-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-009
Coordinating Virus and Spyware Defense
Using anti-virus and anti-spyware software is an important part of
cyber security. But in an attempt to protect yourself, you may
unintentionally cause problems.
Isn't it better to have more protection?
Spyware and viruses can interfere with your computer's ability to
process information or can modify or destroy data. You may feel that
the more anti-virus and anti-spyware programs you install on your
computer, the safer you will be. It is true that not all programs are
equally effective, and they will not all detect the same malicious
code. However, by installing multiple programs in an attempt to catch
everything, you may introduce problems.
How can anti-virus or anti-spyware software cause problems?
It is important to use anti-virus and anti-spyware software (see
Understanding Anti-Virus Software and Recognizing and Avoiding Spyware
for more information). But too much or the wrong kind can affect the
performance of your computer and the effectiveness of the software
itself.
Scanning your computer for viruses and spyware uses some of the
available memory on your computer. If you have multiple programs
trying to scan at the same time, you may limit the amount of resources
left to perform your tasks. Essentially, you have created a denial of
service against yourself (see Understanding Denial-of-Service Attacks
for more information). It is also possible that in the process of
scanning for viruses and spyware, anti-virus or anti-spyware software
may misinterpret the virus definitions of other programs. Instead of
recognizing them as definitions, the software may interpret the
definitions as actual malicious code. Not only could this result in
false positives for the presence of viruses or spyware, but the
anti-virus or anti-spyware software may actually quarantine or delete
the other software.
How can you avoid these problems?
* Investigate your options in advance - Research available
anti-virus and anti-spyware software to determine the best choice
for you. Consider the amount of malicious code the software
recognizes, and try to find out how frequently the virus
definitions are updated. Also check for known compatibility issues
with other software you may be running on your computer.
* Limit the number of programs you install - Many vendors are now
releasing packages that incorporate both anti-virus and
anti-spyware capabilities together. However, if you decide to
choose separate programs, you really only need one anti-virus
program and one anti-spyware program. If you install more, you
increase your risk for problems.
* Install the software in phases - Install the anti-virus software
first and test it for a few days before installing anti-spyware
software. If problems develop, you have a better chance at
isolating the source and then determining if it is an issue with
the software itself or with compatibility.
* Watch for problems - If your computer starts processing requests
more slowly, you are seeing error messages when updating your
virus definitions, your software does not seem to be recognizing
malicious code, or other issues develop that cannot be easily
explained, check your anti-virus and anti-spyware software.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-009.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRRridexOF3G+ig+rAQL1Fgf+NuwTIvZwBUau4GoTOdNsZ4XufognCUOz
TIcRKJeNhr5gKHjQIGHsQlQyIwcp7dE2KZ/c4pMXYadQKWP90VNZdgCe5yvcGSHZ
yGpotA0EiFfvILSrsjfudLJDviDt3wNYizuuJFU764qWNvjvuPvUKh/ypSSX//PC
JabTtxhM4FFdX5CxWPppVOj2HITuUculxuLLSRis/13wdV0YUMgwK3VixJD7kGRl
otcc1/PgDbU+qbQGhY9KyCjAapiYQBTIlB/nJl+1HZ4twbYmTtzIVozdWvB71NFe
jZVceVsKFUHViqGbZOW7xn/O0t5eKeoSScj1V9evWN4/vnT+Z0zv5g==
=5HRT
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-008
Safeguarding Your Data
When there are multiple people using your computer and/or you store
sensitive personal and work-related data on your computer, it is
especially important to take extra security precautions.
Why isn't "more" better?
Maybe there is an extra software program included with a program you
bought. Or perhaps you found a free download online. You may be
tempted to install the programs just because you can, or because you
think you might use them later. However, even if the source and the
software are legitimate, there may be hidden risks. And if other
people use your computer, there are additional risks.
These risks become especially important if you use your computer to
manage your personal finances (banking, taxes, online bill payment,
etc.), store sensitive personal data, or perform work-related
activities away from the office. However, there are steps you can take
to protect yourself.
How can you protect both your personal and work-related data?
* Use and maintain anti-virus software and a firewall - Protect
yourself against viruses and Trojan horses that may steal or
modify the data on your own computer and leave you vulnerable by
using anti-virus software and a firewall (see Understanding
Anti-Virus Software and Understanding Firewalls for more
information). Make sure to keep your virus definitions up to date.
* Regularly scan your computer for spyware - Spyware or adware
hidden in software programs may affect the performance of your
computer and give attackers access to your data. Use a legitimate
anti-spyware program to scan your computer and remove any of these
files (see Recognizing and Avoiding Spyware for more information).
* Keep software up to date - Install software patches so that
attackers cannot take advantage of known problems or
vulnerabilities (see Understanding Patches for more information).
Many operating systems offer automatic updates. If this option is
available, you should turn it on.
* Evaluate your software's settings - The default settings of most
software enable all available functionality. However, attackers
may be able to take advantage of this functionality to access your
computer. It is especially important to check the settings for
software that connects to the internet (browsers, email clients,
etc.). Apply the highest level of security available that still
gives you the functionality you need.
* Avoid unused software programs - Do not clutter your computer with
unnecessary software programs. If you have programs on your
computer that you do not use, consider uninstalling them.
* Consider creating separate user accounts - If there are other
people using your computer, you may be worried that someone else
may accidentally access, modify, and/or delete your files. Most
operating systems (including Windows XP, Mac OS X, and Linux) give
you the option of creating a different user account for each user,
and you can set the amount of access and privileges for each
account. You may also choose to have separate accounts for your
work and personal purposes. While this approach will not
completely isolate each area, it does offer some additional
protection.
* Establish guidelines for computer use - If there are multiple
people using your computer, especially children, make sure they
understand how to use the computer and internet safely. Setting
boundaries and guidelines will help to protect your data (see
Keeping Children Safe Online for more information).
* Use passwords and encrypt sensitive files - Passwords and other
security features add layers of protection if used appropriately
(see Choosing and Protecting Passwords and Supplementing Passwords
for more information). By encrypting files, you ensure that
unauthorized people can't view data even if they can physically
access it. You may also want to consider options for full disk
encryption, which prevents a thief from even starting your laptop
without a passphrase. When you use encryption, it is important to
remember your passwords and passphrases; if you forget or lose
them, you may lose your data.
* Follow corporate policies for handling and storing work-related
information - If you use your computer for work-related purposes,
make sure to follow any corporate policies for handling and
storing the information. These policies were likely established to
protect proprietary information and customer data, as well as to
protect you and the company from liability.
* Dispose of sensitive information properly - Simply deleting a file
does not completely erase it. To ensure that an attacker cannot
access these files, make sure that you adequately erase sensitive
files (see Effectively Erasing Files for more information).
* Follow good security habits - Review other security tips for ways
to protect yourself and your data.
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-008.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRP80BOxOF3G+ig+rAQJjWggAqSjvC6sOPXs2N98UlKBjF3AGcj+DjEbI
AHaaZEOpp/Rwo/3BrpURjTRhfCQ0c6a54s/1P+fX0BvwAPj3DPTMWWLUNZsGevmf
WcTmFV/XQtknvpA00sOzL1KeAPHhWT7hDbgL9hZA3d1KH4QjnjYJ9fssigFDSngw
mF/fCtGJLRBlm5JdbYzceu6JHpTp2d2yY8LY3o9aOJwK65PTnq0VWaG2hxwiGihU
YCxFItHdwqXp5FNm+td58RscyKT7+7xnogdj13TFP+0aWEp9rmSTHU7TwUPfs/6n
8Zx/lcQ7nU8VRiFF5emMUd+u1naseRwV3GqTqfzUTQ+gMY1A4pk1ww==
=8vYA
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-007
Defending Cell Phones and PDAs Against Attack
As cell phones and PDAs become more technologically advanced,
attackers are finding new ways to target victims. By using text
messaging or email, an attacker could lure you to a malicious site or
convince you to install malicious code on your portable device.
What unique risks do cell phones and PDAs present?
Most current cell phones have the ability to send and receive text
messages. Some cell phones and PDAs also offer the ability to connect
to the internet. Although these are features that you might find
useful and convenient, attackers may try to take advantage of them. As
a result, an attacker may be able to accomplish the following:
* abuse your service - Most cell phone plans limit the number of
text messages you can send and receive. If an attacker spams you
with text messages, you may be charged additional fees. An
attacker may also be able to infect your phone or PDA with
malicious code that will allow them to use your service. Because
the contract is in your name, you will be responsible for the
charges.
* lure you to a malicious web site - While PDAs and cell phones that
give you access to email are targets for standard phishing
attacks, attackers are now sending text messages to cell phones.
These messages, supposedly from a legitimate company, may try to
convince you to visit a malicious site by claiming that there is a
problem with your account or stating that you have been subscribed
to a service. Once you visit the site, you may be lured into
providing personal information or downloading a malicious file
(see Avoiding Social Engineering and Phishing Attacks for more
information).
* use your cell phone or PDA in an attack - Attackers who can gain
control of your service may use your cell phone or PDA to attack
others. Not only does this hide the real attacker's identity, it
allows the attacker to increase the number of targets (see
Understanding Denial-of-Service Attacks for more information).
* gain access to account information - In some areas, cell phones
are becoming capable of performing certain transactions (from
paying for parking or groceries to conducting larger financial
transactions). An attacker who can gain access to a phone that is
used for these types of transactions may be able to discover your
account information and use or sell it.
What can you do to protect yourself?
* Follow general guidelines for protecting portable devices - Take
precautions to secure your cell phone and PDA the same way you
should secure your computer (see Cybersecurity for Electronic
Devices and Protecting Portable Devices: Data Security for more
information).
* Be careful about posting your cell phone number and email address
- Attackers often use software that browses web sites for email
addresses. These addresses then become targets for attacks and
spam (see Reducing Spam for more information). Cell phone numbers
can be collected automatically, too. By limiting the number of
people who have access to your information, you limit your risk of
becoming a victim.
* Do not follow links sent in email or text messages - Be suspicious
of URLs sent in unsolicited email or text messages. While the
links may appear to be legitimate, they may actually direct you to
a malicious web site.
* Be wary of downloadable software - There are many sites that offer
games and other software you can download onto your cell phone or
PDA. This software could include malicious code. Avoid downloading
files from sites that you do not trust. If you are getting the
files from a supposedly secure site, look for a web site
certificate (see Understanding Web Site Certificates for more
information). If you do download a file from a web site, consider
saving it to your desktop and manually scanning it for viruses
before opening it.
* Evaluate your security settings - Make sure that you take
advantage of the security features offered on your device.
Attackers may take advantage of Bluetooth connections to access or
download information on your device. Disable Bluetooth when you
are not using it to avoid unauthorized access (see Understanding
Bluetooth Technology for more information).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-007.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRNpBbOxOF3G+ig+rAQL1vAgAmyw1/NLysRWQV/SXUSaAQpSRtT2MDHPK
CNTwTnCZB5P5lgST6/GUIbuWJ7TJEA5gVMR1jWs8gjbmJAgpYauo3CNM/G6yVP/M
EEi52AhsC951SiTT587SIX4//SZ/u+O6UbRG80dJ+RNOO1oNKnHea5OOxv2jWSG0
T9I3iEoBiTAW52W8qsnPwiZuJ+bymI3Z5BbMYZj3K452N9H15drfmSmz5nHQaD7c
gdOT4rR/k/aea7/ZnFoaQXbfY6c/Tz/xcDdeFKErLZR1AFtUcV7Udwos6hgCOon9
W++xb1Df81g2IaNWX6AOnA57Z9QnbIU1iWeUotVg3CEQuP1+D4RYmg==
=6PyE
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-006
Understanding Hidden Threats: Corrupted Software Files
Malicious code is not always hidden in web page scripts or unusual
file formats. Attackers may corrupt types of files that you would
recognize and typically consider safe, so you should take precautions
when opening files from other people.
What types of files can attackers corrupt?
An attacker may be able to insert malicious code into any file,
including common file types that you would normally consider safe.
These files may include documents created with word processing
software, spreadsheets, or image files. After corrupting the file, an
attacker may distribute it through email or post it to a web site.
Depending on the type of malicious code, you may infect your computer
by just opening the file.
When corrupting files, attackers often take advantage of
vulnerabilities that they discover in the software. These
vulnerabilities may allow attackers to insert and execute malicious
scripts or code, sometimes without being detected. Sometimes the
vulnerability involves a combination of certain files (such as a
particular piece of software running on a particular operating system)
or only affects certain versions of a software program.
What problems can malicious files cause?
There are various types of malicious code, including viruses, worms,
and Trojan horses (see Why is Cyber Security a Problem? for more
information). However, the range of consequences varies even within
these categories. The malicious code may be designed to perform one or
more functions, including
* interfering with your computer's ability to process information by
consuming memory or bandwidth (causing your computer to become
significantly slower or even "freeze")
* installing, altering, or deleting files on your computer
* giving the attacker access to your computer
* using your computer to attack other computers (see Understanding
Denial-of-Service Attacks for more information)
How can you protect yourself?
* Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses,
so you may be able to detect and remove the virus before it can do
any damage (see Understanding Anti-Virus Software for more
information). Because attackers are continually writing new
viruses, it is important to keep your definitions up to date.
* Use caution with email attachments - Do not open email attachments
that you were not expecting, especially if they are from people
you do not know. If you decide to open an email attachment, scan
it for viruses first (see Using Caution with Email Attachments for
more information). Not only is it possible for attackers to
"spoof" the source of an email message, your legitimate contacts
may unknowingly send you an infected file.
* Be wary of downloadable files on web sites - Avoid downloading
files from sites that you do not trust. If you are getting the
files from a supposedly secure site, look for a web site
certificate (see Understanding Web Site Certificates for more
information). If you do download a file from a web site, consider
saving it to your desktop and manually scanning it for viruses
before opening it.
* Keep software up to date - Install software patches so that
attackers cannot take advantage of known problems or
vulnerabilities (see Understanding Patches for more information).
Many operating systems offer automatic updates. If this option is
available, you should enable it.
* Take advantage of security settings - Check the security settings
of your email client and your web browser (see Evaluating Your Web
Browser's Security Settings for more information). Apply the
highest level of security available that still gives you the
functionality you need. In email clients, turn off the option to
automatically download attachments.
Related information
* Securing Your Web Browser
* Recovering from Viruses, Worms, and Trojan Horses
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-006.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRKLZHH0pj593lg50AQJRlwf/Wl0NQ1vgVI+fGwd4BY/GrBMA/ydnddlL
V9F9XPOY0fSDy5ffNNnOg7bAZC86N9OXINrCfR973FUTbUAMek6STLJORkSUvN3a
VIugY7YNyw+GlpXpmjrMxkB/11Y46w4nPKo4oA2xxyh7twXHBJTZLCIUOfzS63Gx
5Xq0X/2e/0FizwX7UWxcj5JATKHikLGCk+Kl1jiNb0stLTQXosXlF7rZIyGbpceK
7nGR2V95hE0e7GxHuFS4FiJ9JK614RX5A4Mv1oQu5Srdm/Kuswo7iMA3MvcFUnL2
hRDmbD0K4NKl7/TRaqjhMa9xNk+39F2lwwkMawFD64q8E2NjOMaM9A==
=jKyB
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-005
Dealing with Cyberbullies
Dealing with Cyberbullies
Bullies are now taking advantage of technology to intimidate and
harass their victims. Dealing with cyberbullying can be difficult, but
there are steps you can take.
What is cyberbullying?
Cyberbullying refers to the new, and growing, practice of using
technology to harass, or bully, someone else. Bullies used to be
restricted to methods such as physical intimidation, postal mail, or
the telephone. Now, developments in electronic media offer forums such
as email, instant messaging, web pages, and digital photos to add to
the arsenal. Computers, cell phones, and PDAs are new tools that can
be applied to an old practice.
Forms of cyberbullying can range in severity from cruel or
embarrassing rumors to threats, harassment, or stalking. It can affect
any age group; however, teenagers and young adults are common victims,
and cyberbullying is a growing problem in schools.
Why has cyberbullying become such a problem?
The relative anonymity of the internet is appealing for bullies
because it enhances the intimidation and makes tracing the activity
more difficult. Some bullies also find it easier to be more vicious
because there is no personal contact. Unfortunately, the internet and
email can also increase the visibility of the activity. Information or
pictures posted online or forwarded in mass emails can reach a larger
audience faster than more traditional methods, causing more damage to
the victims. And because of the amount of personal information
available online, bullies may be able to arbitrarily choose their
victims.
Cyberbullying may also indicate a tendency toward more serious
behavior. While bullying has always been an unfortunate reality, most
bullies grow out of it. Cyberbullying has not existed long enough to
have solid research, but there is evidence that it may be an early
warning for more violent behavior.
How can you protect yourself?
* Be careful where you post personal information - By limiting the
number of people who have access to your contact information or
details about your interests, habits, or employment, you reduce
your exposure to bullies that you do not know. This may limit your
risk of becoming a victim and may make it easier to identify the
bully if you are victimized.
* Avoid escalating the situation - Responding with hostility is
likely to provoke a bully and escalate the situation. Depending on
the circumstances, consider ignoring the issue. Often, bullies
thrive on the reaction of their victims. Other options include
subtle actions. For example, if you are receiving unwanted email
messages, consider changing your email address. If the bully does
not have access to the new address, the problem may stop. If you
continue to get messages at your new account, you may have a
stronger case for legal action.
* Document the activity - Keep a record of any online activity
(emails, web pages, instant messages, etc.), including relevant
dates and times. In addition to archiving an electronic version,
consider printing a copy.
* Report cyberbullying to the appropriate authorities - If you are
being harassed or threatened, report the activity to the local
authorities. Law enforcement agencies have different policies, but
your local police department or FBI branch are good starting
points. Unfortunately, there is a distinction between free speech
and punishable offenses, but the legal implications should be
decided by the law enforcement officials and the prosecutors.
Depending on the activity, it may also be appropriate to report it
to school officials who may have separate policies for dealing
with activity that involves students.
Protect your children by teaching them good online habits (see Keeping
Children Safe Online for more information). Keep lines of
communication open with your children so that they feel comfortable
telling you if they are being victimized online. Reduce their risk of
becoming cyberbullies by setting guidelines for and monitoring their
use of the internet and other electronic media (cell phones, PDAs,
etc.).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-005.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRH36TX0pj593lg50AQIFOQf9Glye0G5Bgx2+OzdOXq8/ymjd1uNIX247
zteTwW0XHtfGB+KtE2H3coJit5Do0HzlJ7pRKStzfsIWc5FoFgW0bgy+/ezSBQ3y
L8Tp42I5p0G3TouuCmXwtKU4e5Hz76rBHdM5K24Udot0n/J8SHjCPpVCCYH61Nat
yLGo792WicpkQxFslEeMZyybKz0pt3u2dMW+B2csUilAdIXg+j1EmFJzOKNzmZVv
qZ8oth5/TW0ltH7DwgqObeUo1M60yLrcQjLc49fn40IV2FAE2CbZvrxwnU5dfNh1
/+8HSijgr21GkOL02kWYK+BnYGaRtQDQy9hEV3ItjS0L5tEwDYVrpw==
=iJ72
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-004
Title of Cyber Security Tip
Avoiding the Pitfalls of Online Trading
Online trading can be an easy, cost-effective way to manage
investments. However, online investors are often targets of scams, so
take precautions to ensure that you do not become a victim.
What is online trading?
Online trading allows you to conduct investment transactions over the
internet. The accessibility of the internet makes it possible for you
to research and invest in opportunities from any location at any time.
It also reduces the amount of resources (time, effort, and money) you
have to devote to managing these accounts and transactions.
What are the risks?
Recognizing the importance of safeguarding your money, legitimate
brokerages take steps to ensure that their transactions are secure.
However, online brokerages and the investors who use them are
appealing targets for attackers. The amount of financial information
in a brokerage's database makes it valuable; this information can be
traded or sold for personal profit. Also, because money is regularly
transferred through these accounts, malicious activity may not be
noticed immediately. To gain access to these databases, attackers may
use Trojan horses or other types of malicious code (see Why is Cyber
Security a Problem? for more information).
Attackers may also attempt to collect financial information by
targeting the current or potential investors directly. These attempts
may take the form of social engineering or phishing attacks (see
Avoiding Social Engineering and Phishing Attacks for more
information). With methods that include setting up fraudulent
investment opportunities or redirecting users to malicious sites that
appear to be legitimate, attackers try to convince you to provide them
with financial information that they can then use or sell. If you have
been victimized, both your money and your identity may be at risk (see
Preventing and Responding to Identity Theft for more information).
How can you protect yourself?
* Research your investment opportunities - Take advantage of
resources such as the U.S. Securities and Exchange Commission's
EDGAR database and your state's securities commission (found
through the North American Securities Administrators Association)
to investigate companies.
* Be wary of online information - Anyone can publish information on
the internet, so try to verify any online research through other
methods before investing any money. Also be cautious of "hot"
investment opportunities advertised online on in email.
* Check privacy policies - Before providing personal or financial
information, check the web site's privacy policy. Make sure you
understand how your information will be stored and used (see
Protecting Your Privacy for more information).
* Make sure that your transactions are encrypted - When information
is sent over the internet, attackers may be able to intercept it.
Encryption prevents the attackers from being able to view the
information.
* Verify that the web site is legitimate - Attackers may redirect
you to a malicious web site that looks identical to a legitimate
one. They then convince you to submit your personal and financial
information, which they use for their own gain. Check the web
site's certificate to make sure it is legitimate (see
Understanding Web Site Certificates for more information).
* Monitor your investments - Regularly check your accounts for any
unusual activity. Report unauthorized transactions immediately.
* Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses.
However, because attackers are continually writing new viruses, it
is important to keep your virus definitions current (see
Understanding Anti-Virus Software for more information).
* Use anti-spyware tools - Spyware is a common source of viruses,
and attackers may use it to access information on your computer.
You can minimize the number of infections by using a legitimate
program that identifies and removes spyware (see Recognizing and
Avoiding Spyware for more information).
* Keep software up to date - Install software patches so that
attackers can't take advantage of known problems or
vulnerabilities (see Understanding Patches for more information).
Enable automatic updates if the option is available.
* Evaluate your security settings - By adjusting the security
settings in your browser, you may limit your risk of certain
attacks (see Evaluating Your Web Browser's Security Settings for
more information).
The following sites offer additional information and guidance:
* U.S. Securities and Exchange Commission -
http://www.sec.gov/investor/pubs/cyberfraud.htm
* National Consumers League -
http://www.fraud.org/tips/internet/investment.htm
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-004.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRE/hgH0pj593lg50AQI3Ogf/XxTN4Y0Lltz1T+6jUcD2KyhEgJsq+xN/
o24TFGF5E9Nl1qnhFmSHKxd1vAWrXvQBStNp1Jv/KauXhy/ai2WrLXNls2lcEor3
78mQAu4KZeOFCG2Zyfmqmca5XvolUf02K8shywlEyb9rqYCepr5yDoawfhBtwEru
Xrtianw2qWUn5e4S/mKk7fP8Dj8QLiaQc7jm/iEbDw0BBfgz4fLuwGycq0v/Slz/
pP92h0rVB5D94Kg0kyJD4RG+0h/YcGGr6jq5zYVVaS9drFXxpEbhYZQzjeJk6UCS
PnICJHH7Em/o+4nPPeeOgxX3nTJlsrIG4C7VBDgZ0Or/KwXQtxmHPQ==
=WUl1
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-003
Staying Safe on Social Network Sites
The popularity of social networking sites continues to increase,
especially among teenagers and young adults. The nature of these sites
introduces security risks, so you should take certain precautions.
What are social networking sites?
Social networking sites, sometimes referred to as "friend-of-a-friend"
sites, build upon the concept of traditional social networks where you
are connected to new people through people you already know. The
purpose of some networking sites may be purely social, allowing users
to establish friendships or romantic relationships, while others may
focus on establishing business connections.
Although the features of social networking sites differ, they all
allow you to provide information about yourself and offer some type of
communication mechanism (forums, chat rooms, email, instant messenger)
that enables you to connect with other users. On some sites, you can
browse for people based on certain criteria, while other sites require
that you be "introduced" to new people through a connection you share.
Many of the sites have communities or subgroups that may be based on a
particular interest.
What security implications do these sites present?
Social networking sites rely on connections and communication, so they
encourage you to provide a certain amount of personal information.
When deciding how much information to reveal, people may not exercise
the same amount of caution as they would when meeting someone in
person because
* the internet provides a sense of anonymity
* the lack of physical interaction provides a false sense of
security
* they tailor the information for their friends to read, forgetting
that others may see it
* they want to offer insights to impress potential friends or
associates
While the majority of people using these sites do not pose a threat,
malicious people may be drawn to them because of the accessibility and
amount of personal information available on them. The more information
malicious people have about you, the easier it is for them to take
advantage of you. Predators may form relationships online and then
convince unsuspecting individuals to meet them in person. That could
lead to a dangerous situation. The personal information can also be
used to conduct a social engineering attack (see Avoiding Social
Engineering and Phishing Attacks for more information). Using
information that you provide about your location, hobbies, interests,
and friends, a malicious person could impersonate a trusted friend or
convince you that they have the authority to access other personal or
financial data.
How can you protect yourself?
* Limit the amount of personal information you post - Do not post
information that would make you vulnerable (e.g., your address,
information about your schedule or routine). If your connections
post information about you, make sure the combined information is
not more than you would be comfortable with strangers knowing.
* Remember that the internet is a public resource - Only post
information you are comfortable with anyone seeing. This includes
information in your profile and in blogs and other forums. Also,
once you post information online, you can't retract it. Even if
you remove the information from a site, saved or cached versions
may still exist on other people's machines (see Guidelines for
Publishing Information Online for more information).
* Be wary of strangers - The internet makes it easy for people to
misrepresent their identities and motives (see Using Instant
Messaging and Chat Rooms Safely for more information). Consider
limiting the people who are allowed to contact you on these sites.
If you interact with people you do not know, be cautious about the
amount of information you reveal or agreeing to meet them in
person.
* Be skeptical - Don't believe everything you read online. People
may post false or misleading information about various topics,
including their own identities. This is not necessarily done with
malicious intent; it could be unintentional, a product of
exaggeration, or a joke. Take appropriate precautions, thought,
and try to verify the authenticity of any information before taken
any action.
* Check privacy policies - Some sites may share information such as
email addresses or user preferences with other companies. This may
lead to an increase in spam (see Reducing Spam for more
information). Also, try to locate the policy for handling
referrals to make sure that you do not unintentionally sign your
friends up for spam. Some sites will continue to send email
messages to anyone you refer until they join.
Children are especially susceptible to the threats that social
networking sites present. Although many of these sites have age
restrictions, children may misrepresent their ages so that they can
join. By teaching children about internet safety, being aware of their
online habits, and guiding them to appropriate sites, parents can make
sure that the children become safe and responsible users (see Keeping
Children Safe Online for more information).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-003.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRCrrV30pj593lg50AQKXKQgAr2LqqfzHZG+56G8pQQVWKedbSoksR09n
ndGxlLLJgxvbC4EBg4TvrfvH6BrMgyMLhr+ENZ6HkRTK5/YPbmpPeZicESz0gtu7
Zyhi9XRtmZYm69Fu3h8AL3bVqkYALM8F3bFG6NQwePZsv3uJ2QGSRNeH2fMZewgt
OJwZnTeZYw/NYYYO36NmoyE3Qx2pjfbwlkCXimw/bvwiALGaOffwFS5NSO6ktseC
4yJaF2DLoIEdhbFgkkkmXNc621XzgS+G4dZd0EIYrTsECkhThTmchS3HZxu43w9R
NZbm6Udi1YZPp49ddPP/MgeS6a7I4/YOUraCpkAaJhWIRB3XAJH0EQ==
=4RkN
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-002
Debunking Some Common Myths
There are some common myths that may influence your online security
practices. Knowing the truth will allow you to make better decisions
about how to protect yourself.
How are these myths established?
There is no one cause for these myths. They may have been formed
because of a lack of information, an assumption, knowledge of a
specific case that was then generalized, or some other source. As with
any myth, they are passed from one individual to another, usually
because they seem legitimate enough to be true.
Why is it important to know the truth?
While believing these myths may not present a direct threat, they may
cause you to be more lax about your security habits. If you are not
diligent about protecting yourself, you may be more likely to become a
victim of an attack.
What are some common myths, and what is the truth behind them?
* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to
protecting your information (see Understanding Anti-Virus Software
and Understanding Firewalls for more information). However,
neither of these elements are guaranteed to protect you from an
attack. Combining these technologies with good security habits is
the best way to reduce your risk.
* Myth: Once software is installed on your computer, you do not have
to worry about it anymore.
Truth: Vendors may release patches or updated versions of software
to address problems or fix vulnerabilities (see Understanding
Patches for more information). You should install the patches as
soon as possible; some software even offers the option to obtain
updates automatically. Making sure that you have the latest virus
definitions for your anti-virus software is especially important.
* Myth: There is nothing important on your machine, so you do not
need to protect it.
Truth: Your opinion about what is important may differ from an
attacker's opinion. If you have personal or financial data on your
computer, attackers may be able to collect it and use it for their
own financial gain. Even if you do not store that kind of
information on your computer, an attacker who can gain control of
your computer may be able to use it in attacks against other
people (see Understanding Denial-of-Service Attacks and
Understanding Hidden Threats: Rootkits and Botnets for more
information).
* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers
look for the biggest reward for the least amount of effort, so
they typically target databases that store information about many
people. If your information happens to be in the database, it
could be collected and used for malicious purposes. It is
important to pay attention to your credit information so that you
can minimize any potential damage (see Preventing and Responding
to Identity Theft for more information).
* Myth: When computers slow down, it means that they are old and
should be replaced.
Truth: It is possible that running newer or larger software
programs on an older computer could lead to slow performance, but
you may just need to replace or upgrade a particular component
(memory, operating system, cd or dvd drive, etc.). Another
possibility is that there are other processes or programs running
in the background. If your computer has suddenly become slower,
you may be experiencing a denial-of-service attack or have spyware
on your machine (see Understanding Denial-of-Service Attacks and
Recognizing and Avoiding Spyware for more information).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-002.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ/zHan0pj593lg50AQJX3Qf/WW/YtOrMAZ2i+DjJ/qtBynbmbANrPr6F
cTSKrYkQCn6SECil2nuMt1MQ2UN00rsPwotIakDau5NKLotnd/4FYe1M8/kpdF8J
6/xYuzQ2DBsh0N5oNp+RqtgL6+r0JmjDshowboJleahusFnaTFH7hTFNvjQ3Plo7
HfAzCGTR7z9BcqPGtgoKE3q2LwYpFr8ap+JkQzfVc/Hi4/ODpHJK/zbtY7+02qHf
OvxdCJMASQiU1WQ1yckNR+QLea0ESUSwLgcSFHaU6HE3xU5+99NqQk1SBSdJLqvg
NSe5HNQIOc5ynCUEs3qBigYVxE75fOVQ8nfV8fqDF0Za1ALVXn5Cpg==
=P3b8
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-001
Understanding Hidden Threats: Rootkits and Botnets
Attackers are continually finding new ways to access computer systems.
The use of hidden methods such as rootkits and botnets has increased,
and you may be a victim without even realizing it.
What are rootkits and botnets?
A rootkit is a piece of software that can be installed and hidden on
your computer without your knowledge. It may be included in a larger
software package or installed by an attacker who has been able to take
advantage of a vulnerability on your computer or has convinced you to
download it (see Avoiding Social Engineering and Phishing Attacks for
more information). Rootkits are not necessarily malicious, but they
may hide malicious activities. Attackers may be able to access
information, monitor your actions, modify programs, or perform other
functions on your computer without being detected.
Botnet is a term derived from the idea of bot networks. In its most
basic form, a bot is simply an automated computer program, or robot.
In the context of botnets, bots refer to computers that are able to be
controlled by one, or many, outside sources. An attacker usually gains
control by infecting the computers with a virus or other malicious
code that gives the attacker access. Your computer may be part of a
botnet even though it appears to be operating normally. Botnets are
often used to conduct a range of activities, from distributing spam
and viruses to conducting denial-of-service attacks (see Understanding
Denial-of-Service Attacks for more information).
Why are they considered threats?
The main problem with both rootkits and botnets is that they are
hidden. Although botnets are not hidden the same way rootkits are,
they may be undetected unless you are specifically looking for certain
activity. If a rootkit has been installed, you may not be aware that
your computer has been compromised, and traditional anti-virus
software may not be able to detect the malicious programs. Attackers
are also creating more sophisticated programs that update themselves
so that they are even harder to detect.
Attackers can use rootkits and botnets to access and modify personal
information, attack other computers, and commit other crimes, all
while remaining undetected. By using multiple computers, attackers
increase the range and impact of their crimes. Because each computer
in a botnet can be programmed to execute the same command, an attacker
can have each of them scanning multiple computers for vulnerabilities,
monitoring online activity, or collecting the information entered in
online forms.
What can you do to protect yourself?
If you practice good security habits, you may reduce the risk that
your computer will be compromised:
* Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses,
so you may be able to detect and remove the virus before it can do
any damage (see Understanding Anti-Virus Software for more
information). Because attackers are continually writing new
viruses, it is important to keep your definitions up to date. Some
anti-virus vendors also offer anti-rootkit software.
* Install a firewall - Firewalls may be able to prevent some types
of infection by blocking malicious traffic before it can enter
your computer and limiting the traffic you send (see Understanding
Firewalls for more information). Some operating systems actually
include a firewall, but you need to make sure it is enabled.
* Use good passwords - Select passwords that will be difficult for
attackers to guess, and use different passwords for different
programs and devices (see Choosing and Protecting Passwords for
more information). Do not choose options that allow your computer
to remember your passwords.
* Keep software up to date - Install software patches so that
attackers can't take advantage of known problems or
vulnerabilities (see Understanding Patches for more information).
Many operating systems offer automatic updates. If this option is
available, you should enable it.
* Follow good security practices - Take appropriate precautions when
using email and web browsers to reduce the risk that your actions
will trigger an infection (see other US-CERT security tips for
more information).
Unfortunately, if there is a rootkit on your computer or an attacker
is using your computer in a botnet, you may not know it. Even if you
do discover that you are a victim, it is difficult for the average
user to effectively recover. The attacker may have modified files on
your computer, so simply removing the malicious files may not solve
the problem. If you believe that you are a victim, consider contacting
a trained system administrator.
As an alternative, some vendors are developing products and tools that
may remove a rootkit from your computer. If the software cannot locate
and remove the infection, you may need to reinstall your operating
system, usually with a system restore disk that is often supplied with
a new computer. Note that reinstalling or restoring the operating
system typically erases all of your files and any additional software
that you have installed on your computer.
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-001.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ9fys30pj593lg50AQIZdQf/Xeedvp2w7pLMuHHrRV4qtz1jMmDk51g8
lUQkXNNDD1uFTLSumnAjn+4dwBDmbhH98rxAFERAxPuJriqeLXYPp5cS+lohfTnm
9a9T+7ShVhC2m2eIeFtLkLvD7MAVYKcx6ekSOTljgIupg5LfrqgzRiYp1VuTREp0
T1cmbG/LRrVb/ge0NCbO2ErwXV7lobLvs+sBGd7jrdlTNzNXHbYfJzuX+G0+1aJI
zEVZmCEJHNmds9baU76+miofh1P4ZunUpQHDr8Z/lXix3gUj/NphmKgDBL+Pmtwu
RwkuRr81B2BkTVml5ZCFWZCVCJ1UIShZN7gwHC2h2TxtYsrIqQo/nw==
=8zW8
-----END PGP SIGNATURE-----
