iPhone and iPod Touch 3.1.3: security patches

Posted by kent on February 4th, 2010

Apple has very quietly, almost too quietly, release a software update for the iPhone and iPod Touch. The 3.1.3 update was released on Tuesday, and seemed to be pretty inconsequential at first: a fix for the battery meter, some remedies for third-party app crashes, and something to do with Japanese keyboard layouts. Seemed like something I could do without for the moment. I rarely sync my phone, except when my music library starts to feel stale.

But buried below these minor fixes is another bit of info: The new version also patches five security holes. Three of these aren't likely to affect most users as they involve FTP servers or someone getting physical access to the device. Two of them are media exploits, however, one concerning images and one concerning sound. All the holes could leave iPhones and iPod Touches vulnerable to outside control.

So, if you haven't already, plug in your device, load up iTunes, and install the new software. And a note to Apple: Let us know it's a security patch; we're much more likely to update our devices over that, than a fix for the Japanese keyboard.

The New York Times ponders the plight of the Internet user

Posted by Caitlin on January 25th, 2010

In this day and age, even the Fashion & Style section of The New York Times is worried about Internet security issues. This weekend, the Times recounted the experiences of Allan Goldstein, a 60 year old college professor who uses the Internet, but does so a bit nervously. He worries that NYU's online system will crash, and that he'll lose his syllabus and grades. He uses online banking, but draws the line at automated payments.

A few years ago, Mr. Goldstein was a victim of a rather low-tech variety of identity theft: dumpster diving. Mr. Goldstein believes the thief or thieves found discarded receipts and bank statements in his building's trash before changing the address associated with his credit card. Mr. Goldstein responded to the situation by purchasing a shredder.

In December, Mr. Goldstein opened a new American Express credit card account, but the first time he logged in to check his balance, he found himself in a different account, one belonging to a woman in Florida. He could see her purchase history and all of her personal information. His first move was to call American Express's customer service department and explain that he'd "hacked into someone's private account by mistake."

After a month of being brushed off by six American Express customer representatives who seemed less than concerned about the issue, Mr. Goldstein contacted The New York Times, which finally got American Express's attention. It turned out, there was no hacking or security failure going on. Mr. Goldstein's user name and password were nearly identical to those of another customer, and he had typed his own information incorrectly, which led him to accidentally sign into her account.

Sadly, the incident shook Mr. Goldstein's already tenuous faith in the Internet to such a degree that he responded by moving his savings from an online savings account to a standard account with a lower interest rate.

Clearly, American Express should have responded to Mr. Goldstein's concerns more quickly. But while Mr. Goldstein's trepidation about Internet services is understandable, he would be far safer if he did his research. While shredding sensitive documents is a good move, it is not an adequate defense against identity theft. And if Mr. Goldstein's banking user name and password were nearly identical to those of another customer, it is likely that both were using a popular and weak password.

Instead of avoiding Internet services, learn to use them safely. Protect yourself from identity thieves by investing in an identity theft protection service, or at least a credit monitoring service. Use strong passwords, with a combination of upper and lowercase letters and numbers. Be sure to install Internet security software on your PC, and set it to update automatically. Don't be afraid of online savings accounts, which generally earn higher interest rates than standard accounts. And if you're nervous about losing files, invest in an online backup service.

The return of the Norton coupon: 20% off

Posted by kent on January 22nd, 2010

Norton has brought back its 20%-off discount coupon, bringing the price of its award-winning Internet security suite down to $55.99. Users just need to use the coupon SYMTOP20OFF at checkout.

We really liked Norton Internet Security 2010 when we tested it. And we're not the only ones. It has received top ratings from both AV-Comparatives and AV-Test.org, two independent testing organizations.

You can see what we thought by checking out our Internet security software reviews and comparisons.

Why can't privacy be protected on a public computer?

Posted by kent on January 21st, 2010

The following post in our Reader Question series is an actual user submitted question:

Q: I have a question becaue I have been using a public computer which i know isn't safe but I am wondering why your privacy cannot be protected.

A: There are two big reasons why public computers aren't secure and could be used to expose your personal information, but they both stem from the same thing: if a computer is public, anyone has access to it.

Public computers are physically open to hackers who can install keyloggers or other info-snooping software or hardware. There's just no way for the average user to defend against this. We can hope that the computer's owner has security software installed, but there's never a guarantee.

The other problem with public computers is one you can actually do something about: keeping your browsing private. Web browsers store your browsing history by default. If you've ever hit the "back" button on your browser, you know that it's possible to virtually go back in time and see pages you've already visited. Just look at your web browser's "History" tab and you'll see what we mean. Web browsers can also store cookies that tell certain websites that you've already logged in, allowing someone else to revisit a site as if they were you.

Now if you need to use a public computer, there are things you can do to help keep protect your privacy:

1) Always choose "Private Browsing" when possible. Both Firefox and Microsoft Internet Explorer allow you to select this option. Do this  before you start your web surfing (in Explorer this is found under the "Safety" menu, in Firefox it's under "Tools"). This will prevent the computer from remembering your cookies, temporary Internet files, history, and other data. When you're done, shut down the browser or close the browser window you were using.

2) Whenever possible, avoid sites that require you to enter any personal information such as credit card numbers, PINs, or passwords. Also, don't let it store any "auto-fill" data.

3) If you do decide to log in to a website, never let a website "remember" your login information.

4) Logged in? Make sure to log out. This will end your session and disallow anyone from going back into your account.

5) Clear the web browser's cookies, history, and cache when you're done. In Explorer, this is done using the "Delete Browsing History" function under the "Safety Tab"; in Firefox, look under the "Tools" menu for "Clear Recent History" and make sure to use the details sub menu and select everything. This is a little redundant if you're using the "Private Browsing" function, but it's not a bad habit to get into.

6) Watch out for people reading over your shoulder. Evesdropping is another risk of using a public computer. People or well-placed cameras can scope out your data, or watch the keys you type when you enter a password.

Ultimately, if you must use a public computer for your private browsing needs, you'll have to use your best judgment about how safe the computer is. If there's an administrator or other personnel responsible for the computers, ask them if there's Internet security software running.

Scams and malware are Haiti earthquake aftershocks

Posted by kent on January 14th, 2010

CBS News is reporting that scammers and cybercriminals have wasted no time in exploiting the earthquake in Haiti. People using Internet search engines to look for information on Haiti earthquake charities are being redirected to sites containing malware. And of course there are the dubious email appeals for donations:

The FBI issued a statement today warning donors to ignore spam emails asking for donations and encouraged skepticism if they are contacted by survivors asking for money. The FBI suggests donating to well-known organizations and avoiding giving out any personal or financial information.

The heartbreaking news out of Haiti is certainly motivating many to help, but charitable individuals should be cautious about where they direct their money. Those who do want to help are encouraged to verify the identities of the charities asking for money. The Foundation Center has a database that visitors can use to identify charitable organizations. The Charity Navigator is another good resource. According to CBS, those looking for a quick, safe, and convenient way to help can:

Text the word Haiti to 909-99 and $10.00 will be charged to your cell phone account. CBS News has confirmed this is a legitimate appeal and goes to the American Red Cross.

Chinese hackers target Google and Google users

Posted by Caitlin on January 13th, 2010

Yesterday, Google released information about a "highly sophisticated and targeted attack on [Google's] corporate infrastructure originating from China that resulted in the theft of intellectual property from Google." The attack also targeted at least twenty other large companies, and the hackers seem to have been specifically interested in accessing the Gmail accounts of Chinese human rights activists.

But perhaps even more disturbing than the Google breach is the discovery that third parties have routinely accessed the Gmail accounts of dozens of human rights advocates throughout the world, probably via a combination of phishing scams and malware.

Google has responded to the attack by enhancing its own security, and advises users to take action to secure their own accounts and PCs:

"We would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online."

If you could use some help protection yourself online, take a look at NextAdvisor.com's reviews and comparison of Internet security software. And since most hackers are after your financial data, you should also consider investing in identity theft protection.

How do I know my computer is infected?

Posted by kent on January 12th, 2010

The following post in our Reader Question series is an actual user submitted question.

Q: How do I know my computer is infected?

A: There are many signs that can point to a possible infection: slow PC performance, numerous unwanted pop-ups, virus notifications from software you never installed, or phantom emails sent from your computer without your notice. Or you could be experiencing none of these things and still have an infected PC. Successful viruses infect your computer without giving themselves away.

You can find out if your computer has a virus by using a free virus scan. There are free virus scanners offered by a number of vendors that we reviewed such as McAfee and Norton, among others (click any of the prior links to access the virus scanners). If you get a clean bill of health from one or more of these virus scanners, you can breathe a sigh of relief. When you're done doing that, go and get yourself some real protection with a well-rated Internet security software suite. Free virus scanners (from reputable companies, like the ones we review) are great for a quick diagnosis, but they won't proactively protect you from keyloggers, trojans, or other malware.

Data Breach Alert: Facebook application developer RockYou failed to protect data

Posted by Caitlin on January 11th, 2010

RockYou is a company that develops applications for Facebook, MySpace, and a number of other popular social networking websites. It's the second biggest application developer for Facebook after Zynga, which recently made headlines for its "scammy" offers. Last month, RockYou fell victim to an SQL injection attack, in which a hacker or hackers successfully accessed a database containing email addresses and passwords for over 30 million users. Last week, RockYou was hit with a class action lawsuit, alleging that RockYou "recklessly and knowingly failed to take even the most basic steps to protect its users' personally identifiable information by leaving data entirely unencrypted and available for any person with a basic set of hacking skills."

Login data for a social networking application may seem like a trivial data breach, but it becomes a more serious matter when one considers the frequency with which the same password is reused for several online accounts. If someone gets into your RockYou account, the consequences will probably be minimal, but that same stolen data could be used to access your personal email or online banking accounts.

We've said it before and we'll surely be compelled to say it many, many more times, but: don't use the same password for multiple online accounts! It's a terrible habit that compromises your security and identity. And think carefully about whether applications on Facebook and other social networking sites are really worth the risk of viruses and identity theft.

Be sure to install Internet security software, and set it to update automatically. And consider investing in identity theft protection.

Internet security predictions for 2010

Posted by kent on January 7th, 2010

Internet security software experts at McAfee are making some predictions for threats in the year 2010. McAfee expects that Windows exploits will become less common as hackers switch their interest to products made by Adobe. Apparently Windows has gotten a lot better, but also, according to the report: "Flash and (Acrobat) Reader are among the most widely deployed applications in the world, which provides a higher return on investment to cybercriminals."

McAfee also sees increasing attacks delivered via social networking sites, targeted emails, and ever-smarter banking trojans. But, they conclude, they "anticipate even more successes in the fight against all forms of cybercrime in 2010."

You can help fight cybercrime by keeping your software up-to-date. This includes both your Internet security software and applications and plugins like Flash and Acrobat Reader.

Norton 2010 Coupon: 20% off

Posted by kent on December 21st, 2009

Norton has launched a new coupon for its award-winning Internet Security 2010. The new coupon code, 20OFFCNEXT2010, will get you 20% off of Norton's already discounted price of 59.99. The final price comes in at $47.99. Norton has been racking up with wins in the Internet security world, scoring big in recent tests by AV-Test and AV-Comparatives.

The offer is valid through December 24th, 2010, so there's not much time to act on this offer. You can read our review of Norton Internet Security 2010 or, if you're ready, click here to purchase. Don't forget to enter coupon code "20OFFCNEXT2010" at checkout.