Info Netz is aware of public reports of a new cross-browser exploit technique called "Clickjacking." According to one of the reports, Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a web page, they may actually be clicking on content from another page. A separate report indicates that this flaw affects most web browsers and that no fix is available; but that disabling browser scripting and plug-ins may help mitigate some of the risks.
An additional report suggests that Firefox users consider using the NoScript plug-in as an added preventative measure. Disabling IFRAMEs by default, as outlined in the Securing Your Web Browser document (will be posted soon), is reported to protect against the vulnerability.
Info Netz encourages users to review the report and follow the security recommendations as described in the Securing Your Web Browser ( will be posted soon) document to help mitigate some of the risks.
Info Netz will provide additional information as it becomes available.
Search me
Custom Search
Monday, September 29, 2008
Multiple Web Browsers Affected by Clickjacking
Thursday, September 25, 2008
Mozilla Releases Firefox 3.0.2
Mozilla has released Firefox 3.0.2 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, enabling cross-site scripting, privilege escalation, information disclosure, and denial of service. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird and SeaMonkey.
I encourage users to do the following to help mitigate the risks:
- Review the Mozilla Foundation Security Advisories.
- Update to Firefox 3.0.2.
Saturday, September 20, 2008
Protecting Portable Devices: Data Security
Why do you need another layer of protection?
Although there are ways to physically protect your laptop, PDA, or other portable device, there is no guarantee that it won't be stolen. After all, as the name suggests, portable devices are designed to be easily transported. The theft itself is, at the very least, frustrating, inconvenient, and unnerving, but the exposure of information on the device could have serious consequences. Also, remember that any devices that are connected to the internet, especially if it is a wireless connection, are also susceptible to network attacks.
What can you do?
- Use passwords correctly - In the process of getting to the information on your portable device, you probably encounter multiple prompts for passwords. Take advantage of this security. Don't choose options that allow your computer to remember passwords, don't choose passwords that thieves could easily guess, use different passwords for different programs, and take advantage of additional authentication methods.
- Consider storing important data separately - There are many forms of storage media, including floppy disks, zip disks, CDs, DVDs, and removable flash drives (also known as USB drives or thumb drives). By saving your data on removable media and keeping it in a different location (e.g., in your suitcase instead of your laptop bag), you can protect your data even if your laptop is stolen. You should make sure to secure the location where you keep your data to prevent easy access.
- Encrypt files - By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
- Install and maintain anti-virus software - Protect laptops and PDAs from viruses the same way you protect your desktop computer. Make sure to keep your virus definitions up to date.
- Install and maintain a firewall - While always important for restricting traffic coming into and leaving your computer, firewalls are especially important if you are travelling and utilizing different networks. Firewalls can help prevent outsiders from gaining unwanted access.
- Back up your data - Make sure to back up any data you have on your computer onto a CD-ROM, DVD-ROM, or network. Not only will this ensure that you will still have access to the information if your device is stolen, but it could help you identify exactly which information a thief may be able to access. You may be able to take measures to reduce the amount of damage that exposure could cause.
Multiple DNS implementations vulnerable to cache poisoning
Systems Affected
Systems implementing:
- Caching DNS resolvers
- DNS stub resolvers
Affected systems include both client and server systems, and any other networked systems that include this functionality.
Overview
Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Effective attack techniques against these vulnerabilities have been demonstrated.
I. Description
DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. The general concept has been known for some time, and a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning have previously been identified and described in public literature.
Recent research into these and other related vulnerabilities has produced extremely effective exploitation methods to achieve cache poisoning. Tools and techniques have been developed that can reliably poison a domain of the attacker's choosing on most current implementations. As a result, the consensus of DNS software implementers is to implement source port randomization in their resolvers as mitigation.
II. Impact
An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.
III. Solution
Apply a patch from your vendor
Patches have been released by a number of vendors to implement source port randomization in the nameserver. This change significantly reduces the practicality of cache poisoning attacks.
As mentioned above, stub resolvers are also vulnerable to these attacks. Stub resolvers that will issue queries in response to attacker behaviour, and may receive packets from an attacker, should be patched. System administrators should be alert for patches to client operating systems that implement port randomization in the stub resolver.
Workarounds
Restrict access
Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion. Note that restricting access will still allow attackers with access to authorized hosts to exploit this vulnerability.
Filter traffic at network perimeters
Because the ability to spoof IP addresses is necessary to conduct these attacks, administrators should take care to filter spoofed addresses at the network perimeter. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.
Run a local DNS cache
In lieu of strong port randomization characteristics in a stub resolver, administrators can protect their systems by using local caching full-service resolvers, both on the client systems and on servers that are topologically close on the network to the client systems. This should be done in conjunction with the network segmentation and filtering strategies mentioned above.
Disable recursion
Disable recursion on any nameserver responding to DNS requests made by untrusted systems.
Friday, September 19, 2008
Protecting Portable Devices: Physical Security
What is at risk?
Only you can determine what is actually at risk. If a thief steals your laptop or PDA, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or PDA, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.
Sensitive corporate information or customer account information should not be accessed by unauthorized people. You've probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn't any sensitive corporate information on your laptop or PDA, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.
How can you protect your laptop or PDA?
Password-protect your computer - Make sure that you have to enter a password to log in to your.
Keep your laptop or PDA with you at all times - When traveling, keep your laptop with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Downplay your laptop or PDA - There is no need to advertise to thieves that you have a laptop or PDA. Avoid using your portable device in public areas, and consider non-traditional bags for carrying your laptop.
Consider an alarm or lock - Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
Back up your files - If your portable device is stolen, it's bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location. Not only will you still be able to access the information, but you'll be able to identify and report exactly what information is at risk.
What can you do if your laptop or PDA is lost or stolen?
Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.
Only you can determine what is actually at risk. If a thief steals your laptop or PDA, the most obvious loss is the machine itself. However, if the thief is able to access the information on the computer or PDA, all of the information stored on the device is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.
Sensitive corporate information or customer account information should not be accessed by unauthorized people. You've probably heard news stories about organizations panicking because laptops with confidential information on them have been lost or stolen. But even if there isn't any sensitive corporate information on your laptop or PDA, think of the other information at risk: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.
How can you protect your laptop or PDA?
Password-protect your computer - Make sure that you have to enter a password to log in to your.
Keep your laptop or PDA with you at all times - When traveling, keep your laptop with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.
Downplay your laptop or PDA - There is no need to advertise to thieves that you have a laptop or PDA. Avoid using your portable device in public areas, and consider non-traditional bags for carrying your laptop.
Consider an alarm or lock - Many companies sell alarms or locks that you can use to protect or secure your laptop. If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
Back up your files - If your portable device is stolen, it's bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location. Not only will you still be able to access the information, but you'll be able to identify and report exactly what information is at risk.
What can you do if your laptop or PDA is lost or stolen?
Report the loss or theft to the appropriate authorities. These parties may include representatives from law enforcement agencies, as well as hotel or conference staff. If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.
Thursday, September 18, 2008
Fake Antivirus Software Circulating
HACKING-TECHNOLOGY is aware of public reports indicating an increase in the instances of fake antivirus software circulating. These software applications are malicious code, not legitimate antivirus applications. These instances of malicious code are noted as being distributed through spam email messages containing malicious links, instant messages containing malicious links, private messages on social networking sites, infection from other malware, and from visiting compromised websites. Quite often, this malware attempts to convince users that there is something wrong with their systems. This leads to an attempt persuade the users into purchasing an illegitimate antivirus application. If the user purchases the bogus software, the attacker may be able to obtain personal and credit card information for use in additional scams and fraudulent activity.
HACKINGTECHNOLOGY encourages users to perform the following preventative measures to help mitigate the risks:
1) Install legitimate antivirus software from a trusted vendor, and keep its virus signature files up-to-date.
2) Do not follow unsolicited web links found in email messages or instant messages.
3) Use caution when visiting untrusted websites.
4) Do not install untrusted software.
HACKINGTECHNOLOGY encourages users to perform the following preventative measures to help mitigate the risks:
1) Install legitimate antivirus software from a trusted vendor, and keep its virus signature files up-to-date.
2) Do not follow unsolicited web links found in email messages or instant messages.
3) Use caution when visiting untrusted websites.
4) Do not install untrusted software.
Saturday, September 6, 2008
Google Chrome Download Vulnerability
We are aware of a vulnerability that affects the Google Chrome web browser. This vulnerability is due to a default configuration that allows files to be downloaded without prompting the user. In addition, downloaded files can be opened with a single click, which could allow a user to inadvertently open a malicious file.
We encourage users to enable the "Ask where to save each file before downloading" option within the "Minor Tweaks" tab in the browser preferences. Although this does not fix the underlying vulnerability, selecting this option will warn the user before files are downloaded. Users should still exercise caution when visiting and downloading items from untrusted websites.
Thursday, September 4, 2008
Understanding Your Computer: Operating Systems
What is an operating system?
An operating system (OS) is the main program on a computer. It performs a variety of functions, including
- determining what types of software you can install
- coordinating the applications running on the computer at any given time
- making sure that individual pieces of hardware, such as printers, keyboards, and disk drives, all communicate properly
- allowing applications such as word processors, email clients, and web browsers to perform tasks on the system (e.g., drawing windows on the screen, opening files, communicating on a network) and utilize other system resources (e.g., printers, disk drives)
- reporting error messages
The OS also determines how you see information and perform tasks. Some operating systems use a graphical user interface (GUI), which presents information through pictures (icons, buttons, dialog boxes, etc.) as well as words. Other operating systems can rely solely on text.
How do you choose an operating system?
In very simplistic terms, when you choose to buy a computer, you are usually also choosing an operating system. Although you may change it, vendors typically ship computers with a particular operating system. There are multiple operating systems, each with different features and benefits, but the following three are the most common:
- Windows - Windows, with versions including Windows Me, Windows 2000, and Windows XP, is the most common operating system for home users. It is produced by Microsoft and is typically included on machines purchased in electronics stores or from vendors such as Dell or Gateway. The Windows OS uses a GUI, which many users find more appealing and easier to use than text-based interfaces.
- Mac OS X - Produced by Apple, Mac OS X is the operating system used on Macintosh computers. With the exception of a different GUI, it is similar to the Windows interface in the way it operates.
- Linux and other UNIX-derived operating systems - Linux and other systems derived from the UNIX operating system are frequently used for specialized workstations and servers, such as web and email servers. Because they are often more difficult for general users or require specialized knowledge and skills to operate, they are not very popular with home users. However, as they continue to develop and become easier to use, they may become more popular on typical home user systems.
Understanding Your Computer: Email Clients
How do email clients work?
Every email address has two basic parts: the user name and the domain name. When you are sending email to someone else, your domain's server has to communicate with your recipient's domain server.
For example, let's assume that your email address is johndoe@example.com, and the person you are contacting is at janesmith@anotherexample.org. In very basic terms, after you hit send, the server hosting your domain (example.com) looks at the email address and then contacts the server hosting the recipient's domain (anotherexample.org) to let it know that it has a message for someone at that domain. Once the connection has been established, the server hosting the recipient's domain (anotherexample.org) then looks at the user name of the email address and routes the message to that account.
How many email clients are there?
There are many different email clients and services, each with its own interface. Some are web-based, some are stand-alone graphics-based, and some are text-based. The following are some well-known email programs:
Web-based
*Hotmail
*Yahoo! Mail
*Gmail
Stand-alone graphics-based
*Outlook and Outlook Express
*Thunderbird
*Pegasus
Text-based
*Pine
How do you choose an email client?
There is usually an email client included with the installation of your operating system, but many other alternatives are available. Be wary of "home-brewed" software, because it may not be as secure or reliable as software that is tested and actively maintained. Some of the factors to consider when deciding which email client best suits your needs include
security - Do you feel that your email program offers you the level of security you want for sending, receiving, and reading email messages? How does it handle attachments (see Using Caution with Email Attachments for more information)? If you are dealing with sensitive information, do you have the option of sending and receiving signed and/or encrypted messages?
privacy - If you are using a web-based service, have you read its privacy policy? Do you know what information is being collected and who has access to it? Are there options for filtering spam?
functionality - Does the software send, receive, and interpret email messages appropriately?
reliability - For web-based services, is the server reliable, or is your email frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons?
availability - Do you need to be able to access your account from any computer?
ease of use - Are the menus and options easy to understand and use?
visual appeal - Do you find the interface appealing?
Each email client may have a different way of organizing drafted, sent, saved, and deleted mail. Familiarize yourself with the software so that you can find and store messages easily, and so that you don't unintentionally lose messages. Once you have chosen the software you want to use for your email, protect yourself and your contacts by following good security practices.
Can you have use more than one email client?
You can have more than one email client, although you may have issues with compatibility. Some email accounts, such as those issued through your internet service provider (ISP) or place of employment, are only accessible from a computer that has appropriate privileges and settings for you to access that account. You can use any stand-alone email client to read those messages, but if you have more than one client installed on your machine, you should choose one as your default. When you click an email link in a browser or email message, your computer will open that default email client that you chose.
Most vendors give you the option to download their email software directly from their web sites. Make sure to verify the authenticity of the site before downloading any files, and follow other good security practices, like using a firewall and keeping anti-virus software up to date, to further minimize risk.
You can also maintain free email accounts through browser-based email clients (e.g., Yahoo!, Hotmail, Gmail) that you can access from any computer. Because these accounts are maintained directly on the vendors' servers, they don't interfere with other email accounts.
Tuesday, September 2, 2008
Google takes on Microsoft with new browser
Google opened up another front in its battle with Microsoft last night, with the surprise launch of a new web browser to add to its growing list of applications.
The search giant said Chrome had been created to better handle interactive applications and resource-hungry web pages such as video clips and online games. It is also less likely to crash, it claimed.
A test version of the browser will be available for download later today.
Analysts said Chrome, which was announced at the same time as new YouTube-like video communications services from Google, could take market share from Microsoft's Internet Explorer, as well as other browsers such as Opera and Firefox.
Details of Chrome were rushed out last night after someone at Google accidentally sent a comic book announcing the browser to a website that tracks the company.
In a blog posting late last night, Google said its engineers had decided to "completely rethink the browser" because the web has evolved from offering mainly simple text pages to rich, interactive applications.
"What we really needed was not just a browser, but also a modern platform for web pages and applications, and that's what we set out to build," said Sundar Pichai, VP product management, and Linus Upson, engineering director.
Early reaction from bloggers and industry analysts was broadly positive.
Roger Kay, president of Endpoint Technologies Associates, said Chrome would help attract computer users to Google's range of web-based applications.
"This gives Google another opportunity to protect its flank and to create a new branding position,'' said Kay.
"We like this move by Google and believe it can help to increase or at least maintain its leading search market share."
Needham & Co analyst Mark May said the move would allow Google to claim a significant slice of "online real estate".
"The market share gains by Firefox in a short period of time show to us that users are looking for better browser experiences," he said.
Open-source
Chrome is open-source, meaning developers can access and make changes to its underlying source code. Typically for a Google offering, it is available in test format as a beta.
Like other browsers it offers tabbing, letting the reader keep multiple web pages open. But with Chrome each tab runs as a separate process, so the applications should be more stable and secure.
"By keeping each tab in an isolated 'sandbox', we were able to prevent one tab from crashing another and provide improved protection from rogue sites," said Pichai and Upson.
According to recent figures, Internet Explorer has around 58% of the browser market, followed by Firefox with 19%. Google dominates the search market, with around 64.1% of all searches in August.
Video for business
Google also announced yesterday that it has added a video component to its Google Apps Premier Edition, a package of business software aimed at corporate users.
It will allow employees to share speeches, product training, sales meetings or other employee video messages without risking unauthorised disclosure outside the company.
"What YouTube did in the consumer world, Google Video for business is going to do in the enterprise," said Matthew Glotzbach, product management director of Google's enterprise division, the unit responsible for Google Apps.
It will be available for free for six months, starting Monday.
the above said information is from infoworld USA.
The search giant said Chrome had been created to better handle interactive applications and resource-hungry web pages such as video clips and online games. It is also less likely to crash, it claimed.
A test version of the browser will be available for download later today.
Analysts said Chrome, which was announced at the same time as new YouTube-like video communications services from Google, could take market share from Microsoft's Internet Explorer, as well as other browsers such as Opera and Firefox.
Details of Chrome were rushed out last night after someone at Google accidentally sent a comic book announcing the browser to a website that tracks the company.
In a blog posting late last night, Google said its engineers had decided to "completely rethink the browser" because the web has evolved from offering mainly simple text pages to rich, interactive applications.
"What we really needed was not just a browser, but also a modern platform for web pages and applications, and that's what we set out to build," said Sundar Pichai, VP product management, and Linus Upson, engineering director.
Early reaction from bloggers and industry analysts was broadly positive.
Roger Kay, president of Endpoint Technologies Associates, said Chrome would help attract computer users to Google's range of web-based applications.
"This gives Google another opportunity to protect its flank and to create a new branding position,'' said Kay.
"We like this move by Google and believe it can help to increase or at least maintain its leading search market share."
Needham & Co analyst Mark May said the move would allow Google to claim a significant slice of "online real estate".
"The market share gains by Firefox in a short period of time show to us that users are looking for better browser experiences," he said.
Open-source
Chrome is open-source, meaning developers can access and make changes to its underlying source code. Typically for a Google offering, it is available in test format as a beta.
Like other browsers it offers tabbing, letting the reader keep multiple web pages open. But with Chrome each tab runs as a separate process, so the applications should be more stable and secure.
"By keeping each tab in an isolated 'sandbox', we were able to prevent one tab from crashing another and provide improved protection from rogue sites," said Pichai and Upson.
According to recent figures, Internet Explorer has around 58% of the browser market, followed by Firefox with 19%. Google dominates the search market, with around 64.1% of all searches in August.
Video for business
Google also announced yesterday that it has added a video component to its Google Apps Premier Edition, a package of business software aimed at corporate users.
It will allow employees to share speeches, product training, sales meetings or other employee video messages without risking unauthorised disclosure outside the company.
"What YouTube did in the consumer world, Google Video for business is going to do in the enterprise," said Matthew Glotzbach, product management director of Google's enterprise division, the unit responsible for Google Apps.
It will be available for free for six months, starting Monday.
the above said information is from infoworld USA.
Keeping Children Safe Online
What unique risks are associated with children?
When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. You need to consider these characteristics when determining how to protect your data and the child.
You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can't cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she's done or may not tell you what happened because she's afraid of getting punished.
Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users. Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. The threat is even greater if a child has access to email or instant messaging programs, visits chat rooms, and/or uses social networking sites.
What can you do?
* Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching her good computer habits.
* Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.
* Set rules and warn about dangers - Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. You should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. The goal isn't to scare them, it's to make them more aware.
* Monitor computer activity - Be aware of what your child is doing on the computer, including which web sites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.
* Keep lines of communication open - Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.
* Consider partitioning your computer into separate accounts - Most operating systems (including Windows XP, Mac OS X, and Linux) give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give her a separate account and decrease the amount of access and number of privileges she has.
If you don't have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your browser, avoid letting your browser remember passwords and other personal information. Also, it is always important to keep your virus definitions up to date.
* Consider implementing parental controls - You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain web sites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options..., choose the Content tab, and click the Enable... button under Content Advisor.
There are other resources you can use to control and/or monitor your child's online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer. Different programs offer different features and capabilities, so you can find one that best suits your needs. The following web sites offer lists of software, as well as other useful information about protecting children online:
* GetNetWise - http://kids.getnetwise.org/ - Click Tools for Families to reach a page that allows you to search for software based on characteristics like what the tool does and what operating system you have on your computer.
* Yahooligans! Parents' Guide - http://yahooligans.yahoo.com/parents/ - Click Blocking and Filtering under Related Websites on the left sidebar to reach a list of software.
When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. You need to consider these characteristics when determining how to protect your data and the child.
You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can't cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she's done or may not tell you what happened because she's afraid of getting punished.
Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users. Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. The threat is even greater if a child has access to email or instant messaging programs, visits chat rooms, and/or uses social networking sites.
What can you do?
* Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching her good computer habits.
* Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.
* Set rules and warn about dangers - Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. You should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. The goal isn't to scare them, it's to make them more aware.
* Monitor computer activity - Be aware of what your child is doing on the computer, including which web sites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.
* Keep lines of communication open - Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.
* Consider partitioning your computer into separate accounts - Most operating systems (including Windows XP, Mac OS X, and Linux) give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give her a separate account and decrease the amount of access and number of privileges she has.
If you don't have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your browser, avoid letting your browser remember passwords and other personal information. Also, it is always important to keep your virus definitions up to date.
* Consider implementing parental controls - You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain web sites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options..., choose the Content tab, and click the Enable... button under Content Advisor.
There are other resources you can use to control and/or monitor your child's online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer. Different programs offer different features and capabilities, so you can find one that best suits your needs. The following web sites offer lists of software, as well as other useful information about protecting children online:
* GetNetWise - http://kids.getnetwise.org/ - Click Tools for Families to reach a page that allows you to search for software based on characteristics like what the tool does and what operating system you have on your computer.
* Yahooligans! Parents' Guide - http://yahooligans.yahoo.com/parents/ - Click Blocking and Filtering under Related Websites on the left sidebar to reach a list of software.
Monday, September 1, 2008
Evaluating Your Web Browser's Security Settings
Why are security settings for web browsers important?
Your web browser is your primary connection to the rest of the internet, and multiple applications may rely on your browser, or elements within your browser, to function. This makes the security settings within your browser even more important. Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked. The safest policy is to disable the majority of those features unless you decide they are necessary. If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.
Where can you find the settings?
Each web browser is different, so you may have to look around. For example, in Internet Explorer, you can find them by clicking Tools on your menu bar, selecting Internet Options..., choosing the Security tab, and clicking the Custom Level... button. However, in Firefox, you click Tools on the menu bar and select Options.... Click the Content, Privacy, and Security tabs to explore the basic security options. Browsers have different security options and configurations, so familiarize yourself with the menu options, check the help feature, or refer to the vendor's web site.
While every application has settings that are selected by default, you may discover that your browser also has predefined security levels that you can select. For example, Internet Explorer offers custom settings that allow you to select a particular level of security; features are enabled or disabled based on your selection. Even with these guides, it is helpful to have an understanding of what the different terms mean so that you can evaluate the features to determine which settings are appropriate for you.
How do you know what your settings should be?
Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly. The best approach is to adopt the highest level of security and only enable features when you require their functionality.
What do the different terms mean?
Different browsers use different terms, but here are some terms and options you may find:
* Zones - Your browser may give you the option of putting web sites into different segments, or zones, and allow you to define different security restrictions for each zone.
For example, Internet Explorer identifies the following zones:
* Internet - This is the general zone for all public web sites. When you browse the internet, the settings for this zone are automatically applied to the sites you visit. To give you the best protection as you browse, you should set the security to the highest level; at the very least, you should maintain a medium level.
* Local intranet - If you are in an office setting that has its own intranet, this zone contains those internal pages. Because the web content is maintained on an internal web server, it is usually safe to have less restrictive settings for these pages. However, some viruses have tapped into this zone, so be aware of what sites are listed and what privileges they are being given.
* Trusted sites - If you believe that certain sites are designed with security in mind, and you feel that content from the site can be trusted not to contain malicious materials, you can add them to your trusted sites and apply settings accordingly. You may also require that only sites that implement Secure Sockets Layer (SSL) can be active in this zone. This permits you to verify that the site you are visiting is the site that it claims to be. is an optional zone but may be useful if you personally maintain multiple web sites or if your organization has multiple sites. Even if you trust them, avoid applying low security levels to external sites—if they are attacked, you might also become a victim.
* Restricted sites - If there are particular sites you think might not be safe, you can identify them and define heightened security settings. Because the security settings may not be enough to protect you, the best precaution is to avoid navigating to any sites that make you question whether or not they're safe.
* JavaScript - Some web sites rely on web scripts such as JavaScript to achieve a certain appearance or functionality, but these scripts may be used in attacks.
* Java and ActiveX controls - These programs are used to develop or execute active content that provides some functionality, but they may put you at risk.
* Plug-ins - Sometimes browsers require the installation of additional software known as plug-ins to provide additional functionality. Like Java and ActiveX controls, plug-ins may be used in an attack, so before installing them, make sure that they are necessary and that the site you have to download them from is trustworthy.
You may also find options that allow you to take the following security measures:
* Manage cookies - You can disable, restrict, or allow cookies as appropriate. Generally, it is best to disable cookies and then enable them if you visit a site you trust that requires them.
* Block pop-up windows - Although turning this feature on could restrict the functionality of certain web sites, it will also minimize the number of pop-up ads you receive, some of which may be malicious.
Your web browser is your primary connection to the rest of the internet, and multiple applications may rely on your browser, or elements within your browser, to function. This makes the security settings within your browser even more important. Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked. The safest policy is to disable the majority of those features unless you decide they are necessary. If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.
Where can you find the settings?
Each web browser is different, so you may have to look around. For example, in Internet Explorer, you can find them by clicking Tools on your menu bar, selecting Internet Options..., choosing the Security tab, and clicking the Custom Level... button. However, in Firefox, you click Tools on the menu bar and select Options.... Click the Content, Privacy, and Security tabs to explore the basic security options. Browsers have different security options and configurations, so familiarize yourself with the menu options, check the help feature, or refer to the vendor's web site.
While every application has settings that are selected by default, you may discover that your browser also has predefined security levels that you can select. For example, Internet Explorer offers custom settings that allow you to select a particular level of security; features are enabled or disabled based on your selection. Even with these guides, it is helpful to have an understanding of what the different terms mean so that you can evaluate the features to determine which settings are appropriate for you.
How do you know what your settings should be?
Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly. The best approach is to adopt the highest level of security and only enable features when you require their functionality.
What do the different terms mean?
Different browsers use different terms, but here are some terms and options you may find:
* Zones - Your browser may give you the option of putting web sites into different segments, or zones, and allow you to define different security restrictions for each zone.
For example, Internet Explorer identifies the following zones:
* Internet - This is the general zone for all public web sites. When you browse the internet, the settings for this zone are automatically applied to the sites you visit. To give you the best protection as you browse, you should set the security to the highest level; at the very least, you should maintain a medium level.
* Local intranet - If you are in an office setting that has its own intranet, this zone contains those internal pages. Because the web content is maintained on an internal web server, it is usually safe to have less restrictive settings for these pages. However, some viruses have tapped into this zone, so be aware of what sites are listed and what privileges they are being given.
* Trusted sites - If you believe that certain sites are designed with security in mind, and you feel that content from the site can be trusted not to contain malicious materials, you can add them to your trusted sites and apply settings accordingly. You may also require that only sites that implement Secure Sockets Layer (SSL) can be active in this zone. This permits you to verify that the site you are visiting is the site that it claims to be. is an optional zone but may be useful if you personally maintain multiple web sites or if your organization has multiple sites. Even if you trust them, avoid applying low security levels to external sites—if they are attacked, you might also become a victim.
* Restricted sites - If there are particular sites you think might not be safe, you can identify them and define heightened security settings. Because the security settings may not be enough to protect you, the best precaution is to avoid navigating to any sites that make you question whether or not they're safe.
* JavaScript - Some web sites rely on web scripts such as JavaScript to achieve a certain appearance or functionality, but these scripts may be used in attacks.
* Java and ActiveX controls - These programs are used to develop or execute active content that provides some functionality, but they may put you at risk.
* Plug-ins - Sometimes browsers require the installation of additional software known as plug-ins to provide additional functionality. Like Java and ActiveX controls, plug-ins may be used in an attack, so before installing them, make sure that they are necessary and that the site you have to download them from is trustworthy.
You may also find options that allow you to take the following security measures:
* Manage cookies - You can disable, restrict, or allow cookies as appropriate. Generally, it is best to disable cookies and then enable them if you visit a site you trust that requires them.
* Block pop-up windows - Although turning this feature on could restrict the functionality of certain web sites, it will also minimize the number of pop-up ads you receive, some of which may be malicious.
Understanding Your Computer: Web Browsers
How do web browsers work?
A web browser is an application that finds and displays web pages. It coordinates communication between your computer and the web server where a particular web site "lives."
When you open your browser and type in a web address (URL) for a web site, the browser contacts that server, requests the web page you asked for, and displays the page on your computer. The browser translates the code (written in a language such as HTML or XML) for the different elements of the page (text, images, sounds) into the appropriate format and displays the resulting page.
How many browsers are there?
There are many different browsers. Most users are familiar with graphical browsers, which display both text and graphics and may also display multimedia elements such as sound or video clips. However, there are also text-based browsers. The following are some well-known browsers:
* Internet Explorer
* Firefox
* AOL
* Opera
* Safari - a browser specifically designed for Macintosh computers
* Lynx - a text-based browser desirable for vision-impaired users because of the availability of special devices that read the text
How do you choose a browser?
A browser is usually included with the installation of your operating system, but you are not restricted to that choice. Some of the factors to consider when deciding which browser best suits your needs include
* compatibility - Does the browser work with your operating system?
* security - Do you feel that your browser offers you the level of security you want?
* ease of use - Are the menus and options easy to understand and use?
* functionality - Does the browser interpret web content correctly? If you need to install other plug-ins or devices to translate certain types of content, do they work?
* appeal - Do you find the interface and way the browser interprets web content visually appealing?
Can you have more than one browser installed at the same time?
If you decide to change your browser or add another one, you don't have to uninstall the browser that's currently on your computer—you can have more than one browser on your computer at once. However, you will be prompted to choose one as your default browser. Anytime you follow a link in an email message or document, or you double-click a shortcut to a web page on your desktop, the page will open using your default browser. You can manually open the page in another browser.
Most vendors give you the option to download their browsers directly from their web sites. Make sure to verify the authenticity of the site before downloading any files. To further minimize risk, follow other good security practices, like using a firewall and keeping anti-virus software up to date.
A web browser is an application that finds and displays web pages. It coordinates communication between your computer and the web server where a particular web site "lives."
When you open your browser and type in a web address (URL) for a web site, the browser contacts that server, requests the web page you asked for, and displays the page on your computer. The browser translates the code (written in a language such as HTML or XML) for the different elements of the page (text, images, sounds) into the appropriate format and displays the resulting page.
How many browsers are there?
There are many different browsers. Most users are familiar with graphical browsers, which display both text and graphics and may also display multimedia elements such as sound or video clips. However, there are also text-based browsers. The following are some well-known browsers:
* Internet Explorer
* Firefox
* AOL
* Opera
* Safari - a browser specifically designed for Macintosh computers
* Lynx - a text-based browser desirable for vision-impaired users because of the availability of special devices that read the text
How do you choose a browser?
A browser is usually included with the installation of your operating system, but you are not restricted to that choice. Some of the factors to consider when deciding which browser best suits your needs include
* compatibility - Does the browser work with your operating system?
* security - Do you feel that your browser offers you the level of security you want?
* ease of use - Are the menus and options easy to understand and use?
* functionality - Does the browser interpret web content correctly? If you need to install other plug-ins or devices to translate certain types of content, do they work?
* appeal - Do you find the interface and way the browser interprets web content visually appealing?
Can you have more than one browser installed at the same time?
If you decide to change your browser or add another one, you don't have to uninstall the browser that's currently on your computer—you can have more than one browser on your computer at once. However, you will be prompted to choose one as your default browser. Anytime you follow a link in an email message or document, or you double-click a shortcut to a web page on your desktop, the page will open using your default browser. You can manually open the page in another browser.
Most vendors give you the option to download their browsers directly from their web sites. Make sure to verify the authenticity of the site before downloading any files. To further minimize risk, follow other good security practices, like using a firewall and keeping anti-virus software up to date.
Subscribe to:
Posts (Atom)
