Internet Explorer 9 to get tracking protection

Microsoft this morning detailed changes to Internet Explorer 9's security features that will better enable users to keep sites from tracking their activity across browsing sessions.

The feature, which is set to arrive in the first release candidate of IE9 early next year, uses a list to tell the browser which third-party page elements sites can and cannot be blocked from tracking. This includes elements ranging from advertisements to more mundane things like embedded widgets from particular providers.

On Microsoft's IE blog, Dean Hachamovitch, head of Internet Explorer development, explained how it works:

A Tracking Protection List (TPL) contains Web addresses (like msdn.com) that the browser will visit (or "call") only if the consumer visits them directly by clicking on a link or typing their address. By limiting the calls to these Web sites and resources from other Web pages, the TPL limits the information these other sites can collect.

You can look at this as a translation of the "Do Not Call" list from the telephone to the browser and web. It complements many of the other approaches being discussed for browser controls of Do Not Track.

In a Webcast announcing the feature, Hachamovitch said most users have "little awareness of who can track their activity," and that the feature stemmed from that. Hachamovitch also attributed the creation of the feature to the company's more open approach to developing features for IE9.

Microsoft's tracking protection tool gives users control over which site elements can track your activity during a browsing session. Green ones in this shot can, while the red cannot.

(Credit: Screenshot by Josh Lowensohn/CNET)

Microsoft is letting users and third-parties alike author protection lists and host them on their sites. Users can then download them to their browser. Microsoft has also created lists to resemble what Hachamovitch likened to an RSS feed, so that if additional sites are added or removed, it can be updated without the user having to seek out, or manually update.

Hachamovitch said tracking protection will not replace InPrivate filtering, a feature Microsoft added to IE in version 8. Instead, Hachamovitch referred to it as complementary, given that InPrivate filtering uses algorithms to control tracking, along with not persisting from session to session. Tracking protection, on the other hand, will remain on once a user turns it on.

Microsoft says tracking protection will not be on by default when it arrives next year. Users will need to opt-in to enable it, as well as seek out lists of sites, which will not ship with the browser once it's released.

So far, Microsoft's IE9 beta has been downloaded in excess of 15 million times since its release back in September.

.............................................................................................................

Want to read about 'Wiki-leaks armors itself to survive cyber attacks' then just click here! 

Profile viewer, Facebook hit by yet another scam

Another day, another scam. Facebook users got hit with yet another scam which claims to show users who have previewed their profile. The scam got visible on the Facebook page in form of an App, claiming to show users their profile viewers while the scam gets an access to your profile.

Millions of users have already accessed the App, in order to keep a check. Opening the Facebook page to check on the News Feed, my eyes paused on a link which seemed kind of appealing while on the same view of looking towards it as something fishy.

The message with a link post, read:

OMG OMG OMG…I cant believe this actually works! Now you really can see who viewed your profile!

For those users who have accessed this App for some reason or the other, you need to get things straight before your profile is used as a worm. Follow the steps to remove the scam from your Facebook account:

Step 1: Login your Facebook Account

Step 2: Go to your Privacy Settings

Step 3: Look for the App in the Applications and Websites section

Step 4: Delete the App and Change your password immediately

Some interesting tips and ticks - useful for all

to add password to files & folders

>right click

>compressed folder

>paste the file in that folder

>right click add password

To do when ur mobile got watered

>remove battery, sin, memory card

>use vaccum cleaner in sucksion mode

>keep in rice container 

load Ur folders faster

>tool

>folder option

>view

>Automatically search for network folders and printers

>don’t cache thumbnails

>go to

>www.findserialnumber.com

>www.serials.ws
or
> Google it or search it on You tube 

Remove thumb.db file frm folders

follow these steps

>tool

>folder option

>view

>files & folder

>do not cache thumbnail

DONE.

Lock your CD-ROM

Follow these steps


-Goto run
- type regedit
- find(ctrl+F)
- then type 'allocatecdrom'
- change the value 1 to 0
- to normal then type 1 to 0

Follow these steps

• Press Start button 
• Go to Control Panel 
• Go to Regional & Language Options
• Go to Customize
• Change Time AM & PM with u r NAME

10 Fast and Free Security Enhancements

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly, have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate and ZoneAlarm offer free versions.



3. Install a free spyware blocker like SpyBot Search & Destroy. SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay, tryGrisoft AVG Free Edition. And doublecheck your AV with the free, online-only scanners available at Panda and Trend Micro Devices

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at Security Supersite, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."

Source: PC Magazine

NOD32 AntiVirus 4.2.67

ESET NOD32 Antivirus is the most effective protection you can find to combat today's huge volumes of Internet and email threats. It provides comprehensive antivirus and antispyware protection without affecting your computer's performance.

Using advanced ThreatSense® technology, ESET NOD32 Antivirus proactively protects you from new attacks, even during the critical first hours when other vendors' products aren't aware the attack even exists. ESET NOD32 Antivirus detects and disables both known and unknown viruses, trojans, worms, adware, spyware, rootkits and other Internet threats.

ESET NOD32 Antivirus is also one of the fastest antivirus solutions, so fast you won't even notice it running. And it's both incredibly easy to use yet simple to tailor for your specific needs.

Key Benefits:

• Protection from the Unknown
• Finds Malware Other AV Companies Missed
• Built for Speed
• Easy on Your System
• Easy on You

Firewall and its work

Firewalls are an important part of internet security. They guard systems and networks from hack attempts and other malicious unauthorized activity. But how do you the work? To understand this it is important that you understand some basics on how the internet works and how ‘packets’ move around from network to network. Let’s examine this in a bit more detail.What is a packet? – Simply put a packet is a small collection of data that is sent from one system to another. If a machine wanted to send a one megabyte file to a server it would not be practical in most cases to send it all in one go, so what happens is this data is then split up into packets. These packets are then sent individually, the advantage here is that if one packet fails to send it can easily be resent without needing the rest of the data to also be resent. A packet contains important information to ensure that it arrives where it should do. The most important parts being – the source address, destination address, source port and destination port.

What is a port? – Every single piece of data sent across the internet needs to have a source port and destination port. The source port is generated automatically in most cases by the operating system and is a simple way for your computer to differentiate between two lots of data. For example – let’s say you’re browsing the web and sending email at the same time. When a response comes back to say your email has sent how does the operating system know that this packet is destined for your email client? With the source port of course! Your computer will setup a virtual port for your email client (let’s say 1024) and then when you start browsing the web it will setup another port for this (let’s say 1025)

The destination port is more important, it tells the receiving host what service the packet is meant for. All the common services on the internet (http, email, ftp, telnet) have their own standard ports. Here is a list of some of the common ones:

• Http (Web) : 80
• Sending Email (SMTP) : 25
• Receiving Email (Pop) : 110
• FTP : 21
• Telnet : 23

So when a server receives a packet with the destination port of 80, it knows that this is a web request and it hands the packet to its web service program (IIS or Apache for example).

Now that you know about packets and ports it will be easier to understand how a firewall works.

The basic job of a firewall – A firewall can be either hardware or software, essentially they serve the same purpose, a hardware firewall would physically sit in between your local network and wide area network. A software firewall would sit on a client machine and therefore would only be able to protect that machine it resides on.

A software firewall sits low in the operating system and integrates with the network handler, by doing this it can ‘intercept’ every single packet that goes in and out of your machine. A firewall will usually come with a default set of rules that it must adhere to. These rules will determine what packets a firewall will allow in and out. Typically a firewall might be set to only allow outgoing traffic on certain ports. By doing this only traffic destined for the allowed services would be allowed out. So if a rogue program made its way on your machine and attempted to ‘call home’ on a different port to the ones in your allowed list, it would be blocked.

Whilst this is all good and well, what would happen if this rogue program called home on an allowed port, like port 80? Well the firewall would let it through of course and we don’t want this. This is why many firewall programs will generate rules based on the process name. For example it would allow iexplore.exe to communicate out on port 80, but any other program communicating out would need permission.

Analyzing incoming traffic is probably the biggest job for the firewall, every packet must be examined to see what program it is destined for and whether it should be allowed. Again, most software firewalls will have a list of rules of what to allow and what not to. If a packet comes in destined for a port that is not being used then it will be dropped and logged. The set of rules that a user can customize for a firewall will only offer so much protection, this is why many firewalls will use heuristics to determine if a hack attempt is being made. Many hack attempts will follow patterns that the firewall will determine and be able to establish as a hack attempt. A common example is port scanning – when incoming requests for ports are flying in fast the firewall will usually know that this is a port scan attempt and will then drop all packets from the source host for the next ten minutes.

This kind of pattern detection is what makes a firewall effective at its job. Fixed rules are only effective to a point, if a firewall is challenged with an attack that it doesn’t know about it must be able to detect it and stop it.

So in summary; a firewall is used to analyze every packet coming in and out of an interface and determine whether it should be allowed, packets that are not allowed are blocked. To determine whether a packet is allowed a firewall will follow a set of rules that can be customized by the administrator. Many firewalls also use heuristic detections to stop hack attempts that follow common patterns.

Courtesy: Computing Help

How do I password protect a PDF file ?

Here is the Answer :

When sending any sensitive data through e-mail, including PDF files, make sure to password protect or encrypt that information. Although this can be done in Adobe Acrobat, below are steps on how to create a password protected PDF that prompts for a password without having to purchase a program.

1. Download and install PrimoPDF, a free PDF creator.
2. Open the document or picture you wish to create password protected PDF for.
3. Print the file. In the print wizard change the printer name from your printer to "PrimoPDF" and click Ok to start the PDF creation process.
4. In PrimoPDF as shown in the below picture, select the quality of file, we suggest either "Print" or "Prepress" and then click the Change button for PDF Security.
5. In the Password Security window check the box for "Require a password to open the document" and enter the password you wish to use and click Ok.
6. Finally, click the Create PDF button to create the password protected PDF.

How to Protect an Email Account from being Hacked

Here we will mention some most popular ways used to hack email accounts and the solution for such hacking techniques. I would say its always a very easy task to protect your email account as most of the companies already have maximum security enabled at the server end. There are only some precautions you need to take while using your email for protection.

WEBSITE SPOOFING : Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL. The solution is that..

• Never try to login/access your email account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site.

USING KEY LOGGERS OR TROJANS : Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.

To keep your system from Trojans is to have an antivirus program that is being regularly updated. Here is our selection of best antiviruses for Windows 7.

ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes?  Then definitely you are under the risk of loosing your password.In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

Protecting your privacy while using bittorrent!

Torrent these days is one of the most loved platform for downloading files, mostly cracked one. With piracy arrives the risk of protecting your privacy. Here we will explain you how to protect your privacy while using bittorrent, one of the famous torrent clients out there. Viruses and other forms of malware are the most basic of threats.  The files you download are foreign and you should treat them as such; scan them promptly after downloading them.  Most major anti-virus programs have the ability to add folders for auto-scanning, which is probably the ideal solution if you either don’t have time or don’t want to waste effort doing things manually.

Encryption

One way to help alleviate these problems is to enable encryption for your connections.  This prevents the data sent between two peers from being understood by onlookers, although it doesn’t prevent them from seeing their IP addresses or certain details from the tracker, such as amount of data transferred.

This is not a perfect solution, however.  Encryption has to be supported by your peers as well, and they may not have their clients set to use it.  Some trackers don’t even allow encryption, but if yours does, it’s not a bad idea to enable preferring encrypted connections, but allowing unencrypted transfers if none are present.

Enable Encryption in uTorrent

Open uTorrent, go to Options > Preferences, and then click where it says BitTorrent on the left. Under where it says “Protocol Encryption,” choose Enabled and click on Allow incoming legacy connections.  This will allow outbound encryption but still accept non-encrypted connections when there are no encrypted connections available.

IP Blockers

Another thing you can do is use an IP blocker.  These programs run alongside an existing firewall (you DO have a firewall, don’t you?) and your BitTorrent client and they filter out IP addresses based on blocklists.  Blocklists compound ranges of IPs that contain known problems, such as monitoring and bad packet transfer.  How well they work is up for debate, and there is no consensus on whether they do anything at all.  Websites and trackers that are fine sometimes get blocked, and you have to manually allow them.

If you’re a cautious person, however, it’s not a bad idea to run an IP blocker just in case.  The most well-known ones are PeerBlock for Windows and Moblock for Linux, and Transmission for both Mac and Linux has the ability to use a blocklist.  PeerBlock, once installed, allows you to download and update blocklists and automatically starts to block IP addresses.

Install and Configure PeerBlock on Windows

Download PeerBlock from their website.  The beta is pretty stable and provides the most useful features, and is compatible with Windows XP, Vista, and 7 (all versions).

Hijack Facebook, Twitter accounts with Firesheep, How to Secure against it

Have you ever imagined how is it is to hack someones Facebook, Twitter, Live accounts with a single click? Yes! Now its possible with Firesheep an extension for Firefox which helps you to hijack an open Wi-Fi connection.

Firesheep is a work of  Eric Butler who made the proof oc concept public after after presenting at a Security event. The purpose of the experiment was to showcase the security risks associated with session hijacking, aka sidejacking.

So what all can be hacked with Firesheep? Nearly  26 online services, which includes all popular online services: Amazon, Facebook, Foursquare, Google, The New York Times, Twitter, Windows Live,WordPress and Yahoo.

The extension is so flexible that it can be customized to allow a hacker to target other Websites not listed by Firesheep. While Firesheep sounds scary, its not as scary as it may sound first. Even though the extension is downlaoded more than 100,000 times, there’s nothing to be scared of.

Install WinPcap on windows (Mac Os doesn’t need this) and get the Firesheep extension and then open it up by clicking on View>Sidebars>Firesheep. Click the button that says “Start Capturing.” Once you click the button, it starts snooping. Then onwards all sessions that are captured are automatically displayed.

How to Bypass Firesheep Hijacks?

1. If you feel your account has been compromised, immidiately logout. As soon as you do that, hijacked cookie becomes invalid, and no longer can be mis-used.
2. Use A VPN: Try using a Virtual Private Network client such as the free version of HotSpot Shield. This piece of software basically creates a secure tunnel for your data that runs between the Wi-Fi router and your computer.
3. USe HTTPS Everywhere: If you’re a Firefox user you can also use extensions such as HTTPS Everywhere built by the Electronic Frontier Foundation. This extension forces certain Websites to use a secure SSL connection for your entire browsing session instead of just the login.
4. Use Strict Transport Security (STS): Strict Transport Security (STS) is a relatively new security feature that is starting to appear in some browsers. STS automatically forces your browser to make a secure connection with every Web page that supports SSL encryption. Once you start using STS, you will not be able to use an insecure connection ever again when connecting to a specific site such as Facebook or Amazon. Chrome has supported STS since Chrome 4, and Firefox 4 will include STS when the official version launches in the coming months.
5. Encrypt your home/office network:  Use the strongest possible encryption on your Home and office Wifi connections.  WPA2 is much better than WEP.

Share and Enjoy:

Beware of this fake MS Security Essentials !

 

Its a fact that Microsoft Security Essentials is great free tool for defending viruses. However, there is a rogue security product out there which wrongfully claims to be “Microsoft Security Essentials”, and has absolutely nothing to do with Microsoft.

This malware is distributed via drive-by-download attacks by the names hotfix.exe or mstsc.exe (md5: 0a2582f71b1aab672ada496074f9ce46). After installing this fake malware it points to another link which is supposed to cure the infection, but this link also leads to a fake malware.

So, beware of this fake Microsoft Security Essentials tool which will try to scare you into purchasing a product you don’t need. Don’t fall for it. I can’t wait to see how long it takes for Microsoft to track down and sue those behind this rogueware.