PC – SOS

An Internet Security Blog

Archive for August, 2010

Africa is the safest continent for web surfing

Posted by Bob Zenith on August 29, 2010

According to a study by AVG, the safest countries for web access are Sierra Leone and Niger (1 in 692, and 1 in 442 web users attacked with malware, respectively). This is probably due to the low level of Internet users in Sierra Leone and Niger.

Interestingly, Turkey, Russia, Armenia and Azerbaijan have the highest rates of virus and malware attacks; The U.S. ranked ninth with one in every 48 Web surfers at risk, while the U.K. was 30th with a rate of one in every 63.

You can read more here

Posted in Misc. | Tagged: , , , , , , , | Leave a Comment »

Browser Wars: Where is Opera mentioned?

Posted by Bob Zenith on August 24, 2010

New innovations of major browsers (IE 9, Firefox 4, Chrome, etc.) have been dubbed “Browser Wars”. If you’ve been following all these articles and new developments, one thing you might have noticed: where is Opera mentioned? – Example 1Example 2

Sure, it isn’t the most popular browser, but it has some pretty cool features that are just as good, if not better than the major browsers.

Security: Opera holds just 2.45% of the browser market – who would write a malicious code for it? Because of its low market share it is safer than all the other major browsers.
Opera allows you to block pop-ups and specific content and Javascript (similar to NoScript, for Firefox).

Speed: Opera has a neat feature known as the “Speed Dial“. Whenever you create a new tap, a nice 9 box page comes up, with your favorite (customizable) sites on it. I’m not sure about you, but when I surf the net I go to the same 5 sites very often, and this is a neat way to go there quickly.

Customizable User Interface: The thing I like most about Opera is that anything and everything can be changed, shifted, or taken away, to fit your specific needs.

There are also a bunch of add-ons (widgets) for Opera. Of course, not as many as Firefox or IE, but with time, Opera’s widget library will grow.

So, try it out – you won’t regret it.

Posted in Browsers | Tagged: , | 1 Comment »

Facebook Privacy Concerns: Will they ever end?

Posted by Bob Zenith on August 19, 2010

Well, can you guess? Wednesday evening Facebook announced a new feature called “Places”. In a nutshell, this allows you to “Check-in” to your Facebook account (through a mobile device) and let all of your friends know where you are.
My first thought when I heard this was: “Huh? When would someone even use this?” Am I the only one that thinks this is somewhat useless? Normally, my day is pretty boring. For the most part, I do the same thing everyday, school, shopping, watching tv, surfing the net, etc. Why would I tell someone where I am? But, I suppose some people would use this, and it issues some concerns:

“People, use common sense. Foursquare and geolocation applications only increase the chance of violent crimes and theft,” wrote a commenter on CNN.com. “If I announce online that I am on vacation, I’m pretty sure that leaves my house vulnerable.”

A user on Facebook’s blog wrote, “I’m upset that this was enabled by default — especially for people who are victims of stalking and harassment, it could be potentially dangerous if their location was broadcast to the world. Please change it so that this feature (especially the ability of your friends to indicate your location) is turned off.”

More information here

Posted in Facebook | Tagged: , , | 1 Comment »

Cookies page updated

Posted by Bob Zenith on August 18, 2010

My most important goal of this blog is to be transparent about users’ privacy, which is why I have created both a privacy policy and a separate page dedicated to cookies, web bugs, and LSOs.

Recently, I have updated the Cookies page, adjusting formatting and grammar, as well as adding more information relevant to web bugs and cookies; this includes linking to web bugs’ privacy policies and opt-out links (when applicable).

If you have any ideas on how the privacy policy or cookie page can be developed further, please feel free to contact me.
Example: I don’t use Safari, so I don’t know how to disable / control cookies; if anyone uses it, the information would be greatly appreciated.

Note: some of you meticulous visitors may have noticed the “Site Meter” badge on the right sidebar. I have not included this in the blog’s privacy policy, as I am still testing its capabilities, and I’m not sure if I will keep it. If I do decide to keep it, I will add it to the Privacy Policy.
(If anyone is curious, you can view the blog’s Site Meter stats)

Posted in Site Updates | Tagged: , , , | 2 Comments »

Passwords are getting easier to crack

Posted by Bob Zenith on August 16, 2010

New research shows that passwords that are 8 digits or less are inadequate and very easy to crack; a 12-digit password is the new minimum.

“Eight-character passwords are inadequate now … If eight characters is all you use, and if you restrict your characters to only alphabetic letters, it can be cracked in minutes,” said Richard Boyd, a senior researcher at GTRI.

Unfortunately, even a password of 12 random characters may soon become too weak to provide adequate protection. Computers will soon reach the power needed to crack 12 character random passwords, and certain kinds of computer viruses that monitors data directly from the keyboard can break a password of any size and complexity.

“If you have a Trojan that records keystrokes, you’re screwed,” Davis said.
Not if you use KeyScrambler Personal (add-on for Firefox). It will provide an additional layer of protection.

Each passing day, month, and year provides more powerful software to hackers. It used to be that a 6 digit password is adequate. Now, 8 digits are inadequate, and 12 is recommended. Within a year or too, even 12 digit passwords will need to be lengthened. Here’s a guide to making a strong password:
1. Think of a sentence that you live by or agree with. It can be anything from “My favorite video game is Halo 3” to “Internet security grows more complex every day” – as long as it is 6+ words and you remember it, you can use it.
2. Take the first letter from each of the words in the sentence (for this purpose, I will use the sentence “My favorite video game is Halo 3”): MFVGIH3
3. Vary each of the letters from upper to lower case: MfVgIh3
4. Change any letters that look like numbers to numbers (e.g. “I” looks like “1” ): MfVg1h3
5. Add 2 asterisks before and after your password, and enter / close it with a symbol of your choice (perhaps “[” and “]” ): **[MfVg1h3]**
6. You’re done – your password now has at least 13 seemingly random characters, but you should be able to remember it easily due to your sentence!
*Note: the longer your original sentence, the more characters the password will be, therefore the more difficult it will be to crack*

Posted in Uncategorized | Tagged: , | 1 Comment »

The “Zeus” Botnet / Trojan

Posted by Bob Zenith on August 10, 2010

The “Zeus” Botnet / Trojan Horse (Also called “Zbot”) has been making a lot of new recently, and none of it is good.

Just some background, first:

A “Zeus” or “Zbot” is a type of Trojan Horse and Botnet that steals personal information by using a technique called Keystroke Logging, similar to a Keylogger. It was first identified in July 2007 when it was being used to steal information from the U.S. Department of Transportation.

Since then, the use of the Zeus Trojan has exploded – mostly due to the availability of malicious toolkits. Recently, Zeus has been making headlines in the U.K. by secretly compromising thousands of computers and transferring $1 million dollars from bank accounts.

The scary thing about a Zeus is that once it gets on your computer (usually by clicking a phishing link or a scripting exploit), it can even get the information you type on a secured network with encryption (like SSL). A Zeus can do this by grabbing the information right before it is encrypted, or right after it is decrypted.

Worse, up-to-date anti virus software rarely detect Zeus trojans (about 23% of the time), let alone remove them completely.

So… How do you protect yourself?
Well, here are some obvious answers:
* Keep your anti-virus up-to-date. Even though anti-viruses rarely catch Zeus trojans, letting them fall behind in their definitions will not help.
* Beware of phishing or other malicious links / scripts. Beware of the links with WOT, beware of the scripts with NoScript

Here’s some answers for tech-savy users:
* A Zeus trojan will commonly use names like NTOS.EXE, LD08.EXE, LD12.EXE, PP06.EXE, PP08.EXE, LDnn.EXE and PPnn.EXE etc, so search your PCs for files with names like this. The Zeus Trojan will typically be between 40KBytes and 150K bytes in size.
* Also look for a folder with the name WSNPOEM, this is also a common sign of infection for the Zeus Trojan.
* Finally, check the Registry looking for RUN keys referencing any of these names.

Here are the places known variants of the Zeus trojan are installed:

Variant 1

* C:\WINDOWS\system32\ntos.exe
* C:\WINDOWS\system32\wsnpoem\audio.dll
* C:\WINDOWS\system32\wsnpoem\video.dll

Variant 2

* C:\WINDOWS\system32\oembios.exe
* C:\WINDOWS\system32\sysproc64\sysproc86.sys
* C:\WINDOWS\system32\sysproc64\sysproc32.sys

Variant 3

* C:\WINDOWS\system32\twext.exe
* C:\WINDOWS\system32\twain_32\local.ds
* C:\WINDOWS\system32\twain_32\user.ds

Variant 4

* C:\WINDOWS\system32\sdra64.exe
* C:\WINDOWS\system32\lowsec\local.ds
* C:\WINDOWS\system32\lowsec\user.ds

For more help removing a Zeus, go here:
http://www.malwarehelp.org/find-and-remove-zeus-zbot-banking-trojan-2009.html

Posted in Uncategorized | 1 Comment »

SocialVibe Widget

Posted by Bob Zenith on August 8, 2010

So, I added a new widget to this blog, it’s called Social Vibe. It’s an optional (and free) way to help the blog earn carbon offsets and raise money to help various charities that are involved with helping the environment. It’s on the left sidebar (close to the bottom).

However, this widget does add 2 web bugs to the blog’s homepage (Google Analytics and Facebook Connect). The amount of normal cookies you get from this blog has not been changed. Don’t forget, you can easily detect and block web bugs with the add-on Ghostery (for Firefox)

I haven’t decided if I’ll keep the widget or not… I’ll wait a couple of days and see. (Feel free to comment with any opinions). However, in the meantime, I’ll update the cookies page and the privacy policy.

Posted in Uncategorized | Leave a Comment »

ShopAtHome.com

Posted by Bob Zenith on August 4, 2010

ShopAtHome.com is a coupon site offering coupons for download. The only way to access those coupons is through downloading a toolbar.

* The toolbar is infested with adware.
* The site is listed in hpHosts.
* The site has a fake McAfee Secure Seal.
* The toolbar’s download is listed as adware by 5 different anti-viruses.

I urge anyone reading this to leave a comment and rating on a reputation service, such as WOT, explaining this scam site.

Edit: there has been an ongoing discussion about this site (shopathome.com) on the WOT Forum. The McAfee Seal is now legitimate and clickable, and thus I have deleted my rating but kept my comment, because the toolbar is still adware. Personally, I hope the site never gets a trust seal, because IMO, it’s not a trustworthy site. So, it’s up to anyone reading this whether or not to rate red or green, or abstain, as I have done.

Edit (2): The above issues have been largely dealt with, and my opinion of the site is no longer poor. (In fact, now I’ve rated the site green)
See here: http://www.mywot.com/en/forum/7196-shopathome-com-wants-you (read the whole topic – especially the end)

Posted in Uncategorized | 4 Comments »

Hushmail

Posted by Bob Zenith on August 3, 2010

Looking for an alternative to Gmail? Well, Hushmail may be for you:
https://www.hushmail.com

Hushmail is a secure web-based mail server. It uses High Grade AES-256 bit encryption to keep the contents of your emails secure. All emails are sent through encryption and scanned for viruses. Also has built-in spam protection.

Hushmail also gives you an option to “digitally sign” your email; this prevents things like email forgery.

However, if you use the email client for illegal purposes, Hushmail will fully comply with the law (of British Columbia) and attempt to give any user information that it can to the authorities; but, this should mean nothing to the average user, because as long as you don’t do anything illegal, you have nothing to be worried about.

So, if you want a email provider with a little more security than Hotmail or Gmail, give Hushmail a try.

Learn More

Posted in Uncategorized | Leave a Comment »

Don’t put all your eggs in one basket…

Posted by Bob Zenith on August 1, 2010

Hopefully you all use an Anti-Virus program, that is a must. However, we all know (or should know) that no matter which program we use, it is not possible to catch every infection, mostly because new malware is made faster than it can be caught.

Therefore, in order to increase your chances of finding that nasty infection, or to decrease your chance of getting an infection, you should run separate Anti-Virus, Anti-Malware, and Anti-Spyware (and possibly an Anti-Keylogger) programs on your computer. (Note: Do not run more than one Anti-Virus program, that will cause issues with your computer). Here’s what I mean:

Use:
Anti Virus (ex: Norton Security Suite) + Anti-Malware (ex: MalwareBytes) + Anti Spyware (ex: SUPERAntiSpyware)

Do Not use:
Anti Virus (ex: Norton Security Suite) + Anti Virus (ex: NOD 32) + Anti Virus (ex: McAfee); they will conflict with one another.

By using multiple programs you’re not putting “all your eggs in one basket”, there by increasing your chance of either finding the nasty piece of malware or preventing your computer from getting it.

Posted in Uncategorized | Tagged: , , | Leave a Comment »