Posts Tagged ‘social media blog’

Google: ‘Your computer appears to be infected’

Published by pratyushkp on July 22nd, 2011 - in Social, Technology

It’s only been a few weeks since the world’s web users woke up to discover a big black bar at the top of their Google search results (introduced when Google+ was launched).

Now, some users of Google search might start seeing something else close to the top of the world’s most famous home page.

The warning message reads:

Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this.

At first glance, you might be worried when you see this message and think you could be on the receiving end of a fake anti-virus attack.

After all, haven’t you been warned hundreds of times in the past to trust the anti-virus software you installed on your computer, not unexpected messages that pop up on websites you visit?

All is explained in a Google blog post, however.

Damian Menscher, a security engineer at Google, describes how he identified that infected computers were sending search traffic through proxies to the search engine. The intention of the cybercriminals behind the scheme was to modify the search results served up by Google to point to money-making pay-per-click sites instead.

In all, Google estimates that a couple of million Windows PCs may be affected around the world by the strain of malware they are hoping to warn users about. The firm says that it’s already been able to successfully warn “hundreds of thousands of users”.

Fortunately, although Google does not scan your hard drive when you search for things via google.com, it can detect the unique traffic signature from visiting infected PCs and make a pretty informed guess about your computer’s health in regard to this malware strain.

Google is hoping that the warning message will encourage users to update their anti-virus software, scan their computers and become more conscious of security issues.

I think what Google is doing should be applauded – anything which warns computer users about genuine malware threats has to be a good thing.

But, sadly and inevitably, there is the potential for cybercriminals to mimic the Google warning and direct users to dangerous downloads and scams. Of course, that isn’t a reason why Google shouldn’t warn their users, when it believes it has identified a security problem.

The danger is that many people may know what their own anti-virus software looks like when it displays a warning, but may be less familiar with how the Google warning presents itself, and where it links to.

Furthermore, Google points users to visit one of its webpages for further advice on how to fix the problem.

So, always be careful about what you search for, and the links you click on when trying to find anti-virus software.

No-one should be fooled into believing that Google’s initiative is any substitute for regular anti-virus software and sensible security practices. Google is attempting to alleviate a very specific malware issue that communicates with its infrastructure.

Google, you get my thumbs up for an imaginative idea that could help with a small part of the malware problem.

Source :- http://nakedsecurity.sophos.com

Related articles
  • Google: ‘Your computer appears to be infected’ (nakedsecurity.sophos.com)
  • Google senses proxy requests to warn users of malware infestation (arstechnica.com)
  • Malware Affecting Google Search in Windows OS (shoutmeloud.com)
  • Your Computer Appears To Be Infected, On Google Search (ghacks.net)
  • Google Warns Searchers Of Windows Malware Infection (informationweek.com)
  • Google Warning Virus Victims (newser.com)
Tags: AntiVirus, , , , , , Tobacco packaging warning messages, , , ,
No Comments »

7 Things Facebook Should Do To Increase Security

Published by pratyushkp on July 22nd, 2011 - in Social, Technology

Image via Wikipedia

Post from mashable authored by Eugene Kaspersky

Eugene Kaspersky is CEO of Kaspersky Lab, the company he co-founded in 1997, which is now the world’s largest, privately-held anti-malware company. You can follow him on Twitter @e_kaspersky and his blog at eugene.kaspersky.com.

For the past seven years we have seen how Facebook has dramatically changed the way people communicate while it has formed a new culture of online socializing.

For most people, Facebook has been about keeping in touch with friends and family in a totally new way. But for security researchers, such as myself, it has led to seven years of new challenges for the security industry. The main issue with social networking and security is that social networks are, well, social, and when the human mind gets involved, vulnerabilities can be exploited. I’m talking about human vulnerabilities, those against which it’s hard to defend.

Many Facebook users lack knowledge and experience about how to protect themselves in the social networking environment, which has made the situation worse. Facebook appeals to new Internet users who often lack the computer savvy to identify online threats, and the most vulnerable segment of the audience — kids — have little life experience required to make reasonable decisions.

Because of this, I believe Facebook needs to enhance the security and privacy features of its site so the problems don’t escalate out of control. With the help of my colleagues, here are seven key recommendations I believe will make Facebook a safer place:

1. Enforce Full HTTPS Browsing

This way, all users can make sure no one is snooping into their conversations, even if they’re browsing Facebook through an untrusted Internet connection. Additionally, it will render attack tools such as Firesheep completely useless.

I admire the fact that Facebook has enabled optional HTTPS browsing in its recent security features roll-out. However, I don’t think the option is clearly marked enough for most users to find and utilize it. Therefore, I feel that this feature should be made mandatory for everyone.

2. Implement Two-Factor Authentication

Banks are offering e-tokens to their customers to safely access their online banking accounts; but in a world where social networking sites are becoming more and more important to what we do online, users should also have the same technology available for protecting their Facebook accounts.

This option should be enforced and mandatory, otherwise it may easily be lost in the depth of account settings. Following Facebook’s initiative to send verification codes via SMS, I suggest the company develop a mobile application that will generate a one-time password in addition to the master password. This way, an attacker would have to compromise not one, but two devices to access a Facebook account. This is not an easy task even for an experienced hacker.

3. Make Clear Which Facebook Apps Are Trusted

Malicious Facebook apps are being analyzed and reported by researchers on a daily basis. Facebook needs to perform a thorough security check and approve all incoming applications to make sure no malicious app makes its way onto a user’s profile.

At the very least, allow users to add a list of trusted/approved applications to his or her profile. If the person wants to use an application that is not trusted, they should be able to run it in some sort of “profile sandbox,” so that any malicious activity would not affect their friends and family.

4. Tighten the “Recommended” Privacy Controls

Currently, Facebook’s recommended privacy settings easily allow for an attacker to become the friend of a friend of a target, and consequently to access data needed to reset a password for an email account, or to misuse other personal information. Why does Facebook allow “everyone” to access status, photos, posts, bio, favorite quotes and family and relationships by default?

In the security market we follow a simple rule that works: “Disable everything, then enable the things you really need.” If Facebooks wants to take steps to actually make its site safer, the default setting should make personal information visible only to friends. Allow the users to decide later whether they want to change their data exposure.

5. Make Permanent Account Deletion Easier

Permanently deleting a Facebook account should … permanently delete the account. Respect the user’s will to entirely wipe out his presence on Facebook, without worrying that some materials have been left available on the Internet, and make permanent account deletion a simpler process that doesn’t require a special request to Facebook customer support.

6. Commit to Parental Controls

Allow parents to set up limited-access accounts for their children, as sub-accounts under their own Facebook presences. The limited sub-accounts could automatically be turned into full-access accounts once children reach the age of consent.

My colleagues and I support initiatives to protect users under 18, as expressed in California’s SB242, which extends the opportunities for parents to control their children’s social media accounts.

7. Better Educate Users

I value Facebook’s commitment to educate users about security and privacy in social networks, including the initiative to set up dedicated Pages to these topics (Facebook Safety, Facebook Security and Facebook Privacy). However, no matter what sort of protection surrounds Facebook users, those privacy features will remain useless should users lack the awareness.

For this reason, I recommend extending the practice by introducing more opportunities for user education. A good example would be to launch daily webinars that cover the most important aspects of Facebook security in the clearest and simplest way possible for the general public.

It is also the belief of myself and my colleagues that a closer interaction with security vendors will assist in building a stronger community to bolster critical Facebook initiatives and allow for more informed decisions. An advisory board consisting of the most authoritative experts in the security community, and regular summits to review past and future initiatives could bring additional value to the development of a safer Facebook.

These are seven realistic, doable and actionable steps that can dramatically increase the safety and privacy of Facebook’s users. Of course, no technology can guarantee 100% security as long as the human factor is involved. Still, Facebook can and should do everything it can to protect its users and keep them safe.

Related articles
  • 7 Things Facebook Should Do To Increase Security [OPINION] (mashable.com)
  • Bitdefender Steps Up Against Social Network Spam, Releases New Security Suite (readwriteweb.com)
  • Facebook will throw you under the bus (secforall.info)
  • Google+: How Paranoid Are You About Privacy? (thechromesource.com)
  • Oz lawmakers mull Facebook parental snoop rules (go.theregister.com)
  • Google and Facebook splurge on lobbying in Q2 (digitaltrends.com)
Tags: , , HTTP Secure, , Kaspersky Lab, Online banking, , , , Two-factor authentication, Yevgeny Kaspersky
No Comments »
© Social Media Blog

Ad Plugin made by Free Wordpress Themes