Certified and Validated

In this post, I will elaborate more on HTTPS. We previously discussed the term phishing in this blog. To summarize, phishing is an attempt to manipulate or trick a person into providing confidential information to an individual that is not authorized to receive such information. To protect yourself from phishing, recent web browsers have developed a way for checking if a website is valid or not.

Web browsers trust HTTPS websites based on certificate authorities which come pre-installed in their software. Examples of certificate authorities are “Microsoft” and “VeriSign”. In the example below, the bank's web site is verified by "VeriSign, Inc."

Always look for the green address bar. Recent web browsers show a green address bar in order to tell the user that this web site is legit and trustworthy. Its purpose is to give more confidence to the user and ensure them that they are visiting a trusted web site.

This issue plays an important role in Information Security. Next time you visit a web site make sure you look for the green address, especially web sites that ask for important and private information and web sites for payment transactions. To reassure yourself, check the certificate to know if this site is validated.

Cookies, should we really like them

What are Cookies?

Cookies are small, mostly circular pieces of sweets, that are fun to... Oops Sorry!

Cookies are small, often encrypted text files that are stored silently on a user's computer. These files are designed to carry a little amount of data specific to a particular client and website. Cookies are automatically created when a browser loads a website, allowing a server to deliver a custom made page to a particular user every time this user goes back to the same website.

Cookies Expiry Periods
The expiry time of a cookie is assigned when the cookie is originally created. Some cookies are deleted or purged when the current browser window is closed (Session cookie), but others can be made to last for a longer period of time (Persistent cookie). Yet some can last for one year or even more.

Are Cookies Secure enough?
Internet security and privacy is of huge concern. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. But the existence of cookies poses an inherent risk of being abused

Cookies are NOT viruses, nor are they malicious; using a plain text format, they are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Unable to perform these functions, they are not classified as Malware. However, breaches of browser security can allow tracking cookies to be placed. These cookies can be used to follow users from one site to another, forming comprehensive profiles. Users consider this to be a violation of privacy, and in the wrong hands this information can potentially be exploited for questionable purposes. For that reason several anti-malware products flag cookies as candidates for deletion after standard virus and/or spyware scans.

Cookies can be exploited
Several malicious activities could be associated with the existence of cookies much like: Network eavesdropping, publishing false sub-domain – DNS cache poisoning, and Cross-site scripting. (More on these attacks in later posts)

Traffic on a network can be intercepted and read by computers on the network other than the originator (Especially over unencrypted open Wi-Fi). This traffic includes cookies sent on ordinary unencrypted HTTP sessions. When network traffic is not encrypted, attackers can read the communications of other users on the network, including HTTP cookies as well as the entire contents of the conversations.

How to live with cookies
Due to the fact that many of the largest and most-targeted websites use cookies by default, cookies usage is almost inevitable. Websites like Facebook, YouTube, Gmail, and many others require the usage of cookies for best performance and presentation. Even search settings require cookies for language settings.

Here are some tips you can use to ensure worry-free cookie-based browsing:

• Most modern browsers support different levels of cookie acceptance, expiration time and ultimately deletion. Change your browser settings “Cookie Settings” to your preference.
• When sharing PC access, you should make sure to set your browser to purge browsing data every time the browser is closed.
• Don’t use other's / Public wireless networks especially when communicating sensitive information over the internet.
• Use Https rather than Http when available.
• Use a capable and updated anti-malware software.
• Routinely back-up your computer to prevent data loss.
• Make sure your browser is updated: security patches are applied when you update your browser.

Finally you should acknowledge that Cookies are widely used and can't really be avoided. If you wish to enjoy your internet surfing experience by navigating to “cookie creating websites” you should have a clear understanding of how cookies operate, and how to protect them from being abused. After all you are responsible of taking the necessary security measures to ensure your information security.

A Disaster In The Making

While I was having some paper work done at a public institution, whose name I would rather not disclose, I came across an unpleasant scene. Being provoked by these things, I picked up my cellular phone and took this picture.

In this picture I can spot: Fire Alarm System, Intrusion Detection System Panel, DVR System (Digital Video Recorder for surveillance cameras), Network Switch, Exposed Cables, Multiple electricity adapters and contactors.

I guess this image is what we information security people classify as a disaster in the making.
It is just a matter of time, where intentionally or unintentionally, these systems are going to fail: the exposed wiring imposes the risk of fire or even electrocution.


Information Security doesn’t only address the protection of servers, password, firewalls and antivirus software, but also it is concerned with physical security and people safety. After all restoring lost data is often possible, but restoring people is impossible.

No! I'm Not Falling For That One!

I received an E-mail message informing me that someone had posted something about me on twitter; the message came with a “click here”in order to view the twitter mention.

Although the email feels suspicious, I decided to play along; when I clicked on the “click here” link I was directed to the Twitter Sign On page with the message “Your session has timed out, please re – login.”

As I looked at the URL address this site has, I got the whole idea.
Another Lame method to steal accounts

Before you type in your credentials to login to any website, look closely at the URL. Don’t fall for these silly tricks.

facebook , twitter, hotmail and many other websites use https and not http in their “Login Page”.
It is a very good idea to look for https before you login.

Password Security: The Main Vein

What are Passwords

Passwords are unique strings of characters that users provide in conjunction with a User ID, to gain access to an information resource. Passwords are critical in ensuring privacy and security on the computers you use every day, whether at home or at work.
People use passwords to access various resources. These resources include but not limited to: access to personal computers, applications, networks, internet services: Hotmail, Gmail, Facebook, etc... User IDs and passwords are used to authenticate users to a particular resource and sometimes are used to track user activity while using that resource.
Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information.

General Password Guidelines

Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information. If someone obtains your User ID and password, that individual can imitate or impersonate you, and the system will not detect any anomaly. Identity theft, credit card compromise, loss or inappropriate use of your webmail or your social networking account could happen as a result of poor password management.
Poor passwords have any of the following characteristics:

·  Less than eight characters.

·  A word found in a dictionary.

·  Match or includes your username

·  A common usage word such as:

o Names of family members, friends, co-workers, sports teams, movies.

o Computer terms and names, sites, companies, hardware, software.

o Word, number or keyboard patterns like "aaabbb," "qwerty," "123321"

·  Consist of repetitive patterns such as " ahmahm", "passpass"

·  Any of the above cases preceded or followed by a digits (i.e. "qwerty123", "111aaabbb")

·  Consist of all same characters or digits, or other commonly used or easily guessed formats.

Strong passwords have at least three of the following characteristics:

·  8 or more characters long; (I personally recommend 10 characters)

·  Contain both upper and lower case letters.

·  Include digits and special characters as well as letters. (special characters: ()*&$#@ )

·  Should not be word in any language.

·  Should not be based on personal information, names of family, hobbies…etc.

One of the best practices in creating a password is to utilize the first letters found in each word of a well remembered sentence. For example "I spend more than seven hours online per day" the password would be: i5Mt7H0pD (notice the 5 instead of the s and the 0 instead of the o).

Security Tip: refrain from writing down the password. Instead, you should create passwords that you do remember. A good password is easy to be remembered yet hard to be guessed.

Password Protection

Handle your username and password with as much care as your credit card. Do not use the same password for all your online services and activities: i.e. Facebook password ≠ twitter Password ≠ hotmail password ≠ Gmail Password ≠ Online Banking password, especially if these services depend on each other to perform password recovery (forgotten or stolen passwords).

The following is a list of things that you should abide by to protect your password:

1.      Don't reveal your password to anyone.(Not even individuals who claim to be from support)

2.      Don't reveal your password in an email message.

3.      Don't talk about your password in front of others.

4.      Don't hint at the format of a password (i.e. "my family name").

5.      Don't reveal your password on questionnaires or security forms.

6.      Don't share your password with family members.

7.      Don't reveal your password to your friends.

8.      Don't leave your written password anywhere accessible by other people.

9.      Use a well known updated antivirus to insure that your system is not infected by any "password capturing malicious application". (Virus, worm, Keylogger etc...)

10. Although systems and application hide the password characters you type from your screen display, you are responsible to insure that no one is watching while you type that password on your keyboard.

Changing Passwords

Passwords should be changed on regular basis, some systems remind users that they should change their password; other systems expire your password validity and force you to change it.

But you should keep in mind, when changing your current password; you should not use a previously utilized password even if it has the characteristics of a strong password.

If a password has been compromised or forgotten, the user may obtain a new password or have their password reset by utilizing the "forgot password" option. This option is usually found within the login area on WebPages. This process saves the day by sending reset instructions to:

·         Recovery email (Much like what Hotmail, Facebook and Gmail do).

·         Mobile phone via SMS. (Gmail)

Finally: If at any time, you suspect that your password has been compromised, change it immediately. Better safe than sorry!!

Wireless Network Security

Wireless Networks did spread rapidly with the introduction of cheap and Easy configurable devices (Routers and Access Points).

Other than being inexpensive and "easy to setup", this wireless access provides convenience, mobility, productivity, expandability, and most importantly if governed correctly, it provides security.

How does a Wireless router work?

Wireless networks use high frequency radio waves to link devices such as laptops, PDA, Smart-phones to the Internet.

Understanding the setup and workflow of a wireless network is fairly simple. The internet connection comes from your ISP (internet service provider) and is connected to a small device called a wireless router, now this device has the ability of transmitting and receiving data wirelessly by the use of radio signals. And so the wireless network card in your laptop will communicate with this wireless router and provide you internet access.

Tips for Securing a Wireless Network

Change the Administrator password
The default administrator password for a certain router model is usually the same for all the manufactured quantity of that router. And it is very easy to google the password since it is already written in the device manual and posted over the internet. Therefore the Default administrator password should be changed prior to changing any other configuration on the router.
Change the Default SSID
Your wireless network should have a name; this name is called the SSID. Usually manufacturers ship their products with their brand name being the SSID for example "linksys" or "Blink91802" etc….,when someone finds a default SSID, they automatically think that it is a poorly configured network and are much more likely easier to attack.

Encryption Type

·  WEP (Wired Equivalent Privacy): WEP provides a very low level of security, (it took me about 40 minutes to crack a WEP encryption protected wireless network router) (And I have to say: it was my wireless network – and I was testing its vulnerability). WEP also comes in WEP2 and WEP+, which are not as common and still as vulnerable as the standard WEP encryption.
·  WPA (Wi-Fi Protected Access): comes in WPA and WPA2, and was created to resolve several issues found in WEP. Both provide you with good security (I haven't been able to crack a WPA2 encryption protected wireless router….... YET!)

I definitely advise to use WPA2, but since some old wireless router models don't support WPA2, WPA remains far better than choosing WEP encryption.

Password usage

Whether you use WEP, WPA or WPA2 your SSID password is your first line of defense. When you configure your wireless router password keep in mind that usage of complex passwords is the best way to protect your password from being guessed.
·  Do not use numbers only especially: "0123456789" or "your phone number"
·  Do not use guessable combinations and Dictionary words, for example : "your name" or "birth date" or "iLoveMykid"
·  Do not leave the vendor's SSID and password unchanged: I found a database that vendors use in assigning default passwords for their default SSID specially created for common wireless devices such as Thomson, SpeedTouch and others.
 
Use MAC Address Filtering

Every Wi-Fi device has a unique identifier called the physical address or "Media Access Control) aka: MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Utilizing your router "MAC Address Filter" option will only allow your predefined Wi-Fi device to connect to your router.

Using MAC filtering will surely increase your wireless network security, but it is definitely not enough because hackers has a way of changing (spoofing) their devices MAC address and clone a legitimate one that is identified by your router to gain access.

SSID broadcasting

Modern Wireless devices give the user option of hiding the name of the network (SSID). Although hackers could still sniff around and see your traffic / SSID many security reviewers believe that turning this option ON adds a little bit of security to your network. Well I don't think so, if I was hacker and I find a network with a hidden SSID I would definitely choose it over any other visible one.

Assign Static IPs to your Devices

Your wireless router, by default will assign an IP for every device that connects successfully to it using the DHCP technology. You can stop this technology and assign a static IP for every device you want to connect to the wireless network. But every time you wish to add a new device to your network, you will have to access the GUI interface, add this device and assign a fixed IP for it.

If you want to use your own IP range, go for unconventional IP Range (e.g. 139.136.122.1)

Control the wireless network range

Some wireless manufacturers brag that their devices range is larger than other manufacturers. This sometimes is not the ideal option to get. You should try to position / configure your wireless router to cover only the needed perimeter. Position your wireless device in the center of your home and test its range to best suit your needs and minimizing leakage to the outside perimeter.

Odds of being targeted by a hacker will increase if your wireless device broadcast exceeds your place and reaches remote neighbors with good signal strength.

Turn Off your Wireless Router when not using.

The best method to insure that your wireless network security doesn't get compromised is to turn your device off when you are not using it.

Current wireless devices boot up really fast (mine takes around 30 seconds) allowing you to consider the option of turning it off and on. Moreover some wireless routers are already equipped with an external button toggles wireless option off and on.

Finally, although it is hard to insure that your wireless network is secure and un-hack-able, following the above mentioned tips will make it very hard to a perpetrator to compromise your wireless network security.

Internet Security Threats: Anti-Malware

Many of my friends ask me: which antivirus should I choose? What is the name of best antivirus? Shall I pay for an antivirus or use a free one? Is this particular antivirus going to slow the performance of my pc? Is it necessary that I update my antivirus program each day?
Too many questions, with no correct answer!
Have you ever asked yourself how does the Antivirus software detect and catch Viruses?

Anti-Malware
Anti-Malware software or as people call it Antivirus Program (AVP) is a protective software designed to prevent, detect, and remove MALWARE. There are two methods to detect viruses: specific and generic.

Specific Detection Method:
In the specific (traditional) method detection, the antivirus is required to have some predefined information about some viruses (virus database). Only then, the AVP searches the scanned files for the presence of certain strings and known patterns of data similar to the ones it has in its database. If there is a match then a virus is found. (This type of scanning is called: Signature Based Scanning)
Suppose a new virus is born, in older days there was an average delay of 14 days before vendors were able to update their database with a new virus signature to be able to detect and clean the new virus. Nowadays because vendors have introduced the "File Submission Process" where people allow their AVP to submit suspicious files to vendors for further analysis, it takes a maximum of 2 days for virus database signatures update to cover this new virus.
That is why updating the antivirus definitions is very crucial In order to decrease the chances of getting a malware infection. However, it is possible for a computer to be infected with new malware for which no signature is yet developed.

Generic Detection Method:
Generic detection method is based on the standard and common characteristics of the virus, so theoretically they are able to detect all viruses, including the new and unknown ones. And since it doesn't depend on previous knowledge of the virus signatures, it requires no signature update. Examples of this method include: Heuristic Based Scan, Artificial Intelligence (Behavioral Antivirus Programs), Threat Sense Technology,

In generic detection method the AVP searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as viruses.

When a file is being analyzed by an AVP that uses generic detection method, a flag is created for each suspected ability (Suspicious file access, Suspicious Memory Allocation, Memory resident code, Wrong name extension, Disk write access, Contains a routine to search for executable, Incorrect timestamp etc….) The more flags that are triggered by a file, the more likely it is that the file is infected by a virus.

The only problem with scanners that use this method is that they sometimes blame innocent programs for being contaminated by a virus. This is called a "False Positive" or "False Alarm". For example, a legitimate Disk Format Utility is flagged by a generic "Heuristic Based Scan" as having: Memory Resident Codes, Disk Write Access, Overwriting Abilities, and thus your AVP screams: VIRUS!

The Cleaning Process:
The Virus is a program by itself, this program adds itself to the programs it aims to infect, so as a result the size of the infected program increases duo to the addition of the viral code. When the program is executed, the viral code is also executed and the infection continues to grow. (while infecting a new file some of the original file bytes are overwritten by bytes from the virus code itself, but these old bytes are stored within the virus code since the virus have to keep the original file executable).
In the cleaning process the AVP cleaner searches for the original file bytes from within the viral code and returns them to its original location, removes the viral code, and then truncates the file to it's original size. That being said: To clean an infected file, the AVP whether using the Specific or the Generic detection method has to know the virus in order to remove it. If the AVP removes bytes that should not be removed, the integrity of the file will be lost, and it the file might function incorrectly or even stops functioning at all.

In conclusion, there is nothing such as the Best Antivirus; the good AVP is one that uses the generic detection method along with a signature base scanner. You are to chose what suites your needs, and always keep in mind that utilizing an AVP and keeping it updated is the best way of decreasing and not eliminating the chances of getting a malware infection.
My next post will address wireless routers: Security and safety measures.

Internet Security Threats: Malware

Without the consideration of mobile phones and mobile chatting platforms, an average individual spends on average 720 hour per year using the internet. Each and every minute of this time he is subject to the risk of getting infected with a Malware. I will hereby explain the different type of Malware hoping that you never face such a threat.

Malware
Malware is short for "malicious software". It is a variety of hostile, intrusive, or annoying computer program that's designed to exploit or infiltrate or damage a computer system without the owner's informed consent.
Malware include: Viruses, Worms, Trojan Horses, Backdoors, Root kits, Browser Hijackers, Spyware, Adware, Botnets, keystroke Loggers, and Rouge (Fake Apps).
Computer Virus
A computer virus is a program that affects mainly your operating system, some compromise your boot records making your computer start and run very slowly or even not boot at all, some are there just to annoy the user by disabling: task manager, desktop wallpaper, RegEdit, and stops or defect your antivirus program.
Similar to a biological virus, computer viruses need human action to initiate them, so we find them attached to executables files "exe, vbs etc… “dressed as an innocent sheep in order to tempt the user to double-click "run" that file.
Computer Worm
Technically a worm is like a computer virus, they have the ability of spreading and replicating but on a much larger scale. But unlike a virus the worm doesn't need human intervention to lunch itself which makes it more dangerous.
This means that blindly downloading email attachments or clicking the links "friends" share with you isn't recommended.
Worms have the ability to scan networks for security loop holes and then they copy themselves into new machines. Worms cause drastic harm to the network by consuming bandwidth.
Trojan Horse
Trojans are my favorite, I used to goof around with my friends using them couple of years ago, a Trojan horse is a program that pretends to do certain "fun" things in foreground, but in reality they are working silently in the background. This type of malware collects passwords, steal valuable information and can even give the perpetrator full access to your system.
Trojan horses infect your pc mainly when you download cracked applications, software serial codes, keys, free illegal pirated software or music especially from unknown / un trusted sources.
Spyware
Spyware is a software that is installed on your computer and doesn't particularly harm your computer but they definitely harm you! These malicious programs record your activity and preferences; "username and passwords, credit card numbers, important files, and much other personal stuff. The recorded data is then used for targeted advertising or even identity theft.
Spyware is so common that more than 85% of internet connected PCs are infected with one or more of these programs. An obvious consequence of spyware is your slow internet connection, because while you are surfing, this malware is busy collecting and sending information to ad companies, who then target you with popup ads that fit your preferences.
Adware
Any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed or while the application is being used.
Browser Hijacker
Browser hijacker is a malicious program that embeds itself deeply into the browser code and core functionality, it replaces the browser home page with its own page and enforces every hit on that browser to a particular website.
And they are very annoying and hectic to remove!
Keystock Loggers
Keystock loggers are types of malware which create profits by stealing valuable information. This malware has the ability to record your keyboard usage and logs your typing and then sends the collected data to its creator. "Imagine yourself typing a password or a credit card number etc…"
Rootkits
Rootkits are programs that are designed to gain root or "administrator" access to your computer. These programs are designed to hide files, processes or windows registry entries. By themselves rootkits are not malware; instead they are the programs that help hide the malware. The rootkit usually comes along with an attached Trojan or Virus or Keylogger
Rootkits do not show up as an icon, do not appear in windows system tray, and do not appear in windows task manager.
In conclusion, I'm pretty certain that every "Online User" has already encountered a problem with at least one of these malwares.
My next post will be about Anti-Malware or as people know it (Anti-virus)