Internet Network Security Blog

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Just when you thought your Gmail was safe, hackers have found a way to hijack your email accounts. This was revealed some months ago when Gmail customer support started getting concerned letters about the amount of spam received in their Gmail accounts.

This phenomenon is caused by hackers hijacking your Gmail account using a technique called Cross Site Request Forgery (CSRF), Techniques requires that you click a link on a dummy hacker site, spam mail or a pop up ad while logged into your Gmail account. This action can transplant a digital spy in the form of a cookie or java script code into your PC. When your Gmail account is open, this digital spy tricks your web browser into sending an invisible request to Gmail servers.

This request could be to download your account data, your contact list, or your emails. As long as you kept your Gmail account open the digital spy could download info uninterrupted until you logged out of your account. This technique could also load spam and other hacker scripts into your Gmail account. The stolen information would be used to pilfer other account information. Or hackers can profit by selling the Gmail account info to spammers for the highest price.

Google was able to respond to the Gmail flaw quickly by tightening up their security structure. But, the CSRF attack can work also with your Google Toolbar and other websites, not only Gmail. If hackers are able to hijack your Gmail accounts, this technology could be used to request financial information when you’re a doing online transactions. There have been reports that CSRF attacks were able to initiate the transfer money by embedding a java script code in the web browsers during online banking activity.

A CSRF technique relies primarily on the users’ ignorance and trust they have for major websites. There are techniques that would reduce this kind of attack from happening. Here is a simple strategy to stop hackers from stealing your online information.

1. Never instruct your browser to remember your login information. This allows hackers to easily enter your trusted sites using a hijacked web browser.
2. Set your browser to block cookies or a least require notification before being loaded. Also perform a “secure delete” of cookie history after logging off the net. Visit www.delete-computer-history.com/delete-cookie-history for instructions.
3. Use a third party firewall with settings at high security to monitor incoming and outgoing net traffic.
4. Use Firefox as your primary web browser. Firefox’s active development allows the web browser to immediately respond to security threats. For example, downloading the No Script Firefox add-on will guard you against this kind of attack.
5. Always logout of your websites when activity is finished. And log off from the net when your online activity is completed.

If you following these simple techniques you are already many steps ahead of most PC users. This action also provides a decent amount of online security against these kinds of attacks. However, online security flaws are not necessarily the fault of the internet users. Security flaws in a trusted website is the major avenue used for an attack. Trust in major sites is the weapon CSRF attackers use to steal information. For this reason Gmail and other web mail providers are the best places for hackers to launch an attack.

All in all, having a constant broadband connection to the net comes with a high price. The price is your security. If you don’t protect yourself the door to your online personal information is open. And leaving the door open for anyone to enter your home or in this case your computer.

About the Author
Before you consider investing in online security software, you should take the time to delete your internet history. Visit ( www.delete-computer-history.com ) Internet history files are a major resource for hackers to exploit. Protect your self with simple online techniques. However if software is your approach, don’t get scammed into paying hundreds for software that doesn’t deliver. Check out these reviews. www.delete-computer-history

Technorati Tags: gmail, email, hacker, hacking, pc security, email security, gmail security

There’s a lot of great, free software products on the Web. I found one list that features personal picks of the “best of the best.”

On the following free software web site are 46 different freeware categories with selections of the best products in each category. The list is ordered by program function rather than merit so you’ll get the most out of it by browsing it at leisure.

Visit The 46 Best-ever Freeware Utilities

Everyday it’s the same old story. Open your mail and find the line of spam mails in your inbox. Not only is this annoying but it is also dangerous. It causes great financial losses to the administration which deals with it and carries high potential to inflict great financial losses to the individuals who may fall in this spam trap that has been laid for them. Actually, spam e-mails are sent by fraudulent companies and individuals. These spam e-mails are usually loaded with viruses, spy programs and other unwelcome software’s. Despite new laws and verdicts, still the numbers of spam e-mails are rising day after day.

Protection of ones inbox or mail box from these spam e-mails is a growing concern for people nowadays. There are a lot of software’s that are being developed nowadays so as to block the flow of spam e-mails. But, there are some simple steps following which an individual can block the flow of spam e-mails in his mailbox.

One should always try to protect his or hers email address. Care should be taken by individuals that they don’t display their email addresses at chat rooms or at any other rooms were they are taking online services. For example, if once an individual displays his email address at any directory room; any spammer who is in the lookout of email addresses may spot it and then send spasm at that email address. Individuals are also advised to sometimes create two or three email addresses. People are advised to do so, so that they can use there addresses for different and specialized use. Implying that an individual can use one of his email address for personal messages, one for service rooms, one for public chat etc. depending upon the needs of the individual.

Spammers have a unique style of working. Sometimes they just use dictionary attacks to sort out possible name combinations while sending spam. Thus users with a common name as an email address may often fall as a victim of the spam emails than an individual who has a unique email address. Thus it is usually advisable to have a unique email address, if the person really intends in keeping the spam emails against his mail box.

Moreover, most of the email accounts provide filter tools the user, just in case if the individual wants to keep the spam emails away from his email address.

The above said methods are very simple and any individual who follows these simple steps will come to know how simple yet so effective these steps are in keeping junk and spam emails away from their email addresses.

One of the most effective ways to fight spam is to use Spam Arrest.

When you signup for Spam Arrest, you will receive a new @spamarrest.com email address. You can also protect your existing email accounts by forwarding them to your Spam Arrest email address, or by having Spam Arrest periodically poll them.

All of your non-spam email is placed into your Spam Arrest inbox, which you can access using POP3 or IMAP from your email program (such as Outlook or Eudora) or from any web browser using our powerful webmail system.

Spam Arrest allows you to pre-define who is allowed to send you mail.

You can authorize specific email addresses, domains, and mailing lists, either manually or using our import tools.

Spam Arrest also provides you with disposable email sub-addresses, which allow you to receive messages from unknown senders and automated systems without exposing your real email address.

Spam Arrest uses Challenge/Response technology to keep the spam out. Emails from unknown senders will receive an auto-reply message asking them to verify themselves.

When the sender clicks the link in the email, they are taken to a webpage where they are “challenged” to type in a word that is hidden within a graphic or a sound file (for visually-impaired users).

When the sender successfully completes the “response”, their email is forwarded to your inbox, and they are then added to your authorized sender list.

The challenge/response process is easy for people, but impossible for automated systems (i.e. spambots), to complete.

Emails from unauthorized senders are held in your “unverified” folder for seven days.

You can access these emails at any time by logging into the the Spam Arrest website, and can manually approve any senders from whom you wish to receive email.

Getting started with Spam Arrest is quick and easy. Just fill out some basic information, and your account will be ready to use immediately. Subscriptions are available for as low as $3.12 a month.

Not sure if Spam Arrest is right for you? Give it a try absolutely free for 30-days, no credit card required. If you are unsatisfied, you can cancel at any time.

If you get stuck or have any questions, don’t hesitate to contact our customer support staff. We’re here to help!

technorati tags:
spam
fight spam
computer virus
anti virus
spyware
anti-virus
anti-spam
network security

 TYPES OF INFECTION:  

• Viruses
• E-mail Viruses
• Worms
• Trojan Horses

WHAT IS A VIRUS?  

• Viruses- A virus is a software program that is capable of replicating with little or no user intervention, and the replicated programs also replicate further. Viruses piggyback on real programs. For example, a virus may attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs as well, and it has the opportunity to reproduce by attaching to other programs. The purpose of a virus can be anything from erasing files, formatting your hard drive, to replacing text in your document. Viruses are often disguised as games or images with clever titles such as “Pictures of ME”.
• E-mail Viruses- An email virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to the people in the victim’s e-mail address book.
• Worms- A worm is a virus that spreads by creating duplicates of itself on other drives, systems, or networks. Worms may send copies of themselves to other computers across network connections, through e-mails, through infected web pages, or through instant messages.
• Trojan Horses- This program may claim to do one thing (such as claiming to be a game) but instead does damage when you run it. Trojan horses are not technically viruses, since they do not replicate.

HOW DO VIRUSES SPREAD?  

When you execute program code that is infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network. And the newly infected programs will try to infect yet more programs. When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers.

For example, if your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk and will try to infect still more floppies.  

WHAT DO VIRUSES DO TO COMPUTERS?  

The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus. Some viruses are deliberately designed to damage files or interfere with your computer’s operation, while others only spread themselves around and may cause damage to your computer in the process of spreading.

TIPS ON AVOIDING VIRUSES AND WORMS:

1. Install antivirus software, update regularly, and use it regularly.
2. Do regular backups. If you contract a virus it may be the only way to recover your data. Ideally, you should backup your entire system on a regular basis, however if this is not practical, at least backup files that you can’t afford to lose or that would be difficult to replace: documents, bookmark files, address books, important emails, etc.
3. When possible, avoid e-mail attachments both when sending and receiving e-mail.
4. Never open email attachments with the file extensions VBS, SHS, or PIF. These extensions are almost never used in normal attachments but they are frequently used by viruses and worms.
5. Never open attachments with double file extensions such as NAME.BMP.EXE or NAME.TXT.VBS.
6. Disconnect your network or modem cable when you’re not using your computer-or just power it down.
7. If you feel that an e-mail you get from a friend is strange (if it is a foreign language or it just says odd things) double check with the friend before opening any attachments.
8. When you receive e-mail advertisements or unsolicited e-mail, do not open attachments.
9. Avoid attachments with sexual file names.
10. Do not trust the icons of attachment file. Worms often use executable files which have an icon resembling icons of picture, text, or archive files to fool the user.
11. Never accept attachments from strangers in online chat systems such as IRC, ICQ, or AOL Instant Messenger.
12. Avoid using floppies to exchange information between computers.  

technorati tags:
virus
computer virus
anti virus
spyware
anti-virus
anti-spam
network security