Want to click? Think again…

How many times have you received an email like the one above? Or an email from your friendly FedEx informing you that your parcel was not delivered… What about an email from Facebook or LinkedIn or Hotmail or any other site that asks you to press links to view messages or invitations?

It pays to think… Thinking before clicking would save you, your PC and most probably the company you work in a lot of hassle. Why you ask???… Simple.

Let me explain. The easiest way these days is to attack any PC via the human interaction element. Why should the hackers bother with spending hundreds of hours to find a possible opening when we the users present them with the easiest path?

Those hackers infect one or two sites with malware. Then they send mass (or targeted) emails like the ones mentioned above. One click without thinking and BAAAAM! You’re their prey. They’d have almost unstoppable access to your PC.

During the last month alone, such a technique was used to attack Twitter, FaceboDuring the last month alone, such a technique was used to
attack Twitter, Facebook, New York Times and Wall Street Journal.

To make things worse, there are major flaws in the software we use. Java had a major security flaw that was being used to exploit the companies mentioned above. Now, Adobe PDF reader has a major flaw. Hint… DO NOT OPEN THOSE PDFs in emails you receive, especially if you do not know the sender… (More on that issue can be found on http://www.zdnet.com/dont-open-that-pdf-theres-an-adobe-reader-zero-day-on-the-loose-7000011241/?s_cid=e539)

Finally, I would like to mention a new initiative by the Lebanese government who has endorsed the importance of internet safety. The new site, www.e-aman.com contains very important tips for "National Internet Safety Lebanon". Keep up the good work!

Predictions... Norfect's 2013 Security Predictions

So everyone is so busy reading 2013 predictions, and aligning their lives to whatever our lovely predictors are predicting… Here are Norfect's 2013 SECURITY predictions….

• At the end of 2013, the most common passwords will remain the same. “password” will remain the mostly used password. It’s been on the top of the list since man created the concept of passwords, and we will keep on using it till man creates an alternate concept. It was still number 1 in 2012, and it will remain number 1 in 2013. For a list of the top 25 common passwords check http://gizmodo.com/5954372/the-25-most-popular-passwords-of-2012 . If yours is on the list, PAAALLLEEAASSSSEEE change it NOW!

 

• Smart phones will be at more risk as we keep on integrating them into our lives. We will continue hearing horror stories of how insecure they are, how easy it is to hack into them, but will keep on using them more and more.

 

• Apple will be under major security attacks, especially over their iOS. Hackers search for large markets, and Apple suits that bill perfectly. (Remember when everyone said Firefox was so secure no-one can attack it???)

• Anonymous and other hacktivists (hackers with a cause) will occupy the headlines even more this year. More hacktivists will be caught and coordinate with police to catch other hacktivists to rescue their own lives. (Lesson to be learnt: Do NOT trust anyone over the internet)

• We will hear more of cyber war, yet it will remain a “taboo” concept. It’s just a conspiracy theory most people will say… Until some major incident becomes public.

 

• Bring your own device (BYOD) to work will be the next major risk for companies. Balancing between company provided phones vs. the employees own phone will be a major challenge.

• Finally, the cloud (the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet)) will face some major setbacks, with very well-known companies being attacked. This will only help in strengthening the cloud as the future of computing.

    

Those were my security predictions for the year 2013. Any feedback is well appreciated in the below comments section.