Vanish Security News   Internet Storm Center Infocon Status
Computer Security
Threat Tracking
Internet Fraud

Norton Safe Web

Anonymous Email

Security – Privacy – Anonymity

Internet Privacy and Anonymity

When 'Smart Homes' Get Hacked
"I can see all of the devices in your home and I think I can control them", I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning. He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist–like temptation to turn the television on as well.

Thomas Hatley's home was one of eight that I was able to access. Sensitive information was revealed.

Google Is Trying To Take Over The World
Google is a pretty big company, with projects ranging from its core advertising business in AdSense to digital cartography in Google Maps to futuristic consumer technology like Google Glass. There are also a host of other products Google's working on that you've probably never heard of. But it's hard to comprehend the scale of the situation without a running list of everything Google's doing these days. That list is here, and it's just the stuff we know about.

As one person noted – Hungry Beast made a nice little video about Google. It can be a little worrying, when one single company can potentially have so much information about you.

BUT, we can use Google as a Proxy Server to Bypass Paywalls and Download Files
If you have trouble accessing a web page either because the website is blocked at your workplace, or because that page happens to be behind a paywall, there are a couple of undocumented Google proxy servers that may help you read that page. When you access any page via one of these Google proxies, the content of that page gets downloaded on Google servers and then served to you. The lesser-known proxy, will even allow you to download documents, videos and other web files that are otherwise blocked.

UEFI secure boot
The UEFI initiative was a joint effort by many companies to minimize the risks of BIOS attacks from malware that may compromise the system. Secure boot is a UEFI Protocol to ensure security of the pre-OS environment. The security policy integrated in the UEFI works on the validation of authenticity of components. Until and unless the public key of each open source operating system was available to the hardware vendor, GNU/Linux users would fail to enjoy the combination of secure boot with the inherent security of Linux and if the option to disable the secure boot was not incorporated in that particular hardware by the vendor then life would certainly become very difficult for Linux users.

Secure boot offers the prospect of a hardware-verified, malware-free operating system.

Welcome to the USA – land of the free – and PRISM

Following a storm of media headlines and company denials, he-saids and he-saids, the director of national intelligence entered the fray to release a statement setting the record straight on the nature of its PRISM program. "PRISM is not an undisclosed collection or data mining program", U.S. Director of National Intelligence, James R. Clapper, wrote in the three-page statement. "It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision".

Physically, the NSA has always been well protected by miles of high fences and electrified wire, thousands of cameras, and gun-toting guards. But that was to protect the agency from those on the outside trying to get in to steal secrets. Now it is confronting a new challenge: those on the inside going out and giving the secrets away. Long before Edward Snowden walked out of the NSA with his trove of documents, whistleblowers there had been trying for years to bring attention to the massive turn toward domestic spying that the agency was making.

Americans were anxious about privacy even before NSA spying scandal. A full 85 percent of Americans believe their communications history, like phone calls, emails and Internet use, are accessible to the government, businesses, and others. Two in three feel that they have little or no control over the type of information that is collected and used by various groups and organizations. Fifty-nine percent, meanwhile, feel that they are unable to correct inaccurate personal information. A lot remains uncertain about the number of users affected by the NSA PRISM surveillance program that is taking place, the extent to which companies are involved, and how the NSA handles this sensitive data. Here are some of the biggest unresolved questions.

While people are sceptical about how and why so many tech companies are involved with PRISM, the New York Times has run a heartening piece, which describes how Yahoo fought hard – but ultimately failed – to avoid joining the initiative. A newly leaked NSA document shows that Yahoo began supplying data to the spy agency's PRISM program after failing a legal fight against a court order it considered too broad. This government slide shows that Microsoft was the first to begin supplying data to the PRISM program in 2007, with Yahoo coming into the program the following year. There has been quite a storm about the US National Security Agency (NSA) tracking users recently. One of the journalists investigating the NSA, James Bamford, yesterday did a Reddit Ask-Me-Anything last night and revealed just how many crazy terms the agency is tracking. Brace yourself.

Edward Snowden is not the first government whistleblower to come forward and try to warn the U.S. public about the surveillance overreach of government agencies, but it was the first time that such revelations had such a global impact and response. He has also prompted a change of direction in the debate that has been going on for months around China's alleged hacker attacks on the US. He told Hong Kong-based South China Morning Post newspaper that the intelligence agency has been launching hacking attacks on targets in Hong Kong as well as mainland China. And, of course, the dreaded thumb drive has struck the Defense Department again. NSA whistleblower Edward Snowden smuggled out thousands of classified documents on one of the portable devices, despite efforts to ban them.

The Top 10 Countries Who Request Data From Tech Companies
Looking at the graph, it's feasible to think that the United Kingdom and France might be just as horrible as the US since they have nearly half the requests with a significantly smaller population. Though of course the US has PRISM.

Why 'I Have Nothing to Hide' Is the Wrong Way to Think About Surveillance
Suddenly, it feels like 2000 again. Back then, surveillance programs like Carnivore, Echelon, and Total Information Awareness helped spark a surge in electronic privacy awareness. Now a decade later, the recent discovery of programs like PRISM, Boundless Informant, and FISA orders are catalyzing renewed concern. Both then and now, privacy advocates have typically come into conflict with a persistent tension, in which many individuals don't understand why they should be concerned about surveillance if they have nothing to hide. It's even less clear in the world of "oblique" surveillance, given that apologists will always frame our use of information-gathering services like a mobile phone plan or Gmail as a choice.

The Secret War
Inside Fort Meade, Maryland, a top-secret city bustles. Tens of thousands of people move through more than 50 buildingsin a city that has its own post office, fire department, and police force. It sits among a forest of trees, surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras. To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh. This is the undisputed domain of General Keith Alexander, a man few even in Washington would likely recognize. Never before has anyone in America's intelligence sphere come close to his degree of power, the number of people under his command, the expanse of his rule, the length of his reign, or the depth of his secrecy.

Alexander runs the nation's cyberwar efforts, an empire he has built over the past eight years by insisting that the US's inherent vulnerability to digital attacks requires him to amass more and more authority over the data zipping around the globe. In his telling, the threat is so mind-bogglingly huge that the nation has little option but to eventually put the entire civilian Internet under his protection, requiring tweets and emails to pass through his filters, and putting the kill switch under the government's forefinger.

PRISM break
Opt out of PRISM, the NSA's global data surveillance program. Stop reporting your online activities to the American government with these free alternatives to proprietary software at PRISM break

Which Tech Companies Protect Your Data From The US Government?
The Electronic Frontier Foundation just released its annual "Who Has Your Back" report card, detailing the privacy policies of tech companies. It's a rundown of who fights for your privacy in the face of government requests for your data – and who doesn't even bother.
When you use the internet, you entrust your conversations, thoughts, experiences, locations, photos, and more to companies like Google, AT&T and Facebook. But what do these companies do when the government demands your private information? Do they stand with you? Do they let you know what's going on?
In this annual report, the Electronic Frontier Foundation examined the policies of major internet companies — including ISPs, email providers, cloud storage providers, location-based services, blogging platforms, and social networking sites — to assess whether they publicly commit to standing with users when the government seeks access to user data. The purpose of this report is to incentivise companies to be transparent about how data flows to the government and encourage them to take a stand for user privacy whenever it is possible to do so.
Which Tech Companies Protect Your Data From The US Government?.

Are we witnessing the end of privacy?
As Facebook CEO Mark Zuckerberg famously stated, privacy is no longer a social norm.
There will eventually be 40-year-olds whose entire lives have been chronicled on social media sites. I believe that we are witnessing historic changes in privacy norms that will carry beyond my generation. While at some time in the future, information shared on social networks may carry little personal or professional weight we're still living in a world where private data can be easily abused. This infographic illustrates The Risks of Posting in Social Networks.

How Companies Track You on the Web
Have you ever stopped to think how you're being tracked online? Ever wonder which websites are tracking you and what they're looking at? Well the answer is just about all of them and everything.

How Companies Track You on the Web

How to Delete Yourself from the Internet
Think this through very carefully before proceeding. Much of what is suggested below cannot be undone. This means that you will lose information, forfeit any marketable presence that you've developed online, and in some cases, you'll even lose the opportunity to restart your account using the same name or even the same email address.
These are drastic measures and should be treated as such.

Take the tests
The more you use the internet, the more you appreciate its convenience and access to services like banking and shopping. Unfortunately, the internet is also exploited for frauds that can sometimes look surprisingly genuine.
The sole purpose of all these fraudulent emails [and scam websites] is to access your financial details.
If you conduct any financial transactions online [banking – shopping – billpaying] you must be very diligent.

I'm guessing that most of you think you can spot a phishing email – here's your chance to find out.

SonicWALL Phishing IQ Test
OpenDNS Phishing Quiz
Operation SpearPhish
OnGuard Online
Anti-Phishing Phil – registration required
Bright Hub Quizzes – test yourself on everything

eBay phishing tutorial
Phishing Attacks – Visa tutorial
APWG Phishing Education Page

Real vs. Rogue Security Software challenge from Microsoft
How to Spot Fake Antivirus Software tutorial from Fortinet

Length does matter
Passwords: Love them or hate them, they are a reality we all have to deal with every day of our lives. We have spent at least the last decade training users to use complex eight-character passwords that are hard for humans to remember yet easy for a computer to break. A regular complex password is typically eight characters long and requires a mix of uppercase, lowercase, a number and a character. These passwords can be brute forced by a high end custom gaming computer in an average of four hours and no longer than eight hours. That seems like a lot of suffering for very little return to me. In the recent case where the LinkedIn database was leaked, a guy sitting at home running a high end gaming machine that he put together could make 15.5 billion guesses per second was able to crack 20 percent of the LinkedIn database's user password in 30 seconds and 55 percent within two hours. After five days he had cracked more than 80 percent of the passwords in the LinkedIn database – a database containing 6.4 million passwords.

12 is the magic number
The end result of all of this is that the only way we have left to ensure our passwords are secure is to use length. The longer a password the more secure it is. Anything over 12 characters becomes effectively impossible to brute force with current technology.

Plain Text Offenders
Advances in the power of computers won't automatically make passwords obsolete, according to a top computer science researcher. He disputes the idea that well thought out, complex passwords stored using a sufficiently robust hash function with proper salting have had their day. Instead websites need to store password hashes, protected by salting, in order to prevent brute force attacks using rainbow tables. A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn't even matter if you've created the strongest possible password. It's just there. More reading on why even just sending the password via email without storing it in plain text is bad.

Password Manager
The above two items will have shown you that you are not the master of your own destiny. Poor security protocols with online storage of passwords means that if one of your passwords is stolen, then access to other areas of your online presence is also made available. Therefore, you DO require a UNIQUE password for every log on, and to do that you need a password management system. As mentioned below, after a [too] long a period of incredible slackness, I took the time to examine, then revamp, my entire password protocol.

You have to use whatever system you are comfortable with. There are no shortage of opinions or suggestions from the experts. It doesn't matter whether you use a Flash Drive Data with TrueCrypt or a Password Safe, you have to securely store your passwords somewhere. It would also help if your flash drive has an ultra secure memory with anti-malware features.

Your passwords MUST be UNIQUE for EVERY online log in.
Do not use the websites name as part of your password.
EBAYvanish01 are NOT secure passwords. If one is discovered, they are all discovered.

"thisismylinkedinpassword" is also rubbish.
It would only take one guess to discover what your bank account password is.
The magic 12 number theory does not apply to stupidity!

AND, finally, access to your secure containment of passwords is – WITH A PASSWORD.
As you are now aware that "12 is the magic number", make your master password a secure one!!!

Effectiveness of antivirus products
I kind of hoped that the fuss about Imperva's somewhat discredited quasi-test, first publicized in Novermber, would have died away by now. Imperva's study frustrated not only the AV research community, but anyone who cares about accurate testing and evaluation of security products and strategies. Imperva's antivirus test used VirusTotal, but detractors argue that the online service is not designed to determine whether an antivirus product actually blocks a threat since it only looks at whether a signature is on file, not at other lines of defence. The ESET Threat Blog covers this blatant PR exercise.

The effectiveness of antivirus products has declined, according to tests by German testing outfit AV-Test put 25 antivirus products for home users and eight corporate endpoint protection software applications through their paces in November and December 2012. Only an average of 92 per cent of the zero-day attacks were blocked during the tests, it said, a result that suggests that one out of 10 malware attacks succeeded. The products were able to clean 91 per cent of the infected systems, however, only 60 per cent could be put back in a condition similar to the pre-infection state, the firm said.

Spam in general is so completely out of control that the old retort of "What's the big deal? It's easy enough to use your DELETE key" doesn't wash anymore. I'm afraid to think how much time I spend every day using my DELETE key, and I'm sure there are people who spend a lot more than I do. It's way beyond a minor annoyance to be added to "just one more" email list, because that "just one more" happens many times over. It seems clear that legitimate businesses should allow me to perform a simple transaction and be forgotten, if that's my preference. Yes, they'll need my postal address, but they don't necessarily need my email address, and if they do need it for purposes of completing the transaction there's no reason they need to sign me up for spam forever as a side effect.

Peripheral dangers
A few recent articles have highlighted that it's not only our computers we need to protect but also what we have connected to them. Most of you have a printer connected to your computer and all of you are using a router. Two recent articles have informed us that a Samsung network printer vulnerability has been discovered. Don't shrug this off just because your printer is a Canon. Who knows what undiscovered dangers may lie in that, or any other brand for that matter. We have also learned that routers are vulnerable to being reconfigured remotely without authorisation. Again, just because the brand you are using is not mentioned, does not mean you are safe.

Both of these hardware items are purchased, plugged in and usually forgotten about. Your router may have a built-in firewall, private network, and be password protected. Your printer firmware may have been updated but it didn't help here. It's a never ending vigil – be careful out there.

And the final word... for now
Why I've started using a password manager. Back in the good old days, we had but two passwords to worry about. Usernames and passwords used to be simple, but today this is no longer the case. In the modern internet era, where you go e-shopping at a wide range of sites, from Amazon to your local specialist butcher, it seems to be necessary to log in separately to almost every website. This drives me nuts.

Kill the Password: Why a String of Characters Can't Protect Us Anymore
You have a secret that can ruin your life. It's not a well-kept secret, either. Just a simple string of characters – maybe six of them if you're careless, 16 if you're cautious – that can reveal everything about you.
Your email. Your bank account. Your address and credit card number.
The precise location where you're sitting right now as you read these words. Since the dawn of the information age, we've bought into the idea that a password, so long as it's elaborate enough, is an adequate means of protecting all this precious data. But in 2012 that's a fallacy, a fantasy, an outdated sales pitch. And anyone who still mouths it is a sucker – or someone who takes you for one. No matter how complex, no matter how unique, your passwords can no longer protect you.

The Honeynet Project
The Honeynet Project deploy honeynets all around the world, captures attacks in the wild, analyzes this information and shares their findings. Based on this information, the security community can better understand the threats they face and how to defend against them. The HoneyMap shows a real-time visualization of attacks against the Honeynet Project's sensors deployed around the world.

Weighing Security Against Convenience
Yes, it's another password article. When I come across these I usually just give them a miss, and, probably, so do you. When was the last time you reviewed your password strategy. It's about as exciting as ironing your clothes. Yet, we all know the downside if we are ever compromised. I guess it's liking talking to children. You have to tell them five thousand times before they listen. Last week was my 5001st time. And I listened.

So I took the time to examine, then revamp, my entire password protocol.

Choosing the right password strategy means weighing security against convenience so you can stay safe without losing your mind. But what's the best balance? Is it the same for everyone? Over the years, we've seen lots of password security tips, tricks and techniques. Although I've always used strong passwords, many of my coworkers went to much greater lengths to enhance their security . I knew my passwords needed an audit, but the security measures suggested by my colleagues seemed so frustrating and inconvenient. I wanted safety but without all the hassle. Unlike these idiots who are waiting to be hacked.

Password Managers
You can always use a password manager [ 1 + 2 ] to help you remember complex passwords. Passwords, especially email passwords, are a hacker's gateway to unlocking sensitive information. Once a hacker has your email password, they can click "I forgot my password" on any website and start logging in anywhere. People know it is important to have a strong, complex password, but many don't because they don't want to forget the password. Try using a password manager to keep track of all your passwords in one place.

Using a password manager suffers from a similar vulnerability to using the same password for every site: you crack one, you crack them all. The most secure managers don't store any data on the web but run off of your computer. Doing so, though, you sacrifice some convenience and usability.

You also have the option of keeping all your passwords on an encrypted USB stick.

PwnedList Monitors Your Online Accounts For Breaches
Worried that your account details may have been compromised in a hacking attack? PwnedList lets you check if your email account is on a list of compromised accounts, and the site will also perform ongoing monitoring for free.

Generate a SHA hash with 512 Bits
Calculate a SHA hash with 512 Bits from your sensitive data like passwords. You can also upload a file to create a SHA-512 checksum. Additionally provide a shared key to strengthen the security of your hash.

Your Clever Password Tricks Aren't Protecting You From Today's Hackers
Security breaches happen so often nowadays, chances are you're sick of hearing about them and all the ways you should beef up your accounts. Even if you feel you've heard it all already, today's password-cracking tools are more advanced and cut through the clever password tricks many of us use. Here's what has changed and what you should do about it.

Passwords Are Easier To Crack Than Ever
Passwords areless secure than they were a few years ago, thanks to faster hardware and new techniques used by password crackers. Ars Technica explains that inexpensive graphics processors enable password-cracking programs to try billions of password combinations in a second – what would have taken years to crack now takes only months or maybe days.

Two-Factor Authentication
Passwords, unfortunately, aren't as secure as they used to be, and if someone acquires your password, they can easily access your account. Two-factor authentication solves that problem. Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked. Here's a list of all the popular services that offer it, and where you should go to turn it on right now.

How I cracked a WiFi password without breaking a sweat
Passwords are the keys that secure Web-based bank accounts, sensitive e-mail services, and virtually every other facet of our online life. Lose control of the wrong password and it may only be a matter of time until the rest of our digital assets fall, too. Take, for example, the hundreds of millions of WiFi networks in use all over the world. That's not to say wireless password cracks can't be accomplished with ease, as I learned firsthand.
The Readers Comments are also required reading...

Despite the huge advances in security technology, we have not yet found a true substitute for passwords. They remain pivotal to any security system. Most people are too predictable in their choice of passwords. Left to their own devices, they often choose a password that is to short or to easy to guess. So, where do we start?

Password Crackers : Passware announced Passware Kit Forensic 11.7, which includes live memory analysis and subsequent decryption of MS Word or Excel files. In addition, the new version instantly decrypts PGP Whole Disk Encrypted volumes and recovers passwords for Apple disk images... read more here

How to discover hidden rootkits
Once upon a time, viruses were about chaos, destruction and loss of data, but that was before criminal gangs realised that computers could be used to extort and defraud, and could even be used as cyber weapons. For the past decade or so, online crime has continued to evolve faster than the industry that has sprung up to protect us from it. Malware of all kinds is becoming stealthier as the rewards become more lucrative, and today even the most basic botnet client can cover itself in a shroud of invisibility. The ZeroAccess rootkit has been around for quite some time now, spying on infected users, hiding from installed AV solutions and attempting to terminate them, redirecting users online searches to malicious pages, downloading additional malware, and waiting for commands from criminals.

So how do you detect such an infection and give your network a clean bill of health? This requires deep scanning – far deeper than your normal antivirus software can provide. Read the Tutorial here.

Qubes 1.0
The first stable version of Qubes OS, an open source desktop operating system designed to provide a greater level of security by isolating programs inside virtual machines with different permissions, was released by Polish security firm Invisible Things Lab. The ITL team led by CEO Joanna Rutkowska, a security researcher best known for her work in the area of low-level system security, has been developing Qubes OS for the past three years. Qubes OS follows a "security by isolation" design principle. Applications can be configured to run inside different "security domains" defined by the user and which are implemented as lightweight virtual machines with separate security policies. For example, a user could run separate instances of the same browser in their personal domain, work domain, online banking domain, each with different permissions and access to different data. This doesn't make the browser less vulnerable to known exploits, but it can limit what attackers can do if they compromise it. How is Qubes OS different from Windows, Linux, BSD, even OSX. These are all based on a monolithic kernels, which present a significant security problem. You must have heard about the super secure military-grade, formally verified, 100% certified, and generally "unbreakable" operating systems made by companies such as Green Hills, Lynx Works, and others. How do they compare to Qubes OS?

How Secure Are You Online? The Checklist
I'm sure most of you come across these sorts of articles all the time – then skip on to the next item. Sometimes you need to just take a breathe and review your computer security. Think you do enough to secure your passwords, browsing and networking? Prove it. Not all computer security is about tinfoil hats and anonymous browsing. Everyone who uses a computer has a horse in the security race. Think you've done your due diligence with your security? Why not double check here.

Gaping Flaw in Microsoft's "Do Not Track" System For IE10
Microsoft stunned the online ad business earlier this year with its announcement that the Internet Explorer 10 browser, when launched, would be set to a default "Do Not Track" position, frustrating advertisers who want to target users based on their browsing history. The hole is that DNT is merely a signal telling advertisers about users' preferences to not be tracked – it's not a mechanism that actually blocks web ads from dropping tracking "cookies" onto browsers, desktops and devices.

The first Trojan in history to steal Linux and Mac OS X passwords
Russian anti-virus company Doctor Web is reporting the emergence of the first cross-platform backdoor to run under Linux and Mac OS X. This malicious program is designed to steal passwords stored by a number of popular Internet applications. BackDoor.Wirenet.1 is the first such Trojan capable of running under any of these operating systems.

Superworm Crisis for Windows Sneaks onto Virtual Machines
Security watchers have discovered a virus strain that compromises VMware virtual machines as well as infecting Mac OS X and Windows computers and Windows Mobile devices. It demonstrates previously unseen capabilities in the process. The Crisis malware typically arrives in a Java archive file (.jar) and is installed by posing as a Flash Player Java applet to trick a victim into opening it.

The archive contains executable files targeting Apple and Microsoft operating systems: the malware is able to detect which platform is running and serve up the correct variant. Once launched, the worm puts in place a rootkit to hide itself from view, opens a backdoor and installs spyware to record the user's every move on the computer.

Security Fix for Critical Java Flaw Released
Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious Web site. More info is available at KrebsonSecurity here and here.

Update Java or kill it
Microsoft has decided is enough is enough: Java-based malware sees no end and it's time to do something about it. Redmond thus wants you to do one of three things: update Java, disable it, or uninstall it.

Microsoft have found a new BlackHole kit exploiting an unpatched Java flaw. The BlackHole kit, a popular exploit tool amongst hackers, has been updated to take advantage of a recently discovered Java hole that security researchers say many haven't updated yet. When you check the version of JRE your browser is running you will receive the message "No working Java was detected on your system" if you are running the 64-bit version of Windows.

Microsoft recommended you uninstall Java if you don't use it. Instructions from Oracle are available here.

Integral Crypto SSD SATA drive
The easiest way to add hardware-based encryption to an existing desktop or notebook system is to replace the existing drive with an SSD featuring full disk encryption. The Integral Crypto SSD SATA drive is FIPS 197 validated and is an ideal replacement for a standard hard drive in a desktop computer or laptop. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and once encryption is set, a valid user name and password is required to access the Crypto SSD prior to system boot. Read more here.

This SSD will self-destruct in zero seconds
RunCore has announced a new range of solid state drives with physical "self-destruct" buttons. Wiping sensitive data from your computer isn't as simple as emptying the Recycle Bin. Deleted files are still recoverable, especially in the hands of someone who knows their way around a computer. RunCore's nVincible Solid State Drives come with the unique ability to phsycially destroy data at the push of an externally–mounted button. Not quite there with the "press any key" solution, but we are getting closer... read more here

Encrypted Desktop Hard Drive with PIN Access
Many of us (if not all) that have an SSD drive only use it for our Operating System and other programmes. All of our other content (photos, documents, etc), whether it is business or personal, is stored on a seperate hard disk drive. These drives are usually mounted in the same tower as our SSD. But for many users (especially those that only have a laptop) this is not a practical solution and an external HDD is required. I also store my system image on my external drive, so that in the event of any computer disaster I am able to set up again very quickly without losing anything.
The Aegis Padlock DT – USB 3.0 Desktop Drive is a secure external drive that offers the user a choice of real-time 128-bit or 256-bit Military Grade AES-XTS Hardware Encryption. It comes with many other features that make it very useable... read more here

PS. It is not cheap, but, what price would you be prepared to pay to recover everything you lost!!!

Antivirus Apps For Android
I don't do mobiles at this website – but, and there is always a but – my wife needed something for her phone. While I am a strange creature in that I only use my mobile for phone calls, others make use of all the options available to them. One of those options is to be a target for malware. So, reluctantly, I did a quick search to find that someone had just the hard work for me. Independent test lab released the results [PDF] of their first Android antivirus test. Only 3 products scored 100%, and they were of course, three of the best known names in security. You decide which product to use.
And, while I'm on the subject of mobile phones...
Are mobile password apps pointless? Yes, so it seems. This report analyzed 17 popular password management apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single password keeper app provides a claimed level of protection. But, this pattern screen lock provided such an effective barrier to unauthorized access that even the FBI is forced ask Google for help in unlocking a phone.
And, while I'm on the subject of mobile phones...
The Hidden Dangers of QR Codes
Those black-and-white squares you see in ads may look harmless, but lurking behind the quick-response code is the very real possibility of a malicious attack. More than 30% of QR code readers in the Google Play app store are malicious code. Malicious code providers have started realizing that a lot of people will try downloading QR reader applications. Another threat is fraudulent ads containing malicious QR codes.

Security pros say that hackers have the upper hand
The numbers don't lie: now, more than ever, security professionals feel outgunned by attackers and the level of automation employed in most campaigns against enterprise IT infrastructure. RSA has advised security professionals that the new fact of life for IT organizations is a state of persistent, dynamic, intelligent threats in which it is no longer a matter of if an organization will be compromised, but more likely when and how.

How safe do you think your details are now?

All the large companies use the same line.
You can trust us.
We own lease space in a big building.

As well as being very prudent where you use your credit cards, or reveal any personal details about yourself, you must also be vigilant in your daily online activities. Most users get hacked at high rates even when they do not think they are engaging in risky behavior. Social networks make obtaining sensitive background information on people as a prelude to stealing their identities – and running attacks on corporations – easier than ever before. Microsoft's Security Intelligence Report [volume 11] found that less than 1 percent of exploits in the first half of 2011 were against zero-day vulnerabilities. In contrast, 99 percent of all attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities.

You can have no expectation of privacy for anything you put on the internet.

Security is a process, not a product
The ability to use the internet while staying secure has always been a concern. The online threat landscape is changing, and it is critical for computer users to arm themselves against these threats that put their digital lives at risk. Cybercriminals are now much more sophisticated and the security threats are becoming more malicious and pervasive. They are also targeting users where they feel safe – their mobile devices and their social networking sites.

When we purchase a motor vehicle we realise that a certain amount of maintanance will be required. Auto maintenance is the act of inspecting or testing the condition of car subsystems (engine) and servicing or replacing parts and fluids. Regular maintenance is critical to ensure the safety, reliability, drivability, comfort and longevity of a car. The problem for home computer users arises when that maintanance is due. While auto owners are willing to have their vehicles serviced regularly, they consider their computers as self sustaining. Most owners do nothing (or very little) to ensure the "safety, reliability, drivability, and longevity" of their computer. The safety aspect can be automated (to a certain extent) with the use of a Software Inspector and Windows Update. They will help to reduce the security risk but a certain amount of effort will also be required from the computer user. Although you are able to have your car serviced at home or at work there are still functions you must perform. You must still manually fill your car with fuel when required. You perform this task without giving it a second thought because you realise that if your car runs out of fuel it will stop. Now give a thought to what would happen if someone stole your identity or accessed your financial details and stole your money. Your life will not stop, but it will certainly feel like it.

The bottom line is that your computer is not a "set and forget" piece of equipment.
It will require some input from you.
It is vital that you give it that input.

That is why now, more than ever, there is a definite need to create and maintain a culture of security.

We are under a constant barrage of threats, many of these due to the software (Java, Real Player, Adobe Reader and Flash Player) we run on our computers. Those of you that visit and purchase goods from e-commerce Web sites must also be very alert.

We've been able to change our approach to various things by listening to reinforcing messages. Seat belts – terrific example. When seat belts first came out, they were a pain in the ass. Everyone wanted to take them out of their car. Now, you don't even think about it. You get in your car and you buckle up.

It's now the time to approach computer security in the same way. If you conduct any sort of business online, and that includes banking or bill paying, then you must take a serious approach to security, or pay a heavy [financial] price.

At this site you will find information on how to help you:
  • become anonymous
  • secure your communications from third parties
  • protect your computer files
  • avoid email and Internet crime and scams
  • keep thieves from secretly tracking your keystrokes
  • knock out viruses, worms and trojans
  • erase data for good before giving away an old computer
  • limit access to your computer from family, workers, and friends
  • not become a victim of identity theft
  • as well as many other important security aspects that may arise when you are on the Internet

Miscellaneous Tips
Webcams. Most of us never use them. If you are on of the few that does, then be careful [PDF].
If, like me, you never use the webcam, then disable it.

What is it?
How do they do it?
What do I do about it?
This is the spam tutorial.

Internet Fraud
The Internet is now a dangerous place to visit.
Just as there are areas in many cities it is unwise to visit, the same now applies to the Internet. The big difference is that you are probably aware of where not to go in the city. Not so on the Internet. On the Internet, these places mask themselves as providers of services you may think you need. Learn more on Internet Fraud here.

Setting up your new computer
Just bought a new PC or upgrading your current setup.
Don't know where to begin?
This guide will walk you through the steps to configure your PC into a usable and safe workstation.
Of course, not everyone has the exact same needs.
This is just a guide to get you started.

Facebook security nightmareLast and least is Facebook. Social networking sites are a security disaster waiting to happen. Type "facebook security issues" into a search engine then wade through over 2 million results. There probably are situations where a Facebook page is helpful, but does your dog, or cat, really need their own page? Facebook is an ongoing security nightmare with countless websites and blogs dedicated to Facebook security.

Facebook activities have grown in popularity along with its social networking site. However, many cases involve potential grooming offences which use the Facebook platform need to be investigated. As various activities such as instant chats, wall comments and group events could create a number of footprints in different memory locations, the purpose of this study [Facebook Forensics] is to discover their evidences on various platforms or devices. Facebook has revealed that every 24 hours 600,000 Facebook accounts are subject to attempted hacking or violation. Nevertheless, there are probably many of you that think you "must" have a Facebook page, either through peer pressure or just plain stupidity. If that is the case, The Total Facebook Privacy Guide is a useful read.

Cloud computing
Cloud Computing Cloud computing is the delivery of computing as a service rather than a product. It is a general term for the various components that are available. With cloud computing becoming increasingly popular, sensitive information is being shared daily that may be accessed by an unauthorized visitor. Dropbox is one of the tools available online today and is in many ways the second step in cloud computing, email being the first. Sadly the question of the security and privacy of users files is in question. All cloud computing services have serious security questions that need to be answered. The security pros would have you believe that everything is under control, but as we know, their past history leaves a lot to be desired. Most IT professionals express security concerns with the cloud.

Vanish.Org Copyright © 2006 – 2012 All rights reserved