And the Academy Award for the most dangerous search term goes to…

By abigail_lovell | March 10, 2010 | Leave a Comment 

abigail_lovell

The team at Norton have been busy digging through the gossip since Sunday’s glamorous Oscar ceremony. They weren’t just looking for juicy rumours though; they’ve been looking for malware around the Academy Awards.

Cybercriminals often take advantage of public interest in both individual celebrities and world entertainment events, so it is no surprise that when the two combine, crooks get busy infecting websites. Norton found that around 50% of Oscar related internet search results lead to “poisoned” sites.

 Some of the most dangerous search terms (and the percentage of infected results) include:

  • “Oscar 2010 Winners” – 60% infected
  • “Music By Prudence” – 58% infected
  • “Kathryn Bigelow height” – 48% infected
  • “Sandra bullock Meryl Streep kiss” – 43% infected

Criminals predict public curiosity and infect pages that contain key words with malware. When a victim clicks through on links from search engines they inadvertently end up with their computer infected with a virus or inundated with pop-ups for fake, and in some cases dangerous, “anti-virus software.”
 
When searching for anything online, Oscar-related or not, it is important to be on guard. Make sure you have legitimate antivirus software that includes all the latest updates, and if you don’t, make sure you buy software from a reputable source.
 
Abigail Lovell

Photo by Flickr user Zadi Diaz, licensed under CC BY 2.0.

How Many Passwords…

By Guy Bunker | October 7, 2009 | Leave a Comment 

Guy Bunker

… Must A Man Write Down? – to paraphrase the great Bob Dylan. There is (yet again) a story of phishing against web based email in order to get passwords. This is not new – what has been picked up on this time (but has always been true) is that people use the same email for their bank as they do for their email and often everything else. So, if one is compromised, then they all are. So how many passwords do you need?

Well, you need to minimize the number – but not down to one. So, I recommend three. You can remember three relatively easily and you shouldn’t have to write them down. One for the bank – and only for the bank, this should be the strongest cryptographically (so some random numbers, letters and other characters). The next one is for things which involve money, so credit cards / on-line shopping sites / email finally one which is used for the rest – for those sites which require you to log on but only so they can track you.

One of the other dangers with email is that once there is access then the cyber-criminal can see who you do business with (including your bank). They can potentially then request a password reset – which would mean all your hard work keeping passwords safe was pointless. Having at least two email accounts can help you keep an eye on those emails which are important (bank, bills etc) and those which are just marketing.

Maintaining your digital information in the Internet Age is hard and requires a certain amount of vigilance. It also needs some common sense as well… so do remember to change your password regularly. Don’t share usernames and passwords with friends or family – and if you are somewhere which is Internet ‘unsafe’, such as a cyber-cafe, don’t log onto those sites which you would be afraid to be compromised. Finally, if anyone ever suggests you email them your username and password – for whatever reason – don’t do it. If you are worried by the contents of the email, make a phone call to clear things up.

Guy Bunker

Presidents, Senators, You And Me

By Guy Bunker | October 20, 2008 | Leave a Comment 

Guy Bunker

Another famous name has had their bank details stolen and money taken from their account. This time it’s the French President, Mr. Sarkozy. Of course it is not unusual for people to have their details stolen, we have seen other high profile cases in recent months, a US senator had their email account hacked and the Chief Executive of a bank also lost money. Of course if you happen to be you or me then it is unlikely to make the front pages of the news or spark quite the same level of campaign to find the perpetrators.

The interesting point in this latest case is that the thieves just skimmed off a little bit of money at a time, rather than empty the account. The thinking is that you won’t notice – so over time they would make off with more money. What can you do? Simple stuff really:

  • Don’t tell anyone (and I mean anyone) your logon or password details.
  • Regularly change your password.
  • Don’t make your password guessable. (This sounds obvious, but people evidently make them too easy to guess!)
  • Regularly check your statements and query any unknown transactions.

Think Of A Number… Any Number…

By Guy Bunker | September 24, 2008 | Leave a Comment 

Guy Bunker

Just make sure you can’t find it on the Internet, or rather that it can’t be associated with you. Oh, and by the way, make sure other questions you use to validate who you are, are not on the Internet either. Sarah Palin had her email account broken into and the contents spread across the unforgiving web. The hack was allegedly done by either guessing the password resetting the password and in order to reset the password another piece of information was required, in this case where she had met her husband… information that could be found on the web.

Most banks rely on things like your Mother’s maiden name as a proof of identity, but now you can easily find that on the web. In an age where people like to tell all on social networking sites from favourite films to names of first pets, it seems no ‘secret’ fact is a secret any more – unless you want it to be. So when it comes to deciding on security questions, have a thought for what is already out there and readily found.

And Your Password Is… Password

By Guy Bunker | July 11, 2008 | 1 Comment 

Guy Bunker

A report into the Top 10 passwords for 2008 puts ‘Password’ at the top of the list. It’s been in the top 5 for years – why? You would have thought that people would realise that if it (whatever it is) is worth protecting by a password then they would realise that it is of value to someone else.

‘But… it’s only my blog’ or ‘It’s just my social networking account’ or … there is an endless supply of excuses as to why people chose weak passwords – listen up, if it has a value to you, it has a value to someone else. So, now let’s play a game of ‘What If’… and this is what you need to do when setting a password (partner’s name, child’s name, pet’s name – they are all in the popular list – and easily guessable – by machine, don’t think that someone is typing them in, oh no, its all done by machine)… so what if someone gets onto your site and defaces it, perhaps posts objectionable content or pictures, perhaps emails all your friends and tells them that you hate them… it’s coming from your account, they will be impersonating you, how do they know it’s not you? How long will it take to repair the damage caused? Hopefully the picture is clearer now… so when you chose a password make it a strong one – put in a number or two, perhaps some punctuation and have it at least 8 characters long. That way someone won’t come along and hijack your account and maybe your reputation as well.

(Just so you know… the same goes for work passwords as well – many companies have policies and protection in place for work based passwords… and for good reason. Imagine if someone could impersonate you and therefore your company…)