Category: security

Email turmoil

What the Epsilon email breach means to you.

The massive email breach at Epsilon, the World’s biggest email marketing services company, has rightly caused headlines as it appears customer addresses from many of the world’s largest brands has been leaked to spammers and crooks.

Epsilon looks after the email services of major brands, including Tivo, Marks & Spencer, McKinsey and Dell Australia so the breach has exposed many people’s email addresses.

What does this mean?

The breach has not exposed passwords or credit card details, so there’s no direct threat from the breach.

However, having your name, email address and a company you’ve dealt with means a phishing attack, where a crook poses as a business you’ve dealt with and tries to get your passwords, will be more effective.

Normally these messages are a give away as they aren’t addressed personally to you and are often from organisations, usually foreign banks, you’ve never dealt with.

However a scammer who knows the organisation along with your name and email address can now launch a pretty convincing fake email campaign directing you to a site pretending to be say a competition or a security warning that asks you for your password.

Given many people use the same passwords for all the secure sites they visit, there’s a reasonable chance the bad guys will get a large number of live accounts and be able to access victims’ bank accounts, email services and social media sites.

What should you do?

The first thing is to be careful, don’t respond to any suspicious emails and if you are uncertain call the organisation’s support line from a number although do not use any numbers or other contact details shown on the suspicious email.

If you are concerned you have fallen for a trick, then change all your passwords immediately, we’d also suggest following the instructions on the IT Queries website and having a layered approach to security where sites which don’t matter have simple passwords.

We can also expect a wave of fake email and social media messages as peoples’ personal pages and accounts are hijacked and the scammers try posing as other people.

Similar posts:

  • No Related Posts

Backing up your online calendars and contacts

It’s important to have a backup of your web data

Online mail services like Hotmail, Gmail and Yahoo! Mail are great for the small business owner and anyone who is often on the road. Having a central website containing all your emails, contacts and appointments makes life a lot easier when you don’t spend your time sitting in an office.

There is a downside though, if your account get hijacked or inadvertently closed down then all of those contacts, appointments and emails may be lost. So it’s a good idea to have some backup in case disaster happens.

Hotmail

The best solution for Hotmail users is to use the synchronisation tools included in Windows Live Mail. Download Windows Live Mail from the Microsoft website, install the program then Sign In to your Hotmail Account using the button in the top right hand corner of the screen then click the Sync menu and select everything. This will save a copy of all your Hotmail details onto your computer.

Yahoo! Mail

If you’re a Yahoo! user, you can backup your contacts by clicking on the Tools button that appears in the top centre of the contact screen above your contact list and select either export or synch. Synch will synchronise your data with devices like iPhones and computers although this varies on what equipment you use, while export will save a file to your computer which you can then import into whichever program you use. If in doubt choose the Comma Separated Value (.CSV) option as most programs can read that.

For your Yahoo! calendar, click Options on the right hand side of the screen and select Synch, the following page will take you through the steps of synchronising your calendar with various programs. That page will also explain how you can subscribe to a calendar from a different account which will then let you save.

Gmail

In Gmail you can export your contacts by opening the Contacts page, clicking on the More Actions button on the centre top of the screen then selecting Export. You’ll then get options for Google, Microsoft and Apple contact lists. If stuck, choose the Google option.

For Gmail calendars, at the bottom of My Calendars on the left hand side of the page click Settings. Under the Calendars setting tab, click the Export button which should appear under your list of calendars. This will then download a backup of your calendars.

A nifty tool for Gmail users is Backupify, a free service if your data weighs in at less than 2Gb, this can automate backing up your Google and Facebook settings.

Mobile phone applications

If you have a mobile phone, you’ll find the software that came with it may have a function to synchronise your emails, contacts and calendar. It’s a good idea to set this up if you have the opportunity.

Data is the most important thing on your computer and things do go wrong with technology so it’s essential you back it up on a regular basis.

Similar posts:

  • No Related Posts

Alternatives to Internet Explorer

There’s a number of different web browsers to Microsoft’s built in program

This week’s announcement of a serious security flaw in Internet Explorer should be a warning to anybody using Microsoft’s web browser that they should move to an alternative program.

Internet Explorer, the web browser built into Windows, is particularly prone to security problems mainly because of the way Microsoft have integrated it into their operating system.

So it has always been a good idea to use one of Internet Explorer’s competitors to avoid various security issues. Luckily there are plenty of options which are not only more secure but faster, more flexible and reliable.

Mozilla Firefox

The most popular alternative browser is Mozilla Firefox. You can download a free a copy from the Mozilla website. One of Firefox’s big attractions is the vast range of add-in applications that make it a very useful tool.

Google Chrome

Google’s web browser is gaining acceptance across the market. It’s fast but it does do things a bit differently from the others with a vary spartan layout. You can get this free from Google’s website. Like Firefox it has a wide range of plug ins.

Opera

One of the longest established alternative browsers, Opera tends to be the cutting edge browser, while it’s not for everyone it’s fast, stable and is also a free download.

Apple Safari

If you use a Mac then the Safari browser is included with your system. Windows users can download a free version from Apple.

Of the four, Mozilla Firefox is the most popular with Google Chrome gaining acceptance.

All of these alternatives are perfectly good for general web browsing. It’s best to try each and use the one you find works best for you.

Unfortunately you can’t completely get rid of Internet Explorer. Not only is it a integral part of Windows, but some web sites won’t work properly on anything else.

Most notably for business users is the Outlook Web Access function, part of the Microsoft Exchange service, only works properly in Internet Explorer.

While we can’t ditch Internet Explorer, we can be sparing in its use. Consider the options and choose what works best for you.

Diversity is good in many fields. A variety of programs is good for your desktop.

Similar posts:

  • No Related Posts

Protecting yourself on Facebook

Some basic tips on guarding your online data

Social networks are great way of keeping in touch with friends, family and colleagues. With 500 million users, none is a more effective tool than Facebook.

Keeping in touch with friends and relatives though does have a downside, sometimes you might give away more than you intend to. When you share with friends on a social service, everyone in your network can see what you are doing.

To make things worse, many social media businesses will give away their customers’ private information to make a few dollars as the controversy over Facebook’s recent changes to their privacy settings and the company’s subsequent backdown shows .

Because this information is valuable, organisations are prepared to pay for it and the bad guys are eager to trick it out of you. Given the risks of identity theft, stalkers or all manner of Internet crazies finding you online, it’s important to guard this information.

Facebook don’t make it easy to protect yourself, but you can hide key information.

Take off personal data
The first, simple step to protecting yourself is to move as much data as possible off your profile – home address, phone number, relationships, sexual orientation, birth year  – are a few things that simply don’t need to be online. Take off everything that could potentially cause problems, you may need to use some judgement on what you’re comfortable sharing with your online contacts.

Birthdays are a good example of where you should use that judgement. Facebook’s quite a good tool for reminding you of birthdays, but your birth date is also an important part of identity theft. If you do want to share a birthday, never put your birth year in – your relatives and friends have a good idea of how old you are – and you might want to consider putting the date a day or two earlier than the real day.

To change your Facebook profile information, click on the Profile link on the right hand side of your Facebook home page, you can edit all your details from there as shown below. Remember to click Save Changes after making each change and move between the different categories to ensure you’re only sharing what you’ve comfortable with.

Changing your Facebook profile informationSet your privacy
Facebook makes assumptions about what you want to share with your network of friends. This is not always in your interests and you should regularly review what your settings are as Facebook have a habit of changing how the privacy settings work.

To enter the privacy settings, click Account and Privacy Settings as shown below. Once you’re in the Privacy Settings, click on Custom option and Customise Settings. You can then set your details to only be accessible to you or your friends. The following example shows a recommended configuration which may be suitable for you.

Facebook Privacy Settings

Choose your friends
Many people treat Facebook and other social media services as a competition to gain as many friends, connections or followers as possible. This isn’t the point and on Facebook in particular it opens you up to a number of risks.

Once someone is your Facebook friend, they are privy to any information you choose to share and much of what your other friends post on your wall. The main risk is that new Internet is not quite as stable or honest as you thought. By accepting friend requests from people you don’t know you increase the risk of letting risky individuals into your life, your family and your group of friends.

Another danger lies in the Facebook places feature which allows your friends to check you into locations. A malicious “friend” or a practical joke could see you being advertised as having checked into a place you really don’t want to be associated with.

If you decide that is an acceptable risk, then revise the above recommendations on your profile information. If you are promiscuous in who you befriend online then be very careful about the information  shared with them.

Be careful which applications can see you
Facebook applications are one of the reasons for it’s success. These applications – or mini-programs – allow you to play games, enter competitions and sign up with other services quickly.

The proposed change in January 2011 to the information Facebook gives out to application owners would have allowed a lot of your personal information to be shared with third party developers. As it is quite a few of these applications “scrape” information from the various services you subscribe to. A good example is with Twitter where private, non-public, messages can be seen by some of these services.

You should only allow applications to use your Facebook connection details if you absolutely trust them; right now, there are few services people can or should trust.

If you have been allowing Facebook to connect your subscriptions to other websites, then you may want to review who you’ve given trust to. To do this, click Account then select Privacy as shown above. In the Privacy page click Apps and Websites and the page shown below will appear. By clicking Edit Settings you can then delete applications or change what they are allowed to do on your profile.

Facebook Privacy Settings

Despite the risks of stalkers, identity theft and various privacy issues, Facebook is a valuable tool for millions of people who want to keep up to date with their friends, relatives and colleagues. By being sensible in choosing your online friends and what you share with them, it is a great website for keeping in touch with people you might otherwise lose track of.

Similar posts:

  • No Related Posts

Password safety

Taking a layered approach to online security is the best policy

Online news and gossip publisher Gawker Media was hacked last weekend with nearly 200,000 usernames and passwords released to the world.

The Wall Street Journal’s Digits Column tabulated the results and listed the top 50 passwords used by Gawker’s subscribers.

At first view, the reaction is to think what sort of idiot would use a password like 12345678 and would only confirm most IT and security professionals’ view that most computer users don’t protect their online details very well.

But on reflection, is using a weak password on a site like Gawker so bad? Most of the users listed have only created accounts to make a comment on one of Gawker’s websites, they aren’t using their Gawker account for anything vital and should their Gawker account be accessed the only thing the bad guys can do is post under the account name.

So if we assume that most of the 3,000 odd people that used the password 12345678 only do so for “disposable” accounts like the Gawker comments stream, then they probably haven’t risked anything at all.

In fact it makes sense to do so rather than to use a strong password which also happens to be your banking login or work account.

On my IT Queries site we suggest using a layered approach to passwords where services like Gawker, where it doesn’t really matter if the password is compromised, get a simple and easy password while sites where there are serious consequences like your online banking get strong and secure passwords.

We should always keep in mind that accidents do happen and that there are a lot of clever bad guys out there who are keen to exploit weaknesses when they see them. So security mistakes like Gawker’s will occur from time to time. The best we can do is to arrange our security so that when bad luck strikes us, the effects can be contained.

The real moral for all of us from the Gawker password hack is to take security seriously and not to use the same password on every site we visit.

Similar posts:

  • No Related Posts

What the Internet doesn’t know about us

Can the web know all about us? Should we care?

In October 2010 Newsweek’s Jessica Bennett asked the the team behind the Internet service Reputation Defender to find all they could about her.

The results were startling, within half an hour they had found her US social security number and a few more hours digging revealed her address, hometown as well as many other private details.

But ultimately the picture of Jessica’s life was wrong. The team made mistakes about her personal habits, sexual orientation and the time she spends online.

The fact the profile was incorrect shows how difficult it is for computers, or people, to understand an individual based on a series of data points.

Most of us understand that making a generalisation based on single data point – say race, gender, appearance or sexual orientation – is usually incorrect, but when we add more data points things become even more difficult.

Once we get more than one data point, we have to start weighting them. Would Jessica eating at McDonalds twice a week outweigh her exercising every morning in the eyes of an insurance company assessing her risk?

That problem could be called the Google effect where a formula, known as an algorithm, becomes so complex that it becomes bogged down under the weight of its own assumptions as we saw with Tony Russo’s gaming of the search engine’s ranking system.

All of us as are steadily revealing more about ourselves onto the web, whether we know it or not. Every time we like something on Facebook, subscribe to a newsletter or make a comment on a blog post, we are giving a little something about us away on the publicly accessible Internet.

Over time, anyone can build a picture of us. However it may turn out that nobody will want to know about the detailed, complex and multi dimensional portrait each of our lives would be.

As information about all of us becomes more available, we may enter a modern version of the Mutually Assured Destruction doctrine of the Cold War as each of us find that everyone around us has enough information to bring our careers, relationships and status crashing down.

But equally we hold equally damaging data about all our peers as well and to bring anybody down based on this information we have would be to invite the wrath of many others who know about our intimate details.

We may even find that because all of us, being human, have some damaging traits and history that employers, insurers and governments only care when you start hiding them. Today we see this with security vetting procedures which are more concerned about what we hide rather than the specifics of our foibles and indiscretions.

The assumption of those security agencies is that a self admitted gambler, alcoholic or philanderer is a manageable risk while those hiding such secrets from their families and employers are the genuine threat to an organisation.

So we come back to a society where a tacit agreement exists between us all that this dangerous power is only used when someone has acted illegally or hypocritically.

Perhaps that is the future we are heading for, where the Internet knows all but we simply choose not to access it. Which assumes it’s all correct anyway.

Similar posts:

  • No Related Posts

The strange story of the Stuxnet worm

A virus crippling the Iranian nuclear program could affect your business

The tale of the virus infecting Iran’s nuclear program is one of the fascinating stories of the computer world.

Whoever wrote the Stuxnet worm did a spectacular job in bringing together a number of security problems and then using two weak links — unpatched Windows servers and poorly designed programmable logic controller software — to create a mighty mess in the target organisation.

The scary thing with a rootkit like Stuxnet is that once it has got into the system, you can never be sure whether you’ve properly got rid of it.

What’s worse, this program will be writing to the Programmable Logic Controllers the infected computers supervise so plant operators will never know exactly what changes might have carried out on the devices essential to a plant’s operations and safety.

Damaging Iranian nuclear plants

A report on the Make The World A Better Place websites over the weekend indicates the Stuxnet Worm may have damaged the Iranian nuclear reactor program.

The story behind the Suxnet worm is remarkable. It appears this little beast is a sophisticated act of sabotage involving using a number of weaknesses in computer systems as detailed by Computer World in their Stuxnet Worm hits Industrial Systems and is Stuxnet the best Malware Ever articles.

The risk of unpatched systems

One of the things that leaps out is how servers running unpatched systems are an important part of the infection process. The Stuxnet worm partly relies on a security hole that was patched by Microsoft two years ago so obviously the Iranian servers were running an unpatched, older version of Windows.

This is fairly common in the automation industries. I’ve personally seen outdated, unpatched Windows servers running CCTV, security, home automation and dispatch systems. They are in that state because the equipment vendors have supplied the equipment and then failed to maintain them.

These companies deserve real criticism for using off the shelf, commercial software to run mission critical systems that it was never designed to do.

Commercial programs like the various Windows, Mac and other mass market operating systems are designed for general use, they come with a whole range of service and features that industrial control systems don’t need. In fact, the Stuxnet worm uses one of those services, the printer spooler, to give itself control of the system.

Securing industrial systems

These industrial systems require far more basic and secure control programs, a cheap option would be a customised Linux version with all the unnecessary features stripped out. In the case of Siemens, the providers of the PLCs supplied to the Iranian government, it’s disappointing such a big organisation couldn’t build its own software to control these systems.

Business owners, and anyone who has computer controlled equipment in the premises, need to ask some hard questions to their suppliers about how secure supplied computer equipment is in this age of networked services and Internet worms.

Similar posts:

  • No Related Posts