The news is regularly peppered with stories of computers and networks being compromised and security being questioned. The new bill introduced as the Cybersecurity Act of 2009 will give the US Government extended reach in shutting down portions of the Internet as they deem necessary, as well as gaining control and access to data previously off limits to government review without due process and legal warrants.

Perhaps more interesting than the article itself is the amount of comments that have now been collected on the article. Read the article to get a better idea of the details of what’s being discussed, but read the comments to start getting colorful representation of how these proposed changes are expected to impact individuals and businesses.

The Electronic Frontier Foundation provides good overview of the impact to these proposed changes as well.

Would love to hear your thoughts on this legislation as it continues to be discussed.

Image: sxc.hu

Post from: Uncover the Internet

Do you ever have one of those days where something’s just not right with your computer and you can’t figure out what it is? You’ve scanned everything with your own security applications but none of them really caught anything that you were expecting.

Sometimes you want to scan it with something new, and absolutely updated so you know you’re getting a really current scan. You can do just that with ewido networks online scanning tool.

The service doesn’t work with Firefox as it needs an ActiveX control to run, so you may want to fire up Internet Explorer just for this.

Post from: Uncover the Internet

Image: CNET News Screenshot

Just when I was really enjoying all the connections I have been making in Facebook, some jerk hackers are ruining the fun for lots of people.

A few friends of mine on Facebook appear to be infected, and another friend just called to let me know about it and if I knew anything specific.

They’ve released a new worm into the world that spreads itself through a link being sent around with a Google video. When you try to play the video it prompts you that you need to download a new codec. WHATEVER YOU DO DON’T DOWNLOAD THE NEW CODEC!

Here’s my general reminder and warning to everybody. Don’t upgrade something if you’re prompted unless you absolutely trust the site you’re on. Know what you’re upgrading. Even then, I recommend not doing the automatic upgrade if prompted and going to the manufacturer’s site directly without following a link.

Don’t open attachments from people in e-mail that you weren’t expecting to receive. This includes from people you know and for attachments where you actually recognize the file type. Both of these things can be spoofed.

Article: Facebook worm feeds off Google’s reputation

Post from: Uncover the Internet

In our context, phishing is defined as:

“Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. From Digitalstrategy.govt.nz

and the security website F-Secure defines it as follows:

In a computing context, Phishing is an impersonation of a corporation or other trusted institution. The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a form of criminal activity that utilizes social engineering techniques.

If you’re not familiar with the term your question is probably along the lines of how you really tell the counterfeit from the real-deal?

Let’s look at an example of a phishing message impersonating the popular online payment website, PayPal.com.

Let’s look at the different areas I’ve numbered in the graphic above:

1. The e-mail looks as if it was actually sent from paypalservice@service.com. The first clue is that an e-mail from the actual PayPal website would probably come from an e-mail address on their own domain of service@paypal.com don’t you think? The service.com website doesn’t seem to have anything official to do with PayPal.com.
2. Next we see the text of the message using active words to get your attention. One of the big things to look for in the body of a message is misspelled words. Sometimes it happens that typos make it through the editors, but for the most part any message from a company itself should have minimal if any spelling or grammatical errors.
3. Here they’re providing you with a legitimate looking “reference number”. Again this is just a play to look official.
4. The e-mail provides a link to go directly to their website to “fix” your problem right? WRONG! See #5
5. If you hover your mouse over the link you’ll notice that it’s actually programmed to link you to some website that’s not even PayPal’s own domain and servers.

If you have any doubts about a message. Delete it immediately. If it’s serious you’ll more than likely get a follow-up message from the company. Even then, if you go to a website type in the URL manually yourself, don’t rely on any links to get where you’re going, you may not know what you’ll uncover or where you’ll end up in the journey.

Hopefully this has helped someone.

Post from: Uncover the Internet