Drives With PreInstalled Virus

If you plan to upgrade your computer or just buying some spare parts, you should be careful. As Taipei Times informed, some Maxtor portable hard disks come with "virus preinstalled".

In Thailand produced drives carried two files that help trojans get into the system: autorun.inf and ghost.inf. Trojans then upload data such as logins and other interesting informations to www.nice8.org and www.we168.org.

It is not the first time, when devices come with viruses. Two years ago Sony BMG released discs with DRM acting like a rootkit. And in September German chain sold laptops with "Stoned.Angelina", really old virus that was first time seen in 1994.

Of course in corporate environment are often used special methods for deploying new machines, where repartitioning is done by deploying OS, or they are already delivered with disc images provided before to vendors. But such portable devices are often bought individually by users, that have no idea about how to handle such devices before connecting.

Kai Roer in his blog posted few useful notes:

- never trust ANY hardware you bring into your perimeter

- ALWAYS check EVERYTHING you install in your systems and network - in a safe environment. For hard drives, that means testing, low-level formating and signing them off in a secure, non-connected environment. You do have that, right?

- as security gets tighter, threats evolve and finds other ways to get to you. It is a long time since boot-virus traveled by floppies. But if slow distribution is the easiest, most cost efficient way to hit you, that is how it will be done.

- targeted attacks are increasingly common. We are leaving the days where the goal was to hit as many as possible. The goal today is cash - not attention.

In fact all these things we should keep in mind, but to be honest do we? Often in corporate environment you can see that nothing above mentioned is considered. Moreover, precisely planed and launched targeted attack on single person or group, that doesn't concern about security, can cause real disaster even if the best policies are applied, because the most vulnerable point is between keyboard and seat.

Do's

*** Unplug your PC if you are not using it for extended periods of time. Be aware of the fact that even if your computer is turned off, a hacker may have access to your information if your network card has WON ( Wake-On-Lan).

*** Password protect your computer.

*** Use passwords that are not easy detectable.

*** Regularly change your passwords (at least once in 6 months). Keep in mind that in some computer systems (Linux, for instance) once you use a password , you have to regularly change it as it expires anyway.

*** Back up your information (on CDs, DVDs). It is the only way you can avoid loosing it for good.

*** Keep your backup information in a different and secure location from your PC system. Take safety measures for your sensitive data. For instance, in case something unexpected should happen where your PC is located, such as a fire, you have the certainty that your information is safe and sound somewhere else.

*** Use antivirus software.

*** Use a firewall.

*** Use email filtering or attachment blocking software.

*** Always use a delete software.

*** Regularly update your software.

Don't's

*** Do not download files or programs from sites you don't know or trust.

*** Do not use easily detectable passwords on your computer, such as name, date of birth, mother's maiden name, etc.

*** Do not use the same passwords for all your files.

*** Do not keep your backup information in the same place with your PC. In case an unforeseen situation may appear where your computer is located, you have the certainty that your backup data is safe in a different location

How to get on safer side?

1. Do not ever provide your email addresses or phone numbers to the sites you do not trust. Did you know that some sites even sell your phone number? (the buyers will then send you spam messages)

2. There are many ways to disguise identities on Internet. The culprits need the identities which should seem authentic. Do not ever give your email addresses or phone numbers to people whom you do not trust on chat sites or IMs.

3. Do not click on user posted links in forums, chat or IMs whom you don't trust. Though many sites use many security measures, there exist many techniques by which your security can be compromised on certain sites. Some of them are XSS attack, Session hijacking, Cookie stealing, variable stealing etc.

4. When using someone else's phone, do not make bookmarks of pages. also do not turn on the "remember me" button (found on many sites during login)

5. Do not put your email addresses and phone numbers in public areas where they can be accessed by mass. Automatic crawlers and bots and extract them easily and then it can be mishandled.

6. Do not signup for accounts for others from your email address or phone. You can be in trouble if the other misuses the account for any illegal purpose.

7. Do not click on links you don't trust or don't download anything from the site you don't trust. Your phone can be infected with virus, worms, trojans etc.

8. Use hard to guess passwords for your online accounts. Use random passwords with combination of uppercase and lowercase characters with numbers.

9. If possible, don't use one password on more than one site.

10. Most disastrous can be giving your address to someone whom you don't know well. Many cases of theft, kidnapping, frauds have come to light on reputed sites like myspace, yahoo, hi5, orkut, msn etc.

11. REMEMBER, do not go for something where you see drastic profits. It can be treacherous!

"All that glitters is not gold." its very very true on this virtual world.

Share this blogs with your friends also and help them be more secure.

Web Security Guide For Parents

Children are most prone to insecurity on Internet. Help your child be safe by following instructions:

1.Protect Your Child's Privacy Online

2.Be aware of cyberspace threats! Learn about all risks children may face while surfing on the Internet and start educating them on how to protect themselves online.

3.Talk to your children about dangers they can encounter as long as they are online. Do not be reluctant to subjects such as sexuality, pornography or pedophiles. Do not consider them taboo.

4.Make sure your children know that not everything they read on the Internet is true and accurate. Make them aware that not all the people they meet online are trustworthy. Help your children develop their ability of sorting out the information they come into contact with while they are online.

5.Place your computer in an area of your house where you can easily supervise your children's Internet activity.

6.Monitor and restrict your children's access to the Internet while they are at home.

7.Be aware that your children have access to the Internet not only at home, but also at school, libraries, where they are not under your guidance and supervision. Regularly ask them about their online friends and activities.

8.Spend time online alongside your children in order to establish an atmosphere of confidence regarding computer usage and online activities.

9.Ask your children not to respond to unsolicited emails from people they do not know.

10.Advise your children not to give away their (parents', friends', etc,) personal information online.

11.Advise your children to avoid face to face meetings with unknown persons they get acquainted with in chat rooms or IM.

12.Check the browser history web page to see the websites visited by your children.

13.Establish reasonable online rules and an agreement with your children about Internet usage at home or in other places (i.e. at a friend's house, at school, at the library, etc.). Print the rules and place them near the computer as a reminder. Monitor the compliance with the rules.

14.Monitor the amount of time your children spend on the Internet, and the time when they are browsing it. Excessive time online, especially at night, may indicate a problem.

15.Consider any change in your children's behavior (mention of adults you don't know, secretiveness, inappropriate sexual knowledge, sleeping problems, etc.).

16.Chat rooms and Instant Messaging are sometimes the favorite playground of sexual predators. Do not allow your children to have an online profile. This will hinder their profile listing in directories and, consequently, the approach in chat rooms of pedophiles searching for easy preys.

17.Look for privacy policy on websites directed to children. The policy must be available through a link on the website's homepage and at each area where personal information is collected from kids. Websites for general audiences that have sections for children must post the notice on the kids' section homepage. Read their policy to find out what kind of personal information is being collected, how it will be used, and if it will be passed on to third parties. If you find a website that doesn't post basic protection specifications for children's personal information, ask for details about their personal information collection practices.

18.Decide whether to give consent or no to websites to collect personal information from your children. Yet, you may give your consent, but disagree to have it transmitted to third parties.Your consent isn't necessary if the website is collecting your children's email address simply to respond to a one-time request for information. To find out more about webmasters, please click here.

19.Block instant/personal messages from people you and your children do not know. Regularly check your children's list of friends to ensure that it has not been altered.

20.Watch out for Internet hoaxes, false virus warnings, chain letters disguised as charity fund raisers, pyramid schemes designed as legitimate employment opportunities, etc.

21.Use filtering and monitoring software to restrict sensitive information "flowing" from your computer.

22.Consider reporting any suspicious content or activity that may harm or has already harmed your children