Archive for August, 2012

Some Common User Mistakes That Compromises Your Security

August 31, 2012 Leave a comment

When you look at the situations where the security systems have been compromised, you will find that more than 65% of the times, the user is at fault. This means that you will have to be careful when you are using the computer and be actively involved in ensuring that your actions will not come in the way of your computer’s security. It might be a simple action of overriding an error message or ignoring an update. At the end of the day, your data and privacy is at stake and you should ensure that you do all you can

Never Keep Too Many Applications and Accounts Open

As much as multi tasking is the need of the day, try to pipeline your tasks in such a way that too many applications are not open at the same time. If a Trojan gets unpacked when all your important applications and online accounts are open, it will be easy pickings for the malicious software. Even if you need multiple applications opened at the same time, make sure that only the ones you need are open. Also, do not run any parallel processes like downloads or visit potentially dangerous sites.

Curiosity is a Sin When it Comes to Internet Security

A survey conducted among internet users in the age group of 16 to 60 years revealed that all of them had clicked on one or the other email that looked interesting, but suspicious. This is one of the more favored entry points for hackers’ malicious software. There are many ways of how users might be lured to click on an unsafe link. For example, you get an email stating that you have won some prize money that cannot be resisted.

There will also be a link in the mail that states that you have to click on it to claim the prize money. Although most of us are aware of the fact that the link is dangerous, we might get a bit overconfident at times. As everyone uses proprietary software that protects you against malicious software, we might think that we are protected and click on the potentially dangerous link. Those are the only openings that the hackers, and in turn their software, are looking for.

Clicking On Pop-Ups

Similar to drawing people through email, pop ups are also used for redirecting you to the hackers’ link that contains malicious software. Although most pop-ups will be in the form of advertisements and promotions, there are some that have a higher hit rate. These are the pop-ups that redirect you to adult sites and their trademark lure is that you can watch adult content in private, without having to worry about someone tracking you through your credit card or internet browsing history. But the fact is that the site itself is malicious and once you enter the site, the possibilities of how the hacker might attack your computer are endless.

Improper Computer Maintenance Habits

Another frequently noted aspect in most computers that are hacked is improper computer maintenance habits. Most of us do not pay attention to the computer when it shows a warning that a particular issue needs to be addressed immediately. It might be something as simple as updating your operating system or your virus protection software or a problem in your firewall. Irrespective of what the issue is, the point here is that all computer issues have to be addressed immediately without fail. Also, make sure that your virus databases are updated, run frequent full system scans and also get your computer checked if it has become slow lately or showing any other signs of being infected.

Categories: Our Products

Cross Platform Spyware Affecting VMs and Smartphones

August 30, 2012 Leave a comment

When the earliest virus programs came to light, there was a very easy way of classifying them. That would be based on the operating system that they can affect. Although this was a very rudimentary classification of the software, it proved to be very helpful for developing anti-virus programs. The potentially dangerous software would be scanned based on their target nodes and then the counter measures would be activated. The virus database that software employed would be more specific. Recently, a new spyware that will download the virus file from the internet depending on the operating system that it is targeting has been detected.

‘Crisis’ and ‘Morcut’ Will Initially Be In the Form of a Trojan

Researchers have detected these new viruses and have named them ‘Crisis’ and ‘Morcut’. Initially, they would be Trojans before they reach the hosts. A Trojan is malicious software that will remain inactive till it reaches the intended destination. Once it does, it manifests itself into the potentially dangerous software that it was intended to be. To ensure effectiveness, these two spywares download the malicious code directly from the internet once they plant themselves on the destination. This is not only ingenious but also makes sure that they are not overly scrutinized by the virus protection software. That will ensure that the chances of them going in undetected are more.

Using a Backdoor in the System to Gain Entry

Another important facet that researchers noticed in these two spyware programs is that they make use of the vulnerabilities in the system itself to enter the operating system. Once it reaches the host, it will download and install a program that will open a backdoor in the OS. Once that is done, it will employ root kit functionality to prevent its detection. Morcut has a limited range of spying capabilities which includes key logging, reporting and file stealing. Crisis on the other hand, is more advanced and hence, more lethal.

Crisis Has a Wide Range of Functions

Once Crisis installs the backdoor program on the host, it has the capabilities to literally copy the contents of the computer and relay it over the internet. However, this is not feasible as the abnormal data transfer will be recorded by the security software and the spyware will be detected. Without drawing too much attention, Crisis will spy on Skype calls, record and relay the system log, log keystrokes and so on.

Ingenious Way of Spreading Itself

This spyware has employed one of the latest techniques to manifest itself onto other computers. The technique is called as social engineering. The users themselves are fooled by the filename and unsuspectingly download them willingly. To make matters worse, the malicious software also has a security certificate of its own, forged of course. All you have to do is to just ignore or override the security error that your computer displays. Once you override that warning, the data of your computer is at the mercy of the hackers. Recently, researchers have told that the malicious software appears by the name of AdobeFlashPlayer.jar. This looks like a harmless enough Java file but you are not aware of how lethal the code that is wrapped in that package is.

It Has Been Uploaded on Most Popular Sites

You cannot be sure of the files you download these days as these two spyware programs have found their way everywhere. They are on forums, groups, discussion boards and sites known for worry free torrents. The security software is also unable to stop this spyware once it is unpacked and installed on the computer. So be careful of the files you download, especially the ones without a digital signature and security certificate.

Categories: Our Products

General Public Left in Dark about Failures in Cyber Security

August 29, 2012 Leave a comment

Security issues in the cyber world have been rampant especially in recent times. Lately, there has been an increased awareness about cyber world security measures and people have started to take privacy issues more seriously. So obviously, there will be a huge reaction if all the security breaches are made public. To prevent this, the government has been concealing serious cyber world security breaches from the general public. A recent survey conducted by the European Network and Information Security Agency revealed some astonishing facts. Not only is the government completely at sea about some of the security breaches but even in the ones about which they have information about, they do not reveal it to the public fearing a strong reaction.

Violation of Constitutional Rights

This particular trend is definitely something to worry about because it is not only increasing the security risk users might face, but is also constitutionally incorrect. The constitutions of democratic countries state that the citizens of the country must be intimated about any form of threat, and that includes internet security threats also. However, this concealing of information is more of a political move than anything else. Under the rule of a particular party, if a serious security breach is exposed, then that will be a black mark on the party’s regime. The internet has become such an integral part of our lives that a security breach cannot be taken lightly.

Ignoring the Basic Internet Security Rule

Over the years, one of the rules that computer security experts have stood by is that knowledge about the impending threats is imperative to our safety. When we are equipped with that knowledge, we can safeguard ourselves against them and make sure that measures are in place to counter those threats. By not releasing information about the security breaches, the government is not only increasing the security risks they are taking but also putting the citizens at risk.

Cross Border Threats also A Cause for Worry

While we are worrying about small issues like stop cookies/tracking online, hackers are developing malicious software that can attack people internationally. With the internet, the size of the world that we live in has shrunk dramatically and hackers can now target people who are in different countries. Governments are not only concealing data from the people but are also withholding it from the other governments. The reason for this might be either political reasons or to uphold their own sense of invincibility. Either way, the people who suffer are the ones who have the least idea about these issues.

Number of Examples Depict the Same

What we are talking about here is not an isolated incident that occurs here and there. Regularly, people have been hearing about hackers gaining access to user accounts. Let us take the example of the LinkedIn hack in the June of this year. Close to 7 million accounts were hacked and the authentication codes were posted on the hacker forums. People with the right information could access it and gain unauthorized access to private profiles. There was also an incident in October  of 2011 when users of Blackberry phones lost all access to emails and other internet data when the United Kingdom datacenter crashed. Although that was the official story, we cannot be sure what the real reason might be.

The Solution

As citizens, we must urge the government to be more transparent about internet security threats in case there are any. More often than not, it is the cover ups that cause more damage than the actual hack itself. Since this issue has come to light now, we will have to wait and see how the government will react in the future.

Categories: Our Products

Safely Downloading Torrents without Demonoid

August 28, 2012 Leave a comment

Demonoid was considered to be one of the safest and secure torrent sites that are online and users were also very happy to employ the services. However, the site has recently went down and torrent users are finding it difficult to find sites and services that offer the same quality of offering as Demonoid. One of the most common questions you find in security related forums and groups are that ‘which site to use for worry free torrents. This article will attempt to provide a satisfactory answer to this particular query while busting some myths about Demonoid.

The Problem with Demonoid

Demonoid was considered as a very safe site as it projected an image of safety. Although you needed an account to download using Demonoid, you could actually open an account very easily. There would be open signup periods where anyone could open an account and also, you could get an invite from any of your friends. The most notable trend in this was that if you befriended someone online in a torrents forum, you could ask them to send you an invite. Also, Demonoid did track the users and supposedly kept the data confidential but you never know when that can change as the company’s site is down and out. Also, there was no screening process to determine whether the torrent was genuine or fake. Any Demonoid user could seed a virus file too.

Encryption Does Not Guarantee Safety

The new service where your channel can be encrypted using your torrent client only may not be as safe as you think it is. The reason for this is that since your torrent client uses an encryption standard that is not only outdated but can also be easily cracked. Furthermore, this was facilitated just as the first line of defense and you will have to make use of other tools to make sure that you are not being tracked at all costs. There are tools available in the market that will help you in encrypting the channels of communication and ensuing that you have a semblance of security. However, there is no other tool that provides better encryption than the virtual private network or VPNs.

Pros and Cons of VPNs

There is no doubt that VPNs are probably one of the top methods of ensuing that your torrents are safe and are not tracked. However, there are minor flaws in the VPNs too. For example, you will be tracked by the VPN service provider as the system requires them to maintain a log of all their customers. So, the perception that no one has your tracking data is wrong. Your VPN provider does have it. There is every possibility that the data can be misused by your VPN service provider or someone could hack it from your VPN service provider and use it to their advantage.

One way you can avoid this is by looking at the type of data your VPN service provider keeps track of. Since they charge you for the service, they are legally bound to give you information about this if requested. Another way to safely use VPNs is to hire the services of the ones that have a good track record. If VPNs have good reputation, then 99% of the times, their offerings are also safe.

Keep Your Eyes Open

Even though you have followed all the aforementioned steps, keep your eyes open for any suspicious activity on your computer. If there are random files in your temp folders, if you anti-virus software keep popping up warnings on a regular basis, etc, they are signs that your computer might be affected. There is also an option of calling in the experts in case the situation gets out of hand.

Categories: Our Products

Tips for Avoiding Social Media Oversharing

August 27, 2012 Leave a comment

As important as it is for us to employ the latest tools to ensure that our online privacy is protected, we also have to do our bit to make sure that we don’t make the hackers’ job easy. Ever since the introduction of social media websites, people have been eager to share their personal information on those sites. However, they are missing a vital piece of information that should not be ignored.

When you post information on a particular social networking site, it can be accessed by anyone from anywhere, with the aid of proper resources. The internet is such a complicated network that it is impossible to identify and eliminate all the other links from your social media sites. Since you are providing your personal information willingly, all hackers need to do is gain access to your profile. They will have everything they need to violate your online privacy.

Dangers of Oversharing

Some people are so addicted to social media sites that they don’t even bother about the consequences of sharing too much information. From the point of view of social media sites, they want to provide their users with an experience that has comprehensive information about their friends. So, they ask you to share everything from where you are and what you are doing, to regular status updates and other similar information.

However, this information can be very dangerous if miscreants get their hands on it. Oversharing is a phenomenon where you feel the need to update your social media profiles about every activity you involve in throughout a regular day, including sharing your geographic location and other personal info like pictures. This is not only wrong but also has irreversible consequences.

Here are a few tips that will help you to avoid oversharing and make sure that your online privacy is not threatened.

Sharing with Genuine People

A survey noted that most of the people on social media platforms (especially teenagers) tend to make friends with unknown people to socialize. Socializing is a good thing but you must ensure that the person you befriend is  genuine . Miscreants have been known to use anonymous social media accounts to befriend unsuspecting people and exploit their personal information.

There is a settings option known as the privacy settings that ensures your info can be viewed by people who you authorize only. Actively make use of this option and authorize only the friends you know to be able to view your updates. If you make a new friend, make sure that he/she is genuine and authentic before adding to your list of authentic friends.

Avoid Location Tracking Application and Location Updates

Let us take the example of Facebook and Twitter. The check-in option will update where you are using the GPS on your smartphone or your computer. Although this is a very attractive feature to let your friends know where you are, there is a bad side to it. Some location based apps can track your location even when you are not using them. A skilled hacker can make use of this app to track you accurately without your knowledge.

Keep Track of Your Settings

In today’s world, viruses are so advanced that they have the ability to change your settings without your knowledge. These don’t have the source code like your regular viruses, spyware, malware or any other type of potentially dangerous software and are not detected by your security software. So, keep checking your privacy settings and other security settings of your social media accounts on a regular basis. In case it has been changed, you can set it right before too much damage is caused.

Categories: Our Products

You Can Be Stalked Through Your Smartphone?

August 24, 2012 Leave a comment

When people started using the internet extensively, miscreants, who were also computer experts, came up with many ways of tracking a person using his/her online activities. Viruses, spyware, malware, and various other types of malicious software were developed and are still being developed today. However, smartphones are the latest gadgets on the market that most professionals, and even students, cannot live without.

With mobile internet technology improving drastically and with the availability of high speed data transfers over mobile networks, people have started replacing their computers with smartphones for activities like internet browsing, checking mail, social networking, etc. There are many reasons for this, the primary one being that smartphones are easier to carry and the newer models are becoming more powerful with faster processors and other associated features.

However, there is a drawback to your dependence on the smartphone. These devices are being increasingly targeted by online prowlers for stalking a person. In fact,  they are finding it more convenient to target phones than targeting laptop and desktop computers. The big question here is – how effective is  stalking through your smartphone.

Smartphone Will Be on Your Person Always

One of the advantages for stalkers who target smartphones is that you will carry it around wherever you go. It is obviously your point of contact and in today’s world, you also use it to check your mail, catch up on some left out work if possible, update your social network status, etc. The laptop on the other hand is not as portable as the mobile phone and you tend to leave it back if you are going out to unwind and relax. This would have created a gap in the stalker’s log, but with the smartphone, this gap can be now filled.

Social Networking Sites Play Their Part

Location based information is very valuable today and a lot of social networks encourage their users to share the details of their location willingly. This service was introduced in a bid to make the information more comprehensive and detailed. The downside to this feature is that you have accepted tracking as a part of the service and this happens legally. When you download a social network’s mobile app, it will have a piece of code which can read your location.

So, you already have a tracking software on your and you are always connected to the internet through the mobile network. All the hacker/stalker has to do now is to add a few more lines of code which will relay the information back to him/her. The channel for this communication will be your own mobile network. So, you are being tracked and you have accepted this as a part of being on social networking sites.

GPS Service on the Phone

Another feature that hackers use extensively is the GPS feature on your smartphone. GPS technology was introduced as a military service initially and was later expanded to consumer technology too. Initially, GPS was not that accurate and the tracker could only point out the location roughly. However, companies have noted that people emphasize a lot on details and the technology is so advanced now that you can pinpoint the location of a smartphone with an error of +/- 2 feet. This is impressive but is also very convenient tool for the stalker. All they have to do is make use of the GPS in your phone to keep a tab on you.

All the aforementioned techniques are only a few of the many methods hackers use to stalk people. There are many more advanced techniques which can be used to track you and it will not be sufficient if you stop cookies/tracking online option in your mobile browser. There are features in your smartphone which can be used against you and you should be very careful while using the device. How you can avoid being tracked using your smartphone is however, a topic for another day.

Categories: Our Products

FTC Proposes Modifications to COPPA

August 23, 2012 Leave a comment

The online security privacy of children has always been a major cause for concern for parents and there has been a lot of debate on how to make the internet safe for kids. In today’s world, the option of banning children from using the internet is virtually impossible. At the same time, you cannot ignore  privacy issues which can lead to some very serious complications if not taken care of. There have been examples of kids being victimized online as they are innocent and vulnerable.

This issue is not new and the Federal Trade Commission had introduced the Children’s Online Privacy Protection Act (COPPA), which dealt exclusively with children’s privacy issues. But the act was introduced when technology was not as developed as it is today. Mobile technology has also developed over the past couple of years and there were no clauses which dealt with mobile related privacy issues. There were a many comments on the COPPA and the FTC was under pressure to make some changes to the act, and finally, the FTC has succumbed to the pressure.

It has now announced a few modifications to the act. According to the official release, the FTC has issued a ‘Supplemented Notice of Proposed Rulemaking’ which will allow it to add some clauses that will address  children’s privacy concerns, which arose due to the advancement in technology.

Parents Are Given the Authority

According to the notice, the modifications in the rules will give the parents the ultimate authority regarding the collection of information about under-13s. If a website is specifically designed for kids who are under the age of 13 and it should collect  information from its users, then the parents consent should be exclusively obtained. There should also be a notice regarding this privacy issue which should be displayed at all times and the sites should start collecting data only after the parental consent is obtained. This will also eliminate some concerns where in adults pose as kids using anonymous social media accounts and take advantage of them.

Modifications to Provide Flexibility for Operators

Some of the proposed changes will also benefit the operators of websites in more ways than one. For example, let us consider a site that is exclusively meant for kids under the age of 13. If the site wants to incorporate services from a third party vendor to their site and that service will also collect data from the users, then the service providers will also be considered as an operator. This will mean that the FTC rules that apply to the operators will apply to the third part vendor also. Hence, they will have to comply with privacy issues.

Screening Visitors Based on Their Age

Another proposed change in the rules is aimed at sites that have visitors who are both over and under the age of 13 years. If a user is below 13 years, then the COPPA rule will have to be implemented and those privacy rules should be enforced. This is a very good change indeed and it will prevent a few security threats like such as under aged users visiting links meant for adults. It will also allow the operator to decide which services are fit for the under aged users and which ones are appropriate for the mature users. This rule will be exclusively for sites that have users of mixed age groups. A site that targets under-13 people cannot be subjected to this rule.

Changes Can Bring About Some Mixed Reactions

Not everyone will be happy with these changes. For example, the children will be subject to a lot more restrictions than they are now. This will also mean more effort on the part of the operator to ensure the privacy of the users. We will have to wait and see how exactly the reactions will be when these rules are actively enforced.

Categories: Our Products