February 2010 - Posts

Symantec is warning in advance of potential fraud as the official census activities start during March.  Please be careful in giving out any personal information and only do so directly with the US Census.

US Census 2010 - Be careful of online Fraud
http://www.symantec.com/connect/blogs/us-census-2010-don-t-be-counted-victim-online-fraud

QUOTE: The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off.

Please use OFFICIAL CENSUS SITE as a resource for safety
http://2010.census.gov/2010census/index.php

 

Lightning A new rouge security product designed to scam users for money is circulating with a user interface that is designed to look like MSE. 

Beware Fake Security Essentials
http://blogs.pcmag.com/securitywatch/2010/02/beware_fake_security_essential.php
http://blogs.technet.com/mmpc/archive/2010/02/24/if-it-calls-itself-security-essentials-2010-then-it-s-possibly-fake-innit.aspx

QUOTE: I've always wondered why more rogue antivirus products don't just clone the UIs of legitimate ones and claim to be them. One has taken a small step in that direction: "Security essentials 2010," identified by the Microsoft Malware Protection Center, doesn't actually use the name "Microsoft," but merely tries to trade on the name of the free Microsoft product.

Please only obtain MSE from here:
http://www.microsoft.com/Security_Essentials/

 Lightning A new approach tricks users into developing unique Facebook malware attacks using instructions provided by a website. While Facebook security is improving and can take down common network attacks, it is challenging to handle those uniquely customized by users.

New Facebook Attack Tricks Users Into Creating Apps
http://blogs.pcmag.com/securitywatch/2010/02/new_facebook_attack_tricks_use.php

QUOTE: Websense Labs has identified a new malicious Facebook app that takes the art to a new level.  Conventional malicious apps can be taken down by Facebook as soon as they know about them. In order to get past that ability, this social engineering trick talks users through the process of building new app themselves.

 Chile Earthquake - Be careful of malicious sites

Please be careful of email or web based malware attacks. Please only contribute to trusted mainstream sites and obtain news from offical sources.

Search Engine Poisoning: Chile Earthquake
http://isc.sans.org/diary.html?storyid=8317

Quote - Malware writers engaged in search engine poisoning. Search Google for "Chile Earthquake" and you will find a number of malware site on the first page.

 Person Person Person I've downloaded the full 108MB version and there is a tremendous amount of information to explore. In the past, I've seen measured improvements when Security Awareness was a focal point in a company's protective plans for their IT resources.  There is both a technology and people side to successful security strategies and implementation.  

Microsoft Security Awareness Toolkit
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4a4cf17c-c694-49d9-97bb-724e0ae55db1&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm

Microsoft Security Awareness Toolkit - All Content.zip (108.0 MB)

Microsoft Security Awareness Toolkit - Development and Delivery.zip (21.9 MB)
 
Microsoft Security Awareness Toolkit - Example Awareness Campaigns From Microsoft Information Security.zip (87.4 MB)
 
Microsoft Security Awareness Toolkit - Planning.zip (5.2 MB)

 
QUOTE: Information security awareness and training is critical to any organization’s information security strategy and operations. People are in many cases the last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. Microsoft offers the security awareness toolkit to help organizations plan, develop, and deliver a successful security awareness program. The kit includes a planning guide, templates, pointers to material can that can help speed the development of a security awareness program, a sample general security awareness presentation that can be modified and tailored to any organization, material to help articulate the value to peers and managers, and three example awareness campaigns from Microsoft Information Security.

 

Companies and individuals will truly enhance their web security by moving from IE6 to the latest version of Internet Explorer.  As noted in the article, many users are unaware of the benefits, as some IE6 security exposures will never be addressed and are a conduit for spyware attacks.  Small companies may lack technical expertise in making this transition.  They may not want to spend time and costs upgrading.

Patch management and staying on the latest service packs and product versions are best practices, that help users stay secure. Moving to IE8 would allow greater protection for malware related attacks.  Users can also enjoy the more modern browser framework and functionality as well.

Why You Can’t Pry IE6 Out Of Their Cold Dead Hands
http://itexpertvoice.com/ad/why-you-cant-pry-ie6-out-of-their-cold-dead-hands/

QUOTE: Let’s start with the not-so-surprising reasons to hang onto IE6. The most obvious is that some companies are slow to update or adopt any technology. You and I could probably share plenty of horror stories about businesses that insist on using the oldest equipment and software around.

“Many small and medium businesses have no clue when it comes to keeping their systems secure. I have found so many systems with expired anti-virus because the business owner either did not want to pay for more anti-virus or did not even know that it was expired.”

In other words, user ignorance is a prime issue. But so is the reluctance to upgrade. “There are still companies that still have some systems running versions of Windows older than Windows XP, which are also extremely insecure,” Jim added. “If later versions of IE break applications that just means that they are using insecure applications and the applications should be replaced.”

 

P2P networks opens up PCs or corporate networks so that data on these systems can be transported as noted below.  Strong corporate policies and monitoring are needed to prevent this exposure.

FTC warns 100 companies of P2P Data leaks
http://www.ftc.gov/opa/2010/02/p2palert.shtm

QUOTE: The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks.

Peer-to-peer technology can be used in many ways, such as to play games, make online telephone calls, and, through P2P file-sharing software, share music, video, and documents. But when P2P file-sharing software is not configured properly, files not intended for sharing may be accessible to anyone on the P2P network.

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ license and social security numbers--the kind of information that could lead to identity theft,” said FTC Chairman Jon Leibowitz. “Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure

 

 Idea Below are some of the coming new features for Office 2010 that have been announced by Microsoft.

Microsoft Office 2010 Beta - Top Ten improvements
http://www.microsoft.com/office/2010/en/whats-new/default.aspx

QUOTE: Microsoft Office 2010 offers rich and powerful new ways to deliver your best work at the office, home, or school. Grab your audience’s attention and inspire them with your ideas visually. Create results with people at the same time and stay connected to your files across the town or around the world.1 With Office 2010, you’re in control of getting things done and delivering amazing results according to your schedule.

1. Express your ideas more visually with improved picture formatting tools
2. Improved Collaboration and publishing controls for team oriented projects
3. Microsoft Office Web Apps and Mobile 2010 to stay more current and respond quickly when out of the office
4. New data analysis and visualization features in Excel 2010. The new Sparklines feature delivers a clear and compact visual representation of your data
5. Insert and customize videos directly in PowerPoint 2010
6. Compress your long e-mail threads into a few conversations that can be categorized, filed, ignored, or cleaned up. 
7. Store and track all your ideas and notes in one place with OneNote 2010
8. Broadcast your PowerPoint presentation to a remote audience, whether or not they have PowerPoint installed.5 The new Broadcast Slide Show feature allows you to share your presentation through a web browser quickly without additional set up.
9. Microsoft Office Backstage™ view replaces the traditional File menu to give you a centralized space for all of your file management tasks, such as the ability to save, share, print, and publish.
10. Enjoy the freedom of using Office 2010 from PCs, Smartphones, and Web browsers on the go

Idea Even though I just turned 55 in January, I'm still 16 at heart.  Thus a spirit of continuing education and professional development are important in our careers.  In the IT world, it's important to keep pace with new developments as the technologies I started with in the early 1970s are now obsolete.  The key for success is to not get too set in our ways, so that we sustain our worthwhileness to our current employer or any potential new employer in the future. In other words, we need to "keep on keeping on"

Job Interview Tips for older candidates
http://moneywatch.bnet.com/career-advice/article/job-interview-tips-dont-act-old/395774/

QUOTE: In today’s workplace, being over 40 is unfortunately equated less with being wise and experienced and more with being potentially out of touch and unable to learn new tricks and technologies. And in a job interview, which is all about convincing your potential employers that you can contribute and thrive, being perceived as old in those stereotypical ways can be the kiss of death.

1. Don’t play the wisdom card
2. Drop the corporate formality
3. Stay away from the slang
4. Don’t be an ageist
5. Drop the name-dropping
6. Stifle the unsolicited advice
7. Don’t get too personal
8. Nix the negativity
9. Delete the jokes about how flummoxed you are by technology
10. Don’t smirk at the vision thing
11. Don’t fear the niceties

The winter of 2010 has been tough in the eastern USA. I've finally upgraded all my PCs with Firefox 3.6 which offers improved performance.  The Personas style themes are neat and like the "Try it" preview mode offered. 

Mozilla Firefox 3.6 new features
http://www.mozilla.com/en-US/firefox/
http://en.wikipedia.org/wiki/Mozilla_Firefox

Mozilla Personas Theme Libraries
http://www.getpersonas.com/en-US/gallery

QUOTE: Version 3.6 was released on January 21, 2010. This release uses the new Gecko 1.9.2 rendering engine. New features for Firefox 3.6 include built-in support for Personas (toolbar skins), notification of out-of-date plugins, full screen playback of Theora video, support for the WOFF open webfont format, more secure plugin system, and many performance improvements.

 Kim Komando - Stay safe when banking wirelessly

Kim Komando provides sound safety advice in clearly understandable terms. Banks must use SSL (https) style encryption and it's important for the customer to use strong passwords and WGA2 (or at least WGA) encryption on a malware-free system.

Kim Komando - Stay safe when banking wirelessly
http://www.komando.com/tips/index.aspx?id=8245

QUESTION: Is it ever safe to bank online with a wireless connection? We heard a recent show regarding wireless security, which was perfect. But we wanted to be sure about financial transactions. By the way—your show is awesome. My husband and I love it! —Kathy in Austin, TX, listening on KLBJ 590 AM/99.7 FM

ANSWER: You can't be too careful these days. Computers and the Internet are mysterious to most people. Often, crooks know far more than potential victims. Wireless just throws more confusion into the mix. Without protection, you're putting your data up for grabs. Of course, security makes a big difference. Done properly, you're safe with wireless.

 Broken Heart  Broken Heart  Broken Heart  AVERT Labs warns to be careful in handling email, greeting cards, screensavers or website searches.

Valentine’s Day Searches Lead to Malware
http://www.avertlabs.com/research/blog/index.php/2010/02/10/valentines-day-searches-lead-to-malware/

QUOTE: 5, 4, 3, 2, 1…malware! ... It’s like clockwork, ain’t it? A popular holiday–such as Valentine’s Day–approaches and malware authors and cybercriminals ready for it. I have done some Valentine’s Day searches for poisoned terms and found some nasty ones very quickly. Screensavers and ecards are always popular ...

This master menu provides support and training links by product for the new Office 2010 beta.

Microsoft Office 2010 beta - Support Links
http://officebeta.microsoft.com/en-us/support/getting-started-with-microsoft-office-2010-FX100996114.aspx
http://officebeta.microsoft.com/en-us/support/

This article discusses the need to be careful with themes and especially those who become followers of your Facebook, Twitter, or Myspace accounts. While Farmville as a theme is malware free, not all followers may be safe to interact with and could be looking to steal personal information.  The theme may cause users to become careless as points build up and users should be careful to keep private information secure.

CSO - Inside Farmville's Sinister Underbelly
http://www.computerworld.com/s/article/9153159/ShmooCon_Inside_FarmVille_s_sinister_underbelly
http://www.csoonline.com/topic/41516/Application_Security

QUOTE: You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace.  The sad fact is that these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming. And the more you expose yourself, the bigger the target you become.

Please be careful with email and web searches

Various Olympics Related Dangerous Google Searches
http://isc.sans.org/diary.html?storyid=8239

QUOTE: We have received reports about the (sadly expected by now) search engine poisoning for various Olympics related terms.

More Posts Next page »