Saturday 19 June 2010

A little peace of mind for free......

Inspired by the link: https://www.eff.org/https-everywhere


I have just installed the HTTPS everywhere Firefox plugin (linked above), and I have to say, what an awesome idea. It has never really sat well with me that certain web sites (Facebook, twitter etc) default to a non-encrypted (http) page, which means any data you enter into these sites is transmitted over the Internet in clear text (readable).


There is a downside, in the form of third party domains without support for https (encryption). For example, advertisements. Adverts tend to come from other web sites to the one you are looking at, which brings its own problems and annoyances (i'll cover this at a later date). However, this shouldn't detract from the value of this plugin. I've installed it and, barring any compatibility problems in the future, it will be staying.


So, if you are strict on your Facebook privacy settings, don't want anyone knowing your Google searches (apart from Google.....) or are wanting to add that little bit more peace of mind, install Firefox (if you aren't already using it) and use HTTPS everywhere. As the Beatles once sang "I'd give you everything for a little peace of mind". Everything may be a little too much in this case, but a little peace of mind for free has to be a good thing.



Tuesday 1 June 2010

Oooh, Bob sent me a link.......

Inspired by the link: http://www.sophos.com/blogs/gc/g/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/

"Don't click links you don't trust". This has been the mantra of I.T. security professionals since time began (was there a time before emails?). But what if the link comes from (or at least appears to come from) a friend? Unfortunately there is no easy answer.

Bad guys know how you think, and know the ways to entice you into clicking a link. But if a friend has recommended it, then it must be OK?........
Not all the time. The bad guys know how to spoof emails, know how to use "hacked" social networking accounts and send the malicious link to the entire friends list, and many other tricks to get the highest possible hit rate on these malicious links. So what can you do? A few simple steps can dramatically reduce the risk.....

1. Keep your Operating System (OS) up-to-date with the latest security patches. - Most modern day OS' allow configuration of automatic updates, which will require minimal user interaction. Windows users (most people who are reading this I assume use Windows), can browse to http://windowsupdate.microsoft.com/ for assistance setting up automatic updates.

2. Keep your web browser up-to-date. - Newer versions of your favourite web browsers have been developed with more security in mind.

3. Keep your antivirus up-to-date. - With new malware seemingly being discovered every other minute it is imperitive to keep antivirus products up-to-date with the latest definitions etc. Most will ask you to configure automatic updating when you install it, DO NOT SKIP THIS STEP!!! Please :D

4. Check a links destination before clicking. - It is trivially easy to "hide" a links true destination. If you hover your mouse cursor over the link, WITHOUT CLICKING, the real destination can be observed. (In the bottom left hand corner of your web browser is the usual place).

5. Use your instinct. - If it doesn't feel right, don't click it. Taking a few minutes to email or message the person asking if they have really sent the message could save you hours (or even days/months!) of work attempting to rectify any damage. Use yourself as the first line of defence, computers will always have security holes, being aware of this can save you.

Comments and questions are always more than welcome.

On a side note, it seems my son knows the perfect way to keep safe online....














Eat the device connected to the Internet! Such a wise head on those young shoulders :)