If you use Facebook from public Internet access points found at coffee shops, airports, libraries or schools, you should definitely enable FB’s new feature that encrypts (makes unreadable) your info. Even if you don’t access Facebook from these sites, it’s a good idea to do this anyway.
Go to Account, Account Settings, Account Security & check box for Secure Browsing (https). More: https://blog.facebook.com/blog.php?post=486790652130
January 13, 2011 – Millions of people worldwide rang in 2011 with the latest in technology gadgets and devices, jumpstarting the New Year with the most innovative smartphones, savviest tablets and PC/Mac laptops on the market. But many consumers neglect to take the necessary steps required to protect themselves from the dangers of cybercrime associated with their new prized-possessions and tech gadgets.
If you were one of the millions of adults and kids who received tech gifts during the holidays, beware. Computer and cybercrimes have risen by more than 22% according to the most recent statistics from 2009. McAfee Labs™ predicts an increase in mobile, social media and PC-based threats in 2011, with cybercrooks finding new ways to do harm via all types of connected devices. And millions of new device owners will become easy targets if they don’t take proactive measures to ensure their security.
Here are some practical tips from McAfee to ensure optimal Internet safety and security in 2011:
“STOP. THINK. CONNECT.” Consumer Advice:
STOP. THINK. CONNECT. is the first-ever coordinated message to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, nonprofits and government organizations.
The coalition advises consumers to STOP. THINK. CONNECT.
When you cross the street, you look both ways so make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps — Stop. Think. Connect.
Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.
Think: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your families.
Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.
STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.
Source: http://newsroom.mcafee.com/article_display.cfm?article_id=3714
By Joan Goodchild December 14, 2010 06:00 AM ET
For Beth Jones, a senior threat researcher with Sophos, this time of year means an upswing in fraudulent activity online. Between malware authors looking to infect machines, and identity thieves hoping to con consumers out of credit card information, this is the prime month for behavior that qualifies for the naughty list.
“The two-week mark before Christmas is when things start to ramp up out of control,” said Jones. “Spammers and malware authors focus on when the attention is going to be there. That’s generally two weeks before a holiday.”
[ Read about other common social engineering scams and how to detect them ]
You don’t need to be shopping online to get caught in one of their traps. Even checking out e-mail or spending time on Facebook and Twitter has its risks for the unaware. Here are seven holiday humbugs to avoid.
Holiday scam 1: ‘Free iPad giveaway!’
Holiday scam 2: Fake gift cards
Holiday scam 3: Stripped gift cards
Holiday scam 4: ‘You’re preapproved for this credit card!’
Holiday scam 5: Bad e-cards
Holiday scam 6: Bad links to holiday sales, job offers, etc.
Holiday scam 7: Fake charities
See source for details on each scam: http://www.computerworld.com/s/article/9201118/Beware_7_Scrooge_worthy_scams_for_the_holidays?taxonomyId=17&pageNumber=1
“We have already seen an increase in malware activity,” Deepen Desai, senior researcher at SonicWALL, told SCMagazineUS.com in an email on Tuesday.
Based on research from previous years, malware activity is expected to double during this holiday season, Desai said. For enterprises, the largest concern is that employees who are shopping online from work computers may inadvertently introduce malware into the network.
“Cyber Monday,” the digital equivalent of the brick-and-mortar world’s “Black Friday,” marks the beginning of the online holiday shopping season and is one of the busiest online shopping days of the year. It falls on Monday, when most employees return to work for the first time since the Thanksgiving break.
This year, 4.5 percent of workers with access to the internet, or 70.1 million people, will shop for holiday gifts from the office, according to new statistics from the National Retail Federation, a trade group.
“In general, a lot of people are going to be coming in [to work] and going to a lot more sites than they normally do,” Todd Feinman, CEO of Identity Finder, an identity theft and data leakage prevention software provider, told SCMagazineUS.com on Tuesday.
To take advantage of the hoards of online shoppers, scammers will likely distribute malicious links on social media sites purporting to offer tempting deals, such as “coupon codes” for popular stores or products, Nicholas Percoco, senior vice president and head of Trustwave’s SpiderLabs, told SCMagazineUS.com on Tuesday. These links could actually lead users to phishing attacks or sites containing drive-by malware.
This type of scam can spread quickly on sites such as Facebook and Twitter by budget-conscious users who believe they are providing friends and followers with money-saving opportunities, Percoco said.
Another threat this year is the potential for rogue mobile applications purporting to direct users to the best deals of the season, said Identity Finder’s Feinman. There have already been a number of Black Friday and Cyber Monday applications released and there is a danger that cybercriminals will set up similar ones with embedded payloads that harvest users’ contact lists, passwords or other data.
Also, attackers will likely send spam hawking sales and free offers that actually lead users to malware and phishing attacks, experts said.
Users should be advised to be cautious of links provided in email, instant massages, social media and other online communications, Percoco said. To be safe, those looking for deals should always directly visit a retailer’s website.
In addition, security professionals should ensure that all computers on the network have the appropriate software updates installed, since many employees will be visiting sites they normally wouldn’t.
November 1, 2010 by Elinor Mills
Chances are you don’t leave your front door unlocked. And you shouldn’t leave your Wi-Fi network unsecured either.
Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here’s why. With a $50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected.
Someone could also join the network and launch attacks on your computer and any other devices using the network at that time. If file sharing has been left on or the personal firewall is misconfigured it’s relatively easy to access the computer via an open Wi-Fi network. Someone could upload an executable program to a file on your hard drive that steals data or just leaves a back door for future access. And if you are using the network to connect to a corporate network through a VPN (virtual private network) an attacker can get into the corporate system too.
“The most dangerous thing is a direct attack,” Don Bailey, a security consultant at iSec Partners who is also an expert on telecommunications snooping, told CNET. “The threat is not only that your traffic can be sniffed, but that an attacker can get access to all your data and connections on your computer, even those supposedly secured by SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption.”
Unsecured Wi-Fi networks can be attractive for scammers to launch spam and virus attacks because the attack would be tracked back to the Wi-Fi network but not to the computer of the criminal who exploited the open network.
“Someone could be using your wireless network, whether it’s a neighbor or a customer, and you are taking on the liability of that person’s action,” Bailey said. “If they do something illegal, like break into computers, those actions are going to come back to your hot spot and the federal authorities are going to hassle you.”
Even though many Wi-Fi routers come with WPA (Wi-Fi Protected Access) enabled by default, a lot of people don’t want to be bothered with setting up a password, despite the fact that you don’t have to type it in every time you log on. The Wigle.net (Wireless Geographic Logging Engine) site shows that of 26.8 million Wi-Fi networks logged by volunteers who were “war driving”–driving around in cars and using laptops or PDAs to find wireless networks–49 percent were listed as secured with encryption and nearly 28 percent were shown to be not using encryption. (On the remaining 23 percent the security level was unknown.)
There is also an interactive map on Wigle.net where you can zoom in to see individual Wi-Fi networks and even the SSID (Service Set Identifier) numbers associated with individual wireless local area networks.
Not only should you not host an unsecured wireless network, but you should definitely be extra careful when using other people’s open networks.
There is no good way to tell whether a hot spot is legitimate, like a Starbucks Wi-Fi network, or if it was set up by someone for malicious purposes. Even if you are on what appears to be a Starbucks network, there could be someone on the network who is spying on other users.
There are also instances of inadvertent fake hot spots. Some older Windows machines running XP create ad hoc networks called “Free Public WiFi,” which do not connect you to the Internet but to the computer broadcasting that service. The hole that enables this has been patched, but affected computers that haven’t had an operating system update are still vulnerable.
Whether you choose to trust hot spots, configure your device–laptop and smartphone–to connect to open Wi-Fi networks only with your approval and not automatically. Wi-Fi-enabled devices may automatically open themselves to sharing and connecting with other devices, so be sure to turn file sharing off when using Wi-Fi.
“The best thing to do is to stay off hot spots all together,” Bailey said. “If you are going to use them, make sure you have a firewall and VPN technology.”
Sen. Tom Carper U.S. Senator from Delaware Posted: October 25, 2010 03:12 PM
With Halloween right around the corner, many of us are casting about for creative costume ideas. Here’s a suggestion for a truly frightening option — try being a cyber criminal or a terrorist.
If you think cyber crime and cyber terrorism aren’t real, let alone scary, think again. According to the FBI, in 2008 a wave of thieves fanned out across the globe and almost simultaneously walked off with more than $9 million within 12 hours, using cloned credit card numbers they got by hacking a major credit card company in Atlanta. Further, in 2009 Lockheed Martin and the Department of Defense lost plans to America’s future advanced jet fighter, the F-35 Joint Strike Fighter — one that isn’t even mass-produced yet — to suspected Chinese hackers. I’m hard pressed to think which is scarier – the cyber criminals who can hack into businesses or personal networks and steal millions or the cyber terrorists who can attack everything from power plants to military installations with a few key strokes.
Given the truly scary potential these cyber criminals and terrorists possess, it’s entirely fitting that we observe National Cybersecurity Awareness Month every October. This year marks the seventh annual National Cybersecurity Awareness Month which is conducted by the Department of Homeland Security (DHS), the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the National Cyber Security Alliance (NCSA). As part of the Department of Homeland Security’s “Stop.Think.Connect.” campaign to increase public understanding of cyber threats, this annual cybersecurity awareness campaign is designed to encourage Americans to protect their computers and our nation’s critical cyber infrastructure.
Across the country, people are working to build awareness of the importance of cybersecurity and the significant threat posed by cyber attacks. In my home state of Delaware, we recognized National Cybersecurity Awareness Month with activities designed to educate Delawareans about the importance of protecting the cyber networks that underpin everything from our bank accounts to the electricity grid and the systems we depend on for our national security. Under the theme “Cybersecurity is Our Shared Responsibility,” Delaware’s top professionals, government officials and students participated in training, simulation exercises and presentations. I am proud that Delaware continues to be a leader in teaching others about the importance of being vigilant online, not just during the month of October, but throughout the year.
As National Cybersecurity Awareness Month comes to a close, I hope this campaign’s outreach was successful in educating Delawareans and all Americans about the importance of cybersecurity and the new technological threats we face. Eventually, I hope Americans focus on this critical issue every day, not just one month out of the year.
Given the serious nature of this growing threat, we have to do more to protect our critical information networks. That’s why I will continue to work with my Congressional colleagues to pass comprehensive cybersecurity legislation, the Protecting Cyberspace as a National Asset Act of 2010, which I authored with Sens. Joe Lieberman (ID-Conn.) and Susan Collins (R-Me.). This legislation will help provide the government and the private sector with the tools and resources they need to more effectively protect our vital cyber networks.
To learn more about National Cybersecurity Awareness Month and download free online safety tips and resources, I encourage you to visit the Department of Homeland Security’s website on Cybersecurity: Our Shared Responsibility.
Source: http://www.huffingtonpost.com/sen-tom-carper/the-scary-reality-of-our_b_773619.html
The White House
Office of the Press Secretary
Presidential Proclamation–National Cybersecurity Awareness Month
NATIONAL CYBERSECURITY AWARENESS MONTH, 2010
BY THE PRESIDENT OF THE UNITED STATES OF AMERICA
A PROCLAMATION
America’s digital infrastructure is critical to laying the foundation for our economic prosperity, government efficiency, and national security. We stand at a transformational moment in history, when our technologically interconnected world presents both immense promise and potential risks. The same technology that provides new opportunities for economic growth and the free exchange of information around the world also makes possible new threats. During National Cybersecurity Awareness Month, we recognize the risk of cyber attacks and the important steps we can take to strengthen our digital literacy and cybersecurity.
America relies on our digital infrastructure daily, and protecting this strategic asset is a national security priority. My Administration is committed to advancing both the security of our informational infrastructure and the cutting-edge research and development necessary to meet the digital challenges of our time. Earlier this year, we marked the one-year anniversary of my Administration’s thorough review of Federal efforts to defend our Nation’s information technology and communications infrastructure. We must continue to work closely with a broad array of partners — from Federal, State, local, and tribal governments to foreign governments, academia, law enforcement, and the private sector — to reduce risk and build resilience in our shared critical information and communications infrastructure.
All Americans must recognize our shared responsibility and play an active role in securing the cyber networks we use every day. National Cybersecurity Awareness Month provides an opportunity to learn more about the importance of cybersecurity. To that end, the Department of Homeland Security and the Federal Trade Commission have highlighted basic cybersecurity tips every computer user should adopt, including using security software tools, backing up important files, and protecting children online. I urge all Americans to visit DHS.gov/Cyber and OnGuardOnline.gov for more information about practices that can enhance the security of our shared cyber networks.
Effective cyber networks connect us and allow us to conduct business around the globe faster than ever before. We must advance innovative public- and private-sector initiatives to protect the confidentiality of sensitive information, the integrity of e commerce, and the resilience of our cyber infrastructure. Together with businesses, community-based organizations, and public- and private-sector partners, we are launching a National Cybersecurity Awareness Campaign: “Stop. Think. Connect.” Through this initiative, Americans can learn about and become more aware of risks in cyberspace, and be empowered to make choices that contribute to our overall security.
The growth and spread of technology has already transformed international security and the global marketplace. So long as the United States — the Nation that created the Internet and launched an information revolution — continues to be a pioneer in both technological innovation and cybersecurity, we will maintain our strength, resilience, and leadership in the 21st century.
NOW, THEREFORE, I, BARACK OBAMA, President of the United States of America, by virtue of the authority vested in me by the Constitution and the laws of the United States, do hereby proclaim October 2010 as National Cybersecurity Awareness Month. I call upon the people of the United States to recognize the importance of cybersecurity and to observe this month with activities, events, and trainings that will enhance our national security and resilience.
IN WITNESS WHEREOF, I have hereunto set my hand this first day of October, in the year of our Lord two thousand ten, and of the Independence of the United States of America the two hundred and thirty-fifth.
BARACK OBAMA
The National Cyber Security Alliance (NCSA) is a nonprofit organization working with the government, corporate, nonprofit and academic sectors, to help computer users stay safe online.
Find NCSA on your favorite social network sites.
Stay safe and protect your privacy online with these suggestions
Sharon Gaudin, August 13, 2010 (Computerworld)
After news hit this week that Facebook developers are furiously trying to fix a bug that lets spammers harvest users’ names and photos, the issue of online safety has reared its ugly head again.
Privacy and security problems have plagued Facebook and its more than 500 million users — a lot — over the past several months.
Much of the most recent turmoil was kicked up this past April when Facebook unveiled a list of new tools that allow user information to be easily shared with third-party Web sites.
That move caused an online uproar among users, and even prompted a handful of U.S. senators to write an open letter calling on Facebook to amend its privacy policies.
Facebook responded to the unrest with the release in May of a set of simpler privacy controls. However, despite the social network’s efforts, concern about privacy and security seems to always be boiling just under the surface among users.
Oddly enough, though, that doesn’t mean that most users have battened down their security hatches or have even rethought the kind of information they routinely post about themselves.
In light of the concern about privacy and security — and the fact that users don’t seem to doing what they should be doing to safeguard their information — Computerworld talked with analysts to come up with five suggestions to protect you and your personal information if you’re one of the half a billion Facebook users sharing pictures, videos and updates about your latest dates or upcoming vacations.
1. Understand Facebook’s security settings and use them
Most analysts called this step absolutely mandatory. Larry Hawes, an analyst at Gilbane Group, noted that users need to find out where the security settings are on Facebook and take the time to learn how to use them to control what information is shared with people, applications and Web sites.
Augie Ray, an analyst at Forrester Research, added that people should seriously consider only sharing their information with their online friends.
To do that, Ray noted that users can access their privacy settings by clicking on “Account” in the upper right-hand corner of their Facebook page, and then clicking “Privacy Settings.” People who want to set their privacy settings as tight as possible can select “Friends Only.” Also uncheck the box marked “Let friends of people tagged in my photos and posts see them,” and then click “Apply these Settings.”
2. Who’s your buddy?
Come on. This is not high school and Facebook isn’t a popularity contest. You don’t need to be “friends” with everyone.
Actually, a good reality check is if this person is actually a friend or family member in real life. If they’re not an actual friend, why would you want them to know when you’re stuck working late, getting ready to go on vacation or that you just bought a new computer or flat-screen TV?
“Remember that sharing with friends only is the strictest level of security that exists on Facebook,” Hawes said. “Be sure the people you friend are ones that you know and trust.”
3. Beware of those applications
Ray warns that using a Facebook application can give broad permission for whoever developed that application to access your data … and your friends’ data.
That means you may want to think twice before you take quizzes with titles like “Would you make a good FBI agent?” or “What’s the theme song to your high school years?”
Only use applications from sources you trust, Ray added. And periodically check the list of applications you’ve used and given permissions to. “You might be surprised how many you’ve approved,” he said. “Much like your PC, you probably want to regularly remove any applications you don’t use and trust.”
Ray advised users to go to the bottom of Facebook’s Privacy Settings page to find the “Applications and Websites” link. There, they can click on the “Remove unwanted or spammy applications” option.
4. Ummm, sorry Grandma! Think before you type
You have to protect yourself and think through every post that you put online. The golden rule, say several analysts, is to think about whether you want your mother, your boss (and any potential future bosses) and your significant other to read what you’re about to write. If you don’t want any of them to see it, don’t post it.
It’s a simple concept, but people still just don’t get it, said Dan Olds, an analyst at Gabriel Consulting Group.
“It’s so important for users to realize that when they post personal details on social networking sites, they have to assume that information could be exposed to everyone with a computer and a screen,” Olds added.
“One approach is to ask yourself if you’d wear a T-shirt with the details you’ve posted about yourself. If you would, then you’re probably OK. But if that thought makes you cringe, then you’d better re-evaluate what you’re putting on the Web,” he said.
5. Malicious eyes
Sit down and closely look at your Facebook page and consider what a malicious person could do with any of the information you’ve posted.
“Try to be objective and ask yourself, ‘If I really hated this person or wanted to take advantage of her, is there anything I could do with this information to mess with her?’” said Olds. “If the answer is yes, then consider what kinds of information you’re posting on your Facebook page and make the appropriate adjustments.”
Analysts also warned users to not post any information that could be used in an identity theft scheme. Avoid listing your birth date, home address, children’s names, phone numbers and social security numbers.
WiFi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. WiFi wasn’t born to be secure. It was born to be convenient. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.
Anyone using an open unsecured network risks exposing their data. There are many ways to see who’s connected on a wireless connection, and to gain access to their information. As more sensitive data has been wirelessly transmitted over the years, the need for security has evolved. Today, with criminal hackers as sophisticated as they ever have been, wireless communications are at an even higher risk.
When setting up a wireless router, there are two different security protocol options. WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy. Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security.
There are a few things you should do to protect yourself while using wireless.
Be smart about what kind of data you transmit on a public wireless connection. Only transmit critical data from secure sites, ones where “HTTPS” appears in the address bar. These sites have additional encryption built in.
Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s no data on either device that would compromise my identity or financial security.
If you have file sharing set up on a home network, when venturing to wireless hot spots you need to manually turn it off on your laptop.
Turn off WiFi and Bluetooth on your laptop or cell phone when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.
Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is being used as bait.
Beware of evil twins. Anyone can set up a router to say “T-Mobile” “ATT Wireless” or “Wayport”. These are connections can appear legitimate but are actually traps set to snare anyone who connects.
Keep your antivirus software and operating system updated. Make sure your antivirus software is automatically updated and your operating system’s critical security patches are up to date.
Source: http://information-security-resources.com/2010/07/05/wireless-security-is-an-oxymoron/
