Spiked Security

Spike loves it when popular services work toward improving your control over your privacy.  So, a big piggy YAY to Facebook for their new privacy options.  Now that Facebook has done this, you should check them out and use them.  One big area to look at is the privacy settings for applications.  Fix these - the default options share way to much!

So check out your privacy settings and adjust them to your personal level of comfort!

Also check out these great articles from the computing press on these new tools, and take special note of how to keep yourself from being tagged in a photo, how to keep your friends information off the search, and how to stay off a Google search.

AllFacebook: 10 New Privacy Settings Every Facebook User Should Know

Network World: New Facebook Settings: 5 Things You Should Know

The Internet is full of snakes; don’t let them eat you!

Spike

Spike has been following Roger Thompson’s  blog for a while now and it is always interesting, but this post is down right SCARY!

Please read Roger’s blog about his Facebook information and friends!!!

go to:     thompson.blog.avg.com – DON’T click here, go type this into your browser and read.

The Internet is full of snakes, don’t let them eat you!

-Spike

I come home from work every day only to find another batch of credit card offers, blank checks from credit card companies, and every other manner of solicitation with my name, address and phone number already filled out for my convenience.

What a nightmare!!  Everything the good privacy thief needs to take over my financial life is right here in these pre-filled offers.  It’s not like the blank signature field will stop them. Ugh - besides the whole green thing of killing trees and all this stuff can really mess up your identity.  

What to do with all this trash?

Meet Shredder, your new best friend. … What?!?… You don’t have a shredder?  

STOP right here in this blog, go out and get one. They are cheap and they’re an essential part of your basic supply kit for life. Make sure you get a “cross cut” or “confetti” shredder. They even come in pink!

No, go now, I can wait. Continue reading when you are back with the new shredder.

OK! Now that you have shredder, keep it plugged in near where you deal with the mail.

What goes into the shredder?

Everything with your name and address on it - shred away.

Now you have a new toy for the kids. They will love it.

And for even more fun, go back through your old files and shred some more!  Whoo Hoo!  Piggy Heaven!

The Internet (and mail, neighborhood and trash processor) are full of snakes; don’t let them eat you!

Spike

A number of respected security sources are reporting fake swine flu emails that are pretending to be the CDC (Centers for Disease Control) and then ask you for information.  Don’t follow these links and read these attached links to see what the emails look like.  This is yet another reminder that hackers like to prey on our fears to fool us into doing things we shouldn’t.  And by the way as a “guinea pig” I am constantly offended at the name “Swine Flu”, its not our fault!

This is the same malware which was infecting people with a fake IRS email.  No the IRS is not suddenly going to give you money if you follow a link in a email out of the blue!

Symantec example of the swine flu email:  http://www.symantec.com/connect/blogs/zeus-trojan-catches-swine-flu

McAfee example of the swine flu email: http://www.avertlabs.com/research/blog/index.php/2009/12/01/h1n1-vaccination-profile-a-path-to-infection/

and for more information about this infection path you can check out the network world article here: http://www.networkworld.com/news/2009/120209-fake-swine-flu-emails-lead.html

The internet is full of snakes; don’t let them eat you!

-Spike

Cyber Monday is becoming almost as big a shopping day as Black Friday.  You should have already started to see the upswing in email advertising.  As you are getting pummeled with email ads you need to be more diligent in your email review.  When real ads increase so to do the scam ads.  Scam ads are very clever this year; they look real, in fact they look just like the real vendor being spoofed. So read them carefully, and ask why you got this ad. Is it part of your normal advertising based on places you frequent (GOOD!)?  Or have you never seen this store before? How did they get your email?

How to stay safe?   Don’t click on and follow ANY link in email ads.  Try to start your shopping by going to the vendors site and put in a sale code from the email or log on as a customer to find your offer.

Before you buy, make sure the vendor is legitimate.  Check the Better Business Bureau (bbb.org), or search the vendor on the web with the word “scam” after their name and look for scam listings.

LOOK FOR THE LOCK on your browser.  Make sure the browser is in secure mode so you are not sending your payment information across the net in the open.  Somewhere depending on your browser of choice there is a lock or indicator you are in secure mode.  Look for the address to start with HTTPS not HTTP, look for the top bar to turn green, or a padlock to follow the URL line.

Shop where you know, don’t follow links you are not sure about, check with the BBB, and have a happy and safe holiday shopping season!

The Internet is full of snakes, don’t let them eat you!

-Spike

Every day people browse the web, and every day they click on the blinky that says, “You are the 1 millionth visitor – get your prize” or “You won a free car” or “Just send this link to your friends and have them send it to their friends and…. you will get rich”.  And every day, Spike gets sadder.

Internet security and safety is not just about the tools you install, the browser you use, or the operating system you run. It’s also about a healthy dose of skepticism.  I may be only 4 inches tall and have to run around the keyboard to type these (Yes, my owner finds that very amusing), but even my little rodent brain knows that I really didn’t win a free car.  (Side note:  How cool would it be if I could even drive?!)

So when you browse the Net or play in your favorite social media site, be skeptical.  Ask yourself “why” before you click.

Most attacks on the Internet involve you doing something.  Yep, you, yes all of you, and yes, even you, the guy looking around for someone else. Yes, you all click on stuff on a web page and start the attack rolling.  And sadly, these attacks are very, very clever.  They can hide the attack start button to look like the “close” button on the window.

Some tips on how to avoid launching your own attack:

1) Don’t click on strange ads on the edges of the screen.  These are often loaded with issues.  Many have issues that the advertiser is unaware of, so don’t blame them right away.

2) If it is too good to be true in real life, it is STILL too good to be true on the Internet.

3) If you get a pop up, do not click on any button.  If it shows up in your “window bar” at the bottom of your screen, right-click and close it.  If not, use the “X” to the right of the window.

4) Be skeptical.  Before you react, ask yourself “why”, then ask again.  Look for the catch, the flaw, the vile fly hiding in the ointment, the thing you most fear in the dark recesses of.. umm.  Sorry, got into writer mode there – my owner left the TV on SYFY channel all day…but really, ask yourself questions and count to 10 before you click.

The Internet is full of scary alien monsters who will eat anything; don’t let them get you!  (I wish my owner would change the channel!)

Spike

Another month and another big patch Tuesay for Microsoft.  Yep, Tuesday Nov 10th saw the release of 6 patches that addressed 12 security issues in Microsoft products.  Microsoft is being very dilegent about patching holes.  If they are going to the trouble of releasing these patches YOU should be installing them!

Go patch your systems right now!  No, don’t put it off until later!  Patch NOW!

Patch info from Microsoft can be found here:  http://blogs.technet.com/msrc/archive/2009/11/10/november-2009-security-bulletin-release.aspx

The Internet is full of snakes, don’t let them eat you!

-Spike

In “Let’s Take a Step Back – Part One I,” I talked about setting up the software on your PC to protect yourself online.  Today I am going to talk about physical hardware devices you should buy to protect yourself. OK, if you are like most people in the free world, you get your Internet access via a cable modem or the equivalent from your phone company.  Mostly gone are the days of 14.4k dial up.  This means that your connection is live all the time, even when you are not using it.  If you leave your systems turned on, your computer is constantly under attack from things on the Internet.  So what can you do to protect yourself from these attacks and to make your connection life easier? 
1. Install a cable router / firewall.
   1. This device physically sits between your cable modem and your computers, and protects your whole network from basic Internet traffic and issues.  This device is NOT a replacement for a firewall installed on your computer.  You should have both.  Spike says, “Defense in depth is the only way to go!”
   2. Your new firewall should be set to NAT, or Network Address Translation, so the inside of your network is not visible (from an address point of view) from the Internet (usually a default setting).
   3. It should be set to deny any inbound calls or traffic (usually a default setting).
   4. Turn on any packet examining capabilities. Not all have this but this will cause your firewall to look into the information sent back to you from a website to determine whether it is dangerous.
   5. Turn on any and all anti-virus, anti-spyware, malware, email filtering, spam blocking and other protections.  The more of these you have, the better. 
   6. Content filtering:  If you have kids (or a spouse/friend/roommate who acts like one) then these settings can control the type of websites they can visit.  Not all models have this, but if yours does, take a look at these – you might like what you see.Mine, for example block hate, hacking, malware, and dangerous software sites.  For the most part it doesn’t bother anyone or keep them from enjoying the Internet.  This is normally a paid subscription addition to the device, but consider what $70 a year can do to protect your kids! 

There are many other settings individual to your brand of device, so read the manual and make use of them.  A firewall on your network does you no good if all the protections are turned off.

The Internet is full of snakes; don’t let them eat you!

Spike

So far, I have offered advice for the normal dude, dudette, and the little dudesters…but Internet security is not just for big companies and homes; it is for everyone.  Today, I’d like to offer some tips for small-business owners on what you can do to protect your business.

In October, the National Cyber Security Alliance released its first study on cyber security practices of small- and medium-sized companies.  The study suggested that SMBs need to focus a bit more energy on security.

In these economic times, the thought of spending money on something you can’t see, stops threats you don’t know are happening, and you barely understand is hardly logical, right?  Wrong.

Let’s work from the outside in. By the way, for the homeowners who haven’t tuned out yet, this is a good stuff.

At your entry point, you have some form of connection to the Internet in the form of a cable modem, ADSL, ISDN, or other connection from a communications carrier.  Normally, they leave you with some box or other that has an ethernet (RJ-45) plug in it an tell you to plug a wire from their into your computer or local swith/hub.  This is where we want to start our protection.  What we want to do is to plug in a firewall between the carriers connection and your local computer or switch.

If you business is very small (less than 10 employees) you can go to your local big box retail center and purchase a router/firewall or cable router firewall from many vendors such as Linksys, Netgear or Belkin.  This box should cost less than $150 and is easy to set up.  Some of the more expensive models ($125 to $200) offer the ability to add annual subscriptions for anti-virus, email spam filtering and traffic management.  You should consider those options (we’ll talk about them further down the page).

If your company is larger, talk to a reseller.  You can find a computer network security reseller in the phone book, web, or by checking vendor websites such as Cisco, Checkpoint, Fortinet or Symantec.  Again, the firewall you need will cost between $300 and $1,000, depending on the size of your network.  These reseller can offer installation and customization assistance if you feel technically overwhelmed.

So you have plugged the new firewall into the circuit and followed the easy setup guide.  (It should have taken you about 30 minutes).  Make sure you CHANGE the password to something you won’t forget, yet is hard to guess.  Step one of basic protection in place.  Note to the homeowner: You can and should do the same thing.

Step two, the computers.  Your computers need protection too.  If you can afford to buy a good commercial package, this should be your first move.  For about $40 per machine you can get a great Internet security suite from Symantec (Norton), AVG, Avira, Kasperky, Zone Alarm and many others.  Again, if you are small business, you can set up individual systems. If your business is bigger and you can dedicate some computing resources,  set them up to work with a  management console.  Just like the firewall, if you do it yourself, you can buy off the web at any of those companies mentioned above or from your local network security reseller.  You want a personal firewall, anti-virus (or anti-malware), anti-spyware, and intrusion detection suite.  The companies I mentioned above all offer suites with all these features.   (There are a number of free packages available for home use but most charge for a business license.)

Now that you have installed a physical firewall and PC-based protection suites, you have completed the basic steps for protection.

The last step is to read my last couple of blog entries on safe browsing and browser add-ons and educate your staff. Remember, WHERE you browse and WHAT information you tell them is more of the security battle than all the tools in the world!   My blogs offers tips and education about safe browsing. Another group,  Stay Safe Online, has a great site with good information at www.staysafeonline.com as well.  In fact, check out their article here.  They point out even more resources.

So take a moment to think about cyber security at your business and your home.

The Internet is full of snakes; don’t let them eat you!
Spike

Dude, this is totally gnarly!

There is this great article from Herbert H. Thompson posted on Scientific American’s website that will blow your mind!  Thompson used information already on the Internet about his friends, and WITH THEIR PERMISSION,  gained access to their bank accounts!  Read this article and substitute “BLOG” with “Your Favorite Social Media Site of Choice.”

Spike was impressed!

The Internet is full of snakes; don’t let them eat you!
Spike