Spiked Security

Hope everyone is having a wonderful and safe holiday season.  I bet some of you either got or gave cell phones in your holiday gift-giving.  I also bet you didn’t know that you may have inadvertently enabled someone to become a victim of cyber bullying or digital abuse. 

You laugh?  Nope, Spike is being serious here. Digital abuse is on the rise and more and more teens are being targeted. A Thin Line, a website created by MTV to help educate teens about digital abuse, is an excellent place to start.  You can read more about MTV’s accompanying study here.

Digital abuse is not just about cyber bullying, cyber stalking or cyber impersonation - studies also show that one-third of all teens use their cell phone for inappropriate texting and imagery.  Wow, one third!  That means that parents are not making our youth aware of the permanency of the digital forum.  Once taken and sent, a picture becomes part of the digital universe and can resurface anytime when you least wish it.  Most of you spend the time to talk to your youth about this and Spike applauds that.   Remind them that even if they are responsible with their digital phones and cameras, other are not, so be careful not to put themselves in compromising positions where others can capture their image.  (Too bad many of Hollywood’s stars don’t heed that advice!)  Pay attention to your family members, talk about both the positives and negatives of the Internet and cell phones and help everyone stay safe.  It would be sad to ruin little Suzy’s* run for president in 25 years by having pictures of some high school party show up just before election day!

More resources for parents and youth:

www.internetsafety.com

www.ftc.gov/youarehere
Federal Trade Commision site for youth and Internet safety

www.stopbullyingnow.hrsa.gov/kids/  
National Health and Human Services’ site about cyberbullying

www.ncpc.org/cyberbullying
You all remember another famous animal helping kids be safe?  NO!  Not Smokey Bear, I am talking about McGruff the crime dog!  Yep this is his site on cyberbullying.

The Internet is full of snakes; don’t let them eat you!

Spike

*”Little Suzy” is a fictional character and has no resemblance in real life to anyone anywhere that Spike may or may not have met.  But she could be ANY OF YOU!

A number of respected security sources are reporting fake swine flu emails that are pretending to be the CDC (Centers for Disease Control) and then ask you for information.  Don’t follow these links and read these attached links to see what the emails look like.  This is yet another reminder that hackers like to prey on our fears to fool us into doing things we shouldn’t.  And by the way as a “guinea pig” I am constantly offended at the name “Swine Flu”, its not our fault!

This is the same malware which was infecting people with a fake IRS email.  No the IRS is not suddenly going to give you money if you follow a link in a email out of the blue!

Symantec example of the swine flu email:  http://www.symantec.com/connect/blogs/zeus-trojan-catches-swine-flu

McAfee example of the swine flu email: http://www.avertlabs.com/research/blog/index.php/2009/12/01/h1n1-vaccination-profile-a-path-to-infection/

and for more information about this infection path you can check out the network world article here: http://www.networkworld.com/news/2009/120209-fake-swine-flu-emails-lead.html

The internet is full of snakes; don’t let them eat you!

-Spike

Cyber Monday is becoming almost as big a shopping day as Black Friday.  You should have already started to see the upswing in email advertising.  As you are getting pummeled with email ads you need to be more diligent in your email review.  When real ads increase so to do the scam ads.  Scam ads are very clever this year; they look real, in fact they look just like the real vendor being spoofed. So read them carefully, and ask why you got this ad. Is it part of your normal advertising based on places you frequent (GOOD!)?  Or have you never seen this store before? How did they get your email?

How to stay safe?   Don’t click on and follow ANY link in email ads.  Try to start your shopping by going to the vendors site and put in a sale code from the email or log on as a customer to find your offer.

Before you buy, make sure the vendor is legitimate.  Check the Better Business Bureau (bbb.org), or search the vendor on the web with the word “scam” after their name and look for scam listings.

LOOK FOR THE LOCK on your browser.  Make sure the browser is in secure mode so you are not sending your payment information across the net in the open.  Somewhere depending on your browser of choice there is a lock or indicator you are in secure mode.  Look for the address to start with HTTPS not HTTP, look for the top bar to turn green, or a padlock to follow the URL line.

Shop where you know, don’t follow links you are not sure about, check with the BBB, and have a happy and safe holiday shopping season!

The Internet is full of snakes, don’t let them eat you!

-Spike

Every day people browse the web, and every day they click on the blinky that says, “You are the 1 millionth visitor – get your prize” or “You won a free car” or “Just send this link to your friends and have them send it to their friends and…. you will get rich”.  And every day, Spike gets sadder.

Internet security and safety is not just about the tools you install, the browser you use, or the operating system you run. It’s also about a healthy dose of skepticism.  I may be only 4 inches tall and have to run around the keyboard to type these (Yes, my owner finds that very amusing), but even my little rodent brain knows that I really didn’t win a free car.  (Side note:  How cool would it be if I could even drive?!)

So when you browse the Net or play in your favorite social media site, be skeptical.  Ask yourself “why” before you click.

Most attacks on the Internet involve you doing something.  Yep, you, yes all of you, and yes, even you, the guy looking around for someone else. Yes, you all click on stuff on a web page and start the attack rolling.  And sadly, these attacks are very, very clever.  They can hide the attack start button to look like the “close” button on the window.

Some tips on how to avoid launching your own attack:

1) Don’t click on strange ads on the edges of the screen.  These are often loaded with issues.  Many have issues that the advertiser is unaware of, so don’t blame them right away.

2) If it is too good to be true in real life, it is STILL too good to be true on the Internet.

3) If you get a pop up, do not click on any button.  If it shows up in your “window bar” at the bottom of your screen, right-click and close it.  If not, use the “X” to the right of the window.

4) Be skeptical.  Before you react, ask yourself “why”, then ask again.  Look for the catch, the flaw, the vile fly hiding in the ointment, the thing you most fear in the dark recesses of.. umm.  Sorry, got into writer mode there – my owner left the TV on SYFY channel all day…but really, ask yourself questions and count to 10 before you click.

The Internet is full of scary alien monsters who will eat anything; don’t let them get you!  (I wish my owner would change the channel!)

Spike

It is that time of year again.  People begin shopping more than ever.  More and more shopping is done on the Internet.  Christmas is fun, and even us little furry piggies love getting presents (hint, hint to my owner: I love chewing on things).  But as shopping increases so do the attempts to trick people into giving away money or information.

A new wave of fake payment requests are targeting email subscribers with subject lines such as, “Payment verification from – (insert your favorite credit card company, payment portal, or shopping site). ”  The message typically says that to stop the payment, you must download and run the attached zip file.

NEVER download a zip file from anyone you are not expecting a file from or normally get files from.  Has your bank or credit card company ever sent you a zip file to run?  Not likely.

Last year, emails about “your shipment” made the rounds, and we will see those again this year. This type of  attack relies on people panicking and thinking that someone has charged something to them falsely and they want to block it.  Don’t panic!

If you are worried about false charges, CALL your credit card company, bank, payment portal, etc., using the number you already have (check the back of your card, previous transactions, the phone book or their website).  Never use a number from one of these emails and never click on any links in these emails.

The Internet is full of snakes; don’t let them eat you!
Spike

In “Let’s Take a Step Back – Part One I,” I talked about setting up the software on your PC to protect yourself online.  Today I am going to talk about physical hardware devices you should buy to protect yourself. OK, if you are like most people in the free world, you get your Internet access via a cable modem or the equivalent from your phone company.  Mostly gone are the days of 14.4k dial up.  This means that your connection is live all the time, even when you are not using it.  If you leave your systems turned on, your computer is constantly under attack from things on the Internet.  So what can you do to protect yourself from these attacks and to make your connection life easier? 
1. Install a cable router / firewall.
   1. This device physically sits between your cable modem and your computers, and protects your whole network from basic Internet traffic and issues.  This device is NOT a replacement for a firewall installed on your computer.  You should have both.  Spike says, “Defense in depth is the only way to go!”
   2. Your new firewall should be set to NAT, or Network Address Translation, so the inside of your network is not visible (from an address point of view) from the Internet (usually a default setting).
   3. It should be set to deny any inbound calls or traffic (usually a default setting).
   4. Turn on any packet examining capabilities. Not all have this but this will cause your firewall to look into the information sent back to you from a website to determine whether it is dangerous.
   5. Turn on any and all anti-virus, anti-spyware, malware, email filtering, spam blocking and other protections.  The more of these you have, the better. 
   6. Content filtering:  If you have kids (or a spouse/friend/roommate who acts like one) then these settings can control the type of websites they can visit.  Not all models have this, but if yours does, take a look at these – you might like what you see.Mine, for example block hate, hacking, malware, and dangerous software sites.  For the most part it doesn’t bother anyone or keep them from enjoying the Internet.  This is normally a paid subscription addition to the device, but consider what $70 a year can do to protect your kids! 

There are many other settings individual to your brand of device, so read the manual and make use of them.  A firewall on your network does you no good if all the protections are turned off.

The Internet is full of snakes; don’t let them eat you!

Spike

So far, I have offered advice for the normal dude, dudette, and the little dudesters…but Internet security is not just for big companies and homes; it is for everyone.  Today, I’d like to offer some tips for small-business owners on what you can do to protect your business.

In October, the National Cyber Security Alliance released its first study on cyber security practices of small- and medium-sized companies.  The study suggested that SMBs need to focus a bit more energy on security.

In these economic times, the thought of spending money on something you can’t see, stops threats you don’t know are happening, and you barely understand is hardly logical, right?  Wrong.

Let’s work from the outside in. By the way, for the homeowners who haven’t tuned out yet, this is a good stuff.

At your entry point, you have some form of connection to the Internet in the form of a cable modem, ADSL, ISDN, or other connection from a communications carrier.  Normally, they leave you with some box or other that has an ethernet (RJ-45) plug in it an tell you to plug a wire from their into your computer or local swith/hub.  This is where we want to start our protection.  What we want to do is to plug in a firewall between the carriers connection and your local computer or switch.

If you business is very small (less than 10 employees) you can go to your local big box retail center and purchase a router/firewall or cable router firewall from many vendors such as Linksys, Netgear or Belkin.  This box should cost less than $150 and is easy to set up.  Some of the more expensive models ($125 to $200) offer the ability to add annual subscriptions for anti-virus, email spam filtering and traffic management.  You should consider those options (we’ll talk about them further down the page).

If your company is larger, talk to a reseller.  You can find a computer network security reseller in the phone book, web, or by checking vendor websites such as Cisco, Checkpoint, Fortinet or Symantec.  Again, the firewall you need will cost between $300 and $1,000, depending on the size of your network.  These reseller can offer installation and customization assistance if you feel technically overwhelmed.

So you have plugged the new firewall into the circuit and followed the easy setup guide.  (It should have taken you about 30 minutes).  Make sure you CHANGE the password to something you won’t forget, yet is hard to guess.  Step one of basic protection in place.  Note to the homeowner: You can and should do the same thing.

Step two, the computers.  Your computers need protection too.  If you can afford to buy a good commercial package, this should be your first move.  For about $40 per machine you can get a great Internet security suite from Symantec (Norton), AVG, Avira, Kasperky, Zone Alarm and many others.  Again, if you are small business, you can set up individual systems. If your business is bigger and you can dedicate some computing resources,  set them up to work with a  management console.  Just like the firewall, if you do it yourself, you can buy off the web at any of those companies mentioned above or from your local network security reseller.  You want a personal firewall, anti-virus (or anti-malware), anti-spyware, and intrusion detection suite.  The companies I mentioned above all offer suites with all these features.   (There are a number of free packages available for home use but most charge for a business license.)

Now that you have installed a physical firewall and PC-based protection suites, you have completed the basic steps for protection.

The last step is to read my last couple of blog entries on safe browsing and browser add-ons and educate your staff. Remember, WHERE you browse and WHAT information you tell them is more of the security battle than all the tools in the world!   My blogs offers tips and education about safe browsing. Another group,  Stay Safe Online, has a great site with good information at www.staysafeonline.com as well.  In fact, check out their article here.  They point out even more resources.

So take a moment to think about cyber security at your business and your home.

The Internet is full of snakes; don’t let them eat you!
Spike

Dude, this is totally gnarly!

There is this great article from Herbert H. Thompson posted on Scientific American’s website that will blow your mind!  Thompson used information already on the Internet about his friends, and WITH THEIR PERMISSION,  gained access to their bank accounts!  Read this article and substitute “BLOG” with “Your Favorite Social Media Site of Choice.”

Spike was impressed!

The Internet is full of snakes; don’t let them eat you!
Spike

Spike made friends with a puppy today; that is, StormDawg.com!  

Bryan Jennewein, the Director of Social Media at infoGROUP and contributor to StormDawg.com, was helping me clean out my cage, so to speak, with some sage advice on my blog (no Mom, still not a blob!)  While he was visiting, we got to squeaking about safe surfing.  You really only need a wetsuit if the water is cold or the wax has sand in it and the surfboard rubs your chest wrong… oh, um, sorry…yet again another life.

OK, so Bryan and I were talking about safe web surfing and I gave him my top tools for making my browsing experience safer (or more annoying, according to my family), and then I thought, ”Hmm, I should make this a blog post.”

So here we go:

No matter what browser you use, install AVG Linkscanner, a free tool from AVG.  By the way, AVG’s anti-virus is great if you don’t have one yet!

Then set up OpenDNS for your house or computer.  Go to opendns.com and sign up.  It is free for most families and inexpensive for businesses.

Finally, add some great add-ons to your Firefox browser.  (You are using Firefox, right?) Some add-on suggestions: Ad-Block Plus, Ad-Block Plus Helper, Better Privacy, No Script and Ref Control.

With all of these tools, you can see which link in your Google search is safe to visit (AVG Linkscanner).  When you visit a web page, No Script will tell you all of the scripts that page is trying to run and from WHOM are they coming.  Start with only allowing the script from the main page owner and then allow ones you feel good about!   This will take a little bit of getting used to, but it will protect you from many bad things.

Last, when you close your browser, Better Privacy will ask you if you want to remove ## LSO Cookies.  YES, YES, YES!  Let the tool remove those flash cookies!

That should help “safe up” your surfing! 

The Internet is full of snakes; don’t let them eat you!
Spike

OK, I just ran into someone at work who did not have a firewall or antivirus at home.  It made my furry little head spin.

Really?  No security at home?  This must be fixed!  Read on.

Part One – Tools you must have before you browse

1. Viking helmet and a hazmat suit

Uh… sorry wait, that is another blog.

OK, the real list.

1. A firewall on your computer:

Usually sold as part of a firewall/antivirus package, this little gizmo protects your system from stuff wandering around the Internet. You do have some responsibility to pay attention to it when it asks you, “Hey! Should I allow this?”  If you always say yes, delete your firewall because you are making it useless.  Look the message – did you do what it is asking you to allow? IF you did, then ask why did it set off a security alarm?  If you really meant to do it, then by all means say yes!

2. Antivirus/anti-spyware on your computer:

Again normally bundled with your firewall, this tool looks at files you move to and from the Internet and at the rest on your computer.  It will try to determine whether the files contain things that could harm you.  Set it to be live all the time (usually termed “real-time mode”) and to scan you machine every day.  You also need to let it update itself with the latest Internet threats every day. These three are normal default settings on most good packages.

3. A secure browser:

1. Firefox is an excellent security-minded browser (and it is free).  If you really want to be secure, install an add-on called “no-script,” which will let you control any program (script) that someone wants to run on your computer. It’s a very cool tool.
2. Google Chrome.  This browser is also security-minded (and free).
3. If you insist on using Microsoft’s IE, then patch it every time Microsoft releases a critical patch.

4.  Little secure add-ons to make sure your browser is safe:

1. McAfee’s site advisor is free and colors your address bar green or red based on the safety of the site.
2. AVG’s linkscanner is also free and will tell you whether the link on your search page is safe with a green check mark.

5. Your own common sense:

1. Seriously, if you browse sites of a questionable nature you risk a higher chance of infection, so think before you browse.
2. Don’t share information unless you know why and to whom you are sharing it.
3. Be careful with your commerce.  Think before you buy.  Have you ever heard of this store before?  Have you done any research to find out if they are legit?
4. Is the webpage secure before you put in your credit card number, user ID, password, bank account number and so on… you get the picture!  Is there a little lock on the address bar or bottom status bar?

One last note, check out this site for more great advice!

Next time in part two: Tools from the Hardware Side

The Internet is full of snakes; don’t let them eat you!
Spike