Oct 03 2010

Facebook Security Alert

Category: Facebook,SecurityKamlesh @ 9:42 am

There is no end for the Security problems on Web.  Today, I received this mail from my friend’s Facebook account to view Private videos:

Subject: IMPORTANT! PLEASE READ
Hi. As you are on my friends list you should see my private videos here : http://www.facebook.com/l/06c38sK3_mtD78N6wfYIf_jqNbA;darrenkutz.freeoda.com

Most of the times, you tend to click on this link and go to the Malicious website.  And what if this malicious website asks to install a plug-in on browser?

Here are somethings which you can do, if you received such fishy messages:

  1. Do not click on any links given in the Facebook mail
  2. Send mail or message to the Sender asking whether he/she really sent such message to you and then take action
  3. Review your Facebook Privacy setting and make changes to it.

Jun 15 2010

Windows Live Mail – Security Alert!!!

Category: SecurityKamlesh @ 12:06 am

Recently I received this mail (click the image to enlarge) in my Windows Live mailbox.  The mail had a scroller on top of the body, which said “CONFIRM YOUR WINDOWS LIVE ACCOUNT SERVICES. VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!! “.  At the bottom, it asked for all your Personal Information.

Please do not get fooled with such mails and do not reply to them.

May 26 2010

10 Immutable Laws of Security

Category: Microsoft,SecurityKamlesh @ 2:12 pm

Check the this Microsoft TechNet link for more details on above points.

See Also:

Revisiting the 10 Immutable Laws of Security, Part 1

Revisiting the 10 Immutable Laws of Security, Part 2

Mar 28 2009

avast! is ready for 1 April; are you?

Category: SecurityKamlesh @ 3:05 pm
April 1st is a date often targeted by the creators of malware and this year will be no exception. There are currently a lot of reports in the media about potential new virus threats and speculation about the potential impact of new viruses such as the Conficker worm. However, provided your computer’s operating system and your avast! antivirus are up to date, the risk is very small and there is no need to be unduly concerned.
To ensure you are protected against any potential new malware threats, before March 31st you should make sure that your antivirus program and virus definitions are completely up-to-date and that you have installed all available Windows security updates. We recommend checking that avast! is set to update itself and the virus database automatically – to check this, right click your avast! a-ball in the bottom right corner of your screen, select “Program settings” and then “Update (Basic)”. Here you should make sure that the virus database is set to “automatic”.
Also, whenever you switch on your computer, make sure that avast! is actually running. Some viruses are designed to specifically target antivirus programs and to turn them off, however avast! contains strong self-defense which is designed to prevent this. If avast! is running, you should see the normal blue a-ball in the bottom right corner of your screen. If it is switched off, it will contain a circle with a red line through it.
And finally, make sure that you have the latest Windows security updates. In particular, the Conficker worm takes advantage of a Windows vulnerability which Microsoft fixed in late 2008. Users of Windows Vista or XP (SP2 and higher) should have had this update installed automatically.
Source: avast! news

Mar 07 2009

SBI proposes hardware tokens for additional layer of security

Category: Banks,India,SecurityKamlesh @ 10:01 pm
State Bank of India proposes to provide hardware tokens (see image) as an additional layer of security for Internet banking. A hardware token is a tamper proof device, similar to a USB. The token is assigned to a specific Internet banking user, and generates a unique one time authentication password to complete a transaction. They are conducing a survey on their Online Banking website, to check if the customer is interested to avail this additional security feature and also bear the one time cost of hardware token (Max Rs. 1000).

Feb 07 2007

New phishing technique discovered

Category: SecurityKamlesh @ 12:06 pm

A new ‘undetectable’ phishing tactic has been hijacking the web pages of a major UK bank, according to security vendor Envisional.

Until now customers have been able to check a link in an email by moving the mouse over it, thus revealing a fraudulent URL addresses. But this new method shows the legitimate web address of the bank in question.

‘This is a completely new and very dangerous threat,’ said Envisional’s chief executive officer, Michael Wheatley. ‘Even wary, sophisticated online banking customers will be caught out by this latest form of attack.’

The new approach exploits a vulnerability in the web site of the bank, allowing a link to look like it directs the user to the legitimate site. Actually the link sends the user to a framed mock-up of the bank’s page that is really part of the phisher’s web site.

Source: Computing UK