Not dealing seriously with passwords
Everyone knows that passwords are important. Yet most of them fail to create or maintain them properly. It might be because of the ignorance on the importance or on how to maintain them properly. Whatever may be the reason, the most common blunders to avoid while dealing with passwords are:

• Creating easy-to-crack passwords
  Hackers use ultra password cracking technologies. Not creating longer and complex passwords, is actually equal to helping the hackers crack in to your account.
• Easy to guess password recovery options
  Many websites use security questions to help people recover their password in case they lose it. Using simple questions like birth date, pet’s name which are either easy to guess or are visible openly on your social networking account, is another major blunder to avoid while dealing with passwords online.
• Using the same password for multiple online accounts
  Same passwords for all online accounts are as safe as the weakest passwords. If one password is cracked or stolen, the chances for hacker to procure other online accounts of the user are high.

Getting lured into fascinating or controversial news
Malware authors know that people naturally are more interested in fascinating news or controversial rumors, and plan new attacks that are targeted specifically towards this crowd. This is called SEO poisoning. It’s estimated that more than 10 percent of search results for Google’s highest-ranked web sites are malicious sites.

Failing to update Microsoft Windows OS / Java / Adobe Reader / Adobe Flash
Updates are provided for software in order to patch-up security vulnerabilities in them. Especially, Windows, Java, Adobe Reader, Adobe Flash remain the most exploited software applications due to their vulnerabilities. Failing to update these leaves the PC potentially vulnerable for malware attacks.

Opening an email attachment / Clicking on a link in an email – from someone you don’t know
According to a recent report released by Symantec, spam now accounts for 78.6% of all email traffic in US and 75.7% of all email traffic, globally. Opening email attachments from unknown user may deploy malware into your PC. A link on a spam email may direct you to a spoofed website.

Checking the “Remember Me” box in public PCs
This option saves cookies and login details of the user in the browser, until he signs-out manually. Thus, if the user checks back into the site later anytime, he doesn’t require to provide login details again, to access his account.

However, while using public PCs, enabling this option is equal to providing your login details to the any user of that PC, who can check back at any time and access your account.

Leaving Facebook privacy settings unchecked
Facebook is recently in the news for hacking of its CEO’s fan page. The most popular social networking site, Facebook, has many users who are not aware of its security features or privacy settings. Your personal information will be available for everyone to see if you leave privacy settings unchecked on Facebook.

Using BitTorrent sites to download copyrighted content
Downloading illegal software from BitTorrent sites can expose your computer to Trojans and Spyware.

Playing free online games
There are many malicious websites online that lure users by providing free online games. Don’t play online games on unreliable websites. Also be cautious when asked to download free games.

Connecting to unknown wireless networks
Many people log into unknown (private) wireless networks at public places like airports and hotels. These networks can be potentially harmful. Always be sure that you are logging into known (private) wireless networks only.

These are the most dangerous online activities. Proper awareness and efficient precautions are required to stay away from committing those mistakes and stay safe and secure online.

Related Links:
IT Contractor
ad serving
oracle vm
wan optimization

A recent online scam which promises viewers to download the recent “Twilight – New Moon” movie is found to install malware in PCs.

The entire process of this scam is as follows…

• Viewers are lured with the text websites, chat rooms and blogs that read: “Watch New Moon Full Movie.” Comment posts with related keywords are also used simultaneously to attract more search engines.
• Search results for the movie then link users to stolen images from the movie itself, convincing the fan that the movie is only one click away.
• When they click on the “movie player” they are told to install a “streamviewer”.
• The streamviewer, however, installs malware on the user’s computer.

Don’t get enticed by such scams to get downloads without verifying if the sources are genuine or not. It can turn up to be more hectic not only in terms of cost but also in terms of toil and time. And the entire accountability will fall upon none other than you.

Courtesy: PCTools.com

KeePass is an open source utility that works on almost any platform, including your smartphone ( Clients available for Windows, Ubuntu, Linux, MacOS X, J2ME (Cell Phones), Blackberry, Windows Mobile and more). You can store your passwords in a password protected and encrypted database and use the passwords when needed. It will even generate a complex password for you. KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithms to encrypt its password databases. There are many plugins available that will allow things like filling forms, onscreen keyboard, etc.

Click here for more information on Keepas.

Keepas Demo Screenshot

Source: http://vjalagam.blogspot.com/2009/09/keepass-opensource-password-safe.html

Related Links:
Wan optimization

However, we need to update our plugins as soon as a new version is available. Updates of these plugins will not only cover new features of the plugin, but also will address some vulnerability to security threats during browsing. Many people ignore it as it takes little time (a matter of no more than 2 minutes) for the plugin to update and restart the browser. This increases their risk to security threats online like malware, viruses, botnets, etc.

How to check if your plugin is up-to-date? Just click here or copy paste this URL in your browser https://www-trunk.stage.mozilla.com/en-US/plugincheck/.

The window that opens will let you know the status of your plugin.

• Green indicates that your plugin is up-to-date.
• Yellow indicates outdated but without known vulnerabilities.
• Red indicates that the plugin is known to have security holes and is outdated.
• Don’t worry about the Grey colored plugin.

Update your plugin frequently for safe and better browsing.

]]> http://cyber-smarty.com/2009/10/how-safe-are-you-browsing-with-firefox/feed/ 0 http://cyber-smarty.com/2009/09/phishing-types-and-precautions/ http://cyber-smarty.com/2009/09/phishing-types-and-precautions/#comments Fri, 11 Sep 2009 06:43:23 +0000 cyber-geek http://cyber-smarty.com/?p=58 The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication is known as Phishing.

Types of Phishing
Phishing is usually carried out by email or instant messaging and it often directs users to enter details at a fake website, which is similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.

1. Misspelled URLs: Phishers use some sort of deceptive techniques, which design a link in an e-mail (and the spoofed website it leads to) apparently belong to the spoofed organization by using misspelled URLs or of sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers site.
2. Whaling: Phishing attacks directed specifically at senior executives and other high profile targets within businesses is known as Whaling.
3. Image Phishing: Phishers have also used images instead of text to make it difficult for anti phishing filters.
4. Cross site scripting: An attacker can even exploit flaws in the original website’s script against the victim making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross site scripting.
5. Phone Phishing is the case where in a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information such as credit card information and the like.

Measures to counter phishing
People need to change their browsing habits when it comes to phishing. For example, when asked to reveal their sensitive information they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mails that address them as “Dear Customer”. Paypal, for instance makes it a point to address the users by their usernames.

One of the major flaws of the user is the Click-through syndrome where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding to the warning of the computer.

Related Links:
Umbrella Company
Mainframe sftp

Fans searching for ‘Yuvaraj Singh wallpapers’, ‘Yuvraj Singh downloads’, ‘Yuvraj Singh photos’, or ‘Aishwarya Rai wallpapers’, ‘Aishwarya Rai videos’, and ‘Aishwariya Rai screen savers’ have a one in five chance of landing at a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Spammers and malware authors are cashing on the search terms for latest celebrity news and download to lure people to open their malicious websites.

The other celebrities in the list are M. S. Dhoni, Namitha, Shriya Saran, Harbhajan Singh, Sania Mirza, Asin, Bipasha Basu and Shahid Kapoor.