In This Issue
Wireless hotspots are changing the way people work by providing high-speed Internet connection in public locations. All you need is a notebook computer equipped with a wireless card -- and some information about how to connect safely. Before you take your notebook on a trip, spend some time with a knowledgeable computer consultant who can show you the ropes, starting with how you can avoid unsecured and bogus hotspots. Hotspots are an everyday connection method for travelers and remote workers to browse the Internet, check their email, and even work on their corporate networks while away from the office. Legitimate ones range from paid services to public, free connections. But they all have one thing in common--they are open networks that are vulnerable to security breaches. It's up to you to protect the data on your computer. Here are seven tips to make working in public locations safer.
- Do not assume that public hotspots are secure. , assume that other people in cafes, hotels, libraries, airports and other public places can access any information you see or send over a public wireless network. Don't work with sensitive information, such as credit card and bank account numbers, visit password-protected websites, or connect to your corporate network while you are connected to a public network.
- Do not connect to unsecured wireless networks. If you don't need a password to connect, the Bad Guys don't either. When you ask your computer to search for Wi-Fi networks, you will see a list of those that are available along with a note that tells you whether a network is secured or unsecured.
- Scrutinize that hotspot before you connect. It's a simple thing for a hacker to mimic the name of a familiar hotspot and set a trap for you. For example, if you work for ABC Corporation and, while you are at Starbucks, your computer asks if you want to connect to a network called "ABC Corporate Network," it's a pretty safe bet that it's a scam. Don't connect to it.
- Do not allow automatic connections. Make sure that your computer settings do not allow automatic connections to hotspots. Chances are that there are several wireless networks anywhere you're trying to connect. Configure your computer to let you approve access points before you connect.
- Use a software firewall. Personal firewall software should be installed and working on your computer. If you rely on a firewall that is pre-installed on the computer when you purchase it, be sure the firewall is turned on.
- Disable file and printer sharing. File and printer sharing are features that enable other computers on a network to access resources on your computer. When you are using a public hotspot, it's best to disable file and printer sharing. When enabled, they can make your computer vulnerable to hackers.
- Consider removing sensitive information from your notebook. Take sensitive information that you won't be needing off your notebook altogether before you go on the road.
More information
- Purdue University Warns Affiliate Organizations of .com Email Scam: Organizations closely affiliated with Purdue have been targeted by scam emails claiming that the University is changing its domain name and urging recipients to update their weblinks. The embedded link points to a fraudulent Purdue homepage. Purdue University is not changing its domain name and has no plans to move its web offerings to ".com" site. More information
- Alarmist Swine Flu Emails: According to email warning messages, H1N1 (swine flu) is wiping out entire villages in parts of Asia and has already mutated into a more deadly strain. This information supposedly originates from experts at the US based Centers for Disease Control and Prevention (CDC) and The Johns Hopkins University. However, it is unsubstantiated and false, as are claims that the mutated version of the virus is set to reach the United States in coming months where it will kill six out of ten people and necessitate the implementation of martial law. More information
- Bell Canada Phishing Scam: This email, which purports to be from Bell Canada, claims that due to a problem with a recent bill payment, the recipient is required to update his or her billing information or risk an interruption of service. The recipient is advised to follow a link in the message to confirm and update billing information. However, the message is not from Bell Canada. Instead, it is a phishing scam designed to steal personal and financial information from Bell Canada customers. More information
Microsoft and Apple provide free security updates for their software products.
Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The next scheduled release date is September 8th. This is a good occasion to check manually, a practice that you should follow once every two weeks, to make sure all of the updates have been installed. More information
OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel). More information.
iPhones & iPods: Must be updated manually:
http://docs.info.apple.com/article.html?artnum=305744
http://support.apple.com/kb/HT1483
- "Dirty Websites" Pose Biggest Security Risk: The 100 most dangerous sites on the web are propagating an average of 18,000 different pieces of malware, according to leading security software maker Symantec. While 48 of the top 100 worst are adult-themed sites, others featured diverse topics, ranging from deer hunting and catering, to figure skating, electronics, and legal services. "We used to tell people if you stick with the 'safe neighborhood' you will be safe, and what we see from this list is that even if you stick to the safe neighborhood, it doesn't mean you are safe," said Symantec's Dan Schrader. "Your own judgment doesn't tell you anything about the security practices of that site." Ken Pappas of Top Layer Security adds that "The list of most-offensive websites is changing and new websites are constantly being infected. This is not something like building a ten most-wanted for criminals at large. "Whether it's ten viruses or ten thousand doesn't matter; the point is, many people are going to what they believe is a legitimate and trusted website. They have no idea or warnings it will potentially put malware in the computer." More information and http://safeweb.norton.com/dirtysites
[Editor's Note: (Wyman) Your browser Internet Explorer, Firefox, Safari, Opera, or Chromes become the main route that Internet criminals use to get into your computer. The proliferation of dirty websites
is a wake-up call for ordinary computer users.
1. You can't tell anymore if a website is safe or not by looking at it.
2. Even the newest and best technology will not give your computer 100% protection.
3. Even if you follow the best security practices consistently, your computer can get infected anyway. Cleaning it will be beyond your capabilities as an ordinary computer user.
4. Get expert help without delay. Contact your local computer support staff or a qualified computer consultant at the first sign of trouble.]
- Hackers Put Social Networks in the Crosshairs: Websites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers. Social-networking sites are the most commonly targeted vertical market. Twitter has been attacked by several worms this year, and other social-networking platforms such as MySpace and Facebook have also been used to distribute malware. Once infected, computers belonging to members begin posting links automatically on the social-networking sites that lead to other bogus websites rigged with malicious software. Users click on the links believing they have been posted by their friends. More information
- Mozilla Releases Patches for Critical Vulnerabilities in Firefox: Mozilla has issued two advisories to fix critical vulnerabilities in its popular Firefox web browser. Security experts have rated the vulnerabilities as 'critical,' and state that hackers can exploit them to track a Firefox user's web browsing, steal passwords, and deceive them into downloading and installing fake software updates More information
- Adobe Patches 12 Flash Player Bugs: Adobe has patched 12 vulnerabilities in Flash Player, including three inherited from faulty Microsoft development code and one that hackers are already exploiting. In a security advisory, Adobe briefly spelled out the dozen vulnerabilities, 10 that were pegged as potentially leading to hijacked systems or to hackers executing their own malware on a computer. The vulnerabilities affect the Windows, Mac, and Linux versions of Flash Player. Still to patch: the Solaris edition. More information and http://get.adobe.com/flashplayer/
- Credit Card Industry Grapples with SecurityFresh details of large-scale cyber attacks against data processor: Heartland Payment Systems, Inc. and supermarket chain Hannaford Brothers show the challenges facing the efforts of the credit card industry to upgrade security measures. While both companies say their computer networks met the tough new standards meant to prevent data breaches, Visa, Inc. said Heartland may have let its guard down. The positions reflect broader disagreements in the industry, as squabbling between merchants and financial firms over technology and the cost of systems upgrades continues to impede progress while the financial stakes get higher. Fraud involving credit and debit cards reached $22 billion last year, up from $19 billion in 2007, according to California consulting firm Javelin Strategy & Research. More information
Source material reproduced with permission from:
OUCH Monthly Newsletter
SANS Institute (http://www.sans.org)
|
Policies 
