Business Security Information

Should you be concerned about using Facebook or other social networking sites?  While I do not use Facebook personally or for business, I have a lot of friends and relatives who do.  Unfortuately, in the past few months, Facebook has gotten a lot of attention due to a variety of scams and privacy issues experienced by those who use Facebook.

As part of your business, do you use any of the typical social networking sites such as Facebook, Twitter, and LinkedIn? If you do use these or other social networking sites, should you be concerned?Maybe!

Recently a security researcher, Thomas Ryan, set up accounts on these three main social networking sites using a fake person’s profile and purposely set out to “friend” the security, intelligence, government and military communities to see if they would fall for the scheme and to show the risks of social networking sites. Mr. Ryan made parts of the profile obviously fictitious. For example, he gave the fake 25 year-old female ten years work experience and other obvious clues. In the end, he still had over 200 friends on each one of the sites in a period of a month.

Since Facebook privacy issues have been a hot topic in security, I thought it would be a good idea to take a look at some of the add-ons or plug-ins you can get for the Firefox web browser that will help  protect your privacy when on-line.  While a lot of businesses and users still use Internet Explorer, many people and businesses are switching to Firefox which has a ton of plug-ins available.  When I wrote this article, there were 221 add-ons or plug-ins available for Firefox that touched on some element of privacy.  If you search for security-related add-ons, the list gets even bigger.  While I cannot address all of them in this article, I want to highlight a few that can help protect your privacy.

New internet attack methods or new variations of old ones seem to be developing on a regular basis.  This makes it hard to keep up with all the ways your business’ computer system can be attacked as well as adequately protecting your most vital business asset–information.

If you are like most businesses, you have more on your plate than you have time to deal with.  Keeping up with all the security issues that face your business can be a daunting task.  One resource that can help you is the new Mozilla Plug-in Checker.  This tool lets you determine which of the computer plug-ins you are currently using are outdated.  While this may not have concerned you before, there is good reason to pay attention to your plug-ins.

Despite its complicated pronunciation, the word obfuscate merely means is to change, alter, modify, or obscure.  In business, you probably use this more than you think.  On the web, businesses often use URL shortening services which take a long URL (website address) and make it a short one.  These shorter URL’s are then used in an e-mail or instant message, on a blog, or on social media sites such as Facebook.  Twitter is probably one of the most popular places URL shortening (obfuscated URL’s) services are used since you are limited on the number of characters you can put in each tweet.  I have also seen it used in e-books and other informational products that are downloaded off the web.  URL shortening services hide the original and often long URL.

**Before reading this article, please refer to my previous article on identifying phishing attacks.  A number of the typical identifiers used to identify a phishing are no longer as important.  Some recent changes made by these scam or social engineering artists makes it hard to easily identify such e-mails as phishing attacks.

Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF).  If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.  This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks.  Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service.  In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised.  Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary.

If you have not already heard, in mid-January Internet Explorer was under attack by the same attack method that was used by the Chinese to break into Google’s network.  Since then, a number of security researchers, security companies ,and even some governments have recommended that computer users switch to other web browsers such as Firefox, Chrome, Opera and Safari.  Currently, it appears the attack code is mainly geared towards IE (Internet Explorer) 6 and possible IE 7 so businesses that are still using IE 6 should change to another web browser or at least upgrade to IE 8.

Well, we have had a good Thanksgiving meal, and most everyone has headed off to bed so it is now time for me to get down to writing this article.  Yesterday I received an e-mail from a friend stating she was out of the country visiting a friend that was ill.  Her friend was in need of surgery, and they were trying to recruit a surgeon from Israel and were in need of $2800 to pay for this necessary surgery.  First, I was suspicious that this was a fraudulent e-mail because I had just seen the person and knew that she had no plans of heading out of the country.  Secondly, the e-mail requested $2800 dollars which is a very small amount for a surgery, especially since the e-mail had an urgency about it leading the reader to believe that it may be a matter of life and death.  The return e-mail was also suspicious because the return address was a generic Yahoo e-mail address.