“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the ‘legitimate’ web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t delete it immediately. Even if it did come from them, research on the said app or widget from previous users.
Source

by Andrea

There are so many choices on whether or not make use of SSL. This is not based on what is seen  the audience  web site though. There are good candidates for SSL-enabled web sites are as follows:

• Social Security Numbers
• Patient Information
• Student Information
• Financial Information
• Personnel Records
• Secure User Names and Passwords for Authenticated Web Sites

These are the ones used with the purpose for sending out. At this time, unwavering rules are present on the subject of which information requires SSL. Nevertheless, if there is any uncertainty, it should be consulted immediately.

Spybot Search & Destroy
Spyware & Adware for data corruption, personal profiling, hacker attacks, pop-up ads, spying, and identity theft.

Microsoft Windows Defender:
Helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection that recommends actions against spyware when it is detected.

Lavasoft’s Ad-Aware SE, Personal Editionhttp://lavasoft.com/products/ad_aware_free.php:
Ad-Aware protects personal and home computers from malware attacks. With over a quarter of a billion downloads, computer users put their trust in Ad-Aware more than any other anti-spyware software program.

Navarre Webroot Spy Sweeperhttp://www.webroot.com/consumer/products/antivirus/?id=H2-HHO_Links-WAV :
Webroot’s antivirus detection is powered by Sophos®, known globally as a pioneer and industry leader in the fight against viruses.

Macafee Virus Scan and Anti Spyware:
Protects computers from viruses, spyware and hacking so you can safely surf the web. Security service continuously and automatically updates with the latest software and threat security data to all your PCs.

The security bugs reside in Flash applets, the ubiquitous building blocks for movies and graphics that animate sites across the web. Also known as SWF files, they are vulnerable to attacks in which malicious strings are injected into the legitimate code through a technique known as cross-site scripting, or XSS. Currently there are no patches for the vulnerabilities, which are found in sites operated by financial institutions, government agencies and other organizations.”

“Stamos said Adobe is likely to update its Flash Player so it does a better job of vetting code variables before executing SWF files. But he said interaction with third-party code is such a core part of the way Flash works that updates to the player would likely provide only a partial fix.”

Article Link: http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/

Source: cgisecurity.comhttp://www.cgisecurity.com/

Spyware is most often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information. It is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first. There are software, though, that provides ads or tracks your online activities which are not considered bad. Example is when you sign up for a free music service, with a trade off of agreeing to receive targeted ads, as such agree to let the company track your online activities to determine which ads to show you.

There are spyware that makes changes to your computer, which can cause your computer to slow down or crash, or change your Web browser’s home page or search page. Sometimes they add additional components that you do not want to your browser, making it very difficult for you to change your settings back to the way you originally had them.

Spyware or other unwanted software can get on your computer in various ways. One way to avoid this is to covertly install the software while installing other software you like, such as a music or video file sharing programs. Make sure you carefully read all disclosures, including the license agreement and privacy statement, when you install something on your computer. Chances are, the inclusion of unwanted software in a given software installation is documented at the end of a license agreement or privacy statement.

If you subscribe to Cable or DSL broadband at home, then you are likely to be casually “attacked” by hackers up to three dozen times a day. Especially if you use Windows XP or other Windows operating systems, you are a prime target for savvy hackers who will exploit your fulltime Internet connection.

As good as Microsoft products are, they are also obsessively targeted by hackers around the world. Small Microsoft “holes” perforate your computer, including: your administrator account, your ICF firewall service, your guest logon, your shared folders, your messaging services, your Identifier Broadcasts, your port openings, and your Encrypted File Services… all of these obscure points are absolute candy for hackers!

Yes, this is frightening. But all is not lost… most of these security holes in Microsoft are easily patched by an hour of reading and an hour of configuring your PC.

Good home security is about vigilance, knowledge, and meticulous attention to detail. We here at About.com want to help you with that, so we have provided dozens of free articles explaining security holes and how best to plug them.

Source: Net for Beginners

“Facebook alleges that in June servers controlled by the defendants used automated scripts to make more than 200,000 requests for personal information stored on Facebook’s site. The allegations are contained in an amended lawsuit filed earlier this month in U.S. District Court in San Jose, California.

The company first filed suit back in June, but amended the complaint this month after obtaining court orders to identify who controlled the servers trying to access its site.

Experts have warned people against publishing too much personal information on social networking sites for fear it could be collected and then abused by fraudsters.”

“Facebook said the hacking attempts cost it at least US$5,000 to investigate. The company has requested a jury trial and is seeking to bar the defendants from accessing its computer systems in the future, in addition to damages.”

News Link: http://www.infoworld.com/article/07/12/17/Facebook-sues-Canadian-porn-company-over-hacking_1.html

Source: cgisecurity.com

Always bear in mind that your IP address is public, so that whenever you access the Internet, you are always heading for a security risk. An IP address that will identify your PC can be located whenever you access the Internet. If you are not protected, your IP address address can be used by others to access your computer from anywhere in the outside world. One larger security is a fixed IP address.

Using a modem with a dial-up connection will get you a new IP address every time you connect to Internet. This is not true if you have a fixed Internet connection (cable, ADSL, fixed line), because your IP address will never change. This will allow potential Internet crackers to be able to access your computer everytime they want to, and to store and share (with other crackers) information and data that they might find about your unprotected private data.

Web application development is very different from other environments. Web browser and the nature of HTTP pose security pitfalls not found in traditional client-server applications. Web developers must know how web servers and browsers interact, the nature of Internet communications, and the attacks web applications undergo on the Internet. If you think your network is secured by a firewall and network intrusion detection system, think again. Security flaws in web applications easily bypass firewalls and other basic security measures. Many banks, military and e-commerce sites have learned that lesson. It’s easy for a well-experienced software developer to unwittingly create a web application that allows outsiders access to files on the server, gather passwords and customer information, and even alter the application itself despite firewalls and other security measures.

Web caches can be deployed in a variety of ways. User agent caches, such as those in web browsers, are private caches, operating on behalf of a single user. Intermediaries can also implement shared caches that serve more than one person.Caching was originally designed to speed up content access and reduce the need for the enterprise to purchase expensive bandwidth. Initially the cache was the object of everyone’s desire to accelerate applications. As a result, Web 1.0 applications had their own protocols (HTTP, FTP, NNTP, RTSP, etc.) each with their own caching needs.

Web 2.0 applications replace their Web 1.0 predecessors with standard use of HTTP and HTTPS, obsolescing the need for separate protocols supporting separate applications and hence the caching needs they require. Rapid adoption of Web 2.0 applications and wide availability of inexpensive bandwidth dictates a review of how network traffic and application use have changed: