free adobe palace script font download

Adobe Photoshop CS5 cheap free safe download of adobe acrobat reader download crack for adobe authorware 7 cheapest download stand alone adobe flash adobe elements download

adobe cs2 download free crack key generator

Adobe InCopy CS5 for Mac cheapest adobe flashplayer free download adobe version cue update download windows cheapest adobe illustrator 10 free download adobe photoshop 70 download

download adobe photoshop cs2

Adobe Creative Suite 4 cheap adobe photoshop cs3 iso file download free adobe acrabat reader download buy cheap adobe acrobat raeder v7 download free download adobe acrobat professional 6

adobe photoshop font download

Adobe cs5 Design Premium cheap adobe flash reader download free ware download adobe photo shop buy cheap download adobe imageready free adobe dream weaver 8 download

free download adobe photoshop cs2

discount Adobe Flash adobe 8 reader download adobe version 7 download buy cheap manually download of adobe flash player 9 how to download adobe premiere pro free

adobe illustrator download free

cheap PDF to-EXE Converter adobe photoshop font download download adobe indesign cs3 buy cheap adobe reader download full download adobe acrobat megaupload

adobe illustrator cs3 crack download

Autodesk Simulation 2012 buy cheap adobe 5 free download adobe purchase products maintenance download contacting typeface cheapest adobe reader free download for windows vista download adobe premiere pro

adobe acrobat 6 full download

AutoCAD Electrical 2012 discount adobe reader vista download free download adobe photoshop cs3 extended me trial buy cheap download adobe professional download adobe svg viewer

download adobe gamma

cheapest Autodesk AutoCAD download adobe download manager free acrobat adobe download cheapest download adobe reader fur windows 2000 free download adobe flash player

crack adobe photoshop cs3 download

buy cheap AutoCAD 2010 adobe pagemaker download full free free adobe image ready download discount adobe illustrator cs2 trialware download adobe flash player 8 free download

free download adobe premiere pro cs3

AutoCAD 2012 buy cheap adobe image ready download download adobe photoshop elements discount download free adobe standard sf86 sf 86 sf 86 download adobe pdf

adobe download photo shared shop

cheapest AutoCAD for MAC adobe premmiere free download download adobe shockwave player discount free adobe acrabat reader download adobe flash player and download

iran download adobe photoshop

cheap adobe acrobat x free download of adobe reader 8 download and edit adobe files buy cheap adobe fash player download adobe after effects full download

adobe flash lite download

adobe acrobat x suite discount buy adobe photoshop download free download adobe acrobat reader professional 6 cracked discount adobe flash player 9 active x download free adobe ilrator download

adobe premiere tryout download

buy cheap adobe creative suite 4 download adobe photoshop 50 download adobe photoshop full cheap adobe photoshop download discount software download adobe 5

download adobe gamma download

discount adobe creative suite 5 how to download adobe on psp free ware download adobe photo shop cheapest adobe flash player version 9 free download free download adobe lightroom

cnet download adobe

adobe cs5 cheap adobe player download center free download adobe ilustrator discount best adobe acrobat download adobe indesign 2 for windows download

adobe acrobat download for mac

Adobe cs5 Design Premium cheapest adobe audition full download adobe photoshop element download buy cheap adobe acrobat reader 5 0 free download adobe download 8

adobe player 8 download

cheapest Adobe CS5 for mac adobe gamma download adobe acrobe free download cheap free download adobe pagemaker can we download adobe flash player file

download adobe flash player stand alone

buy cheap Adobe cs5 Production Premium adobe internet explorer download security adobe cs3 patch download discount adobe premier download crack free download adobe flash

download and install adobe flash onto my computer

cheap Adobe Dreamweaver CS5 download adobe photoshop 70 adobe pdf reader free download discount where can i download adobe flash player 9 download adobe creative suite 2 premium

how to download adobe flash files

Adobe eLearning Suite discount adobe premmiere free download free download adobe photoshop cs2 cheap pc wont let adobe plug in download download adobe illustrator cs

adobe flashplayer 9 download

Adobe eLearning Suite 2 buy cheap direct download links adobe download adobe illustrator cs cheap adobe illustrator 8 download adobe shockwave player download

download adobe media encoder

Adobe Flash Catalyst CS5 cheapest download adobe premiere effects adobe photoshop elements download discount adobe lightroom update download mac osx adobe reader kostenloser download

adobe after effects cs2 download

Adobe Illustrator CS5 cheapest adobe player download center adobe download free premiere discount adobe illustrator 8 download adobe flash direct download

free download for adobe streamline 4

cheapest Adobe Indesign CS5 free download adobe after effects for mac download adobe reader cd cheapest adobe acrobat reader free download download adobe ultra

adobe creative suite 3 download

cheap Adobe Photoshop CS5 adobe audition download free adobe acrobat reader 6 download cheapest adobe acrobat writer download adobe 10 download

macintosh download adobe acrobat reader

Adobe Photoshop Lightroom 3 discount adobe audition 3 free download adobe macromedia flash player 7 download discount free adobe photoshop full download adobe photoshop elements 5 free download

Archive Page 5

Instant messaging security

Published by
madelman
May 4, 2006 in Beginner and Security. Comments

While many people have become used to e-mail being a source of potential problems (spam, viruses, phishing,…) most of them are not so cautious when it comes to using instant messaging applications.

Although the problem is not so big as with e-mail, attackers are switching to IM to evade the filters we are using when dealing with mails. Instead of spam, we might be receiving spim (spam + IM). Luckily, most of this programs allow us to block messages from unknown senders. This is really recommended just in case this attacks get more common.

Also, viruses which used e-mail to distribute themselves are turning into instant messaging to spread themselves, sending the files as if they are coming from someone you know and infecting you when you open the received file.

As with e-mail, the best recommendation is to keep your computer software up to date, from the operating system to the instant messaging programs. Also, take care with received files which were not requested, If you receive any of these files you can ask the sender if they send it on purpose.

Finally, the use of antivirus and antispyware will help you to keep your computer clean.

From | PC Doctor.

RFID viruses are not a problem

Published by
madelman
May 2, 2006 in Advanced, Privacy and Security. Comments

I read about RFID viruses some time ago but I hadn’t commented anything here because I didn’t see the point of it.

Let’s situate ourselves. Some investigators from Vrije University, at Amsterdam, wrote some papers predicting the apparition of RFID viruses, explaining how to code them and giving some examples. Although it can work theoretically, I don’t think these viruses pose any threat in the near future.

RFID tags do not contain code, they only contain some data which can be read with an appropriate scanner. The basis of the papers these investigators wrote is that the software controlling the reading of the data will contain bugs that will allow this data to get executed. Technically, this is known as SQL injection, where data is interpreted as SQL code and executed by the database. This is a known trick which has been used by hackers for a long time, allowing them to deface websites and other nasty things.

But, in the physical world, it will be more difficult to make this work. First of all, you will need to know how the software you want to hack works. This is much easier in the web, where many times you can get the source code for the application you want to hack and can examine it line by line. In real world, not many applications will be available for inspection. For example, your local supermarket using RFID won’t allow you to have a look at their source code.

This doesn’t imply it can’t be done, as with some experimentation one can guess how the system is built and how to work around it, but will probably limit a lot the attacks.

For me, the privacy implications of RFID are more important than the probability of a RFID virus appearing some day, and this is something that has not been extensively discussed.

From | Help Net Security

USB security: how to lock down the ports

Published by
madelman
April 28, 2006 in Medium and Security. Comment

USB ports can be a security risk, seeing how flash-based USB drives have got so common and are capable of containing lots of data. It’s really easy to enter a 1 GB disk in a company, carrying it in your pocket, and copy private data which should not leave the organization. Usually you only have to connect the disk and works out of the box, without needing any driver installation.

If you want to avoid these kind of risks you can use hardware-based or software-based methods. The hardware based ones can be the most effective, but also have the burden of not being able to use the USB in case you need it.

To deactivate an USB port you can either disconnect it from the motherboard (if it’s not integrated), deactivate it from the BIOS (not very reliable) or fill the hole with glue so nobody can insert anything in it.

If you want to it by software, you can disable the USB ports completely as explained in the Microsoft Knowledge Base: How to disable the use of USB storage devices. You can also make the USB devices read only.

Phishing (II): how to protect

Published by
madelman
April 27, 2006 in Beginner, Phishing and Security. Comments

Now we know what is phishing and how it works, it’s time to learn how to protect against it.

For me, the most important thing to be protected against phishing is incredulity. Simply don’t believe everything you receive by e-mail. E-mail can be forged very easily and the sender of the message might not be who it seems.

Also, take into account that most companies will never contact you by e-mail to ask for information. Well, there are some companies which do this, but if you follow these rules that won’t be a problem.

  • Don’t reply with personal information. If you ever get any kind of message from anyone asking for personal information, never reply to it. If you think this is legitimate it’s always better to call by telephone and give this data. Take into consideration the fact that e-mails travels as plain text through the net, so anyone can see it.
  • Don’t click in hyperlinks within emails. Although they might look legitimate, there are techniques for redirecting you to another site controlled by the attacker. If you think the mail is real and you have to input information, it’s better to open a new browser windows and and type the URL in the location bar, to make sure you are going to the site you intended.
  • Check for Secure HTTP. Once you have gone to the site, check it’s legitimate by looking at the location bar, checking it uses Secure HTTP (the URL begins with https). If it does, then check the certificate of the site by clicking on the lock that appears and have a look at the information in the popup windows to see if it’s the same that you expected. 
  • Check your bank accounts and report to authorities. It’s really convenient to check your accounts from time to time to see if there’s any unusual or suspicious activity. If there’s something unexpected, you should better contact your bank and if they confirm it’s fraudulent, report it to the local autorithies so they can investigate the case.
  • Use antiphishing toolbars. This is a convenient software to know if a site is a suspect of being a phishing site.

You can either use Google Toolbar for Firefox which shows an icon indicating if a site is forged or not.

Googletoolbar

You can also use Netcraft Toolbar which can tell even the country where the server is located, so if you access an american bank and the server is located in Russia, you can get really suspicious.

Netcrafttoolbar

With all these measures you should be quite safe against phishing.

The best free security tools for Windows

Published by
madelman
April 25, 2006 in Beginner, Security and Windows. Comment

Many times people ask me what are the essential tools to install in a new computer to improve the security. I usually install everything I can think of, but sometimes I might forget something, so this list of best free security tools might prove very valuable. Sergio Hernando started it and I’ll try to improve it a bit with some comments about each program.

These applications are free (some are open source, others are simply gratis) and will improve greatly the security of your computer. Anyways, they are not infallible so you must take basic measures to protect your computer besides using these tools.

I usually prefer using open-source tools, but sometimes there is no useful open-source equivalent in some category, so a closed-source option must be used. Anyway, I have always found a freeware option which fulfilled my needs, so you don’t need to pay anything to keep your computer secure.

Continue reading ‘The best free security tools for Windows’

Are warning dialog boxes really useful?

Published by
madelman
April 24, 2006 in Beginner and Security. Comments

In a really interesting post, Bruce Schneier tells that “lots of warning dialog boxes don’t provide security”. The cause is users don’t pause to read the content of the dialog box and act consequently. They only want the job to be done, so they click the default button or, if this doesn’t work, they click whatever button until it finally works (or at least, the dialog disappear).

This happens with every application. The most usual case is security warnings from bad SSL certificates.

Continue reading ‘Are warning dialog boxes really useful?’

Phishing (I): what is it?

Published by
madelman
April 24, 2006 in Beginner, Phishing and Security. Comments

Although phishing has been in the rising for some time, there are still lots of people who don’t know what it is and how it works. This is used by phishers to steal data from innocent users for their own profit.

So, first of all, what is phishing? It’s a technique used to steal private data from the user by tricking him to give it away. This private data is usually passwords for sensitive sites, credit-card numbers or PIN codes for bank accounts.

How do phishers trick the user? The most common way to ask for the data is through email. Phishers send emails which look legitimate, usually mimicking the look of real ones but pointing to their own servers instead of legitimate ones.

Most phishing tells the users that account might have been compromised and they need to authenticate again to confirm the account. They give a link which looks like a legitimate one, but points to another site controlled by the phisher. This site also looks like the original one, as they steal images and layout from the legitimate one and upload them to another server.

So, when the user enters the username and the password in this site, the data gets stored in a database controlled by the attacker, who will be able to retrieve it later and use the data in his own profit.

This is an example of a phishing email I received:

Phishing

The link seems to point to cards.fleet.com but, in reality, it goes to 4.60.21.232:34,a link which doesn’t work by now but which was under the control of the phisher.

Lately, the sophistication of this kind of e-mail has increased, every time looking more credible and using new techniques to trick the user, like emails looking like a question from a possible buyer from eBay which points to another site or even targeting e-mail to users depending on the bank they use.

In the next post, we will see how to protect against phishing.

Defeat hardware keylogger with SuperGlue

Published by
madelman
April 22, 2006 in Beginner, Security and Various. Comments

We explained that a usual way to steal password is with keyboard loggers. This happened once at Sumitomo Bank, where someone installed a hardware keylogger to a computer and got some passwords which allowed him to transfer money to an account on his own.

The bank has opted for a low-tech solution to this problem. To avoid someone installing hardware keyloggers they have glued the connectors to the back of the PC with SuperGlue, so it’s not possible to unplug the keyboard and insert the keylogger.

It’s a known problem that to secure a computer where the user has physical access to it is quite difficult, so I would have opted instead for using dumb terminals instead of PCs, so the security only has to be implemented in one place, making it easier to control.

This is not always possible, as some systems can’t be configured to work with dumb terminals or might not be convenient for the business. In this case, the solution is to keep the PC case in a “secure” lock where it cannot be accessed by the users without permission.

From | Threat Chaos.

E-mail security: avoiding spam

Published by
madelman
April 19, 2006 in Medium, Security and Spam. Comments

Following the series of articles about spam I last wrote about detection of spam by analyzing the content. This usually works great but it is a big waste of resources for the user receiving the spam, as he has to download the mail (mostly free if you are on a residential line, but might be expensive if you are on the road) and analyze it (spending computer time).

It would be better if the server was able to avoid these messages being sent. Although some mail servers analyze the content of the message before delivering there are some other techniques which have been proposed to work against spam. Some of them are even standards, but haven’t usually been widely deployed. Let’s have a look at some advantages and disadvantages of them.

Continue reading ‘E-mail security: avoiding spam’

Scan for viruses with Knoppix

Published by
madelman
April 18, 2006 in Linux, Medium, Security, Virus and Windows. Comments

One of my favourite tricks when checking some Windows computer which is screwed up (and, usually, they are really screwed up, even not booting) is scan for viruses using Knoppix, a Linux distribution which can boot from a CD.

Once booted, it recognises your Windows partitions and allows downloading F-Prot, a free virus scanner, which checks your hard drive for virus. If you find any, you need to delete the files containing them.

It is also a good idea to download updates for Windows at this time, as it is safer to browse the web from the Knoppix CD.

You can download the Knoppix CD from the official site. It’s a good idea to have it at hand, just in case you need it urgently.

From | O’Reilly

« Previous Entries
Next Entries »
Text Link Ads

About

Becoming paranoid is a weblog about computer security, privacy and staying safe online, specially dedicated to novices
If you want to know something more about us, visit our contact page.

If you enjoyed Becoming paranoid, you can have a look at the rest of our blogs:


Latest

RSS

Sponsored links


Search

Search in the Becoming paranoid Archive


Subscribe

Enter your email address:

Delivered by FeedBurner


Tag cloud

Archives

Categories