The internet is a source of a great deal of information, but it is also a source of viruses and other ‘infections’ which can compromise security.

The only way that your computer (desktop, laptop, notebook, netbook, tablet) would be 100 percent safe from viruses, Trojans and malwares would be if you would never connect to the internet. The internet, however is all pervasive – it is source of information, and is also used for work, social networking, games, entertainment, phones, video conferences and for all kinds of activities.

All this is possible only through the World Wide Web. And the web is also used by cyber criminals and hackers to commit financial crimes steal personal data, cause data loss, identity theft and other nefarious activities.

You think you have the latest anti-virus software, a total internet security suite, plus you run an on line scan every once in a while and back up your data religiously and you are safe? With bank accounts hacked, Facebook accounts entered into, the financial aspects of cyber crime alone runs into millions of dollars. And all this is done because cyber criminals are one step ahead.

Internet Explorer 8 Security Hole

There are many people who have downloaded the new Internet Explorer 8 – it comes in via various Windows updates or as a standalone download. Microsoft has now admitted that there is a serious flaw in system which allows hackers to inject malware into the system and hijack the user’s computer. Rik Ferguson, security analyst at Trendo Micro told the BBC: ‘As vulnerabilities go, this kind is the most serious as it allows remote execution of code.’ 

Unfortunately, there is as yet no security patch available to get rid of this flaw. The only thing you can do is uninstall Internet Explorer 8 and download another browser like Chrome or Firefox (with latest security patches of course).

Trojan Boonana attacks Mac and Windows

Dubbed trojan.osx.boonana.a, this Trojan attacks Apple’s Mac OS X operating system, including the latest version, 10.6 Snow Leopard. As it uses Java, it also attacks Windows users. Boonana spreads through social networking sites like Facebook, Twitter, MySpace etc. However this cannot install stealthily.

Instead it requires the user’s cooperation which it gets by enticing the user to click on a link saying ‘Is this you in this video?’ When the user clicks he or she is prompted for a password and then the Trojan installs on the computer. The Trojan sends system information including personal details and also spreads itself by sending spam messages to others on friends’ lists.

If you are ever prompted for a password, do not give it and the Trojan will not be installed. However, if you have done so, you may be able to remove it using various software tools available on the internet.

Zeus botnet

The Zeus botnet has the dubious distinction of being called the king of bots. A dangerous Trojan which compromises bank accounts of users, it has been responsible for frauds and bank crimes running into more than $260 million in the very least. The victim gets infected by the virus when he visits web sites which are engineered to attack and infect computers.

Once infected the cyber criminals can siphon data and command the computer, using command and control centers. The attackers look for vulnerable web sites to install their software undetected. It is difficult to get rid of – anti virus software works only about 23 percent of the time. You can download special tools for this virus removal and see whether they work – all don’t.

If you suspect you have been infected, look for file names ending with NTOS.EXE, LD08.EXE, LD12.EXE, PP06.EXE, PP08.EXE, LDnn.EXE and PPnn.EXE etc, so search your PCs for files with names like this. In addition this Trojan now injects itself into ctfmon.exe, explorer.exe, rdpclip.exe, taskeng.exe, taskhost.exe and wscntfy.exe. The Zeus Trojan will typically be between 40KBytes and 150K bytes in size. You can look for a folder named WSNPOEM, which is also a common sign of infection for the Zeus Trojan. You can try to delete the files manually. If that does not work, the only option is to format your hard disk.

Stuxnet

This internet worm is thought to be engineered by a government. It infects computers which are not on a network via USB sticks. It infects Windows computers and looks for Programmable Logic Controller (PLC) made by Siemens, which comes with default passwords. If it finds this, it changes bits of data for specific purposes.

However this dangerous worm is used to compromise cyber security of countries. It has already damaged 1000 centrifuges in Iraq’s nuclear facility. Future Stuxnet variants can exploit physical infrastructure projects such as power grid controls or electronic voting systems, according to Paul Wood, of Symantec Hosted Services. However, this threat can be removed by some anti-virus programs, though there is no ‘vaccine’ available to protect against it. It is also important to scan flash drives completely when using them via USB.

Taobatuo malware

Many people use the internet to download free movies, shows, porn and music. A lot of sites which offer you free downloads are also a via media for various kinds of infections. A site in China offers free download of the latest pirated movies. When you download these, you are prompted to install a file to view the media and then you also get infected by keyloggers and downloader payloads, Apache server software and phishing Trojans.

The malware targets web pages that you may visit that are used as the payment pages on some shopping web sites, using a complicated regular expression rule to determine which IIS pages to monitor. It turns infected computers into web servers for financial gain.

Your anti-virus, if it offers protection against malware, may be able to detect and delete the files, otherwise you will have to check for special removal tools.

Among other viruses and threats to look out for are

For the coming year the threats are going to multiply

As different operating systems come into use, the viruses, Trojans, malware, rootkits and worms will also proliferate and get more sophisticated. It is expected that various threats will get together and combine thus increasing their ability to attack computers and networks.

Threats to look out for include:

Cloud computing is on the increase and the cloud computing servers will at greater risk of security threats.

Threats to physical equipment like utilities, power and water supplies, healthcare, defense equipments and other connected networks will be on the increase. It will be increasingly difficult to ward off such attacks because of various laws and regulations which prove an obstacle for government and official bodies.

Mobile devices like smartphones or phones which also connect to the internet and use operating systems will also be targeted by cyber criminals. All networked devices become open to vulnerabilities. These include hitherto difficult to reach Apple devices.

Social networking sites are already on the radar of cyber criminals whether it for financial fraud, advertising, data mining or installation of infectious software. These threats are going to increase, particularly for gaining sensitive financial information.

Other attacks like script-based attacks, blended email campaigns, and SEO poisoning will proliferate.

What you can do

Install sophisticated total internet security suites which you have to pay for – most free ones do not do as good a job, though paid ones often do slow the system.

Run anti-spy ware which has got top reviews not only at commercial sites, but also user blogs.

Use firewalls.

Disable automatic installers and updates.

When using wi-fi networks make sure you are password protected. If you are using an unsecured wi-fi connection, make sure you do not do any sensitive work like banking or share trading at cafes, malls and other wi-fi zones, unless you are certain of their security.

Avoid clicking on ads which try to lure you or emails which do not come from trusted sources and come with attachments.

Keep all security updated.

Run online virus/spyware scans frequently part from the regular software on your computer.

Keep a check on disk space on a regular basis – spy softwares and infections take up space.

Don’t store passwords and other sensitive information on the computer.

Never enable ‘save password’ option on your browser.

Be extremely careful when using internet banking, entering credit card details while doing online shopping or investment transaction or money transfers. Check for the lock sign on the browser and https for security.

Always back up your data and store program disks safely in case you have to format your hard drive to get rid of threats.

Avoid going to porn and other ‘free’ sites.

No matter what you do, there is always a risk that your computer can get infected. You have to weigh the risks with the benefits. ‘The main problem we have in defending against online attack is that the attackers have the upper hand,’ says Mikko H Hyppönen, chief research officer at computer security provider F-Secure Corporation.

‘When they are creating their attacks, hackers can analyze how protection systems – firewalls, antiviruses – work, then work around them. They have unlimited time to do this. But the defenders have to be able to find the attack and build a defense very quickly. It’s not a fair fight between the virus writers and virus fighters. The situation has been bad enough when we’ve been fighting just the online criminals who are after money. Now stakes are changed as we’re seeing clear attacks launched by nation states.’

Armatix, a German firm, has introduced a new gun with an electronic safety. It is wirelessly connected to a custom wrist watch and unless the gun is near the watch, it will not fire. It is only when the watch sends a signal to the gun giving it a real ‘green’ LED light to fire.

At €7,000 this piece is expensive. As a safety mechanism and a hi-tech one at that, the watch seems to be a great idea. There are both pros and cons to this kind of gun. One of the pros is that if you are keeping it at home, nobody can accidentally use it without the watch. Another one is that if a criminal (or anyone) is trying to wrest it from you and is successful, he still cannot fire it. So the wristwatch makes it a smart gun.

However, suppose you keep the gun at hand, but do not wear the wristwatch constantly, you cannot fire it. Of course, an intruder or criminal may not know that and may get intimidated all the same. Or if you change the gun to the other hand, again you will not be able to fire it. If you are not at home and your wife wants to use it, again she will not be able to without the watch.

If you do have a break-in, you need to be able to access a usable gun immediately, without having to put on a watch. If you are a law enforcement officer, and you get injured in the gun holding hand, you will not be able to fire the gun with the other hand either, and nobody else will be able to use it – say a partner who either does not have a gun or has run out of bullets. And what happens if the phone’s battery dies out? Again the gun becomes unusable.

A can of Heinz baked beans is a common enough item to be found in most kitchens, whether it is that of a single person or a family. As such, nobody would think twice when spotting it anywhere in the kitchen. That is the premise on which this device works.

It is so innocuous that it is virtually invisible – nothing like hiding something in plain sight, after all. If you want to put something which will fit into this can you can do so, whether it is money, keys or other valuables. However, just make sure that the can does not feel too light or too heavy, and does not make a noise when shaken, in case somebody does decide to check on the cans. But of course, the idea is that no one will check on it in the first place because it resembles a real life beans can.

The bottom of the can unscrews to reveal the hidden compartment. Screw it back on and it goes back to being an ordinary can again. Just make sure that no family member thinks of opening it when the person is hungry! Product details

Business organisations take a lot of precaution to ensure security of their premises, in particular this holds very true for any organisation where the safeguarding of data and information is vital to its operations because of high value of intellectual property.

Spycatcheronline has a service that provides an extensive and thorough sweep of any premise carried out by qualified surveillance technicians that includes detecting for any hidden devices such as listening devices, cameras, inspection of wirings, telecommunication systems, etc upon which a detailed report will be provided that can be used a guide to upgrade security, if required.

Of course, carrying out a one-off counter surveillance sweep may not seem very efficient on first thought as threats are ever present, but these sweeps are very comprehensive and designed to report on possible shortcomings interms of current defence the organistaion has in place because there can be leakages even when firms have strong security in place, so it will recommend devices that might be used to increase security of the premise further. Of course these types of comprehensive sweeps can also be carried out at random periodically to ensure consistency.

Cars being broken into or even stolen is not that uncommon, especially in areas where its more prone to happen such as rough neighbourhoods, but it can happen anywhere. And often there seems to be precious little that you can do about it. This fingerprint car security system makes your car as secure as it possibly can be, with only people whose fingerprints are on the system allowed access to the car.

So you need the fingerprints and the car keys to even start the car – and if a thief gets hold of your car keys the car still won’t start. This makes it doubly secure. If you install a GSM sim card into the unit, it will even send you a text message letting you know if anybody has knocked your car or forcibly tried to enter or break into it.

This fingerprint ID security system has another built in feature – you can send text commands from your mobile phone to able or disable certain features as the needs arises. For instance if the car needs any repair you can disable the fingerprint scanner system, so that he can work on it without need to access the security system at all.

In case of an emergency you can even disable or enable the security system. In case somebody tries to break into the car, it will sound a loud alarm. But of course if somebody is holding a gun to your head, there is precious little you will be able to do!

The product does seem to have some complex functions (in a good way) and very useful features for a very reasonable price of around £135.

One problem with this might be what if the system fails to recognise the driver’s own fingerprint as it sometimes happens with fingerprint authentication?

Also, a determined thief might be able to get round it by breaking the system. But in any case there will be an alarm as well as a text sent to you if there is any forceful contact made on the car.

What is a phishing email?

A phishing email is an email which lands in your inbox and asks for sensitive personal data like bank account details, user names, passwords and other security information which the phisher can then use to steal your identity or your money. The email may purportedly come from banks, financial institutions or even friends whose addresses and identities have been mined from data mining sources or even your email address book.

Occasionally these emails may come from social networking sites which are a great source of information for various purposes, often nefarious or may come from supposedly trusted websites like Microsoft, eBay, Paypal or others, though it is not the web site which is sending the emails.

Here you can see screenshots of how a fake email but purported to be from Paypal may read and then there are screenshots of a fake Paypal login page and credit card detail form.

How does it work?

Very often the phishing email tells you to click on a link which will take you to a website which looks exactly like that of your bank or other website and enter data. The email will have already lured you by saying that data has been lost, corrupted or you just need to verify the data to prevent unauthorized transactions from taking place. And they may use pressure tactics saying that your account will be closed if you don’t do this.

Sometimes the email will ask you to phone a free number, which will be a free hotline number – beware it will be fake – and will ask you information orally.

While often the emails look extremely professional with the right logos and all that, sometimes the actual wording will be in improper or bad English with spelling and grammar mistakes. These are easier to spot.

What you should do to secure yourself

If you do receive an email from your bank, the best thing would be to call them up and ask them if they are actually asking for any such information because they almost never will. If you have secure anti virus software then you may go directly (by typing in the bank’s website address) and check with them through email. Never, never click on the link which is provided in the phishing email. At best you could be the victim of a virus attack at the worst, your identity will be stolen and your monies, too.

There are settings in most email providers which allow emails only from safe sources, do not allow mail to be sent as if it is coming from you and tell you if the mail may have a virus – that is if your anti-virus does not work. If you use Internet Explorer 8, it has a SmartScreen Filter to help detect unsafe and potentially unsafe Web sites as you browse.

The latest anti-virus software like McCafee, Norton and BitDefender and others all come with anti spyware, malware, anti spam and anti phishing add-ons which will lower your risk of being a victim of email fraud. If you suspect that you have inadvertently given your credit card/bank account details, call up the company immediately and tell them. Report to the appropriate authorities in your part of the world.

Make sure you run updates on Windows regularly as it will identify new forms spyware which it will detect and warn you about when you browse the Internet.

If you think you’ve become a victim you should take action early and as soon as possible. Below are some contact details that you can get in touch with to report violations.

Contact:

In the UK contact www. banksafeonline.org.uk, www.financial-ombudsman.org.uk or phishing@hmrc.gsi.gov.uk or contact your bank or credit card issuer directly.

In the US, contact the Federal Trade Commission (FTC) to report the situation, whether online or by telephone toll-free at 1-877-ID THEFT (877-438-4338) or TDD at 202-326-2502. If you are a victim of credit card fraud contact:
TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374- 0241
Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013

https://www.paypal.com/helpcenter/main.jsp;jsessionid=0JyNK4tXr9CGtL10Gk06kqhpB2t5pXBhyHfk6KlvYcpvp1yxc5Tp!2015389319?locale=en_GB&_dyncharset=UTF-8&countrycode=US&cmd=_help&serverInstance=9016&t=solutionTab&ft=searchTab&ps=solutionPanels&solutionId=17210&isSrch=Yes
http://www.justice.gov/criminal/fraud/websites/idtheft.html#whatifvictim
http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
http://www.bankofscotland-international.com/security/phishing.asp
http://news.bbc.co.uk/2/hi/technology/4879468.stm
http://www.direct.gov.uk/en/MoneyTaxAndBenefits/Taxes/ContactOrDealWithHMRC/DG_10014956

With all kinds of crime on the increase, including white collar crime, and criminals using sophisticated technology to their advantage, new security systems are also put in use. There are already systems which use biometric fingerprints and even retina reading systems so that unauthorized personnel cannot break in any way.

Aditech has launched high security biometric face recognition systems which can be used as a business solution for small and large businesses. For instance it has the JustLook Time Attendance system which actually captures and matches the faces of employees and tracks the times they are in and out and also calculates the payrolls on a daily, weekly or monthly basis. Using this eliminates the possibility of other employees punching in for those who goof off.

Additionally, it has the JustAccess system which is used for high security zones and areas which require total security. Images are recorded and can be monitored in real time. It eliminates the need for cleared employees to carry cards or keys.

It also has the JustLook Visitor management system which will record all first time visitors, print out an ID card and keep records if he is cleared to visit so that next time there is no problem. It can also keep records and has the facility to black list visitors, too.

Any and all these systems can be customised to business needs. A biometric face recognition system provides an extra layer of security, very important for sensitive businesses.

However, there is always a possibility of false negatives or even false positives, especially if a person changes his physical features or the photos in the system are old or taken in poor light. The camera can always be fooled one way or the other.

Even governments are getting into the act by installing face recognition systems at airports, in an effort to catch terrorists. Some experts say face recognition is perhaps the most promising biometric technique for overcrowded airports because it relies on distant cameras to identify people–not finger scanners or other devices requiring people to click, touch or stand in a particular position.

Takeo Kanade, a professor of computer science and robotics at Carnegie Mellon University, holds that if the picture is taken from the side, if the person has an animated expression, or even if a person is wearing sunglasses, all can make recognition more difficult.

While this may be true of large public places like airports, in the private sector, in a company or organization where there are only a certain number of people, the system is bound to be more effective, particularly if the kinks, if any, are ironed out.

The HitchSafe Key Vault is a great place to keep keys, credit cards or even some extra cash, particularly when you take part in outdoor sports. If you like jogging, hiking, surfing or other water sports, you can use this and know that your valuables are safe.

Now you can leave your vehicle safe and secure as it attaches into the 2″ receiver hitch of most trucks, SUVs, and vans. When you return, you just remove the cover, enter your four digit combination security number and open the little safe to retrieve your valuables.

It looks like a regular hitch cover, designed to fool any lurking car thieves, and it attaches to a solid steel hitch receiver with two interlocking bolts and retaining bars made of hardened steel with a rust-resistant coating. The Hitch Safe installs in less than 3 minutes and requires no tools. It is made of solid metal which is rust proof besides being water tight.

Looking at the customer reviews on the product page on Amazon, it appears most customers are pleased with the product and have given it a positive customer feedback and high rating due to safety and the covert nature of the vault.

However, one of the negative comments has been that the compartment may leak water when it rains so the key might be prone to rust if left in there during the wet season.

This product is available from Amazon.

A new scanner is in use at Manchester airport, working much like Superman’s X-ray vision to see through clothes and all outerwear. It actually reveals whether a person has breast augmentation, any piercings in any part of the body and even an extremely clear outline of the person’s genitals.

Even though this kind of scanner was in use at Heathrow airport on a trial basis, people in the main are aghast at this kind of invasion of privacy. The ‘naked’ pictures are supposed to be destroyed immediately, will be viewed by only one person somewhere far away, so both parties are not embarrassed and people can refuse to be scanned and will be patted down as usual.

There is also the question of electromagnetic radiation, though these scanners are supposed to be extremely safe, they do project virtually a 3 D image. However, as an added security measure they will detect all kinds of weapons and explosive a person may have hidden on their bodies, supposedly to escape surveillance.

Apart from protecting the general public from possible terrorist or hijacking attacks, these machines will also speed up the queues at the airports as people will not have to be manually checked.

Judging by the reader response on the BBC article, it appears most people are horrified of the idea despite the fact that something like this could boost airport security greatly.

Via: BBC

In the old days valuables were commonly stored under the mattress (or even in a container buried in the earth). The idea was that if you were sleeping on something, nobody could get at it. However, times have changed and now people use safes to keep their valuables, whether money, documents, jewellery or other precious items.

These days beds often come with storage space because otherwise the space under the bed actually is wasted space, particularly in areas where land prices are high, rooms are small and space should not be wasted. However, it tends to be for clothes or somewhere to store away things that are rarely needed.

But now somebody got the bright idea and combined the two to make storage beds with foolproof storage. The storage safe space replaces the box springs and is made of heavy duty materials, fire resistant as well. It comes in different sizes and depths to fit most beds.

Though this safe comes with a sophisticated Mul-T-Lock locking system, you can ask for special interactive locks. The top lifts up through an easy to use hydraulic gas-assist piston, and a strategically mounted maximum security hinge system carefully integrated for maximum strength and safe operation. These BedBunkers are guaranteed for life.

It’s a pretty neat idea as bed bunker is not an area someone would immediately think of as a storage space for valuables, so it can be a good way to fool potential thieves.