If you’re like me, you’ve already advised your family members against clicking on those emails from the bank that want you to confirm your security settings, which are about to expire or which need to be increased. While some of these emails are legitimate, it’s just easier to do this than it is to teach people to check the url the link is porting to. After all, if you let your mouse hover over this link to bankofamerica.com, you’ll find that it’s really just directed back to my site, which is hopefully considered nonthreatening. Now imagine that underlying link going to a site that’s really a spoof of the bank’s. You enter your id and your password and guess what? Nothing happens. Yet.
Well, there are other things to be concerned about. And most of the time you’re relatively safe. But sometimes, especially when you’re busy researching things out, you come across a link in a news thread that looks as if it could be informative. So you click on it. And it looks like dribble. But what you’ve secretly done is downloaded some cookie or installed some malware that is tracking and reporting all of your mouse clicks and keystrokes back to someone who wishes to do you harm.
Then there’s cross-site scripting where someone illegitimate has hacked into some legitimate guy’s site to install malware there. You happen to be on a trusted site, but they’ve secretly been compromised, which now leaves you compromised. Think these things can’t happen? Think again.
I recently had one of my customers let me know that their server was being used as part of a botnet attack on someone else’s domain. I took a look and sure enough, the server had been compromised. Of course this was easy to fix and measures were put in place to tighten things up. But you get the idea. He had been compromised. It could have been much worse.
There are things that you and I can do to protect ourselves. For example, we can use some common sense. I don’t view porn and I don’t download pirated software or music. That right there is a huge step forward in protecting myself. Furthermore, my systems tend to be Mac OS X or Linux. I don’t use Windows. That again is a great step forward since much malware is written to execute on Windows platforms. But there’s more.
Typically when I go perusing in parts unknown, I use an onion router. Ever watch a movie where the cops are trying to trace back a cyber criminal through various internet hops? Well, imagine going through hundreds and possibly thousands of hops. Well, you can if you’re using an onion router. To learn more about them, click on this link. If you’d like more info on them, drop me a note and I’ll either post more on the subject or answer you directly. Basically, an onion router isn’t just for allowing you to spy on sites while avoiding detection. It also keeps sites from tracking down what sites you frequent and when, etc. Basically, we all have certain routines. And the more your computing routines are predictable, the more likely you are to be compromised.
There are so many things that can be couched between links on sites that unless you’re browsing them in source code, you could be left fairly unaware. There’s a tool for Firefox that can help with some of these risks, on top of these other measures I’ve mentioned. Basically, by adding the noscript plugin, you can designate safe zones and non-safezones. And within each zone you can have various levels of protection against embedded scripts. Just don’t disable the statcounter script when you visit my site as I’d like to record the visit please. 🙂
Whatever you do, don’t let this post turn you into a cyber agoraphobic. That’s not my intention. I actually spent part of Christmas day in conversation with someone convinced the internet is evil, e-commerce is evil, and… well, you get the idea. They aren’t. But there are evil people as there are in all walks of life. So take a little precaution. Read up on what are valid threats. Make sure you apply security updates to your OS. Believe it or not, those companies you give your money to for your software, operating system, etc., typically have people dedicated to finding vulnerabilities and then patching them. And for goodness sake, if you see something that looks questionable, then question it. Either steer clear or ask someone more knowledgeable.