Archive | January, 2014

Updating Your Antivirus Software Just Isn’t Enough

29 Jan

In Part I of our 3-part series, Wise Words focused on the myth that hackers have no interest in the computers of everyday individuals who do not store sensitive information on them. As you may have read, nothing could be further from the truth. Hackers can use the storage or processing power of your computer for multiple nefarious functions, even if you keep only the most innocuous of information on your machine.

Today, we look at some other popular misconceptions.

Part II:

Myth: Using and updating antivirus software is enough to prevent my computer from becoming vulnerable to security incidents.

Reality: The use of antivirus software certainly is one step you can take to help protect your system. And it is helpful against known malware (malicious software), according to Lisa Lancor, chairwoman of Southern’s Computer Science Department. (Southern recently restructured its M.S. in computer science degree to focus on cybersecurity and software development.)

“Unfortunately, antivirus software does not protect you from malware that it does not know about,” Lancor says. “Malware that exploits a brand new vulnerability is referred to as a ‘zero-day attack’ because the security community has known about the vulnerability for zero days.”

Nobody wants to see the dreaded virus alert pop up on their screen.

Nobody wants to see the dreaded virus alert pop up on their screen. Keeping your antivirus software up-to-date is just one of several steps you should take to minimize the chances of your computer getting sick.

Fair enough. But what are the chances of being hit with a “zero-day attack?”

It’s not that rare, according to Lancor. “A recent report by McAfee Labs indicates that its researchers find and catalog close to 100,000 new samples of malware per day,” she says. “That equates to 69 new, zero-day malware samples per minute. Are you keeping up with antivirus updates every minute?”

Even more disturbing, malware developers can sell their code on the black market of the Internet, Lancor says. They can sell for tens of thousands, even hundreds of thousands of dollars. “Clearly, creating zero-day malware is big business for hackers these days.”

Myth: Mac users are safe from malware.

Reality: It is true that at one time, Mac users were relatively safe from malware, though there are always exceptions. But because the number of Mac users has increased significantly during the last decade, virus writers have set their sights on Apple, according to Lancor. Just recently, a malware called IceFog was discovered that attacks both Windows and Macs and provides a backdoor into your system. “It can accept instructions from a command-and-control infrastructure to have your system do whatever hackers want,” she says.
Lancor points to the FlashBack virus that infected more than 600,000 Macs and included them into one of the first significant Mac-based botnets. Apple has been continuously adding security features, including its own anti-malware applications, into its operating system. Mac users are advised to follow safe security practices, just like PC users.

Myth: As long as you don’t click on ridiculous email links from people you don’t know, you should be pretty safe.

Reality: These aren’t the spam attacks of your grandparents’ day…er, in your parents’ day…um, in your older siblings’ day. It’s not just the Nigerian banker who wants to deposit money into your banking account, or the Viagra link, or an announcement that you’ve won the lottery of a foreign country for which you never bought a ticket. “Hackers are fully aware of the security education and training that you have been receiving about not clicking on links in emails from people you don’t know or trust,” Lancor says.

She points out that “smart phishing attacks,” also known as “spear (very targeted) phishing attacks now come from people you do know, or from hackers acting as someone you do know. “Hackers go so far as to study the content of previous email exchanges that you have had with someone and then they mimic the language and styling in an attempt to let your guard down and click on a malicious link,” she says. “The malicious link will look legitimate and quite benign.” Examples might include “annual sales report” or “a properly formed UPS tracking number. “If you click on the link, it will take you to an exploit site that is set up to blast your browser and operating system with every vulnerability that it knows about in an attempt to gain access to your machine.

“And to make matters worse, while it used to be the case that you always needed to click on something to get infected, now there are drive-by-downloads that require you to do nothing. Just visit a website that is compromised and without you noticing, it will redirect you to a site that will fire everything it has at you (to take over your computer).”

Coming soon:

Part III — Protecting yourself against hackers, malware

Advertisements

Computer Hackers: They Want Your Machine

24 Jan

Caution: What you’re about to read may make you want to turn off your computer, bury it, sprinkle it with holy water and return to a pre-1990s lifestyle that was devoid of all things cyber.

De-bunking popular misconceptions about cybersecurity can be a wake-up call for casual computer users that your machine is quite vulnerable to those with bad intentions. Spammers, phishers and those who like to spread viruses for the “sport” of it are just some of the individuals that your unit needs to be protected from in cyberspace. The recent hacking of the Target computer network – which has led to the breach of credit and debit card information for an estimated 40 million of the company’s customers and other personal data (email addresses, phone numbers, etc.) of up to 70 million others – has sparked concern and outrage from the public.

But what kind of risk do people face with their home computers? Do hackers have any interest in your computer? The answer is yes.

Computers at work, school and home are all vulnerable to attack from hackers.

Computers at work, school and home are all vulnerable to attack from hackers.

Today, Wise Words launches a 3-part series devoted to the topic of cybersecurity. Part I focuses on the myth that hackers are not interested in your personal computer because you don’t have any top secret information on it. In Part II, we will explore other common misconceptions of cybersecurity.

But don’t worry. In Part III, Wise Words, through the insight of Lisa Lancor, chairwoman of Southern’s Computer Science Department, will offer steps that the average computer user can take to minimize their exposure to hackers. Southern recently revamped its M.S. degree program in computer science to place increased emphasis on cybersecurity and software development.

Part I:

Many people believe that because their machine is only for personal use, hackers have little or no interest in trying to compromise their unit. After all, we frequently hear about incidents involving hacking into computers belonging to government agencies, businesses, large institutions and political entities. Social Security numbers, credit card numbers, trade secrets, candidate strategies and classified documents can be at stake.

But what would anyone want with a computer filled with pictures of someone’s family dog, Little League schedules and the latest standings of their Fantasy Football league?

“Hackers value your computer for its resources, regardless of whether it has valuable information or not” says Lisa Lancor, chairwoman of Southern’s Computer Science Department.

“In fact, they will secure your computer after they have compromised it so that no other hacker can own your machine. It’s a sad state of affairs when hackers start patching and securing your system for you.”

What Makes Your Computer so Attractive to Hackers

Lancor points to several purposes:

  • Storage devices – Hackers may want to store their bootlegged movies, illegal pornography and other contraband on your hard drive. “This way, you run the risk of getting caught with the illegal content and not them,” she says.
  • Processing power – Hackers may want to use your processing power for a variety of reasons. Some examples include using it to help solve computationally difficult problems, such as finding the next prime number (millions of digits long); generating Bitcoins, a decentralized, globally recognized e-currency that requires significant computer processing power; and folding proteins to help researchers understand diseases. “Solutions to computationally difficult problems can provide a big payout,” Lancor says. “And producing Bitcoins can be big business since one Bitcoin at today’s market price is currently worth about $950.”
  • Service provider – Your computer could be become an unwitting “spam machine.” The hacker may have set it up to deliver spam messages.
  • Use as part of a bot network – Bot is a shortened name for Web robot, a program that conducts repetitive functions automatically. Like many things on the Internet, a bot can be used for good or ill. Hackers sometimes take control of others’ computers to become part of a gigantic botnet composed of thousands or millions of compromised computers that are controlled by a “bot master,” or a “command and control” server located anywhere around the world. “Underground Web-based storefronts sell botnets of 1,000 U.S.-only compromised computers for the current market price of about $1,000,” Lancor says.
  • Launching pad – Hackers are usually savvy enough not to use their own computer to launch an attack. That’s what your computer can be for, just in case law enforcement traces the attack back to the launching point. “The FBI might come knocking on your door because an attack was launched against the White House or National Security Agency from your IP address,” Lancor says.
  • Free ride into your bank – Those who do some online banking or make other financial transactions via a compromised computer, watch out! Your machine can include a keylogger,  a piece of surveillance software that records every key stroke on a machine and can be used to decipher even the most secure passwords.
  • Ransom — Believe it or not, some hackers have taken to encrypting your photos and documents and holding them “hostage” with a key that only they know. They tell you to deposit Bitcoins into their anonymous e-wallet in exchange for decrypting your files.

Scary, huh?

Coming soon:
Part II — Other myths about cybersecurity

Swine Flu Returns…Just Not Hogging the Headlines This Time

15 Jan

Oink, oink. It’s baaaaack!

The H1N1 flu virus — commonly known as the “Swine Flu” — put a scare into U.S. public health and medical professionals starting in the spring of 2009. Public health specialists, fearing the potential for one of the worst flu outbreaks in memory, had raced against the clock that year to develop a vaccine for that form of the flu so that it could be ready for the fall. The general flu vaccines that had been prepared did not include H1N1 because it was not predicted to be a widespread threat until after those vaccines were produced.

And while there was a pandemic, it was not as widespread or as virulent as many had feared.

Fast forward 4 years. After a brief “hiatus,” H1N1 has returned. And this time it has gone “mainstream,” generating relatively little media attention compared with 2009. Yet, it has been the dominant strain during this flu season. When people talk about the flu this season, they are almost certainly talking about H1N1. The reduced media visibility may be due, in part, to the fact that this year’s general flu vaccines offer some protection against the Swine Flu. Thus, there is no panic within the public health community.

The 'Swine Flu' -- which made headlines when it caught public health officials by surprise when it surfaced in 2009 -- is back. The H1N1 virus is the dominant strain of flu this season, but public health officials are ready this time with vaccines that include some protection against the bug.

The ‘Swine Flu’ — which made headlines when it caught public health officials by surprise when it surfaced in 2009 — is back. The H1N1 virus is the dominant strain of flu this season, but public health officials are ready this time with vaccines that include some protection against the bug.

The symptoms are largely the same as the other, garden-variety versions of the flu of years past. It usually involves a sore throat, cough, fever, chills and fatigue that can be extreme. Vomiting and nausea are sometimes associated with it.

But what distinguishes the Swine Flu from other flu bugs is the target audience. While the very young and the elderly are generally more vulnerable to the flu, the Swine Flu seems to target teens and young adults more heavily than older people. Experts believe this may be because many individuals born before 1950 were exposed to Swine Flu-like viruses early in their lives, and therefore have developed some immunity to the H1N1 strain.

This dog knows what to do in case of flu.

This dog knows what to do in case of flu.

So, how can you avoid catching the Swine Flu? Although there are no guarantees, there are some steps you can take to reduce your chances, according to Dr. Diane Morgenthaler, director of Southern’s health and wellness center.

She strongly recommends consulting with your doctor about getting a flu vaccine. While there are some people who should not get it for health reasons, most individuals probably should, Morgenthaler says. College students often have the option of checking with their campus health services.

“It takes about two weeks for the vaccine to take full effect,” she says. “But we haven’t reached the peak of flu season yet, so there is still time.”

Morgenthaler’s suggestions also include:

  • Consistently use good hand washing techniques and make frequent use of hand sanitizers, especially after touching common areas, such as door knobs, light switches and remote controls.
  • Consider a fist bump, instead of a handshake. If you do shake hands – and especially if the other person shows signs of being sick – wash your hands thoroughly. Or, at least, use a hand sanitizer.
  • Eat well and get plenty of sleep. You want to keep your immune system sharp in case you are exposed to the virus.
  • Avoid crowded places when possible.

And what if you suspect you might already have caught the flu?

“Antiviral medication may be helpful, especially in the first 48 hours,” Morgenthaler says.

“Most people are better within 1 to 2 weeks using over-the-counter medications like acetaminophen, ibuprofen, cough drops, antihistamines, salt water gargles and by drinking lots of fluids. But don’t spread the virus around. If you are sick, stay home if at all possible. Most bosses, professors and teachers will understand.”

Stay well!

Happy 2014!

1 Jan

Happy New Year, everyone!

It’s hard to believe a year has passed since we launched Wise Words. Throughout the year, we explored a wide variety of topics that we hope have proven to be both interesting and informative. During that time, the blog has received more than 6,000 views. Thank you for your stopping by!

Happy New Year!

Happy New Year!

We look forward to continue sharing insightful posts with you in the coming year. Whether you’re a student, a parent or a member of the general public, we invite you to check us out in 2014. We strive to make the blog an even better resource for the community.

Our Jan. 4, 2013 post (our very first) talked about keeping New Year’s resolutions. If you never read it, or even if you have, we thought it might be worth checking out.

We wish all of our readers a happy, healthy and productive new year!

%d bloggers like this: