Some spammers search the internet for unprotected computers they can control and use anonymously to send spam, turning them into a robot network, known as a "botnet." Also known as a "zombie army," a botnet is made up of many thousands of home computers sending emails by the millions. Most spam is sent remotely this way; millions of home computers are part of botnets.
Spammers scan the internet to find computers that aren't protected by security software, and then install bad software – known as "malware" – through those "open doors." That's one reason why up-to-date security software is critical.
Malware may be hidden in free software applications. It can be appealing to download free software like games, file-sharing programs, customized toolbars, and the like. But sometimes just visiting a website or downloading files may cause a "drive-by download," which could turn your computer into a "bot."
Another way spammers take over your computer is by sending you an email with attachments, links or images which, if you click on or open them, install hidden software. Be cautious about opening any attachments or downloading files from emails you receive. Don't open an email attachment — even if it looks like it's from a friend or coworker — unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
22 Ağustos 2011 Pazartesi
Use security software that updates automatically.
Keep your security software active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. You can buy stand-alone programs for each element or a security suite that includes these programs from a variety of sources, including commercial vendors or from your Internet Service Provider. Security software that comes pre-installed on a computer generally works for a short time unless you pay a subscription fee to keep it in effect. In any case, security software protects against the newest threats only if it is up-to-date. That's why it is critical to set your security software to update automatically.
Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers have used to spread malware. OnGuardOnline.gov can connect you to a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation.
Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it.
Anti-Virus Software
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
Anti-Spyware Software
Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your internet surfing, or record your keystrokes, which, in turn, could lead to the theft of your personal information.
A computer may be infected with spyware if it:
Slows down, malfunctions, or displays repeated error messages
Won't shut down or restart
Serves up a lot of pop-up ads, or displays them when you're not surfing the web
Displays web pages or programs you didn't intend to use, or sends emails you didn't write.
Firewalls
A firewall helps keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit.
Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers have used to spread malware. OnGuardOnline.gov can connect you to a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation.
Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it.
Anti-Virus Software
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
Anti-Spyware Software
Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your internet surfing, or record your keystrokes, which, in turn, could lead to the theft of your personal information.
A computer may be infected with spyware if it:
Slows down, malfunctions, or displays repeated error messages
Won't shut down or restart
Serves up a lot of pop-up ads, or displays them when you're not surfing the web
Displays web pages or programs you didn't intend to use, or sends emails you didn't write.
Firewalls
A firewall helps keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit.
File-Sharing: Worth the hidden costs?
Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often, the software is free and easy to access.
But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. In addition, you may unwittingly download malware or pornography labeled as something else. Or you may download material that is protected by the copyright laws, which would mean you could be breaking the law.
If you decide to use file-sharing software, be sure to read the End User Licensing Agreement to be sure you understand and are willing to tolerate the potential risks of free downloads.
But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. In addition, you may unwittingly download malware or pornography labeled as something else. Or you may download material that is protected by the copyright laws, which would mean you could be breaking the law.
If you decide to use file-sharing software, be sure to read the End User Licensing Agreement to be sure you understand and are willing to tolerate the potential risks of free downloads.
Know who you're dealing with.
And what you're getting into. There are dishonest people in the bricks and mortar world and on the internet. But online, you can't judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you're dealing with. If you're thinking about shopping on a site with which you're not familiar, do some independent research before you buy.
If it's your first time on an unfamiliar site, call the seller's phone number, so you know you can reach them if you need to. If you can't find a working phone number, take your business elsewhere.
Type the site's name into a search engine: If you find unfavorable reviews posted, you may be better off doing business with a different seller.
Consider using a software toolbar that rates websites and warns you if a site has gotten unfavorable reports from experts and other internet users. Some reputable companies provide free tools that may alert you if a website is a known phishing site or is used to distribute spyware.
If it's your first time on an unfamiliar site, call the seller's phone number, so you know you can reach them if you need to. If you can't find a working phone number, take your business elsewhere.
Type the site's name into a search engine: If you find unfavorable reviews posted, you may be better off doing business with a different seller.
Consider using a software toolbar that rates websites and warns you if a site has gotten unfavorable reports from experts and other internet users. Some reputable companies provide free tools that may alert you if a website is a known phishing site or is used to distribute spyware.
To avoid phishing scams:
Don't reply to an email, text, or pop-up message that asks for personal or financial information, and don't click on links in the message. If you want to go to a bank or business's website, type the web address into your browser yourself.
Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If you need to reach an organization with which you do business, call the number on your financial statement, or use a telephone directory
Some identity thieves have stolen personal information from many people at once, by hacking into large databases managed by businesses or government agencies. While you can't enjoy the benefits of the internet without sharing some personal information, you can take steps to share only with organizations you know and trust. Don't give out your personal information unless you first find out how it's going to be used and how it will be protected.
If you are shopping online, don't provide your personal or financial information through a company's website until you have checked for indicators that the site is secure, like a lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some scammers have forged security icons. And some hackers have managed to breach sites that took appropriate security precautions.
Read website privacy policies. They should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy also should tell you whether you have the right to see what information the website has about you and what security measures the company takes to protect your information. If you don't see a privacy policy — or if you can't understand it — consider doing business elsewhere.
Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If you need to reach an organization with which you do business, call the number on your financial statement, or use a telephone directory
Some identity thieves have stolen personal information from many people at once, by hacking into large databases managed by businesses or government agencies. While you can't enjoy the benefits of the internet without sharing some personal information, you can take steps to share only with organizations you know and trust. Don't give out your personal information unless you first find out how it's going to be used and how it will be protected.
If you are shopping online, don't provide your personal or financial information through a company's website until you have checked for indicators that the site is secure, like a lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some scammers have forged security icons. And some hackers have managed to breach sites that took appropriate security precautions.
Read website privacy policies. They should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy also should tell you whether you have the right to see what information the website has about you and what security measures the company takes to protect your information. If you don't see a privacy policy — or if you can't understand it — consider doing business elsewhere.
Protect your personal information. It's valuable.
To an identity thief, your personal information can provide instant access to your financial accounts, your credit record, and other assets. If you think no one would be interested in YOUR personal information, think again. ANYONE can be a victim of identity theft. In fact, according to the Federal Trade Commission, millions of people become victims every year. Visit ftc.gov/idtheft to learn what to do if your identity is stolen or your personal or financial information has been compromised – online or in the "real" world.
How do criminals get your personal information online? One way is by lying about who they are, to convince you to share your account numbers, passwords, and other information so they can get your money or buy things in your name. The scam is called "phishing": criminals send email, text, or pop-up messages that appear to come from your bank, a government agency, an online seller or another organization with which you do business. The message asks you to click to a website or call a phone number to update your account information or claim a prize or benefit. It might suggest something bad will happen if you don't respond quickly with your personal information. In reality, legitimate businesses should never use email, pop-ups, or text messages to ask for your personal information.
How do criminals get your personal information online? One way is by lying about who they are, to convince you to share your account numbers, passwords, and other information so they can get your money or buy things in your name. The scam is called "phishing": criminals send email, text, or pop-up messages that appear to come from your bank, a government agency, an online seller or another organization with which you do business. The message asks you to click to a website or call a phone number to update your account information or claim a prize or benefit. It might suggest something bad will happen if you don't respond quickly with your personal information. In reality, legitimate businesses should never use email, pop-ups, or text messages to ask for your personal information.
Practices for Computer Security
Access to information and entertainment, credit and financial services, products from every corner of the world — even to your work — is greater than ever. Thanks to the internet, you can play a friendly game with an opponent across the ocean; review and rate videos, songs, or clothes; get expert advice in an instant; or collaborate with far-flung co-workers in a "virtual" office.
But the internet — and the anonymity it affords — also can give online scammers, hackers, and identity thieves access to your computer, personal information, finances, and more.
With awareness as your safety net, you can minimize the chance of an internet mishap. Being on guard online helps you protect your information, your computer, and your money. To be safer and more secure online, make these seven practices part of your online routine.
But the internet — and the anonymity it affords — also can give online scammers, hackers, and identity thieves access to your computer, personal information, finances, and more.
With awareness as your safety net, you can minimize the chance of an internet mishap. Being on guard online helps you protect your information, your computer, and your money. To be safer and more secure online, make these seven practices part of your online routine.
16 Ağustos 2011 Salı
What is pharming?
Whereas phishing uses fraudulent email messages to lure you to fake Web sites and try to get you to supply personal information like account passwords, pharming attacks redirect you to a hacker's site even when you type the address of a real site into your browser.
Real or not?
Pharming does not require that a user clicks on an email message or has a system compromised by a Trojan or a keylogger, and therefore pharming is often described as "phishing without a lure."
Pharmers typically redirect users to a spoofed website by tampering with a company's hosts files or domain name system (DNS) so that requests for certain URLs return a bogus address and subsequent communications are then directed to a fake site. This means that users are unaware that the website where they are entering confidential information is controlled by hackers.
Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting the user to a fraudulent website when the user types in a legitimate address.
Pharming strike
In February 2007, a pharming attack that targeted online customers of at least 50 financial institutions in the US, Europe and the Asia-Pacific region infected at least 1,000 machines per day for several days. The attack was notable for the effort put into it by the hackers, who constructed a separate look-alike website for each financial institution they targeted.
Also in 2007, a new kind of pharming was discovered. In drive-by pharming a cyberattacker takes control of a user's home router by guessing the router password and any users who have not changed the default password on their router could be at risk.
Be aware
One way to protect yourself against pharming attacks is to only use pharming-conscious or (PhC) websites. If an attacker attempts to impersonate a PhC website, you will receive a message from the browser indicating that the website's "certificate" does not match the address being visited. You should never ever proceed to the website when you get such a message.
Real or not?
Pharming does not require that a user clicks on an email message or has a system compromised by a Trojan or a keylogger, and therefore pharming is often described as "phishing without a lure."
Pharmers typically redirect users to a spoofed website by tampering with a company's hosts files or domain name system (DNS) so that requests for certain URLs return a bogus address and subsequent communications are then directed to a fake site. This means that users are unaware that the website where they are entering confidential information is controlled by hackers.
Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting the user to a fraudulent website when the user types in a legitimate address.
Pharming strike
In February 2007, a pharming attack that targeted online customers of at least 50 financial institutions in the US, Europe and the Asia-Pacific region infected at least 1,000 machines per day for several days. The attack was notable for the effort put into it by the hackers, who constructed a separate look-alike website for each financial institution they targeted.
Also in 2007, a new kind of pharming was discovered. In drive-by pharming a cyberattacker takes control of a user's home router by guessing the router password and any users who have not changed the default password on their router could be at risk.
Be aware
One way to protect yourself against pharming attacks is to only use pharming-conscious or (PhC) websites. If an attacker attempts to impersonate a PhC website, you will receive a message from the browser indicating that the website's "certificate" does not match the address being visited. You should never ever proceed to the website when you get such a message.
What is a rootkit?
Rootkits are a malware inventor's dream: they are created to allow worms, bots, and other malevolent software to hide in plain sight. Rootkits are designed to hide themselves from detection by users and security programs, so they don't show up in Windows Explorer, the running processes don't display in the Task Manager, and many antivirus programs can't find rootkit-hidden malware.
A rootkit is a special program that buries itself deep into an operating system (like Microsoft Windows) for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and it can be used to create a hidden directory or folder designed to keep it out of view from a user's operating system and security software.
Attackers can then use the rootkit to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users' computers. Rootkits can allow criminals to remotely monitor, record, modify, steal and transfer any information entered or stored on a user’s computer, disabling some PC firewalls and evading some traditional security products at will.
Rootkits often bury themselves via other computer infections and then modify the operating system of the infected PC. They are often almost undetectable and extremely difficult to remove. Detecting a rootkit on a Windows PC is not unlike shining a flashlight at objects in a darkened room, and then trying to identify each object by the shadow it casts on the wall.
Rootkits are rapidly becoming more prevalent, more virulent and more sophisticated, security experts warn. The complexity in rootkits is growing at a phenomenal rate, allowing malicious software to bury deep and potentially go undetected inside Microsoft's Windows platform. Rootkits have grown over the past five years from 27 components to 2,400, according to a report from April 2007.
This means that there are more ways attackers can use these components to hide their malware and it means that the use of rootkits is increasing. One security company recorded a 62 percent annual increase in rootkit activity in 2006 and predicted an increase of around 40 percent 2007. Another security company that surveyed 291,000 users in October 2007 warned that increasing numbers of PC users are falling victim to rootkit infections.
A rootkit is a special program that buries itself deep into an operating system (like Microsoft Windows) for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and it can be used to create a hidden directory or folder designed to keep it out of view from a user's operating system and security software.
Attackers can then use the rootkit to hide their malicious software, which can range from spyware to keylogger software that can steal sensitive information from users' computers. Rootkits can allow criminals to remotely monitor, record, modify, steal and transfer any information entered or stored on a user’s computer, disabling some PC firewalls and evading some traditional security products at will.
Rootkits often bury themselves via other computer infections and then modify the operating system of the infected PC. They are often almost undetectable and extremely difficult to remove. Detecting a rootkit on a Windows PC is not unlike shining a flashlight at objects in a darkened room, and then trying to identify each object by the shadow it casts on the wall.
Rootkits are rapidly becoming more prevalent, more virulent and more sophisticated, security experts warn. The complexity in rootkits is growing at a phenomenal rate, allowing malicious software to bury deep and potentially go undetected inside Microsoft's Windows platform. Rootkits have grown over the past five years from 27 components to 2,400, according to a report from April 2007.
This means that there are more ways attackers can use these components to hide their malware and it means that the use of rootkits is increasing. One security company recorded a 62 percent annual increase in rootkit activity in 2006 and predicted an increase of around 40 percent 2007. Another security company that surveyed 291,000 users in October 2007 warned that increasing numbers of PC users are falling victim to rootkit infections.
What is a keylogger?
According to experts, keystroke loggers pose more risk to PC users than any other tool used for committing cybercrime. Also known as keyloggers, they are small programs or hardware devices that monitor each keystroke you type on a specific computer's keyboard, including typos, backspacing and retyping.
Recording your every move on the Web
Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are used by cybercriminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.
Unfortunately for consumers, keyloggers are becoming very sophisticated. Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal; for example online banking websites.
Therefore, keyloggers are an increasingly popular tool among identity thieves and most financial cybercrime is committed using them, as these programs are the most comprehensive and reliable tool for tracking electronic information. One security company detected just 275 keyloggers in 2001, while the number had reached 6,200 in 2005. Another security company recorded more than a 500 percent increase between January 2003 and July 2006.
Identity theft in all its various guises is one of the fastest growing crimes, with keylogging Trojan software often forming the weapon of choice for would-be fraudsters. According to figures from American consumer watchdog the Federal Trade Commission, almost ten million Americans discovered they were the victims of identity theft during 2003, with total losses approaching $50 billion. The research shows that the number of victims has risen by 50 percent since 2003 and the financial loss per consumer has more than doubled from $1,408 in 2005 to $3,257 in 2006.
In 2007, keylogging software found its way onto hundreds of PCs belonging to account holders at the large Swedish bank Nordea. In the biggest heist of customer accounts on record more than $1 million was stolen. Also in 2007, the users of an American retirement savings and investment plan for federal employees were targeted by keyloggers, with cybercriminals taking off with about $35,000 from two dozen user accounts.
In 2005, a businessman from Florida filed a lawsuit against the Bank of America after unknown hackers stole $90,000 from his account and transferred the money to Latvia. An investigation showed that his computer was infected with a malicious program that recorded every keystroke and this was how the hackers got hold of his user name and password. The court did not rule in favor of the plaintiff, saying that he had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.
Your PC can become infected with keyloggers in various ways. They can be inadvertently downloaded from an infected Web site, email attachment, or by clicking on links. Often cyberthieves are using Trojan-horse software to load keylogging software onto unsuspecting victims' computers.
Recommended methods to protect against keyloggers include keeping all your programs up-to-date – antivirus and firewall software as well as Windows, Office and other applications – recognising phishing emails, and avoiding the temptation of clicking links in email that point to potentially dodgy sites hosting malware.
Recording your every move on the Web
Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are used by cybercriminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.
Unfortunately for consumers, keyloggers are becoming very sophisticated. Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal; for example online banking websites.
Therefore, keyloggers are an increasingly popular tool among identity thieves and most financial cybercrime is committed using them, as these programs are the most comprehensive and reliable tool for tracking electronic information. One security company detected just 275 keyloggers in 2001, while the number had reached 6,200 in 2005. Another security company recorded more than a 500 percent increase between January 2003 and July 2006.
Identity theft in all its various guises is one of the fastest growing crimes, with keylogging Trojan software often forming the weapon of choice for would-be fraudsters. According to figures from American consumer watchdog the Federal Trade Commission, almost ten million Americans discovered they were the victims of identity theft during 2003, with total losses approaching $50 billion. The research shows that the number of victims has risen by 50 percent since 2003 and the financial loss per consumer has more than doubled from $1,408 in 2005 to $3,257 in 2006.
In 2007, keylogging software found its way onto hundreds of PCs belonging to account holders at the large Swedish bank Nordea. In the biggest heist of customer accounts on record more than $1 million was stolen. Also in 2007, the users of an American retirement savings and investment plan for federal employees were targeted by keyloggers, with cybercriminals taking off with about $35,000 from two dozen user accounts.
In 2005, a businessman from Florida filed a lawsuit against the Bank of America after unknown hackers stole $90,000 from his account and transferred the money to Latvia. An investigation showed that his computer was infected with a malicious program that recorded every keystroke and this was how the hackers got hold of his user name and password. The court did not rule in favor of the plaintiff, saying that he had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.
Your PC can become infected with keyloggers in various ways. They can be inadvertently downloaded from an infected Web site, email attachment, or by clicking on links. Often cyberthieves are using Trojan-horse software to load keylogging software onto unsuspecting victims' computers.
Recommended methods to protect against keyloggers include keeping all your programs up-to-date – antivirus and firewall software as well as Windows, Office and other applications – recognising phishing emails, and avoiding the temptation of clicking links in email that point to potentially dodgy sites hosting malware.
What is a firewall?
A firewall is a hardware or software device configured to permit or deny data through a computer network in order to protect the resources of a private network from users from other networks. For example, an enterprise with an intranet that allows its workers access to the wider Internet would install a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
In the same way, computer users install personal firewalls (usually software) to protect their computers from the threats of the Internet. The program simply sits between your computer and the Internet and its job is to filter incoming and outbound traffic. That way it can deny intruders or malware access to your computer and it can also detect unwanted outbound traffic. For instance, in order to guard against spyware which could be sending your surfing habits to a Web site.
Basically, a firewall examines all data trying to pass it to determine whether to forward it to its destination. This is done according to a set of rules set by the user, establishing which sorts of traffic to be allowed and which traffic not. The term "firewall" of course originated from firefighting, where firewalls are barriers established to prevent the spread of fire.
An up to date firewall is really one of the most basic must-have elements of computer protection and that became clear, when the Love Bug, MyDoom, Slammer, and Sasser worms swept across the globe in the first years of this millennium causing millions of dollars of damage. As a response ordinary computer users started installing firewalls and anti-virus products galore and the next generations of worms have pretty much been stopped dead in their tracks before they could start spreading to a serious degree.
Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
In the same way, computer users install personal firewalls (usually software) to protect their computers from the threats of the Internet. The program simply sits between your computer and the Internet and its job is to filter incoming and outbound traffic. That way it can deny intruders or malware access to your computer and it can also detect unwanted outbound traffic. For instance, in order to guard against spyware which could be sending your surfing habits to a Web site.
Basically, a firewall examines all data trying to pass it to determine whether to forward it to its destination. This is done according to a set of rules set by the user, establishing which sorts of traffic to be allowed and which traffic not. The term "firewall" of course originated from firefighting, where firewalls are barriers established to prevent the spread of fire.
An up to date firewall is really one of the most basic must-have elements of computer protection and that became clear, when the Love Bug, MyDoom, Slammer, and Sasser worms swept across the globe in the first years of this millennium causing millions of dollars of damage. As a response ordinary computer users started installing firewalls and anti-virus products galore and the next generations of worms have pretty much been stopped dead in their tracks before they could start spreading to a serious degree.
Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
What are security holes?
Security holes are constantly discovered in all sorts of software and to plug the holes software vendors issue patches - also called "fixes" or just plainly "security updates" - to offer an immediate quick-repair solution for the problem and/or a general enhancement of the software.
Flaws in Microsoft's software seem to be the most popular to exploit, so the American software giant releases a lot of patches. But other common desktop applications like Firefox, QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java Runtime Environment also often need to be patched to fix security issues.
In 2003, Microsoft introduced Patch Tuesday to simplify patch management. Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for Windows and related software applications like Internet Explorer, the Office suite, and Windows Media Player.
Microsoft's patches are distributed via Automatic Updates and the company's Microsoft Update downloads website.
Unfortunately, releasing patches also means that cyber-criminals are able to analyse the patch code and exploit the vulnerabilities that the patches were intended to deal with. Therefore a lot of exploits are seen shortly after the release of a patch and the term "Exploit Wednesday" was coined for the day following Patch Tuesday. Malware authors also know that if they start exploiting a vulnerability not known to Microsoft right after Patch Tuesday, it will normally be an entire month before Microsoft releases a patch to fix it. In 2006 Microsoft only broke its patch cycle twice to release very critical fixes.
Today's cyber-criminals are very fast at creating exploit code. When Microsoft issues patches, exploit code for the publicly disclosed vulnerabilities will usually appear the same or the next day. Hackers are able to do that through reverse engineering.
In April 2008, a group of computer researchers urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
Using an automated tool, an exploit could be created in a few minutes or less after looking at the patch, according to the researchers. This means it is theoretically possible for hackers to start trying to exploit machines a short time after the attackers have received the patch, putting more PCs at risk of becoming infected with malicious software.
Flaws in Microsoft's software seem to be the most popular to exploit, so the American software giant releases a lot of patches. But other common desktop applications like Firefox, QuickTime, RealPlayer, Adobe Reader, Adobe Flash Player, and Sun Java Runtime Environment also often need to be patched to fix security issues.
In 2003, Microsoft introduced Patch Tuesday to simplify patch management. Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for Windows and related software applications like Internet Explorer, the Office suite, and Windows Media Player.
Microsoft's patches are distributed via Automatic Updates and the company's Microsoft Update downloads website.
Unfortunately, releasing patches also means that cyber-criminals are able to analyse the patch code and exploit the vulnerabilities that the patches were intended to deal with. Therefore a lot of exploits are seen shortly after the release of a patch and the term "Exploit Wednesday" was coined for the day following Patch Tuesday. Malware authors also know that if they start exploiting a vulnerability not known to Microsoft right after Patch Tuesday, it will normally be an entire month before Microsoft releases a patch to fix it. In 2006 Microsoft only broke its patch cycle twice to release very critical fixes.
Today's cyber-criminals are very fast at creating exploit code. When Microsoft issues patches, exploit code for the publicly disclosed vulnerabilities will usually appear the same or the next day. Hackers are able to do that through reverse engineering.
In April 2008, a group of computer researchers urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
Using an automated tool, an exploit could be created in a few minutes or less after looking at the patch, according to the researchers. This means it is theoretically possible for hackers to start trying to exploit machines a short time after the attackers have received the patch, putting more PCs at risk of becoming infected with malicious software.
Keeping your PC up-to-date
Constantly patching the software on your PC is just as important as keeping your antivirus program up-to-date and running a firewall. Yet the numbers show that a lot of users are struggling with the task of keeping all their software up-to-date.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
On occation cyber-criminals have tried to sneak malware past users by disguising it as an automatic update to a popular software product. If you are in doubt if an update trying to install itself on your computer is the real deal, it might be a good idea.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
On occation cyber-criminals have tried to sneak malware past users by disguising it as an automatic update to a popular software product. If you are in doubt if an update trying to install itself on your computer is the real deal, it might be a good idea.
How a virus works
The word virus is often being used as a common term for all malicious programs, but technically a virus is a program or code that attaches itself to a legitimate, executable piece of software, and then reproduces itself when that program is run. Viruses spread by reproducing and inserting themselves into programs, documents, or email attachments. They can be transmitted through emails or downloaded files and they can be present on CDs, DVDs, USB-drives and any other sort of digital media.
A virus normally requires action to successfully infect a victim. For instance - the malicious programs inside email attachments usually only strike if the recipient opens them. The effect of a virus can be anything from a simple prank that pops up messages to the complete destruction of programs and data.
In recent years viruses have been on the decrease. In January 2007, one in 119.9 e-mails, or 0.83 percent, were infected with viruses, while more than 20 percent of emails at times contained viruses five years earlier. The difference is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. Also, there has been big increase in spam emails that contains links to download viruses.
The computer virus turned 25 in 2007. Long-suffering computer users would be forgiven for thinking that the first computer virus appeared in the mid-1980s, but the first virus actually predates the first IBM-compatible PC. Elk Cloner, which spread between Apple II computers via infected floppy disks, was released July 1982 and it was the first computer virus to spread in the wild.
Viruses had their heyday around the year 2000, with the Y2K scare. In 1999, the Melissa virus caught antivirus companies flat-footed and propagated rapidly. It was the first real outbreak of many of its kind that spread using Microsoft's Word and Outlook. A year later, the 'I Love You' virus caught the world by surprise. Lloyds of London estimated that the virus cost the global economy $10bn, making it the most expensive piece of malicious software to be unleashed to date. It was also the first time a computer virus became the day's top story for newspapers and television stations, marking a shift to mainstream awareness of computer viruses.
Nowadays, also mobile operators are starting to feel the pinch from viruses resulting from the increasing use of emails and Internet browsing on cellphones. Attacks on cellphones rose five times in 2006, with clients of 83 percent of mobile operators around the world having been hit, an industry study showed.
But mobile viruses are around 20 years behind those plaguing PCs, which translates into more than 300 virus variants targeting mobiles and smartphones, but around 400,000 such threats targeting PCs. In June 2004, a security company released details of a piece of mobile-phone malware that used Bluetooth to try to spread to other Symbian Series 60-based mobiles. That is believed to be the first case of a self-replicating mobile-phone virus and since then there has been a consistent increase in mobile viruses.
A virus normally requires action to successfully infect a victim. For instance - the malicious programs inside email attachments usually only strike if the recipient opens them. The effect of a virus can be anything from a simple prank that pops up messages to the complete destruction of programs and data.
In recent years viruses have been on the decrease. In January 2007, one in 119.9 e-mails, or 0.83 percent, were infected with viruses, while more than 20 percent of emails at times contained viruses five years earlier. The difference is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. Also, there has been big increase in spam emails that contains links to download viruses.
The computer virus turned 25 in 2007. Long-suffering computer users would be forgiven for thinking that the first computer virus appeared in the mid-1980s, but the first virus actually predates the first IBM-compatible PC. Elk Cloner, which spread between Apple II computers via infected floppy disks, was released July 1982 and it was the first computer virus to spread in the wild.
Viruses had their heyday around the year 2000, with the Y2K scare. In 1999, the Melissa virus caught antivirus companies flat-footed and propagated rapidly. It was the first real outbreak of many of its kind that spread using Microsoft's Word and Outlook. A year later, the 'I Love You' virus caught the world by surprise. Lloyds of London estimated that the virus cost the global economy $10bn, making it the most expensive piece of malicious software to be unleashed to date. It was also the first time a computer virus became the day's top story for newspapers and television stations, marking a shift to mainstream awareness of computer viruses.
Nowadays, also mobile operators are starting to feel the pinch from viruses resulting from the increasing use of emails and Internet browsing on cellphones. Attacks on cellphones rose five times in 2006, with clients of 83 percent of mobile operators around the world having been hit, an industry study showed.
But mobile viruses are around 20 years behind those plaguing PCs, which translates into more than 300 virus variants targeting mobiles and smartphones, but around 400,000 such threats targeting PCs. In June 2004, a security company released details of a piece of mobile-phone malware that used Bluetooth to try to spread to other Symbian Series 60-based mobiles. That is believed to be the first case of a self-replicating mobile-phone virus and since then there has been a consistent increase in mobile viruses.
2 Ağustos 2011 Salı
Computer security policy-Germany
Berlin starts National Cyber Defense Initiative
On June 16, 2011, the German Minister for Home Affairs, officially opened the new German NCAZ (National Center for Cyber Defense) [[1]] , which is located in Bonn. The NCAZ closely cooperates with BSI (Federal Office for Information Security) [[2]], BKA (Federal Police Organisation) [[3]], BND (Federal Intelligence Service) [[4]], MAD (Military Intelligence Service) [[5]] and other national organisations in Germany taking care of national security aspects. According to the Minister the primary task of the new organisation founded on Feb. 23, 2011, is to detect and prevent attacks against the national infrastructure and mentioned incidents like Stuxnet
On June 16, 2011, the German Minister for Home Affairs, officially opened the new German NCAZ (National Center for Cyber Defense) [[1]] , which is located in Bonn. The NCAZ closely cooperates with BSI (Federal Office for Information Security) [[2]], BKA (Federal Police Organisation) [[3]], BND (Federal Intelligence Service) [[4]], MAD (Military Intelligence Service) [[5]] and other national organisations in Germany taking care of national security aspects. According to the Minister the primary task of the new organisation founded on Feb. 23, 2011, is to detect and prevent attacks against the national infrastructure and mentioned incidents like Stuxnet
Computer security policy
United States
Cybersecurity Act of 2010
On April 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-written with Senators Evan Bayh (D-IN), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee on Commerce, Science, and Transportation, which approved a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010.[7] The bill seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests (the bill quotes John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated" and talks about the country's response to a "cyber-Katrina".[8]), increase public awareness on cybersecurity issues, and foster and fund cybersecurity research. Some of the most controversial parts of the bill include Paragraph 315, which grants the President the right to "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network."[8] The Electronic Frontier Foundation, an international non-profit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors the dramatic over the sober response".[9]
International Cybercrime Reporting and Cooperation Act
On March 25, 2010, Representative Yvette Clarke (D-NY) introduced the "International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in the House of Representatives; the bill, co-sponsored by seven other representatives (among whom only one Republican), was referred to three House committees.[10] The bill seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. It also "directs the President to give priority for assistance to improve legal, judicial, and enforcement capabilities with respect to cybercrime to countries with low information and communications technology levels of development or utilization in their critical infrastructure, telecommunications systems, and financial industries"[10] as well as to develop an action plan and an annual compliance assessment for countries of "cyber concern".[10]
[edit] Protecting Cyberspace as a National Asset Act of 2010
On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in pdf), which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over the Internet. However, all three co-authors of the bill issued a statement claiming that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".[11]
White House proposes cybersecurity legislation
On May 12, 2010, The White House sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.
Cybersecurity Act of 2010
On April 1, 2009, Senator Jay Rockefeller (D-WV) introduced the "Cybersecurity Act of 2009 - S. 773" (full text) in the Senate; the bill, co-written with Senators Evan Bayh (D-IN), Barbara Mikulski (D-MD), Bill Nelson (D-FL), and Olympia Snowe (R-ME), was referred to the Committee on Commerce, Science, and Transportation, which approved a revised version of the same bill (the "Cybersecurity Act of 2010") on March 24, 2010.[7] The bill seeks to increase collaboration between the public and the private sector on cybersecurity issues, especially those private entities that own infrastructures that are critical to national security interests (the bill quotes John Brennan, the Assistant to the President for Homeland Security and Counterterrorism: "our nation’s security and economic prosperity depend on the security, stability, and integrity of communications and information infrastructure that are largely privately-owned and globally-operated" and talks about the country's response to a "cyber-Katrina".[8]), increase public awareness on cybersecurity issues, and foster and fund cybersecurity research. Some of the most controversial parts of the bill include Paragraph 315, which grants the President the right to "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network."[8] The Electronic Frontier Foundation, an international non-profit digital rights advocacy and legal organization based in the United States, characterized the bill as promoting a "potentially dangerous approach that favors the dramatic over the sober response".[9]
International Cybercrime Reporting and Cooperation Act
On March 25, 2010, Representative Yvette Clarke (D-NY) introduced the "International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in the House of Representatives; the bill, co-sponsored by seven other representatives (among whom only one Republican), was referred to three House committees.[10] The bill seeks to make sure that the administration keeps Congress informed on information infrastructure, cybercrime, and end-user protection worldwide. It also "directs the President to give priority for assistance to improve legal, judicial, and enforcement capabilities with respect to cybercrime to countries with low information and communications technology levels of development or utilization in their critical infrastructure, telecommunications systems, and financial industries"[10] as well as to develop an action plan and an annual compliance assessment for countries of "cyber concern".[10]
[edit] Protecting Cyberspace as a National Asset Act of 2010
On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in pdf), which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over the Internet. However, all three co-authors of the bill issued a statement claiming that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".[11]
White House proposes cybersecurity legislation
On May 12, 2010, The White House sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.
Applications
Computer security is critical in almost any technology-driven industry which operates on computer systems. Computer security can also be referred to as computer safety. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.[3]
[edit] Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely[original research?].
[edit] Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.[4]
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide.[5] One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.[citation needed] Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.[citation needed]
[edit] Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
[edit] Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely[original research?].
[edit] Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.[4]
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide.[5] One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.[citation needed] Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.[citation needed]
[edit] Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
Kaydol:
Kayıtlar (Atom)