What Do Websites Know About You

December 2, 2010 — Mrs. Mecomber
eave

When you connect to the Internet, you not only receive information, you release information. Your computer has identifiable data that is displayed for others to see (mostly advertisers and tracking counters such as Google Analytics or StatCounter). Some information is necessary, such as the web browser you use. This information helps the website properly load the website for your browser. Your time that you visited is also logged. You can check out Kim Komando’s privacy check website to see exactly what data is gathered when you surf online.

Some of the data is extraneous, and is harvested by advertisers to monitor your surfing habits. This way, you are more easily targeted with ads to which you are more likely to respond. For example, I rarely see ads for baby diapers and strollers at the sites I visit, because I have no interest in them. I am, however, targeted with a plethora of ads for gadgets, cell phones and computers. Obviously, advertisers are tracking my surfing habits.

I think this kind of monitoring is unethical. So I use browser plugins such as AdBlock Plus and NoScript to block ads and scripts on my browser. I also clear out my cookies and cache folders periodically. And I use programs such as CrapCleaner and MalwareBytes to scan and remove adware and tracking cookies.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in ad blocks, browsers, crime, Internet, surveillance, websites. Tags: , , . Comments Off »

Lots of Bots

November 26, 2010 — Mrs. Mecomber
ew90085093

Yikes. According to CNet, more than 2 million computers in the the United States host botnets! Botnets are malicious programs that infect computers. They are spread through viruses and worms, and are controlled by a “master” somewhere on the Internet. Botnets spew out spam, more viruses and worms, and phishing attacks. Computers under the control of botnets are called “zombies.”

Many times, computer users are unaware that their computers are infected. Unfortunately, these innocent parties can sometimes get in trouble with the law or their ISP for spewing out spam and other filth, even if they are unaware that their computer has been programmed by someone else. I’ve heard of people being thrown into court or paying large fines for sending spam, having filthy images on their computer, or sending out worms… totally unaware that their computer was a zombie.

You can protect your computer from botnets:

  • ALWAYS install a firewall and anti-virus program– use them, and keep them updated.
  • Keep your operating system updated.
  • Be very careful of the websites you visit. Music and video sites are “risky” sites.
  • Reformat your computer every once in a while. It’s a big project, yes, but I do it once a year or so. Not only does a reformat erase everything on the hard drive, it restores the operating system back to factory settings which makes everything faster like it was originally.
  • NEVER open email attachments unless you are 100% positive you know what it is. Some bots infect email accounts, and send out mail to everyone in the contact list (including you), so a bot can disguise itself as a legitimate email from someone you know. It’s a good policy to email the sender and ask if they did indeed send an attachment before you open the attachment.

With proper security measures and clean online behavior, you can eliminate the risks of botnets.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in computers, crime, firewalls, security news. Tags: , , , , . 2 Comments »

Test Your Firewall

November 2, 2010 — Mrs. Mecomber
firewalla-02384

So you have a firewall. How do you know that the firewall is working properly? Here’s a terrific resource for checking your firewall strength: GRC Shields Up! The site has been around a long, long time (I remember it waaaay back about 6 years ago now! Maybe even older!). I rely on it to tell me how my firewall is performing. It’s free to use and it’s very comprehensive.

Basically, Shields Up! attacks your computer. No, not with a virus– with packets. The system will inspect your computer’s ports for vulnerabilities, and inform you of them after each test. You are then given some recommendations for improving your security.

You DO use a firewall…. right?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in free stuff, security programs. Tags: , . Comments Off »

Dell Server Computers Shipped With Virus

July 24, 2010 — Mrs. Mecomber

That‘s gotta hurt.

Dell has inadvertently shipped replacement motherboards for its PowerEdge servers that are infected with the Spybot worm. The malware affects servers running Windows, but not other operating systems.

The worm can be triggered if users run an update to either the Unified Server Configurator (USC) or 32-bit Diagnostics on the server.

According to a Dell employee posting to the PowerEdge server support forum, “the W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing.” The worm, which is not part of the firmware, can be blocked by “all industry-standard antivirus programs on the market today,” he said.

Did you notice that word “inadvertently” in the first sentence? No one “inadvertently” installs malware onto a motherboard. It is PLACED there. I’m not saying Dell did it. But SOMEONE surely did.

Dell is being rather secretive about how the malware got there, and is being criticized for taking slow action. Weird.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in computers, news. Tags: , . Comments Off »

Banks Need to Tighten Online Security

December 16, 2009 — Mrs. Mecomber

This news does not surprise me. I have long lamented the weak security measures of banks and credit card companies. For one, I am astounded that banks require you to make weak passwords– 8 to 10 characters, all letters and/or numbers. That is SO easy to crack! My Photobucket account has a better password than my bank online account.

Banks have recently tried using “one-time” passwords for “added” security. But the news is that hackers find these a piece of cake:

Security measures such as one-time passwords and phone-based user authentication, considered among the most robust forms of security, are no longer enough to protect online banking transactions against fraud, a new report from research firm Gartner Inc. warns.

Increasingly, such measures are overwhelmed by online criminals looking to pillage bank accounts using valid login credentials stolen from customers, the report said.

Going forward, banks need to quickly implement additional layers of security to protect their customers from falling victim to online fraud, said Avivah Litan, Gartner analyst and the report’s author.

Gartner’s warning comes amid a sharp uptick in fraud involving the exploitation of valid online banking credentials. In August, NACHA- the Electronics Payments Association issued an alert, warning members about attacks involving the theft of online banking credentials, such as usernames and passwords mostly from small- and medium-size businesses. Cybercriminals used the stolen credentials to take over corporate accounts and initiate unauthorized transfers of funds via electronic payment networks, NACHA said in its warning. NACHA, with more than 11,000 financial institutions as members, oversees the Automated Clearing House (ACH) electronic payments network.

Just a few days earlier, a similar alert was sent to members of the Financial Services Information Sharing and Analysis Center. The alert identified organized cybercrime groups in Eastern Europe as predominantly responsible for illegally siphoning millions of dollars off corporate accounts and sending the money overseas via popular money and wire transfer services.

Last month, the FBI’s Internet Crime Complaint Center noted that as of October, cybercrooks had attempted to steal approximately $100 million from U.S. banks using stolen log-in credentials. On average, the FBI is seeing several new cases opened each week, the complaint center said. In most instances, the crooks used sophisticated keystroke logging Trojan horse programs to steal login credentials from company employees authorized to initiate funds transfers on behalf of the business, the FBI noted.

I am suspicious as to why banks and credit card companies are SO SLOW to adopt tighter security. With the technology and ability already out there, why are banks not taking advantage of it? Why are they so reticent to make our money and transactions more secure?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in business services, crime, security news. Tags: , , , . Comments Off »

Internet Warfare

November 9, 2009 — Mrs. Mecomber

Disturbing news from ComputerWorld. China is gearing up for “cyber warfare” while the United States blindly favors China with “Most Favored Nation” status, pandering to its Communist oppressive government, and free trade of endless toxic crap from the country…. unbelievable.

Looking to gain the upper hand in any future cyber conflicts, China is probably spying on U.S. companies and government, according to a report commissioned by a Congressional advisory panel monitoring the security implications of trade with China.

The report outlines the state of China’s hacking and cyber warfare capabilities, concluding that “China is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. government and industry by conducting a long term, sophisticated computer network exploitation campaign.”

Published Thursday, the report was written by Northrop Grumman analysts commissioned by the U.S.-China Economic and Security Review Commission.

Government agencies and military contractors have been hit with targeted, well-crafted attacks for years now, many of which appear to have originated in China. But this report describes in detail how many of these attacks play out, including an attack that exploited an unpatched flaw in Adobe Acrobat that was patched earlier this year.

Citing U.S. Air Force data from 2007, the report says at least 10TB to 20TB of sensitive data has been siphoned from U.S. government networks as part of a “long term, persistent campaign to collect sensitive but unclassified information.” Some of this information is used to create very targeted and credible phishing messages that then lead to the compromise of even more computers.

…The report describes sophisticated, methodical techniques and speculates on possible connections between Chinese government agencies and the country’s hacker community, increasingly a source of previously unknown “zero-day” computer attacks.

“Little evidence exists in open sources to establish firm ties between the [People's Liberation Army] and China’s hacker community, however, research did uncover limited cases of apparent collaboration between more elite individual hackers and the [People's Republic of China's] civilian security services,” the report says.

I remain totally baffled that the U.S. STILL maintains this one-sided relationship. In more realistic days, such activities would have been called for declarations of war. Our pink-puffy politicians just rake in the donations while they rip us off and sell us out! When will our coddling of China end?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
Posted in crime, news, security news. Tags: , . 3 Comments »
« Older posts «
»