Nearly a quarter of people (23 per cent) polled in a survey by Symantec use their browser to keep tabs on their passwords.
A survey of 400 surfers by Symantec also found that 60 per cent fail to change their passwords regularly. Further violating the 'passwords should be treated like toothbrushes' maxim (changed frequently and not shared), the pollsters also found that a quarter of people have given their passwords to their spouse, while one in 10 people have given their password to a ‘friend’.
Password choices were also lamentably bad. Twelve of the respondents admitted they used the phrase 'password' as their, err, password while one in ten used a pet's name. The name of a pet might easily be obtained by browsing on an intended target's social networking profile.
Eight per cent of the 400 respondents said they used the same password on all their online sites, a shortcoming that means a compromise of one low-sensitivity account hands over access to a victim's more sensitive webmail and online banking accounts. The survey respondents came from readers of Symantec's Security Response blog, who might be expected to be more security savvy than the general net population, though the survey shows many of them making the same basic errors that crop up time and again in password security surveys.
Symantec has put together its findings together with a list of suggestions for picking better passwords, a basic but woefully overlooked security precaution, in a blog post here.
The net security firm advised computer users to pick a mix of numbers, letters, punctuation, and symbols when picking passwords. This may be derived from taking a memorable phrase and altering it by replacing characters with symbols, for example. Surfers should avoid personal information, repetition and sequences in passwords, Symantec further recommends.
Article written By John Leyden
Wednesday, March 31, 2010
Thursday, March 25, 2010
Where does the Malware Come From?
CNET is reporting that Avast has tracked over 2.6 million instances of malware
that have been served up to unsuspecting web surfers since last
December by ad services such as Yahoo's Yield Manager, Fox Audience
Network's Fimserve.com and even some from Google's DoubleClick. Some
high-profile sites include The New York Ti...mes, Drudge Report.com,
TechCrunch and WhitePages.com. The practice has been dubbed
'malvertising.'
The Full Story can be found here
http://news.cnet.com/8301-27080_3-20000898-245.html?tag=newsLeadStoriesArea.1
that have been served up to unsuspecting web surfers since last
December by ad services such as Yahoo's Yield Manager, Fox Audience
Network's Fimserve.com and even some from Google's DoubleClick. Some
high-profile sites include The New York Ti...mes, Drudge Report.com,
TechCrunch and WhitePages.com. The practice has been dubbed
'malvertising.'
The Full Story can be found here
http://news.cnet.com/8301-27080_3-20000898-245.html?tag=newsLeadStoriesArea.1
Monday, March 22, 2010
Facebook users targeted in massive spam run
By Jeremy Kirk
Created 2010-03-18 07:37AM
Facebook's 400 million users have been targeted by a spam run that could infect their computers with malicious software designed to steal passwords and other data, according to security researchers at McAfee.
Over the last two days, millions of messages have been sent, which McAfee detected through customers running the company's security software, said Dave Marcus, McAfee's director of security research and communication.
The messages appear to come from Facebook, with a return address that looks legitimate but has been spoofed, such as "help@facebook.com," Marcus said.
The messages say that the user's Facebook password has been reset and the user should download an attachment that contains the new password. The English-language messages are grammatically correct, but contain an odd sign-off: "Thanks, Your Facebook." McAfee has included a screenshot on its blog.
The attachment is actually a Trojan horse program, which infects a computer without any visible signs. Marcus said the spam run contained a variety of malware programs, including password stealers, rogue antivirus programs or botnet code.
No Web site would automatically reset someone's password and send the new one in an email, Marcus said. Facebook's high number of users makes it a prime target for spammers and hackers.
"There's a huge victim pool to go after," Marcus said.
Although it's unknown how many people may have been inadvertently duped, "I'd assume a lot of people would fall for something like that," Marcus said.
The spam is believed to have been sent from botnets called Cutwail and Rustock. Botnets are groups of computers that are controlled by hackers and often used for malicious activity such as sending spam or conducting denial-of-service attacks against Web sites.
Security analysts have been experimenting with different ways to shut down botnets. Over the last few weeks, two botnets called Mariposa and Waledac were shut down after security experts were able to commandeer the command-and-control servers used to communicate with infected computers.
But botnets have become more and more sophisticated and harder to combat. Many computer users don't even know their computers are infected, and the botnet code is engineered to avoid detection by antivirus programs.
Source URL (retrieved on 2010-03-22 03:08PM): http://www.infoworld.com/d/security-central/facebook-users-targeted-in-massive-spam-run-066
Created 2010-03-18 07:37AM
Facebook's 400 million users have been targeted by a spam run that could infect their computers with malicious software designed to steal passwords and other data, according to security researchers at McAfee.
Over the last two days, millions of messages have been sent, which McAfee detected through customers running the company's security software, said Dave Marcus, McAfee's director of security research and communication.
The messages appear to come from Facebook, with a return address that looks legitimate but has been spoofed, such as "help@facebook.com," Marcus said.
The messages say that the user's Facebook password has been reset and the user should download an attachment that contains the new password. The English-language messages are grammatically correct, but contain an odd sign-off: "Thanks, Your Facebook." McAfee has included a screenshot on its blog.
The attachment is actually a Trojan horse program, which infects a computer without any visible signs. Marcus said the spam run contained a variety of malware programs, including password stealers, rogue antivirus programs or botnet code.
No Web site would automatically reset someone's password and send the new one in an email, Marcus said. Facebook's high number of users makes it a prime target for spammers and hackers.
"There's a huge victim pool to go after," Marcus said.
Although it's unknown how many people may have been inadvertently duped, "I'd assume a lot of people would fall for something like that," Marcus said.
The spam is believed to have been sent from botnets called Cutwail and Rustock. Botnets are groups of computers that are controlled by hackers and often used for malicious activity such as sending spam or conducting denial-of-service attacks against Web sites.
Security analysts have been experimenting with different ways to shut down botnets. Over the last few weeks, two botnets called Mariposa and Waledac were shut down after security experts were able to commandeer the command-and-control servers used to communicate with infected computers.
But botnets have become more and more sophisticated and harder to combat. Many computer users don't even know their computers are infected, and the botnet code is engineered to avoid detection by antivirus programs.
Source URL (retrieved on 2010-03-22 03:08PM): http://www.infoworld.com/d/security-central/facebook-users-targeted-in-massive-spam-run-066
Subscribe to:
Posts (Atom)