Have you heard of URL hijacking?  What is it?  How does it happen?  What are the consequences?

I received a panicked call from one of my customers the other day:  Hey, what’s wrong here?  What happened to Mapquest?

So, I typed in mapquest.com and it came right up.  So I asked, tell me more about what is happening, please tell me step by step what you are doing and what you are seeing.

“Oh, I just typed in mapquest and I am getting this site that looks like mapquest but now they want my phone number and some other info.”

OK, where exactly did you type in mapquest?  In google* by any chance?  Did you put in mapquest.com?

“No, just mapquest.”

So I said, please type in mapquest.com in the address bar in the top of you browser, not in the google* search window.

“Oh, that works!  There it is!  Thanks!”  ”But I did type it into the address bar!”

So, what do you suppose happened here?  How did she get to a web site that was trying to scam her into revealing personal information?

Answer: URL Hijacking.

1. Her browser was set to search from the address window.
2. She did not type in the full URL. (or she could have misspelled it slightly)
3. She clicked on a result that looked like mapquest.
4. She ended up at a malicious website what was trying to trick her into revealing her identity and probably also attempted to install malware on her computer.

Solution:

1. Turn off searching from the address bar.
2. Never look for a known web site by searching for it. If you know the correct URL, type it into the address bar, not into some search engine.
3. If you do search for a web site, be skeptical and very careful about the results.

* any search engine can lead you to URL Hijacking.  Her browser happened to be set to search from the address bar using google.

Source, and more info: http://www.infopackets.com

Yes, it’s true.  With a few relatively simple programming tricks, a web site can effectively discern your browsing history.  Any web site, if they so desire, can figure out quite a lot of information about where you have been on the Internet as well as what you have searched for on well known search engines.

How:  Most people who surf the net have their browsers set to remember several weeks of browsing history, and they could visit a lot of web sites over that period of time. 

Well, unbeknownst to you, you may be letting on a lot more than you realize.

Cookies can also be used to spy on your browsing habits, but this techmique has nothing to do with cookies.  Therefore even if you diligently delete cookies, you may falsely believe your browsing habits will not be passed on to some other site you visit. 

How is this done?  All it takes is a simple bit of CSS and/or JavaScript code, and a database of links to test.  They can test up to a million links per minute.  That is right, I said a million links per minute.  And you won’t have a clue it is going on.

Now, what do you suppose a web site would want to test for?   Huh?  Just use a little imagination and you will answer that question for yourself.

The results can be added to another database that includes your I.P. address and whatever other identifying info can be gleaned from cookies and standard data that all browsers give out.  This standard data includes the brand of browser you are using, screen resolution and enough other information to uniquely identify your computer with a high degree of accuracy.  And that is not all.  Other techniques can test for content in your browsers cache.

 How to combat this?  Some suggestions:

• The most reliable way is to set your browser to not keep a browsing history (or to keep a very minimal history, say a day or two), and delete the history you already have.  
• Set your browser so that new and visited links have the exact same color.
• Keep your cache relatively small and delete it regularly, if not for every session. 
• Surf with a variety of browsers.

For more info, and to test your browser, you may visit the following links:

 http://www.whattheinternetknowsaboutyou.com

 http://startpanic.com/

Remember: Practice Safe Computing!

FaceBook is very popular and there are about 400 million FaceBook users around the world.  Experts believe millions of users will fall for this attack and get infected.  Yes, that’s right – millions of FaceBook users will be infected by this targeted attack.

Unfortunately, 400 million users makes for a big opportunity for delivering malicious software.  Hence, Inboxes all over the world are being flooded with SPAM that is trying to induce FaceBook users to click on an attachment.  This attachment installs Trojans and other malware that is very dangerous to the computer user.   And unless their security software catches it, they will have no idea it is on their computer.

Our advice:

• Never clink on any link or open any attachment in any email that warns of dire consequences – be it about FaceBook or your bank, or anything else.
• Keep your anti-virus software up-to-date.
• Periodical scan your computer with a tool specially made for finding and eliminating malware.  One of the best is MalwareBytes Anti-Malware freeware version, which can be downloaded from http://www.malwarebytes.org/

Goggle has developed a new web browser called Chrome. We advise anyone who values their privacy to stay away from this browser. A look at the licensing agreement tells it all:

“[Y]ou give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display,”

Say what?

That’s right “Your browsing are belong to us”

Unfortunately, someday, somehow, someway, somebody may get a hold of your browsing history and your search history, possibly including “unique identifier” and IP address and exact time of the search.  Not good.

And Google is not alone in this,  as most search engines do the same. 

We recommend ixquick.com. The web search engine that respects YOUR privacy.

(awarded the European Privacy Seal)

Extra added bonus!  ixquick also provides access via secure server, so mot only do they not store your search queries, you can encrypt the connection with SSL.

http://ixquick.com  or

https://ixquick.com (SSL encrypted link)

And hey, it also works very well.  Quality seach results.

By now, lots of folks have become wary of Phishing.  But what about “Vishing”?

Vishing is the practice of using an email or text message to bait a person to call a certain phone number.

The inducement is usually in the form of some dire warning about a problem with your bank or credit card account, and the email instructs you to call the phone number listed in the email.

At the other end, you will find someone, or an automated system, who impersonates your bank or credit card company.  They will request all your account details, and will those details to rip you off.

If you get one of these, DO NOT CALL THE PHONE NUMBER LISTED IN THE EMAIL.

If you do have any concerns about your bank account, call a listed phone number.   Find it on your statement or in the phone book.  Or, if it is about a credit card, call the number listed on the back of your credit card.

 And report the “vishing” attack.  (Just be prepared to explain what a “vishing” attack is.  They may not be familiar with the term.)

Microsoft is working furiously to fix a deep vulnerability in Windows. This vulnerability has affected lots of third party software vendors, and has hit Adobe Reader particularly hard. 

This vulnerability is being very actively exploited in the wild, both through infected email and through infected web sites.  It is propagated via infected .pdf files.   Therefore it is very important to download and install the latest patch to Adobe reader.  We advise all readers to check to see if they have Reader version 8.1.1, and if they don’t, to install it immediately.

Also, look for a patch from Microsoft in the near future.    We predict Microsoft will issue a patch ASAP, and not wait for their normal second Tuesday update cycle because this vulnerability is so important to get plugged.

For more information:

http://www.theregister.co.uk/2007/10/26/microsoft_scrambles_to_fix_windows/

TOR, AKA “The Onion Router”, is described on their web site as follows:

Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

But several security issues have been raised recently with the TOR, and a number of security professionals believe TOR should not be relied upon to provide secure communications or anonymous web browsing.

In fact, TOR provides this warning on their download page:

Warning: Want Tor to really work?
…then please don’t just install it and go on. You need to change some of your habits, and reconfigure your software! Tor by itself is NOT all you need to maintain your anonymity. There are several major pitfalls to watch out for.

Tor only protects Internet applications that are configured to send their traffic through Tor — it doesn’t magically anonymize all your traffic just because you install it. We recommend you use Firefox with the Torbutton extension.

Browser plugins such as Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe’s PDF plugin, and others can be manipulated into revealing your IP address. You should probably uninstall your plugins (go to “about:plugins” to see what is installed), or investigate QuickJava, FlashBlock, and NoScript if you really need them. Consider removing extensions that look up more information about the websites you type in (like Google toolbar), as they may bypass Tor and/or broadcast sensitive information. Some people prefer using two browsers (one for Tor, one for unsafe browsing).

Beware of cookies: if you ever browse without Tor and Privoxy and a site gives you a cookie, that cookie could identify you even when you start using Tor again. You should clear your cookies frequently. CookieCuller can help protect any cookies you do not want to lose.

Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can’t encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use SSL or other end-to-end encryption and authentication.

While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or mis-configured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.

Also, the ‘exit servers’ on the TOR network can easily be compromised, and all traffic through an exit router can be misused, as evidenced in the following article:
http://www.securityfocus.com/news/11486?ref=rss

In other words, even if you use TOR, secure communications requires careful configuration and the use of encryption and a secure pipe, such as SSL or VPN. And, as evident in the above article, you may indeed be less secure using the TOR network than when using other means of secure communications because TOR may give users a false sense of anonymity or security.

For secure email, we recommend using an email service that allows full SSL encryption for the entire session, not just the login page. And if you use email through a hosted web site, we recommend that you contact the host and ask if their email is secure or can be made secure. Many cannot.

We recommend any of the following options:

• HushMail, is one of the best.
• Alternatively, Gmail can be made secure if you log in using SSL, as in “https://gmail.google.com”.
• Or set up an Exchange Server account. We recommend Mailstreet, and use it locally or online.
• Or use a secure email installation on your computer. We recommend Ciphire Mail. (for maximum protection, both sender and reciever must be using Ciphire.) Ciphire can secure email using most any email client, such as Outlook.

Computers that have been compromised and turned into remote control attack machines, otherwise known as Zombies, are becoming a significant problem.

These compromised computers are being used to attack a variety of Internet servers in a number of countries. These attacks can shut down web sites by overloading their servers with traffic.

For more information:

CypherTrust.com is a good source of information about Zombies and other security threats.

Your Mama always told you, “Don’t accept candy from strangers”.

Well, don’t accept e-cards from strangers, either.

And your Mama would tell you the same about e-cards, if she knew what was in them.

You see, they are likely to make your computer sick.

Sick as in virus infection. Way bad.

Many email inboxes are being flooded with announcements that you have won a lottery. They usually that say something to the effect: your email address was picked at random, and has won a ton of money.

Well, that does not happen. Every last one of these emails is a scam. Period.

To be more exact, many of these are what is called an “advanced fee scam”. If you contact them, they will try to get enough personal information to steal you identity several times over, and secondly, you will be required to advance money in order to “process your winnings” or some such phony excuse.

One of the most certain things in life: You will never see that money again, and you will never get any winnings whatsoever. Period.

Unfortunately, thousands of gullible people fall for these scams ever year, and they loose millions of dollars. Don’t be one of them.

And please also ensure that none of your frends and relatives fall for this scam. Talk about it.