Join the God Side, Jesus is Coming…….

Archive for the ‘End Users’ Category

Hackers Shift From Vandalism to Massive Data Theft

Cyber-attacks have dominated headlines this summer as government agencies, large organizations and small businesses have been hit by malware, distributed-denial-of-service attacks and network intrusions. On the personal front, individuals’ email and social networking accounts have been hijacked.

Most cyber-attackers are motivated by money, whether it’s by looting bank accounts or selling stolen information to other criminals, said Josh Shaul, CTO of Application Security. However, there’s been a surge in politically motivated attacks in the past few months as a number of groups—including the notorious hacker collective Anonymous—turned to cyber-attacks as a form of protest.

PandaLabs researchers predicted this past December that the cyber-protests that have added the word “hacktivism” to the English language will continue to grow in frequency because it’s been so effective in getting attention.

In the past few months, even hacktivism has been transformed as tactics and motivations have evolved. In the past, cyber-protesters generally defaced Websites or launched DDoS attacks to express their discontent.

In these DDoS attacks, Websites were overwhelmed with large volumes of server and database requests and became inaccessible to legitimate site visitors. For the most part, the majority of hacktivists relied on low-tech techniques for its activities, Shaul said.

Source: Eweek

The science of password selection

A little while back I took a look at some recently breached accounts and wrote A brief Sony password analysis. The results were alarming; passwords were relatively short (usually 6 to 10 characters), simple (less than 1% had a non-alphanumeric character) and predictable (more than a third were in a common password dictionary). What was even worse though was uniqueness; 92% of common accounts in the Sony systems reused passwords and even when I looked at a totally unrelated system – Gawker – reuse was still very high with over two thirds of common email addresses sharing the same password.

But there was one important question I left unanswered and that was how people choose their passwords. We now know that structurally, passwords almost always adhere to what we would consider “bad practices” but how are these passwords derived in the first place? What’s the personal significance which causes someone to choose a particular password?

Read more…

Fake Antivirus Targets Firefox

Source: pcworld

Firefox users have targeted by a new scam that tries to load a user’s PC with fake antivirus software using a passably convincing version of the Windows Update page.

Fake antivirus scams are legion, and ones using bogus update pages of one sort of another are also an established trick. The oddity of the latest incarnation of the attack, discovered by Sophos, is that it triggers only when encountering Windows users of Firefox pushed to it through a page redirect.

Artwork: Chip TaylorThe first big giveaway? Windows Update can only be started as a background activity in Windows or through Internet Explorer.

The page itself is a copy of the Windows Update page offering an “urgent” 2.8MB download which will turn out to start a useless security scan plugging fake antivirus software. The technique is clever. Users who agree to the update without being entirely sure that it is genuine will be more easily convinced that a PC has been infected with the non-existent malware later detected by the bogus program.

“Users need to be more vigilant than ever before as bogus security alerts pop-up in their browsers,” said Graham Cluley of Sophos. “Fake anti-virus attacks are big business for cybercriminals and they are investing time and effort into making them as convincing as possible.”

“Malicious hackers are using smart social engineering tricks more and more often, and the risk is that users will be scared by a phoney warning into handing over money to fix problems that never existed in the first place,” he said.

 

10 Awesome Google Tricks You Missed

Source: pcworld

Getting the most out of Google products such as Gmail, Docs, and YouTube is a must if you’re using them for business. However, the products are so packed with features that it can be hard to keep up. Here are 10 little-known features across various Google services that could change the way you work, or perhaps make life that little bit easier.

 

1. View All Kinds of Files Online

Google Docs Viewer is a neat little Website that lets everybody view files online, avoiding the need to download and open them manually. Despite its name, you don’t have to be a Google Docs user to access it. All you need do is visit Google Docs Viewer and enter the address of the file you want to view.

2. Send Somebody a URL to View a File Online

Another feature of the Google Docs Viewer Website mentioned above is that you can create your own URLs that point to files online, and send them to others so they can instantly view the file by clicking the link.

Just make the first part of the URL read as follows:  http://docs.google.com/viewer?url= Your FileURL

3. Add ‘S’ For Safety

Practically all of Google’s services can be accessed via HTTPS, which makes for a totally secure connection across the Internet–the same kind of connection online banks use. Just add an “S” to the http:// part of the address to make https://. For example, to view the Microsoft Word file mentioned above over a secure connection, you could type the following: https://docs.google.com/viewer?url=http://Yourdomain/dump/testfile.docx

4. Avoid Account Hijacking

To ensure that nobody but you ever accesses your Google account, you can have Google phone you with a confirmation code or send a SMS to your cell phone, every time you login. That way, even if somebody steals or second guesses your password, there’s simply no way they can access your account.

This security is known as a two-stage verification procedure, which you can set up here. Note that this service is still being rolled out and might not yet be available to you. Keep checking back, however, because the intention is for it to be available to all Google users.

5. Use Two Different E-mail Addresses

You might already know about Gmail aliases, which is to say, using periods or plus symbols to extend your standard Gmail address so you can filter for spam.

What you might not know is that you can use @google-mail.com as well as @gmail.com. In other words, if you normally use example.address@gmail.com for your e-mail, then you can also use example.address@google-mail.com , and the message will still reach you. You could use @google-mail.com when signing up to newsletters, for example, and create a filter rule within Gmail to sort any messages sent to that address into a spam folder.

6. See Who Last Accessed Your Account

Worried somebody’s been snooping on your Gmail account? By clicking the Details link at the very bottom of the Gmail page, you can view when, where and how your Gmail account was last accessed. The last 10 logins are listed.

7. Test Your YouTube Connection

Has YouTube been stuttering, or just a little slow? By right-clicking any video and selecting Take Speed Test or just visiting this speed-test link , you can compare your playback speed to others who use your ISP, as well as comparing it to the average speed for your city, and country. By clicking the Show Video Test link, you can measure your speed. Just look at the HTTP section in the information window at the top left of the video display to see how quickly you’re receiving the video file.

 

8. Drag and Drop

You can drag and drop files onto Gmail windows if using Chrome or Firefox.If you’re using Firefox or Google Chrome to access Google’s services, you can often drag and drop files onto the browser window if the Google product is one that works with files.

For example, when creating a mail message, you can simply drag and drop files onto the browser window to instantly attach them (you’ll need to “drop” them over the green Drop Files Here area). If creating a word processor document in Google Docs, you can drag and drop pictures into the browser window to place them on the page.

This doesn’t work with Internet Explorer, unfortunately.

9. See if Google Services Are Working

Ever tried to access one of Google’s services but you’ve been unable to? If you’re like me, the first think you’ll do is ask any colleagues nearby whether they can access the service. Well, no more. By visiting the Google Apps Status page you can see at a glance whether there are any problems, and if so, what the nature of the problem is.

10. Collaborate on Documents within Microsoft Office

If you’re not quite ready to take the plunge into working with Google Docs through your Web browser, you can download the Google Cloud Connect plugin for Microsoft Office, which is now freely available after a long period of testing. This allows more than one person to work on a Microsoft Office file that’s been uploaded to somebody’s Google Docs space. Any edits made by others are instantly reflected within the document, all within the standard Microsoft Office program window, and you have the added benefit that files are stored in Google’s cloud and revisions tracked.

 

 

 

 


 


Bogus BBC Fukushima radiation texts panic the Philippines

Source: theregister

Hoax BBC text messages are claiming that radiation from the stricken Fukushima nuclear power plant has begun spreading in the Philippines.

Authorities in Manila were obliged to issue an official denial over the SMS messages, which are entirely bogus. The put-up messages (extract below) advise recipients to stay indoors, and to start taking unnecessary medical precautions.

BBC Flashnews: Japan gov’t confirms radiation leak at Fukushima nuclear plants. Asian countries should take necessary precautions. Remain indoors first 24hours. Close doors and windows. Swab neck skin with betadine where thyroid area is, radiation hits thyroid first. Take extra precaution, radiation may hit Philippines.

The supposed news flash is reckoned to be the work of pranksters, whose actions forced the Philippines’ Department of Science and Technology to put out a statement designed to quell public fears.

“The advice circulating that people should stay indoors and to wear raincoats if they go outdoors has no basis and did not come from DOST or the National Disaster Risk Reduction Management Center,” it said.

The rumour was plausible enough for some companies and schools to start sending people home, net security firm Sophos reports.

 

Google Chrome Is Better Than Microsoft Internet Explorer: 10 Reasons Why

Source: eweek

Chrome is simply a better browser than Internet Explorer, even as Microsoft prepares to launch Internet Explorer 9 to take on Chrome 10.

Read on to find out why:

1. Simplicity

When users first start Chrome, they will find an extremely slimmed down interface.

2. Speed is everything

Internet Explorer has been criticized over the years for being slow. Getting to Web pages takes longer than it should. For the most part, other browsers are quicker. But Google Chrome is one of the fastest browsers on the market.

3. Security, anyone?

Security continues to be one of the biggest problems Web users face. On just about any platform, issues can arise that, if left unpatched, can wreak havoc on a person’s computer. But if one were to compare Chrome’s track record in security against Internet Explorer’s, it’s hard to see how Microsoft can compete.

4. The apps are quite appealing

Google offers the Chrome Web Store, a marketplace where people can find different applications to expand the usability of their browser. The store is filled with useful applications that make using Chrome a bit more enjoyable.

5. The Ominbox is great

Google’s Chrome platform has been heralded by Web users for several reasons, but perhaps its most notable feature is the Omnibox. Doubling as an address bar and search bar, the Omnibox makes looking for content on Google Search or quickly going to a desired site much easier.

6. It’s platform agnostic

Internet Explorer is available only to Windows users. Google Chrome, on the other hand, is available to those on Windows, Linux, and Mac OS X. That’s an important distinction.

7. The market share can’t lie

Google’s Chrome browser has been quickly gaining market share. At the end of 2010, for example, the browser had 7.31 percent of the worldwide browser market, according to Net Applications.

8. Google being Google, Microsoft being Microsoft

When one compares Internet Explorer to Google Chrome, they need to think about the companies behind those platforms and what they’re really after.

9. Rapid updates

Although Chrome has only been available for a little over two years, Google is now on to the tenth version of the software. Generally speaking, Google updates its browser every six weeks.
10. It goes beyond the desktop

Google’s browser value to consumers and even enterprise customers goes beyond the desktop. The company’s mobile browser, available on Android-based devices, is highly regarded in the smartphone market. Moreover, Google significantly improved its browser for Android 3.0 Honeycomb, delivering full tabbed browsing, Incognito mode, and other features that will appeal to mobile customers. Google’s browser effort is the full package across several platforms. And that must be acknowledged.

The Wrong Way to Manage Your Passwords

Source: pcworld

Over the weekend I went camping with some buddies, and somehow the subject of computer passwords came up. I asked everyone how they manage theirs, and all six of them said the same thing: They store them in a text file, spreadsheet, or some other similarly unprotected document.

The horror!

That’s a disaster waiting to happen. If a hacker ever finds his way onto one of their PCs, those passwords will be easier to steal than a whiff of chocolate at the Hershey factory. What’s more, if one of my amigos ever needs access to those passwords while traveling, he’s out of luck. Same goes for a hard-drive crash: it’ll take down that password list along with everything else.

My advice to them and everyone else on the planet: use a password manager–ideally, one that can sync with a smartphone and/or the cloud.

These tools offer both simplicity and convenience. You just enter in the details of the various sites and services you use–user ID, password, Web address, etc.–and the password manager stores them in a simple, secure, password-protected database. In other words, you need to remember only one password to gain access to all your other passwords.

As for convenience, the better managers can sync with, say, your iPhone or Android phone, as well as a secure Web site for easy access on any PC. I also like the ones that can automatically generate secure passwords on your behalf (useful for those folks who still think “123456” is a safe choice).

So, which password manager should you use? I’d say it doesn’t matter, so long as you use one.

Notictech adds that it’s highly recommended to encrypt those files using a freeware encryption software like EncryptOnClick.

Tag Cloud