Tag: Privacy

Categories
Uncategorized

Don’t Get Tricked: protecting your PC from being a Zombie

Last year, Microsoft teamed up with the FTC in the “Don’t Get Tricked on Halloween” campaign to crack down on illegal methods used by spammers to distribute unsolicited e-mail. As October is National Cyber Security Awareness Month, only fitting that I replay this blast from the past… 



Timed to coincide with National Cyber Security Awareness Month and Halloween on Oct. 31, the “Don’t Get Tricked on Halloween” campaign alerts computer users to the threat of zombie computers and how to protect their personal computers (PCs) from being infected with malicious code. “The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible,” says Tim Cranton, director of Microsoft’s Internet Safety Enforcement programs.


Stop Zombie PC Attacks in their Tracks: Tips on how Internet users can prevent their computers from becoming zombies:



  • Use a firewall to protect computers from hacking attacks while connected to the Internet. 

  • Keep Microsoft Windows and Microsoft Office programs up to date with security updates to shield computers from viruses, worms and other threats.

  • Use up-to-date antivirus software and antispyware software to help protect against the latest threats.

  • Beware of tricks designed to get people to download and install unwanted and sometimes destructive software. This software is sometimes distributed in non-commercial music downloads, file-sharing programs and free games.

  • Be cautious about opening any attachment or downloading any files in e-mails from unknown senders.

The campaign so nice we promoted it twice. Or something like that.


Have a Happy Halloween.


More info:



Tags: , , , , .

Categories
Uncategorized

“Ride the Magic Bus” — the Xbox 360 bus, that is

Look for the Family Safety bus in a city near you.From the news: “Parents everywhere are concerned with children’s access to inappropriate media content. Microsoft, along with our friends at Best Buy and Boys & Girls Clubs of America, is leading an education campaign to provide parents with tools to help them make the right entertainment choices for their families. These tools can help parents keep their children away from video games that they consider inappropriate and from unwanted online encounters.


“Microsoft recently launched the ‘Safety is no game. Is your family set?’ Xbox Citizenship campaign. This campaign is designed for parents who want to learn more about the Family Settings Feature available in the Xbox 360 console and about other resources to help protect children, like the ESRB’s video game ratings and content descriptors.”


There’s a 20-city bus tour, traveling the States to help families enjoy appropriate games and online content. The big green bus is decked out with Xbox 360 game consoles and the latest laptop PCs. This tour kicked off today, starting at the Hartford Boys & Girls Club at Asylum Hill in Hartford, CT. On Thursday, October 26, the bus will be at the Chelsea Clubhouse at 30 Willow Street in Boston, and then on to Miami on Wednesday, November 8, at the Hank Kline Unit of Miami BGCA (2805 SW 32nd Ave., Miami).


For more and a list of stops on the bus tour, visit the Family Safety Bus Tour page on Xbox.com.


More info from the site:



Tags: ,

Categories
Uncategorized

Peter Cullen on balancing Internet privacy with safety

Today the Seattle PI Seattle PI Newspaper has an article that includes a few words of wisdon from our own Peter Cullen, our Chief Privacy Strategist. The article provides some insight from a recent lunch in Seattle where people gathered to hear feedback from a few industry execs and luminaries on questions of how we can protect our privacy on the Internet, and the government’s role in protecting privacy.



“The forum was “a great crucible, because too often, the technology industry talks to itself in unfathomable language, policymakers don’t understand the technology, and citizens switch off because to them it’s all just a lot of noise,” said Jerry Fishenden, Microsoft’s national technology officer for the United Kingdom.”


I have the pleasure of working with Peter and his team on issues that affect the satisfaction of our customers and partners, and he is one sharp Canuck. From the article:



“More now than ever before, Internet users face the loss of personal data to wrongdoers, which Microsoft’s Cullen said the company is working to prevent along with government and privacy advocacy groups.


“These are enormous challenges,” he said.”


Tags: , , , .

Categories
Uncategorized

Cybersafety and staying safe online

I’m clearing out the email that I missed this week due to a number of big reviews and meetings (apologies), and one was from a reader and associate who noted that my entry on creating strong passwords (and passphrases) was quickly followed by a couple of similar stories in the press. Or was it that I was following up on the press reporting a number of cybersafety stories?


First, she points out, there is this article in the Seattle Times on cybersafety which noted that the AARP reported that…



• About half of Washington computer users don’t recognize phishing scams — 49 percent said they were unaware that banks don’t send e-mails to customers asking them to click a link to verify account information.


• About three-quarters of Washington Internet users didn’t know that a Web site’s privacy policy does not prevent the company from sharing customers’ personal information with others.


• Six in 10 computer users believe incorrectly that, by law, a Web site comparing prices of products or services must include the lowest available price.


I particularly appreciated the sidebar on six tips for staying safe online:



  1. Protect your privacy and personal information
  2. Be alert online
  3. Delete junk e-mail
  4. Use strong passwords
  5. Use antivirus software and a firewall
  6. Be smart about downloading

More info:



  • Free AARP Cyber Safety Seminars Offered: AARP teams with Microsoft, the Attorney General’s Office and the FTC to launch online safety campaign.
  • Stay Safer on the Internet: AARP Washington’s Cyber Safety Toolkit is available to help you stay safer on the Internet.
Tags: , , .

Categories
Uncategorized

Screen Scraping, Trojan Horses and passwords… oh, my

Once again, here’s today’s installment on some of the different ways Microsoft is working on improving your experience with your computer, with blog bits spent on OneCare, Windows Defender, spam, Windows Live Safety Center, and last on phishing.


Today it’s about screen scraping and Trojan horses, and how this can happen to you. 


Screen scraping attacks are becoming more common in scammer’s schemes to subvert sophisticated security systems. The Wikipedia defines screen scraping as “a technique in which a computer program extracts data from the display output of another program. The program doing the scraping is called a screen scraper.”


In plain terms, a screen scraper is a program that captures or records computer screen activity, such as key strokes, mouse clicks and movements across the screen. (In application and web development, screen scraping has a legitimate use to acquire and display information, a.k.a. presentation integration.) But there are surreptitious uses for this technique that are sometimes employed by hackers who ultimately want to gain control of your computer or your personal information.


In some cases a Trojan horse program lurks on your computer waiting for you to visit a web site (a bank, brokerage firm, retailer, epayment) and then captures your interactions with the site. This information can be sent to the bad guys controlling the Trojan horse, who can then use this information to access your accounts.


19th century etching of the Trojan Horse 


Trojan horses may enter your computer through the daily mail, attached as an innocent looking file, like “kids.exe” or some other benign name. And when file extensions are hidden, you may not know that a Trojan horse lurks in the attachment. (Here’s more information on how to view all hidden file types and file name extensions in Office, as well as a list of potentially blocked file extensions.)


Once you open or double-click on a bogus attachment, you may start a process that is hard to stop: the application may launch an application that infects your computer with a computer virus, change or add files to you computer or modify your settings to allow your computer to be used as an extension of the hacker to attack other sites or spread the infected attachment.


Now, back to screen scraping and ways to foil this trick.


When you consider that on average, most people can only remember between five and nine things of a particular kind (alphanumerical sequences, words, numbers), it’s tough to remember strong passwords. And if a screen scraper records your key strokes — and along with it, your passwords — this can be a problem. You have to change your passwords regularly (every few months or so) and be sure not to keep them in an easy-to-find place (you know, the text file on your computer named “passwords.txt”). For the most part, employing strong passwords that are changed regularly will help you foil most common security breaches.


But as attacks become more spohisticated by employing some of these methods, targeted companies (such as banks and brokerage houses) are bringing new technology online that combines the clicks and keyboard entries, user names and passwords with additional unique information. Some companies are taking steps to improve security without just adding the burdon of having to remember a laundry list of strong passwords. One such example from Bank of America:



Bank of America Corp. is deploying a program called SiteKey that uses technology from Passmark Security Inc. that requires customers to click on a preselected image in addition to entering their user name and password to log on to an account, said Betty Riess, a Bank of America spokesperson in San Francisco.


E*Trade is another firm that has implemented ways to step up their security. Through their deal with RSA Security, E*Trade makes available a SecurID key chain (RSA calls it an “authentication token”) to their retail customers to provide an additional layer of protection. I know several companies that use the SecurID system to allow employees to access their confidential and secure sites remotely, prividing an additional security layer with a random six-digit code that is generated by the SecurID token.


A few years ago, employees at Microsoft were issued smartcards to provide an additional layer of technology to access networks. Smartcards can be programmed to provide access to your personal accounts, mobile telephones, buildings and online systems.  


Then there’s the new InfoCard InfoCard technology that was shown at the RSA Conference should make it easier to provide an additional layer of security. As reported on CNET News…



Now, with Windows Vista, Gates feels he finally has the right weapons to supplant the password as a means of verifying who is who on computers and over the Internet.


The new operating system, due later this year, introduces a concept called InfoCards that gives users a better way to manage the plethora of Internet login names and passwords, as well as lets third parties help in the verification process. Vista will also make it easier to log on to PCs using something stronger than a password alone, such as a smart card.


On protecting aginast viruses: There are a number of things you can do to protect your computer against viruses (courtesy of the Security at Home page…): 



  1. Use an Internet firewall (Note: Windows XP with SP2 has a firewall already built-in and active).

  2. Visit Microsoft Update and turn on Automatic Updates.

  3. Subscribe to industry standard antivirus software and keep it current.

  4. Never open an e-mail attachment from someone you don’t know.

  5. Avoid opening an e-mail attachment from someone you know, unless you know exactly what the attachment is. The sender may be unaware that it contains a virus.

Additional resources:



Tags: , , , .