«

»

Nov
30

The Shop ‘Til You Drop Safety Guide

by

Editor’s Dossier

The Shop ‘Til You Drop Safety Guide

Greeting VSNers,

I hope you made it through Black Friday, Small Business Saturday, a relaxing Sunday and a successful Cyber Monday by scooping up bargains and getting a head start on your holiday shopping. This time of the year can be pretty stressful, and the last thing any of us want to add to our long to-do lists is dealing with a stolen credit card number or an infected PC. As always, we are here to give you some pointers on getting through the holiday online shopping season safely and securely. Check out our Shop ‘Til You Drop Safety Guide in Operations.

The Man behind VIPRE
This week I had the privilege of interviewing Mark Patton, the new general manager of GFI Software’s Security Business Unit. Mark has been a key contributor to the growth and success of VIPRE for many years, and he shares his advice for online safety and other interesting insights.

Deb’s Deep Dive
This week, our venerable contributing editor and writer states emphatically “To understand network security, you first have to understand computer networking itself.” Check it out below.

Enjoy the latest issue of VIPRE Security News[JS1]. And remember, stay safe out
there.

Best,

Larry Jaffe
Editor, VIPRE Security News

P.S. You can write to me at any time. I want to know how you feel about Internet
security and if you have any ideas for articles or subjects you would like us to
cover. Email me at feedback@vipresecuritynews.com

The Man behind VIPRE

A VSN Q&A: Mark Patton, General Manager, Security Business Unit, GFI Software

VSN: Please tell us a little bit about your background.

MP: I’m a Midwesterner, growing up in Illinois and Michigan. I spent the early part of my career in aerospace, with two stints at Boeing, separated by a few years at Hercules Aerospace, where I worked on space shuttle rocket boosters (so yes, I was a rocket scientist). Then a few years in telecom, writing software for all kinds of computers. In the late ’90s, I worked for the Diskeeper Corporation on the Microsoft campus, where I wrote the disk defragmenter that was part of Windows 2000. I also worked on the Small Business Server team and the Windows team. I came to Florida in 2002 to join a small software company, where the guys from Sunbelt Software hired us to write I Hate Spam, Server Edition. One year later, I was working for Sunbelt Software. Over the next few years, we had great success with CounterSpy and VIPRE. In 2010 Sunbelt was acquired by GFI where I ran R&D for some of GFI’s products.. I was recently promoted to general manager of GFI’s Security Business Unit.

VSN: Is it a big leap to go from running R&D to running the division of such a large company?

MP: Most definitely. In R&D, your focus is on finding innovative solutions to customer problems. We still do that, but now my view is broader. We have people who are responsible for the long-range strategies, who are deeply involved with our customer base. Then once the products are ready to release, we need to carry that message out into the market through our marketing campaigns, PR activities, etc. Because GFI is a global company, we develop our products in several languages to take to markets in Europe and Asia. We are able to pull this off because of all the talented and dedicated people on the VIPRE team and throughout GFI.

VSN: What is your personal philosophy on running a business?

MP: If I were to boil it all down, we need to give the customer what he or she needs, have a clear strategy that is understood by the entire team, provide the resources they need, make quality a priority and hire only the best people.

VSN: What is your vision for GFI’s security products?

MP: Because of the constant increase of malware and other cyber attacks, we must keep pushing hard every day. We do a great job of keeping ahead of the cybercriminals, but the future will see the introduction of new techniques to keep your systems and data safe. These include the new smartphones and tablets. We are working on technology that will protect these devices too. Our goal is to ensure our customers can use their computing devices—no matter what device that is—safely and securely.

VSN: What would you tell the average user about protecting their computers and families online?

MP: The largest attack surfaces are email and websites. Don’t click on links in your email (or on your Facebook Wall) unless you are sure about the source. Filter out all email from unknown sources. Recent studies report there are 800 million malicious emails sent every day. Be careful when you click on links in the browser. Lock down your Facebook security settings to prevent criminals from gathering your personal information. Cybercriminals use this personal information to create customized, social engineered email attacks that tempt you into clicking on their links or disclosing personal information.
And of course, run VIPRE on all your computers.

Eyes only: Your viewpoint on security issues

Flickr spam

Recently I got two pieces of spam from a plumbing firm that I have done business with only once. What is interesting is their new tactic: they have opened a Flickr account and are using Flickr to send these messages. The only indication in these messages about how to stop future spam from them is a short message from Flickr at the end of one of the two messages saying click here to block future mail from this sender. BUT, when I click it, the first thing I see is a login screen from Flickr. Yes, you got it: in order to block spam sent through Flickr, I have to join Flickr myself! This of course will mean lots more unwanted messages from Flickr.

This is totally unacceptable and surely does not meet the intent of the anti-spam laws. Have you come across this before? I wrote to Flickr but their reply was a 100% canned message and the solution they proposed began: “Log into your Flickr account…” Frustration is not a strong enough word… – ATC

Brighthouse bungles banking info

I pay my Brighthouse cable bills online ……. no problem. They send back a confirmation email which includes my name, bank routing, and account numbers. Not the last few numbers but the complete number. I called them about this and they told me it was safe because they use a secure connection. What is your opinion? Am I being paranoid? I think I will start paying through my bank’s pay bill plan. I think VIPRE is a great product and the weekly security news really makes it the best. – TE

Note: I don’t think you are being paranoid. It’s probably a good idea to use your bank’s secure online bill pay.

Operations: What you need to know

Our Shop ‘Til You Drop Safety Guide

Okay, it’s time to hit the online shopping extravaganza and cash in your hard-earned bucks, pounds, euros, etc. for some real-time shopping. Stay safe out there with these five online shopping tips:

  1. Secure Your PC and Network- Be sure the computer you use has, at a minimum, a firewall, up-to-date antivirus software and the latest version of whichever web browser you are running. At home, ensure your wireless network is password-protected. If you must shop online in a public place, avoid using an unsecured Wi-Fi connection.
  2. Use Strong Passwords- A strong, alphanumeric password with at least eight characters is an easy way to help defend your personal information online. It is also recommended that you use different user names and passwords for each online account you have.
  3. Shop on Trusted, Secure Websites- Before entering your personal financial information to make a transaction, always make sure that you are using a site that provides encryption for the credit card transaction. Look for the closed padlock on the browser’s address bar or at the bottom of the screen. Also check the browser’s address bar to confirm that the URL begins with “https,” signifying a secure site that provides encrypted communication.
  4. Protect Personal Information- Most online shopping will require disclosing information to process a transaction. It is normal to provide contact information like an address and phone number, and, when prompted, your credit card number. However, be wary of any request for additional information, especially if it is received by email claiming to confirm a purchase or asking for additional information. Always contact the merchant directly if you have any doubt about requests for personal information you receive.
  5. Be Careful What You Click – While searching online for deals and product reviews, be careful about clicking on hyperlinks you run across in search engine results and holiday e-cards, as well as on social networking sites like Twitter and Facebook, even if it appears that your friends are suggesting a link for you. Always verify the URL address—especially shortened URLs—of any link you run across to ensure it will direct you to a safe, reputable website. One wrong click can lead to malware that could end your holiday shopping season early.

Free support

The VIPRE support team is at your service! You don’t have to call in, send emails or wait in line, just fill out this support request form for free technical support:
VIPRE Support

Stay on top of all the real-time threats:
http://research.sunbelt-software.com

Also, read our tip sheet on common online security traps:
VIPRE Security Traps Tipsheet

Deb’s Deep Dive

Layer 1: It’s all about the hardware

To understand network security, you first have to understand computer networking itself. Early in any serious study of the subject, you’ll run into a concept called the OSI model. That stands for Open Systems Interconnection and it divides the network communications process into seven layers. The purpose of the model is to create a standard framework to define how the networking protocols work, so that networking devices and software from different vendors can communicate with each other.

A comprehensive discussion of the OSI model is way beyond the scope of this short column; I once wrote a whole book for Cisco Press, Computer Networking Essentials, that does that. But something I’ve noticed over the years is that many people forget about Layer 1 when they start troubleshooting, whether it’s a suspected security issue or a general network communications problem. Layer 1 is the physical layer, the layer that interfaces with the actual hardware devices (network cards, routers, switches) through which the data goes and network media (cables, airwaves) over which the data travels.

This was brought home to me a few days ago in regard to my own home network, when my husband reported that one of the computers in our “DMZ” (the network that sits between our internal network and the Internet) must have been compromised because it appeared that the DMZ switch was being flooded with packets. This usually means a Denial of Service attack.

I wasn’t so sure that was what was going on. We had recently moved all our servers into a new room, which involved relocating the bank of Ethernet outlets where the cables to all the rooms in our home terminate. We had to shut down, disconnect and then reconnect all the computers, routers, switches and other devices. I had marked and labeled everything to make sure each got plugged back in where it had been before, and the network came back up and worked fine without much angst. However, the move caused some redundancy and we had been tweaking that, moving some connections to a fancy new managed switch and getting rid of some redundancy.

Remembering my own advice to always check the physical layer first, I decided to trace the paths of all the cables that were plugged into the DMZ switch that appeared to be under attack. Sure enough, I discovered that somehow we’d managed to plug both ends of the same cable into that switch, creating a loop that was causing the packet storm. I unplugged that cable and the network traffic went back to normal. Tom noted that he probably would have spent hours fiddling with the software, checking the firewall logs, etc. to try to figure out the problem.

Today we do much of our network management remotely – we can configure and manage our routers, switches, etc. from our workstations without ever even going into the room where those devices actually “live.” But when we remove ourselves from the physical layer, we not only overlook simple solutions to problems but we also lose some of the understanding of how networks really work. Next time you have a networking problem, or a computer problem of any kind, don’t forget to check the physical layer. I’ll never forget the time a friend went through hours of troubleshooting and even went so far as to format the hard drive and reinstall Windows – only to discover that the source of his problems was a loose hard drive cable. There’s a reason the physical layer is labeled as number one.

Till next week,
Deb Shinder
Contributing Editor, VIPRE Security News

Dirty tricks

How Gmail Ads Work

Note: I always wondered how they did this.

“Ads that appear in Gmail are similar to the ads that appear next to Google search results and on content pages throughout the web. In Gmail, ads are related to the content of your messages. Our goal is to provide Gmail users with ads that are useful and relevant to their interests. Ad targeting in Gmail is fully automated, and no humans read your email in order to target advertisements or related information…”
Source: Google
http://mail.google.com/support/bin/answer.py?answer=6603

Eating too Much Bacn

“It may not be breakfast food but bacn (sounds like bacon) aka “Bland Automated Community Notification” or the stuff you wish you never subscribed to but here it is anyway. You may want to read it but not right this moment and wouldn’t it be nifty to have some place to store it so you didn’t have to filter through all that gark.

Wikipedia describes it as such “Bacn differs from spam in that the recipient has signed up to receive it. Bacn is also not necessarily sent in bulk. Some examples of common bacn messages are news alerts, periodic messages from e-merchants from whom one has made previous purchases, messages from social networking sites, and wiki watch lists…”
Source: Wikipedia
http://en.wikipedia.org/wiki/Bacn

Bacn is supposed to be superior to spam but not like your bff saying howdy to you in an email. Putting it simply Bacn is something you ordered but spam is something you didn’t ask for but got anyway. A March 2011 infographic from Unsubscribe.com claims that over 27 billion bacn emails were sent every day in 2010.

China’s Cyber Threat a High-Stakes Spy Game

“The cloak-and-dagger world of corporate espionage is alive and well, and China seems to have the advantage. Their cyber-espionage program is becoming more and more effective at swiping information from America’s public and private sectors. The U.S. government has even blamed China publicly for hacking American industries…”
Source: NPR
http://www.npr.org/2011/11/27/142828055/chinas-cyber-threat-a-high-stakes-spy-game?ft=1&f=1001

25 Worst Passwords of 2011

Note: You should get a kick out of this.

“Pro tip: choosing “password” as your online password is not a good idea. In fact, unless you’re hoping to be an easy target for hackers, it’s the worst password you can possibly choose. “Password” ranks first on password management application provider SplashData’s annual list of worst Internet passwords, which are ordered by how common they are (“Passw0rd,” with a numeral zero, isn’t much smarter, ranking 18th on the list.)…”
Source: Mashable
http://mashable.com/2011/11/17/worst-internet-passwords/

What To Do About ‘Duqu’ Malware Sent Via Word Documents

“There are plenty of infected Office documents around, just waiting for an unprotected computer to infect courtesy of an unwary user. The ‘Duqu’ document is just the latest of many infestations. When sending Office documents, try to use the ‘new’ Office 2007/2010 formats (.docx, xlsx, pptx, etc). Not only are the files smaller but it is much more difficult (can’t say impossible) to infect your computer from them. In this way receivers of documents from you can open them with less concern…”
Source: Office Watch
http://office-watch.com/t/n.aspx?a=1623

Facebook: Attack Identified, Most Spammed Porn Removed

“Facebook has been hit by a widespread attack spamming porn and violent images, security experts say. Facebook says a hack that exploited some Web browsers was responsible for a flood of porn, violent images and other graphic content that spread across the site over the past couple of days…”
Source: CNN
http://articles.cnn.com/2011-11-15/tech/tech_social-media_facebook-porn-spam_1_facebook-users-social-media-giant-facebook-news-feed?_s=PM:TECH

Note: The Atlantic Magazine take is worth reading too.
http://www.theatlanticwire.com/technology/2011/11/dirty-details-facebooks-porn-attack/45029/

Facebook’s Phone: Oversharing To Go

“Your Facebook phone may be the equivalent of having a KGB agent tailing you. Mark Zuckerberg will be in your pocket. You might as well wear one of those ankle bracelets for tracking. The Facebook phone is in play—again—and it appears we have another 12 to 18 months to go before mobile and social utopia arrives. I can’t wait to see the privacy flaps that emerge from this adventure…”
Source: ZDNet
http://www.zdnet.com/blog/btl/facebooks-phone-oversharing-to-go/64030?tag=nl.e539

Zone – Cool products and other stuff

I am always looking for some hot stuff to share with our readers and maybe you
are too. Hit me back at feedback@vipresecuritynews.com.

Five free replacements for Windows Explorer

Note: Searching with Windows Explorer has always been a challenge for me, so it’s nice to know there are some cool alternatives.

If you’ve ever wished for more or better file management features than Windows Explorer offers, these free alternatives might be the answer:
Source: Tech Republic
http://www.techrepublic.com/blog/five-apps/five-free-replacements-for-windows-explorer/1103?tag=content;siu-container

To listen or not to listen

Note: Here’s a nifty little article on the various music listening outposts you can find on the Net.

“You just want to listen to some good music. At this point, music lovers and listeners now have 10 scrillion ways to listen to music online. But where to start? Do you patiently upload all your music to Google Music? Do you check out what your friends are listening to on Spotify? Rdio? Mog? Pandora? Which ones are free, and which ones cost money? Or do you just forget about online music and just go back to listening to CDs (assuming they’ll even be around in a couple of years)?…”
Source: Cnet
http://news.cnet.com/8301-17938_105-57326162-1/which-music-service-should-you-use/?tag=nl.e404

Ravel’s Boléro flash mob at Copenhagen Central Station

I know there have been tons of flash mob videos, but this is one of my favorites. It does not feature dance, but it does feature the Copenhagen Philharmonic playing Ravel’s Boléro.
Source: Pixely Dixel
http://www.pixelydixel.com/2011/05/el-bolero-de-ravel-en-la-estacion-central-de-copenhague-flashmob.html

Swinging at Denver Airport

Holiday travelers at Denver International Airport were surprised with an entertaining treat when 100 dancers performed to a medley of Swing classics:
http://www.pixelydixel.com/2011/05/el-bolero-de-ravel-en-la-estacion-central-de-copenhague-flashmob.html

Alpine Coaster

The mountain ride of a lifetime on a single-pipe alpine coaster in Austria:
http://www.flixxy.com/alpine-coaster.htm

Acrobatic Dance Duo

A breathtaking acrobatic dance masterpiece by Cirque du Soleil dancers Shenea Booth and Nicolas Besnard:
http://www.flixxy.com/acrobatic-dance-duo.htm

Digital Christmas Story

Christmas story told through Facebook, Twitter, YouTube, Google, Wikipedia, Google Maps, GMail and Amazon. Times change – feelings remain the same.
http://www.flixxy.com/digital-christmas-story.htm

Share on TwitterShare on LinkedInSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email