Change passwords on LinkedIn Now

If you have a LinkedIn account, now's a good time to change your password. Up to 6.5 million user accounts and encrypted passwords have reportedly been leaked and posted to a Russian hacker site.
LinkedIn hasn't confirmed the passwords have been stolen, but did confirm on its Twitter account they're looking into it. The leak comes off the news that LinkedIn's mobile apps transmit personal data, including meeting notes and calendar info in plain text. Regardless of whether the leak is confirmed or not, it's a good time to change your password. To do so, go straight to the LinkedIn Change Password page (you'll need to be logged in), enter a new, secure password, and click Change Password.
   LinkedIn has confirmed that some of the compromised passwords are LinkedIn accounts. If your password was compromised your account password has already been made invalid and you'll receive an email with instructions for how to reset your password (you can also double-check here: LeakedIn). If you use the same password and email address for other websites as you did with LinkedIn make sure you change those as well.

Read More

After Zappos hack, how to protect yourself online

Another week, another computer security breach. Hackers broke into a Zappos server in Kentucky Sunday night, giving them access to personal records of 24 million Zappos customers -- which means if you've ever used the site, you're probably a victim too.
Actually, if you've ever been online, the chances are pretty good that some malevolent person has captured personal information about you and tried to break into your personal computer or credit card account.malware security.malware 
Although the criminals were after more than your shoe size, they apparently did not get full credit card numbers, but an investigation is underway. More disturbing, Zappos is owned by Amazon, which demonstrates that even the biggest online players are vulnerable to attack.malware .malware 
So what can you do to protect yourself? Here are some important reminders:
Use a Tough Password: Yes, we're always being reminded not to use the name of our pet snake or favorite fast food as a password, but who can remember 50 different passwords for all those Web sites that require registration? The best advice is to rotate through a series of passwords, changing them on a regular basis. But most important of all is to create one really difficult password and use it only for your e-mail account. malware .malware 
The reason is that many sites check password changes or send account access confirmations to e-mail accounts. If a hacker has access to your e-mail, he'll basically have access to everything from your bank account to your Amazon shopping cart. To make your e-mail password tough to crack use a mix of letters and numbers that's at least 8 characters long. And, no, combining Fluffy's name with your birthday does not count.malware .malware 
Get a Credit Report: You're entitled to get at least one free credit report a year, which will tell you if someone has opened a spurious credit card or loan in your name.[security]. You can also get a free report in many states if you've recently been turned down for a job (and who hasn't been rejected in this economy?[security].).[security]. These reports are absolutely free, so don't fall for that ad campaign that offers "free" reports but actually makes you pay. Just contact one of the three reporting companies--Equifax, Experian, or TransUnion -- yourself and get a truly free report. Better yet, put an annual reminder in your calendar so you don't forget next year.malware 
Update Your Software: Several recent online security studies report that over 90 percent of successful malware and hacking attacks are the result of consumers using old software. You don't have to buy new software to stem the threat. All you have to do is install the free updates. The reason is that most of these updates include security patches for known holes that hackers use to access systems. Patching all your programs can be about as much fun as white-knuckling it through a snow storm. Fortunately, hackers mainly target four popular programs, which you should update regularly: Java, Adobe Acrobat, Adobe Flash, and Microsoft's Internet Explorer.malware [security].
Get An Anti-virus Shot: It's true that if you're really careful, never use a social networking site, and never open a video or e-mail online, you can avoid viruses. The rest of us should use some sort of anti-virus software. There are free programs from reputable firms such as Avast and Bitdefender. Use one of their offerings.[security].
Don't Click That E-mail: Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such "official" e-mails are from hackers (for example, "We've had a security problem. Please change your password.[security]."). These fraudulent e-mails can be virtually indistinguishable from legitimate missives, including identical graphics, logos, and authentic looking return e-mail addresses.[security]. I recommend never clicking on links in such e-mails. Instead, open a separate browser window and go directly to, say, your bank's official site. If there's a important notice, you'll find it there.malware security.[security].
shttp://www.foxnews.com/scitech/2012/01/16/zappos-zapped-hackers-steal-info-from-24-millionusers/?intcmp=related

Read More

Latest computer security threat

Latest 10 virus alerts
1 Troj/Mdrop-DKE
2 Troj/Sasfis-O
3 Troj/Keygen-FU
4 Troj/Zbot-AOY
5 Troj/Zbot-AOW
6 W32/Womble-E
7 Troj/VB-FGD
8 Troj/FakeAV-DFF
9 Troj/SWFLdr-W
10 W32/RorpiaMem-A

Top 10 viruses in October 2011

1 Troj/Invo-Zip

2 W32/Netsky

3 Mal/EncPk-EI

4 Troj/Pushdo-Gen

5 Troj/Agent-HFU

6 Mal/Iframe-E

7 Troj/Mdrop-BTV

8 Troj/Mdrop-BUF

9 Troj/Agent-HFZ

10 Troj/Agent-HGT

Top 10 virus hoaxes
1 Hotmail hoax
2 Budweiser frogs screensaver
3 Bonsai kitten
4 Olympic torch
5 MSN is closing down
6 A virtual card for you
7 Meninas da Playboy
8 Bill Gates fortune
9 JDBGMGR
10 Justice for Jamie

Read More

How to Get Rid of a Computer Virus

Computer viruses come in many forms and can cause various kinds of damage to your system. Fortunately, most viruses are easily dealt with and effective methods for eliminating them are often developed as soon as the viruses are discovered. If you think your computer may be infected, take any necessary steps to clear your system and avoid infecting other computers.
Instructions
1.Visit your virus-scan software manufacturer's Web site and install any virus updates that are available. Then run the software. The software may not be able to delete the virus, but it may be able to identify it.
2.Search the Web for information regarding your specific virus by typing the name of the virus or its associated file into a search engine followed by the word "virus." For example, "Melissa virus," "BubbleBoy virus," etc.
3.Download and install any patches or other programs that will help you eliminate the virus. Or follow any instructions you find on deleting the virus manually.
4.Run another virus scan to make sure the virus has been dealt with properly.
Tips & Warnings
If you think your computer was affected with an e-mail virus that mails itself to people in your e-mail address book, contact those people and tell them not to open the messages or attachments.


-Web based email usually has built in virus scanning so viruses never reach your machine.


-Generally, deleting the file that caused the virus isn't sufficient to eliminate the problem, since many viruses can create new files or corrupt existing files. Your best bet is to use anti-virus software or specific online instructions.


-Avoid sending out any e-mails until you have properly eliminated the virus. Many viruses can attach themselves to outgoing messages without your knowledge, causing you to unwittingly infect the computers of your friends and colleagues

Read More

Denial Of Service (DoS) Attacks

A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-

1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it's commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.

2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)
When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.

3) SYN - Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems' memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.

4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.

5) Smurf Attack :- There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.
Smurf Attack Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services.

6) UDP - Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

Read More

How Computer Viruses / Malware Attack?

Computer users are facing all sorts of security threats these days, computer viruses, computer worms, hackers, phishing, spyware.  Almost every computer is challenged by more than one type of malicious attack each day.  Knowing how these malicious programs spread and work can help you avoid potential damage to your computer.
How Malware Attack

Computer viruses, worms, and Trojan horses are collectively known as malware.  They spread on the internet via email, instant messages and file sharing.  Computer viruses need a host program to run whereas computer worms are self-contained.  Both can replicate and spread in enormous rate over the internet.

Computer viruses usually cause damage to boot sector, system BIOS, software or data files.  Your system may fail to start, legitimate programs cannot run and data files are lost or corrupted.

Computer worms are usually designed to spread automatically via email program, causing major disruption of internet traffic.  Some worms can create back door to allow authorized access to your computer.

Trojan horses usually do not replicate, they appear as some innocent programs, such as free games or free screensavers.  This tricks you into downloading and running the Trojan horse.  Trojan horses can open a back door, disable antivirus program and allow the download of other malware.
How Hackers Attack

Hackers are computer users who explore networks and computers, looking for vulnerabilities and infiltrate your system without your knowledge and permission. Some people argue that hackers may not have malicious intent, they are just curious about how computer network works.  Nevertheless, unauthorized access to someone’s computer or network is not a moral act.

Malicious hackers gain access to your computer via different ways.  For examples, hackers may use keystroke logger to record your every stroke, giving them enough information to infiltrate your system.  They may hack your password by generating different combinations of numbers, letters and symbols.  Hackers also search for unprotected network or enter your system via a back door installed previously by other malware.
How Spyware Attack

Spyware are usually downloaded from web sites, email messages, instant messages or file sharing network.  Some legitimate programs may install spyware in your computer when you accept the End User License Agreement.  Spyware does exactly what its name suggests: it spies on you by collecting personal or sensitive information or tracking your browsing and shopping habit.  Some spyware programs can change your web browser's home page or install additional components to your browser without your consent.

Spyware can result in identity theft, computer slowdown and slow internet access.  Spyware should not be confused with adware.  Adware is a program that displays advertisements, usually in the form of pop up ads.  Strictly speaking, adware is not spyware if no personal information and browsing habit is collected.  It is a way for some software developers to reimburse their development cost by providing freeware to their customers.
How Spam Attack

Email spam is the electronic form of junk mail.  Most spam messages are unsolicited advertising sent to a large number of recipients.  Spam messages are not only annoying, some of them are dangerous.  Some spam messages are used to deliver Trojan horses, viruses, spyware or links to offensive web sites with inappropriate content.

A new form of spam message is used to launch phishing attack.  Phishers, pretending to be legitimate companies such as banks, financial institutes, PayPal, send out spam messages to a large number of recipients.  They usually use scare tactic and ask you to update your personal information (login ID and password, account information, etc) immediately or your account will be suspended.  Once you click on the link provided in the spam messages, you would land on phish sites which look remarkably similar to the legitimate company web sites where the phishers will steal your personal information.

Now that you know how malware, spyware, hackers and spam attack your computer, you can be more proactive in your defense.  Be careful of free download, free scan, email attachment, file sharing and don’t click on the hyperlink of spam messages.  Read the End User agreement carefully when you install any software.  Keep track of unusual inbound and outbound internet activities.  If you do all of these and install an all-in-one internet security program (antivirus, antispyware, firewall, spam control), you should be pretty safe from these malicious attacks.

Read More