;

FACEBOOK, TWITTER PROVIDE SENSITIVE INFORMATION FOR CORPORATE CRIMINALS


Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?

A recent study found that many users simply accept requests to connect even if they do not know the person they are connecting with. The actual numbers found that 13% of Facebook users and a whopping 92% of Twitter users simply connect with anyone who asks.

Users share too much information and often vent on social networking services. Little tidbits of information about being out on vacation, or complaints about the new desktop operating system, or announcing an upcoming business trip to meet with a foreign competitor all offer tiny sparks of information which can be combined with other sparks to form a light that exposes more than should be shared.

There is a similar debate in the security community regarding out-of-office auto replies from email programs. Automatically sending an email to anyone that emails you including why you're not available, how long you will be gone, and the names, email addresses, and phone numbers of other users to contact in your absence is more information than should be shared outside of the company. Newer versions of products like Exchange and Outlook actually allow users to create separate out-of-office replies for internal and external emails to address the problem of sharing too much information with outsiders.

Its virtually impossible to prevent all such disclosures of information. The reason is that these tidbits are generally useless and innocuous alone. By themselves they appear to be harmless, verging on nonsensical, and most of them are. But, each tidbit reveals some small piece of a larger puzzle and an industrious criminal can dedicate the time and resources to gluing the innocuous, nonsensical pieces together to reveal a larger secret.

Organizations should be aware of the pros and cons of social networking and should have established policies regarding the acceptable use of company resources in connection with social networking. It is also a good idea to provide some awareness training about the security issues of social networking and educate users to be more careful of whom they connect with and the information they share.

Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.
»»  read more
Posted on 11:38 PM by omedot and filed under , | 0 Comments »

HOW TO DOWNLOAD FILES FROM THE INTERNET THE SECURE WAY

Everyone who uses an Internet connection is downloading files from there. It can be automatic file transfers like downloading new emails or filling the browser cache when opening new websites but also manual downloads of pictures, videos or programs. The most dangerous type of downloads are program executables as they can infect a computer system easily if the user has no precautions in place. The following article will give users of every experience level some guidelines at hand on how to download and handle files that are downloaded from the Internet.

It all begins at a website or server. This is the starting point and it might be a good idea to start validating that server before even thinking about downloading files from there. This can be done manually by performing some searches in search engines but also automatically with browser add-ons or plugins like Web of Trust, McAfee’s Site Advisor and a plethora of other respected programs including local security software that can also check websites and servers.

The second step involves downloading the file to the local computer system. There is not a lot that can be done here in this step. The only defense are security software programs that are installed on the computer system that should scan the file and report back to the user if they believe it to be malicious. Cautious users can also use one of the many online virus scanners to upload the file and scan it online. Services like Virus Total scan the files with more than a dozen different up to date antivirus engines resulting in a more precise analysis of the file.

Another option is to check the hash values of the downloaded files to make sure that they have not been tampered with. This only makes sense if the developer is displaying the values on a trusted website.

It is pretty safe to assume that the file is safe and can be executed on the computer system if it did pass the tests. There is however a last step that can be done to add the extra mile of security: Virtualization. Programs like Sandboxie or VMWare Player make it possible to execute programs in a closed environment for testing purposes. The benefit of this approach is that they cannot harm the rest of the computer system if they should be malicious.

»»  read more
Posted on 1:52 AM by omedot and filed under , , , | 0 Comments »

WINDOWS XP SYSTEM FILE CHECKER

Windows XP and Windows 2003 administrators who are noticing difficulties like performance drops, application or system crashes while using the computer system that can be caused by third party applications that are overwriting shared system files of the operating system. System Administrators can run the sfc /scannow command to verify the integrity of all protected operating system files. The check will basically compare the current file with the original version and replace modified files with the original Microsoft version.

It has to be noted that the command will replace all modified files even those that have been modified deliberately by a user of the system (e.g. a patched uxtheme.dll file to be able to use third party themes).

Not everyone likes to use a command line version (that comes with several parameters) on the other hand. File Checker is a small portable software program that offers a GUI for the process. The program gives the system administrator the tools at hand to run most sfc commands from that GUI including starting a system scan, purging the cache or defining the locations of the setup sources.

windows xp system file checker

Options are available that can change the process further. It is possible to reset the cache size to a new value, to disable the Windows File Protection and to define how protected system files should be handled by the scan.

The Windows XP system file checker is a portable alternative for system administrators who like to work with graphical user interfaces. File Checker is available at the developer’s website.

Download File Checker

»»  read more
Posted on 1:44 AM by omedot and filed under , , , , , | 0 Comments »

TRACK YOUR STOLEN COMPUTER WITH LOCATED PC

If you travel a lot chance is that you will eventually fall victim to theft. If you happen to have your notebook or laptop with you most of the time chance is pretty high that the thief will have the desire to steal that one. Chances are pretty slim that you will see your notebook again after the theft but you can increase them a bit by using Locate PC.

Locate PC only works if the thief is stupid enough to boot your computer while being connected to an internet connection. I cannot really say how many thiefs would do that but it can happen and that’s probably reason enough to use Locate PC. A slim chance is better than no chance at all, don’t you think ?

Locate PC (via Cybernet News) will send emails periodically whenever the PC is connected to the Internet, by default one email is send per day and another one for every IP change. The application is running in the background with an obscured filename and no system tray icon making it harder to identify. I would say that you do not need to worry about that though, if the thief really boots the PC while it is connected to the Internet then you should not fear that he will discover the little tracking application.

locatepc

One thing that actually might work pretty well is to create a bogus account that does not require a password. I mean, a thief that gets a password prompt will probably not be able to load the operating system which would make the whole configuration void.

The emails that are send contain several interesting information, not only the IP that it is being send from. It displays the computer’s host name and logged in user. This will be probably your information though. More interesting are the network connections that are listed. A dialup connection would reveal the phone number and the user name which can lead directly to the thief.

A traceroute command is issued as well and identifying information are pulled from Windows. The important information that can lead to the thief are the IP address, the network connections and the traceroute command. Everything else will be your information unless the thief decides to chance the name and address of the owner to his own.

Download LocatePC

Requirements

LocatePC is designed to work with the majority of systems, however you will need to set up your email account so that it works with LocatePC.
  • LocatePC runs on Windows Vista/XP/Me/98
  • You will need to have a POP email account for LocatePC to send you email. You can get a free POP account that works with LocatePC from AOL, Bluebottle, Gawab or @inMail24.
  • LocatePC can only send email if a user is logged in to the PC, and the PC is connected to the Internet.
  • LocatePC does not support HTTP proxy servers, mail servers that use SSL or SPA or IMAP (including Gmail and Hotmail), or email accounts that only work when the PC is connected to a specific ISP.
»»  read more
Posted on 1:26 AM by omedot and filed under , , , , , , , , | 0 Comments »

DOWNLOAD GUARDIAN ANTITHEFT SYSTEM FOR YOUR MOBILE


Now series 60 phone users can be relax and stop worrying about their phone’s security. Symbian Toys Guardian 2.2New anti-theft system is here to help protect their mobiles.From symbian-toys.com

Guardian is the new antitheft system for Symbian Series 60 devices. Every time you switch on your mobile telephone, Guardian proceeds with authentication of the inserted sim card; if authentication fails, Guardian send a notification sms message to a previously set telephone number.

In addition, the system features remote control functions, i.e. deleting your photographs/phone book/text messages/video/audio data in case of loss or theft of your mobile phone (see Plugins section).

Please NOTE that all the sms sent / received by Guardian will not notified in any way to the user, no icons, no lights, no sounds, no vibro, nothing visibile in inbox/sent/outbox messages folder, and of course, no traces left in logs.

Download Guardian for series-60 mobiles(87 KB)

Compatible with:

Nokia: 3230 / 6260 / 7610 / 6600 / 6620 / 6630 / 6670 / 6680 / 6681 / 6682 / n70 / n90
Panasonic: X700 / X800
Samsung: SGH-D720 / SGH-D730
Lenovo: P930

If your model is not in the list, then visit this site: www.Guardian-Mobile.com
»»  read more
Posted on 1:14 AM by omedot and filed under , , , , , , | 0 Comments »