Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Cannot modify header information - headers already sent by (output started at /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php:600) in /home3/walife/public_html/kennyhart.com/geek/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 62

Warning: Parameter 1 to wp_default_scripts() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600

Warning: Parameter 1 to wp_default_styles() expected to be a reference, value given in /home3/walife/public_html/kennyhart.com/geek/wp-includes/plugin.php on line 600
Security Archives - Page 2 of 5 - Ask the Geek Ask the Geek

Security

RSS feed

Watch Out for the Scam Emails

As digital information becomes an increasingly hot commodity among black market operations, email scams are increasing in number and sophistication. Most internet-savvy individuals can spot scams of the Nigerian royal family variety with little trouble. However, scammers that are more adept have moved on to tactics that are less obvious, such as spoofing bank sites or phishing for financial information via official-sounding correspondence. Here are a few tips for avoiding the more elaborate scam emails today.

Your Bank Never Asks for Password or Log In

Some scam emails mimic correspondence from your bank and request that you provide a password or user name in response. Often, these emails reference an issue with your account. The scammer may try to unsettle readers with warnings or information that will cause concern, increasing the likelihood that an account holder will act quickly by sending in the requested information. Once the scammer receives the information, they have access to your bank account.

(Continue reading…)

Filed in: Computers, Email, Security, Spam
0

How to Lock Your Computer?

In Windows, it is a simple matter to learn how to lock (password protect) your computer. A password protected computer cannot be accessed without the password being entered. Having a password will prevent unauthorized viewing of your computer files, computer history, and other personal information. You might also want to create multiple user accounts on one computer, each of them being password protected. For our purposes, we are going to assume that you are running the latest version of Microsoft Windows, which is Windows 7. These instructions will also work for those who are running Windows Vista.

(Continue reading…)

Filed in: Computers, Security
0

Forgotten Password? Password Card Can Help

Password CardOne of the things I come across all the time is the XP forgotten password problem. Running a close second is the router forgotten password. Well, there’s a handy password card you can get that will allow you to remember your passwords in the future.

Thanks to “A password reminder to carry with you” on the IT Trenches blog letting me know about this great little tool. This thing is a real winner for all those XP forgotten password issues. Now, when you get those calls like “I forgot my password for my ____,” you can give them something that allows them to write down password clues that are secure and also easily remembered.

You visit? http://passwordcard.org and it generates an unique credit card sized matrix like the one in the picture. Just pick a symbol, a color and a number of characters and you have a secure password. You have the option of creating a numbers-only area as well as including symbols into the mix, depending on the type of passwords or PINs you require. The default is upper/lowercase and numbers. If you lose your card you can get a duplicate by going to the site and entering the number that appears on the bottom of the card, so you might want to write that down and keep it in a safe place just in case.

There are several ways you can use the password card. The simplest way is to pick a symbol, color and sequence of characters from left to right as in the illustration. You would remember this, or write it down, as “spade green 8.” But notice that there are eight rows under each symbol. You could could choose the column under the diamond symbol and use the password JwdC4aGt. You’d write that down as “diamond down.” Reverse the order, and you might write it down as “diamond up.” In this case, the password would be tGa4CdwJ.

Have fun!

0

PDF Security Hole Proof of Concept Out

The RegisterJohn Leyden
Posted in Malware, 6th April 2010 13:37 GMT

The security perils of PDF files have been further highlighted by new research illustrating how a manipulated file might be used to infect other PDF files on a system.

Jeremy Conway, an application security researcher at NitroSecurity, said the attack scenario he has discovered shows PDFs are “wormable”. Computer viruses are capable, by definition, of overwriting other files to spread. Conway’s research is chiefly notable for illustrating how a benign PDF file might become infected using features supported by PDF specification, not a software vulnerability as such, and without the use of external binaries or JavaScript. [Read more]

0

Preface to “14 Golden Rules of Computer Security”

It isn’t getting any better on the Wild, Wild Web, despite state and federal government attempts to arrest and prosecute those responsible for electronically-perpetrated criminal acts. Spyware and malware of all kinds are increasingly more stealthy and difficult to remove thanks to rootkit technology. With the advent of Web 2.0 and its emphasis on sharing and collaboration through such social networking websites and services as Twitter, Facebook, MySpace, and the like, web-based attacks are more prevalent than ever. These sites are based on active, dynamic content and rely on special programs that run in your web browser to perform their magic. These programs can be modified by malicious hackers to steal your passwords, bank account information and virtually anything stored on your computer.

New laws have done little to deter or eliminate spammers, largely because many of them aren’t located in the United States. Despite the few high profile cases in the news, the truth is that few spammers are ever caught. Considering studies that show some spam campaigns can produce as much as $3.5 million in a year, it’s easy to see why today the spam problem is worse than ever–some estimates place the amount of spam email at 80% to 90% of all emails sent.

These days, everyone is at risk of falling victim to cyber-crime, even those of us who know and practice computer security on a daily basis. The average person who goes to the local big box electronics store and buys a PC or laptop for use at home is often lulled into a false sense of security because their purchase is bundled with some “security suite” by some big-name company. They go home, take everything out of the box, plug it all in and usually end up getting infected with all kinds of nasty things in very short order.

I put this book together in hopes that it will make a difference, however small, in how people look at computing and the Internet. Maybe it will save someone from the hardships of financial loss caused by using a compromised PC to access their bank and credit card accounts. Maybe it will save someone from having to pay a big bill to a technician to clean up a severely infected computer. Maybe, just maybe, it will help take some of the profit out of spam and malware. One can always hope.

At the very least, I hope that you, Dear Reader, find this information useful and that it helps make your computing experience more enjoyable.

Ken Harthun

Note: Any discussion of security, cyber- or otherwise, must be based on the concept of a security baseline – the bare security essentials without which all else is futile. The articles that follow assume that a good baseline already exists, whether the computer is just out of the box, or has been running for awhile What’s a good PC security baseline? I propose these four bare security essentials: “a NAT router; a good antivirus program; a good anti-malware program; and, a good software firewall.” These days antivirus, antimalware and a software firewall are usually combined into a single suite. I choose to align with Windows Secrets’ Security Baseline page: “a hardware firewall that’s built into your [NAT] router, security software that guards against all types of malware threats, a software-update service to ensure that your applications are patched against the latest exploits, and a secure browser.”–KH

0

Panda Cloud Antivirus Emerges From Beta

I reported on Panda Cloud Antivirus back in June and July in my Security Corner posts, Panda’s Cloud Antivirus (Beta) is a Winner! and Panda’s CloudAntivirus Update.

I tested Panda Cloud Antivirus extensively on my systems while it was in beta and only recently switched to Microsoft Security Essentials (MSE) for evaluation. Today, I’ll switch back to Panda on my older, slower system to compare performance of each one. I have noticed a slight performance degradation with MSE that was all but non-existent with Panda. Now that Panda Cloud Antivirus is out of beta, I can make a fair comparison which I will report on later. Check out the full report in this Security Corner post.

0

Get top rated Bullguard Internet Security Suite for FREE!

“Although not so well know in some parts of the world, Bullguard Internet Security is a top level security suite from Denmark. With firewall technology licensed from Agnitum (Outpost) and anti-malware components from BitDefender you will appreciate the pedigree of this software. One of the product’s most interesting features is the way support is provided. Bullguard support staff can be contacted directly from the GUI and response times are reputed to be amongst the fastest in the industry.

“The vendors are generously offering a full 12 month licence for Bullguard Internet Security free for all Gizmo’s Freeware visitors for two days only commencing at 00.01 PST on Thursday 5th November and closing at 23.59 PST on Friday 6th November 2009. This offer comes with full support from Bullguard.”

Click here to get it: http://www.techsupportalert.com/content/get-top-rated-bullguard-internet-security-suite-free.htm

Cheers!

The Geek

0

Internet Safety in the Digital Age

Let me introduce a very special guest blogger, Mr. Paul Shirey. Paul is a young man (13 years old) who definitely has a handle on what this Internet thing is all about. In fact, given that people of his generation have this kind of savvy, I think there’s hope that the Internet will evolve from it’s current state of “Wild, Wild, Web” into something more akin to a world wide communications and information portal that is safe for everyone to use. It’s quite possible that you’ll be hearing more from this young man as a future mover and shaker.

You can contact Paul through his website at http://www.teenradiojourney.com or you can leave a comment here. Here’s his article.

——————————————–

In the digital age,? most of us, if not all, depend on the Internet to get us through the day: some jobs are even 100% online. Well,? sometimes the Internet isn’t all that great, and might be infected with malicious files. Luckily, there are ways you can defend yourself against the Internet terrorists of the digital age.

Online Accounts

The number of online accounts you have can really affect the chances of your accounts being hacked and your identity stolen. The more accounts you have, the more at risk you are. If someone steals your identity and commits a crime in your name, it is possible that you could be the one that ends up behind bars, and none of us want that to happen.

There is a simple way to keep your online accounts secure–don’t use the same password for every online account you have. Imagine this: One day your computer gets infected with malware called a keylogger. Keyloggers record everything you type on your computer. If the hacker behind the malware can find out one of your online passwords before you get the malware removed, that person would have access to all of your online accounts because you used the same password for every account.

Though using the same password for every account you create can be helpful for you (because you won’t have to remember what the password is for every account), it is a serious security threat. There are some very simple ways you can stop this bad habit.

1. If you don’t have a lot of online accounts, use a series of passwords and rotate them between accounts. This way it would be harder for someone to hack into your accounts, and your account could even be temporarily suspended from too many log in attempts.

2. Using a password keeper is an excellent way to create multiple passwords, and most of them have password generators built into them. Even though it might be a little bit annoying to have to copy and paste passwords all the time to log in, it could really be a life saver. You wouldn’t necessarily have to create a generated password for all of your accounts, just the ones you couldn’t afford to get hacked like your bank account or PayPal account. You can download a free password keeper by going here http://keepass.info/. This password keeper can even go onto a USB stick.

Spam

Spam is another way internet hackers gain control of people’s computers and lives. There are some very simple ways you can tell if an email message is spam.

Contains mostly links and is in plain text.

Comes from a free email service like Gmail or Yahoo

Your email client tells you that it is spam

Spam can be very hard to filter out; some spam may even make it through the spam filter. One example of spam that is very tempting is emails that say that you have one a large amount of money. If the email is in plain text and the email address is from a free email service like Gmail or Yahoo, its spam. Delete it and forget it.

If your email client tells you it is spam there is a very small chance that it might not be spam, if you are at a business building using business email, chances are that a lot of non spam emails go to spam due to high filtering settings. You do however need to be able to tell spam from non-spam.

Password Changes

Sites like eBay or PayPal that are heavily encrypted send you an email when your password is changed, even if you were the one that changed it they will still send you an email for security reasons. If you do get one of these emails and you didn’t change the passwoord, you need to contact them immediately.

Imagine that you are opening the door of your house to go inside after a long day at work, but you forget to disarm your security system. The alarm will go off and the alarm company will call you. You tell them that it was only a false alarm and give them your pin number for the alarm system, and they reset the alarms.

So,? going back to the site, the alarm going off when you enter your house is just like you changing your password on a highly encrypted site. The website will contact you just as the alarm company would, except with the website, you usually don’t need to tell them if you changed it or not.

Free Items

Have you ever seen those ads on websites telling you to click to win a free item of high value like a MacBook Air or an expensive car? Well to tell you the truth the website that you clicked on that ad from is just trying to make money, because advertising is how most free websites run. However, that form you will out to get the free item is just collecting your personal information, and you could start receiving tons of spam in the snail mail.

Online Shopping

Another way hackers can attack computers is through online shopping. My rule is the site either has to be approved by internet security companies like McAfee, or use PayPal for orders. I usually will only shop at an online shop if they use PayPal because the only information the store will see when you pay with PayPal is your Name and/or email. That’s a lot better than giving them your credit card number.

The best thing you can do to defend yourself while shopping online is by making sure the shopping website you are buying from is secure. Though eBay and Amazon are very secure, if they were to get hacked it is likely that websites like these would shut down part of their system temporarily until they are sure that the problem is fixed.

Downloads

Downloads can be handy, but if you download multiple programs every day, you could be even more prone to getting a virus. You need to be extremely careful when downloading files from file sharing sites, unless you truly know the person that is hosting them, or were redirected by a software company that you trust.

Sum it up

The key to internet safety is this: if a website or email doesn’t look safe, either don’t go to it,? or do searches on it to see if it is safe. Don’t just look at one search result; look at multiple ones so you are sure that the website is secure. There is a neat little antivirus programs that can keep you safe on the internet, and will even warn you if you try to open an infected webpage or email, and then clean any infected files. You can download this antivirus program by going to http://www.avast.com/. If you already have an antivirus program you trust go ahead and download McAfee Site Advisor http://www.siteadvisor.com/.

Whether you like it or not, you need an antivirus program, it might make your PC a bit slow(er) but it is worth it, you never know when your computer could be threatened in an internet infection.

Paul Shirey

0

Prevent Online Banking Fraud with a ROBAM

What’s a ROBAM? you ask. Check out this post: Protecting Your Business from Online Banking Fraud. SANS says, “The number one recommended mitigation [to online banking fraud caused by infostealer infections] is to use a read-only bootable alternative media (ROBAM) as an isolated environment for financial transactions.”

You can use a USB thumb drive instead of a CD if you do the following:

1. Download your alternative Linux OS choice (I prefer Ubuntu or Knoppix) in .iso format
2. Download UNetbootin from http://unetbootin.sourceforge.net/
3. Create a bootable USB thumb drive using UNetbootin
4. Set the properties of the drive to “read only”

This should have the same effect as using a Linux live CD.

I haven’t tried this, so comments welcome.

0

Make an Anti Virus Bootable USB Thumb Drive

UPDATE! The BLTDVS Toolkit in its original form as referred to below is now obsolete. The current state of the art has yielded self-contained USB installer tools for most of the popular anti virus rescue CDs.

I have updated this article with the latest information and put two versions of popular rescue CD USB installers in the revised BLTDVS Toolkit which is still available for download from the original location when you sign up for my newsletter list.

With all the various flavors of anti virus rescue CDs around, it’s an easy matter to create a CD bootable anti virus scanner that will operate offline to disinfect even the worst malware infestation. In most cases, all you have to do is download the vendor’s latest rescue CD ISO image, burn it, boot it, and let the program do its thing. Easy. Making a bootable USB thumb drive from the ISO is another matter.

Extracting the files from an ISO image to the thumb drive requires a few tricks to accomplish. You can, of course, just download my BLTDVS toolkit from How to make a bootable thumb drive virus scanner for NTFS: 2009 update,? and follow the included instructions but, that toolkit is specifically optimized to work with the Kaspersky Rescue CD; what if you prefer to use a different vendor’s rescue package?

There’s a cool open source utility called UNetbootin that allows you to create bootable live USB drives for a variety of Linux distributions without requiring you to burn a CD. This is perfect since most, if not all, of the rescue CDs are Linux based. The UNetbootin site has full instructions on how to use the tool complete with screen shots. There are also several utilities and rescue tools listed for use with UNetbootin.

BitDefender

Download the BitDefenderRescueCD_###.iso into the BLTDVS_toolkit folder if you have it, or make a folder of your own.
Download and launch the Universal USB Installer or launch it from the BLTDVS_toolkit folder. Select the option “Try unlisted Linux ISO (Old Syslinux)” then browse to the BitDefender ISO file.

Kaspersky

Download the Kaspersky Rescue CD and save it to the BLTDVS_toolkit folder.
Download the rescue2usb utility and launch it or launch it from the BLTDVS-toolkit folder.

Cheers!
The Geek

2
© 2017 Ask the Geek. All rights reserved.