Home User IT Security

How to protect your home PC from hackers. We have free IT Security information of how to protect your home computer against hackers

NEW   Titanium Security For Netbooks 2012

Essential Protection

 

ANTIVIRUS
Proactively stops viruses before they reach you
   REAL-TIME UPDATES
Safeguards your PC from the latest Internet security threats
LIGHT ON MEMORY
Internet Security that won't slow you down

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Antivirus Plus 2012

Essential Protection

 

ANTIVIRUS
Proactively stops viruses before they reach you
   REAL-TIME UPDATES
Safeguards your PC from the latest Internet security threats
LIGHT ON MEMORY
Internet Security that won't slow you down

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Internet Security 2012

Advanced protection for your family – All the features of Titanium Antivirus Plus, plus:

 

DATA THEFT PREVENTION
Safely bank and shop online
   PARENTAL CONTROLS
Easily protect your children online
2 GB Online Storage
Protect, access and share your photo's, documents and more with a 2 GB SafeSync account

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

NEW   Titanium Maximum Security 2012

All in One Security – All the features of Titanium Internet Security, plus:

 

SOCIAL NETWORK SECURITY
Protects you from malicious link on social networking sites like Facebook, MySpace and Twitter
   WORKS WITH ANDROID
Extend your protection to your Android devices
10 GB ONLINE STORAGE
Protect, access and share your photo's, documents and more with a 10 GB SafeSync account

 

 

READ MORE ABOUT THE GREAT NEW PRODUCT FROM TREND MICRO

More and more people own internet-ready mobile devices, which without you realising it can increasing your exposure to cyber and real-life criminals.

Did you know that the  GPS functions on many smart phones that allow you to tell your friends where you are via website like Facebook can also tell criminals where you are so that they know when you are out it they are planning to burgle you home.

Spotify has apologized for an attack that exposed users of the free version of its music streaming service in Europe to malware through tainted  advertisements.  The ads served content that attempted to infect users' machines with scareware.  Spotify disabled third-party advertisements on Friday, March 25 after learning of the problem.  The company isolated and removed the offending ad, and service was back to normal in the next few days.

A survey conducted by the Ponemon Institute on behalf of ACVG says that mobile phone users in the US are lax on mobile phone security.  Nearly  84 percent of those surveyed use the same phone for both business and personal matters.  Many people also make purchases over their mobile phones.  Few consumers use phone-locking passwords and many use the same password for multiple apps.

 

Read Full Story

An investigation commissioned by data protection company CPP Group found that many people in the UK who sell their old smartphones and SIM cards are failing to wipe the devices of sensitive personal data.  More than half of the devices examined for the study were found to contain credit card PINs, bank account information, and login information for social networking sites.  The information was gathered from 35 used phones and 50 used SIM cards.  Users selling old phones should perform a factory reset.  Unless old SIM cards are being transferred to another of the owner's devices, they should be destroyed.

Read More

Roy or as he is also known as the Ghost of facebook discovered several security holes on facebook. One of these flaws was a XSS cross-site Scripting flaw. It appears that in an aim to make facebook aware of the risk exposed by one of these security issues ( which was the XSS Cross-site scripting flaw), he exploited this security flaw in by placing a message letting facebook users all over the world know he was “Off to Danao City”.

All the facebook members that received this message could not delete it or block Roy because Roy was not in their list of friends. This security flaw in facebook allowed Roy to contact a large number of facebook members that he did not have access to.

This security flaw should be a wakeup call to facebook because, because Roy may have drawn their attention to this security flaw by his actions, but what if this security flaw had been exploited by a cybercriminal with malicious intent towards the users of face book. Facebook has been lucky here because Roy has proven to them that if they don’t keep on top of their Internet Security is possible for someone to gain access to thousands of facebook users.
 

According to xssed.com a new XXS flaw was found on Facebook on January 28 2011. They report that this vulnerability leaves users at risk of scripting attacks and logins phishing. So is this the same XXS flaw that allowed Roy access. If this is the same flaw that Roy access then why did it take facebook 13 day to take action, and why did they have to be forced into taking action by Roy. We have found several sites on the internet reporting this XSS vulnerability in Facebook another example is Bkis Global Task Force Blog who reported this flaw on the 28 Jan 2011.

The action that Roy took to draw face books attention to this security hole was not correct, but its so sad to say that in today’s world it is one of the most effective way of getting people to Improve their Internet security. By this comment we are pointing out that a large percentage of website owners do not take the necessary action to ensure that their website are secure, even when vulnerabilities and security alerts are published. These type of people only take action after it becomes public knowledge that their website has been hacked. It’s so hard to say who is right and wrong in these situation because there is no proper laws in place to force website owners to have a basic level of security in place.
I do not condone hackers who exploit website just to force the owners to put correct security in place, but should we prosecute the hacker and not the website owner. We need laws and regulations in place to ensure website owner take correct action to protect their websites and users by having an acceptable level of security in place as well as forcing them to prove that they are taking necessary steps to keep their security up to date.

 

The fact of the matter is that Roy did not hack Facebook, he simply access facebook through an open door (a security hole). The most shocking part of all the so call big hack that are know about in the media is that most were not hacks, they were simply people access systems through open door (security holes/flaws) and which gave them access to the system. 99% of all hacking can be prevented by simply keeping your system up to date and running regular security issue.

What is a XSS Cross-Site Scripting attack?
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.
 

 

.

 

A scam targeting Irish home user from a group claiming to be an Indian based company. These individuals appear to be targeting primarily Irish home telephones numbers and from their voice, they sound Indian. The callers are both male and female.

When they call they want to speak to the main computer user in the house, they claim that they are contacting you because of a problem with your computer due to something you downloaded from the internet.

They try to convince you that this is not a sales or marketing call, they are simply calling to help you, so that you will not get in trouble because of the dangerous software that is on you have downloaded.

During one of their call, they want the person to switch on their computer so that they could guide them over the phone to fix the problem. During this call it appeared the they were taking the customer to a website that would produce a report about the problems with the PC.

During another call they claimed they were from Microsoft and were calling to help fix a problem with your windows operating system.

Again in another call the were ringing to help you because the software on your computer had expired and they were going to help you renew the produce.
 

They are using scare sales tactics to try to get people to pay them to fix the problem. If you agree to accept their help they will ask for your credit card details.
 

In some of the call the number on your phone display appears as 00253802308, some time it is also hidden.
If you do not let them help, you fix your computer some of their reprehensive get abusive on the phone and use scare tactics or pass very insulting comments.

Be ware this is a scam. Never trust someone who phone you up telling you there is a problem with you Pc and that he can fix it unless you know who that person is.

From what we know so far this scam started a few week ago, but since Saturday 5 Feb this crowd has got really aggressive with their ringing number several time, each time with a different operator on the phone. From speaking to one of the Irish phone companies it appears that many people have fallen victim to this scam so far, and they have a lot of users contacting them with complaint about this Indian company

The country code +253 is Djibouti, Africa. There are several phone companies in Djibouti offering cheap rate call so I suspect that the group running this scam are using the network of one of the phone companies in Djibouti to hide behind so that you can’t trace the call back to its country of origin.

 

We are seeing an increase in the number of scam coming from groups claiming to be Indian companies. Some of these scam are  Indian companies offering SEO and web design service, after you pay your deposit to start the service you never hear from the company again.

 

==============================================================.

Update 8 Feb 2011

Conducting our investigation into this group, we tried to gather some information:

  • When asked where they got the home phone number they were ringing the agent on the phone claims that it was a lead generated by their lead the. So we asked the question again this time wanting to know how their lead team got the private home number they had rung, according to the agent their lead team has method of gathering phone numbers and potential client details .
  • When informed that they were calling private Irish phone number that were not open marketing or sale call the agent tried to claim that their service was not marketing or sales, they were calling people to help them fix problem with their PC.
  • We tried to ask them what was their company name, but the agent kept saying we are a service to help people fix problem with their PC and no matter how many times we tried to ask for the company name the agent would not give any name of web site address where we could see some detail of their company.
  • When asked where they were calling from the agent claimed they were a company from India.
  • We asked how did they know that the house they had called had a PC, and the agent said that nowadays every hours has a PC and internet.
  • When asked if they could remove the private Irish Phone number they had called from their database they claimed that this was not possible.
  • When trying to find out what problem they were trying to fix, they claimed that it was something bad that had downloaded to our computer through the browser. And they wanted us to go to our computer so that we could do something so that they could connect remotely to our computes

The above information was collected over 3 different calls from this Indian group. During each call a different reprehensive from this Indian company had called the same Irish private home phone trying to use a different sales pitch and gain as much information about the type of computers in that house.
 

We have other reports where that during some call these agents from this Indian group have been abusive to some Irish people who refused to give them any information.

  • One Irish person reported that when she was contacted by this group she refused to give them any info and asked them to remove her phone number from their database. The Indian agent response to here was “will you have sex with me, I to F___ you.

We also have tried to call the phone number that is displayed on your phone when they call and we get an automated message in French and English saying that this number is not in service.

 

 

===========================================..

Update 8 Feb 2011

 

 

From conduction, our research into this group it appears that they have been targeting people in the UK, USA, Canada, Australia. Reports across all these countries say that they are very aggressive in their approach.

  • They inform the customer that they have been recommended by their ISP (Broadband provider) and they work alongside them to provide support by means of remote access.
  • They attempt to use ‘scare tactics’ in a bid to get users to sign up for their ‘computer repair’ service with statements along the line of they already know that the user’s computer is infected with malware and would be damaged beyond repair unless the user signs up and allows Support On Click to ‘fix’ the non-existent problem.
  •  Reports from the USA claims that the software this group get users to install on their PC, will not protect the PC. Instead it will infect the PC with viruses and open back doors allowing hackers access to the PC

 

Their website was supporttoclick.com has now been removed from the internet so they are probably using a different company name or website because their scam has becoming know. Their old website is reports on blogspost.com as been registered to Pecon Software Ltd in India