Sunday, 25 December 2011

Web Security Awareness Inspired

As a frequent traveller, going online has become universal for me. I expect Internet access wherever I am for whatever I need. However, when I am on the road, accessing the Internet can be challenging. Connections may be not only slower but also at greater risk, especially when connecting to public networks or using a public computer in the hotel. The key to using the Internet securely while travelling is to understand these additional risks, use caution, and be prepared.

One of the most effective ways you can protect yourself when travelling is to first take simple, preventive steps before you leave. If you are using a corporate image notebook, most of the following tasks are likely maintained by your IT desktop management, but nevertheless worth to check frequently by your own, in particular if this is your own device that is not managed by IT.
  • Ensure your laptop and smartphone operating systems and applications have the latest version reduce their vulnerability to attack (i.e. use “Windows Update” in your program list to check).
  • Make sure the firewall on your laptop is enabled. This helps prevent others from connecting to your laptop over the network. Check that your anti-virus software is up-to-date and in good working order (i.e. for both firewall and antivirus check the status icon in the taskbar).
  • Laptops and smartphones are targets for thieves and easy to lose - as we all know and always tell our customers. Enable automatic screenlock on your laptop and smartphone using a strong password or, at the very least, a PIN code.
  • If your laptop or smartphone has personal or confidential information stored on it, consider encrypting the information or your entire hard drive. Many organisations already deploy file- and/or whole disk encryption as part of their corporate images. If you are using your own device, consider software for file encryption and/or for whole disk encryption.
  • If you set an out-of-the-office message, identify a colleague as an alternate point of contact while you are gone. In addition, do not provide specific details about your trip. If possible, limit delivery of your out-of-the-office message to recipients within your organisation or to people already in your address book.
  • Make yourself familiar with the travel safety program of your organisation to see what special services it offers to us whilst travelling.

Always keep in mind that in a public network anyone has access, and your online activities can be monitored by others. In addition, malicious individuals may operate fake Wi-Fi networks that are designed to fool you into using them and potentially attack your system.

When possible, use a sponsored Wi-Fi network hosted by a legitimate organisation. Look for signs with the name of the Wi-Fi network displayed in the hotel lobby, airport terminal, or café. Using these sponsored networks is a better security bet than picking a public Wi-Fi network at random. In addition, when possible use encrypted Wi-Fi networks, and pay attention to the type of encryption. In order from best to worst, the common Wi-Fi encryption types are: WPA2, WPA, and WEP. Even with Wi-Fi encryption, your communications could still be intercepted by other users of the same Wi-Fi network

Take the additional precaution of using an encrypted data connection such as HTTPS or Virtual Private Network (VPN). An HTTPS browser session, usually indicated by the familiar padlock icon, encrypts the information you send over the Web. Many websites and online services allow you force that HTTPS encryption be used at all times.

If your organisation provides VPN access, always try to establish a VPN connection via the VPN client into the network of your organisation. A VPN connection ensures that all your online activities are encrypted and unreadable for those that are intercepting your communication.

Another option is to use your smartphone as a Wi-Fi access point – if you have data flat rate and if you are not roaming outside of your home mobile carrier country. If you have a smartphone, contact your service provider about using its +3G capabilities to set up a secure “tethered connection” or “personal Wi-Fi hotspot” for your laptop. In addition, your smartphone’s email and browser capabilities may be enough to meet your needs while on the road. If so, the security afforded by your smartphone’s mobile broadband connection is a better bet than public Wi-Fi.


There is no way for you to know who used a public computer before you. It may have been infected or otherwise compromised accidentally, or malware may have been planted on it deliberately. Any information you enter may be stolen by cybercriminals.

Limit your use of public computers to casual web browsing only, such as checking the weather, the status of your flight, or catching up on the news. If you have no choice but to use a public computer to make a transaction or to communicate sensitive information, you have to assume that any information and your login and password you used have been compromised. Keep track of the accounts you had to access and change your passwords immediately the next time you have access to a trusted computer and network.

I hope you find this information useful. If you want to learn more about how to establish a security awareness program within your organisation, please visit the Symantec Security Awareness Program website. This program helps you to train your employees to understand information security issues and behave in a manner that minimizes risks.


Monday, 19 December 2011

Fake Offers For Mobile Airtime Haunts Indian Users

Symantec is familiar with phishing sites which promote fake offers for mobile airtime. In December, 2011, the phishing sites which utilized these fake offers as bait have returned. The phishing sites were hosted with free web hosting.
When end users enter the phishing site, they receive a pop up message stating they can obtain a free recharge of Rs. 100:

Upon closing the pop up message, users would arrive at a phishing page which spoofs the Facebook login page. The contents of the page would be altered to make it look as though the social networking site was giving away free mobile airtime. A list of 12 popular mobile phone services from India would be displayed with their brand logos. Once the page completes loading, the theme songs for each of these mobile services play, one after the other.
This phishing page gives a long (fake) offer description. In the description, users are required to enter their login credentials to receive the free airtime offer. The description further states with pride that the site is the first ever to provide this offer and reminds it is always free for users. In reality, if users enter their credentials the phishing page will redirect to a legitimate web retailer selling online purchases of mobile airtime. The strategy behind bothering to redirect to such a site is to mislead users into believing that a valid login has taken place and avoid suspicion. If users do fall victim to these phishing sites, phishers will have successfully stolen their information for identity theft purposes.
Users should be careful. In the fake login below (in blue and purple text) you can see the claims of free airtime:

The URLs on the phishing page also contained text in them to further lead users to believe this social networking website has a relationship with online mobile airtime recharging. The examples:
hxxp://www.******.******.com/Facebook-rc/facebook2011.html  [Domain name removed]
hxxp://free-r3charg3.******.cc/facebook2011.html  [Domain name removed]
hxxp://free-rechargess.******.cc/recharge/1/3.php  [Domain name removed]
Here are a few best practices for Facebook users to combat these threats:
  • Use unique logins and passwords for each of the websites you use.
  • Check to see that you're logging in from a legitimate Facebook page with the domain.
  • Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • Become a fan of the Facebook Security Page for more updates on new threats as well as helpful information on how to protect yourself online.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.
Secure your Facebook Apps by Facebook Apps SSL


Tuesday, 13 December 2011

SSL Certificate and Cyber Security

This article provides plenty of information about Cyber Security and usefulness of SSL certificates to protect your ecommerce website. Know about how to protect Cyber Security & Online transaction(payment) with SSL Certificates.

Since last 20 to 25 years world is rapidly changed to cyber world. Cyber made all things fast and closest. Living miles away, people can see, speak, and live as sitting on coffee table. Cyber innovation changed the growth of world beyond imagination in last 25 years. When a computer was invented it was a giant and now people use it as notebook. Technology is developing rapidly with unmeasured growth.

A rapid growth of cyber required security and safety. People started talking online, shopping online, banking online even getting married online. Let’s talk about cyber security, many online shoppers, sellers and bankers were abused by Hackers (Kind of thieves). These thieves were major problem on cyber invention. People started feeling unsecure started avoiding online dealings. Innovation is on growth and did not want to stop or running back to zero. Technology gurus found key to secure online data and this key is SSL certificate.

What are hackers and hacking?

Hackers are thieves who try to gain un-authorized access to your computer via network or program. Stealing data from computer or network is called hacking. Like as thieves Hackers do not knock your door. They get un-authorized access and start stealing your personal data. You realize once see loose of data, money and everything

Who invented SSL certificate?

SSL certificates are developed on protocol SSL (Secure Socket Layer) by Netscape in 1994. Netscape used encryption and decryption technology to make data unreadable for hackers. Incase hackers steal encrypted data then even he can not read get correct data.

Later technology established SSL certificate standards and authorized few organizations to work as SSL certificate issuer. They are called SSL CA – Certificate Authorities. Few of them are VeriSign, GeoTrust, Thawte, Equifax, Entrust, Global Sign, RapidSSL, Comodo. All these CAs are authorized for issuing Web Trust certificates. SSL technology started supporting up to 256 bit encryption to secure online data.


As online shopper, seller or banker trust only SSL certificate website. Real merchants always used SSL certificate securing customer credit card details and private information. Do not get abused with good web designs and words, as scammers always use such scamming ideas. Trust only ssl certificate secured websites.
To know more about Different types of SSL Security Certificate visit

Source: cybernewsnetwork

Friday, 9 December 2011

Skype Security Flaw

The researchers found several properties of Skype that can track not only users' locations over time, but also their peer-to-peer (P2P) file-sharing activity, according to a summary of the findings on the NYU-Poly web site. Earlier this year, a German researcher found a cross-site scripting flaw in Skype that could allow someone to change an account password without the user's consent.

"Even when a user blocks callers or connects from behind a Network Address Translation (NAT) ­-- a common type of firewall ­-- it does not prevent the privacy risk," according to a release from NYU-Poly.

The research team tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and found that callers using VoIP systems can obtain the IP address of another user when establishing a call with that person. The caller can then use commercial geo-IP mapping services to determine the other user's location and Internet Service Provider (ISP).

The user can also initiate a Skype call, block some packets and quickly terminate the call to obtain an unsuspecting person's IP address without alerting them with ringing or pop-up windows. Users do not need to be on a contact list, and it can be done even when a user explicitly configures Skype to block calls from non-contacts.

This has always made me wonder why these programs have their own security policies. Can't it be possible for products such as skype, which millions of people use to connect to friends and family globaly, to work with dedicated secuirty software to stop any unwanted threats. For instance, both Xbox Live and the Playstation online network have been hit by fraudsters this year and stolen millions from unsuspecting users. So wouldn't working together be benificial for all parties, if the technology is already there why develop your own inferior product?

For more Information about security certificates visit

Source: symantec