Teen Checkup | Internet Safety

Top Online Security Threats in ‘09

Believe it or not, it’s been 20 years since the first worm invaded the Internet. It was called the Morris worm and it was written, no less, by a Cornell grad student.

Times have changed - and so have the nasty bugs that notoriously inplant malicious codes and invariably ruin our day.

While 2008 brought us a ton of viral headaches (ie Koobface), 2009 promises to bring us a lot more. In fact, the 2009 Security Threat Report [PDF] from Sophos lays it all out for us blow-by-blow, beginning with infamous SQL attacks.

Read it and weep, people. Read it and weep.

SQL Injection Attacks

The Sophos research showed that over the past year the number of SQL injection attacks against innocent websites increased, a trend Sophos expects will continue next year.

Web insecurity, notably weakness against automated remote attacks such as SQL injections, will continue to be the primary way of distributing web-borne malware.

A recent report from the Internet Crime Complaint Centeralso points to an increase in SQL injection attacks in 2008, specifically relating to financial services and the online retail industry. Unfortunately, cyber criminals prey on the needs of Web users at any given time, and this time the economic crisis is their meal ticket.

The article is well worth reading if you’re interested in how attackers compromise websites by SQL Injection or if you want ideas on how to reduce the likelihood of intruders gaining access to your private data.

Third Party Advertising Agencies and Scareware

In February 2008, Sophos confirmed a ‘poisoned Web advertising campaign‘ on BBC competitor ITV’s website that affected both Windows and Mac machines. While we’ve all seen Scareware, the pop ups designed to scare people into buying anti-virus software, this is the first time it has been seen for the Mac.

According to Sohpos, a Flash file was injected into traffic served up by ITV.com via third party advertising agencies. Designed to promote a program called Cleanator (Windows) or MacSweeper (Macs), the programs claimed to detect “compromising files” and encouraged users to purchase a full version of the package.

As websites often use third parties to serve up their advertising, Graham Cluley, senior technology consultant at Sophos suggests taking care when selecting agencies. “Website owners should ask the third party agencies they use what procedures they have implemented to positively vet the adverts that they deliver for malicious content or unsavory links.

Social Networking Sites

With social networking on the rise, the bad guys have found yet another playground on the Web. The Sophos report reveals 1800 Facebook users had their profiles defaced in August by an attack that installed a Trojan while displaying an animated graphic of a court jester.

Gated sites appeal to the bad guys because they form a “launching pad” for mass distributing malware attacks and spam, like the recent Koobface Trojan which attacked both MySpace and Facebookand transformed victim machines into zombie computers to form botnets.

Twitter too has become a tool for cyber criminals to distribute malware and marketing messages. In many cases, the bad guys steal members’ usernames and passwords and bombard the victims’ friends with marketing messages or direct them to third party websites. With Twitter especially, it is difficult to discern where links are going due to the 140 character limit and the use of services that shorten URLs.

On the flip side however, Chris Boyd of FaceTime Security Labs at this years RSA Conference explained that social networking sites are incredibly useful for security researchers. “The people that create these things have been on social networking sites since the beginning; they need to be on them a lot to understand them intimately enough to exploit them. But many times they leave a trail online that we can use to track them, to find out things like their names, ages and friends.”

Apple Macs Become “Soft Targets”

While Mac malware is miniscule compared to Windows malware, Sophos recommends Mac users follow safe computing best practices and avoid complacency even though cyber criminals are more likely to stick to attacking Windows computers in the foreseeable future due to the higher financial incentive.

With so many Windows home users seemingly incapable of properly defending themselves against malware and spyware, it seems sensible to suggest that some of them should consider switching to the Apple Mac platform. This is not because Mac OS X is superior, but simply because there is significantly less malware currently being written for it.

Along with the scareware attack mentioned earlier, there have been other attempts to infect Mac computers in 2008: the OSX/Hovdy-A Trojan, the Troj/RKOSX-A Trojan, and the OSX/Jahlav-A Trojan.

Smartphone Threats

 

While most malware and spam is produced as a result of financial incentive, with smartphones, Sophos believes malware will more likely be written by those wanting to make headlines. As neither the iPhone or the G1 has yet been the target of a significant attack, someone will want to be the first and claim the title.

Apple iPhone

According to Sohpos, iPhoneusers are more vulnerable to phishing attacks than their desktop counterparts for three reasons:

• They may be more willing to click on links because entering URLs on a touch screen is more difficult
• The iPhone version of Safari doesn’t display URLs embedded in emails before they are clicked on making it more difficult to tell whether a link leads to a phishing site
• The iPhone browser doesn’t display full URLs making it easier for the bad guys to trick users

Google Android

Hackers are only just getting a real look at the Android OS so there is not much to report however, one security flaw was revealed only days after the G1 went on sale. The flaw, discovered by Charles Miller, a principal security analyst at Independent Security Evaluators, was in the browser partition of the phone. According to the New York Times, the flaw enabled keystroke logging software to be installed, making it an easy trick to steal identity information and passwords.

Additionally, while many are impressed with Google’s open attitude to applications, others are concerned about the ease in which malicious software could be distributed and caution when it comes to downloading third party apps is advised.

Sophos predicts as more people purchase smartphones, creating threats will become increasingly attractive to cyber criminals: Imagine a generic Mac OS X attack made for the iPhone that could also cripple the Mac computer.

This post was written by: Erin

Tags: anti-virus software, Cyber Criminals, morris worm, nasty bugs, online security threats, sophos

Down and Out in ‘09?

 

Ahh. It’s the new year. Time for a new beginning. New adventure. New change. Right?

Wrong.

As some IT professionals are pointing out, some things really don’t change, especially in their computerized world of security, employee policing, devices and data.

David Kelleher has put together this satirical list of information security issues, humorously titled “Top 10 List: What Will Not Happen in 2009.”

It’s hysterical - even to hi-tech idiots like myself.

1. Organizations will pay greater attention to security
   And pigs will fly! In spite of a series of security breaches in 2008 and increased awareness on the need to secure data, organizations will not heed the warning signs any more than they did in 2008. The ‘it won’t happen to me’ syndrome will strike again and thousands of records will be put at risk.
2. IT security spending will increase
   With the world’s economy passing through one of the worst recessions since the Depression in 1930, there is little hope that IT security spending will be increased in 2009. Administrators will need to rethink their purchasing strategy and look at more cost-effective solutions. Do more with less, will be this year’s mantra. 
3. Employees will use IT with greater security awareness
   A dream, to say the least. Employees will continue to use IT with little regard for security. They remain a serious security threat and the weakest link for any organization. They will still stick passwords to monitors, give out passwords without thinking twice and they will still use their portable devices to copy material. 
4. Employees will not fall for phishing and social engineering attacks
   They may not fall for the boring emails offering immediate millionaire status but try calling the boss’s secretary with an excuse that you need to reset her password and could she give it to you over the phone. Cyber crime and identity theft are expected to increase in 2009. You can bet your last dime, they’ll be successful. 
5. Employees will pay attention to company security policies
   Fat chance; even more so if those policies restrict their freedom on the network. Most employees don’t even know the policies exist, so if the IT manual is still gathering dust on the shelf behind the IT administrator, you can’t really blame them. But why bother if they won’t listen, you may say. Point made. Point taken. 
6. Facebook will be forgotten
   The only thing that employees will forget is when to start working. Facebook will continue to be a thorn for IT administrators unless they can restrict its usage in the organization. Then again, with all this talk of using social networking as a marketing tool, would you dare restrict access? The upside is you’ll get to know who was partying when they should have been in bed nursing a cold. 
7. They will not open files from people they don’t know
   It would be the greatest example of naiveté if administrators expect users in 2009 to be vigilant and diligent in their handling of email and web downloads. Do you really expect someone to receive an e-card and think ‘this may be a security threat… I shall not open’? Wait for that all important support request: ‘Something happened to my files… I did not open anything’. 
8. Company devices and data will be never be lost again
   Prepare yourself for the worst. If your organization’s employees are using laptops, PDAs, mobile phones and flash drives to do their job, make sure you’ve implemented encryptionat some stage. People have a bad habit of forgetting their laptop on the backseat of their car; their USB stick with thousands of client names on it at the bar (not surprising) and PDAs connected to hot spots without encryption. Lovely! 
9. Vulnerabilities and threat vectors will decrease
   When the perfect operating system appears on the market, you can sit down, put your feet up and enjoy life as an IT administrator. Enough said. 
10. You will have an easy life
    Sorry to disappoint but 2009 will not be easy. You will be faced with more threats, even more gullible employees, a management team that doesn’t understand security and, to top it all, a request to perform miracles with fewer resources, and less cash in hand. Don’t you just love your job!

Thank you David for making me laugh so early in the morning.

This post was written by: Erin

Tags: information security issues, it professionals, new year 2009, security breaches

Australia’s Move Toward Censorship

Wait until you read this.

According to the New York Times, the Australian government plans to test a nationwide web filtering system that would force Internet service providers to block access to thousands of sites containing illegal content.

The proposed filter is part of a $82 million “cyber safety plan” with the goal of protecting children online and stopping adults from downloading questionable content, like child pornography or materials related to terrorism (all of which are illegal in Australia).

The system would have two tiers.

First, all Australian service providers would block access to around 10,000 websites on a list maintained by the Australian government.

Second, the service providers would be required to provide an optional filter that people could use to block material deemed unsuitable for children.

The proposal has set off a flurry of anxious chatter on social networking sites like Facebook, where thousands of users have announced plans to attend mass protests. More than 85,000 users have also signed an online petition created by the left-wing advocacy group GetUp, which calls the mandatory filter “a serious threat to our democratic values.”

This wreaks of censorship to me too. While Australia may be operating with the best of intentions, I’m not so sure that it should be mandating which websites people can and can not look at. The Internet is still considered the “wild, wild west” - why start governing it now?

Seriously, I’m all for Internet blocks and controls - but on a personal level. All of us - as human beings - should have the right to pick and choose what we (and our kids) can look at. Sounds like Australians feel the same way.

More from around the sphere:

wzdd: Stephen Conroy’s office sent me a form l - The Government has committed $125.8 million over the next four years to a comprehensive range of cyber-safety measures, including law enforcement, filtering and education. Measures include:. Expansion of the Australian Federal Police … Australia sees rallies against Internet filtering plan | The … - The initiative, part of the government’s A$125.8 million cyber safety plan to reduce child pornography, will block nefarious and illegal content listed in a separate clean-feed and opt-out blacklist, operated by the Australian … Australian government is calling internet censorship “cyber-safety … - The BBC is reporting that the Australian government plans to introduce a “cyber-safety” plan that blocks access to websites that are unsuitable for children. This is censorship and will put Australia in the same league as China, … Australian Labor Party : Youth Advisory Group on cyber-safety - The Government committed funding of $125.8 million over four years in the 2008-09 Budget for a comprehensive cyber-safety plan including: education,; law enforcement,; content filtering,; research, and; international cooperation. …

This post was written by: Erin

Tags: australian federal police, australian service providers, internet blocks, mass protests, protecting children online, questionable content, social networking sites, stephen conroy

Europe Gets Tough on Internet Safety

Europe is on the ball.

According to an article in the Earth Times, the European Union is getting ready to spend roughly $70 million over the next five years to make the Internet safer for children. Officials in Brussels say 75% of children (under age 17) in the EU have access to the Internet, and half of all 10-year-olds have a mobile phone, making it vital to protect them against cyber threats - like bullying and harassment.

Evidently, the funding will also be used to set up hotlines for reporting illegal Internet content or behavior.

I’m extremely happy to see Europe joining the emerging “Internet safety” cause. I’m even more happy to see that a governing body is taking such an active role. Unfortunately here in the U.S., the fight against inappropriate Internet behavior is only a grassroots effort, albeit a strong one.

Perhaps once Europe shows the world the great strides it has made in cracking down cyber threats- the rest of the world will follow suit.

More from around the sphere:

New Report Urges Obama to Focus on Internet Safety for Children … - New Report Urges Obama to Focus on Internet Safety for Children. Posted in: Child protection at 11/12/2008 13:07. Online safety advocates are pushing president-elect Barack Obama to put more resources toward protecting children from … Children’s Charities’ Coalition on Internet Safety: eNACSO, A … - eNACSO, A submission to EU Meeting of Family Ministers in Paris, September 2008. A submission to the meeting of EU Family Ministers in Paris, September 2008, raising several issues of on-going concern in relation to online child …

This post was written by: Erin

Tags: bullying and harassment, Cyber Threats, Internet Safety, protecting children, safety advocates

Cyber Crooks Get Crafty

Internet criminals are getting more crafty and doing more damage. These days they try to operate like Big Business to get more profitable at selling stolen data online.

Now, according to experts at Symantec, cyber crooks are showing-off new, unexpected traits: remarkable patience and restraint in stalking their victims.

Hackers sometimes break into online businesses but don’t steal a thing. Instead of swiping all the customer data, they concentrate on more specific things, like access to the company’s payment-processing system. That system would allow the bad guys to check whether credit card numbers being hawked on underground chat rooms are valid, the same way a store verifies whether to accept a card payment. Crooks then sell the service to other fraudsters who don’t trust that the stolen card numbers they’re buying will actually work. It’s still theft, even though the customer data is left intact and malicious software isn’t installed.

It’s rather bothersome that Internet plundering is begining to operate like a traditional business, don’t you think?

Leave it to Symantec to get to the bottom of things. Now what will they do to protect us?

More from around the sphere:

Symantec takes cybercrime snapshot with new report - Legal … - Symantec takes cybercrime snapshot with new report. Posted in: Legal, Privacy & Security at 25/11/2008 11:22. The criminal market online for buying and selling stolen credit cards, pirated software and information about financial … Online Fraud $5 Billion Says Symantec - online Online fraud could be as high as US$5 billion according to web security firm Symantec. The figure quantifies the scale of fraud it found during a year-long look at the net’s underground economy. Credit card numbers were the most … Symantec says Internet underground economy is organized and rich … - Symantec’s Report on the Underground Economy details cheap cyber-attack tools, high price tags for bank account information, and software piracy trends.

This post was written by: Erin

Tags: Cyber Crime, cyber crook, Fraud, malicious software, Symantec

Teens Take Internet Safety Seriously

Internet safety. It’s no joke and, thankfully, teenagers feel the same way.

Researchers from the University at Buffalo and University of Maryland recently found that preteens and early teenagers who were taught about the importance of Internet privacy were more likely to practice online safety than those who weren’t.

What’s even more interesting - among teachers, friends and parents, the researchers found that parents were the most influential with their children.

Parents, there is hope for us yet!

The study also showed that girls tend to practice more protective behavior on the Web than boys. The researchers believe this is because girls consider online privacy more important than boys do.

So what happens when teens are actually confronted with an online privacy breach?

Well, the finding here is not so terrific.

Researchers say that experiencing a privacy breach online did not cause kids to improve their safety practices nor their protective behavior. This, experts say, will put them at risk for becoming victims in the future.

I find this news rather bitter sweet. It’s clear teens don’t take online security invasions seriously, however it is nice to hear that they know right from wrong as it pertains to Internet safety. This just goes to show how important it is to get Internet security in our schools. Make it part of their high school curriculum. Parents, make it part of your dinner table discussion. If we can all get through to just one child… well, at least that’s a start.

More from around the sphere:

Sex Offender Issues: Comparing Internet Safety Videos - 400 teens arrested for flirting · OFF TOPIC - Teen kills father with a crossbow, get… Comparing Internet Safety Videos · America’s forgotten freedoms · FL - Residency restrictions a challenge for police. … Sue Scheff (P.U.R.E.) - “Parent Empowerment!”: Sue Scheff: Love … - Sue Scheff - Teen Internet Addiction. Parents Universal Resource Experts - Sue Scheff - Teens and Internet Addiction · Sue Scheff - Cyberbullying · Sue Scheff: 10 Types of Teen Internet Users · Teens and Internet Safety … New Study Says: Internet = Good for Kids | Pandora’s Blog - New study says the Internet is an overwhelming positive for teens; we agree, but also recognize the need to monitor Internet activity with PC Pandora monitoring software…

This post was written by: Erin

Tags: Internet Safety, Internet Security, privacy breach, safety practices

Tech Post a Key Move for Obama

The election is over. All eyes are now on our new President-elect as he begins to select his cabinet. Barack Obama has some pretty significant decisions ahead of him, one of them being his choice for Chief Technology Officer. Tech experts are buzzing about this new position. This, according to the National Post, will define Obama’s presidency and officially move the government into a 2.0 world.

So many of you are probably wondering what the heck a CTO will really do. The answer is A LOT! Not only is this person going to protect our government from cyber terrorists, hackers and criminals, they will also protect and improve how we conduct business online - including education.

Here are the main goals of the new CTO:

1. The CTO will be responsible for enhancing and financially supporting technology of all kinds: environmental, scientific, engineering, medical. This will include massive funding for green (US$150-billion in 10 years), biotech, computer tech and pure scientific research but will also involve incentives to universities to step up engineering graduates annually from 60,000 a year to double that number within half a generation.

2. America’s CTO will be responsible for making the government more transparent, accessible, responsive. Like the Internet-savvy Obama election machine, this President-elect wants to stream meetings live, which are held between cabinet ministers and business CEOs or their organizations; he wants to post on government Web sites legislation for five days to solicit public comments; he wants to provide other interactive policy sites, chat rooms and forums so citizens can participate in governance, and he wants to streamline or convert government departments and their Web sites into efficient service providers.

3. Extend broadband access to all Americans, up from the 23% who now can tap into the Internet and its vast store of information or services. The U. S. ranks 15th in the world in this regard, according to the OECD.

4. The CTO will lobby for more open immigration policies to attract more of the world’s brainpower to its government-funded research projects.

5. Obama’s America will earmark money to upgrade and computerize the country’s education system.

6. His plans include cleaning up the patent-protection and copyright processes to end frivolous and vexatious litigation as well as “trolling” or tweaking existing protections to create new, invasive ones.

Barack Obama. He’s our new president. Let’s all rally behind his effort to foster innovation and invention. His choice for CTO will no doubt improve our hi-tech nation and, perhaps, make history. Again.

More from around the sphere:

Obama CTO - Help set the priorities for the Obama administration - About ObamaCTO. Barack Obama promised to use technology to make it easier for citizens to participate in government. Our goal is to provide our country’s first Chief Technology Officer (CTO) with one example of how this might work. … Groups push for Net neutrality in Obama administration - He should also put key staffers in the new office of U.S. chief technology officer and the Office of the U.S. Trade Representative to promote open Internet ideals both in the U.S. and overseas, the group said in an open letter (download … Exclusive: Barack Obama to name a “Chief Technology Officer … - The campaign of Democratic presidential candidate Barack Obama has given VentureBeat an exclusive look at his technology plan, which he …

This post was written by: Erin

Tags: Barack Obama, cabinet ministers, chief technology officer, cyber terrorists, president elect, supporting technology

Microsoft Warns of More Online Threats

You  know things are bad when Microsoft starts warning about online threats.

This week, the software giant reported that its operating system has significantly improved, while at the same time the threat of computer viruses, fraud, and other online threats has become much more serious.

Microsoft blames organized crime, naive users, and its competitors.

Get this. Microsoft says the amount of malicious software removed from Windows computers grew by 43% in the first half of 2008. Now, apparently, Microsoft is shifting their security attention away from operating systems and more toward individual programs. In fact, experts say 90% of vulnerabilities involve applications.

Microsoft and the computer industry have also been unable to solve the so-called dancing pony problem. That refers to the urge of many computer users to click on enticing links in their e-mail or to visit malicious websites, leaving them with computer viruses.

I applaud Microsoft for trying to combat Internet threats by building safeguards into its operating system and its Internet Explorer browser. But as most of us know, there are still a lot of holes that could lead to nasty malware infections. We are a long way from fixing this problem.

If Microsoft can’t get a handle on it. Who can?

This post was written by: Erin

Tags: Internet Explorer, internet threats, microsoft, software giant, Windows operating system

Get Password Protected

If you’re like me, chances are you have the same password for just about every login, ATM, and account you have. Let me guess. Your password is probably your spouses name, a date of birth, a zip code, or telephone number. And how many of you trust your browser and actually store your login and passwords in your browser? Well, you’re not alone. I am guilty of this too.

But it’s time to get real. Our passwords are our secret weapons against Internet intrusion. We must learn to manage our passwords - ALL OF THEM-  without compromising their strength.

Enter Roboform and Microsoft’s Password Strength Checker.

After you have created a password, you can easily check its strength with one of these powerful, secure programs. None of your information gets stored, ensuring that you can safely use the password after it’s been strength checked.

Now before you use Roboform or the Password Strength Checker, you should know that the programs rely heavily on the use of different types of characters in the passwords. Use letters, numbers, asterisks, and dollar signs. You may feel like you’ll never remember the password again. But just think, once it’s been safely approved you can use the password for EVERYTHING. And you’ll feel better knowing that your password is secure.

Protect your password today. Or you’ll might regret it later.

And, no, that’s not a threat.

This post was written by: Erin

Tags: Internet Security, password, Web. 2.0

Top 12 Computer Dangers

I’ve researched and written about this several times over the last few months, yet I’m drawn to it again.

Internet safety. It is not a joke. Ignore it and your computer could suffer dire consequences.

From Trojans to adware to viruses - all of us, as responsible computer users, need to be aware of what’s lurking in the dark corners of the Internet. International blogger Kai Chandler recently published a list of the Top 12 Threats No Computer User Should Ignore. Today, I’m passing it on with hopes it will keep your computer threat-free.

1. Viruses - A computer program that copies itself. They
often disrupt your computer system or damage your data.
Viruses are usually received by email attachments so be
careful opening anything from a dubious source.

2. Spyware - Sends information about you and your computer
to somebody else. Spyware may send the addresses of sites
you have visited or worse still, transmit personal
information. With today’s concerns about identify theft
this is a real worry.

3. IP Spoofing - A technique to gain unauthorized access
to computers, whereby the intruder sends messages to a
computer with an address indicating that the message is
coming from a trusted host.

4. Trojans - An apparently legitimate computer program
that is really intended to disrupt and damage computer
activity by sending information, perhaps even passwords
onto a third party without you knowing.

5. Spam - Unsolicited mail often promoting products of a
dubious financial or sexual nature. Don’t leave your email
address on websites and Internet bulletin boards as they
are harvested by spammers.

6. Adware - puts advertisements on your screen. These take
many forms including popups, popunders and advertisements
that appear later, even if your browser is closed. Some are
sent using the Windows Messenger service which allows a
spammer to direct an advertisement straight to your
computer by sequentially sending messages to IP addresses.

7. Dialers - for those of us still with dial up modems,
dialer programs redirect calls to a very expensive number.

8. Hijackers - Hijackers take control of your web browser
and may reset your home page, search bar and search pages.
They can redirect you to undesirable sites or stop you
going to particular sites.

9. Hackers - With so much personal data available online
to anyone with a password you must be sure your password is
secure. If you are using your mother’s maiden name, your
cat’s name or your birthday then your password is at risk.

10. Phishing - Emails purporting to come from reliable
sources such as Paypal, Ebay or your bank. Often wanting
you to verify your account details, they can look very
realistic but are generally scams to harvest usernames and
passwords. Always open a new browser winder and type the
address there, rather than clicking on the link provided.

11. Hoaxes - Chain letters, scams, false alarms. At best
they take up time and bandwidth but at worst vulnerable can
be victims of fraud.

12. Stranger-danger - For those of us with children - do
you know what they actually do when they are online? Are
they working on homework tasks, downloading illegal music
or pornography? Or are they chatting to strangers in chat
rooms? You should consider blocking access to undesirable
sites and logging their activity with a surveillance tool.

 

This post was written by: Erin

Tags: adware, computer threat, internet dangers, spyware, unsolicited mail, Viruses