Almost all websites online are using SSL/TLS for securing their online transactions with their clients. All the popular browsers are having mechanism to identify the certificate and validate it. When you are visiting a secure site the browser will display a “lock” icon in its status bar. The internet address of a secured site begins with https:// rather than http://, where ‘s’ represents that the site is using a secure server. In the absence of any of the above indicators, it is recommended to avoid doing online tranasaction within the site.

Data encryption and SSL/TLS Process
An authenticated website for online transaction gets its SSL/TLS certificate from an Certified Authority (CA) like Verisign. The certificate is installed in the web server hosting the authenticated site.

• When a user tries to access this authenticated site through his web browser, it sends a web page request to the web server.
• The server now responds with the SSL certificate.
• Web browser first verifies the validation of certificate, then encrypts the key seed of the session using SSL Public key and sends it to the server.
• Server sends an indication that all the future transmissions are encrypted.
• Then the communication between server and the browser in encrypted format follows until the connection closes.

Importance of SSL certified sites
Internet today can be called as wild west. This has become a major obstacle for the growth of ecommerce and online transactions. Making secure online transactions in these conditions majorly requires privacy and identity assurance. SSL/TLS certificate ensures both to the user. The encrypted format of data ensures safety from cyber criminals who try to steal the information during transactions. Identity assurance is another major feature of SSL/TLS certificate. This certificate is hard to obtain for ordinary or illegitimate websites. However, working with a website certified by an established CA is also important.

The credibility of SSL/TLS certificate
As mentioned earlier SSL/TLS certificates are not easier to obtain. These are operated by Certified Authorities. Certified Authority (CA) usually will be an well established entity. New comers must have to undergo significant barriers to enter into SSL/TLS certificate market and to be included into the webbrowser’s trusted “root” SSL/TLS certificates list. Thus, if it is an established CA that provides credibility for a SSL/TLS certificate, it is a secure and reliable browser that gives credibility to the CA.

How to validate a website for SSL certificate?
As SSL/TLS certificates are not easy to obtain, cyber criminals use different methods in web programming to create one of their own. However, we can validate a SSL certificate claimed by a website using few simple steps:

1. Open the URL in a website and make sure that the URL starts with “https://” rather than “http://”
2. When the website is loaded in the browser look for the lock icon. The
   

   lock icon is situated in the upper-right corner for Safari; in lower-right corner for Firefox and IE. The lock icon is situated in the right end corner of the address bar for Google Chrome. However, a lock icon doesn’t necessarily mean that the site is SSL certified.

3. In order to validate the SSL certificate click on the lock icon of the browser which displays a pop up window of the page info. Click on view certificate option for further details. This will show further details of the organization and the CA who issued the certificate. Check on the expiry date of the certificate by selecting Validity – > Not After.
   

   Valid SSL Certificate

   Invalid SSL Certificate

4. Always use high security browsers while doing online transactions. As these high security browsers have emerged after the development of the Extended Validation (EV) standard established by the CA/Browser forum, they can perfectly recognize between a valid and non-valid SSL certificate. IE 7+ and Mozilla Firefox 3+ versions are examples of high security web browsers.
   

   Warning message in Firefox

   Many web browsers block the webpage from loading and give an warning message when they find a website with suspicious or invalid SSL certificate.

What are Spoofed Websites?
A spoofed website is usually a replica of a legitimate website. Almost all the features of this site replicate the existing legitimate site including logos, fonts, colors, structure, etc. In few cases, even the URL of the spoofed site is almost close to the URL of the legitimate site so that it is easier for them to trick its visitor.

Techniques used in spoofing:

• URL Redirection: URL redirection is possible through web programming to refer a URL to another URL. Many big companies like Google, Microsoft, etc., use them for legitimate business purposes. However, this has become a phishing tool for cyber criminals.They use a legitimate looking URL (www.domain.com, for example). However, when a visitor tries to visit the site, it actually redirects him to a spoofed site (www.phisher.com). It is possible for the user to identify redirecting URLs by monitoring location bar of his browser.

• URL Cloaking: A legitimate looking URL is used to mask the URL of a spoofed site, by using ‘@’ symbol. Using @ symbol was originally intended as a way to include a username and password in the URL. When a user tries to open the legitimate looking URL, www.bank-domain.com@phisher.com, for example, it actually redirects him to the phishing site www.phisher.com, rather than www.bank-domain.com.

• URL Masking: A illegitmate / phishing site is concealed behind the text of URL of a legitimate site. Web programming has enough attributes to support masking of a URL easily.A user gets an email from phisher containing a link to a legitimate site (www.domain.com, for example). However, the link is the mask of a spoofed site (www.phisher.com). The deception actually happens in the status bar of the browser. When you hover mouse over a link the status bar should show where the link will guide you to. The deceptive link is so well hidden that the user cannot find it even in the status bar on hovering mouse over the link. This is generally done using javascript.

• Typo Scamming: Typos are inevitable when you are typing out on your keyboard. Cyber criminals use this as an advantage and register web addresses that resemble the name of a popular and legitimate site. These URLs are slightly differentiated by adding, excluding, or rearranging letters.For example, web address of a legitimate site www.bankm.com is differentiated as
  • www.banmk.com
  • www.bakm.com
  • www.bankm-online.com

Why beware of spoofed sites?
Spoofed websites are actual sources of phishing. The main job of the phisher is to convince the visitor that his spoofed site is legitimate. From then on it is the visitor who will be submitting his information to the phisher, unknowingly though. It can be his bank username and password, or any such information that is of economical value.

Cyber criminals also use spoofed websites to deploy malware into the visitors PC thus making it as a part of their botnet.

Precautions to take to avoid being a victim of spoofed sites

• Avoid using sites that do not have SSL/TLS certificate while you are banking, buying, selling, transferring money or using credit/debit cards online.
• Make it a habit of checking the SSL/TLS validity every time you visit a site before making financial transactions, by clicking on the lock icon.
• Never click a hyperlink to get to a website for financial transaction unless you are CERTAIN that it is a legitimate link.
• Just type out the URL yourself, use credible search engine results or copy paste it from your records.
• Do not use same username / password for all your online logins.

Basics about Bots and Botnets
The term bot is related to the word robot. A computer system is first infected by a Trojan virus or any such malware; then the hackers, who are creators of this malware, take over the controls of the system and remotely operate it for their use. Since, the infected computers are obeying the controls of the hacker, these are also called bots or zombies.

A single bot is of not much use to the hacker. Thus, he first tries to increase the number of zombies by spreading the malware via the infected PC. Thus, the network of bots increases and forms a botnet. A typical botnet contains a few hundreds or a couple thousands of computers. However, there are a few botnets that contain millions of infected PCs. All of them serving to the key master – the creator of the botnet.

How/where are they used?
The primary risk of having/using a PC-turned-bot is putting all your credible information (like bank accounts, credit card numbers, passwords, financial information or any such sensitive data) available for the hacker to exploit. Bots also send spam, viruses, spyware to other computers on internet in order to spread their botnet. These are automated processes and do not require commands from the hacker each and every time.

Botnets are also used to perform other tasks online like creating email spam, clickfraud, spamdexing, launching of denial-of-service (DoS) attacks, fast flux, access number replacements, etc.

How to check if your PC is a part of botnet
Your PC Internet connection – turning inexplicably slow either while browsing or while checking mails can be a symptom of botnet infection. The malware used in botnet infection are specially designed to hide themselves even during carrying out the automated processes. Thus, it is hard to trace them down sometimes even with an antivirus installed in your PC. However, Prevx suggests a small technique using which you can check if your PC is part of a botnet follow when your internet becomes slow. The process is as follows:

1. Close all your browsers and email software (like Thunderbird, Outlook, etc)
2. Open Task Manager: Press CTRL+ALT+DEL at a time and then select Task manager from the Window.
3. Open Networking tab and observe the graph or Network Utilization percentage below the graph. If it is showing more than usual percentage, then it might indicate that your PC is infected.

If the above is true in your case, the next steps to do will be:

• Immediately pull off from the internet by disconnecting the LAN cable.
• Use a rescue disk (like Norton antivirus rescue disk) and scan your computer thoroughly.
• Replace your antivirus immediately with a superior one and run thorough scan (because it is already proved that the existing one is ineffective).
• Reconnect PC to the internet and update your MS Windows, antivirus database, browser, adobe reader, and other vulnerable applications that are installed on your PC.

Related Links:
Unified communications

Before Formatting an NTFS volume
For better performance of your NTFS volume it is essential to evaluate which type of files will be stored in the volume and how big they will be. This is to decide whether to use the default cluster size for the NTFS partition or manually configure it. Clusters are units in which files of a file system are managed. Choosing an ideal cluster size not only saves the disk space but also improves the performance of the volume.

Choosing a Cluster size
The default cluster size values of NTFS formatting in Windows NT/2000/XP are as follows:

* greater than 2 TB is not supported in Windows NT due to limitations of MBR

A manual partition can be assigned cluster size values as 512 bytes, 1KB, 2KB, 4KB, 8KB, 16KB, 32KB, 64 KB. However a cluster size more than 4 KB does not support compression on volumes (You might have seen that the default cluster size is not exceeding 4 KB in the above table).

If you are going to use your HDD for saving regular working documents like xls, doc, etc., it is good to use small cluster size so that disk space is not wasted. However, if you will be saving large multimedia files than it will be good to use large cluster size. This will help in improving performance of the Logical Volume.

Maximum sizes in NTFS
NTFS has certain limits for file size, volume size and number of files per volume. The limits, according to Microsoft, are as follows…

• The maximum size of an NTFS volume is 256 Terabytes minus 64KB (Thus, even a PC with 1TB of disk space can be formatted into single NTFS volume without any issues).
• The maximum size of a file you can store in an NTFS volume is 16Terabytes minus 64 KB.
• The maximum number of files you can store in a NTFS volume are 4,294,967,295. However, if the number of files is exceeding 300,000, it is recommended to disable automatic short-file name generation (use this link to find the procedure http://support.microsoft.com/kb/210638). This will speed up file and folder access of the system.

Related Links:
Claims management software
Barcode printer
Wan optimization

This is a crucial win for security experts over hackers and a relief to millions of people who use internet everyday. The network of mariposa botnet is spread around 190 countries infecting over 12.7 million computers. These included computers of the US Fortune 1000 companies to computers of major banks. Spanish police reported the recovery of details like bank account details, credit card numbers, usernames, passwords, etc., of over 800,000 people. The amount of loss due to this botnet network is yet to be determined.

Mariposa is a Spanish word for butterfly. It was announced as a new botnet by Defence Intelligence in May 2009. This bot is known to spread through crucial vulnerabilities in Internet Explorer as well as contaminated USB sticks. It is very hard to nab creators of botnet as these criminals operate disguising the source of their Internet traffic or through an infected computer (called zombie) belonging to another person. It seems that it is the blunder made by one of the operators of mariposa – forgetting to conceal their IP address – that helped Spanish police to catch this gang.

The infected computers still remain tainted. The worst part is that most of the owners are still not aware that their computer is a botnet. Use a reliable, robust and updated version of antivirus solution in your PC to detect any traces of botnet.

Read more about Botnet and PC security here.

Related Links:
Unified communications

Most people, who are new to the online world, have lack of knowledge on setting up a strong password for their online accounts. But the increasing cyber crime can easily trace the passwords. And the results can be as terrible as the attack on Microsoft’s Hotmail and other web-based email services. A recent survey on these missing passwords revealed that many of the accounts had easy-to-guess passwords and the most frequently used password among these was “123456″.

Some general methods that attackers use for identifying a victim’s password include:

• Guessing—The attacker tries to log on using the user’s account repeatedly by guessing probable or expected words and phrases like their children’s names, their birth city, and local sports teams.
• Online Dictionary Attack—The attacker utilizes an automated program, which consists of a text file of many words. The program frequently tries to log on to the target system by testing a different word present in the text file on each attempt.
• Offline Dictionary Attack— It is similar to the online dictionary attack, the attacker extracts a copy of the file in which the hashed or encrypted copy of user accounts and passwords are saved and runs an automated program to find out what password is used for each account. This type of attack can be finished very quickly if the attacker gains a copy of the password file.
• Offline Brute Force Attack—This is a modified form of the dictionary attacks, and designed to discover passwords, which are not present or available in the text file used in those attacks. Even though a brute (very strong) force attack can be tried online, because of network bandwidth and latency they are generally attempted offline utilizing a copy of the target system’s password file. In a brute force attack, the attacker utilizes an automated program, which produces hashes or encrypted values for all possible passwords and analyzes them with the values in the password file.

Microsoft suggests that the use of strong passwords can slow or sometimes break the various attack methods. This shows the importance of having a strong password.

Creating a Strong password:

Passwords are case-sensitive and may be as long as 127 characters. A strong password:

• Should never consist of user name.
• Should be minimum of eight characters long.
• Should compulsorily include both lower case and uppercase alphabets (minimum one from each group is suggested).
• Should consist of minimum one number (0 to 9).
• Should consist of at least one symbol. (Eg: *, ^, $, #)

A string, which has all the above characteristics, is known as strong password. A complex password should not be something, which is difficult to remember. Forgetting a strong or complex password, which is difficult to remember, is as harmful as getting attacked by a weak password.

The password created must be easier to remember but difficult for anybody to guess. It can also be a favorite phrase or quotation or mixture of two words. Substitutes for alphabets can also be used to satisfy the above criteria for a strong password. For example ‘a’ in password can be substituted with ‘@’, similarly ‘i’ can be replaced with ‘!’; and ‘o’ with ‘0’ or ‘()’.

It is a good practice if password is changed periodically like monthly or quarterly.

Risks increased exponentially
Today, any user can get affected by cyber threats through browsing, searching or merely visiting legitimate sites than ever before in the Internet history. Malicious web links are sprouting at a rapid pace. According to CA Internet Security Business Unit (ISBU), 78% of threats came from online interaction during the first six months of 2009. IBM’s ‘X-Force 2009 Mid-Year Trend and Risk Report’, states that there was more than 500% increase in new malicious web links in the first six months of 2009. The vulnerability towards the threats seems to have reached the peak point. In the first half of the year 2009 alone, nearly 3,240 new vulnerabilities were discovered.

New threats
With the evolution of web based communities and explosion of Internet services, users are spending more time online and engaging in social networking activities on the Internet than ever before. This is resulting in new threats that exploit these services and communities. When a reputed website hosts third-party content, users often let down their guard while following hyperlinks in the third-party content or installing applications offered by them. Malware authors follow social networking buzz and the most popular activities online to attack the users. They are always ready to exploit significant and popular news stories to trap the netizens. Thus many people become victims of cyber traps.

The attackers are constantly upgrading their tools to attack the unwary users. This criminal activity is scaling new peaks constantly. According to IBM, the SQL injection attacks almost doubled from first quarter to second quarter of 2009. Through SQL attacks, malicious code is injected into genuine web sites to infect the visitors.

For the past few years, Botnets are the primary tools for many cyber criminals. They are always a challenge to the cyber security professionals as it is very difficult to track them down. Botnets can launch almost every type of cyber attack including data exfiltration, sophisticated espionage, and spam.

Targeted attacks
Although targeted attacks were rare earlier, they are seen often these days. Apart from the common people, top management of companies, governments, industries and even journalists are being targeted for private information. Emails with Malware attachments is the popular and preferred method for targeted attacks. According to CA (ISBU), 17% of the infections are distributed through E-mail. There is also an increase in attacks targeting client software using Adobe products including Flash and Acrobat Reader.

Criminals are adapting more effective methods to target online banking system. Trojans are the result of new tactics that go beyond the simple key logging-with-screenshots efforts, which prevailed earlier. CA (ISBU) reported that Trojans were the most common threats representing 71% of the total infections in the first half of 2009. When it comes to Phishing, IBM says that 66% of the phishing attacks targeted financial industry and 31% targeted online payment in the first half of 2009.

Over the years, Internet security issues have been growing. Initially, virus was the only problem. Later with the explosion of Internet, many newer threats have evolved increasing the security vulnerability such as malicious domains or untrusted web sites, presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, mainstream news sites and online magazines. Today you are in a high-risk zone as soon as you are online. It is always advisable to be alert while you are browsing.

Remote back up service are mostly suitable for individuals and small businesses. However, any of them trying these services without a good broadband connectivity as well as a high performing system – will for-sure visit the hell on earth.

In fact many people and many companies have been relying on some of the services mentioned above. The security of backing up data online is also questioned when services of even bog companies like Google and Twitter are being hacked.

Many of Remote backup services, for example – Mozy, encrypts the files that are to be backed up, in your PC itself so that they are not easily accessible even when steals them in mid of the back up process. In addition, some services even scramble the encrypted data through a SSL connection. This is the same mechanism that is used by online merchants to move credit card information.

What if the data is accessed at the data centers by their employees? Well, there are some services that offer remedy for this too. When they are encrypting the data on your PC, the encryption key will be given by yourself so that decrypting and encrypting can be done by none other than you.

However, there are certain precautions that are required to be taken up before opting for a service.

• Ensure that the service providers are firm at their policies.
• Use strong passwords or encryption keys for files that carry vital or sensitive data.
• Try to add an extra protection like password protecting your documents or using some third party applications to pre-encrypt your data.

A recent online scam which promises viewers to download the recent “Twilight – New Moon” movie is found to install malware in PCs.

The entire process of this scam is as follows…

• Viewers are lured with the text websites, chat rooms and blogs that read: “Watch New Moon Full Movie.” Comment posts with related keywords are also used simultaneously to attract more search engines.
• Search results for the movie then link users to stolen images from the movie itself, convincing the fan that the movie is only one click away.
• When they click on the “movie player” they are told to install a “streamviewer”.
• The streamviewer, however, installs malware on the user’s computer.

Don’t get enticed by such scams to get downloads without verifying if the sources are genuine or not. It can turn up to be more hectic not only in terms of cost but also in terms of toil and time. And the entire accountability will fall upon none other than you.

Courtesy: PCTools.com

Why to update systems with patches given by Microsoft?
The windows operating system we use in the computer is fundamentally made up of millions of lines of programming code. For example, Windows Vista is made of about fifty million lines of code. Errors are inevitably made, while typing out these 50,000,000 lines, thus making the software vulnerable.

Hackers try to exploit these vulnerabilities created by the mistakes in the software. They use the hacked computer to send spam, steal passwords of the owners/users in order to take over their identities and make online purchases.

In order to repair these errors, Microsoft regularly releases updates/patches for its products. These updates automatically take care of the vulnerable part of the code by repairing or replacing it with safer one.

Quick Facts:
As of 2008, Windows Update has about 500 million clients, processes about 350 million unique scans per day, and maintains an average of 1.5 million simultaneous connections to client machines. On Patch Tuesday, the day Microsoft typically releases new software updates, outbound traffic can exceed 500 gigabits per second. Approximately 90% of all clients use automatic updates to initiate software updates, with the remaining 10% using the Windows Update web site. The web site is built using ASP.NET, and processes an average of 90,000 page requests per second.

How to perform windows update – for Dummies:
There are many ways through which you can update your windows manually.

• Go to all programs in start menu and find “Windows Update” and click on it. (OR)
• Right click on “My Computer”. Go to “Automatic Updates” tab. Click on “Windows Update Website”. (OR)
• Open “Internet Explorer“. Type windowsupdate.microsoft.com in the address bar and hit Enter.

All the above steps will direct you to Windows update site of Microsoft. Click on “Express” button. The site will provide all the recommended updates for your computer. Click on ‘Review and Install Updates’ and then on ‘Install Now.’

Precautions while performing windows updates:

• Log in as Administrator into your system.
• Make sure there is no interruption in power or internet while updates are going on. That may make things messy for later updates.
• Some updates require restarting of your computer. Make sure you save and close all your work and applications before you start installation process.
• Use Internet Explorer only as updates don’t work on other browsers.

PS: The above mentioned process is for people without much idea on “windows updates”.

Related Links:
Claims management software