Category Archives: Security Tools

Microsoft Fixes Scary Bluetooth Flaw, 21 Others

July 12, 2011

Microsoft today released updates to fix at least 22 security flaws in its Windows operating systems and other software. The sole critical patch from this month’s batch addresses an unusual Bluetooth vulnerability that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network.

Bluetooth is a wireless communications standard that allows electronic devices — such as laptops, mobile phones and headsets — to communicate over short distances (the average range is about 30 to 100 meters, but that range can be extended with specialized tools). To share data, two Bluetooth-enabled devices normally need to “pair” with one another, a process that involves the exchange of a passkey between the two devices.

Software Cracks: A Great Way to Infect Your PC

June 20, 2011

49 Comments

I often get emails from people asking if it’s safe to download executable programs from peer-to-peer filesharing networks. I always answer with an emphatic “NO!,” and the warning that pirated software and cracks — programs designed to generate product keys or serial numbers for popular software and games — are almost always bundled with some kind of malware. But I seldom come across more than anecdotal data that backs this up.

Recently, I heard from Alfred Huger, vice president of engineering at Immunet, an anti-virus company recently purchased by Sourcefire. Huger was reaching out to offer feedback on my 3 Rules for Online Safety post. He told me that the rules should have included this warning: Do not download pirated software and cracks from filesharing networks and cracks sites because they are a major source of malware infections.

Blocking JavaScript in the Browser

May 25, 2011

38 Comments

Most Web sites use JavaScript, a powerful scripting language that helps make sites interactive. Unfortunately, a huge percentage of Web-based attacks use JavaScript tricks to foist malicious software and exploits onto site visitors. To protect yourself, it is critically important to have an easy method of selecting which sites should be allowed to run JavaScript in the browser.

It is true that selectively allowing JavaScript on known, “safe” sites won’t block all malicious scripting attacks: Even legitimate sites sometimes end up running malicious code when scammers figure out ways to sneak tainted, bogus ads into the major online ad networks. But disallowing JavaScript by default and selectively enabling it for specific sites remains a much safer option than letting all sites run JavaScript unrestricted all the time.

Facebook Adds Mobile Authentication

May 23, 2011

24 Comments

Facebook has introduced a new mobile authentication feature designed to help users better protect their accounts from being hijacked by password-stealing miscreants. The opt-in feature — which requires users to share their mobile phone number — is welcome security measure, but may be a tough sell to users already wary of providing too much information to the social networking giant.

Facebook users can enable “Login Approvals” by logging in and navigating to Account, then Account Settings, and then Account Security. When I enabled this feature and provided my cell phone, it quickly sent a six character, alphanumeric code via text message, that I needed to enter on Facebook.com.

Krebs’s 3 Basic Rules for Online Safety

May 20, 2011

56 Comments

Yes, I realize that’s an ambitious title for a blog post about staying secure online, but there are a handful of basic security principles that — if followed religiously — can blunt the majority of malicious threats out there today.

After Epsilon: Avoiding Phishing Scams & Malware

April 6, 2011

70 Comments

The recent massive data leak from email services provider Epsilon means that it is likely that many consumers will be exposed to an unusually high number of email-based scams in the coming weeks and months. So this is an excellent… Read More »

Test Your Browser’s Patch Status

March 30, 2011

40 Comments

With new security updates from vendors like Adobe, Apple and Java coming out on a near-monthly basis, keeping your Web browser patched against the latest threats can be an arduous, worrisome chore. But a new browser plug-in from security firm Qualys makes it quick and painless to find and patch outdated browser components.

WHOIS Problem Reporting System to Gain Privacy Option

March 8, 2011

6 Comments

A system put in place to allow anti-spam activists to report entities that bulk-register domain names using false or misleading contact information is about to gain a much-needed new privacy feature: The option for activists not to expose their identities to the very spammers they’re trying to report.

Renewal Buddy: Comparison Shopping for Anti-Virus Software

March 2, 2011

82 Comments

The anti-virus industry has long drawn its biggest share of profits from loyal customers, extracting full-price for the software from existing customers seeking license renewals while steeply discounting their products for new users. But a new comparison shopping site makes it simple for renewing customers to take advantage of these introductory deals, or to switch to a competing product for a hefty price reduction.

Before You Install Windows 7 Service Pack 1

February 26, 2011

82 Comments

Microsoft is now offering Windows 7 users “Service Pack 1,” a bundle of security updates and minor feature improvements. If you’re thinking about installing this update, read on for a few caveats and tips that may change your mind.