Posts Tagged: ‘java security flaw’

Scam of the day – February 26, 2013 – Microsoft hacked – what it means to you

February 25, 2013 Posted by Steven Weisman, Esq.

A few days ago, Microsoft announced that it, like Apple, Facebook, Twitter and hundreds of other prominent companies had been hacked.  The Microsoft hacking is still being investigated and it has not yet been determined if sensitive information was compromised or taken by the hackers, but the lesson is clear for us all.  You are only as secure from identity theft as the security of the weakest place that holds personal information about you.  In the Microsoft and other company hackings in recent days, it appears that, once again, it was a vulnerability in Java that was exploited by the hackers and since anti-virus security software is always playing catch-up when responding to the latest viruses created by the hackers and identity thieves, people should ask themselves whether or not they need to use Java software on their computer.  It has been estimated that half of the major computer hacking last year was done by exploiting vulnerabilities in Java.  It would appear that as soon as Java plugs a hole in their software, the hackers find another to exploit.

TIPS

You should consider whether or not you need Java software since it is such a target for hackers who may hack into your computer just as they have done with hundreds of businesses that use Java.  If you need Java, you should install the latest security patch.  Here is the link to information about both installing the latest Java security patch as well as information about deactivating Java from your computer.  http://www.us-cert.gov/cas/techalerts/TA13-051A.html

Here at scamicide, I will continue to promptly update you with the latest information about security patches you should use to make sure your computer is protected as well as possible.

You should also make sure that your Firewall is operating, use a complex password, maintain constantly updated security software and be prudent when downloading anything or clicking on a link as I have described in my book “50 Ways to Protect Your Identity in a Digital Age” because, as I have told you before, security software is only about 5% effective against the latest viruses.  It takes generally about a month before the software is updated.  Also, in order to limit your exposure to identity theft, limit the amount of information that you provide to companies and websites that store that information because if they are hacked, your security is compromised.

Scam of the day – February 21, 2013 – The threat to you of the recent hacking of hundreds of companies

February 21, 2013 Posted by Steven Weisman, Esq.

As I have been reporting to you, there have been a recent wave of serious hacking into companies such as Facebook and now Apple, that were long thought to be secure and safe from cyberattacks and these two companies are only two of the hundreds  that have been hacked.  Often companies do not publicize it when a hacking occurs. There is initial evidence that suggests that in the recent Facebook and Apple attacks, it may be the same people and the same vulnerability that is being exploited, namely a vunerability with Java software.  The Department of Homeland Security and many computer security experts are advising people to disable Java on their computers.  As I have told you previously, the computer security company Kaspersky Lab has indicated that Java software  security flaws were responsible for almost half of all cyber attacks in the world last year.  There are conflicting reports as to the source of these most recent hacking, some say Russia, some sayChina, but whoever it is,  the result is the same.  You and I are in danger.  There are plenty of criminals and foreign enemies who can get access to the technology necessary to hack into the computers of the companies and intrastructure of our country.  We are in grave danger.

TIPS

So what can you do?  President Obama spoke of the dangers of cyberwarfare in his State of the Union Address.  The President and Congress need to act now!  Email your Congressman and Senator and demand that they take action.  Their lack of action in the face of a problem of which they have been aware for a long time has made this problem worse.

As for you and I, as I have said before, our information is only as safe as the security of the weakest institution that holds it and we have seen that banks and other institutions are not secure.  Security begins at home so the first thing that you should do is to follow the security practices I describe in scamicide.com and in my book “50 Ways to Protect Your Identity in a Digital Age.”   Security software is important, but studies have shown it to be no more than 5% effective in protecting you from the latest viruses.  It generally takes about a month for the software security companies to catch up.  However, it is still important to have security software and make sure that it is current.   In addition, you need backup documentation in case records at your bank, brokerage house or any other place that holds your assets are hacked into and lost.  Copy them regularly to a thumb drive and keep the thumb drive in a secure place in your home.  You should also make paper copies on a regular basis of your bank accounts, brokerage accounts and all other financial accounts and keep them in a locked safe in your home.  Other personal documentation that you should copy and keep locked in a safe include birth certificates, Social Security cards, Deeds, Mortgages, credit card statements,insurance documents and evidence of all accounts that you may have.  This may seem a little over the top, but it really is necessary in case of a major cyberattack on this country.

Scam of the day – February 17, 2013 – Facebook hacked – the lesson for us all

February 17, 2013 Posted by Steven Weisman, Esq.

Facebook has announced that its internal computer network has been hacked in what it described as a “sophisticated attack.  According to Facebook, users of Facebook did not have their data compromised – this time.  As I have warned you over and over again, your security is only as good as the security of the weakest place that holds information about you, which is why it is important to limit the information held by companies and others with which you do business to the minimum that they need.  The hacking of Facebook occurred when a Facebook employee went to the website of an app developer with which Facebook does business.  The app developer had unwittingly been hacked through the use of the Java program and when the Facebook employee went to the website of the app developer, the computer virus was passed on to Facebook.  This might be particularly disturbing to some people because Facebook uses, and was using at the time of its security breach, the latest security software programs, which did not protect Facebook from the hacking.  As I have told you previously, unfortunately, the makers of computer security software are always behind the hackers.  It has been estimated that when a new virus is developed only about 5% of security software programs are effective at first.  Generally, the computer security software companies take about a month to catch up with the new viruses.

TIPS

There are a few lessons for us all from this security breach.  According to the computer security company, Kaspersky Lab, Java is a dangerous program constantly exploited by hackers.  According to Kaspersky, Java software was the culprit in about half of all cyber attacks in 2012.  On January 12, 2013 I passed on a warning from the Department of Homeland Security warning people to disable Java due to serious security threats.  Five days later on January 17th I provided you with a link to remedy for that particularly vulnerability.  However, problems with Java continue to occur and some computer security experts suggest that you disable Java and not use it in order  to protect yourself.  I will discuss this in more detail in future Scams of the Day.  The particular problem with Java that led to the hacking of Facebook has been fixed, but it is likely that Java will be attacked again.  Another tip that you must follow is to make sure that your computer security software is constantly updated.  I will provide you with particular warnings and updates, but you should make sure that your security software is always current.  People who do not do so are easy targets for identity thieves.