Spiked Security

A number of respected security sources are reporting fake swine flu emails that are pretending to be the CDC (Centers for Disease Control) and then ask you for information.  Don’t follow these links and read these attached links to see what the emails look like.  This is yet another reminder that hackers like to prey on our fears to fool us into doing things we shouldn’t.  And by the way as a “guinea pig” I am constantly offended at the name “Swine Flu”, its not our fault!

This is the same malware which was infecting people with a fake IRS email.  No the IRS is not suddenly going to give you money if you follow a link in a email out of the blue!

Symantec example of the swine flu email:  http://www.symantec.com/connect/blogs/zeus-trojan-catches-swine-flu

McAfee example of the swine flu email: http://www.avertlabs.com/research/blog/index.php/2009/12/01/h1n1-vaccination-profile-a-path-to-infection/

and for more information about this infection path you can check out the network world article here: http://www.networkworld.com/news/2009/120209-fake-swine-flu-emails-lead.html

The internet is full of snakes; don’t let them eat you!

-Spike

Every day people browse the web, and every day they click on the blinky that says, “You are the 1 millionth visitor – get your prize” or “You won a free car” or “Just send this link to your friends and have them send it to their friends and…. you will get rich”.  And every day, Spike gets sadder.

Internet security and safety is not just about the tools you install, the browser you use, or the operating system you run. It’s also about a healthy dose of skepticism.  I may be only 4 inches tall and have to run around the keyboard to type these (Yes, my owner finds that very amusing), but even my little rodent brain knows that I really didn’t win a free car.  (Side note:  How cool would it be if I could even drive?!)

So when you browse the Net or play in your favorite social media site, be skeptical.  Ask yourself “why” before you click.

Most attacks on the Internet involve you doing something.  Yep, you, yes all of you, and yes, even you, the guy looking around for someone else. Yes, you all click on stuff on a web page and start the attack rolling.  And sadly, these attacks are very, very clever.  They can hide the attack start button to look like the “close” button on the window.

Some tips on how to avoid launching your own attack:

1) Don’t click on strange ads on the edges of the screen.  These are often loaded with issues.  Many have issues that the advertiser is unaware of, so don’t blame them right away.

2) If it is too good to be true in real life, it is STILL too good to be true on the Internet.

3) If you get a pop up, do not click on any button.  If it shows up in your “window bar” at the bottom of your screen, right-click and close it.  If not, use the “X” to the right of the window.

4) Be skeptical.  Before you react, ask yourself “why”, then ask again.  Look for the catch, the flaw, the vile fly hiding in the ointment, the thing you most fear in the dark recesses of.. umm.  Sorry, got into writer mode there – my owner left the TV on SYFY channel all day…but really, ask yourself questions and count to 10 before you click.

The Internet is full of scary alien monsters who will eat anything; don’t let them get you!  (I wish my owner would change the channel!)

Spike

Spike made friends with a puppy today; that is, StormDawg.com!  

Bryan Jennewein, the Director of Social Media at infoGROUP and contributor to StormDawg.com, was helping me clean out my cage, so to speak, with some sage advice on my blog (no Mom, still not a blob!)  While he was visiting, we got to squeaking about safe surfing.  You really only need a wetsuit if the water is cold or the wax has sand in it and the surfboard rubs your chest wrong… oh, um, sorry…yet again another life.

OK, so Bryan and I were talking about safe web surfing and I gave him my top tools for making my browsing experience safer (or more annoying, according to my family), and then I thought, ”Hmm, I should make this a blog post.”

So here we go:

No matter what browser you use, install AVG Linkscanner, a free tool from AVG.  By the way, AVG’s anti-virus is great if you don’t have one yet!

Then set up OpenDNS for your house or computer.  Go to opendns.com and sign up.  It is free for most families and inexpensive for businesses.

Finally, add some great add-ons to your Firefox browser.  (You are using Firefox, right?) Some add-on suggestions: Ad-Block Plus, Ad-Block Plus Helper, Better Privacy, No Script and Ref Control.

With all of these tools, you can see which link in your Google search is safe to visit (AVG Linkscanner).  When you visit a web page, No Script will tell you all of the scripts that page is trying to run and from WHOM are they coming.  Start with only allowing the script from the main page owner and then allow ones you feel good about!   This will take a little bit of getting used to, but it will protect you from many bad things.

Last, when you close your browser, Better Privacy will ask you if you want to remove ## LSO Cookies.  YES, YES, YES!  Let the tool remove those flash cookies!

That should help “safe up” your surfing! 

The Internet is full of snakes; don’t let them eat you!
Spike

Every few weeks Tuesdays are special, and today is one of those Tuesdays.

 Today, Microsoft Corporation will release a group of important patches for various Windows systems and functions.  Tonight or tomorrow you should update your computer.

In fact, Spike implores you to update your computer today or tomorrow!

Why patch?  Well, one of these patches arriving today fixes something called a “Zero Day Vulnerability” in the operating system.  A Zero Day Vulnerability is a section of code someone found in the operating system that can be exploited to do more than it was originally intended to do.  By not patching these, your system can be controlled remotely and used to do things you really don’t want it doing.

So patch…in fact check every Tuesday night to see if it is a “Patch Tuesday”.

The Internet is full of snakes; don’t let them eat you!
Spike

Sure you do!  There’s nothing more fun than having the FBI show up at 6 a.m., bust into your house and take all your computers away for a field trip…all of your carefully gathered stamp-collecting material (wink, wink, nudge, nudge) gone in a bad federal suit flash.

Not gonna happen to you?  You think, “Hey,  I don’t hack people, I don’t cruise questionable sites, I don’t do follow ‘those’ blogs.”

You don’t, but your neighbor might, and he may be using your wireless connection because you didn’t take basic precautions when you set it up. 

Let’s talk about wireless.  Wireless – also called WiFi or a Hot Spot – was designed around an international standard created to broadcast a network connection to computers.  The original wireless standard did not have any security because is was assumed years ago that this technology would only be in large businesses, universities, the government, etc.

Just like the Internet, wireless has spread to homes and everywhere else.  So at your house, if you just take your new wireless router out of the box and turn it on it, it will broadcast wireless to every computer within range (approximately 100 to 300 feet).  Everyone who can receive that signal can use your Internet connection.  In fact, the way most operating systems are set up,  they will use the strongest signal over a weaker signal.  In my master bedroom, my neighbor’s wireless is stronger than mine, which is two floors below in my basement. My laptop would connect to his network if I let it.

 What should you do?  Here is a list of basics: 

1. Rename your device:  It comes with a name from the maker, such as Linksys or Netgear.  So give a name - it can be anything and it really doesn’t matter as long as you remember it.
2. Stop the broadcast of the SSID:  The SSID is the name of your wireless device or router that calls out to the world every few seconds so computers can find it.  This setting is just an ON or OFF.  Turn it off.  By doing just this, many computers will not connect to you network first.
3. Start WPA (wireless encryption):  This requires that you choose a password and tell you wireless router and your computer what that password is.  Once you do this, only computers with the password can connect to your network AND - this is a big AND - you are stopping anyone with a wireless card from reading your traffic.  That’s right: If you don’t turn this setting on, your traffic is traveling the airwaves in clear text and anyone can see everything you sent to the Internet, even your credit cards and passwords.

 There are more settings, so read the manual,  but these are a good solid secure starting point.

The Internet is full of snakes; don’t let them eat you!
Spike