Category Archives: Security

The EBay Hacking Scandal – Is Your Account Secure?

EBay Hacking

The recent hacking of over 200 million accounts on the world’s largest auction site has raised serious concerns about security. It’s believed hackers were able to access dates of birth, passwords and other personal information. EBay has offered reassurances that financial data of user accounts wasn’t compromised. The fact that a major organisation like eBay can suffer a security breach highlights the need for constant vigilance in all online transactions.

RECOMMENDED
Essential Security Tips for Your New Smartphone

Understanding Malicious Software and Other Security Threats

The eBay hacking scandal was made worse due to delays in advising customers of the potential that criminals had access to personal data. It’s believed it took as long as three months for eBay to identify the hacking issue. It was a further two weeks before eBay decided to alert the general public. Cybercriminals are stepping up their efforts to obtain personal data, and the threat of ID fraud and consumer scams is on the increase. EBay have a responsibility to protect their users from security breaches, but individuals should also take steps to protect their accounts. The following tips will help to ensure your eBay account remains secure.

01

Never use the same password over multiple sites.Online security experts warn this habit can lead to serious problems. If you use the same password across a number of sites you are exposing your personal and financial data to multiple risks. If cybercriminals are able to hack one of your logins they could go on to access your bank account, credit cards and Paypal account. Managing a series of passwords can be time consuming, but it’s essential for online security.
Related:Do I Need to Worry About the Heartbleed Bug?

02

Use complex passwords that can’t be cracked.Using children’s names and other easy to crack passwords are of the main reasons online security breaches take place. A strong password should contain a series of letters, numbers and symbols. Sophisticated hackers are still able to beat more complex passwords, but they are likely to move on to softer targets if you make life difficult for them. Don’t be put off by the idea of having to remember more complex passwords, as there are apps and tools to deal with this for you.

03

Be constantly vigilant.Most security breaches take place because the victim falls for a fairly simple scam. If you receive an email inviting you to change your password or enter other personal data, don’t do anything until you’ve checked the source of the message. Clicking through to links in emails can put you at risk. The safest way to deal with these situations is to ignore the email and contact the company or site directly.

04

Take extra care with public computers and networks.Logging onto eBay and other accounts on shared computers or networks can be an increased security risk. Cybercriminals use a variety of techniques to pick up passwords and personal data from computer users in public places. Always make sure you are logged out of your account before walking away from a shared computer.

05

Keep your anti-virus software up to date.Good anti-virus software is essential for defending your computer against hackers. Make regular scans to check for viruses and malware. Cybercriminals are constantly developing new ways to beat security software, so make sure you are running the most recent version.

6 Tips for Using Your Debit Card Safely

Using Your Debit Card Safely
The headlines have been pretty scary. Major retailers and restaurant chains have been hacked and their customer data put at risk. International gangs have targeted banks and their customers. Consumers have been targeted with phishing scams and fake emails. It is enough to make you cut up your debit card and go back to cash.

RECOMMENDED
Holography and Credit Card Security

Top Tips for Preventing Credit Card Fraud Online

The good news is you can still use your debit card safely – if you know how to keep it safe. These safety tips can keep your debit card – and your bank account – safe online and off.

01

Look at the swipe device carefully before using your debit card. Thieves can install skimmers to steal data and clone debit cards. If something does not look right, notify store management right away and use cash instead.

02

Use your other hand to shield your PIN entry. This protects you from shoulder surfers – and the pinhole cameras thieves sometimes use to steal data.

03

Ask your bank about their liability protections. Some banks extend the same zero-liability protections to both credit cards and debit cards, while others only provide that protection to credit card customers.

04

Log on to your checking account several times a week and scan for unusual charges. If your debit card has been compromised, you may see strange charges or unauthorized withdrawals in your bank account.

05

Notify your bank immediately if you suspect a problem with your debit card or bank account. Notifying the bank promptly is the best way to protect your rights.

06

Watch where you shop with your debit card. When shopping online, always make sure the site is encrypted by looking for the https: designation in the address bar. Avoid sites you have never heard of before, and if a site seems suspect just abandon your cart and go elsewhere.

Nothing can provide total protection for your debit card. You do not have much control over the security of online systems or the ability of hackers to breach them. You can, however, take steps to protect yourself when you shop. The above tips can help keep you safe, or at least give you an early warning if fraud is suspected.

Essential cPanel Settings

Essential cPanel_Settings
Most web hosts provide access to the server and the website hosted on it through a cPanel. The cPanel offers a simple, flexible way to manage and customize the back end of a website. How you customize your cPanel can affect everything from security to the functionality of your website. Here we take a look at some of the best practices in setting a up a cPanel for the first time.

RECOMMENDED
Web Security: SSL and Beyond

The Future of Web Development:Browser Dominance,Web Components and More

Set a Strong Password

Your login credentials, which you set in the cPanel, will be used for everything from accessing databases to uploading websites through FTP accounts. A weak password leaves your website wide open to hackers. What’s worse, once the hacker gains control of your account, he or she can change your password and prevent you from accessing your own website.

Secure Apache

The easiest way for a hacker to gain access to your website is through your web server application. Apache is the most common web server application used and thus one the one most often targeted by hackers. One of the best things you can do to secure Apache is set mod_security. You install mod_security through the Addon Modules in the cPanel. While you are securing Apache, be sure to go to PHP open_basedir Tweak in the Security Center and set Enable php open-basedir Protection.

Update Email to the Maildir Format

Maildir provides both extra security and extra speed for the email that your web server provides. In some cases, your web host will already have installed maildir. If it has not, look for the scripts section in your cPanel and run the /scripts/convert2maildir script.

Lock Compilers

Compilers are used most often to convert C/C++ code into bits that are readable by the server’s processors. If you aren’t using C/C++, then you can go to Tweak SecurityCompilers Tweak and turn off those compilers, which will protect you from certain hacks.

Delete/Disable Unused Software

Almost any software can be exploited to gain access to your server. If you aren’t using a particular application, you should delete it or disable it to reduce the number of ways that someone can gain entry to your server. You can start by going to Service ManagerService Configuration and disabling all of the services that you are not using.

Enable Automatic Updates

Keeping your cPanel up to date ensures that you have the latest security patches and bug fixes. You can update your system manually, but it is easiest to just enable automatic updates. Go to Server ConfigurationUpdate Config and be sure that automatic updates are set for the Kernel, cPanel, User Applications, and System Software.

Enable the Firewall

A firewall is just one more line of defense against hackers, so it is wise to enable it if you  don’t have a specific reason to avoid a firewall. While you are at it, take the time to install an anti-virus program for your cPanel as well as an anti-rootkit program.

Enable Brute Force Protection

Brute force protection essentially disables cPanel access from any IP that attempts to login with the wrong credentials too many times. You usually find this option under Security CenterCPHulk Brute Force Protection. Simply click on “Enable” to prevent brute force attacks against your website.

Going Above and Beyond

While the measures above may appear excessive, they actually represent just the beginning of best security practices for the web. More advanced options require a bit of command line interaction, but are well worth the effort to learn if you are into serious web development. For the beginner, the tips above will go a long way to helping you secure your website. Last, but certainly not least, always back up your site and do it often. Most cPanels make it easy to back up your site, often giving you the option to set it to occur automatically. Back your site up often and any time you make a change so that you can fix problems and restore your website to full functionality without any loss of data.

How HTML5 Apps Can Endanger Your Mobile Device

htmal5 and mobile device

While the current number of mobile apps based on HTML5 is not that big yet, that trend is set to change in the next few years. Many industry analysts believe that by 2016, almost half of all mobile apps will be developed using the technology. Both Android and iOS users can benefit greatly from the plugin-free, rich-media delivery of mobile apps built using the promising architecture of HTML5. For instance, the mobile app versions of Google Voice, Meebo, and YouTube you’ve been enjoying are all built on HTML5′s ultra-nifty programming language.

RECOMMENDED
Web Security: SSL and Beyond

Why the Freemium Model Is the Best Option for Newbie App Developers

The problem is that HTML5 is inherently readable–meaning, anyone can readily reuse and copy it, as well as insert malware into it. This poses new dangers to your mobile device and can compromise your sensitive personal data.

Cross-Device Scripting Attack

Syracuse University researchers uncovered that mobile devices running applications that are based on HTML5 are vulnerable to injection of malicious code, which can be introduced by attackers through Bluetooth pairing, SMS text messaging, 2D barcode scanning, and Wi-Fi scanning. In some cases, playing MP3s and MP4s through HTML5-based apps can pass on the malicious code.

This cross-device scripting attack can propagate the malware via SMS text messaging. The infection can still spread even if the messaged contact is using a smartphone that is different from the mobile device carrying the malware. Because HTML5 is readable on both iOS and Android devices, the malware can cross and spread between these two mobile platforms.

JScrambler 3.5

If you are a software developer wanting to protect your application, you can use an app-protection service. An example of this is JScrambler 3.5, the most recent version of an app-protection service allowing developers to add a self-defending feature to their mobile and web apps based on HTML5 and JavaScript.

JScrambler works by obfuscation, wherein the original programming code is automatically scrambled in such a way that its functionality is retained. The software developer sends the code to JScrambler. The web-security firm then processes the original code, as well as introduces logic to detect tampering and to make the application break down by design in order to mitigate the effects of a successful attack.

Web Security: SSL and Beyond

Web SecurityWeb security isn’t just something that big corporations and the government have to be concerned about. It is a problem that affects everyone from small business owners to web developers to consumers. What is more, web security isn’t always about technology. Sometimes, the best way to be safe online comes down to simple practices like the strength of your password. Here is a look at some of the simplest, yet most effective methods of staying safe online.

RECOMMENDED
Five Ways to Build a Website

Vulnerabilities and Security Risks of Cloud Storage Services

Passwords

You’ve heard it a thousand times, but it bears repeating because so many people don’t follow the rules. Simple passwords aren’t secure and using the same password over and over again is a great way to get into serious trouble. Your password should be a combination of letters and numbers as well as special symbols, depending on what is allowed. Avoiding using whole words and opt instead for partial words or random letters. Use a different password for critical applications than you use for things like Facebook.

Limit or Ban File Uploads attach

Allowing file uploads, even images, can give a hacker the ability to get a malicious script onto the server hosting your site. If you must allow file uploads, then you need to prevent users from executing files that they upload. Good options for curtailing execution include renaming the file on upload, changing file permissions, or parsing the file for viruses/malicious software.

SSL

Any time your send or receive personal information or other sensitive material, you should use a  ssl secure socket layer or SSL. Users will look to see if your website uses SSL and may forgo posting there or buying items from your site if it does not implement SSL. In particular, you should always serve a login page over SSL. This requires more server resources, but makes sure that the browser isn’t redirected to a malicious site.

Customize Error Messages

Error messages can communicate information about why your site failed that can be useful to hackers. You want them to get generic responses to errors, not specific details. Messages like “incorrect username or password” are better than specifying one or the other, which would tell the attacker that at least half of their query was correct.

Validate

Everything should be validated both before it is transmitted to the server and after it is transmitted to the server. This applies to SQL queries as well. PHP has built-in functions for validation, so use them. You will want to take special care to either strip HTML from submitted content or encode it to avoid problems with cross-site scripting (XSS).

Update

Keep your software up to date and you’ll avoid a lot of headaches. Keeping up to date is especially important when you are using popular software like WordPress, phpBB, Joomla, etc. Hackers will always check the version of software you are running to determine if an old trick will work on your site. They don’t want to do any more work than they have to, after all.

Testing

When you think that your website is secure, it’s time to start testing. A number of point-and-click software resources make it easy to test for vulnerabilities like SQL injection problems, cross-site scripting vulnerabilities, and so forth. Common tools include Netsparker, w3af, Back Track (Linux only), Cain and Able, and Retina.

Safe Surfing

If you want to provide a safe, stable web experience for your users, then you have to pay close attention to security. How prominent your site is will determine whether or not you are able to do most of the security work yourself. The techniques and tips above will get you started, but there is a great deal more knowledge out there, so don’t stop here.

What You Can Do If Your Email is Hacked

What You Can Do If Your Email is Hacked

It seems that these days there is no shortage of news reports detailing some new threat to our internet security. Viruses, hackers and scams seem more prevalent than ever. Of these threats, email hacking remains one of the most prevalent and insidious. It can be very alarming to log on to your computer only to find one of your most personal forms of communication violated. But there are steps you can take to recover yourself and re-establish your security.

RECOMMENDED
Protecting Your Computer From Viruses

5 Free and Awesome Email Clients for Your Android Device

1

Firstly, if you are still able to log in to youremail email account, change the password immediately. Make your new password as strong as possible. This means avoiding any common or easily discovered information, such as your address or spouse’s name. It is wise to avoid using this information in the new password.

2

If you find that you are not able to access your email to change the password, it is still possible to recapture your account. You can do this by checking the help function on your email site and following their step-by-step directions for reclaiming your account. This will normally involve you answering certain security questions that you had set up at the time the email account was activated. You may also be sent a link or a temporary password to a secondary email that is still secure. Once you have recaptured your account, you can then reset your password as indicated above. You should also select new security questions and answers.
Related:Why Can’t I Sign Into Gmail on My Phone With 2-Step Verification?

Your email provider will want to keep records of any incidents of hacking, so it is a good idea to let them know what has happened. You may feel that there is little that can be done after the fact, but your account provider may be able to give you important and useful information to avoid anything like this happening again.

3

While you are notifying your email provider, there are other people you may want to consider notifying as well. Let your friends and family know what has happened, in case they have received any odd messages that were clearly not from you. Normally, when people on your contacts list receive unusual emails from your account, it is a good early indication that you have been hacked. Some victims have even reported that their email account was used to solicit help or funds from people in their contacts, which can be very upsetting when they find out the message was not actually from you!

4

In addition to your friends and family, you may also want to notify your banking institution as well. The hackers may try to use your email account to send banking instructions to your bank or even try to reset your online banking passwords. Alerting your bank can keep them on their guard from suspicions communications and requests.

5

Even after notifying your financial institution, you should remain vigilant. Once an email hack happens, it is often difficult to know right away the extent of the damage. The hacker may have accessed information such as your social security number or credit information. Therefore, it is normally a good idea to monitor your banking activity for any suspicious transactions.

The best way to do this is to obtain a free copy of your credit reports.
If you do not already have a current antivirus program on your computer, you should install one and check for updates as soon as possible.  A reliable antivirus program will scan your computer for any malicious threats, such as spyware, malware or trojans. These are harmful because they can be inserted into your system by hackers to obtain sensitive information, such as passwords and other personal data. Once the hackers have this information, they virtually have a passport into your personal life.

Having your email hacked is a serious and upsetting situation. However, by taking these steps, you can greatly reduce the potential damage of a hacker attack and reclaim your privacy.

The Most Damaging Computer Viruses Ever

Computer Viruses

Every year, cyber criminals invent ever more sophisticated computer viruses intent on inflicting chaos across thousands of PCs, usually for financial gain. In 2014, CryptoLocker and the “Regin” Trojan made big news, but they still fell some way short of the havoc caused by the most damaging computer viruses of all time.

RECOMMENDED
The Simple Ways in Which Computer Viruses Spread

Understanding Malicious Software and Other Security Threats

ILOVEYOU

An email containing an attachment with the words “I Love You” may have seemed innocent enough, but this virus ended up infecting half a million PCs and costing an estimated $15 billion in damages.

Once the email was opened, the virus stole the user’s image files in the hope of gaining access to online passwords. By automatically sending itself to the first 50 contacts in the victim’s address list, maximum damage was assured.
Related:5 Free and Awesome Email Clients for Your Android Device

Mydoom

Back in 2004, the Mydoom malware made history as the fastest-spreading worm in computer history, ultimately infecting roughly two million PCs.

Mydoom infiltrated the user’s device by appearing as an error message or bounced email, but once opened, spread to anyone in the victim’s Outlook address book. Despite Microsoft offering a $250,000 reward for information concerning the creator of the bug, Mydoom’s author has never been identified.

Concept

The Concept virus was an unusual piece of malware as it actually originated not via a malicious email but on an official Microsoft CD-ROM by mistake.

Concept was the first virus to infect Microsoft Word documents, something it utilised to spread rapidly as most documents were shared via email. Although the Concept virus had little noticeable effect on the victim’s computer, it did highlight just how quickly and easily malware can spread.

Nimda

In 2001, Nimda gained notoriety for its three-pronged method of infection. It could infect the user’s email account and then spread to their email contacts, infiltrate web servers and spread automatically across a network, or infiltrate existing programson a hard disk.

Within just 25 minutes it had infected hundreds of devices, bringing down networks across the globe. The virus hit just a week after the 9/11 attacks, meaning that the Nimda virus increased fears of a new wave of cyberterrorism.

Code Red

Code Red exploited a vulnerability found in Windows 2000 and Windows NT operating systems to devastating effect.

It was able to deface and even temporarily take down a number of websites, including that belonging to the White House. It spread by randomly selecting 100 IP addresses at a time and infecting any vulnerable machines, meaning it wasn’t long before government agencies all over the world were temporarily taking down their own sites to prevent infection.

Storm

The Storm virus gets its name from the initial method used to infect PCs. In 2007, potential victims began receiving emails containing news of a deadly storm hitting Europe.

Anyone clicking on the link began unknowingly downloading the virus, leaving them susceptible to hackers intent on stealing personal information. The email used to spread the malware changes its topic to keep up to date with major news stories, but the Storm virus continues to be a major security threat to this day.

Sobig

The Sobig malware was not only a computer worm but also a Trojan, disguising itself as something other than a virus.

Through the sheer volume of emails sent by infected devices, traffic was brought to a standstill for a number of major companies, including Air Canada and the BBC. By the time the Sobig worm had deactivated itself on 10 September 2003, it had caused $37.1 billion in damages.

Slammer

Slammer was a computer worm that primarily affected businesses running SQL servers, but the fact that consumer devices were spared didn’t prevent the virus from becoming one of the most damaging ever to exist.

By infecting IP addresses at random, Slammer was able to spread extremely rapidly, ultimately attacking nearly half of all Internet servers. Before order could be restored, Slammer managed to bring down Bank of America’s ATM systems, a nuclear plant in Ohio and Seattle’s 911 emergency services.

Conficker

The Conficker virus was truly a global phenomenon, infecting millions of computers and causing Microsoft to form an international industry group to counter the threat it posed.

This particular piece of malware utilised a sophisticated method of cracking administrator passwords, making it particularly difficult to remove. Conficker could be used to hijack computers, but in most cases simply prevented new downloads, disrupting a number of major government agencies. The UK’s Ministry of Defence and Germany’s Bundeswehr were affected, while French military aircraft had to remain grounded as flight plans could not be downloaded.

Melissa

The Melissa virus, named by its creator David Smith after a Miami stripper, was among the first viruses to be spread via email.

The virus dispersed rapidly, primarily because the malicious email appeared to be from someone that the victim knew, ensuring that it quickly overloaded servers and caused an estimated $80 million worth of damage.

Despite Smith claiming that he never intended the virus to cause such widespread harm, he subsequently received a 20-month prison sentence and was banned from going near a computer without court consent.

Vulnerabilities and Security Risks of Cloud Storage Services

Business News Daily reports that by 2014, cloud computing is set to grow into a promising $150 billion industry. That’s a lot of data and a whole lot of empowered users syncing, sharing, and collaborating on various Web-based files. There’s a price, however, that comes with the convenience of having real-time access to your files through a variety of internet-enabled mobile devices. The security of your data can be compromised by the inherent vulnerabilities of cloud storage services. So, it helps to know more about the security risks, so you can better protect your important data on the cloud. Continue reading