Posts Tagged ‘Security’
Social networking websites are one of the fastest growing website genres on the internet. Facebook, Myspace, Twitter, etc. Connect, chat, and let people know what you are doing with just a click of the mouse or punch of the cell phone button. This is “the thing” to do nowadays, the way we keep in touch. With this easy of communication comes the possibility of exploitation. Today we are going to talk about the possible safety hazards of letting your guard down when socially networking via the internet.
There are a couple of set-in-stone ground rules that everyone needs to know about social networking websites. Let me share with you the same information I tell most of my clients:
• Social networking websites themselves are generally safe; The content people put on them, however, may not be. It is the human element you need to worry about.
• Always remember that any content you post on the internet will be there forever, for anyone to read, store, and republish
• Just because the screen says your friend John has sent you information doesn’t mean John is actually the person who did
• If it doesn’t “seem right” it probably is not right
• Things free or too good to be true, are. Just like in the “real world.”
Now that we are armed with those rules, let us run through a few possible scenarios. For instance, you hop onto a popular networking site to update your status and you see you have a message from your friend. We are talking about someone you know but does not frequently message you. You open the message and there is a link to what is described as a ‘cool video’ or some super-duper product that you should “check out.” The link doesn’t work, or for whatever reason it doesn’t seem to work. Or perhaps it is such as stupid thing you are wondering why your friend was even wasting your time. “No biggie” you may think. A week later, however, you find that you are getting popup ads left and right and your computer is slowing down.
What happened? Well your friend probably had a virus or spyware infection that spreads itself via sending messages to everyone who his is ‘friend,’ telling them to click on the link. When the link is clicked the spyware is installed. (Please remember that antivirus and antispyware programs are not always 100% effective) The spyware has been watching what you are typing, trying to steal credit card numbers, or otherwise is up to no good. Bam, you’ve been socially hacked.
Another scenario popping up lately involves micro-blogging websites. One of the most popular is Twitter. (Micro-blogging is posting status updates or information in only one to two sentences). There are several excellent micro-blogger humans out there reporting everything from celebrity updates, news hot off the press, and even your latest television show character developments.
However, there are also those micro-blogging accounts where it seems that some “person” is following the status updates of 5,000 people yet only 10 or 20 people are following them. This seems odd…who has the time to follow 5,000 people yet is not popular enough to warrant anybody ‘following’ what they are doing? Yet this random person just ‘followed’ or ‘added’ you to the list of people they listen in on? Weird! So what in the world is going on?
Well, it is completely feasible that this person is waiting for you, and the 5,000 other people, to post something that could be personally identifying. Maybe you don’t post revealing information all at once. Perhaps without realizing it you do it over the course of months. Like pieces of a puzzle to be assembled into a greater picture at a later time. Maybe you uploaded a photo revealing your address or house number in the background of your family picnic? Did you post something with your name on it, or tied to your name like the picture of the new car you bought? Did you just update your status about the burger joint on the corner of Main St and how you are eating there?
Believe it or not just with that simple information above a person can cause you a big headache. For example: With that house number, nearby the burger joint address, the make/model of your car or license plate number in a picture (and personal information tied to this plate number), or anything else you posted, someone could do something as simple as fill out a credit card application in your name. With the free credit card application they stole out of your mailbox. Or perhaps they could use this information to impersonate you in other ways. Ick, who the heck needs that sort of trouble!
That whole scenario seems like a lot of trouble for someone to go through, but it really is not that hard. There are freely available programs on the internet that can scour social networking websites for certain keywords multiple times per hour. When they hit upon this keyword, the program marks that post for future review by human eyes. That person who was following you now has all the information they need from your three months of blogging posts to paint an excellent picture of you. They could possibly step into your shoes if they wanted to.
So what can you do to protect yourself? Remember the set-in-stone rules I mentioned above. What appears to be, may not be true. Ask your friend you do not speak to often if they really sent you a funny video about a cat climbing the Christmas Tree before you open the message and follow the link.
Do not post anything on the internet you wouldn’t want someone to see no matter how innocuous it seems to be. Personally identifying information such as license plate numbers, house numbers or other addresses, specific names, how you went to Johnny’s High school and still live in the same town…things like that. Remember that this information is stored somewhere, likely in multiple places, for almost all eternity. Information can be used like pieces in a puzzle to paint a bigger picture of you.
Do not accept “friend requests” from people you do not know. Do not allow people to “follow” you if you do not know who they are. If you are unsure as to the authenticity of the person on the other end, ask them a piece or two of personal information that only the true person would know. Watch your children and make sure when they are on these social sites that they adhere to your rules and guidelines.
Trust your gut feeling. When a scenario seems odd it could mean someone is up to no good. In addition, remember when you cannot see the person on the other end of the internet connection you have no proof they are who they say they are.
I truly hope this information helps steer you towards trouble-free social waters. The internet is certainly an awesome way to connect and stay in touch at the speed of light. We need not be afraid of the web, but we do need to respect the power it can have over us if used incorrectly.
Now I think I will go post on Twitter that I have finished writing this blog…
With WiFi hotspots popping up in all kinds of places, Geek Squad returned to the lab for a “next-gen” holiday gift. Now “Secret Agent Santas” will take WiFi technology to the next level, releasing WiFi hotspots from the electrical outlet through the use of high-speed USB modems and battery-powered routers.
Beginning today, select Agents in Atlanta, Chicago, Los Angeles, New York, and San Francisco will become “Secret Agent Santas,” providing free Internet access wherever they are. “Secret Agent Santas” will help people stay connected on the final leg of this holiday season on trains, in parks and at a multitude of other locations. WiFi’d Agents will be easily recognizable by their non-uniform holiday headgear – a light-up red and white Santa hat with LEDs around the brim.
Civilians are encouraged to take advantage of the free internet service and speak with the Agents about any technology problems or questions they might have. Select Geekmobile® vehicles in Atlanta and San Francisco also will be set up to provide service.
“Free WiFi has made staying connected easier and increased the usefulness of laptops, smartphones and other hand-held devices,” said Geek Squad Agent Ismael Matos. “By creating these roving hotspots, we’re providing an even greater level of service. Need WiFi on an ‘L’ train in Chicago? We can help. Want us to park six Geekmobiles at an Atlanta football game so you can tailgate and stay connected? We can do that too.
“To serve the greatest number of people, these hotspots will not be password protected,” continued Matos. “We recommend that civilians not conduct any particularly sensitive work as a result. Check sports scores but not bank accounts.”
WiFi’d Agents are a gift that keeps on giving; rolling out this holiday season, the service will continue indefinitely. Keep an eye out for specially marked Geek Squad Agents and open hotspots named “Geek Squad.” And if you have any WiFi location requests, please visit Geek Squad Intelligence (http://www.geeksquad.com/intelligence/) and leave us a comment.
Language was shortened long ago for ease of Instant Messaging. So when text messaging became popular, people were already armed with ‘c u l8r’, ‘IDK’, and ‘BRT’ (or “see you later”, “I don’t know”, and “be right there” for proponents of the Queen’s English). This computer lingo comes in handy now that social networking sites, like Twitter, are designed for short and succinct updates.
But what if you wanted to Twitter a link to my epic blog about using secure passwords? As you may know, Twitter updates are capped at 140 characters. The full address of my post is:
http://www.geeksquad.com/intelligence/blog/use-halibut-to-protect-your-identity/#more-474.
Not only is that hard to type, but it weighs in at 89 characters. This only leaves you 51 characters for the remainder of your tweet. When it comes to Twitter updates, space is at a premium.
Enter the URL shortening services. After TinyURL.com was launched in 2002, there have been numerous other sites with a similar spin, such as snipurl.com, is.gd, and bit.ly. By using their services, the large unwieldy URL above is rendered as http://tinyurl.com/yjclqts . Much easier on the thumbs, and it gives you more space to write glowing praise about the link in question.
The problem is, as with anything on the Internet, you find people with malicious intent looking to use URL shorteners to their advantage. Firewalls, anti-virus software, anti-spyware software, and phishing scanners are great, but if you click a link that goes directly to a malicious site, often there isn’t anything security software can do about it. You may think you’re following a friend’s link to a story about the release of Windows 7, and end up at a site with adult content or a site with the intent to infect your computer with a virus.
Some of the shortening services have instituted a preview system; for example, if you were to enter http://preview.tinyurl.com/yjclqts, the tinyurl site will tell you what the link points to. But for those sites that don’t have a preview system, or if you don’t want to retype all of them, there are a few ways to make sure you don’t end up someplace you’d rather not be.
There are add-ons, which are programs you can download for Firefox and Internet Explorer, which check the shortening site and report back to you the expanded URL, and then giving you the option of clicking on it or not. Longurl.org is a website that you can go to where you can copy and paste the shortened URL, and it will report back the full link.
So while sometimes your friends may just be trying to hit you with the most viral Internet prank of all time, other times you may find something far worse than Rick Astley on the other end of that link.
If you’re looking for some of these add-ons, go to http://snipurl.com/sikhj for Firefox or http://bit.ly/3RD3sP for Internet Explorer.
In order to protect yourself it’s important to understand how a phishing attack occurs. Phishing basically comes down to this: An identity thief composes an email that looks official and sends it out to a huge lists of emails that may be either generated by a computer or obtained by other sources. This official looking email ends up in your inbox and usually prompts you to do something like re-verify personal information, like your email address and password. There may be a link in the email that appears to take you to a legitimate website.
So how do you know if an email is a potential phishing attack? Most legitimate institutions that contain sensitive information will never send you an email and ask you personal questions. This includes banks, email services, internet service providers and stock traders. As a matter of fact, many times you’ll notice legitimate businesses attach a clause at the end of them email which reads: “we will never ask for your personal information.”
When in doubt, pick up a phone. Don’t call a phone number listed in the email, either. Use the good old yellow pages or as a last resort hit up a search engine for contact information. There is no substitute for a live human being on the other end of the line!
One of the most popular questions I receive in the field from the usually upset customer who has been affected by this is “why??” Well honestly it usually comes down to monetary gain. Eventually someone somewhere is getting money in the end. The persons responsible for the attack may want to use your email address to spread a remote-control virus. Or perhaps they want to launch an attack from your email address, thus protecting themselves from authorities behind your identity. Maybe they are going straight for the jugular, your online banking information.
There are several things to keep in mind in order to protect yourself. First, it’s important to know that these phishing attacks may not involve a virus or spyware infecting your computer and therefore will usually NOT be blocked by your antivirus software. Second, if you see a suspicious email asking for information or stating that your information has been compromised, thus asking you to “do something” via the internet to fix it…DON’T. Contact your institution directly from a phone number not obtained in the email. Do not delete the email until after you contact them, they may want you to send a copy to them for further investigation.
Lastly, make sure your password is strong. Do not use birthdays, common phrases (like “admin,” “password,” “1234,” etc) for the password. Instead try something crazy that mixes up letters, capitals, and numbers. Example: g0AwayM1ne! Change your passwords every once in a while too.
If you suspect you have fallen victim to a phishing attack, contact your institution and/or your email address provider and let them know what has happened. This should help you from falling victim to this dangerous social engineering scam.
“What is a rogue ad?” you ask? These types of internet advertisements try and trick you into purchasing, downloading, or installing some sort of application onto your computer that can do some pretty nasty damage to your PC. Think of it like the Trojan Horse. The ad tells you to ‘click here and make your computer faster’ or ‘you have Windows problems, click here to fix them.’ This sounds good until you realize that the payload of this promised application is really something that displays ads on your computer or redirects your web browser to objectionable sites.
Passwords keep our precious data and information safe and secure online, making it more important than ever to ensure your passwords remain known only to you. In this Two Minute Miracles video, Geek Squad Agents Daniel Campbell and Gerald “Chip” Underwood provide password tips, including things to avoid and ways to make your password even more secure.
Note: Comments are moderated and will be handled as per our privacy policy. Please keep your comments on-topic and free of profanity. For more information, please view our Blogging Terms of Use.
anti-virus Blu-ray Cell Phones CES cnet computer Dancing With the Stars Digital Television DIY (Do It Yourself) projects DTV facebook Global Positioning System Google Maps GPS HDTV Home Theater internet iPhone laptops malware Microsoft Microsoft OS netbooks PC router Security skype Smartphone Spyware Star Trek Technology twitter Two Minute Miracle United States Update upgrade Video video game console WiFi Windows 7 Windows XP wireless laptop Wireless Networking wireless networking XBOX360
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
Geek Squad