[Guest Post] Five reasons why it pays to be paranoid about your internet safety

By , 29 April 2014 at 23:15
[Guest Post] Five reasons why it pays to be paranoid about your internet safety
Business

[Guest Post] Five reasons why it pays to be paranoid about your internet safety

By , 29 April 2014 at 23:15

By Dr David Day (@drdavidjday), Senior Lecturer and Consultant in Information Security and Forensics

The more internet applications we use, the greater attack opportunities we present to an aggressor. Moreover, in many instances the standard of security used when creating web applications is astonishingly poor, with an application’s functionality commonly placed above its safety.

When a scam web address has had URL shortening applied to it three or more times it’s likely your phishing filter will fail to detect that it’s a phishing URL

As security professionals, it’s increasingly difficult to keep up with the escalating number of new vulnerabilities. We can make an environment a lot more secure, but in terms of making the Internet completely safe, the odds are well stacked against us. We’re also depending on others to stay alert for the vulnerabilities we have yet to address. Here are five top tips to help you do that:

1. Avoid social media overload

Become mindful of the amount of information you reveal about yourself. Malicious parties have sophisticated tools and methods to correlate all the information about you from many different sites (referred to as “doxing”). Be attentive to your privacy settings on social media accounts such as Facebook, but also be aware that information posted online has a way of getting out regardless. Think, very carefully, before you post information which can be either used against you, or to impersonate you.

2. Recognise Phishing.

Never give your personal information to anyone unless you completely trust them and are absolutely sure they are who they say they are. Further, don’t rely solely on the phishing filters you may have on your web browser – they work by checking web addresses against either known legitimate (white) or known malicious (black) lists. These lists cannot be entirely complete and therefore cannot be exclusively relied upon. Also, many filters are ineffective against URL shortening. When a scam web address has had URL shortening applied to it three or more times it’s likely your phishing filter will fail to detect that it’s a phishing URL.

3. Watch out for compromised websites.

Many websites have been compromised by a technique called Cross Site Scripting and the likelihood is the site’s administrators will not even know their web application is affected. This doesn’t mean you are powerless against it. Your web browser has a number of settings you can adjust to help protect you. It’s beyond the scope of this article to discuss them all, but if you are using a modern version of Internet Explorer then it’s well worth becoming familiar with the browser’s security tab in internet options, particularly those relating to scripting.

4. Don’t be a victim of malware.

Viruses, worms, trojans, spyware, adware, ransomware, rootkits, rats and keyloggers are just some of the different types of malicious software. The most likely way one of these will affect you is if you click on or open a file or attachment when you either don’t know what it is, or you don’t know who or where it is from. If you can’t authenticate the source of the file with certainty and also cannot confirm the attachment or file is safe, then simply delete it. Even if it’s from someone you know, and you can verify it is indeed them, can you also be sure that they know what they have sent you?

Think very carefully before you post information which can be either used against you, or to impersonate you

5. Be careful with Bittorent…

Or indeed any other file sharing system. Most use it because they don’t want to pay for copyrighted or commercially licenced material. Putting any discussion on the morality of that to one side, and not dwelling on the fact that its improper use can end up with you facing a serious law suit and/or criminal proceedings, they are also a perfect way to propagate malware. If you regularly downloaded pirated media, sooner or later (usually sooner) you will end up infected with malware.

In summary, be alert and cautious – paranoia is no bad thing on the internet. And while the favoured headline may be “In cyberspace no one can hear you scream”, this is no longer true. Using remote access trojans, hackers can take control of your webcam and mic. So now they can not only hear you scream, they can see your face as you do so.

previous article

[Guest Post] Why mobile is the next big thing beyond online and social

[Guest Post] Why mobile is the next big thing beyond online and social
next article

[Research] “Did you see my message?”: Exploring how accurately phones can predict their users’ availability

[Research] “Did you see my message?”: Exploring how accurately phones can predict their users’ availability