passwords and other browser data/settings with other computers and devices. By default, however, Chrome only encrypts your saved passwords when syncing your browsing data across the Internet to your other computers and devices. Because the only password needed to sync new computers and devices is your Google password, should someone else know your Google password or your account gets hacked, they can sync with your browser data and gain access to your all of you saved passwords, which is potentially very dangerous.

There is are two additional safety measures you can take to make syncing more secure. You can choose to encrypt all synced data and you can also create your own encryption passphrase for synced data. When you create your own passphrase, it will be used to encrypt and decrypt your synced browsing data instead of your Google account password. Thus when you setup a new computer or device to sync with your browsing data, you must login to your Google account and then also enter your sync passphrase.

To change your syncing settings for Chrome, click the Wrench icon > Settings > Advanced sync settings and you’ll see a pop-up window where you can make these changes.

An alternative is to not use Chrome to store your login passwords for websites and instead install and use a separate password management application such as LastPass. That way, your passwords will not be stored with your synced browser information at all.

 Page 2 of 3 « 1  2  3 »