1 / 27

Some more Security Issues

Some more Security Issues. Summary. Spyware Rootkits Identity Theft Phishing Spam. Spyware. Spyware is malware that watches your actions in the computer and: It will probably pop up ads that might interest you It will probably send some information “home”. It often clogs your computer

chaviva
Download Presentation

Some more Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Some more Security Issues

  2. Summary • Spyware • Rootkits • Identity Theft • Phishing • Spam

  3. Spyware • Spyware is malware that watches your actions in the computer and: • It will probably pop up ads that might interest you • It will probably send some information “home”. • It often clogs your computer • Sometimes called adware; sometimes you accepted it when you downloaded some freesoftware. • A variety called snoopware is used to keep tabs on other users of a computer.

  4. Other varieties of Spyware • Browser Hijackers: very hard to remove. • Key Loggers • Dialers • Cookies

  5. Spyware Symptoms • Sluggish PC Performance • Weird Pop-up ads • Toolbars you can't delete • Unexpected changes in your home page settings • Weirdly behaving internet • Unusual search results • Programs don't run or run incorrectly • Frequent Computer Crashes

  6. Spyware Remedies • Use an Antispyware Program: • Windows Defender • Spybot Search & Destroy • Ad-Aware • Set your Internet Options (security) to high • UPDATE Windows and your Spyware signatures frequently • Periodically do a full system scan • A second antispyware program won't hurt.

  7. Spyware Remedies II • You can use the “Real Time Protection” of Windows Defender (in Vista and Windows 7, “right click and run as administrator, in order to turn it on)., and/or • Use the Immunize feature of Search & Destroy (it tweaks Internet Explorer) • Use a different browser than Internet Explorer: use Firefox or Google Chrome

  8. Rootkits • A rootkit is like an “invisibility cloak” which hides malware. • Rootkits were made famous by Sony in 2005.

  9. Rootkit Protection • Most security utilities (like Norton, McAfee, F-Secure, etc) protect against most rootkits. • Use a Rootkit Scanner: • F-Secure Blacklight http:/www.f-secure.com/blacklight/ • Microsoft Windows Malicious Software Removal Toolhttp://www.microsoft.com/security/malwareremove/ • Rootkit Hook Analyzerhttp://resplendence.com/hookanalyzer • Use System Restore

  10. Identity Theft • Symptoms: • Strange items in your credit card staement • Calls from collection agencies for debts you don't know anything about • New accounts on your credit record. • An undeserved low credit record. • Missing or stolen Id cards or records. • Calls from the police about crimes you did not commit.

  11. ID theft, Preventive Measures • Avoid giving out your personal information. • Safeguard your Driver's license number, your SS Number, your Passport number, etc. Be specially careful about your SS Number • Keep all important numbered documents in a safe place at home or in a safe in a bank. • Shred all papers that contain sensitive numbers: any of the numbers above, as also, account numbers

  12. ID Theft Preventive Measures II • Minimize your credit cards:it is easier on you, and better for your credit score. • Keep a record of all your credit cards and the numbers to call if they are lost/stolen. • Pay your bills electronically; the less paper there is in the mail, the less paper that can be stolen. • Never give out any numbers if somebody calls you; don't email any sensitive information.

  13. ID Theft Preventive Measures III • Keep an eye on your credit report: • EQUIFAX 1-800-685-1111 http://www.equifax.com/ • Experian: 1-888-EXPERIA (397-3742) http://www.experiam.com/ • You can order it at http://annualcreditreport.com/ or by calling 1-877-322-8228. More info at: www.ftc.gov/bcp/conline/edcams/credit/ycr_free_reports.htm

  14. ID Theft What to do? • Contact the credit bureaus and place a fraud alert. • Close all tainted accounts; reopen with new account numbers. • Report the theft to the Police. • Get new versions of ID documents (if necessary). • File a complaint with the ftc at:http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/filing-a-report.html

  15. Phishing • Phishing is sending emails with the intent of luring people into revealing sensitive information. Usually they are cleverly disguised to appear as from a bank or other reputable company; often they come with serious consequences if the recipient does not comply, and they always ask for information reputable companies will not ask you.

  16. How to tell a Phish • False statements with very dire threats for the recipient, such as account termination, loss of access and/or steep reactivation fees. • They ask for information which you should not ever be given out. • They seldom have your name in the email.

  17. How they work • By changing the “From” line in the header, the email appears as if it came from somebody else (it is THAT simple!) • By using <a href=”mysite”>bank's site</a> you think you are clicking on “bank's site”, when you are being directed to “mysite”. • Exploiting a bug in IE 5.01, 5.5 and 6 which allows them to display a different address from the one displayed.

  18. Pharming • Also called DNS poisoning. • The process of translating names to IP addresses is done by “Dynamic Name Servers”. These servers, in turn, are constantly asking about translations, and, when they get the information, they keep it, for about a minute; bad people may feed bad information to the DNS, sending people astray.

  19. 419 Scams • Nigerian 419 Scam: a person gets an email from somebody who claims to have access to lots of cash; they want to get it out of the country they are at, and if you help them, you get to keep a fraction (ofrten millions). • Victims have lost thousands; some have even traveled overseas only to get kidnapped or worse. • Read http://www.419eater.com/html/letters.htmfor some people who turned the tables on them

  20. Damage caused by Phishing • Financial loss • Identity Theft

  21. What to do • Don't send any information over email; don't click on any links in emails; if you are really tempted, cut and paste the text of the link into your browser. • When filling out forms on the web with information, make sure that the web address starts with https: • Install an Anti-Spam filter • Use NetCraft or WOT • Some browsers may need Spoofstick. • Keep your security software up to date. • Keep your OS software up to date.

  22. Spam • spam is unsolicited email with advertisements, often stupid, sometimes offensive, and rarely with something you want/need. • It gets created by individuals or shady companies out for a “quick buck” • It is profitable because the send out millions of emails, and even if only one in a thousand answers, and they only make $1.00 per response, they still made thousands of dollars.

  23. Some spam varieties • Malware distribution • Scams • Hobbit spam • SPIM

  24. Why hasn't spam been stopped? • Because it is impossible • Because the politicians don't want to.

  25. Where do spammers get the addresses? • Website harvesting. • Publicly available address books on web-based email sites • Dictionary Spamming • Commercial email lists • Discussions forums, newsgroups, etc. • Contests • Email forwarding • Data theft

  26. Impact of spam • Costs money (clogs the internet) • Wasted productivity • Wasted time • It causes people to disconnect • Annoying, offensive, dangerous to minors • Malware and scam carrier • It can get you kicked off the net

  27. What you can do • NEVER RESPOND TO SPAM • Don't place your email address on the web • Don't use mailto • Turn off Image display in Email programs (displaying the images in spam, tells spammers they found a legit email address): • Click on “don't download Pictures Automatically in Html messages in Outlook.

More Related