Library bans social sites for PC security

The Lexington County Public Library is banning social-networking sites, but not for the reasons most people would probably come up with. "The primary reason for the decision was research that shows social-networking sites can make computer systems vulnerable to viruses," reports The State in Columbia, S.C. "The sites are becoming prime targets for malicious hackers," it cites network security experts as saying. "The library hasn’t encountered such problems, but library officials said they want to be proactive." This is another reminder of how important it is for home-based social networkers to be careful about what links they click on in comments, bulletins, etc., and about logging in more than once (some malicious hackers create fake log-in screens that grab user names and passwords).

Adding strangers as 'friends'

A new study found that Facebook users may need to take their personal privacy more seriously - also that there seems to be some confusion about who is and isn't a friend there. It doesn't appear to have been that scientific a study, but the methodology is interesting: IT security firm Sophos "created a fake Facebook profile, under the name 'Freddi Staur' ('ID Fraudster' with the letters rearranged), and randomly requested 200 members to be friends with 'Freddi'," CNET reports. "Out of those 200, 87 accepted the friend request and 82 of those gave 'Freddi' access to 'personal information' such as e-mail addresses, dates of birth, addresses and phone numbers, and school or work data. Presumably, the other five had restricted 'Freddi' to limited profile access, which many users select for bosses, parents, or people they don't know in real life." Sophos says that, although it's unlikely this behavior will result in theft, this is the kind of fuel phishers seek for their social engineering (manipulation). BTW, I admit to a bit of that friending confusion - I have a Facebook profile and get friend requests all the time from people I don't know personally, and I confess to feeling kind of mean and unfriendly if I ignore them. If an online-safety advocate feels that way….

FBI fights 'zombies'

The FBI says people have their cars inspected once a year, they should have their PCs inspected regularly too. It’s talking up the problem of “botnets,” or “zombie networks,” the Associated Press reports – networks of infected computers, very often family PCs, that are controlled by the malicious hackers who infected them. “Because the hacker has complete control of each ‘bot’ computer, the botnet can be used to launch denial-of-service attacks, send spam email, steal account login information or run any program.” The federal agency is publicizing some high-profile arrests it has made of botnet jocks, including one of the “world’s top spammers,” based in Seattle, who kept distributing spam even after Microsoft won a $7 million lawsuit against him in 2005, and a guy in Texas who infected “more than 10,000 computers globally, including two Chicago-area hospitals” (delaying medical sevices). People, keep those PCs patched and protected with firewalls and anti-virus software!

New phishing trick

Yet another indicator that we can never rely on technology alone to protect computers or kids. In this case, it’s a sneaky phishing scam to grab Net users’ social security and credit card numbers, among other sensitive info. The Register says it’s “able to spoof eBay, PayPal and other top Web destinations without triggering antiphishing filters in IE 7 or Norton 360.” It got this from a Londoner who “says he's been careful to practice good PC hygiene. He runs Norton 360 and uses the latest IE version, which Microsoft has taken pains to lock down with a variety of safety features, including one that alerts users when they visit many spoofed sites. He's also careful to examine the certificates that accompany financial sites he visits before logging in to them.” So this one surprised him. The Register heard from a security expert who “guesses those experiencing this attack have inadvertently installed an html injector. That means the victims' browsers are, in fact, visiting the PayPal website or other intended URL, but that a dll file that attaches itself to IE is managing to read and modify the html while in transit.” It helps to be a good speller and grammarian, because typos and bad grammar are frequent giveaways in phishers’ emails that otherwise look like Paypal or your bank.