Mozilla just released Firefox 15. Your machines may update themselves to this the next time you start your computer or browser. The initial v15 release has turned off viewing PDF's inside the browser. A well respected blogger over at Groovy Post wrote up an illustrated guide to help fix this.
Groovy Post recently explained how to enable this feature.
Many machines will request updates for Adobe Reader and Foxit Reader, but if you haven't seen these requests on your machine for a while, run these updates now.
Update Adobe
When you do so you will have to close Firefox and Internet explorer as well as all instances of the PDF software.
The best update option is to open the reader and pull down Help from the top, and choose Update. In this case, it will ask you to close Firefox as well as the Main Adobe Reader window. Adobe it will automatically reach out and look for the proper update.
Update Foxit Reader
In Firefox, go to this website and at the bottom of the page in yellow, download the latest version of their software. NOTE: BE SURE to UNCHECK the Chrome Browser / Ask Toolbar update.
The reasoning for this flurry of Firefox updates - as well as the
constant Adobe Flash and Reader update requests - is the entire hacking cyber-crime world has figured out ways to take advantage of machines
that are not updated. These criminals attempt to get into your machine
before you update them. This doesn't happen in a matter of months or
weeks, but minutes. As soon as the hacking community discovers a way to
break an older version of these software, they distribute these
infections through any way possible. SPAM emails, Facebook photos
viewing, Google search results, email attachments from people that we
know.
These hackers are now motivated by gigantic profits.
Read the first paragraph of any of these articles to realize how bad this is:
Forbes Russia's Million Dollar Hacker
Blog Infosecisland Russian Cybercrime: Not Just A Localized Threat
SC Magazine's Russian Cyber Crime Market More Organized, Lucrative
Ars Technica Russian National Charged with $1.4Million Hacking Scam
It may be impossible to get a full grasp of everything that is happening in the computer security industry, but a quick glimpse explains that it is very powerful and requires careful consideration of all information maintained on your computer - from daily active security to total secure cloud system backups.
Showing posts with label computer security. Show all posts
Showing posts with label computer security. Show all posts
Friday, August 31, 2012
Thursday, December 8, 2011
An excellent blog post "The Top 10 countries with the most malicious networks" over at CountryIPBlocks has re-analyzed this list of data with interesting statistics. This original list claims the US is the biggest offender of malicious networks. This list was sorted by order of the countries with the largest NUMBER OF SPAM EMAILS.
Unfortunately, these results are skewed by not explaining that there is a greater per capita incidence of Intnet connected individuals. The brilliant people at CountryIPBlocks.net discovered that the ratio of NUMBER OF INFECTED NETWORKS to THE AMOUNT OF SPAM is probably the more accurate consideration. That re-adjusted Top 10 list looks like this:
- United States
- China
- Russia
- United Kingdom
- Germany
- Japan
- Brazil
- Romania
- Ukraine
- Turkey
Unfortunately, these results are skewed by not explaining that there is a greater per capita incidence of Intnet connected individuals. The brilliant people at CountryIPBlocks.net discovered that the ratio of NUMBER OF INFECTED NETWORKS to THE AMOUNT OF SPAM is probably the more accurate consideration. That re-adjusted Top 10 list looks like this:
Here are the results based on percentage of infected networks:
- Brazil 89%
- Turkey 54%
- Romania 39%
- China 32%
- Russia 11%
- United Kingdom 11%
- Japan 10%
- Ukraine 9%
- Germany 6%
- United States 6%
Tuesday, December 6, 2011
Password Checker Sites - Use these!
A recent popular Trojan that took account passwords from a famous technical blog site, Gawker.com has been a focus of geek attention.
The UK paper called The Telegraph also wrote about the 25 weakest passwords in use today. These accounts at Gawker were broken into because of weak passwords.
Hackers have been showing more and more interest in breaking into web accounts like Gmail, Hotmail.com, Comcast.net, Live.com, Twitter.com, Ffacebook.com, etc.
While Gmail has released something called 2 step verification as an EXCELLENT option for your Google Account, most other sites are still not doing this.
For a sanity check there are some reliable and trustworthy web sites you can use to test your existing passwords; to see how strong they are. These great sites let you know if your password is strong enough for today's web:
Microsoft Password Strength CheckerFor creating a very complicated password, consider using Steve Gibson’s Password Generator Webpage
How Secure Is My Password?
The Password Meter
WolframAlpha
our favorite Steve Gibson Password Haystack Webpage
This is so importnat that we have now published this on both blogs.
- credits to lifehacker.com and grc.com !
Wednesday, February 4, 2009
Menlo Technical Blog II
As the computer security industry grows and more people have sophisticated computers in the most remote places on Earth, street scams and gimmicks common place to other cities and countries are brought inside an average computer user's home and inside a corporate network.
Sophisticated programs can jump onto a home or corporate laptop and report back to their makers on user names and passwords used by people to websites like banking and brokerage accounts. More than simply logging these user names and passwords, the programs can monitor and track what is displayed by bank websites. They use not-so-sophisticated means of triggering computer users to gain access to this information; something as simple as designing an email that makes a person THINK they have to log in to a common website - like Facebook or Chase Bank - yet the link is a fake but almost indistinguishable from the official website.
Corporate (aka Enterprise) computer users need to re-adjust their thinking to believe potentially everyone is a suspicious character, not just those outside of their 'circle of friends'.
Human interaction has many security features taken for granted that is used each and every day. Features such as:
-the exact tone of a person's voice,
-the precise image of a person,
-their movements and body language,
-the language phrasing,
-smell of another person.
All of these are kinds of authentication reminders that are taken for granted when interacting with people day to day.
While socializing online we are blind to these physical world security features built into our daily interactions. We use something like a "friend authentication" but accommodate for the online world restrictions. We allow for a certain flexibility when we don't have physical visual queues, like slightly strange behavior in what is written by people we know. To complicate this matter, instead of a familiar and live one-on-one interaction, many times it is one-to-many missing many of the common queues we use to socialize with a person - like personal jokes, movements and gesticulations. Many times, an email is written to more than one person, a blog post written for many to read, a Facebook wall posting to an audience, or a tumblr link or twitter post. The familiar tone which people speak to relatives and in-laws maybe alarmingly strange to a friend. Everyone has a slightly different level of humor and communication with each of their various friends, especially in social media.
When a program is designed by a hacker, it usually tries to 'play' in that socialization realm of unfamiliar behaviors. Presenting a plea or request pretending to be a person they are not, they use a kind of 'hook' to snag people emotionally into their scam.
Each aspect of online life and technology is leveraged differently, by different hackers. Mostly hackers are using social engineering to gain access to an important piece of your identity that gives them access to all of your personal information and family money institutions.
Hackers socially engineer through such means as:
-fake email notifications of a purchase with a confirmation link
-a fake UPS or US Post Office email that installs a fake virus that claims to be an anti-virus program
-notifications of a Facebook account update
-a free fun video game for a child or gambling site for bored person that requires a small installation of a program with hidden components that captures your keyboard use
-a link in an email or webpage to update information, that injects a program into the computer to track keyboard movements
-a .pdf file that is attached to an email, from a friend or contact who had their email or address book accessed by an rogue program
These are ONLY SOME examples of the mechanics of a scam; to make people secure in a relationship and then use this trusted relationship within a context that makes you vulnerable. These scams mostly are trying to hook people by relating to issues based around love, pain, politics or money - and use this hook as a means to distract while hiding their real intent.
As a information technology security firm, our goal is to secure corporate networks, help enterprises design reliable backup plans, and make everyone more aware of the types of Internet and computer attacks that threaten enterprise intellectual property.
This blog - as well as our other Menlo Technical Word Press Blog - will be used by Menlo Technology Consulting to announce products, services and current trends in Information Technology Security.
Subscribe to:
Posts (Atom)