Tag Archives: against

Top 5 Tips to Keep Your Website And Network Secure

imageEvery day, innocent websites are compromised by malicious hackers. Google identifies almost 10,000 malware-infected websites each day, and half of those are genuine websites belonging to legitimate companies. These companies haven’t done anything wrong, but they find themselves blacklisted by Google, and that’s only the edge of the brutal iceberg.

Hackers inject vicious malware into these sites to infect visitors. They confuse and lure users to dodgy websites and they break in and steal important and often sensitive customer information.

It’s a real and constant problem, but there are easy and simple steps you can take to guard against these attacks and keep your site, your network, and your customers safe and sound.

1. Use strong passwords, keep them secure and change them frequently

We all know that we should choose complex passwords, but sometimes laziness takes over and we slack off. This is a crucial mistake. Obviously, you want to choose exceptionally strong passwords for your server and website admin area, because a vulnerable password here is a free ticket for hackers to cripple your site and do untold amounts of damage.

It can be inconvenient to remember frequently changing passwords, but in the end, it’s a simple solution that can save a lot of headaches in the future. It’s also imperative that you enforce good password practices for your users.

Compromised user accounts are a special hell of their own. Demanding that minimum password requirements are met for registration will force users to make smart choices. Insist on eight characters, at least an uppercase letter and a number or special character. It’s a bit of a hassle, but it’s worth it.

Make sure that any passwords are stored as encrypted values. Ideally, you’ll use a one way hashing algorithm like SHA. This method means that during authentication, only encrypted values are ever compared. In a worst-case scenario, if someone hacks in and steals passwords, this will limit the damage.

They can’t decrypt them, and they will be reduced to attempting dictionary or brute force attacks, trying every single combination until a match comes up. It’s time consuming and computationally expensive and just not worth the effort for most people.

Your wireless network password should be seriously strong, and the network should be protected by Wi-Fi Protected Access 2 (WPA2) rather than WEP (Wired Equivalent Privacy). WEP encryption is brittle and hackable in minutes these days and should never be relied upon.

It’s also imperative to ensure that your PCs are well protected against viruses at all times to prevent password theft.

2. Be discreet with your error messages

Make sure your error messages aren’t giving away too much information. If your website requires a login, you should pay attention to how your error messages deliver the message that their login attempt has failed. A quick-and-simple, very generic message such as “incorrect login information” is your best bet.

It doesn’t tell the user if half the query is right (especially not which half!) When a hacker is attempting brute force attacks to gain access to usernames and passwords and the error message identifies one field as correct, that’s valuable information for him. He then knows that he’s halfway there and can concentrate all his attention and effort on the remaining field. Don’t make it easy for them!

3. Keep software up to date

Make sure that you’re consistently and quickly applying security updates to all of your software. From your personal PC’s virus protection, to your server operating system, and website software like content management systems, blogging, forums, and blogging platforms.

Hackers are quick to exploit any known holes and bugs, and you want to get there first. Sign up to the mailing lists and RSS feeds of all your software vendors. They’ll be the first to alert you to any security issues and their solutions. Find out and follow it up.

4. Limit Use of your Administrator Account

Keep your computer’s admin account for installing updates and software, or for reconfiguring the host when you have to. Don’t go online while logged into your admin account. Non-privileged user accounts are not just for guests and visitors: you should have one yourself for everyday use. If you browse the web and read your email with an admin account, you leave yourself open for an attacker to gain entry and access to your host.

5. Ask the experts

You don’t have to do it all on your own. There are good tools out there for monitoring your own website, but not everyone has the time or inclination to stay on top of security 24/7.

It’s possible to find monitoring services for very reasonable prices. These companies will check for malicious activity, give you an alert if your website shows up on a blacklist, scan your site for vulnerabilities, and be there for support and repairs if you do fall prey to a hack.

If you’re dealing with databases of sensitive customer information that are attached to your site, it’s probably worth it to get an expert in from the start, sweeping your code for bugs and building in extra lines of defense from the ground up. For small businesses, companies such as SiteLock and Stop the Hacker offer packages for under $100 a year.

This guest post was provided by Amanda Gareis on behalf of Drexel University Online. Drexel expanded into the online learning sector in 1996 and now offers its recognized curricula to a worldwide audience. Drexel Online offers degrees in Information Science, Information Technology, and Computing and Security Technology. The university also provides an Information Technology Career and Salary Guide resource for those looking to enter the industry.

2 Comments

Filed under Cyber Crime, Education, Guest Writers, Internet Safety

Consumer Watchdog Takes On Google Before The US Congress

image

Google’s Executive Chairman Eric Schmidt, may hold more than a few unsavory views when it come to your privacy – but, he hardly lacks the courage to make them known. His self serving statements are made unafraid, unambiguous, upfront, and in your face.

Despite the fact that Schmidt’s views, and Google’s stated corporate philosophy, oppress the basic human right to be “left alone”, there’s no effort made to hide the megalomaniac drive to strip consumers of any semblance of privacy. The thinking pattern seems to be – you don’t like the new reality – then tough – what are you going to do about it?

Schmidt and Google aren’t calling your bluff – to this point, it appears that you aren’t prepared to do anything about it. It’s little wonder that Schmidt has fearlessly gone on the record with the following statements, justifying Google’s attempt to re-imagine the world (including raping the publics right to privacy), for commercial gain.

 “I actually think most people don’t want Google to answer their questions. They want Google to tell them what they should be doing next.”

“We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”

“Google policy is to get right up to the creepy line and not cross it.”

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

“We (Google) know roughly who you are, roughly what you care about, roughly who your friends are.”

Nice, huh?

Given the unprecedented ability Google has to collect endless streams of data, and correlate that data (much of that ability jealously guarded), I have no doubt, that Schmidt’s bizarre views (from where I sit), are well founded.

Google has set the bar when it comes to Web tracking, and while they effectively control this market, it would be a mistake to assume that they’re the only fly in the ointment. For instance, while reading my local newspaper, I have to agree to being tracked by eleven trackers (not all of then Google) – as illustrated in the following screen capture. Otherwise, selected parts of the page will not respond – reader comments (which I enjoy), for example.

image

I admit, I’m in the minority in recognizing the truth, in that occasionally seen bumper sticker – “Google Is Not Your Friend”. But, I’m far from being alone.

Consumer Watchdog’s, Inside Google, which describes itself as “a nonpartisan nonprofit public interest group, ….. to educate the public and opinion leaders about Google’s dangerous dominance over the Internet, computing and our online lives”, will appear before the US Congress this week as part of a continuing effort to convince legislators to enact “Do Not Track” legislation, regulating how Google, and others, gather, store, and retrieve information about consumers.

Attempts to rein in Google are not without precedent – in a semi-serious attempt to curtail Google’s privacy encroachments – the privacy watchdogs of 10 countries (including the UK, Canada, France, Germany and Italy), censured the company (less than a year ago) for showing a “disappointing disregard” for safeguarding the private information of its users. Expressing “disappointment” in corrosive and creepy business practices is one thing, but getting off their fat asses to take corrective action would have been more appropriate.

Consumer Watchdog, as part of its continuing campaign to hold Google accountable, has just released the third short video in its though provoking “Don’t Be Evil” series, in which “Google Is Not Your Friend”, takes on new meaning.

To view the video just click on the graphic.

image

While the fight to rein in Google might seem unwinnable, those of us who believe that the right to privacy is a “natural right”, and should be recognized as such, realize that pushing back against Google and other privacy predators, who continuously advance the “creep factor”, is an obligation that must be taken seriously.

If you believe that your online privacy is worth fighting for, then join with the “good guys” and become proactive in the campaign to manacle the Google octopus. Visit Consumer Watchdog and sign in, so that your views can have the impact they deserve to have.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

17 Comments

Filed under Google, Opinion, Point of View, Privacy

PC Tools Firewall – A Freebie Worth Having

Free PC Tools Firewall – Casual Computer User Friendly

image

When I installed Windows 7 Beta on one of my home machines earlier this year, I was disappointed to find that I was initially stuck with the Win 7 built-in Firewall which monitors inbound Internet traffic only.

In my view, a Firewall application that does not monitor both inbound and outbound traffic is essentially worthless.

So now I was on the hunt for a free two-way firewall, which would monitor both incoming and outgoing traffic from my Win 7 installation without being overly intrusive. The key here was “without being overly intrusive”. Firewalls that demand attention every 5 minutes drive me crazy!

There are many free Firewalls available, but most of them are intrusive and not really appropriate for casual computer users. Despite the fact I’m not a “casual computer user”, my requirements for my personal machines are similar, in many respects, to a casual user’s requirements.

After a great deal of searching I found PC Tools Firewall, a free application which meets all my needs and then some. Incidentally, I was not alone in my search for a replacement Firewall. In the early days following the release of Windows 7 Beta, search engines were burning up with requests for a free Firewall that was Win 7 ready.

PC Tools Firewall 1

I’ve been running with PC Tools Firewall for a few months, first on Win 7 Beta, and now on Windows 7 RC, and in this short time period I have been impressed with its performance. It installed easily, set up quickly, and has not caused any conflicts with my machine despite my sometimes esoteric running requirements.

PC Tools Firewall 2

The default settings are well thought out, and provide excellent protection for less experience users – and despite the hype put out by the IT industry, most computer user can be classified as having limited system experience.

Experienced users on the other hand, can tinker to their hearts content, customizing and tweaking the application to meet their specific requirements.

Fast facts:

Protects your PC as you are working, surfing and playing.

Protects against Trojans, backdoors, keyloggers and other malware designed to damage your computer and potentially steal your confidential information.

Includes ThreatFire, a heuristic application for additional protection.

Intelligent, automatic protection without all the questions.

Easy to use – designed for both, novice and expert users.

Advanced rules to protect PCs against common attacks.

Inbound and outbound protection.

Simple, user friendly interface.

Free – no catches, limitations or time-limits.

PC Tools Firewall 3

If you are a casual computer user, PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting your expectations.

System Requirements: Windows 7, Vista, XP, 2000 and Server 2003

Download at: PC Tools

Note: While reading the forums in researching other users’ view on this application, I found comments in which the “complainer”, generally people who state that they “know” computers, made the point that this application caused difficulties on their system.

The reality is – if an application makes a computer crash, or causes other difficulties, it’s generally due to improper system settings and not the application. It is true however, that some applications don’t “play well” with certain other applications.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Anti-Malware Tools, Don't Get Hacked, Free Firewalls, Freeware, Interconnectivity, Internet Safety Tools, Networking, PC Tools, Software, Spyware - Adware Protection, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Free PC Tools Firewall – Casual Computer User Friendly

image Way back in 1995 with the release of Windows 95, I had my first experience running a Firewall on a PC, or more accurately, I should say not running a Firewall on a PC.

When I finally did install a Firewall (ZoneAlarm), I was immediately able to spot that my neighbor, a doctor no less (great ethics doc), had penetrated my machine. Since this experience, I will not, and I mean; not for a moment, connect a computer to the Internet without a robust Firewall in place.

Recently, when I installed Windows 7 Beta on one of my home machines, I was disappointed to find that I was initially stuck with the Win 7 built-in Firewall which monitors inbound Internet traffic only. In my view, a Firewall application that does not monitor both inbound and outbound traffic is essentially worthless.

So now I was on the hunt for a free two-way firewall, which would monitor both incoming and outgoing traffic from my Win 7 installation without being overly intrusive. The key here was “without being overly intrusive”. Firewalls that demand attention every 5 minutes drive me crazy!

There are many free Firewalls available, but most of them are intrusive and not really appropriate for casual computer users. Despite the fact I’m not a “casual computer user”, my requirements for my personal machines are similar, in many respects, to a casual user’s requirements.

Luckily, after a great deal of searching I found PC Tools Firewall, a free application which meets all my needs and then some. Incidentally, I was not alone in my search for a replacement Firewall. In the early days following the release of Windows 7 Beta, search engines were burning up with requests for a free Firewall that was Win 7 ready.

PC Tools Firewall 1

I’ve been running with PC Tools Firewall for a few months, first on Win 7 Beta and now on Windows 7 RC, and in this short time period I have been impressed with its performance. It installed easily, set up quickly, and has not caused any conflicts with my machine despite my sometimes esoteric running requirements.

PC Tools Firewall 2

The default settings are well thought out, and provide excellent protection for less experience users – and despite the hype put out by the IT industry, most computer user can be classified as having limited system experience.

Experienced users on the other hand can tinker to their hearts content, customizing and tweaking the application to meet their specific requirements.

Fast facts:

Protects your PC as you are working, surfing and playing.

Protects against Trojans, backdoors, keyloggers and other malware designed to damage your computer and potentially steal your confidential information.

Includes ThreatFire, a heuristic application for additional protection.

Intelligent, automatic protection without all the questions.

Easy to use – designed for both, novice and expert users.

Advanced rules to protect PCs against common attacks.

Inbound and outbound protection.

Simple, user friendly interface.

Free – no catches, limitations or time-limits.

PC Tools Firewall 3

If you are a casual computer user, PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting your expectations.

System Requirements: Windows Vista 32-bit, XP, 2000 and Server 2003 – As previously mentioned, I’m currently running on Win 7 RC 32-bit.

Download at: PC Tools

Note: While reading the forums in researching other users’ view on this application, I found comments in which the “complainer”, generally people who state rather magnificently that they “know” computers, made the point that this application caused difficulties on their system.

The reality is – if an application makes a computer crash, or causes other difficulties, it’s generally due to improper system settings and not the application. It is true however, that some applications don’t “play well” with certain other applications.

12 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, Free Firewalls, Freeware, Interconnectivity, Internet Safety, Networking, Online Safety, Safe Surfing, Software, System Security, Windows 7, Windows Tips and Tools

AVG Anti-Virus Free 8.0 Released – Now With Anti-Spyware Protection!


AVG Anti-Virus Free 8.0, for personal use only, which now incorporates protection against spy ware through a new combined anti-virus and anti-spy ware engine has just been released and this latest version of the popular free anti-virus tool is now available for download.

According to the developer AVG Free provides basic protection against viruses and spy ware as well as a “safe-searching component” which has been incorporated into the new AVG Internet Security Toolbar.

It’s important to note however, that the free product does not include the proactive safe-surfing (“drive-by download” protection) of the full LinkScanner module, nor protection against hackers, keyloggers, spam, phishing attacks, and malicious file downloads that is included in the commercial AVG product.

Karel Obluk, chief technology officer at AVG Technologies states “With the release of AVG Free 8.0, we are underscoring our belief that all computer users, regardless of their computer usage needs, have the right to a safe and worry-free computing experience.”

Noble sentiments perhaps, but the downside to the release of AVG Anti-Virus Free 8.0 is AVG’s free standalone Anti-Spyware and Anti-Rootkit applications are being discontinued; bad news for those of us who prefer standalone solutions rather than prepackaged suites.

Since it is too early to provide a definitive, comprehensive review of the strengths and weaknesses of this product, various user forums have been polled in order to get a relative feel for the opinions of early adopters. On balance the results have been mixed, with the most common complaint being mediocre detection rates and slow on demand scan times. On the upside, most users seem to like the newly designed GUI.

For those users who rely on AVG’s free products for basic system protection, this new version is likely to continue to meet your basic needs.

Requirements: Windows 2000, XP or Vista.

Download at: Download.com

14 Comments

Filed under Anti-Malware Tools, Freeware, Internet Safety, Safe Surfing, Software, System Security, System Utilities, Utilities, Windows Tips and Tools