Guidelines for publishing information on the internet

IT should always be remembered that the internet is a public resource available to many people. It is a general rule of thumb to not put anything onto the internet that you don’t want the public to see or that you would want to retract at some point. Here are some guidelines to follow when putting information on the internet:

View the internet as a novel, not a diary – You should be comfortable with anyone seeing the information that you post on the internet. Expect that people you have never met will find your page; even if you are keeping an online journal or blog, post information with the thought of others viewing it in mind. Not all sites will offer ways to protect this information, so you should take this into account. What you post is not likely to stay within a small and restricted group and will mostly likely not remain private.

Be careful what you advertise – These days it is not hard for someone to find information on another person on the internet. Information on a person is usually easily accessible due to many social networking sites. When deciding how much information to reveal, realize that you are broadcasting it to the world. Giving your email address out to the public can lead to a lot of span in your inbox. Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attacks such as phishing or spearing.

Realize that you can’t take it back – Once you publish something online, it is available to other people and to search engines. You can change or remove information after something has been published, but it is possible that someone has already seen the original version. Even if you try to remove the page(s) from the internet, someone may have saved a copy of the page or used excerpts in another source. Some search engines “cache” copies of web pages; these cached copies may be available after a web page has been deleted or altered. Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user’s computer. Think about these implications before publishing information—once something is out there, you can’t guarantee that you can completely remove it.

How can you limit the amount of information collected about you?

With limited privacy on the internet, it is important that people try to limit or control their the personal information that they post onto the internet. It is important because attackers will look for a potential target’s personal information online. Steps to take that can limit the amount of information collected on you are:

Be careful supplying personal information – Do not give important information such as your address, password, credit card information, or birthday to a site that don’t trust. Make sure to look for indications that the site uses SSL to encrypt your information. Although some sites require you to supply your social security number (e.g., sites associated with financial transactions such as loans or credit cards), be especially wary of providing this information online.

Limit cookies- Cookies hold a lot of information, and if an attackers is able to get into your computer, they can find very sensitive information through your cookies. Because of this it is in good practice to limit your cookies.

Browse safely- You should always be careful with the sites that you you visit. You should immediately steer clear from any sites that you think are suspicious. Also make sure to take precautions by increasing your security settings, keeping your anti-virus software up to date, and scanning your computer for spyware and other malicious software regularly.

How attackers target online shoppers

There are many risks that come with online shopping that should be considered, especially since you are putting sensitive information online. Certain steps should be taken to prevent possible loss of such sensitive data. To better understand the risks, it helps to know how attackers target online shoppers. The three common ways that attackers can take advantage of online shoppers:

Targeting vulnerable computers-Proper steps should be taken to protect your computer from viruses or other malicious code because an attacker can gain access to your computer as well as sensitive information in it. Vendors should also take steps to protect their computers and prevent attackers from accessing their customer databases.

Creating fraudulent sites and email messages- Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers are able to make malicious websites that look legitimate or sent emails that appear to be from a legitimate site. Organizations such as charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons an attacker will send an email asking for donations. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information to them.

Intercepting insecure transactions- To prevent the interception  a transaction, vendors should use encryption to prevent attackers may be able to from intercepting the transaction and stealing the information that it is being transmitted.

 

Securing Wireless Networks

Along with many other recent technological advancements, wireless networks have become increasingly popular over the years. As with all new technological advancements, there comes possible security risks as well. Here are several ways to minimize the risks to your wireless network:

Change default passwords- Most wireless devices, such as wireless access points come pre-configured with a default administrator password in order to make setting it up simple and easy to the average consumer. These passwords should be changed immediately when you get your device because these passwords can be found easily online and provide little to no protection. By doing so an attacker cannot easily gain access to your device and take control of it.

Restrict access- Only authorized user should have access to your network. Access to your network can be restricted or allowed by filtering MAC addresses. There are several technologies that require wireless users to authenticate before accessing the network.

Encrypt the data on your network- WEP (Wireless Equivalent Privacy and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. WEP however, has a number of security issues, making it less effective than WPA, so you should especially look for hardware that supports WPA encryption. Data encryption helps secure your data and prevents it so that anyone who gains unauthorized access into your wireless network can’t see your data.

Protect your SSID- Avoid publicizing your SSID to prevent giving outsiders easy access to your network. It is suggested that you change your SSID to something that is not easily guessed.

Install a Firewall- It is in good practice to not only install a firewall on your network, but a host based firewall on all of your wireless devices as well. A host based firewall can prevent an attacker from directly tapping into your wireless network to circumvent your network firewall, and add an extra layer of security.

Maintain anti-virus software- You can reduce possible damage to your network and wireless devices by installing anti-virus software and keeping it up to date. Many of these programs also have features that help defend against and detect spyware and trojan horses.

http://www.us-cert.gov/cas/tips/ST05-003.html

Irans says Duqu malware under ‘control’

Iran has said that they had successfully found a way to “control” the malware Duqu, which is similar to Stuxnet virus that attacked its nuclear program infected more than 30,000 computers in 2010. The software developed to control the Duqu virus has been made available to companies and organizations in Iran. The virus was eliminated and all organizations affected by the virus are now under control while their cyber defense unit works around the clock to protect against attacks and viruses.

TDuqu virus infections have been reported in countries including Iran, France, Britain, and India according Symantec. The virus takes advantage of vulnerabilities in a Windows font-parsing engine to plant malicious code in the heart of a computer system.

The similarities between the Duqu and the malicious worm Stuxnet have caused speculation that the same culprits may be involved, though this has not been proven. While Duqu is similar to Stuxnet, Duqu was developed to gather information for future attacks on industrial control systems. Stuxnet was created to attack computer control systems made by Seimens and usually used to to manage water supplies, oil rigs, power plants, and other crucial infrastructure. Most Stuxnet infections have been reported in Iran, which has caused speculation that it was made to sabotage Iranian nuclear facilities. The worm was also designed to recognize the system that it was meant to target.

It has also been previously reported in January by the New York Times that the US and Israeli intelligence services worked together to develop the worm in order to sabotage Iran’s efforts to make a nuclear bomb.

http://news.yahoo.com/iran-says-duqu-malware-under-control-142848204.html;_ylt=AphMk8QTGRg9gfhnHs13PgkjtBAF;_ylu=X3oDMTNnYnJ0bDVoBG1pdAMEcGtnAzdmNWQyZTA3LTY3MTUtM2YxNi1iNDEwLWU1MzdhMjU2YTlkZARwb3MDMQRzZWMDbG5fU2VjdXJpdHlfZ2FsBHZlcgMwZGExYTE2Ny0wZTA0LTExZTEtYjlmZi0zNjc3M2NjYTlhYzU-;_ylv=3

USB Drive Safety Precautions

There are a few precautions that can be taken in order to protect the information on your USB drive.

Take advantage of security features- Use things like passwords and encryption to help secure your flash drive and make sure that your data is well protected. It is also very important that you back up your data in case your data is ever lost.

Keep business and personal USB drives separate- It’s on good practice to keep personal information on the same USB drive as one containing personal information and vice versa. Likewise you shouldn’t connect a USB drive containing personal information on a business computer as you shouldn’t connect a USB drive with business information to a personal computer.

Use and maintain security software, and keep all software up to date- Firewall, anti virus and anti spyware software should all be used to help make your computer safer. Any necessary patches for your software should be applied to keep your computer up to date.

Do not plug an unknown USB drive into your computer- If you find a USB drive, you should either give it to the authorities such as your organization’s IT department or any local security personnel. You should NOT try to connect the USB drive to your computer to view the contents or identify the owner because it is possible that there may be malware inside of the drive that could infect your computer.

Disable Autorun- Autorun allows removable media to be opened automatically whenever they are connected to a computer. This is a security risk because an infected drive can connect to your computer and infect it with malicious code if autorun is not disabled.

http://www.us-cert.gov/cas/tips/ST08-001.html

USB Drive Threats

With USB drives being more widely used by many people today, it is important that people remember to exercise security practices when using them. While convenient, they introduce security risks that should be taken into account.

An attacker can use a USB drive to infect someone’s computer with malware by putting it onto a USB drive so that when a victim connects the infected drive into their computer, they’re computer will detect the drive and become infected.

It is not unheard o for an attacker to infect an USB drive during production. A user will then unknowingly buy this infected USB drive containing malware and will infect their computer when they connect it.

An attacker can also use USB drives to steal sensitive information directly from a computer. If they can get access into a user’s computer they can download information directly to their USB drive. Computers that have just been turned off are also possible targets because a computer’s memory is still active for a few minutes even after the power has been shut off. An attacker can connect a USB drive into a computer within this time period, quickly reboot the system from the USB drive, and copy the computer’s memory onto the drive. This includes sensitive information, passwords, and encryption keys. This attack method can be very ideal to attackers since this attack can be carried out without the victim knowing that they have just been attacked.

Probably the most obvious security risk with USB drives are that they can be lost. A lost USB drive is a loss of information or work as well as a compromise of information because the person that finds it can take their information.

http://www.us-cert.gov/cas/tips/ST08-001.html

Physical Security

There are many things a person can do to keep their information more secure, and one of the easiest ways may be physical security. Physical security is keeping and tangible things that hold information important to you from being stolen. This is one of the first forms of security that should be considered when keeping your information safe.

An example of physical security would be a company or organization keeping their desktop computers locked within a certain building to prevent and hardware from being taken. In doing this, a person looking to steal information from that group will have one less option to do so. On the opposite, a bad example of physical security is someone leaving a sheet of paper with their password in a place that is easy to find. This could be something as simple as on a post it note attached to the wall next to a workstation or on a sheet of paper under a person’s desk.

With the many threats to you and your information, the simple precaution of physical security should be taken at the very least. Not properly securing your information is just the same as letting someone else come and take it without your permission.

Importance of Password Strength

With the rising trend of information While keeping your password secure is just one of the many aspects of security, it is still something important that should not be overlooked. Having a secure password can help to better protect your information. Often times people will use passwords that are not as secure as they should be. Passwords like “password”, “1234″, and “qwerty” are some examples of passwords that are not secure. Passwords like that can be easily guessed and would probably require minimal effort and thought to crack. This is usually because not everyone knows what constitutes as a “strong” password, thinks that they need “strong” password to secure their information, or want a password that is easy to remember, or don’t believe that they’re information is in danger.

Most often people will make passwords that are easily remembered, such as their own middle name or something simple like “abc123″. Convenience should not take priority over security, especially when it comes to having a password. While a password might be easy to remember, it might not be the safest. Having a simple password that is easily guessed is not something that you would want as your last line of protection against anyone trying to get your information.  A strong password can be long, but should also have variation within the characters. Adding uppercase letters, numbers, as well as symbols can help to make a password stronger.

People will also use weak passwords to important accounts since they don’t realize the passwords you think matter the least actually matter the most. An example of this would be someone’s email account. Not everyone realizes that their bank accounts are linked to their email accounts, meaning that financial information can be compromised simply by acquiring access to their email account.

500 Worst Passwords

How I\’d Hack Your Password