How many times have you heard the saying there’s no i in team? Must be hundreds of times – in sports, in movies, at work, practically everywhere. This is one of my favorite quotations, even because I believe that a successful result is never the outcome of the efforts put in by one person only.

In my opinion, in the technology world it should be quite the same but unfortunately this is not always the case. Vendors and developers should be more in touch with the users because it is in the interest of both, that the users are kept secured and that they are provided with the necessary tools to do this.

My recent post about the Microsoft security patches released a couple of weeks ago, proved to be popular with the GamSec followers and as expected it raised concerns amongst the users. I think that technology is not flawless – but then again, there’s no such thing as a flawless system. Unfortunately, businesses are only looking at increasing turnover and maximizing profits and one option for this is to release products at a very low price. What happens here? They need to see where to cut the quality if they want to cut the price – with the prevailing victim normally being security. Why? Well, features are what attract the public – so they cannot be reduced, packaging is what hits the eye – so this cannot be reduced either, what are we left with? security!

We need secure technology - its up to us to get it!

Who would be the victim of this? As always, the user – but only until users start looking around them and notice that the security threat is actually present, and start demanding that the products that are released are indeed secure enough. What happened when car accidents were becoming more fatal? Seatbelts and Airbags were introduced and nowadays are a compulsory feature in all vehicles. Now that the victims of fraud or identity theft are increasing will we see the equivalent of airbags and seatbelts for technology? and who will be the provider of these?

Well, technically the provider should be the developer of the software – but why is it that we always need to have victims before actually stepping up and taking concrete actions? Can’t we be proactive and start anticipating ‘fatalities’ rather than simply reacting to them?

That would be the ideal world, however its up to us – as users – to push the industry towards this ‘ideal world’. It will take time and will take effort, but I believe that developers will be ‘forced’ to make their products secure if people start giving security much more prominence when gauging the advantages of software before they purchase it.

There’s no i in team – but there is an i in security – therefore its up to ‘me’ to push for a securer online environment. Next time you’re buying a software, compare the security that it provides – might be more expensive at first but will save you money in the long run!

The Facebook Username saga is still ongoing. It’s been a week since Facebook gave users the opportunity to choose their preferred username to make it easier for them to refer their profile to their friends.

Although it seems to be a good idea even though I did mention a few hitches that might be encountered in a previous post – and quite frankly I am not convinced as to whether these flaws in the system were exploited – and I guess only time will tell.

A week after I must say that I was surprised to read that the Facebook servers did not fail after the huge number of hits that were expected. I guess the geographical factor did influence this because people from different time-zones didn’t access it at the same time. I didn’t wait all night next to my machine to reserve my preferred username – but by the time I remembered about it (late afternoon), the username I wanted was still available! Should I consider myself lucky?

What in a username?

I think that the Facebook team was somewhat short-sighted in this regard because to be honest, I never needed a Facebook username. Lets face it, does anyone advertise their profile? Facebook (like any social-network) is all about finding people that you know but possibly lost contact for some time – so if you lost contact with these persons, how are you going to send them your new vanity Facebook profile link? They’re more likely to type your name in the search box and find your profile without ever using your username.

Well, thats business I guess. More features might mean more flexibility for the users, but in reality, for a feature to be good it needs to be useful. Quite frankly, I see no difference in my Facebook usage or contacts between today and a week or two ago. Is it just me? Did your username make any difference for you?

50 years ago, nobody had imagined that by clicking a button and typing some text we would be able to communicate with someone across the globe. All this has been made possible through the Internet.

The Internet is an evolving world but the elements held within it are also evolving quite rapidly. Taking chatting as an example, initially this was done through mIRC or ICQ which were quite primitive tools. You’d go into what was called a channel and start chatting with your peers from across the globe.

Nowadays we have Instant Messengers which are more sophisticated and more appealing pieces of software which we use to communicate with each other at any time. Whilst the advantages of this communication method are endless, we still need to be careful to make sure that what we say remains between us and the intended recipient.

Why am I saying this? Well, because the same way that you might be overheard in a conversation, you might also be ‘overheard’ while chatting online. What are the threats:

1. On-lookers: people might walk by your machine and see what you’re typing
2. Unattended machines: you might leave your machine unattended and unlocked and people might have a quick look at the open conversation window or the chat histories
3. Interception: the data being sent and received (containing the chat messages) might be intercepted
4. Key-logging: viruses/trojans might plant a key-logger on your machine and the attacker will be able to view everything you are typing
5. Hacking: your account might be accessed by a hacker who would then be able to impersonate you in the online world

You can increase the gain by avoiding the risk

1. Always lock your machine when unattended
2. Avoid storing chat history – whilst this might be useful, its better if you only take note of the important things you need to remember then compiling (inadvertently) a dossier of company’s (or personal) secrets which you chatted about
3. Use a complex password and change it frequently
4. Do not accept files from persons you don’t know and always scan them (using a reliable and updated anti-virus) for any viruses before opening

Apart from the above, there are also software packages that you could use and which would protect you against most of the above threats – but these will be discussed in future posts. For the time being, the above should be a good initial background of how to avoid some risks whilst instant messaging.

The Internet has been one of the most important ‘inventions’ in the history of man. Not only has it brought the world onto one platform but also changed the way that we think and act, but how long will this ever-changing world continue growing?

I think that only time will tell but from the looks of it, the Internet is here to stay and grow even bigger. The Internet has made an impact on research, studies, opportunities, communication, business, negotiation … you name it – the Internet does it. Have our ancestors ever thought that with a couple of clicks they can get in contact with someone across the globe? Definitely not! Sometimes I wonder what would they say if they had to be here now.

Its an undisputed fact that the Internet brought a massive count of advantages and provided feasible and rapid solutions to a number of problems, however it also brought some risks. Whilst the Internet has substituted most of the manual stuff – it also substituted manual crimes. Whilst before for someone to steel a person’s money the burglar had to break into their home, nowadays using the Internet people are being defrauded every hour. Whilst before for someone to be impersonated, one needed to go the extra mile to look like the victim – nowadays one only needs to stay in the comfort of their home and adopt someone else’s identity from behind a monitor. Unfortunately, these are the disadvantages of change and development and its not only in the Internet that these happen. Before we didn’t have powerful cars, nowadays people get killed because of the high-power vehicles they operate.

What can we do about it? Well, for starters, we need to be careful. The same way that our parents always thought us not to take candy from strangers – we also need to make sure not to trust the strangers that we meet online. The same way that we don’t visit places that could pose danger to us (e.g. high-risk areas for theft), we shouldn’t trust an online shop without knowing that its secure. In the coming days, we’ll be looking at some aspects that threaten our security (both online and offline) and identifying ways to protect ourselves against them – whilst comparing them to real-life situations which we already cater for.

Point 1: Lock your screen if you're leaving your desk

This is just the beginning and whilst some might find it stupid, many have fallen victims of data or identity theft because they left their machine accessible and unattended in their own office. More pointers to come in the following posts …

One of the most popular and fast-emerging social networks is undoubtedly Facebook. Many individuals and businesses are using this network to keep in touch with friends or get their business known worldwide.

Whist Facebook carried a lot of advantages, many have noticed that it does not have a username authentication mechanism. In reality, those who want to register a Facebook account and login would use their email address and password rather than a standard username-password combination.

The news is that now Facebook, starting tomorrow 13th June at 6.01am CET, will be giving users the ability to register their own username. Whilst this is a great idea, I cannot imagine the chaos that there will be with people staying awake purely to register their desired domain.

Now you’re thinking, “who’s that crazy to stay awake to register a facebook username?” Well, prepare yourself to be surprised. Just imagine how many people have become rich by buying a .com domain name with the name of a company and then sold it to this same company for thousands (if not millions) of dollars!

Who will get to your username first?

I don’t want to sound harsh, but I think that Facebook is going to create a way for people to make money off its network without investing a penny. I sincerely hope that this doesn’t happen, but if this happens, you cannot say that you weren’t warned! One thing is for sure, I won’t be sating awake to register the GamSec domain – I leave it to the content to attract the audience!

Its been since October 2003 that Microsoft have started the tradition of releasing patches for its software products every second Tuesday of every month. The most recent of the series was June 9th which saw a record release of patches.

Looking on the bright side, quite a few patches have been fixed through this group release, but my question would be – how many users were vulnerable and prone to attacks before this date? Last Tuesday’s release had no less than 10 security patches including one for a critical hole found in Internet Explorer 8. This means that before this, everyone using Internet Explorer 8 was an easy prey for hackers. And what tells us that there aren’t more of such holes?

I’m pretty sure that the answer to the above question will probably come on Tuesday 14th July and in every second Tuesday of the subsequent months. Microsoft has been organizing hacking contests where a number of hackers from around the globe try to exploit any possible vulnerabilities in the software so that Microsoft could then have it fixed. Unfortunately, the above critical security hole was identified way back in March and Microsoft took 3 months to issue the fix. This means that during these 3 months, the flaw had been identified and could have been ‘made public’ – whilst IE 8 users were vulnerable.

Is your browser making you vulnerable?

What was the flaw?
Out of the 8 Internet Explorer Patches that were released, the most important one was to fix a hole which permitted remote code execution which was made possible when the user views a specially-crafted website. This meant that hackers would be able to run codes on the user’s machine (for their own intent and purposes) simply because the user viewed a particular website or websites.

What else was released?
Quite a number of other patches were released particularly revolving around Microsoft Office products Word and Excel. The flaw was similar to the above but the possibility of remotely running codes would derive from the user accessing a specially-crafted word or excel file – making it somewhat more difficult.

My concern as a user
Whilst I understand that no code is perfect and that patches would always be required, my main concern is that such flaw was quite critical and a user could easily fall prey to such attacks considering that some users view hundreds of website each day – why did Microsoft take 3 months to release it? If it was so critical as described, couldn’t they have moved away from their second-Tuesday of the month tradition and release it once the fix was completed in order to reduce the possibilities of the users falling victims of such attacks?

The world is full of strange people, but the Internet is even worse. It didn’t take much time for crooks to understand that the Internet has given them the ability to gain a worldwide accessibility to possible victims to their scams. Unfortunately, some people use such useful resources to their own advantage and to the detriment of others.

Who has never found a link on a website saying that you’re the 999,999,999th visitor and you’ve won a million dollars? Who never received an email saying that you’ve won a lottery asking you to contact them so that you retrieve your prize money? Every Internet user have come across these circumstances and unfortunately, many have fallen victims.

As a matter of fact, with some common sense and thinking you’d realize that what you’re reading cannot be true! How can you win a lottery without ever participating in it? How can you go into a website, and every time you visit you’re the 999,999,999th visitor? Many don’t realize this and unfortunately continue by submitting their personal details to these persons and end up losing their hard-earned money instead of getting the hefty prize money.

Everyone could fall victim to a scam ... even you!

I thought I’d share an interesting website with you. Hoax-Slayer.com is an excellent reference point if you want to know whether an email you received is a scam or not. All the top email scams are listed ranging from the famous Nigerian Army Official to some of the most common compassionate chain letters. Whilst this website doesn’t give any guarantee that it has all scam emails included, it is a good focal point for who needs to verify the legitimacy of an email that they’ve received.

Personally, I’d suggest that you keep the following in mind if you receive such an email:
1. You can never win a lottery if you didn’t participate in it
2. No stranger is going to come to YOU to help him get the money out of the country
3. Companies have their own domain and won’t use a yahoo (or similar) email address
4. How could a stranger have your email address to inform you that your machine is hacked?
5. No bank will ask you to submit your account details via email

The above are only the tip of the iceberg but I’m sure that knowing these you’ll be able to identify legitimate from non-legimiate emails. At the end of the day, nobody will give you free money – if you really want to make a profit out of these emails, delete them!

Hacking has been one of the most popular subjects with the readers of this blog. With the issue being of worry to the vast majority of Internet users, I felt that it is time to start exploring some software products that would help you identify any intrusions into your system.

Going back to an article from last week entitled Are you being hacked? we started exploring the Foundstone Website which provides us with quite a few useful tools. In this article, we’ll be exploring a few of the most useful and simple tools and see how these can help us identify any wrongdoings that are happening on our system.

The first product is FPort. This software indicates any open UDP and TCP/IP ports and subsequently maps them to the respective application that is using them. This means that, if you identify a port that is opened by an application which you haven’t initiated or which you don’t know anything about you can then close the respective port through your firewall hence terminating the application.

Attacker is another interesting product which could easily be used in conjunction with FPort. This time, the software is given a number of ports to monitor (the technical term is listen). When a connection or data arrives to that port, the software will notify you so that you can then investigate further. Again, if you find that the port is being used for something dodgy, you will then be able to close the port through your firewall and avoid any connection or data coming in through that particular port.

A firewall is a must if you want to keep the world out of your business!

In the previous articles I’ve mentioned that when a machine is hacked, there are normally changes to some files. FileWatch is the software that would notify you if changes are made to any files from a list provided by the user. This software is able to send emails reporting changes or even make phone calls to a particular number if any such changes occur.

Above we’ve explored three very important software products that might be very useful in identifying any intrusion into our machine. Whilst these are mostly used for monitoring, the real action will then be taken through your firewall – which is why I stressed on the importance of having a good firewall installed on your machine.

Next topic will actually be the firewall and how to make sure that its configured correctly. We’ll be looking at how to turn off these ports – if any of the above tools indicate anything dodgy.

With Internet Explorer and Mozilla Firefox leading the field, what exactly are people looking for when choosing their default browser? What are the features that are necessary? and what security do these browsers give the users?

The answers to the above questions could be hundreds and mostly depends on what the user need from the browser and how he/she uses the Internet. If its a home user who only uses the browser to access webmail and check out the news, then simplicity is a must – but if its for a high end user who needs a number of toolbars, then flexibility would be the key!

Internet Explorer
This is one of the most common browsers – not for functionality but because many desktop computers use a Microsoft operating system which incorporates Internet Explorer in it – although the trend is changing (mostly because of the increasing prices of proprietary operating systems). Recently we’ve witnessed the release of Internet Explorer 8 which, I must say, was quite a good step. It includes private browsing whilst adding some more security for the user – it also inherited the tab feature from its predecessor but which came in too late compared to Firefox and Opera. The main drawbacks are that it is quite slow during the installation and not to mention the high resource usage.

Who's winning the race?

Mozilla Firefox
As any OSX Product, it is very reliable and solid. Being open-source means that more toolbars are created with full compatibility are available, and whilst 3rd party applications are risky (for security reasons), this browser blends them seamlessly into the interface making you believe that these are built-in features. Speed is one of its main virtues whilst it lacks on user-friendliness (to a certain extent). This is mainly due to the fact that it has so many functions which might become confusing for the standard user. Crashes are not very often – although I’ve experienced an increase in crashes when using it over a Vista platform – but the main drawback is that if one tab crashes, all other tabs do the same – but there is always the session restore function which might come in very handy.

Opera
Another free browser which is increasing in popularity but still not very common with the end user. Unfortunately, it lacks some essential features such as ad-blocking or private browsing, in addition to being relatively slow when compared to Mozilla Firefox. On the other hand, it has an excellent browsing history and synchronization whilst it doesn’t put a lot of burden on old computers.

Writer’s Choice
Allow me to give my personal opinion on this. I am personally a fan of open-source because I believe in knowing whats going on in your machine. I have used all the above but I couldn’t walk away from the Mozilla Firefox browser. In principle, I think that due to its flexibility it is much safer – even looking at the amount of security fixes that Microsoft issues (I wouldn’t be the first one to install a Microsoft browser exactly after the release). In addition, it offers much more customization because more developers are inclined at developing add-ins for this browser rather than for the proprietary Internet Explorer.

Opera has improved a lot over the years, however it lacks in speed and flexibility, making Firefox the ideal choice for every type of user.

One of the major threats for Internet users are viruses and trojans. I’m quite sure that at some point, every Internet user fell victim of a virus or trojan – the difference is that some knew about this and removed it, whilst some others didn’t and kept it spreading.

Attackers are normally trying to find the best platform to spread their virus as much as possible and what better than using the latest Internet trend? That means, Instant Messaging! I, for one, receive tens of messages from people who are on my MSN contacts list saying that they have a picture of me and inviting me to click a link. Luckily for me, I’ve never clicked on any of these links but I’m pretty sure that many would click even for the sake of being curious.

The MSN Virus has spread quite a lot and many users are effected by this. The problem is that the actual victim won’t realize anything because these messages are sent to the people on his/her contact list automatically. At this point, its very useful to notify that person about what happened so that he/she may attempt to remove the virus.

Unfortunately, uninstalling and re-installing MSN Messenger won’t work because the file would still remain on your machine. In fact, you’ll need to take further steps to get rid of this virus. Here are some tips to avoid this virus:

Tell your friend that he/she is infected!

What if you are the victim of this virus? How to remove it:
What happens is that at some point you have actually clicked on a link which led you to a seemingly legitimate website. What happened here was that you tried to log in – but in reality you were only giving away your username and password to the attackers.

Once they obtain your credentials, they would use an automated system to log into your account (although it would remain as offline for others) and submit the same link to everyone on your contacts list … and the cycle continues.

At this point, the best thing to do is:
1. Run a thorough virus-check to ensure that your machine is not infected
2. More importantly, change your MSN Password so that the attacker’s system won’t be able to log into your account again
3. Continuously upgrade both the anti-virus and anti-spyware software

Its good to notice that there are more than one MSN Virus. This only resolve the problem for one of them but since most IM-related viruses work in the same way, this could be the solution.

If you’ve tried the above without success, submit more details about the message that your machine is sending others and I’ll try to help you out with a solution.