| Here is your weekly summary of security news, alerts | | | | checked by the user would show an invalid certificate |
| and threats you need to know, to play safe on the | | | | before they access the site. |
| Internet. | | | | NTA says more banks are feeling the pressure to |
| Defense in Depth, & You | | | | have an online presence, and are perhaps jumping |
| Six months ago I reported that on average, it took | | | | onto the Internet too quickly. It of course increases their |
| Microsoft 13 days to fix a flaw or vulnerability in its | | | | exposure to online attacks. |
| most popular software products. Microsoft is now | | | | Be careful when doing your online banking. Deal only |
| boasting that it took it almost 29 days to fix | | | | with large, reputable institutions. Study the home page |
| vulnerabilities last year. For Windows XP alone, it took | | | | carefully, and familiarize yourself with the privacy and |
| 53 days on average, to fix a flaw. Go figure. | | | | security policies of the bank. Make sure they |
| Still, this was a better performance than rival operating | | | | guarantee refunds for unauthorized transactions. |
| system makers Apple, Novell and Sun Microsystems, | | | | Just before you sign in, check that you are on a page |
| according to Microsoft. | | | | that begins with [ and you see a little gold padlock in |
| What does this mean for the average home user? It | | | | the lower right of your screen (upper right in IE7). This |
| simply means that YOU were at great risk for long | | | | means the page and your information is encrypted, |
| periods of time. Your computer and information could | | | | although this is not foolproof. |
| have been (and perhaps were) compromised or stolen | | | | Then right-click a blank area of the page, and click |
| with ease, many times over. What is a person to do? | | | | Properties. Click Certificates, to see the firm's SSL |
| The best thing to do is maintain defense in depth, as I | | | | Certificate. Check the dates shown, to make sure it |
| have long maintained. That means having anti-virus | | | | has not expired. |
| protection, a firewall, anti-spyware programs and | | | | Credit Cards + Gas Stations = Risky Business |
| blockers and a HOSTS file; AND keeping everything | | | | Beware if you pay for your gas fillup with a credit |
| up to date without fail. | | | | card. It seems the risk of data theft is very real, |
| With these multiple layers of protection, it lessens your | | | | because of those point-of-sale (POS) terminals used |
| dependence on Windows to protect you, or on any | | | | to swipe the card. |
| other single program. | | | | The information from the magnetic stripe on the back |
| If one of these layers is weakened or penetrated for | | | | of the card is collected and stored in the terminal. |
| whatever reason, the other layers will probably protect | | | | Knowledgeable criminals can access it to make |
| you until the problem is fixed. This philosophy has | | | | duplicate cards and go on a spending spree. This in |
| proved its worth for years, and is never more | | | | turn, can lead to identity theft. This actually happened |
| essential than today. | | | | to a friend of mine a while ago. |
| Your Online Banking Security | | | | It should be noted quickly that you are usually not |
| I have never much liked online banking. I refuse to | | | | responsible for unauthorized charges to your card |
| expose my bank accounts to the Internet, and to the | | | | beyond the first $50. Most credit card companies will |
| hackers and criminals who prowl it. Now a security | | | | normally waive even that, if it is clear you are not |
| testing firm has found that online security at financial | | | | involved in the fraud. |
| institutions in general is getting noticably worse. | | | | Visa, Mastercard and others are pressuring retailers to |
| NTA Monitor found 20% more vulnerabilities among | | | | comply with new security standards that forbid the |
| banks and similar institutions, compared to last year. | | | | storing of the magnetic stripe data on the POS |
| But in Britain, things improved a lot, with 32% of firms | | | | terminals. In the meantime, try paying cash at the pump. |
| showing critical flaws, compared with 61% last year. | | | | Check your credit card statement carefully as soon as |
| There were two common problems. First, buffer | | | | it arrives. Better yet, go online a few times a month |
| overflows could allow an attacker access to the | | | | and check it. |
| server. Second, expired SSL Certificates, which if | | | | |