Pages

Saturday, June 25, 2011

Social Networking and Security Risks



WHAT ARE SOCIAL NETWORKING WEBSITES ?

Social networking websites function like an online community of internet users. Depending on the website in question, many of these online community members share common interests in hobbies, religion, or politics. Once you are granted access to a social networking website you can begin to socialize. This socialization may include reading the profile pages of other members and possibly even contacting them.

There are a variety of people in these websites whom we don't know..Online meeting is not enough to understand and study a people if he a right guy to do friendship with..There is always a risk of Blackmailing,Malware Spreading,Identity Theft etc..


Generally peoples who are aware of the risks and dangers of Social Networking can take his way out of these crimes done via Social Networking and the Peoples not aware about this will surely be a prey...


There is a maximum of Social Engineering used by the Hackers in these crimes


=============================================================================
DANGERS/RISKS OF SOCIAL NETWORKING.


Facebook

Events and Questions

You must be knowing about the famous scam that was on Facebook some days before "View Who Viewed your Profile" . I remember i got more than 20 invites for that event..These events can be used by the hackers as a source through which they can use their social engineering skills on you.You cannot even know they are hackers and using their skills on you ... The new Facebook feature "Questions" will even help them

Now lets take a Example

You are invited to a Event called "About me" or A friend asked you through the Question feature..

They will include some questions because the topic itself tell About Me

1. What was my most embarrassing moment?
2. Which City you were born ?
3. What was the name of my first elementary school?
4. What was my favorite pet’s name?
5- What is your father's name


These question are not harmful to answer in a general conversation with your friends or relatives.But if you look at the questions carefully they are security questions asked in the SOCIAL NETWORKING SITES. Using this sensitive information to the secret questions they can access your account and you will be ruined.



Facebook Applications


Applications Facebook offers thousands of applications that its users can install and run. These applications include calendars that allow Friends to be reminded when it’s your birthday, tools to send Friends online greeting cards, quizzes on myriad topics and much more.





These Applications look totally harmless but in some cases it is not they are used by hackers to deliver malicious contents to your computer This holds true not only to Facebook, but also to other social networking sites and to the Internet in general, when downloading from the Web or opening attachments in email messages. Therefore, make certain that your computer has a proper and functional firewall, as well as up-to-date antivirus/anti-malware software, and only install or run these applications if they are from a trusted source or approved by your corporate IT department. We call them JAVA APPLETS or JAVA DRIVE-BY


TWITTER
Twitter is an online application that allows you to post brief comments (tweets) on any topic. Other users on the Twitter network can become a follower of your tweets, such that they receive the updates whenever you send them. Twitter Twitter is used for professional purpose so the risks here differs from Facebook.Generally Twitter is used by the celebrities,Companies they tweet their updates every time.Some body told me some one tweeted his twitter when the Osama kill mission started.

The employes may even tweet something that may be harmful for their company.The companies should keep a eye on the employes tweets or the tweets may be harmful for their future.


FRAUDS and HOAXES
weather it is Facebook or Twitter the online banking or day-to-day purchases, be aware of emails that claim to be from these sites but are actually hoaxes and may contain malicious content. If have received numerous emails that seems to be from bank, yet are actually sent by a spammer in the hopes of obtaining the online username and password.

The messages may even contain an attached ZIP file that recipients are asked to open to see who invited them. The attachment will contain some Trojans and Malwares which can cause damage to your computer giving your sensitive information to the hacker

URL SHORTENING

Another form of hoax involves the shortening, of URLs in email messages or on websites such as our favorites: Facebook, Twitter.Often times, the links that we want to post can get very long, making them unwieldy or impossible to type in the small space allotted by the network sites. To get around this, third-party services such as http://tinyurl.com/ or http://bit.ly/ willencodethe URL into a much shorter version.example - http://www.facebook.com/sauravhacker will turn into http://adf.ly/1PnMZ

Although the benefit of URL shortening is obvious, there is also a security risk associated with it, in that the shortened URL really does not tell you the true destination of the link. You only find out once you get there, which may be too late if that site happens to contains drive-by malware or content which should not be viewed bysensitiveeyes. Therefore, make certain that you click on shortened URLs only if you trust the sender. Never click on them if they are contained in spam messages or on sites that you have any reason to consider suspicious.

You can use any longurl service also to long the shortened url.

PROTECTION

Use Different Passwords, Change Them Often: Each of your social networking sites as well as all other important websites should have different, complex password assigned to them, and they should be changed regularly. Since people often use the same password on multiple sites, one compromised account could easily lead to compromising other accounts.

Don’t Blindly Give Out Your Credentials: There are a lot of third party web-based services out there that make use of your social networking services. In the past, the only way for this to occur was to give your credentials to these services. This works, so long as these third party services weren’t somehow compromised, or worse, the services were not what they seemed to be.


Keep Your Operating System, Browser Patched: Ensure you have applied all the latest patches from Microsoft, Apple, or whomever supplies your computer’s underlying operating system. Ensure you are using the latest version of your web browser. If you are using Internet Explorerespecially if you are using Internet Explorer version 6, as is standard on Windows XP, try using a third party browser such as Firefox or Google Chrome.

Browser Plugins Can Help: If you are using Firefox, there are plugins that can help expand thoseshortURLs so you can see where it is they will take you. like LongURL

Antivirus: Always use a updated version of antivirus / Anti malware / anti rootkit . The updated version will be having it;s virus database updated which will help you recognizing and deleting those.


Click on links you trust from - Always click on links if you got from a trusted guy because the other links may contain trojans in them or even phishers.


If you are aware about the Social Networking Risks you are secured from the hacker.It is not that i only mentioned about Facebook and Twitter means the risks are only on them. These risks exists in all the social networking sites but the hackers target the most popular which now a days is Facebook and Twitter

Friday, June 10, 2011

Microsoft ships free malware cleaner that boots from CD or USB

In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick.

The tool, currently in beta, is called Microsoft Standalone System Sweeper, and promises to help start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware.

In addition, Microsoft says the System Sweeper utility can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.

The company made it clear that the recovery tool is not a replacement for a full antivirus product.

It is available for both 32-but and 64-bit Windows systems and uses the same antivirus engine as the Microsoft Security Essentials product.

Just last month, the company shipped a free security tool called Microsoft Safety Scanner to offer on-demand scanning to helps remove viruses, spyware, and other malicious software. The safety scanner works with existing antivirus software.

These utilities are a big part in helping Microsoft to cut down on support costs stemming from malware infections.

Android becomes second most popular malware haven in Q1


The first quarter was the most active in malware history and mobile attacks are moving to the forefront, according to McAfee data. Android attacks are also picking up.

McAfee’s first quarter threat report noted that attacks surged in the first quarter, but spam has fallen. In fact, there were 6 million unique malware samples in the first quarter, the highest ever for the first three months of the year. February had the most new malware samples—2.75 million.

Fake anti-virus software—think Mac Defender—reached its highest levels in march with

350,000 unique samples.

As for emerging threats, McAfee noted that Android devices are becoming malware havens. Android was the second most popular environment for mobile malware behind Symbian in the first quarter. Historically, Android remains No. 3.



In its report, McAfee said:

McAfee Labs combats several developing families of malware that attack Android phones. One of the families, Android/DrdDream, comprises a variety of legitimate games and apps that have been injected with malicious code. These threats are unique and quite dangerous due to the use of two root exploits to gain greater control of those phones. The two exploits—Exploit/LVedu and Exploit/DiutesEx—were initially used by users trying to gain legitimate root access to their own devices, a process commonly referred to as rooting.1 In the PC world, malware often uses exploits to enable drive-by downloads that infect machines visiting specially designed or compromised websites. For mobile devices, much of the malware has required user interaction, but in the near future mobile exploits will certainly allow automatic malware installation. Like Android/DrdDream, the Android/Drad family is made up of maliciously modified applications.

This family sends device information to an attacker-controlled site. Just like in the PC malware world, Android/Drad listens for commands from the attacker. The malware can also download additional software, though it stops short of being a full-fledged mobile botnet. It appears that the malware uses blackhat search-engine optimization techniques, a process of manipulating search engine results to place dangerous sites higher than they should appear in lists of hits.


Tuesday, June 7, 2011

About World IPv6 Day....Future.Today


















Happy IPv6 Dya to all.!!!


On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations that will offer their content over IPv6 for a 24-hour “test flight”. The goal of the Test Flight Day is to motivate organizations across the industry – Internet service providers, hardware makers, operating system vendors and web companies – to prepare their services for IPv6 to ensure a successful transition as IPv4 addresses run out.





The story begins in 1977, when Vint Cerf, the program manager for the ARPA Internet research project (and now one of the driving forces behind Google’s IPv6 efforts), chose a 32-bit address format for an experiment in packet network interconnection. Who would have thought that the experiment would evolve into today’s Internet: a global network connecting billions of people, some using handheld devices faster than the mainframes of the 1970s?

For more than 30 years, 32-bit addresses have served us well, but now the Internet is running out of space. IPv6 is the only long-term solution, but as the chart below shows, it has not yet been widely deployed. With IPv4 addresses expected to run out in 2011, only 0.2% of Internet users have native IPv6 connectivity:

Test your IPv6 Connectivity


Want to find out your IPv6 readiness? Use this test.






Asbestos Cancer Asbestos Cancer