A few ideas about
it security
of XP, windows 2003, Linux or MacOS.
Before connecting to the internet, use a patched machine to download ALL the service
packs, and patches for your operating system. Don't even think about going online
before doing that. Especially if you're running windows, or a default installation of Linux.
The average time before a windows machine is infected by malicious code is down to minutes.
What people need to realize is that you don't have to be using the internet with an internet application, such as Internet Explorer, Outlook, Skype, Firefox to get unwanted code. You are litteraly surrounded by infected machines the millisecond you receive your first packet.
Why is that?
Well, the malicious code, (read worms, trojans, viruses, spyware) is spread
automatically, by other infected machines. The code looks for known and unknow
vulnerabilities on different ports and services, and tries to automatically exploit
a service and transfer and transfer a bunch of code. This technique has proven
to be very successful, as it works day and night, without any human behind the
keyboard. The code writer, can just sit down and play quake, and wait until
he has enough hosts to use for another purpose. He might use your computer
to attack other "enemies" on his favourite IRC channel, or if he or she is a
disgruntled ex employee, he might run a DDoS attack against his ex companies
website. The source address will be yours!.
Something else that bothers me, is that users seem to belive that as they don't
use their credit cards online, or buy anything for that matter online, that they
are safe. Well, if you leave your CV with and personal info, such as your social
security number you might be targeted for identity theft instead.
The scariest I have read so far, Is about a fella online poker player. He had his
machine hacked, and the attacker gained unauthorized access to his webmail account.
The attacker must have figured out a way to reset the targets poker client password.
It's usually only a matter using a form on the poker site, and click forgot my password.
A brand new password will be generated and e-mailed to the players e-mail account.
Bah!
From there he got robbed, as the attacker transfered his bankroll of $67.000 USD.
Yes, sixty-seven thousand dollars US. That quite a sum of money to lose this way.
I haven't read any follow up on this case, but the forensic team should be able to
catch some info about the attacker. It all depends on how sophisticated the attackers
was in cleaning up the digital evidence. What's for sure, is that it will take time
for the poor guy to get his money back, if he ever will. I'm not a lawyer, and I must
admit that I haven't read the fineprint agreement before signing up for a poker site.
I doubt they will compensate him though.
So fella bloggers, poker players, people, do that little extra work and patch your systems
off-line. It will be worth it.
Technorati Tags:
it security, identity theft, client security, poker, webmail, patch, hotfix
Countermeasures:
1) Patch and update your system, most of the system has a built in function for automatic update.
2) Issue an extra card, with a low credit limit, or just transfer the amount that you are going to shop for, from your bank account. Some banks can even issue a new card number everytime you want to go online shopping.
3) Check out password safe for keeping your pin codes encrypted and much safer that in word document.
PasswordSafe Open Source project
