guidetowebsecurity.com

If you have any social networking sites now, better be wary of apps or widgets that may have trojan viruses running in the background. According to researchers at Finjan, cyberattackers are now going to social networking sites such as Facebook and Myspace to get more victims.

“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t delete it immediately. Even if it did come from them, research on the said app or widget from previous users.
Source

by Andrea

There are so many choices on whether or not make use of SSL. This is not based on what is seen  the audience  web site though. There are good candidates for SSL-enabled web sites are as follows:

• Social Security Numbers
• Patient Information
• Student Information
• Financial Information
• Personnel Records
• Secure User Names and Passwords for Authenticated Web Sites

These are the ones used with the purpose for sending out. At this time, unwavering rules are present on the subject of which information requires SSL. Nevertheless, if there is any uncertainty, it should be consulted immediately.

Spybot Search & Destroy
Spyware & Adware for data corruption, personal profiling, hacker attacks, pop-up ads, spying, and identity theft.

Microsoft Windows Defender:
Helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection that recommends actions against spyware when it is detected.

Read the rest of this entry »

“Researchers from Google and a well-known security firm have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal details of visitors.

The security bugs reside in Flash applets, the ubiquitous building blocks for movies and graphics that animate sites across the web. Also known as SWF files, they are vulnerable to attacks in which malicious strings are injected into the legitimate code through a technique known as cross-site scripting, or XSS. Currently there are no patches for the vulnerabilities, which are found in sites operated by financial institutions, government agencies and other organizations.”

Read the rest of this entry »

Spyware is most often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information. It is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first. There are software, though, that provides ads or tracks your online activities which are not considered bad. Example is when you sign up for a free music service, with a trade off of agreeing to receive targeted ads, as such agree to let the company track your online activities to determine which ads to show you.

There are spyware that makes changes to your computer, which can cause your computer to slow down or crash, or change your Web browser’s home page or search page. Sometimes they add additional components that you do not want to your browser, making it very difficult for you to change your settings back to the way you originally had them.

Read the rest of this entry »

If you subscribe to Cable or DSL broadband at home, then you are likely to be casually “attacked” by hackers up to three dozen times a day. Especially if you use Windows XP or other Windows operating systems, you are a prime target for savvy hackers who will exploit your fulltime Internet connection.

As good as Microsoft products are, they are also obsessively targeted by hackers around the world. Small Microsoft “holes” perforate your computer, including: your administrator account, your ICF firewall service, your guest logon, your shared folders, your messaging services, your Identifier Broadcasts, your port openings, and Read the rest of this entry »

“Facebook alleges that in June servers controlled by the defendants used automated scripts to make more than 200,000 requests for personal information stored on Facebook’s site. The allegations are contained in an amended lawsuit filed earlier this month in U.S. District Court in San Jose, California.

The company first filed suit back in June, but amended the complaint this month after obtaining court orders to identify who controlled the servers trying to access its site.

Read the rest of this entry »

Always bear in mind that your IP address is public, so that whenever you access the Internet, you are always heading for a security risk. An IP address that will identify your PC can be located whenever you access the Internet. If you are not protected, your IP address address can be used by others to access your computer from anywhere in the outside world. One larger security is a fixed IP address.

Using a modem with a dial-up connection will get you a new IP address every time you connect to Internet. This is not true if you have a fixed Internet connection (cable, ADSL, fixed line), because your IP address will never change. This will allow potential Internet crackers to be able to access your computer everytime they want to, and to store and share (with other crackers) information and data that they might find about your unprotected private data.

Web application development is very different from other environments. Web browser and the nature of HTTP pose security pitfalls not found in traditional client-server applications. Web developers must know how web servers and browsers interact, the nature of Internet communications, and the attacks web applications undergo on the Internet. If you think your network is secured by a firewall and network intrusion detection system, think again. Security flaws in web applications easily bypass firewalls and other basic security measures. Many banks, military and e-commerce sites have learned that lesson. It’s easy for a well-experienced software developer to unwittingly create a web application that allows outsiders access to files on the server, gather passwords and customer information, and even alter the application itself despite firewalls and other security measures.

Web caches can be deployed in a variety of ways. User agent caches, such as those in web browsers, are private caches, operating on behalf of a single user. Intermediaries can also implement shared caches that serve more than one person.Caching was originally designed to speed up content access and reduce the need for the enterprise to purchase expensive bandwidth. Initially the cache was the object of everyone’s desire to accelerate applications. As a result, Web 1.0 applications had their own protocols (HTTP, FTP, NNTP, RTSP, etc.) each with their own caching needs.

Web 2.0 applications replace their Web 1.0 predecessors with standard use of HTTP and HTTPS, obsolescing the need for separate protocols supporting separate applications and hence the caching needs they require. Rapid adoption of Web 2.0 applications and wide availability of inexpensive bandwidth dictates a review of how network traffic and application use have changed: