Here is your weekly summary of security news, alerts and threats you need to know, to play safe on the Internet.

Defense in Depth, & You

Six months ago I reported that on average, it took Microsoft 13 days to fix a flaw or vulnerability in its most popular software products. Microsoft is now boasting that it took it almost 29 days to fix vulnerabilities last year. For Windows XP alone, it took 53 days on average, to fix a flaw. Go figure.

Still, this was a better performance than rival operating system makers Apple, Novell and Sun Microsystems, according to Microsoft.

What does this mean for the average home user? It simply means that YOU were at great risk for long periods of time. Your computer and information could have been (and perhaps were) compromised or stolen with ease, many times over. What is a person to do?

The best thing to do is maintain defense in depth, as I have long maintained. That means having anti-virus protection, a firewall, anti-spyware programs and blockers and a HOSTS file; AND keeping everything up to date without fail.

With these multiple layers of protection, it lessens your dependence on Windows to protect you, or on any other single program.

If one of these layers is weakened or penetrated for whatever reason, the other layers will probably protect you until the problem is fixed. This philosophy has proved its worth for years, and is never more essential than today.

Your Online Banking Security

I have never much liked online banking. I refuse to expose my bank accounts to the Internet, and to the hackers and criminals who prowl it. Now a security testing firm has found that online security at financial institutions in general is getting noticably worse.

NTA Monitor found 20% more vulnerabilities among banks and similar institutions, compared to last year. But in Britain, things improved a lot, with 32% of firms showing critical flaws, compared with 61% last year.

There were two common problems. First, buffer overflows could allow an attacker access to the server. Second, expired SSL Certificates, which if checked by the user would show an invalid certificate before they access the site.

NTA says more banks are feeling the pressure to have an online presence, and are perhaps jumping onto the Internet too quickly. It of course increases their exposure to online attacks.

Be careful when doing your online banking. Deal only with large, reputable institutions. Study the home page carefully, and familiarize yourself with the privacy and security policies of the bank. Make sure they guarantee refunds for unauthorized transactions.

Just before you sign in, check that you are on a page that begins with https://… and you see a little gold padlock in the lower right of your screen (upper right in IE7). This means the page and your information is encrypted, although this is not foolproof.

Then right-click a blank area of the page, and click Properties. Click Certificates, to see the firm’s SSL Certificate. Check the dates shown, to make sure it has not expired.

Credit Cards + Gas Stations = Risky Business

Beware if you pay for your gas fillup with a credit card. It seems the risk of data theft is very real, because of those point-of-sale (POS) terminals used to swipe the card.

The information from the magnetic stripe on the back of the card is collected and stored in the terminal. Knowledgeable criminals can access it to make duplicate cards and go on a spending spree. This in turn, can lead to identity theft. This actually happened to a friend of mine a while ago.

It should be noted quickly that you are usually not responsible for unauthorized charges to your card beyond the first $50. Most credit card companies will normally waive even that, if it is clear you are not involved in the fraud.

Visa, Mastercard and others are pressuring retailers to comply with new security standards that forbid the storing of the magnetic stripe data on the POS terminals. In the meantime, try paying cash at the pump. Check your credit card statement carefully as soon as it arrives. Better yet, go online a few times a month and check it.

Syd Tash is a noted security consultant and author of How to Protect Your
Computer Online - A Complete Guide. He has been keeping surfers safe since
the last century. For more free Daily Tips
and info to keep you safe online, visit http://mypcsecuritysite.com and bookmark it!

Tags: antispyware, antivirus, computer, protect, secure, security, spyware, virus, viruses, Windows

Share This

Related Posts

• Give Yourself Credit
• Consolidate Bills
• How to Avoid Credit Card Fraud
• Are You Crime Wise When It Comes To Atm Use?
• Dont Give In To The Temptation Of Store Cards