Monday, April 28, 2008

Security Resources for the Family

I just found what looks to be a pretty good, and current list of resources for families from Microsoft (yes I realize the irony of looking to them for security advice, but of all the large vendors they HAVE had the most experience!)

I just read through a few of these links and they seemed to strike a good level between sharing the good techie info but not being too techie where it didn't make sense anymore.


Prevention guidelines

AAP and Microsoft partner on online safety for children
The AAP sees 96 million school-age children a year. That's why Microsoft asked them about keeping children safe online.

Using family contracts
See a sample of a contract you can copy and customize to clarify your family's "house rules."

10 things to teach kids
Want to talk to your kids about the Internet, but not sure where to start? Here's a list of subjects to consider.

School is in: 7 computer security tips for students
Help protect the computers you use for school from viruses, hackers, spyware, and other attacks.

4 steps to improve your family's Web security
Get tips for how to protect your children’s privacy and safety when they use the computer.

Online predators: Minimize the risk
Know the risks of online communication and become involved in your kids’ Internet activities.

Kids and the Internet FAQ
Strategies and tools to help deal with parents’ top concerns.

Video: Teach your kids to be safe online
Watch this video to find out more about what
you can do to help keep your kids safer as they explore the Internet.

Thursday, April 24, 2008

Hackers jack thousands of sites, including UN domains

wow - the fun never steops - here's a fun article from computerworld
When a visitor reaches one of the hacked sites, the malicious JavaScript loads a
file from the malware-hosting server, then redirects the browser to a different
page, also hosted on the Chinese server.
"Once loaded, the file attempts
eight different exploits," noted the Websense warning, including one that hits a
vulnerability in Internet Explorer's handling of Vector Markup Language (VML) that
was patched in January 2007.


Hackers jack thousands of sites, including UN domains

Wednesday, April 23, 2008

don't catch this popup!


Tonight I was helping my son make a birthday card for his teacher. He wanted to say 'Have an all-star birthday!" and then include some pictures of an all-star. While we were searching for a couple good shots of our favorite - JT Snow - we were suprised by a popup window that said

"Your computer is infected! Windows has detected spyware infection. Click here to protect your computer."

naturally being the uber-geek dad, I pointed out to him it was an attempt to get us to do the wrong thing. I think he was still more interested in the JT Snow pics, but it felt good trying to teach safe surfing anyhow. ;)

Then, just before calling it a night - I saw this on my blog reader -

Don't 'Click here to protect your computer'

Infectious 'trojans' sell rogue software, send unwanted email, steal data

Its designers trick people into saving it by telling them they need a new piece of software to watch video online.

Once installed, it bombards people with pop-up messages and bogus flashing warnings that their computer is infected.

The messages say: "Your computer is infected! Windows has detected spyware infection. Click here to protect your computer."

The trojan then sends adverts offering to sell rogue anti-spyware on sites that could expose customers to credit card fraud. Microsoft said the problem is global and linked to organized criminal gangs.

hmm - reminds me of infostealer - that piece of malware that'd auto-magically call your bank for you and relieve you of that troublesome cash sitting in your account.

what's the moral of the story? - JT Snow was a great player for the Giants - but just because he caught every popup that came near him, we will be better off if we skip this kind of popup.

ha!

Tuesday, April 8, 2008

Greetings from RSA Security Conference!

I'm at the RSA security conference this week. That's me and 16,999 security geeks running amok in downtown SF trying to acquire that final piece in the puzzle for it all to make sense!

could it be from the Secretary of Homeland Defense - Michael Chertoff? no. but it is comforting to know the government is looking to recruit from the private sector.

how about from the president of RSA, Art Coviello? noooot exactly

Actually, the best comment of the day came from Whitfield Diffie when asked if he was 20, where would he put his research energy. This guy is one of the giants of the cryptography field - the Diffie-Helms algorithm was THE standard several years ago that we used when it was something you seriously had to keep private. He said - I'd go into genetics. Bio-engineering of genes is where it's going to be at. THEN it got a little wierd ... but it probably won't translate well, so let's just say you had to be there. ;)

Wednesday, April 2, 2008

Vermont ski area reports Hannaford-like theft of payment card data

these reports just don't seem to stop -

Vermont ski area reports Hannaford-like theft of payment card data

'what can I do about it?' well, if you're the business owner I've got a lot of answers for you - email me! :)

But as the consumer wanting to continue using credit cards, you will continue to be at risk.

One of the ideas I've floated out there with a few tech friends is we need credit cards with an authorization code that'll expire every 60 seconds or so. Some banks offer this functionality to their customers to be used in addition to a password. It would work just the same with a credit card - you give the card to the restaurant, ski resort etc; AND you give them a 'one time password' - an authorization number that'll expire in 60 seconds.

Even this wouldn't stop the real time theft that's described in the story, but it'd severely curtail the time a fraudster could use the card!