Category Archives: Security
[Note: This is derived from articles originally published in the July and August editions of the SWCP Portal, our monthly newsletter. Due to the importance of the security information they contained, we're republishing them here for everyone.] Ars Technica tech news site recently warned that public WiFi hotspots can post a security risk to users. It’s not that the hotspots are themselves insecure. It’s the way most computers, tablets, and phones implement WiFi logins that poses a danger. AT&T and Comcast, among others, are promoting large networks of WiFi hotspots which are free for their customers to use. For example, AT&T’s free WiFi hotspots are available at McDonald’s and Starbucks. When you see the “attwifi” network at any of these places around the country you can log in with your AT&T login. The same goes for Comcast’s “xfinitywifi“. It’s as convenient as it is dangerous. The trick is that once you have logged in to one of these networks, your computer or tablet saves the login information so you can reconnect to these networks without entering a password the next time you are near one of their hotspots. This is the window that can let the bad guys in. What the criminal can do to the unsuspecting device owner is set up his own WiFi hotspot using the network name “attwifi” or “xfinitywifi“. But the crook’s hotspot has some tricks up its sleeve. First, it allows you to connect regardless … Continue reading
One interesting fact that didn’t make it into this month’s newsletter article on “The Secret Life of Spam” is that the United States leads the world in the overall volume of spam produced. And by a huge margin, too: according to security site Sophos, 24% of all spam generated this spring. That’s nearly a quarter! France and China, the runners-up, come in at less than 7% each. The full results can be accessed here. The results may be surprising because we tend to think of spam originating in Russia or Nigeria, or the actual place where the criminals who generate it live. But spam is a world-wide problem, and one would think the bad guys generally know enough to not spoil their own nests. Instead, the countries which actually generate the most spam are those where the most computers are infected with malware. The US merits the top billing for volume not so much due to poor security practices, but to our large and highly-connected population. When the overall amount is divided by population, the US doesn’t do so badly. In a per-person comparison, we come up merely twelfth, near the bottom with Bulgaria and Belarus being tops at 2.7 and 1.9 times the American rate. However, the US is still spewing a lot of crap messages, and if you’re infected, you’re part of the problem. Once your machine becomes part of a botnet, it’s essentially a zombie out of … Continue reading
The news of the latest zero-day (or previously unknown and unpatched) exploit for Microsoft’s browser, Internet Explorer 8, being fixed is still fresh. But another has been announced. This one, however, has not been fixed. Even worse, Microsoft’s known about it for 7 months and not only hasn’t come up with a solution, they haven’t said anything except that though the hole remains wide open, they do not know of any attacks using it. The flaw was made known by the Zero Day Initiative, a site devoted to the responsible and timely announcement of security flaws by the industry. This particular vulnerability allows an attacker to run malicious code against your machine when you visit an infected website with IE8. The easiest way to protect yourself is to set your browsers security settings at the highest level, to block the operations of Active X and Active Scripting. A list of upcoming, unannounced zero day exploits may be found here.