Here’s a morsel of what I learned about Web security at this year’s RSA Conference in San Francisco. It’s just another tale of the good, the bad, and the ugly 1.Security in Windows 10 is better than any version before it. That’s because unlike previous versions which had user customizable settings to control how your PC received updates and patches, updates in Windows 10 are by default automatic. Ostensibly this means that Microsoft is staying one step ahead of malware hackers. There’s just one problem with this assumption. Unlike the dozens and dozens of anti-malware/virus software companies which update their malware definitions 24/7, Microsoft offers its updates just once a month on its Patch Tuesday which means any Windows 10 is vulnerable to new malware for possibly a month in between. So installing third party anti-malware/virus software is probably still advisable. 2.Nothing is necessarily safe on the Web even if you have anti-malware installed because the hackers are changing their sinister codes virtually every few seconds. You read that right: every few seconds in a lousy game of digital whack-a-mole. And the bad guys are ever finding new ways to infect your system. 3. Then there’s the increasing rise of … Read More
Recently a WordPress attack led to defaced web sites. WordPress is an easy web platform to use and one used in many attacks. Here’s why — and what you can do to protect a WordPress site. Why WordPress Is Attacked WordPress is a very powerful platform. It makes it easy for novices and non web developers to build their own customizable web sites that are easily updated and very social. But that ease of use can also mean ease of being used in attacks. The core of WordPress is augmented by any number of third party plug ins and thus to patch and maintain WordPress sites can be pretty tricky. Recently, several security issues caused many sites to be defaced. The update, released on January 26th, fixed several issues the worst of which caused an “unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.” The bottom line? Attackers could take control of a site and post whatever content they wanted. As soon as the patch was released, sites came under attack. So why didn’t all of us running WordPress sites immediately update? Well, for the same reason we don’t immediately update Windows patches – we fear new releases will … Read More
Not a day goes by that I don’t see some sort of scam or attack. Awareness of the latest scams it key to staying safe — here are some new scams you should be aware of. Ransomware’d Printers The latest in ransomware techniques is to target vulnerable printers inside networks. As noted in a recent article, the attack takes advantage of a network if port 9100 is open. While in a small network behind a router provided by your Internet Service provider, the chances are small that port 9100 will be open if you’d like to make sure you can perform the following steps. From a computer inside your network go to the ShieldsUP website. Click on proceed to begin the process In the box, enter 9100 Click on user specified custom port probe The test will indicate if the port is open or closed. Chances are very good that the port will be closed. If so, you will not be at risk to this attack from external sources. However, I have seen several firms impacted by this attack because the malware entered into the network into a workstation and was able to attack vulnerable printers. In one case it … Read More
Credit card numbers, Social Security Numbers, scanned passports, plans for world domination — these are only a few of the items that you may be tempted to send in an email. But unless you have encryption, you shouldn’t hit “send” on any of them. A message can pass through numerous servers on its journey and can be read on any of them. Encrypting a message can be much more complicated than encrypting a file or even a drive. There are other people involved. And they may not be as tech savvy or security conscious as you. So you need encryption that won’t confuse someone who panics at the thought of downloading a file. Another issue you need to consider: Just how much security do you need? It’s one thing to protect your information from run-of-the-mill cybercrooks. It’s another to keep your private words from the government. And remember that there is no perfect security. Even the best encryption algorithm can be cracked if someone uses a password like 123456. The goal is to find something both practical and sufficiently secure. The Weak Encryption You Probably Already Have Your messages probably already travel encrypted from your email client to your email provider’s server, … Read More
Keeping your personal financial information safe from cyber thieves doesn’t require a ban on online shopping and banking — it just requires care.
Follow these tips and you should be okay — even if you take the riskier path of banking by cell phone.
It’s a new era in terms of risk on the Web: from scams to spam to predatory practices, you have more reasons than ever to be proactive about protecting your kids while they’re surfing online.
Fortunately, Windows 7 gives you a robust set of built-in parental controls.
Frequent Internet users get mixed messages about data privacy.
We worry about data miners and identity theft but put our life stories up on Facebook. Here are some basic steps to enhance your personal security.
You wouldn’t drive your car at night without at least buckling up and turning on the headlights, so why would you surf the Web without using basic safety procedures?
Our Windows Secrets Security Baseline is a simple summary of the products and services that give PC users a minimum safe PC configuration.
Protecting yourself from the criminals of the Internet shouldn’t cost you a fortune. In fact, it doesn’t have to cost you anything.
Firewalls and antivirus programs can’t do all the work of safe computing — small, targeted utility apps that encrypt your files, keep your passwords safe, and clean up your PC add to your protection.