Real World Internet Safety Tips for Using Public Wi-Fi

By James Grant, Team Lead and Senior Developer

I was recently traveling and wanted to keep in touch with both work and the world. I packed my laptop and was off. On arrival, the hotel clerk proudly told me that the hotel offered free Internet over Wi-Fi, no encryption to worry about. Great! I guess...

Confession: I get a little paranoid about security so I'm thinking through all the ways this could go wrong: the person in the next room is going to see all my Internet traffic because it is going over the airwaves like a cell phone call; the person in the next room will try to hack into my computer; the person in the next room will see my email address and I will get more spam. I need a new room! But wait, everyone in the hotel can see my traffic-- as well as anyone driving by! Well, the good news is that not everything you do on the Internet puts you at risk.

Using email

The first thing I wanted to do was check email at work. My company uses a VPN to support email access, so I can do that safely. I am free to use a public Wi-Fi link because a snoop will not try to decrypt my VPN traffic to read the emails. The VPN is the strongest link in the chain, not the weakest link.

The next thing I wanted to do was check my personal email at Gmail. There I have to be a bit more careful. I deliberately go to https://gmail.google.com (instead of http://...)because then Gmail gives me an encrypted connection (safe). If I just typed gmail.google.com, my login would be encrypted, but the emails I read and wrote would be unencrypted and any snooper could see them! Remember: whenever you see "https" at the start of the link in your browser, it means you're a lot safer than "http".

Checking online news

With that done, I wanted to check the news. Now I personally don't care who knows what news articles I read, so I freely went to my favorites:

www.news.google.com, www.theregister.co.uk.

Using Facebook

Then I wanted to check what was happening at Facebook. Darn. That's where I caught myself and chose to wait. Facebook encrypts the actual login, but after that it isn't as safe. Snoopers could learn the email address I use to log in as well as my profile ID (every Facebook member has a unique profile ID).

They also might be able to get my "session token": information that lets them connect to Facebook as if they were me. I could be wrong, like I said, I get a little paranoid. So I did not connect to Facebook over the unencrypted Wi-Fi.

Banking and other private activities

What else would I not recommend in a public setting?

- banking - even if the connection is encrypted, I reveal what bank I use

- online investments - same as banking, only more money at stake

- private activities: IM, political activities, porn (no, I'm

not confessing anything here. It's you, Dear Reader, I am thinking of!)

Avoid all of these things on unencrypted Wi-Fi, unless you use a service like Anonymizer Anonymous Surfing. With a service like Anonymizer, everything works the same but your network traffic gets routed through their server using an encrypted connection. Snoopers can't tell where you're going or what you're sending.

What about public computers?

A final note about using a public computer (library, conference, hotel, etc.) I would not log on to any account of mine on a public computer, even if it were an encrypted https: website. The computer might have a virus or other tool for logging everything you type. Think of a public computer as having the public looking over your shoulder.

Posted by ZoneAlarm on March 03, 2009 at 09:35 AM in Facebook Security, ID Theft, Phishing & Spam, Security Industry, Technology, ZoneAlarm | | Comments (1)

|

Adobe Acrobat PDF vulnerability is more of the same

By Jordy Berson, Group Product Manager, Check Point Software

A vulnerability in Adobe Acrobat is being used to steal business and government secrets.   This exploit entices its victims to open a PDF document, upon which a Trojan is transferred invisibly to the victim's PC.  The Trojan secretly records the keystrokes and allows hackers remote access to the victim's computer. This vulnerability has so far been targeted at business executives and government officials.  I don't know what's scarier - the attacks that target people like you and me directly to steal our identity, or knowing that our goverment and business officials are being spied on. 

The general idea is this: You're surfing the Internet, you land on a Web site, and BAM! Malicious software secretly downloads to your PC.  Most of the time you don't even have to click on anything or even stay on the site for more than a moment.  But when you leave the site, you take an invisible threat away with you that steals your identity and your privacy.

The Adobe attack is just the latest chapter in a dramatic but predictable story. Nearly every week for the past year, it seems a new drive-by exploit is discovered.  Web surfers fall victim.  Identities are stolen.  Secrets are passed.  Virus companies catch up...too late as usual. 

Any Web site will do.  These types of exploits have been hosted on compromised mainstream sites such as Miami Dolphins and Tom's Hardware and on popular banking sites where you'd never expect them, as well as on riskier sites such as free download sites.  The point is that these threats can affect you no matter where you surf and no matter how careful you are.  

How likely are you to hit a drive-by? A study by Google concluded that over 1% of all Web searches contain at least one malicious URL which could be a drive-by.  So out of 100 Web searches, you'll hit at least one of these.  And that's just one of the methods to get you. Phishing sites and other social engineering tactics can land you on a malicious Web site too. And if you do stuff like downloading free screensavers and music and you spend a lot of time social networking, your risks are higher.

So what do you do?  Hide your love away...

Hackers love people who run old versions of their software.  And you don't want to be loved by hackers! When you run outdated software on your PC, you make it dead easy to get hacked.  You're almost asking for it.  So please update all your software now...right now.  And especially if anybody is using an older version of IE or Firefox (or whatever browser you run)...upgrade immediately!  You should be on IE 7 and Firefox 3.  

...and get a good traffic cop.  The traffic cop is one of the few technologies out there that can stop drive-by downloads.  And this one is *the* only one at this time that works automatically (the others require you to change the way you download files and manage your file system). It's our own ZoneAlarm ForceField.  In the time its been out, its stopped 100% of drive-by downloads that we've been able to test - theoretical and actual. It does a lot of other stuff too. Try it for free and please tell me what you think of it.  Love it or hate it, I'd love to know. It's less than 5MB.

Thanks!

http://www.zonealarm.com/security/en-us/trial-download-zonealarm-forcefield-browser-security.htm

Read the Adobe Security Bulletin here.

Posted by ZoneAlarm on February 26, 2009 at 11:28 AM in PC Security, Phishing & Spam, Security Industry, Technology, ZoneAlarm | | Comments (7)

|

Waledac Valentine's Day attack stopped by ZoneAlarm ForceField. Are we the only ones?

by John Gable

 

Another Valentine's Day special.

 

You may have been reading how the Waledac botnet, a successor to the Storm botnet, has come to haunt your Valentine's Day.

 

This botnet is running a Valentine’s Day "campaign" soliciting people with phony Valentine’s themed e-mails and greeting cards. When users click through to a Web site to receive their messages, malicious software is silently and automatically downloaded to their computer. The malicious software can do any number of nasty things such as logging and transmitting everything a user types, stealing their credit card numbers and online passwords, and turning their computer into a launch pad to attack others.

 

With over 1000 variants in just one day, this is very hard to stop.  Perhaps impossible to stop for typical antivirus software that relies on lists of known threats.

 

This is yet another example of how important browser security has become.  We need to stop attacks like these at the point of entry - the web browser - and prevent that malware from getting onto the PC in the first place.

 

Thank you ZoneAlarm ForceField.  Just add ZoneAlarm ForceField to IE or Firefox, and you will be protected from attacks like this.  Our browser security prevents this and other attacks from hacking your PC by keeping the browser inside a "virtual sandbox" where malware can not access your system.  It also includes other powerful browser defenses like dual-engine anti-phishing (signatures and heuristics) and more.

 

Question:

 

So far, ZoneAlarm ForceField is the only mainstream consumer security product I can find that blocks this attack and the other Waledac botnet attacks starting on day one.  Anti-spam should block some or most of the spam that initiates this attack, but it is rarely 100% reliable.  Good internet sense may stop you from clicking on the link, but who knows, maybe you do have a Valentine somewhere that loves you.  There are some techy PC virtualization and sandbox software programs out there, but they are too cumbersome for most people. 

 

Is there a better way to block this attack?

 

PS.  If you want to learn more about the Waledac Valentine's Day attack, the Waledac botnet or Storm botnet, these are my favorite posts on the subject:

 

Malware Writers Use Multiple Botnets to Spread Valentine's Day Heartache

eWeek by Brian Prince

 

Another Waledac Valentine's Day Spam Run Has Started

MX Logic IT Security Blog

 

New And Improved Storm Botnet Morphing Valentine's Malware

Dark Reading by Kelly Jackson Higgins

Posted by ZoneAlarm on February 13, 2009 at 04:41 PM in ID Theft, Malware, Spyware, Worms, PC Security, Phishing & Spam, ZoneAlarm | | Comments (2)

|

Image Spam: Understanding How it Works

Image spam has become the "delivery of choice" by new-school spammers. Why? It's difficult to detect and can bypass the older-school forms of spam filtering and in the ongoing competition for viewing, he who's spam is most viewed wins.

This great article explains the most common forms of image spam, how it's designed down to the finest detail to prevent detection and how some OCR software used to detect image spam is color-blind and the spammers have determined how to use this simple limitation to their advantage.

Posted by jono2u on May 16, 2007 at 03:53 PM in Phishing & Spam | | Comments (5)

|

Phishing for Dirty Money

Anti_phishing_spam_1 Earlier today, the External Threat Assessment Team at Secure Science Corp. emailed an image taken from a Phishing/Carding group website. The question is, what is this image for or what purpose does it serve?

Because these groups are comprised of people who engage in fraud, and break laws, often the biggest obstacle to them cooperating with each other is the fact no one trusts the other.

This image is apparently used to confirm and advertise this groups abilities to people who might work with them and prove they are capable of conducting fraud -- it's a kind of "show me the money" amongst criminals. 

Dscn0350_1

Here is a quick Q&A explaining more details about the image:

jono2u: Regarding the image with all the hundred dollar bills, where did you obtain it?

SSC: [URL to carding group removed] Editor's Note: This site also contains BIN to Bank numbers so the carders know what card goes with what bank and other suspicious/stolen data.

jono2u: What is the primary type of criminal activity is this group engaged in?

SSC: e-Bay and miscellaneous online bank phishing, Carding and cashing out.

jono2u: Do you have any idea how this group is transferring/dropping/moving this money around? How does it get from a victim to them?

SSC: They use Western Union for picking up the cash, and utilize fake merchant accounts to authorize and spend on the cards. Money mules help them transfer money to Western Union from bank accounts they transfer to.

If you are interested in the technical details on Phishing attacks, take a look at the book written by Secure Science's lead researcher: Phishing Exposed

Posted by jono2u on February 22, 2007 at 04:55 PM in Phishing & Spam | | Comments (3)

|

Take Precautions Before Visiting Phishing Sites

Today I received an email from "Yahoo! Groups:" "Please confirm your request to join will-kate." I hadn't remembered joining a group lately, but I wondered if I had in recent weeks and forgot. The sender's name seemed right.

First I went to the Yahoo! Groups main page and searched for "will-kate." There was no group. Out of human curiosity, I clicked.The email was sent to an address on my personal domain that doesn't exist.

And that's when it hit me: Does Yahoo! Groups even send a confirmation email? I joined a new group. No confirmation email came, only a welcome email from the moderator.  Phished!

Is it OK to click a link an email that looks like a phishing attempt?

I spoke with a colleague at Zone Labs who works in our Smart Defense team about whether it was OK for me to visit the phishing site out of curiousity, or for purposes of reporting the site. (There's a new site called PhishTank I wanted to check out.)

He had a more conservative response than PhishTank, which says in its FAQ: "it's usually safe to visit these sites as long as precautions are taken, like making sure your browser's security settings are high."

My coworker pointed out that sites could have exploits, that will be used to plant Trojans on your computer. Some of those exploit vulnerabilites which may not yet have a patch available

The safest way to visit phishing sites (if you must visit them)

If you decide to visit suspected phishing sites, the most secure way to do so is:

  • Using a browser other than Internet Explorer, as IE is often a target for attacks, given its popularity.
  • Have your browser security set to the highest levels.
  • Have your ZoneAlarm firewall set to the highest levels, as well as antispyware and antivirus turned on.
  • Use a virtual machine, such as VMWare offers.
  • Use a Unix machine (if you have one lying around) :)

PhishTank lets you report sites by forwarding an email so it's not necessary to visit suspected phishing sites. Ideally you shouldn't even click on spam emails or ones that are obviously impersonating valid sites, as this likely will confirm that you have a valid email address, resulting in more spam.

Posted by ZoneAlarm on October 09, 2006 at 09:10 AM in Phishing & Spam | | Comments (0) | TrackBack (0)

|

Thoughts on Yahoo! Mail Anti-Phishing Sign-in Seal

Yahoosignin_1Today my Yahoo! mail had a new prompt to set up a mail "sign-in seal," designed to warn you if you're logging into a potential phishing site.

Some of us at Zone had a heated discussion about this feature, agreeing we like the ability to customize with an image, color and/or wording. "Always be closing," shown in the image, is what I chose.

For some reason the seal only appears in Firefox even after I made sure I had a mail cookie set in IE.

On public and shared computers, everyone sees the same image -- so everyone needs to know what the image should say. It might be nice to have a wizard to prompt wording that will create a standard format among users such as "Your family name" (e.g., The Smiths) or "Your business or organization name" (e.g., SF Public Library)

Aside from that, it's very easy to use and good for peace of mind.

 

Posted by ZoneAlarm on September 07, 2006 at 01:32 PM in Phishing & Spam | | Comments (1) | TrackBack (0)

|

The IRS Phishing Emails Multiply

"Wow a refund from the IRS!" "Oops my taxes are late."

These are just some of the responses you may have to an email you receive "from" the U.S. Internal Revenue Service. But the bottomline is if you receive such an email, it's a phony:

"'The IRS does not send out unsolicited e-mails asking for personal information,' said IRS Commissioner Mark W. Everson....The IRS does not send out unsolicited e-mails or ask for detailed personal information. Additionally, the IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts."

Recent phishing scams have included:

The IRS requests that consumers send phishing emails to this address: phishing@irs.gov. Read more this on the IRS site.

Posted by ZoneAlarm on July 26, 2006 at 02:53 PM in Phishing & Spam | | Comments (0) | TrackBack (0)

|

Avoiding the Onslaught of Email Spam Based on Images

USA Today reports that because image-based spam tends to slip through the spam filtering cracks more than text based spam, "image-based spam accounts for 21% of all spam, compared with just 1% in late 2005."

Generally when you click spam, it verifies that your address is "real" and the amount of spam you get will multiply.

A few ways I avoid image-based spam:

  • As usual, if the subject line or sender looks out of the realm of people I normally email with, I send the email directly to the junk / bulk mail folder.
  • I never download images unless I know the sender. If you're using Outlook, Thunderbird or other email software this may be set as the default option or you might have to specify to not download images by default to unknown senders.
  • If you don't know the sender AND there is an attachment, that's often a good indicator that it's spam. "Delete!"
  • Discover your email software's tools:

    Whether you use mail software to download your mail or web-based mail, there are several useful options for detecting spam:

    In Yahoo! Mail Plus, and mail software I do a search on the sender name or subject. I can see a summary of the email contents. If no message is not "found" in the search results or if the message is jibberish, I know it was a spam message. Then I delete it without opening.

    Gmail lets you mouse over the sender's name and shows you the actual "from" account name such as "xis09283slsdiqo@spammersdomain.com." That's usually an instant giveaway.

Got other tricks you use?

Posted by ZoneAlarm on July 24, 2006 at 08:20 PM in Phishing & Spam | | Comments (0) | TrackBack (0)

|

PAYMENT REPRESENTATIVE NEEDED!

You've seen the email subject lines:

PAYMENT REPRESENTATIVE NEEDED!
JOB ALERT!
CONGRATULATION FROM: THE TREASURYLINE BOARD

These are spammed emails claiming someone has discovered unclaimed money, found you a job, or needs someone in the US to receive a $10 Million dollar bank transfer. These are usually called 419 Scams or Advance Fee Fraud. Sometimes skilled social engineers will attempt to start a dialoge with these people, hoping to have them divulge certain information or disclose who they really are -- this is called: Nigerian Scam Baiting.

At one point, a scammer was even baited into being caught on tape (or rather webcam) by setting up a transaction and having the camera on the drop spot. Not to be outdone, today we have someone who convinced the 419 scammers into actually recreating a Commodore 64 out of wood! The pictures have to be seen to be believed -- very skilled work, seems like the scammer might be able to find work working wood rather than scamming people.

Posted by jono2u on June 28, 2006 at 07:22 PM in Phishing & Spam | | Comments (1) | TrackBack (0)

|

Next »