Friday, September 26, 2008

How to Protect Yourself from Web 2.0 Hackers

Introduction to Web 2.0
Web 2.0 is a living term describing changing trends in the use of World Wide Web technology and web design that aims to enhance creativity, information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web-based communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. The term became notable after the first O'Reilly Media Web 2.0 conference in 2004. Although the term suggests a new version of the World Wide Web, it does not refer to an update to any technical specifications, but to changes in the ways software developers and end-users utilize the Web.
According to Tim O'Reilly:
“Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as platform, and an attempt to understand the rules for success on that new platform.”

5 steps to Protect Yourself from Web 2.0 Hackers:
1. Run a security suite. It isn't good enough anymore to run merely antivirus. You need a software firewall, antispam, antiphishing, antispyware, anti-rootkit, host-based intrusion prevention solution. These will keep you from getting infected with the malware I try to push to your PC. We don't talk much about antispam, as if spam were just an annoyance.But if you don't read my phishing e-mails, then you'll never visit my fake site, run my buffer overflow exploit, and infect yourself with my malware.

2. Update signatures. I can change my attacks frequently, so you'd better download new signatures or your security suite won't recognize the new ones. Of course, I can stay ahead of signatures, which is why you need the firewall and HIPS.

3. Be street-smart on the Web. Trust no one. Don't share any more information publicly than you need to. And don't use anything you share as your password. If you write about your dog on Facebook and my app grabs his name, then you can bet I'm going to try all kinds of variations on Toto as your password on the common banking sites and PayPal—and, if I can
find it, your PC.

4. Use strong passwords. I hate when marks use strong passwords because it really slows me down. Make sure your password is more than six characters long, contains a mix of letters and numbers, and doesn't include a word that can be found in the dictionary.

5. Mix it up. Don't use the same password on every site. If you do, then once I crack one I have access to everything you do online. The same goes for your credit card and ATM card PIN.

6. Be cryptic. When possible, encrypt important data files at rest and in transit. That means clicking on the "Sign in securely" link, even though it's an extra click, and making sure that you see the little lock in your browser that means the site is using SSL to encrypt traffic. Read your application provider's EULA and find out who owns your data stored online (the answer may surprise you), how they isolate your data from other peoples' data (if they do), and the security measures they've enacted to protect you. A free app is nice, but isn't your identity worth more? Cancel services that won't encrypt your files and explain the other securitymeasures they take.
See you online... Cheers!!!

No comments: