Highly Critical Exploit Found In Windows

Microsoft issued a new Security Advisory on Friday, July 16th regarding an old Windows vulnerability associated with shortcut icons.

This vulnerability, which is rated as ‘Highly Critical’ by Secunia, effects every version of Windows back to and including Windows 2000. This flaw even effects Windows 7 Service Pack 1 Beta and Windows Server 2008 R2, which were only released a couple weeks ago.

The flaw has been traced back to a flaw in the way Windows Shell parses shortcut files. This can enable malicious code to be executed, normally from a USB thumb drive or external media storage device, such as a CD or DVD. However it has been found that this flaw can be ran using malicious links in email as well as from malicious websites. Network Sharing and WebDav are also viable venues to exploit this flaw.

Shortcuts are links to actual files and uses the hidden .LNK extension. A specially crafted .LNK file needs to be parsed by Explorer, in Windows, for the exploit to work. The maliciously crafted file uses AutoPlay to execute the malicious code. Even if AutoPlay is disabled at it is in Windows 7 by default, this code is still able to run on a users computer. Users who are operating as an Administrator are most vulnerable to this flaw. If the exploit is successfully ran, it can enable a hacker to take over a users computer.

Although, in a blog post, Microsoft softened the severity of this flaw by stating that only ‘limited’ attacks have been occurring. However you can be sure that malicious hackers will be jumping on this real soon and more widespread attacks will be occurring. Microsoft stated that most attacks are occurring in Iran and Indonesia, and is related to malware known as the Stuxnet worm.

Hopefully, Microsoft will issue an ‘out-of sequence’ patch for this exploit, but as of now, they have only released a work around ‘fix it’ option which, for most will be more annoying than worrying about the exploit. It works by disabling all .LNK files. By using the ‘fix it’ option, all icons on the computer will default to the white rectangular blank icon. Microsoft also offers directions for a manual fix which is aimed more at IT professionals. Recently, however, even these work arounds have been found to not be completely effective at protecting infected systems. These work arounds only work on systems that are running Windows XP SP3, Server 2003, Vista, Server 2008, 7, and Server 2008 R2.

Being that this worm also effects older versions of Windows, such as Windows 2000, Windows XP, and Windows XP SP2, this exploit is even a more dangerous threat as these computer will NEVER receive a patch. Microsoft recently discontinued support for these operating systems. Being that there are a lot of machines operating that are still utilizing these softwares, this exploit can have far reaching and longer term effects.

This exploit has been around since the early days of Windows but has, only recently, been discovered. This is regarded as a ‘Zero Day’ flaw, which means that it was only discovered after it was actively being exploited in the ‘wild’.

Hopefully Microsoft is working around the clock to permanently fix this flaw and will issue and ‘Out of Sequence’ patch soon. At the very worst, let’s hope that it will be fixed with their next scheduled update which is set for Tuesday, August 10th.

For more information on this exploit, visit Microsoft’s Security Advisory 2286198 and Support Articles.

Patch Tuesday

It is that time again….Microsoft’s usual monthly update cycle. This month, Microsoft released four security bulletins which addressed 5 vulnerabilities in both, Windows, and Microsoft’s Office suite.

Here are the Security Bulletins with links explaining them in detail…..

MS10-042 – Rated Critical

MS10-043 – Rated Critical

MS10-044 – Rated Critical

MS10-045 – Rated Important

Although it is of the utmost importance that all of these patches are implemented on your system, the two most critical updates are MS10-042 and MS10-045. For an indepth explanation of these two patches, you can visit the Security Research and Defence teams blog by clicking HERE.

As always, Microsoft has also updated the MRT (Malicious Software Removal Tool) as part of the monthly patch. The tool will automatically do a quick scan when the computer updates, but it is a good idea to manually run a ‘Full’ scan as soon as you can. To launch the MRT…..

XP – Click on Start>Run, then type MRT in the open dialog box and press Enter. The MRT will open, just follow the instructions and run a ‘Full Scan’

Vista and 7 – Click on Start, in the search dialog field, type in MRT and press enter and follow the instructions to run a ‘Full Scan’

Note that on a very small percentage of machines, I have found that the file extension is also required to launch this program. By that I mean, instead of typing in MRT, you may need to add the file extension and type MRT.exe instead of just MRT.

Now also of importance this month is Microsoft’s termination of support for computers that are running Windows XP with Service Pack 2. This means that these computers will no longer receive security updates from Microsoft and will be completely open to vulnerabilities being exploited by hackers. It is highly recommended that anyone who is still using XP SP2 to update to XP SP3 as soon as possible. To get this update, you can visit Microsofts Technet site and download and install Service Pack 3. Make sure that before you do this update, that all of your important data is backed up, as there have been a small percentage of computers which have crashed after this update was completed. Almost all of these crashes have been because an undetected malware program was also installed on that computer. I have installed SP3 on numerous computers and have never had an issue, but it is always better to lean towards the side of safety. Once this update has completed, you will need to continue running updates on your computer as installing SP3 will spawn numerous other updates. Just keep on running the Windows Updater until no new updates are available.

Windows XP Service Pack 3 will be supported, by Microsoft, until at least 2014.

Skimming for Dollars

A new and very dangerous method of getting your money has been devised by hackers. Known as ‘ATM Skimming’, hackers have produced a very small ‘skimming device’ which is inserted into the slot of an ATM machine in which you swipe your card. The device is designed to record all of your banking information off of the magnetic strip on your card. A very thin clear, plastic sheeting, which is capable of copying your Personal Indentification Number (PIN), is also being placed over the keypad so that these thieves now have complete access to your bank account.

The scary thing about this is that you will never even know that your banking information was just stolen. Everything will look perfectly normal to you. What’s even worse, is that technology has been developed so that this information can be sent via wi-fi or over the internet. This makes it possible for the crooks to steal the information without ever having to revisit the ATM machine. They could be in a Starbucks down the street or on the other side of the planet and be gathering you personal banking information.

Now, on the plus side, is that the financial institutions are aware of this scam, and are constantly monitoring their ATM’s. Video surveillance at ATM’s is also a somewhat efficient deterent, however these hacks are becoming more and more prevelent. Care should be especially taken when using an ATM at a convenience store, grocery store or any other location that is not a bank and are therfore less likely to be monitored as closely as an ATM at a bank.

The only real defense that you have is to be aware of this, and to constantly monitor your bank account, especially after making a transaction at an ATM. Any fraudulent activity on your account should be reported to the authorities and your financial institution as soon as they are discovered.

Browser Tabs…Friend or Foe?

I’ve written about many of the threats that we face on the internet in many of my past posts. Quite frankly, it just seems to never end. Thankfully, due to the blog-o-sphere, many of us are now aware of what to look for. Phishing, spear phishing, man in the middle, etc. are all terms that, in the very recent past, may not have been familiar to many of us. Because of this fact, many are now aware of the attacks, what to look for, and how to prevent them. As a result, the hackers are forced to come up with new and more devious methods of stealing your personal information. Well they have done it again.

In the past phishing scams have required you to click on links in a malicious email from someone pretenting to be you bank and asking for your personal information in order to fix a “problem with your account”. When you click on the link, it directs you to fake site that will look very much like your bank’s web page, and once you fill in the ‘User Name’ and ‘Password’, you have given away your personal banking log in credentials. But as I said earlier, users are becoming more and more aware of these phishing scams and the use of them is becoming less and less effective.

Tab Napping, or Tab Hijacking is fast becoming the new scourge of our browsing woes according to Aza Raskin, a security expert on Mozilla’s Firefox Web Browser Team. Extra special care is going to be needed when using our browsers, especially if you are prone to using numerous tabs at one time.

This is how it works…..

A hacker can actually detect when a tab, in your browser, has been left idle for a long period of time. By replacing that tab with a fake website that looks just like a real site, such as your banking site, they will ask you to reauthorize your credentials by entering your User Name and Password. Knowing that your bank will often do this when your account has been idle for a period of time, you don’t think anything of it and re-enter your credentials. At that point, they now have your personal banking log on information. They can then actually redirect you to your actual banking site, as you never were really logged out to begin with. Plus, the damage has already been done. By doing this, you will never even realize that you have just had your banking information stolen.

How Can I Protect Myself From Tab Napping?

Even though this is a serious problem, being aware of the signs, can make this a relatively simple thing to avoid.

First off, as always, before entering your personal credentials to any website, look at the actual Uniform Resource Locator (URL) for the page that you are on, and make sure that you are, in fact, where you think you are.

Secondly, while glancing at that URL, make sure that you are on a secure page, one that begins with https:// and not just http://. Never enter any personal information on a page that begins with only http://.

Thirdly, whenever doing any banking, instead of opening a new tab (Ctrl-t) in your browser, open a new window, (Ctrl-n) for your banking log on. This way only one tab will be open in that window, confusion will be less likely, and tab inactivity will be avoided.

Next, avoid leaving tabs open that are asking for your log in credentials. Always close log in pages to your bank, ecommerce sites, or any other site that is looking for any personal identifying information. You can always re-open these pages should you need them again.

I think that making sure you are where you think you are is the most important thing in avoiding these phishing scams. Before entering any personal information on any site, look at that URL and make sure that it is actually from the company or institution in which your are logging into. If unsure of how to do this, check out my two part post on Uniform Resource Locators by clicking HERE and HERE.

Adobe and Microsoft….It’s That Time Again!!

Tomorrow, June 8th, is that infamous day again when Microsoft releases the latest updates for it’s software. Unlike last month’s that was really a ‘nothing’ update, this month’s iteration is huge. In all, 10 bulletins fixing 34 vulnerabilities will be released. Some are rated as critical and effect Windows, Ofiice, and Internet Explorer.

For Windows (including Windows 7 and Windows Server R2)

6 vulnerability patches of which 2 are rated “Critical” and 4 are rated as “Important”.

For Office

2 vulnerability patches both of which are rated as “Important”

For Windows and Office combined

1 vulnerability patch rated as “Important”

For Internet Explorer

1 vulnerability patch rated as “Important”.

Microsoft also confirmed that this update would also include the long awaited fix for the XXS flaw. This flaw could allow priveledge elevation, in Sharepoint, that could lead to a cross site scripting attack.

Microsoft is not the only company that is trying to get it’s software more secure. Adobe has been effected with a critical flaw in it’s Flash and Acrobat softwares AGAIN. I say that as since Adobe announced it’s plan to implement quarterly patches for it’s software, they seem to be getting hit with exploits, some of which are zero-day exploits, on a weekly basis. A zero day exploit is one that was not known of, until it was already being exploited in the ‘wild’.

Adobe says that this effects it’s Flash player version 10.0.45.2 and earlier. Flash version 10.1 does not appear to be effected. This exploit could cause a crash that could lead to a computer being taken over by the hacker. Adobe says that it effects the authplay.dll file and the deleting, renaming, or moving of this file will create a temporary, albeit annoying fix. After deleting, moving, or renaming this file, what will happen, is that any PDF file that is opened that contains SWF content will cause a crash, although this crash will not be  exploitable.

The earlier versions 8.x, have been confirmed not to be effected by this exploit.

The authplay.dll file can be found in these two locations….

c:\ProgramFiles\Adobe\Reader9.0\Reader\authplay.dll

and c:\ProgramFiles\Adobe\Acrobat9.0\Acrobat\authplay.dll

Read Adobes release by clicking HERE.

Now all this being said. Getting your software updates is the #2 most important thing to make sure that you do in order to keep your computer safe. That is, next to making sure that your actions on the internet are safe. I have said this many times before, but never click on links in emails unless you are sure they are from someone that you trust. Most malware needs the user to initiate the attack by click on something. A common way that hackers have infected an unsuspecting user, is by sending a targeted email or spear phishing attack. You will receive an email from, what appears to be your bank. It looks official so you open the email. They then tell you that your account has a problem and to click a link in order to fix the account. Clicking on the link will take you to a site that looks very much like your banks website. Looking up at the URL will tell you that it is not your bank’s website, but it looks so good that you are coerced into entering your personal information (account number, password, etc), and now they have you. Your bank, or any other organization including Amazon, eBay, and other ecommerce sites will never ask for your personal identifying information via a link in an email, so do not be fooled by this trick.

Social networking is also another venue in which attacks occur and many a faithful user is getting infected via this method. A friend’s Facebook, Twitter, Friend Feed, etc. account is compromised by a hacker without their knowledge. You, then receive a message, from this friend’s hacked account, stating that “you should see this photo I took of you last night”. What???….What photo are you talking about? Intrigued, you open the message, after all it is from a trusted friend. It asks you to click a link to view this mysterious photo and takes you to a site that looks very much like Flickr, SmugMug, or other photo sharing sites, but tells you that the photo you are trying to view cannot be opened because you need to download a new version of Flash, or a different codec. You obviously want to see the photo so you click on the link to download this software so you can view this photo. You did not download a new version of Flash or that new codec, instead you just installed a virus, worm, trojan horse, or other nasty.

Should you ever be asked to download a new software or go to a banking site from a link, never click that link. Always, manually type the URL pointing to that site such as http://www.adobe.com and manually download that program or check your banking account by manually logging into your account. Links, email addresses, and social networking names can be spoofed and trick many an unaware user into getting hacked.

Don’t let it be you……

Google…What’s with the Security?

Google has had it share of negative publicity lately. Many people have started doubting their philosophy of “Due No Evil”, which is really nothing new. But this latest faux pas when, after being requested, by German legislators, to reveal what information the company had gathered from vehicles photographing for Google Street View, Google discovered that they had got a lot more than the bargained for. Apparently, due to some unknown, old code that had been in the software, Google’s vehicles have been gathering personal information from people who use public, unprotected wi-fi. Now in fairness to Google, this information is being obtained from a vehicle that is mobile, and is scanning more that one wi-fi hotspot in any given second, so how much information could they have possibly gathered. More-over, Google has said that they have not used any of the collected information, and have vowed to destroy it. I don’t know, but I really think this was blown a little out of proportion.

But wait, that was not even the purpose of this post, I just got to ranting.

Google has just released a beta of encrypted search. A Google search that will be carried over an SSL connection. So what does this mean? Well it means that no one will be able to see the search query from the time it leaves your browser, to the the time it arrives at Google’s servers. SSL(Secure Socket Layer), and the latest version now known as TLS (Transport Layer Security) are the means in which a data packets are sent over the internet in a scrambled format, and then re-assembled on the other end using private and public security keys. This assures that any information that may be intercepted is received in a jumbled heap, and will make no sense. How do you know you are using SSL/TLS. Well check out the URL as it will tell you. Any URL that begins with https:// and not just http:// is being carried over a secure connection. You will notice that almost all financial institutions, e-commerce sites, and many others that ask for personal identifying information are carried over SSL/TLS.

So why is Google starting all this? Is it in response to the aforementioned Google Street View fiasco? I don’t think so as Google has been doing this for quite some time now. It started with Gmail back in mid-2008 when it began offering secure transmissions of email as an option that had to be enabled. To a lesser known extent, it was also offered for Google Docs around the same time. After the Google servers were hacked allegedly from within China, Google then turned on these settings as default.

So why wasn’t all this done earlier? Running a network over SSL/TLS takes more bandwidth (of which Google has no shortage of), and can also slow the connection down. I think that these were the limiting factors which kept them from being turned on until now. With today’s broadband connections, most encrypted connections can be made without noticing much of a speed hit for the end user. This is a first of it’s kind, as none of the other major search companies, like Yahoo, Bing, Microsoft, or AOL offer this security option.

All that being said, keep in mind that once you click on a search result, you will then lose the encrypted connection and be transmitting over http only. It also will not protect you should you have malware on your computer, such as a keylogger, but it will keep anyone from sniffing your transmissions over wi-fi connections.

To view Google over SSL, click the following link……

https://google.com

Facebook……About Face!!!

We’ve all, by now, heard all about the security changes made by Facebook. Basically, they have made the public facing nature of their service an ‘opt out’ option rather than the ‘opt in’ option it was in the past. Before these changes, Facebook kept most settings ‘Private’ by default. However with this about-face, all of your settings automatically become public, meaning anyone can view them. This in itself is bad enough, however what makes the situation even worse is that the controls to change your settings back to private are impossible to understand. There is no one central location to go to change everything that needs to be changed in order to keep your personal information from all being public facing.

So what can I do about it? Well there is a great website, named ReclaimPrivacy.org, that will check your Facebook account and let you know what security risks you have present. You can then make the decision as to what you want to do about these settings. What’s more, it is so simple to use, and none of your information from your Facebook account is collected or viewed by this site, as the program will run directly in your browser. You simply need to go to their site, and drag and drop a bookmarklet in to your browser’s Bookmarks Toolbar. Then you launch and sign in to Facebook. Once you are logged in, click the button in the Bookmarks Toolbar and ReclaimPrivacy.org will scan your account and then notify you as to what settings are public facing and what you might want to change.

I thought that I had my account locked down, and was only viewable by my friends, and in some instances friends-of-friends. But one thing that I did not realize is that I had left the door open for any friends-of-friends to share my personal information. This meant that my personal information could be relayed to 3rd parties without my knowledge or consent. That got changed.

Check out ReclaimPrivacy.org as it helps getting your Facebook account back to where you had it, a little bit easier.

An Updating We Will Go

Did you get those Windows Updates today? Well, if you have not, it is time to do so.

Today, Microsoft released two bulletins, MS10-030 and MS10-031, both of which are deemed critical updates.

MS10-030 addresses a vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. Users of Windows 2000, XP, Vista, Server 2003 and 2008 all have a combined “critical” rating, which means that an exploited computer would give the hacker complete control of that machine. If you are using Windows 7 or Server 2008 R2, it is deemed an “Important” issue when an infected email client is installed, however neither of these two platforms have one installed in their default settings.

MS10-031 addresses a vulnerability in the way that Microsoft’s Visual Basic for Applications (VBA) searches for Active X Controls. A Remote Code Execution could be allowed if an application opens a specially designed malicious file and then passes that file along to the VBA runtime. This type of exploitation could allow a hacker to gain complete control of a user’s computer.

There is also, of course, an update for the MS Malicious Software Removal Tool definition file index. As always, you should always run a complete scan of your computer, using the MRT after the update concludes.

I have stated this in the past, but you should always do a backup before doing any updates for the operating system. You just never know when something will go wrong. Malware, or a bad download of the update could render a computer not bootable after the update is installed. Although rare, it has occurred. It is always “better to be safe than sorry”.

One last note, anyone who is still using Windows 2000 or Windows XP SP2 should consider updating to a newer operating system in the near future. As of July 13, 2010, Microsoft will not be supporting these two systems any longer, meaning that no more updates will be available.

For Crying Out Loud….What Now???

Ransom-ware, we read about it in the past and are appalled at the concept. Similar to scareware, in which a crook tells you that your computer is infected and by buying their worthless software, it is now fixed. Ransom-ware, takes this one step further as some cyber-criminal downloads a Trojan Horse on your computer and voila, your computer is held hostage. You can do nothing until a ransom amount, normally in the $79 range is paid. However, now it seems that they have up’d the ante even more.

With copyright infringement cases gaining more coverage in the news, these criminals are now using the MPAA (Motion Picture Association of America), the RIAA (Recording Industry Association of America), and others to scam money from unsuspecting computer users. While innocently browsing the internet, a pop up will appear on your computer telling you that an “Anti-piracy foundation scanner” has detected some copyright infringed material on your computer. They actually will threaten you with court action. However, they do give you an option to settle to the tune of $399.85, for which they provide an itemized statement of the charges. Oh, and by the way, for your convenience they accept credit cards.

The scary thing is that you cannot get rid of this pop up (which is actually a screen saver), even shutting down your computer and rebooting will result in the pop up appearing again. And if you do shut down, another threatening message appears stating that by taking this action (shutting down) you are stating that you are not cooperating and that they recommend canceling this and agreeing to their settlement proposal (of course they do).You are basically dead in the water at this point. All in all, this is very realistic looking and an unsuspecting user is liable to fall for this scam.

Security companies are saying that the domain is operated out of the country of Moldova, a small landlocked nation near the Ukraine. The Ransom-ware is designed so as to adapt to the user’s computer. It will display messages in the languages of  Czech, Danish, Dutch, English, French, German, Italian, Portuguese, Slovak and Spanish, based on the specific settings on the infected computer. Although, any transactions made does not seem to actually be tied to an actual cash charge, the crooks are still able to collect pertinent credit card information, either to be sold, or for use in future scams.

Security Companies such as F-Secure have an online scanner that will remove this bug. You can get their online scanner by going HERE.

Knowing what to look for is the key in not getting trapped by one of these scams. Here is a listing of some general things to do in order to protect yourself from scare-ware/ransom-ware attacks:

1) Make sure all of your software is up to date. Secunia’s Personal Software Inspector (PSI) does a good job of letting you know whether all your programs, and plug-ins are up to date and secure. PSI is free for consumer use and can be found HERE.

2) Run with the lowest Rights that is possible. Meaning whenever you are not downloading anything and are just surfing the web, do not run with Administrator’s rights, but run under a “Limited” account.

3) Run in a sandbox using Sandboxie. This will keep you protected, should you accidentally click on a bad link or open a malicious web page or PDF, as nothing will be saved, and your computer will revert back to it’s original state, when you leave the ‘Sandbox”.
Sandboxie can be found HERE.

4) Turn off JavaScript. I know that by doing so will break most web pages, but the fact is, that JavaScript is very vulnerable. Using a plug-in like “No Script” is also a viable option. You will need to take the time to configure this so as not to break web pages. You can always turn JavaScript back on should it just become unbearably aggravating. But again, JavaScript is simply not safe.

5) And as always, make sure all of your anti-malware and anti-spyware software is up to date and turned on.

Stay Safe Out There!!!

Where Do We Go From Here?

Zero Day Vulnerabilities, Man In The Middle Attacks, Worms, Exploits, Phishing, Hacked accounts, and the list goes on and on. The fact is that computer users in today’s world are facing a growing threat from outside sources when using the internet. Most people are not aware, nor care about these threats, that is, until it is too late. But why and how is this happening? What are we doing about it? and Where do we go from here? All valid questions, that really do not have a solid, absolute answer.

We hear almost everday about new threats, either that are attacking an unknown exploit (Zero Day Attack), or of horror stories regarding account hacks and phishing scams. Windows, Adobe, Apple, and just about every other major software creator has faced this issue at least once, some many, many times. In the early days of hacking, viruses were mearly a proving ground, a gold star for a lapel, for many young and very talented software writers. No malicious intend, for the most part was ever meant. All they wanted to see, is who’s virus could propogate the fastest and to the greatest extend. It was a game to them, albeit a very annoying one. However, those days are long gone, and the occasional malicious software written by a teen with a chip on his/her shoulder are no longer of a concern. Today, these onslaughts are being carried out by large criminal organizations, who do have malicious intent, and have found out that these scams and attacks are also very lucrative. What’s worse, is the people doing this are extremely talented and savvy software creators who are constantly deriving new ways in order to get deeply into the pockets of the ordinary computer user.

For most, all that is wanted, is to turn on the computer and get email, check accounts, and do some online shopping. Security, although they care about it, is something that most users do not want to know any of the juicy details behind how it works, and what dangers to look for. They simply want a machine that works and is safe to use. Unfortunately, that is not the way of today’s computing. Even so, simple is better to most users. SSL/TLS, file encryption, WPA2, and the like are all things that the ordinary computer user does not want to know about, or even care about. And quite frankly, why should they? Computer offectionado’s thrive on this sort of stuff, but for the normal user……no!!! The casual user knows that an anti-virus software will keep them safe. Some may even use an additional anti-malware scanner, but will rarely use it to fully scan the computer. Firewall…..I know I need one, but what is it? But even with these tools, our computers are still not safe from becoming compromised.

The major anti-virus companies will all admit that this is a hurry, and catch-up game. The bad guys always seem to be one step ahead of the good guys, sometimes quite a few steps ahead actually. The AV manufacturers are always trying to lessen this lead, but like I said earlier, this is no teen with a bad attitude, these are savvy, technical, and treacherous organizations that are making our life online hell. A new bug is released into the ‘wild”, now it will take the anti-malware companies time to find it, reverse engineer it, and then launch a fix for it. Heuristics have helped in this matter, but have also created some new problems, namely false positives. Heuristics is a method of scanning your computer in which the anti-malware software is not looking for specific malware, but are only looking for malware-like activity, such as registries being changed. As a result, false positives are becoming more prevelant, in which the anti-malware falsely labels a vulnerability, when it is really a legitimate act. Holes/vulnerabilities that are found in software, and then are issued fixes through software updates, are still being exploited, due to the average user not knowing enough or caring to get the update. Time is expensive, and updating software can be time consuming, and all the user wants to do is turn the machine on, do what they need to do, and move on to the their next agenda. Look at the conficker worm, a patch and a fix for this bug was issued long ago (Oct 2008) and yet, it is still out there.

So where do we go from here?

Well, short of turning off the internet, re-working the entire infrastructure, and then turning it back on again, we have only a limited amount of tools at our luxury. However, the strongest of these is education. The word has got to be spread throughout the computer world the need to protect one’s self while on the internet. I certainly do not mean that everyone needs to become a computer security guru, but general knowledge of things to look for would definitely not make it so easy for the bad guys to get in. Even then, it is still going to be happening. Their is money to be made, and like I said earlier, these bad guys have found out that there is a ton of it to be scammed.

In the end, this is the way it is, and appears to be the way that it will remain in the immediate future. In fact, the chances are, that it is going to get more volatile out there. The one true weapon that we all have to battle this armegeddon on the internet, is our ability to use common sense. That is our most powerful weapon, without it, we are doomed. Add a small dose of knowledge, and we could vastly hamper these attempts in ruining our lives. We need to keep our critical personal data safe and secure, knowing what is OK to become public knowledge and what could hurt us is paramount. I would never post my banking information on the internet, although many people have clicked on links in emails stating that their accounts have problems, and enter banking credentials. You may as well have posted it directly to the public internet. It is things like this, that make it easier for the bad guys to successfully do what they do. A pound of common sense, coupled with a sprinkling of knowledge is out greatest weapon.

What Are Your Thoughts??