Dangers of Social Media Networking Part 3

Linked Out. When one door closes another opens. This tried and true adage has never rung more true than with social networking. Attackers frustrated by their inability to enter corporate networks because of sophisticated controls, now have a whole new point of entry with LinkedIn, which allows them to access personal professional information and spoof employee profiles.

Plus, it's no secret that attackers follow the money. This networking site aimed at professionals also opens up a whole new attack vector for organized crime intending to pilfer intellectual property and corporate information, as well as the typical credit cards and social security numbers used in identity theft.

All About The Money. Reflecting current cyber crime trends, experts say that attacks on social networking sites will increasingly become more financially driven.And will wreak havoc on users' bank accounts as these attacks become more complex and organized. This also means that sites like Facebook -- which touts a more professional, white-collar user base, as well as professional networking sites like LinkedIn, will increasingly become targets for organized crime.

Having all of your information on a site that isn't controlled by users and whose security practices aren't paramount, isn't always the best deal. While experts say that they can't predict the future, it's likely that social networking sites like MySpace and Facebook will start taking more responsibility regarding their security practices -- especially if users significantly change their behavior or avoid logging on altogether.
Special thanks to : Channel Web, http://www.crn.com

Author Chris Kaminski is head web designer at Lone Bird Studio, an Asheville web design and SEO company located in North Carolina.

Dangers of Social Media Networking Part 2

Last week I started this series to introduce you to the dangers of social networking. I was not ready for the response. Yes I know we all use them and yes I know they are necessary for business, just be aware of the dangers. Use these services but think before you type and use them safely. So, now let’s continue.

It's A Worm. It's social networking at its finest.

Experts say social networking users can expect more threats to travel virally. Experts say that other rapid, self-replicating viruses will likely be more malicious, designed to steal or delete users' personal information like date of birth and passwords. That data can then be sold in numerous black market economies or used to acquire credit card and bank information. Often the same login credentials used on Facebook and MySpace are also used to access banking and other sensitive accounts.

'Poking' Holes in XXS Flaws.

In a recent attack, millions of Facebook users were left exposed to a cross site scripting vulnerability affecting the user interface of the site's Job page. Among other things, the vulnerability gave the attackers the ability to install malicious software as well as trick users into handing over their credentials through fake logins. The takeaway is that the same threats plaguing Web 2.0 are amplified on social networking sites. Why? Because these sites rely on the prolific and rapid spread of information between users.

Flash Attacks. It's the beauty of Web 2.0.

There are more attacks on Flash now than ever before. Applications such as Adobe Air and Microsoft Silverlight, which allow the browser to be used in a more effective way, also increase the attack surface.

Naturally, the prolific use of Flash is one of the evolutions that make Facebook and MySpace so lucrative to attackers. As anyone with a profile knows, these technologies are extremely pervasive, as well as fun, when doing social networking. Unfortunately, a recent exploit in Adobe Flash has become a huge security threat.

Experts say that so far hundreds of thousands of Websites have been compromised, including thousands of networking site pages, as the result of the Flash exploit loose in the wild.Next week, part three. Special thanks to Channel Web, http://www.crn.com.

Author Chris Kaminski is head web designer at Lone Bird Studio, an Asheville web design and SEO company located in North Carolina.

Dangers of Social Media Networking

Social media networking is very powerful and very effective, of that there is no doubt. But as I have showed you before, like everything else with the Internet, there are two sides to everything. Social networking is a curvy road and you need to beware of the blind spots. To that end, this is the first of a three part series to make you aware. And I would like to thank Channel Web, http://www.crn.com, who provided the original story.

MySpace. Facebook. LinkedIn. Orkut. Who doesn't have a profile on at least one of these sites these days? The explosion of social networking has reinvented communication as we know it, creating new opportunities to develop friendships, romances and business contacts all over the world -- a fact which has not gone unnoticed by the malware authors and organized crime.

Here's a look at some of the things experts say we can expect to see more of in the world of Web 2.0 social networking.

Spam, Spam and More Spam. Spammers that are getting the door slammed in their faces with e-mail spam filters now have found new ways to access users with social networking sites, especially in the workplace. Experts say that spam is more profitable than ever.

Third Party Threats. It’s no secret that as applications acquire more functionality, the more susceptible they are to security threats. As social networking sites encourage users to build add-ons for their network, users will be opening themselves up to exploits from vulnerabilities in third-party applications.

Surprise, You've Got Spyware. Perhaps nothing is more ironic than pesky banner ads claiming that your site is hosting every kind of virus known to man and then offering to clean it up -- for a small fee of course. As more social networking users increasingly fear malware on their computers, they become bigger targets for these kinds of pop-up adware, tricking them to download fake anti-virus cleaners which are benign at best and destructive at worst.
Next week in part two we cover Worms, Flash, Phishing, holes in XXS and more.

Author Chris Kaminski is head web designer at Lone Bird Studio, an Asheville web design and SEO company located in North Carolina.

Please Don't Download

This week I had planned to continue with my series on online business. But, I had to stop to tell you this, stop downloading all that garbage off the net!
What I am talking about are all those little maintenance programs that promise to clean out the spyware or improve system performance.

You know, System this and Registry that or Spyware this or Destroy that (usually your machine). I know you have all seen them. They make claims about how great they are and what a wonderful job they do. Don’t believe it. Just because they say so does not make it true.

Now don’t get me wrong, there are good programs out there. But for the most part, even the ones with good intention just don’t deliver or conflict with other software on the system. They are not written well, properly tested or rushed to market. There are many malicious ones out there too that disguise themselves as system software but also as little devices to bring you weather or news.

These usually hide marketing and tracking software that compete for your internet connection. I had several come through the shop this week. That is why I write this article. One system to come in had downloaded a Spyware blocker. All it did was slow his system to a crawl. A major loss of system performance is a sure sign you got a bad one. Fortunately, we removed it without much trouble.

Another computer came in with a “Registry Cleaner”. After he installed and ran it the system developed a boot issue. The system was looking for a file no longer there. So what does he do? Download another to fix it! So please don't download unless you know what you are downloading and can be assured that it is a program that won't hurt your computer.

Ways to avoid identity theft

Identity theft has been the fasted growing crime for years now. In fact some studies say one happens every 3 seconds. How do they get this information? Surprisingly, not from you. Most are the result of data theft, thousands of records taken from a retail store for example.
What can you do? Nothing really. Something like that is out of your control. But, you can keep an eye on your credit and be notified if someone uses it. All three credit agencies are required to offer a free monitoring service.
To sign up is easy and free. First contact one of the main three reporting agencies (www.equifax.com, www.experian.com, www.transunion.com) and sign up for their Fraud Alert program. They will have paid offerings but the free one is what we are after.
Once you join several things will happen. First, the company you joined is required to also notify the remaining two agencies so all three will be watching. Second, while signing up, select to opt-out of un-solicited offers. This prevents random credit checks and will end those annoying credit offers.
Third and most important, you will be notified of any suspicious credit activity. If you don’t receive any alerts (a good thing) you will at least get a monthly report.
Now there is a catch, a free account is good only for 90 days so you will have to renew, but hey, it’s free.
There you have it. This is what companies on TV are charging you for. But, for a few minutes of your time you can do it yourself and save the money. I still wouldn’t put my Social Security number on the side of a truck though.

By Chris Kaminski
Lone Bird Studio Ltd.
Lone Bird Studio Ltd. is a web design and seo company in Asheville,NC

Use Firewalls for Internet Safety

If you surf online then you know, hopefully, that you need a firewall between you and the outside world. And to be properly protected you should have two, one software and one hardware. This is especially true if you have an ‘Always On” connection like Cable or DSL. With this type of connection, if your computer is turned on then you are online.

An example of software would be ‘Windows Firewall’ which comes with it. An example of a hardware solution could be a router.
Why do you need two? Software on this side of a hardware firewall is mostly to block out going traffic like those Google tool bars you people love so much. The hardware blocks things from getting in.

The hardware firewall isolates your internal IP (Internet Protocol) address. There are special “Firewall Devices” you can purchase but the easiest and least expensive is to get a store bought router. Common brands for example are Linksys or D-Link.

Now here is an important note BEFORE you run out and buy one. Check your Cable/DSL modem. Many of these provide the router function. If it does you already have this level of protection. A quick way to check is to look at your machines IP address. To do this: Start / Run / type CMD in the box and hit OK. When the DOS window opens type “ipconfig /all” (no quotes) at the flashing prompt. If the first three numbers are 192 chances are good that you have a router.

How does a router protect you? They use a protocol called NAT (Network Address Translation). Simply it hides your computer IP address behind the IP address assigned to the router by the service provider. It does this by creating a small network between the computer and the router that is separate from what the outside world sees.

I hope this clears up some of the confusion surrounding firewalls. You should use two. A router is a good choice (even if you only have one computer). You also have the option to add wireless when you purchase a router but that is another article.

Author Chris Kaminski is head web designer at Lone Bird Studio, an Asheville web design and SEO company located in North Carolina.

Avoid Internet Investment Scams

Where the Frauds Are. The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Tens of thousands of people can be reached by building a web site, posting a message on a bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails. It's easy for scammers to make their messages look real and credible. But it's nearly impossible for investors to tell the difference between fact and fiction.

Online Investment Newsletters. Hundreds of online investment newsletters have appeared on the Internet in recent years. While legitimate newsletters can help investors gather valuable information, some are just tools for fraud.

Companies pay the people who write online newsletters cash or securities to "tout" or recommend their stocks. While this isn't illegal, the federal securities laws require the newsletters to disclose who paid them, but many scammers fail to do so.
Some newsletters falsely claim to independently research the stocks. Others spread false information or promote worthless stocks. The most notorious sometimes "scalp" the stocks they hype, driving up the price of the stock and then selling their own holdings at high prices and high profits.

Online Bulletin Boards. Whether it is newsgroups, usenet, or web-based bulletin boards they have become a popular forum for investors sharing information. While some may be true, many turn out to be false – or even scams. Scammers will pump up a company or pretend to reveal "inside" information.

E-mail Spams. Because "spam" is so cheap and easy to create, scammers increasingly use it to find investors for bogus investments or to spread false information about a company. Spam allows the unscrupulous to target many more potential investors than cold calling or mass mailing. Using a bulk e-mail program, spammers can send personalized messages to thousands and even millions of Internet users at a time.

How to Use the Internet to Invest Wisely. If you want to invest wisely and steer clear of frauds, you must get the facts. Never, ever, make an investment based solely on what you read in an online newsletter or bulletin board posting. Do your homework, 1 - Get financial statements from the company. 2 - Verify the claims. 3 - Call suppliers or customers of the company. 4 -

Check out the people running the company. Good ‘ole Google.
Bottom line, don’t believe everything you read. Being on the Internet does not make it true and there are many out there who would love to part you from your money.

Author Chris Kaminski is head web designer at Lone Bird Studio, an Asheville web design and SEO company located in North Carolina.