ATM fraud continues to grow. Take a close look at that ATM machine before you feed it your card. This bank in Texas lost $200,000 to this scam.

Here is a social-networking risk you may not have considered. Hackers may attack your friends if you have access to sensitive data and visit social networking sites.

If you are a Chrome user, make sure you are up to date.

Have I mentioned the importance of keeping browser add-ons up to date? Here is an article about the exploit packs that can be purchased and installed on compromised websites. These exploit packs send barrage of attempted exploits at your browser. If one does not work, the nest one may. It is effective - many of these vulnerabilities have long-since been fixed, but there will always be some folks who are not up to date.

100% accurate spam filtering? Well, for the time being, anyway - turning the spammers dirty tricks against them.

Who pays when a bank account is compromised? There are a number of pending cases in which the account holder has filed suit against the bank for not maintaining adequate security, but this Texas bank has preemptively sued the account holder.

Dennis H in West Virginia, US

January 27, 2010

This article is the first in a four-part series about safe computing on public networks.

This first article lists some basic precautions you can take. Parts two and three are about using SSL and VPNs to secure your communications, and part four will list some computer settings that you should change when using public networks.

When using a laptop on an insecure network, such as a public hot spot or a hotel network, others may be able to eavesdrop on your communications, especially when you connect wirelessly. You need to take some precautions to guard against attacks such as “shoulder surfing”, wireless “traffic sniffing”, and rogue access points.

Here are some basic precautions:

1) First and foremost, don’t use public networks for secure communications if you can avoid it. Do you really need to do your banking, trade stocks, or check your credit card balances from a public network? If you really do, you should use a VPN to connect to a secure network and access the internet from there.

2) Don’t store ANY sensitive data on your laptop that does not ABSOLUTELY need to be there. Instead, store it on a computer that is more secure and protected at home or at the office and access it through a VPN. Think about it – most of the sensitive data that is on laptops does not need to be there!

3) If you do not need to connect wirelessly to access the internet, TURN THE WIRELESS OFF. Almost all laptops have an easy way to do this – know how to do it on your laptop.

4) Pay attention to your physical surroundings, your position, and who is (or could be) watching. Don’t overlook the low-tech approach to stealing passwords – shoulder-surfing. A small concealed camera with a zoom lens can record keystrokes just as efficiently as a key-logger. Position yourself so that others do not have a clear view of your keyboard or screen. Use your body to shield the keyboard from view in public areas.
Dennis H - August 19, 2008

With identity theft surpassing drug trafficking as the number one crime in the US (I don't suppose it is much different in Canada or elsewhere), clients need all the help they can get in protecting themselves. Although the information necessary to steal an identity may be obtained through phishing or other computer-based attacks, there are low-risk, low-tech attacks that even the most unsophisticated criminals can employ.

Sifting through personal garbage, otherwise known as "dumpster diving", is not even a crime in many places. According to the US Justice Department, this is the second most common way of obtaining the information used in identity theft. Again, I have to assume that things are not much different in Canada, Australia, the UK, South Africa, or anywhere else.

When assessing clients' security practices, don't forget to account for the "hard copies". Sensitive documents are printed, filed, placed in hoppers on desks, and left in insecure locations. So-called "junk mail" often contains personal information. All those credit card offers that come with some of the information already filled in are treasures for thieves.

Fax machines are another concern. If sensitive faxes automatically print to a location that is not secure, anyone can read them. The same applies to shared printers.

Paper shredders are low-tech, but one of the most important security tools available. As with anything, the secure way must also be the easy way. If people have to walk five steps further to shred a document, there it a good chance it will end up in the trash.

Sometimes we focus on the technical solutions because, well, technology is what we do. Printed paper and garbage are hardly high-tech, but are still important things to consider when assessing security.

Dennis H - July 30, 2008

The recent zero day security hole in Internet Explorer is a serious concern as it can allow a malicious website to get access to your computer.

Microsoft is currently working on a patch but until this is released they recommend several workarounds, I have pasted from their security advisory at the bottom, however these workarounds are not easy for a novice user, particularly because to choose one of them requires that you be able to evaluate which is the best for your own environment.

An easier option would be to install an alternative web browser, here at Nerds On Site we prefer Firefox which is recommended by such security researchers as Steve Gibson of Security Now podcast.

Here is the excerpt from Microsofts security advisory showing the available workarounds:

Based on our investigation, setting the Internet zone security setting to High will protect users from known attacks. However, for the most effective protection, customers should evaluate a combination of using the High security setting in conjunction with one of the following workarounds.

•	Disable XML Island functionality
•	Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
•	Disable Row Position functionality of OLEDB32.dll
•	Unregister OLEDB32.dll
•	Use ACL to disable OLEDB32.dll

For additional workaround details, please see the following post: http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx#workarounds.

Each of these workarounds is equally effective in protecting customers; however, each workaround has different impacts based on the environment in which they are applied. We encourage customers to evaluate which of the workarounds would be least impactful to their environment, based on the impact statements included with each workaround.