Guest Article by Louise Goldstein

One of the latest attacks, and one which enforces the buy antivirus software mantra, was directed at online gossip website Gawker Media. The hackers managed to get into Gawker servers, and the result was that 1.3 million user account passwords were compromised in the attack. The hackers then posted the file with all of the details onto a file-sharing site that has been associated with the infamous 4Chan.

To add insult to injury, the group ‘Gnosis’ released a file taken from Gawker on the file-sharing website Bittorent, and more passwords were put at risk.

With the passwords at their fingertips, spammers got into thousands of Twitter accounts and used the opportunity to advertise dieting pills. Although the motivation for the attacks has not yet been ascertained, it is not the first time that Gawker has suffered in this way.

In the past it has also been used to attain passwords, that are then used to hack into Twitter accounts and publish messages of support for the whistle-blowing website Wikileaks, most likely in response to Gawker’s publishing of blogs that are critical of Julian Assange, Wikileaks’ founder.
Graham Cluley, a consultant at security firm Sophos, highlights the dangers of a password being discovered: “Anybody that has had their Gawker account details published can expect to be targeted by other hackers. Every identity thief, hacker and spammer out there will be attracted to that password file.”
Rik Ferguson, a security research at Trend Micro, highlights a problem that has led to so many passwords being accessed so easily: “It’s all too common that people use the same password for multiple accounts.”

Internet security advisors and websites are therefore continuing to stress the importance of using varying and complex passwords. Users are encouraged to not be put off by having to remember difficult passwords; all passwords, Mr Ferguson claims, can be made simple to remember. This is particularly poignant advice, as in the latest attack on Gawker, the passwords that were used by spammers were the ones that were simple, and therefore easy to decrypt.

Harvesting passwords and allowing spammers into peoples’ accounts is a fluid and increasing activity, and although in this case it was only social network accounts that were affected, it could have been much more serious information that was accessed. For banking details and other personal information, more complicated and safer passwords are a necessity, stress industry officials. This, combined with the right kind of software, can help keep your most personal details secure. The mantra buy antivirus software has never been more relevant in today’s world of sophisticated hacking.

Guest Article by Neil Camp 

The statement comes from Symantec, the makers of the Norton range of IT security products, who discovered that a whopping 87% of people thought they were safer online via their desktops, rather than surfing on their mobiles.

Ironically, the study went on to find that less than half of those using their PCs to go online, were not fully protected. Nearly 60% claimed to Symantec that they believed that their PC was running a complete security software application, but when the company did a scan to check, they discovered only 37% were in fact fully protected.

Michael Kaiser, National Cyber Security Alliance (NCSA) Executive Director, said:
“We’re encouraged that more Americans feel safe going online from their home computers. We need to ensure that this is not a false sense of security and that a feeling of safety does not lead to complacency. Americans need to remain vigilant and be sure that all Web connected hardware has the proper security tools installed and is up-to-date. In addition, the use of sound judgment and common sense online is necessary to protect personal information and reduce the loss of important data.”

What’s more, Symantec went on to discover that US citizens are increasingly embracing the digital and computerized world. It’s discovered that over half Americans now have between two to three computers at home, with nearly 75% owning a laptop, or netbook.

Furthermore, just over 30% say that nowadays, their laptop, or netbook is their main computer; a trend which sees the desktop becoming less important than it was. And with an ever increasing amount of web-enabled devices being introduced onto the market, Americans now have a vast choice of internet ready devices at home, school, work and the environment in general.

Marian Merritt, an Advocate for Norton Internet Safety, said:
“Computer users can run into online threats regardless of where they might be connected and what device they’re using. However, on a Wi-Fi network, there are other risks consumers can run into, like ‘evil twin’ networks that trick people into connecting to unknown networks, giving cybercriminals access to their computer and its contents. Consumers should ensure they’re connecting to a legitimate network, using the access keys or portal given to them by the Wi-Fi provider.”

Food for thought for anyone wishing to compare antivirus software.

Guest Article by Neil Camp 

Stuxnet is a sophisticated malware code and antivirus security experts believe whoever wrote the original code must have had support from a national government agency.

Stuxnet is a worm which seeks out complex computer systems which act as networks within certain industries. Such is it’s complex nature and sophistication, it’s very unlikely that one person, sat in their bedroom, could create such a Malware weapon. Most believe that it would have had to have had the support of a government to firstly develop it and then direct it towards the computer network being targeted.

Nor does the code have a ‘signature’ of an original coder; a dead give- away and an indication of where the code might have been conceived. This lack of clues also suggests that it is a ‘corporate’ effort.

Stuxnet has already launched an attack on the Bushehr nuclear power station and some antivirus security observers point to the obvious likely candidate.

All the major antivirus security firms have been monitoring the progress of the Stuxnet botnet and believe it to be one of the most refined forms of malware ever released.

In industry parlance a botnet is a network of zombie computers which do the bidding of the hacker. Individual pieces of malware code attack both networks and stand-alone machines, eventually creating a string of computers that are there to be manipulated by the cyber criminal.

One of the commonest uses of botnets is to create huge mailers for spam emails, often without the knowledge of the computer owner, or user.

But this malware attack, if indeed perpetrated by a government, raises all sorts of tricky moral dilemmas for the antivirus security industry. Much is made of China’s alledged attempts to use viruses to hack into Western computers. If an ‘ally’ of many western governments is starting to use the same tactic, then a number of people will find themselves answering some difficult questions.

Guest Article by Neil Camp 

And the suggestion from Charney is that the internet security industry should take its lead from the public health sector which when it identifies a medical virus, it isolates all those connected with it until the problem is solved.

The biggest threat out there according to the experts are botnets. These are networks of computers which have been infected by cyber criminals and then made to do their bidding, including sending out millions of spam emails.

Mr Charney wrote in a blog recently:
“Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society.

“In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others.

“Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk.”

Botnets can consist of a few hundred PCs, but also number thousands, or even millions. They operate as zombie machines without the knowledge of the user.

And Mr Charney goes on to say that although millions of firewalls and antivirus programmes are being sold and used, many consumer computers remain vulnerable to attacks from malware code. Which leads him to suggest that all computers should have a health certificate before they are allowed to connect to the internet.

He added:
“Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware.”

With many countries starting to introduce versions of the health certificate idea, and with some ISPs spotting machines which appear to be sending out vast amounts of spam email and effectively cutting then off, it would appear that users are going to have to wake up to the prospect of more pro-active action against infected computers.

But a number of internet security experts find it somewhat ironic that a employee of Microsoft should be ‘lecturing’ others on the idea of infected computers. It’s well known fact that many cyber criminals are able to exploit applications such as Microsoft Windows because the original code is so bug-ridden. These bugs are effectively holes, or mistakes in the code which hackers can utilise to attack a computer. Even now Microsoft issues regular monthly updates which are in reality repair ‘patches’ to shore-up gaps in their software.

Some reckon that if software companies are going to accuse computer users of running ‘bad’ computers, then they should do more to make their code more robust and less likely to exploitation from criminals.

Guest Article by Neil Camp