Monday, November 29, 2010

Cyber Monday: Beware The Malware


It's the Monday after Thanksgiving and you're sitting at your work computer suffering from food coma. Too bloated to get any real work done, you decide to do something that doesn't occupy too much of the brain--online Christmas shopping.

There's more at stake here than the cost of shipping and handling, though. First off, your boss probably doesn't want you to be surfing Amazon when you have spreadsheets to complete. Secondly, you could be opening up the corporate network to malicious hackers during what is known to be a particularly risky period.

Scammers are ready for unsuspecting online shoppers to be hunting for holiday bargains that hit on what has become known as Cyber Monday (given that more than 40 percent of you will be buying holiday gifts online, according to this survey). There will no doubt be malware hiding on retail sites, fake sites created just for distributing viruses and Trojans, and e-mails with malware-laden attachments and links leading to nastiness.

Once inside the corporate network, the malware can easily spread to other computers in the company and leave back doors that can be used later for nefarious purposes, putting corporate data at risk.

Unless a company forbids Web surfing on company time and uses software to monitor and enforce the policy, there is little recourse once workers start browsing. IT departments should do what they can to protect the networks before then, by using the most up-to-date spam filters and anti-malware software and adjusting the enterprise Internet settings to alert users when a program attempts to download something.

Communication is key, too. Corporate IT personnel should consider sending an alert to remind employees of the dangers and to report suspected malware downloads, advises Adam Chernichaw, a privacy expert and partner at the law firm White & Case. Also, they should tell employees to not click "Agree" or "OK" to close a window, but to click the red "X" in the upper corner or press "ALT + F4" instead.

Employees should practice safe browsing. CNET contributor Lance Whitney wrote about some general tips for Web surfers from Webroot, including typing URLs in directly instead of following links and keeping a close eye on PayPal and other payment accounts.

Be careful of electronic greeting cards, because they are an easy way to trick people into downloading malware. Verify that the merchant or site a greeting card is sent from is legitimate, warns the United States Computer Emergency Readiness Team, an arm of the Department of Homeland Security. If you get an e-card from someone you don't know, be suspicious. You can always ask friends in an e-mail to confirm that he or she sent you something.

If you are buying gift cards online, only shop at reputable retailers and not through online auction sites, says the National Retail Federation. Gift cards sold through online auction sites may be counterfeit or stolen and once you buy it it's yours. The group has more online shopping tips on its Web site.

And for people wanting to donate to charity, the U.S. Federal Trade Commission has a charity checklist with tips such as asking groups seeking donations for more information about who is behind the operation, being wary of charities that spring up overnight in response to disasters, and not sending cash or donations.

Web searches can be dangerous any time of year as scammers use search engine optimization tactics to lure people to their sites. But holiday shopping online presents an attractive pool of potential victims. Be extra cautious when doing searches related to "holiday sale" and "Christmas specials" during this time of year.

F-Secure has compiled a Holiday 2010 Cyber-Watch List of popular search terms that are expected to be used by scammers to poison search results, which features "Kinect for Xbox" and "Call of Duty: Black Ops" at the top.

And make sure you don't do too much shopping at work or you'll instead be online checking out the job wanted ads.


Read more: http://news.cnet.com/8301-27080_3-20023728-245.html#ixzz16iEVo8Aj

Monday, November 8, 2010

Guide For Teen-Proofing Facebook Released


If you are a parent and you want your teen to be able to use Facebook without either of you having to worry that your child is sharing too much personal information, there's a new resource that can help.

A "Parents' Guide to Facebook," being unveiled today, offers hands-on, step-by-step instructions and illustrations, as well as information on safety, privacy, and reputation protection; and it covers the use of Facebook on computers and cell phones. It also offers specific recommendations for configuring privacy settings, noting that the default Facebook settings are not as privacy protective as they should be, even for adults.

The guide is being debuted at the fourth annual Family Online Safety Institute conference by the iKeepSafe Coalition and Connect Safely, a project of the nonprofit Tech Parenting Group. (CBS.com contributor Larry Magid of SafeKids.com is a co-director of that group.)

Facebook also has its own Safety Center, launched earlier this year, that provides information geared toward parents and teens.

The guidance will no doubt be a welcome resource for parents who have trouble keeping up with their teens' activities, both online and offline. A recent survey found social networks are not doing enough to protect teens' privacy. The guide may even help teens avoid the mistake one girl made recently when she accidentally invited thousands of strangers to her private house party.


Read more: http://news.cnet.com/8301-27080_3-20021992-245.html?tag=mncol;title#ixzz14jahVRh9

Monday, November 1, 2010

Adobe: Flash, Reader Hole Used In PDF Attacks


A new critical vulnerability in Flash and Adobe Reader and Acrobat 9.x is being exploited to attack computers running the popular PDF viewer software, Adobe warned today.

Adobe is not currently aware of attacks targeting Flash Player, the company said in a blog post.

The bug is in Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux, and Solaris, and Flash Player 10.1.95.2 and earlier for Android. It also is in the authplay.dll component in Reader 9.4 and earlier 9.x versions for Windows, Mac, and Unix, and Acrobat 9.4 and earlier 9.x versions for Windows and Mac. The component renders Flash content in the PDF viewer.

Adobe Reader and Acrobat 8.x and Reader for Android are not impacted by the flaw, the company said.

The hole could be used by an attacker to take control of the system. In the existing attacks, a Trojan is being dropped onto victims' computers that steals sensitive data and loads other malware, according to ThreatExpert.

Adobe is working on a fix and expects to provide it in an update for Flash Player by November 9 and an update for Reader and Acrobat 9.x during the week of November 15.
Workarounds are included in this security advisory.

This afternoon, Adobe issued a fix for a hole in Shockwave Player that was disclosed last week. Earlier this month, the company plugged 23 holes in Reader and Acrobat, including two being used in attacks.

The company is adding sandbox technology designed to add more layers of protection to the next version of Adobe Reader, Reader X, which is due out by mid-November.

Updated 12:50 p.m. PDT with Adobe releasing fix for Shockwave Player hole.


Read more: http://news.cnet.com/8301-27080_3-20021055-245.html?tag=mncol;title#ixzz144Imxx00