Flash Vulnerability

People that have Adobe’s Flash player version 9.0.115.0 or earlier, or 8.0.39.0 or earlier, need to update it now. A new exploit for these versions has been discovered and can allow someone to take control of your computer just from visiting a website that has malicious code.

The new version that you need is 9.0.124.0 and it fixed this new vulnerability.

AIR1.0 is also affected because it includes a Flash player built in. If you use AIR upgrade to version 1.0.1.

Adobe’s security bulletin says that this affects all platforms, so that would include all versions of Windows, Macs, and Linux.

Whole Disk Encryption

If you carry a notebook outside of your home or office then Whole Disk Encryption is a technology you should be interested in. It’s also called Full Disk Encryption. First let’s identify the problem.

Most people who carry notebook computers (laptops) keep sensitive files on the machine’s drive. Business documents, business databases, contact lists, emails, chat logs, password lists, etc. The most common situation is someone carrying confidential documents on the computer.

If the notebook is lost or stolen then whoever holds the notebook computer has access to the files. Login passwords aren’t enough to protect the documents, they’re easily recovered by anyone.

A more worrying trend is for international business travellers who carry confidential data on their notebooks. There have been many instances of airport customs staff not only inspecting the notebook for banned items but they’re now looking in the notebook’s hard drive and looking through any documents stored there. Their excuse is that they have to search for anything that’s a threat to national security. Irrespective of why they’re doing this the point is that someone else can gain access to your files at airports. Read this article for an example. And for examples of lost or stolen notebooks see here.

Most large companies are now telling their staff to wipe all documents off notebook computers before travelling. This is excellent advice.

Another solution is to use whole disk encryption. This is a software technology that encodes the entire drive so that it’s unreadable without a password. At present this technology is rarely used on notebooks.

Advantages:

• It’s not possible for someone to extract files from a lost or stolen notebook computer
• You don’t have to remember to turn it on or to prepare anything before you leave home or the office. It’s always enabled

Disadvantages:

• Not all encryption programs are free (read below for some good news on free software)
• It slows down the computer
• You have to enter another password before using the computer
• It doesn’t protect you from malware (trojans etc). You still need a good antivirus system
• You must have a backup of all your data at home or at the office. If something goes wrong with the computer then there’s no way to recover the data without a backup
• Security is only as good as your password. If you use your car number plate or some other easy to guess password then it’s not really secure. You need to use a good password.

So with more disadvantages than advantages you’re probably put off. It depends how valuable your files are. If you’re a lawyer carrying around all your client’s documents then your files are probably quite valuable, and you should be doing everything in your power to stop strangers getting at them.

How does it work?

The technical explanations are beyond the scope of this article. It’s enough to know that it encrypts all of the drive. Older encryption programs encrypt some files only and smart hackers can usually recover all or part of documents. Therefore the “whole disk” part of the encryption program is important. The disk is completely unreadable and unusable without the password.

What whole disk encryption programs are available?

Recently there has been some progress on this and there are now good free versions including ones for Mac notebooks, as well as commercial solutions.

Free Windows Solutions:

There are quite a few solutions, below are the more popular ones available today.

• BitLocker – it comes with Windows Vista Enterprise, Windows Vista Ultimate, and Windows Server 2008
• TrueCrypt – a popular open source solution (see notes below). Available for Windows, Mac and Linux.

Commercial Solutions:

Below are low cost commercial solutions. There are many expensive enterprise level solutions not listed here.

• PGP – This program has been around for a very long time and is trusted by many people and companies. On the 13th Feb 2008 a version was also made for Apple Macs.

Summary

If you take your computer outside of a secure environment (home, office, etc) and you have anything on there you wouldn’t like others to have then whole disk encryption is a must.

As for airport customs and other law enforcement agencies, a lot of countries have laws making it possible for them to demand your password. So while you can keep random strangers from reading your data it’s really up to you how you comply with legal requests to hand over data. At least you have a choice.

Notes:

Open Source: in security it’s often a good thing to make programs or algorithms open source. It enables the programming community or security community to review the code and find any possible bugs as quickly as possible. It’s also a form of full disclosure. With commercial solutions you have to trust a company that they didn’t include a backdoor for whatever reason. With open source solutions everything’s exposed for public review.

Another fake anti spyware site

All these fake sites and applications are becoming a bigger problem. The latest is called removal-tool . com (warning, do not try going to this site). It appears to be a collection of spyware removal tools except that it actually tries to install quite a few different bits of malware on your computer. It’s a malicious web page in disguise.

The web site looks nice, contains a blog, a news section, and reviews. The authors went to some effort to make it look convincing. Most of the links on the site even work. It would be difficult to tell that this site will compromise your computer.

Good anti virus software these days has the option to filter all web pages and they stop most of these sites before your web browser starts loading them. It’s a good investment.

Another technique to avoid these traps is to use a less popular web browser such as Firefox or Opera, or to use a less popular operating system such as Mac OS or Linux.

At the moment the majority of malicious code is designed to target Windows and Internet Explorer. That’s not to say that other systems are immune, malware is just less common on them.

Only 5% of Windows PCs are fully patched

A recent survey by a security company called Secunia shows that only 5% of computers are fully patched. The other 95% are running insecure software.

It’s important to patch all of your software. This includes the operating system itself (e.g. Windows, Mac OS, Linux), your web browser (e.g. Internet Explorer, Firefox), and all your applications. And of course in an office environment patches should be carried out by IT administrators (complete with backups).

This serves as a gentle reminder to our previous post on patching. Read Secunia’s article here.

Can Apples be more secure?

The US Army has been upgrading their servers and workstations to Macs and are claiming they’re harder to hack (i.e. they’re more secure).

The primary reason they state is that fewer attacks are written for Macs than for Windows. This seems true for now.

One common weakness between all operating systems (Mac, Windows, Linux, etc) is the user. People can be tricked into clicking on things or carrying out other hazardous tasks no matter what computer they use (this is where security education comes in).

More details here.

Keep critical software up to date

Some programs you use are critical to the safe use of your computer, and it’s important to keep these patched.

In this article critical software is the collection of programs (both visible and those that run in the background) that transport information from a web server to your screen. It’s the chain of data flow that you use the most often when using the internet.

You have your operating system (e.g. Windows, MacOS, Linux), a web browser, and a stack of drivers that basically make the internet work for you. This is a simplified model, most people’s computers will be unique and full of all sorts of programs.

Because information is flowing along this chain of programs, data being handed off from the operating system to the web browser, every link in the chain is critical. And like the old mantra, the price of security is eternal vigilance. In this case we’re looking at the eternal task of patching your software.

Patches are released by software vendors, whether it’s a free open source program or from a commercial software company. Patches are written because the programmers are always fixing bugs, in particular they’re always fixing security vulnerabilities as they are discovered. It’s a way of strengthening each of the links in your data chain.

The point of this article is that you should always update the following:

• Patch your operating system (Windows, Mac OS, Linux, etc). Yes there’s a risk in being the first to install a patch, it might break something. Large companies have long complicated procedures to test patches before installing them. Small companies and home users need to take the risk and apply the patch blindly, trusting the vendor. It’s a choice between having the most secure computer possible or waiting to see if a patch is released by mistake. My advice is to take the secure option and make regular backups of all your data (backups would be a good topic for a future article). Most operating systems these days have automated patching systems in place making this simple and often a transparent process.
• Patch your web browser. All web browsers need to be patched – Microsoft Internet Explorer (IE), FireFox, Opera, Safari, etc. Apply patches as soon as they’re released. Today a web browser is the most vulnerable program on a computer, it gets used to run code that other people write. Code that comes from all corners of the world and is almost always not certified in any way and there’s almost no way of trusting the code. Your web browser will execute it blindly, trusting that it’s safe and you trust that all other programs on your computer (including the operating system) will handle the attacks in a graceful way. Web browsers will be attacked, this is almost a certainty these days. So you need to very latest version that hopefully has had every known vulnerability fixed.
• Patch your antivirus software. This is often automatic, and it’s often a paid service. Antivirus companies spend a lot of time and money keeping their tools up to date and it’s in your best interest to use their technology. Consider it a good investment, it could cost you thousands of dollars if your system is compromised.
• Sometimes routers will have to be patched as well. This is a little more advanced and you should only do it if you’re comfortable working with your router.
• Personal firewalls should also be patched. If your antivirus software includes a [personal] firewall then it’ll be patched automatically, otherwise it’s a separate process.

All software that uses the internet in any way, including the various video and music players, needs to be kept up to date. Web browsers and operating systems are the most critical and should be patched the most often. The time and effort you spend is the price you pay for having a safe computer.

Article On Securing Macs

This article explains some things you can do to make a Mac more secure. Most of these ideas would also apply to Windows (XP and Vista), and Linux (in a more general sense).

Protecting A Home Computer – First Steps

This article covers the most basic proactive measures you can take to protect your computer. It’s been written with a single home computer in mind – small and large offices need completely different solutions and they’ll be covered in a future article.

So you have a computer and are aware of the dangers present on the internet. You’d like to feel safe with as little effort as possible, and you’re even prepared to buy some antivirus software. Where do you start?

Anti-virus software is one line of defence, but you can’t rely on this alone. Online crime has advanced so much in the past few years that viruses are probably the least of your concerns. Nevertheless you still need an antivirus solution.

Viruses are programs that install themselves onto your computer and do something unwanted. Some are worse than others (it could delete your files, let hackers log into your computer, and copy itself to other computers). Antivirus programs scan everything on your computer and match it against a list of known viruses – new computer viruses get created every day. So yesterday’s antivirus software won’t protect you against today’s threats (it’s a fast paced world). What you need is a way to update your antivirus software every day. This is usually called a subscription, meaning you pay an annual fee to get the latest updates every day.

Some home users have outdated antivirus software. It probably came bundled with the computer with a 3 month trial subscription, and it probably expired. Some people think it’s ok to copy antivirus programs from a friend (which is morally wrong and illegal) and without paying for the subscription it won’t protect you. Bottom line here: pay the annual subscription.

The next line of defence is protection from trojans. The simple explanation is that some programs you download (or sometimes buy) include a hidden bit that connects out to the internet and does something bad without your knowledge. There are two things you can do to prevent and control this very serious problem:

1. Be aware of what you download. Only download programs you really need and preferably from sources you trust. Although this may sound vague it gets easier with experience.
2. Run a personal firewall. Read below on how this can help.

A personal firewall is a program you install on your computer that stops unknown programs from connecting out to the internet. In other words, it becomes very difficult for a “bad program” to use the internet without your permission. Windows now includes a firewall program but it’s worthwhile paying for a better one.

You also need to learn to use it. In its most basic form a personal firewall with ask you for permission whenever it finds a new program (attempting to connect to the internet). If you blindly click Accept then you haven’t really achieved any better level of security. You should take a moment to read what the message says and consciously decide whether or not to allow it. Don’t fall into the habit of clicking Yes to everything. In most cases if you’re intentionally telling a program to use the internet then you would want to allow it. Again this becomes easier with experience.

Lastly, the other main line of defence for a home computer is to keep it patched. Windows is not perfect (and neither is Linux or MacOS) and the programmers generally find ways to improve security. They release a patch and it’s up to you to apply that patch to your computer. This is often automatic, and for beginners this is how you want it to work. Windows XP and Windows Vista will let you know if patches are not being applied manually (in which case you should do this at least weekly). Patches can be applied by opening Internet Explorer and selecting Windows Update from the Tools menu, then following the prompts.

In summary there are three facets to securing a home computer:

1. Use antivirus software. It’s important that it receives updates at least daily
2. Use a personal firewall. Learn to read the messages it gives you and use it properly.
3. Keep your computer patched. This can often be automatic.

I think that’s enough for now. Each of the above three areas requires further articles, and there’s still an awful lot more to be learnt. I have deliberately avoided suggesting any products. This also warrants its own article and the market changes so fast that a recommendation would be out of date fairly quickly. Expect to pay about $100 per year per computer. This is reasonable considering that a computer typically costs over $1000 and your bank account could contain significantly more.

← Previous Page

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Sponsored Ads:

  • Anastasia International Scam

• Recently Written

  • Emails That Ask You To Run An Attachment
  • Fake Virus Scan
  • Smileworld Scam
  • Infected Samsung S8500 Wave SmartPhones
  • Facebook Password Reset (Virus)
  • Free $1000 Ikea Gift Card Scam
  • Phishing emails from Skype
  • Passwords Compromised on JIRA, Bugzilla & Confluence
  • Admin update
  • McAfee Stinger
  • Another Scam Job
  • ICS Monitoring Team
  • Facebook Groups And Toolbars
  • An Interview with a Nigerian Internet Scammer
  • Fake CUA Email

• Categories

  • Admin
  • Antivirus
  • Backups
  • Fraud
  • General
  • hoax
  • Identity Theft
  • Malware
  • News/Media
  • Phishing
  • Privacy
  • Scams
  • Security
  • Software
  • Statistics
  • Uncategorized

• Archived Articles

  Select Month July 2010  (2) June 2010  (2) April 2010  (5) March 2010  (3) February 2010  (5) January 2010  (11) December 2009  (1) November 2009  (2) October 2009  (4) September 2009  (10) August 2009  (9) July 2009  (7) June 2009  (20) May 2009  (15) April 2009  (12) March 2009  (10) February 2009  (14) January 2009  (10) December 2008  (10) November 2008  (3) October 2008  (7) September 2008  (5) August 2008  (11) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Affiliates

• Spam Blocked

  33,007 spam comments blocked by
  Akismet

• Stats