Your Daily Computer Security Tips

I just wrote a new article for you, on phishing and scareware. Everyone who surfs the Net should read it.

You can even post it to your Web site, or include it in your ezines and newsletters.

Hop on over here. Thanks.

I just wrote a new article on Identity Theft. I think you and your family and friends really need to read it. Please go take a look here:

http://EzineArticles.com/?id=2998505

Happy (and safe!) surfing.

Do you know where your kids are going online, and what they are searching for? Security company Symantec does. It has kept an eye on Web page visits using its parental control software. YouTube was at the top of the list, followed by the search engines Google and Yahoo. Social networking sites such as Facebook and MySpace came next.

However, also among the top ten searches were Sex and Porn. So monitor your teen’s wanderings and searches, or use parental control programs. If you have Vista, you already have what you need, built right in.

Here is a tidbit on another subject, namely a data breach. It seems that a 64-page list of names and Social Security Numbers was found, wait for it, under a jail mattress in a prisoner’s cell, in New Hampshire. I sure hope your info was not on that list!

The theft was found during a routine search. The list was supposed to be shredded at a warehouse across the street from the prison. How it ended up under that mattress is unknown.

What to do? As I have said many times, never give out your Social Security/Insurance Number to anyone unless absolutely necessary.

Last week I told you about that critical flaw in an Internet Explorer (IE) ActiveX control, and how Microsoft rushed out an emergency patch to fix it. Well, it seems the vulnerability was created by a simple typo. Someone at Microsoft inserted an extra ‘&’ in the wrong place in the code, and bingo, a king-sized bug was created in the browser, and possibly in Windows Media Player and other software as well.

Early in July, Microsoft issued a “kill-bit” to disable the offending ActiveX control. The kill-bit also went out to users in the regular update of July 14. However, the company now acknowledges that this solution was inadequate, and the bug persisted until the emergency patch for Internet Explorer became available last week.

Speaking of browsers, Firefox is now almost five years old. Mozilla, publisher of the open-source browser, says it has now been downloaded one billion times, if you count all versions.

Firefox is reputed to be easy to use, faster, safer and more flexible than other browsers such as, say, Internet Explorer. Not to mention all those extensions and plug-ins that will do almost anything. Firefox seems to have about 30% of the browser market, while IE has 60%. For those of you with long memories, do you remember 10 – 12 years ago when IE had about 96% of the market?!! Today we have a much healthier situation, I think.

Some 90% of us Windows users have the Adobe Flash Player installed on our computers. Flash adds animation and interactivity to sites, and lets you integrate video. But security company Secunia warns that the current versions are vulnerable to drive-by attacks from malicious and compromised web sites.

A drive-by download is an infection or attack on your computer that occurs just by visiting a bad Web site, without you having to do anything. You will usually be unaware of anything amiss, at least at first.

There have reportedly been hundreds, even thousands of attacks based on this zero-day flaw in Flash. A zero-day exploit is a new vulnerability, for which no patch yet exists.

Adobe has acknowledged that there is a critical bug in Flash, as well as in its Reader and Acrobat software. It promises to have a fix available by tomorrow, July 30. Adobe was first made aware of the problem all of seven months ago. This year, there have been flaws found in Reader in March, May and June. The company has also had problems with its download page, where its programs were not current or patched.

What to do? Until we get the fix, hopefully tomorrow, be careful where you surf and what sites you visit. Or you can go to the U.S. Computer Emergency Readiness Team (CERT) site for a possible temporary solution here:
http://www.us-cert.gov/cas/techalerts/TA09-204A.html