Renata
rengolin
The Ten Most Dangerous Online Activities
:
A Geek Family
Forbes magazine made a list with the The Ten Most Dangerous Activities for an Internet User. Some of them are too obvious for those who live and work with Internet, but, users still ignore them.
1. Clicking on e-mail attachments from unknown senders
No matter how many times you warn them, employees still manage to poison their computers with new malware because they "just couldn't resist looking at the attachment."
Even with today's new range of exploits, e-mail attachments continue to be the most likely means of contracting viruses, worms, Trojan horses and other digital infections.
It's still the most dangerous thing end users do.
2. Installing unauthorized applications
Peer-to-peer apps such Instant Messaging, Kazaa and other free file-sharing utilities that let users share documents, software and music create the risk of bad stuff coming in and sensitive corporate or personal stuff going out.
The best defense is to ensure employees have only user--not admin--privileges on their machines. And have a written corporate policy about what users can and can't do with these apps.
3. Turning off or disabling automated security tools
I saw it many times. The worse problem that I have working as a security consultant was a case about a vice-president that user found a way to turn off the security patches scheduled downloads on his remote PC. Our whole network became vulnerable until we finally recognized the problem and reactivated the barrier.
Most enterprise firewalls and anti-virus applications now contain configuration options that enable IT to eliminate the "turn it off" option from the user's desktop. In many cases, it may be better to force the user to accept a patch or a slow ISP connection--and deal with the complaints--than to leave the company's systems open to remote attack, experts say.
4. Opening HTML or plain-text messages from unknown senders
HTML text--and increasingly, images--can be infected with spyware, and in some cases, executable code. In July, experts at iDefense Labs, the security research arm of Verisign, discovered a new, relatively simple method of embedding shell code into commonly-loaded Web images, such as computer graphics, online photos or PDF documents.
HTML files may contain Javascript, ActiveX controls or macros that can allow an attacker to gain control of a PC or turn into a remotely controlled zombie.
Some enterprises have restricted the use of HTML e-mail, or even disallow it altogether.
5. Surfing gambling, porn or other dicey sites
Online gambling and pornographic sites are becoming a frequent source of infection via 'drive-by downloads' and zero-day exploits.
Also, most companies today have established that such content, even when technically legal for consumers, could create a hostile working environment for employees, subjecting the company to legal or punitive action. Why users still do it?
6. Giving out passwords, tokens or smart cards
Despite years of IT warnings to the contrary, about one in three people still write down their computer passwords somewhere near the machine, either on a piece of paper or in a text file on a PC or mobile device.
Also there are the problem with users that can be too trusting of acquaintances, colleagues and family members who may "borrow" their passwords or authentication tokens, exposing them even more to loss or theft.
7. Random surfing of unknown, untrusted Web sites
Browser-based vulnerabilities are becoming one of the most popular targets of attackers on the Web. Attackers have started to compromise enterprises through the use of browser-based and other client-side vulnerabilities, because users are so vulnerable, ignoring IT warnings.
The releases of Internet Explorer 7.0 and Firefox 2.0 will make it even more challenging for attackers to compromise the browser, but IE7's first bug was reported just hours after it went live, so protect your computer, surf with active content disabled, use Opera or Firefox, and run your browser with very little permission and settings.
8. Using any old Wi-Fi network
It's tempting for a user on the road to jump on the closest Wi-Fi connection they pick up while waiting at the airport or some other public place, but there is no way of ensuring that the networks they connect to aren't run by a malicious attacker. In fact, watch that guy sitting at the next booth--he may be hacking into your laptop over that very same Wi-Fi link.
A personal firewall can help as long as your users keep it turned on. Use a tunnel through with SSH or a VPN client and don't do anything too sensitive. But the only way to ensure that your users won't get hacked via Wi-Fi is to have them disable their wireless card altogether while they work from public places.
9. Filling out Web scripts, forms or registration pages
Users are more likely to get hacked if they use the same user name and password for most every site they visit. Even a trusted site can have an XSS exploit embedded in it. All it takes is for a user to read a message on a bulletin board that contains malware, and an attacker could gain control of the user's browser session or install a keylogger in your computer.
Picture that: a hacker looking over your shoulder as you logged onto a Web site or typed sensitive data into a registration page. That is what happens when your computer became exposed to a keylogger.
10. Participating in chat rooms or social networking sites
Do you try to keep your kids off of MySpace or Orkut? But you access Linkedin because it is much safer than MySpace, as they are just like a professional organization, right? Wrong. Social networking sites are a malicious social engineer's dream come true.
With business social networking like LinkedIn you share amount of information that a social engineer can learn by doing simple searches. Attackers can find out who your business partners, vendors and clients are simply by viewing your shared connections. You should assume that anything you post to a social networking site is public.
Source: Forbes
1. Clicking on e-mail attachments from unknown senders
No matter how many times you warn them, employees still manage to poison their computers with new malware because they "just couldn't resist looking at the attachment."
Even with today's new range of exploits, e-mail attachments continue to be the most likely means of contracting viruses, worms, Trojan horses and other digital infections.
2. Installing unauthorized applications
Peer-to-peer apps such Instant Messaging, Kazaa and other free file-sharing utilities that let users share documents, software and music create the risk of bad stuff coming in and sensitive corporate or personal stuff going out.
The best defense is to ensure employees have only user--not admin--privileges on their machines. And have a written corporate policy about what users can and can't do with these apps.
3. Turning off or disabling automated security tools
I saw it many times. The worse problem that I have working as a security consultant was a case about a vice-president that user found a way to turn off the security patches scheduled downloads on his remote PC. Our whole network became vulnerable until we finally recognized the problem and reactivated the barrier.
Most enterprise firewalls and anti-virus applications now contain configuration options that enable IT to eliminate the "turn it off" option from the user's desktop. In many cases, it may be better to force the user to accept a patch or a slow ISP connection--and deal with the complaints--than to leave the company's systems open to remote attack, experts say.
4. Opening HTML or plain-text messages from unknown senders
HTML text--and increasingly, images--can be infected with spyware, and in some cases, executable code. In July, experts at iDefense Labs, the security research arm of Verisign, discovered a new, relatively simple method of embedding shell code into commonly-loaded Web images, such as computer graphics, online photos or PDF documents.
HTML files may contain Javascript, ActiveX controls or macros that can allow an attacker to gain control of a PC or turn into a remotely controlled zombie.
Some enterprises have restricted the use of HTML e-mail, or even disallow it altogether.
5. Surfing gambling, porn or other dicey sites
Online gambling and pornographic sites are becoming a frequent source of infection via 'drive-by downloads' and zero-day exploits.
Also, most companies today have established that such content, even when technically legal for consumers, could create a hostile working environment for employees, subjecting the company to legal or punitive action. Why users still do it?
6. Giving out passwords, tokens or smart cards
Despite years of IT warnings to the contrary, about one in three people still write down their computer passwords somewhere near the machine, either on a piece of paper or in a text file on a PC or mobile device.
Also there are the problem with users that can be too trusting of acquaintances, colleagues and family members who may "borrow" their passwords or authentication tokens, exposing them even more to loss or theft.
7. Random surfing of unknown, untrusted Web sites
Browser-based vulnerabilities are becoming one of the most popular targets of attackers on the Web. Attackers have started to compromise enterprises through the use of browser-based and other client-side vulnerabilities, because users are so vulnerable, ignoring IT warnings.
The releases of Internet Explorer 7.0 and Firefox 2.0 will make it even more challenging for attackers to compromise the browser, but IE7's first bug was reported just hours after it went live, so protect your computer, surf with active content disabled, use Opera or Firefox, and run your browser with very little permission and settings.
8. Using any old Wi-Fi network
It's tempting for a user on the road to jump on the closest Wi-Fi connection they pick up while waiting at the airport or some other public place, but there is no way of ensuring that the networks they connect to aren't run by a malicious attacker. In fact, watch that guy sitting at the next booth--he may be hacking into your laptop over that very same Wi-Fi link.
A personal firewall can help as long as your users keep it turned on. Use a tunnel through with SSH or a VPN client and don't do anything too sensitive. But the only way to ensure that your users won't get hacked via Wi-Fi is to have them disable their wireless card altogether while they work from public places.
9. Filling out Web scripts, forms or registration pages
Users are more likely to get hacked if they use the same user name and password for most every site they visit. Even a trusted site can have an XSS exploit embedded in it. All it takes is for a user to read a message on a bulletin board that contains malware, and an attacker could gain control of the user's browser session or install a keylogger in your computer.
Picture that: a hacker looking over your shoulder as you logged onto a Web site or typed sensitive data into a registration page. That is what happens when your computer became exposed to a keylogger.
10. Participating in chat rooms or social networking sites
Do you try to keep your kids off of MySpace or Orkut? But you access Linkedin because it is much safer than MySpace, as they are just like a professional organization, right? Wrong. Social networking sites are a malicious social engineer's dream come true.
With business social networking like LinkedIn you share amount of information that a social engineer can learn by doing simple searches. Attackers can find out who your business partners, vendors and clients are simply by viewing your shared connections. You should assume that anything you post to a social networking site is public.
Source: Forbes
20/20 Filmsight
Science News
Hunt Famous
Orble Post of the Day
Fat Cult
Techbreak
A Geek Family
Using insecure operating systems is implicit.
Health 2 Know
Learning Something Everyday
Daily History
Malaysia Found
Great insights! It is so true that it is really dangerous these days if we aren't alert enough.
Hope your new year was good!
cheerio
Jessicca
A Geek Family
I´m glad you liked my post!
A Geek Family
Information Security Carnival is up <a here
And your article was selected!
Comment, link to us! Spread the word!