Alpha Technical Solutions

Archive for the ‘Security’ Category

Image by originalrobart via Flickr

Back in January we reported on the existence of a phony tech support scam. You can read that blog entry here.

According to Security Tips Talk on MSDN Blogs this problem is still continuing. You can read their entry on the subject here.

They have some useful tips on avoiding these scams and also a list of known scams that use Microsoft’s names – so it might be a good a idea if you take a look these to help keep yourself informed on this subject.

We also have some advice on beating scams here.

In the early days of WiFi there were a great many open (unencrypted and unprotected) WiFi points. There was some geek kudos to finding and using these. These days open WiFi spots are getting fewer and rarer as most router manufacturers implement out of the box security and more and more companies make sure that their wireless networks are protected. However it is still possible to find a open WiFi.

My suggestion to you is to be very careful when doing so. Open WiFi and free Internet access is nice and tempting but can be quite dangerous. I’ve found a short news video that briefly explains the dangers. Take two minutes to watch it and consider the dangers next time you are tempted to grab some WiFi.

Over the last few weeks much has been said regarding the safety of Microsoft’s Internet Explorer Web Browser, things got so heated that the governments of France and Germany recommended that you no longer use Internet Explorer and Microsoft itself rushed out a unscheduled security patch to help alleviate the situation. This has led to a lot of recommendations regarding browser security, and this can be boiled down in the simplest and most general terms to do not use Internet Explorer 6, and remember that Internet Explorer 8 is the better option.

Many people say do not use Internet Explorer.

You could do that. In fact I personally favour the Firefox and Chrome Browsers.

However if you stop using Internet Explorer you may actually not be stopping using Internet Explorer. Allow me to explain.

Microsoft uses Internet Explorer throughout Windows and the Office range of products. For example you will find that Outlook uses Internet Explorer to display emails. This means that if you display an email that contains a payload (such as some malware or a link to a web site containing malware) then you will be as exposed to the same risk as someone using Internet Explorer. A lot of people use the preview pane in Outlook to quickly look at whichever item of email you are pointing at. That is very convenient. It is however very easy to look at an email that you should not, and that can cause you big problems. So what to do about it?

My tip here is a very simple one. Turn off the preview pane and look at the senders name on every email you open and check the subject line on every email you open. You should then only open emails that look like things you should be opening. If the email is not opened, the security flaws in Internet Explorer cannot be accessed and you are in a safer position.

So turn off the preview pane, and think about what which emails you are opening. You will be safer.

I’m taking a bit of inspiration here from last weeks security alert.

Let’s recap on the nature on this scam.

• Someone from claiming to be from Microsoft calls you

• They claim there is a security issue with your computer

• They talk you through “fixing the computer”, though actually they are invalidating security and exposing you to a web site full of hungry malware.

• They take your credit card number and money vanishes from your account.

This is classic approach that preys entirely on the victims ignorance and fear.

It opens up the question how do you gain the savvy to avoid being a victim to this kind of attack.

The answer is a fairly simple – you do it keeping a clear and thoughtful head applying these rules

• Any unexpected telephone call that makes you feel fear or concern has a good chance of being some one trying to manipulate you. Put down the phone and try to verify their claims. Do not blindly believe them.

• No large computer corporation ever calls customers to fix problems ad-hoc. It doesn’t happen as there are better solutions to the problem for them. Again put down the phone this is not real.

• A company you know calls you and asks for access to your computer. Possibly real but unless they can prove who they are put the phone down.

Scams are all about convincing you to do something. Remember this – a computer criminal attacks computers. A good computer criminal goes after people. Psychology is a powerful weapon and it is horribly easy to get you to do something that is not in your best interest. After all why hack a computer if you can get someone else to do all the work for you? 

These days every company and web service has an opinion on what makes a good password. The general consensus is that the more complex the password the lower the chances are that someone will be able to crack it. Providing of course that the password is not stolen by clever social engineering or a nasty piece of malware.

Web darling of 2009 Twitter has gone a step further – it’s done some research and created a list of 370 passwords that it will not allow users of it’s service to use. The list was published in Techcrunch over the holiday period. I’ve taken a look at it and have to say that this list makes a lot of sense, it really does contain some very bad passwords. Worse now that the list has been published.

Make sure that you never use a password that is on the list.

I have had a disturbing call from an old friend of my parents who have been hit by a scam.

The scam goes like this, a person claiming to be from Microsoft calls and claims there is a security issue with your PC and asks you to do a few things at the command prompt then transfers you to a technician who asks for credit card details, that is when he put the phone down, however they have screwed up his PC and I am about to go out to fix it, it appears they target older members of the public praying on their ignorance.

Please pass this on
.