Monday, June 15, 2009

Five Free Security Hacks
Let's talk about security hacks—simple yet clever ways to protect yourself in the physical and cyber worlds that cost little or nothing.
The premise behind tricks like this is not that any one—or even all—of them is guaranteed to protect you thoroughly, but rather that each of them will make stealing your system or data difficult or unappealing. It should go without saying that neither one nor all of these can replace good, up-to-date antivirus and firewall protection.
The classic non-tech security trick is using motion detection spotlights or lights on a timer—even fake video cameras or surveillance warning signage—to give the impression that your home or business is occupied. No thief actually wants to be seen, and few want to chance confrontation. Along similar lines, there are easy and free ways to make your computer and data less available to thieves.
  1. A surprisingly effective PC security trick is simply to remove the keyboard and mouse. I discovered this when the keyboard on my laptop died and I had to use an external keyboard for a while. It's highly unlikely that a snoop will carry an extra keyboard and mouse with him. This will slow someone down but is far from foolproof, and it should go without saying that every computer should be physically locked to a sturdy object and secured behind a strong password.
  2. To protect from podslurping (the connecting of an unauthorized USB device and its use to steal data), disable your USB ports. Or—and we borrowed this one directly from the U.S. military—epoxy over the USB ports. Too permanent? A slightly more elegant solution is to open the PC case and disconnect (or cut) the wires running from the motherboard to the USB ports.
  3. Traveling with a laptop? Try not to advertise that you're carrying a valuable piece of equipment: Use a computer bag that doesn't look like a computer bag, or use a neoprene sleeve inside a regular backpack. If you nap at the airport, wrap the shoulder strap around your arm or leg so you'll be alerted if someone tries to walk away with your bag.
  4. Here's an easy way to hide your Windows PC on a network while maintaining access to network resources. (This also works when you want stealth but still want to let others access your shared resources.) At the command prompt, type Net config server /hidden:yes. Now you're still a member of your network neighborhood but your PC won't show up when others browse for it. Make sure your software firewall is turned on, and block incoming ICMP traffic. This will prevent a network intruder from scanning for your PC using a ping sweep.
  5. Once you are hidden on the network, you can spend some time trying to figure out who—if anyone—is connecting to your PC and to whom your PC is connecting. To accomplish this, you'll use the command-line tool Netstat and the Task Manager. Get to the command prompt and type netstat –ao. A bunch of info will flash by on your screen listing the type of connection, the IP addresses of remote hosts, the protocols, and the process identifier, or PID. If there's something here you don't recognize, write down the PID. Now, open the Task Manager and add the PID column by opening the View menu and clicking on Select Columns. Check the box next to PID. Now match the PID from Netstat and the PID from Task Manager to learn which applications are holding which ports open. A well-secured machine should have ports open only for authorized apps.
  6. One last idea: Enabling secure log-on in Windows XP and Vista will protect your system from malware that attempts to impersonate a log-on screen to steal system passwords. This forces anyone trying to log on to press Ctrl-Alt-Del first. In Windows Vista, open the Run command, type netplwiz, and clickContinue when prompted by User Account Control. In the Advanced User Account window, click the Advanced tab, then select the box that says Require users to press Ctrl-Alt-Delete. In Windows XP, go to the Control Panel's User Accounts applet. In the Advanced User Account window, click the Advanced tab, then select the box that says Require users to press Ctrl-Alt-Delete


Get em quick!!
Facebook usernames to be released
Facebook page
New Facebook usernames will be available from 5am on Saturday

Social networking site Facebook is giving users the chance to create their own, personalised web address.

From Saturday morning, anyone using Facebook will be able to sign up for a username using their name and surname.

The changes will be available to members from 5am on 13 June but users will have to get up early as it'll be on a first-come, first-serve basis.

The company says the new Facebook URLs will make it easier for people to search for common names on the site.

Facebook users have always used their real names for profiles within the social networking site, but this is the first time URLs will contain the same information.

Instead of a jumble of numbers at the end of a user's URL it will read, for example,

The social networking site says usernames will still have the same privacy settings as profile names when using the site's search tool.

If users signed up for a Facebook page after 31 May this year or a user profile after Wednesday at 8pm, they may not be able to sign up for a username immediately.

That's to stop abuse or "squatting" on names.

A Facebook blog on the username changes said: "We're planning to offer Facebook usernames to make it easier for people to find and connect with you.

"When your friends, family members or co-workers visit your profile or pages on Facebook, they will be able to enter your username as part of the URL in their browser.

"This way people will have an easy-to-remember way to find you.

"We expect to offer even more ways to use your Facebook username in the future.

"Your new Facebook URL is like your personal destination, or home, on the web."


Shivering with Anticipation

Microsoft to give away anti-virus

Microsoft is poised to start giving away security software.

The company is reportedly trialling free anti-virus software internally and said the beta version would be released "soon".

Called Morro, the software will tackle viruses but lack the broader range of utilities, such as parental locks, found in paid-for security suites.

Morro will be Microsoft's second venture in the highly competitive security market.

Microsoft's first attempt revolved around the Windows Live OneCare service that did not succeed in turning many customers away from rivals such as Symantec and McAfee.

Microsoft plans to discontinue Live OneCare once the Morro software is ready.

No specific date has been given for when Morro will be released, but in the past Microsoft has said it would be out by the end of 2009 at the latest.

Microsoft said Morro would tackle viruses, spyware, rootkits and trojans.

Janice Chaffin, Symantec's president of consumer products, said customers wanted more than just basic protection.

"A full internet security suite is what consumers require today to stay fully protected," she said.

Security software for home PCs typically cost around £30-40 and often allow users to install protections on more than one computer.

Other companies, such as AVG and Alwil already produce and distribute free anti-virus products.

Fake help

In its latest update, Microsoft added code that detects and deletes the widespread Internet Antivirus Pro family of fake security software programs.

Such programs, also known as scareware, have been proving more popular with hi-tech criminals in recent months.

The Anti-Phishing Working Group estimated that there were 9,287 bogus anti-malware program in circulation in December 2008 - a rise of 225% since January 2008.

The US government has moved to shut down some companies peddling the programs that falsely claim to find malicious software on PCs and then charge for the non-existent threats to be removed.

In addition, the Internet Antivirus Pro software displays fake Windows security messages to try and trick people into thinking the product is legitimate. The software also contains a password stealer that watches where people go online and grabs login data.




Post a Comment