Saturday, May 10, 2014

BUT, I DON'T GO TO THOSE TYPE OF WEBSITES...

AND I DON'T OPEN THOSE KIND OF EMAILS...







The question: "What two things do I hear on most virus-cleaning service calls?"

I'll address emails first. While almost everyone has a SPAM filter these days, many "Phishy" emails still find their way into your In-Box, including fake emails that seem to come from your bank, your credit card company, or your friends. 

"When a message is displayed in the preview pane it's just as if you double-clicked the email..."

If you use an email client like Outlook, more-than-likely you have the reader view pane "on" [ed. - it's the window below or to the right-side of your email list that shows you a preview of an email message]. When a message is displayed in the preview pane it's just as if you double-clicked the email and opened it, so if there is any hidden malicious code within the email - you've activated it. The fix is easy: don't use the preview pane. This was a known security risk within Outlook for years, then they patched it - but the patch didn't fix it.



"you may wonder why users get infected by already known/patched security holes - the answer is simple, many users don't bother to patch them..."





Regarding going to "those type of websites", there are no safe zones any longer. You don't have to visit a hacker or Porn website to get infected, it can easily come from a recipe website, a search results page, or a major website, like a big news webpage.

The people that write malicious code that infect your computer aren't doing it just for the fun of it - It's their livelihood. They make a lot of money stealing credit/debit card information along with a users identity, all which are bought-sold-traded on nefarious servers around the world. Because they make a lot of money doing this it's no big deal to buy advertising space on Google, or a major news website, and plant malicious code that will infect known bugs in JAVA and Adobe FLASH. 

While there are "Zero-day" exploits [meaning a hole in JAVA, FLASH or Windows is being exploited before anyone admits to knowing about it], you may wonder why users get infected by already known/patched security holes - the answer is simple, many users don't bother to patch them...

BACK-IN-THE-SADDLE

I've been away for a week, taking some time off. Needless to say I wasn't without a computer and did look for anything new and terrible to put on this Blog while sitting in our hotel room - I just happened to pick a slow week [ed. - and there's nothing wrong with a slow week in security breaches, 'Nuff Said], so the only thing I have to mention is about the HEARTBLEED security flaw in open SSL: Don't let your guard down.





I read an article yesterday where a security firm confirmed that at a minimum, there are still over 350,000 un-patched servers still found on the Internet. They don't know what sort of servers they are, or what country they reside in, but it's safe to say you aren't completely safe from HEARTBLEED

If you do a search for "Heartbleed browser add-ons" you should be able to find a secure place like pcmag.com, pcworld.com, or cnet.com to find this download. I have one in my Firefox browser which rates every website I visit.

And that's the end of this post folks! Surf the web safely...

'Nuff Said,
Brian

No comments:

Post a Comment