Renata's posts with tag: information_security
| Start: | Aug 10, '07 8:00p | | End: | Aug 12, '07 12:00p |
Tomorrow, the Information Security Carnival 1st edition will be hosted at systemcall dot org. If you want to share Information security tools, articles, advices, tips and reviews follow this link and submit your post.
Airports are a major concern nowadays. 
First of all, if you
think Internet Explorer and Firefox were your only options, you are
mistaken. This section reviews Internet Explorer and Firefox basics
and introduces other viable Web browser options. Microsoft Internet
Explorer is a common target for browser hijacking. Internet Explorer
7.0 provided a significant upgrade to Microsoft browser security but,
still have flaws, like the one discovered for an Israeli
vulnerability researcher. Aviv Raff warned in a posting on his blog
Wednesday that Attackers could exploit a new flaw in Internet
Explorer 7 (IE 7) to launch phishing expeditions. Raff said IE 7
running on Windows XP and Vista is susceptible to cross-site
scripting attacks. Let's suppose you don't have options and you are using IE, or for some weird reason, you just like it. In this case, do you homework: keep your IE patched and well configured. IE has the ability to
provide a secure browsing, but it's the responsibility of the
organization or the user to configure it.
You can start reading this How-to
articles from Microsoft.
They have great tips. If you are tired of
patching your IE browsers every week (at least) may consider
migrating to Mozilla Firefox, a popular browser that is
generally thought to be more secure than IE. However, Firefox is not
immune to attacks, and as the browser increases in popularity, it's
likely to become a bigger target for attackers. In this link you can
find a list of security
tips for Firefox users, but it's great reading for other
users as well.
Not satisfied with
Firefox or IE? Yes, there are other options, such as Opera, Safari,
Konqueror, Lynx
(this one just for grown ones) and others.
They all have theirs pros and cons, visit their webpages and and
learn what you should expect if you're not using IE or Firefox.
And remember: on
the second Tuesday of every month, Microsoft releases hot fixes for
its newest flaws which almost invariably include Internet Explorer
patches. Yes, at least twice a month you will have to patch your IE.
Others Web browser of
your choice will release their patches eventually.
I was completely happy
at my desk, working and doing what every normal parent does these
days: searching the web about quark properties and lepton number
conservation laws.
And then, my husband
decide to make something in the microwave while talking with his
friend in our cordless phone.
You know the
consequences: my Wireless
Networking was interfered.
Yes, microwave owen, cordless phones, blue tooth devices and wi-fi networks are enemies. What do you do to minimize these problems? Your troubleshooting time can be considerably reduced if you know which specific device is causing the interference. Cognio has announced its Spectrum Expert software to solve this problem. Spectrum Expert is a monitoring and analysing tool, that tells you the specific device is causing interference, locks onto that device and locates it. Spectrum is a innovative tool, and Cisco realized that. Cisco now is offering Cognio's Spectrum Expert with its Cisco's Wireless Control System (WCS). Here you can read the Cisco Press Release.
You are responsible by everything written in your company website, weblog or online shop. That's the reason people uses a Disclosure note or a Term of Service (ToS). But, keep an updated tracking record of all site content, changes, and approvals isn't that easy. In this case, a compliance software would help. Q4 WebSystems has a patent-pending technology which automatically creates a record of all site content, changes, and approvals, helping you to achieve compliance with Sarbanes-Oxley and equivalent legislation.
Freedom of Speech. Freedom of expression. Privacy. Are those important things for you? If yes, you have to think about your Internet connection. Every time you surf the Internet, your IP address is publicly visible to everyone on target network resources, therefore, your actual location and even name and age can be tracked as well. Let's start with cookies: Cookies have become the most recognized privacy risk, because, although some organizations use cookies for legitimate purposes, there are also misuse. For example, tracking everything you visit and do on Internet, companies can create your web profile and based on this, direct publicity for your. It is not wrong, but not desirable for most of people. The pages you read tell marketers what junk to push on you. But, worse, cookies sometimes is used with cross-site scripting or of other techniques to steal information from a user. That's why people turn off cookies options in their browsers. To disable cookies in Mozilla: - Open the Edit menu.
- Select Preferences to open Dialog box.
- Select the Privacy & Security to open sub-menu.
- Select the Cookies item. Select "Block cookies".
- Click "OK".
To disable cookies in some IE versions (3.x, 4.x and 6.x): - Microsoft Internet Explorer 3.x users can disable or warn for cookies by clicking the "View" menu, "Options", "Advanced" and select "Never accept cookies" or "Warn me before accepting cookies".
- Microsoft Internet Explorer 4.x users can disable cookies by clicking the "View" menu, "Internet Options", "Advanced" and select "Never accept cookies" or "Warn me before accepting cookies".
- Microsoft Internet Explorer 6.x users can disable or manage their cookie settings by clicking the "View" menu, "Internet Options", and selecting the "Privacy" tab.
But, and your IP address? Can you hide it? - With a visible and public IP address you are under risks like:
- Spyware
- Web bug (HTML-enabled email)
- Social engineering
- Phishing
How can you protect your privacy? You could use an Anonymous Proxy Servers, as you can read here (only in portuguese). But, there are great products in the market that make all the boring working for you, automatically. They have great features: - anonymous web surfing
- hiding of your real location
- support for all your favourite applications
- hacker, virus and spy ware protection
- fully automatic configuration
But, keep in mind that anonymity can have dramatic effects, both useful and harmful.
You know, I work with
Information Security for at least 6 years and I've been using GFI
products for a long time. Specially GFI Languard, as you can see at
my Curriculum
vitae.
Now, came to my
attention, GFI MailSecurity, an email security
tool for Exchange and other mail servers.
They have great
features:
- Multiple virus
engines guarantee higher detection rate and faster response
- Unique Trojan &
Executable Scanner detects malicious executables without need for
virus updates – for example, they claim MyDoom was detected
immediately.
- Email Exploit
Engine and HTML Sanitizer disable email exploits & HTML scripts
GFI MailSecurity will
be part of my job tools now.
Have you ever reset a router to
factory defaults and then realize that you don't know what the password
is? Here is a list with default router passwords, so you will never have problem forgeting the password again. You have no idea what I'm talking about? Ok, let's talk about cats and their helmets. Yes, your cat deserve a helmet. A noble helmet.  The world wide famous F.P.E.S. v0.0, known as The Zero". F.P.E.S.: The Feline Protection and Enhancement System If you want to make one like this for your cat, follow the directions in this website.
Network
security is a serious matter. A network allows you to share
information and resources, but it also lets computer viruses, human
intruders, or even disgruntled employees do far more damage than they
could on a single machine.
In this case, Cisco can help you to
build a secure
networking.
The Self-Defending Network is Cisco's long-term
strategy to protect an organization's business processes by
identifying, preventing, and adapting to threats from both internal
and external sources. This protection helps organizations take better
advantage of the intelligence in their network resources, thus
improving business processes and cutting costs.
Characteristics of Self-Defending Network Security
Solutions:
- The integration of security throughout all
aspects of the network
- Collaborative processes between the various
security and network elements
- The ability of the network to adapt to new
threats as they arise
The Cisco networked-based strategy allows your
organization to use existing investments to solve your most pressing
security concerns today, while providing an architectural platform
and security solutions that can evolve to deliver proactive,
automated, real-time management of threats.
Sponsored by Cisco
Hackers last night mounted the most significant attack since 2002 on
the computers that direct traffic on the internet, it emerged today. The
hackers, believed to be from Asia, bombarded the 13 computers, or root
servers, that serve as the internet's central address books. Brian Krebs of the Washington Post " Security Fix" blog reports:
At around 7 p.m. ET on Monday, three of the Internet's 13
"root servers" -- the computers that provide the primary roadmap for
nearly all Internet communications -- came under heavy and sustained attack
from a fairly massive, remote-controlled network of zombie computers.
These are machines infected surreptitiously with programs that allow
criminals to control them remotely. The zombies were programmed to try
to overwhelm several of the root servers with massive amounts of
traffic.
Among the apparent targets was a root server controlled by the Department of Defense Network Information Center.
There is also evidence to suggest the attackers targeted the servers
responsible for managing the stability of the ".uk" and ".org" domains.
A number of technologists I spoke with who helped defend against the
attack said it's too early to say definitively where the attack came
from, but this perspective
from an operator responsible for maintaining one of the root servers
suggests that South Korea, China and the United States were the biggest
source of computers used in the attack
From the reports I'm reading now, there appears to be no evidence of damage. Did you noticed? It seems internet has became invunerable. Better, as my husband Renato said: it has became organic.
 Read about it in English:
Em portugues Antes da compra:
- Phishing - não visite sites sugeridos em mensagens não solicitadas
(Spam) que você recebe, este tipo de atitude normalmente o levará a
sites falsos que tem como objetivo coletar seus dados financeiros.
Instale barras anti-phishing em seu browser, elas o ajudam a
identificar, por exemplo, que o site de um banco brasileiro está
hospedado em um outro país. Consulte a seção "Mais informações" para
saber mais sobre as principais barras de ferramentas, Netcraft
Anti-Phishing Toolbar e Microsoft Phishing Filter.
- E-mail - os principais bancos e empresas de comércio eletrônico
optaram por não enviar mensagens para seus clientes. Como regra geral,
evite abrir estas mensagens e, principalmente, nunca abra os links que
elas indicam.
- Proteja seu computador - mantenha seu computador sempre atualizado,
se não souber como fazer isto peça a ajuda de alguém. Vulnerabilidades
em software colaboram com os crackers. Instale e mantenha atualizado um
anti-vírus, firewall pessoal, anti-spyware e anti-spam.
- Ensine o Anti-Spam de seu webmail - o envio de mensagens maliciosas
por meio de Spam é uma das principais maneiras de comprometer o seu
computador. Marque mensagens que apresentam sinais de Phishing como
Spam, desta forma você e outros usuários serão alertados.
- Navegador - Instale as versões mais recentes de navegador
(browser). A ultima geração de browsers (Mozilla Firefox 2.0, Microsoft
Internet Explorer 7, entre outros) oferecem proteção adicional contra
golpes de Phishing.
- Reputação - Compre apenas de empresas on-line confiáveis e
reconhecidas no mercado. Visite sites como Buscape (www.buscape.com.br)
e Bondfaro (www.bondfaro.com.br) para conhecer sites confiáveis - ambos
têm um processo de filiação sujeito a aprovação, selos de empresa
reconhecida, bem como opiniões e avaliação de consumidores.
- Ítens com mais risco - Tenha cuidado especial ao comprar ítens
muito vendidos (MP3 players, telefones celulares), eles normalmente
estão associados a compras mais arriscadas. Desconfie ao se deparar com
muitos ítens difíceis de serem encontrados em um mesmo site ou com
preços muito abaixo dos praticados no mercado.
Durante a compra:
- Comunicação Segura - Verifique se o site oferece comunicação segura
entre seu computador e o servidor. O nome técnico deste protocolo de
comunicação é SSL ou TLS (Secure Socket Layer/Transport Layer Security)
e pode ser verificado em seu navegador pelas presenças do endereço no
formato https://www.example.com (em vez de http://...) e da figura de
um cadeado em algum lugar da interface gráfica de seu navegador
(normalmente no rodapé). O navegador Mozilla Firefox complementa estes
indicadores visuais de segurança trocando a cor de fundo da barra de
endereços (URL) para amarelo.
- Cartão de crédito não confirma idade - nunca forneça o numero de
seu cartão de crédito como prova de sua idade. As operadoras afirmam
que cartões não verificam a idade de alguém, trata-se apenas de uma
maneira simples de enganar usuários desavisados.
- Use seu próprio computador - Compras on-line não devem ser feitas
em qualquer computador, prefira o computador de sua casa ou trabalho. A
probabilidade da estação de trabalho de sua empresa estar atualizada e
livre de software malicioso é maior do que de um computador de uma "Lan
House" ou estabelecimento similar.
- Usar ou não cartão? - Usar o cartão de crédito em compras on-line é
tão seguro quanto usá-lo em um restaurante. Tanto compras no mundo real
quanto on-line sofrem de fraude durante a compra ou de problemas no
armazenamento de seus dados confidenciais.
- Escolha seu melhor cartão - use cartões de crédito específicos para
compras on-line, se possível. Use seu cartão com menor limite de
compras, isto minimizará seu prejuízo em caso de fraude ou
armazenamento inadequado dos dados de seu cartão. Se possível tenha um
seguro contra fraudes no seu cartão.
- Não compre por impulso - Se desconfiar do site e a compra for
inevitável, escolha por pagar com boleto bancário ou SEDEX a cobrar.
- Desconfie de ofertas boas demais, use o bom senso acima de tudo.
Após a compra:
- Logout - efetue "logout" do site de compras, em especial em
estações compartilhadas por várias pessoas. Se possível aprenda como
limpar "cookies" e outras informações confidenciais em seu browser.
Firefox 2.0 e Internet Explorer 7 contam com opções específicas para
este tipo de operação.
- Extratos - ao utilizar o cartão de crédito para a compras on-line, verifique o extrato do cartão.
- Acompanhe a entrega do produto - As entregas normalmente são feitas
por empresas que oferecem "tracking" do seu pedido, ou seja,
acompanhamento da entrega do produto mediante o uso de um código
fornecido pelo vendedor. Este código normalmente é fornecido ao final
da transação de compra.
- Não apague os registros de sua compra, especialmente mensagens com confirmação de compra e entrega.
Sites de leilão:
- Reputação - Leia os comentários que os compradores anteriores têm
com relação ao vendedor. Embora este tipo de indicador seja sujeito a
fraude é uma boa maneira de avaliar o comprador.
- Qualidade do vendedor - Conheça o sistema de qualificação de vendedores de seu site de leiloes preferido.
- Leia atentamente a descrição do produto, imprima uma cópia destas informações.
- Não guarde duvidas - Pergunte sobre o produto no espaço destinado a
este fim. Este tipo de recurso normalmente é aberto a qualquer pessoa
que consulte o produto e pode ser útil para identificar características
que não condizem com a descrição ou mesmo para conhecer compradores
insatisfeitos.
- Denuncie o vendedor - Se você se sentiu lesado por algum vendedor
informe a administração do site e possíveis futuros compradores (por
meio de qualificação) do site o mais breve possível.
Mais informações em portugues:Fonte: Dicas para suas compras on-line de final de ano
| |
Link: 
