safe browsing
DESCRIPTION
This presentation will inform you about how to do a safe browsingTRANSCRIPT
Safe Browsing
The Dangers of Web Browsing (The Risks)
• Computer infected with malicious software (malware)
• Stolen, altered, and/or deleted personal information
• Indentity theft
• Financial fraud – stolen credit card and/or bank account information
• Your Computer is user to send spam
• Your computer is stops working because of damage done by the malware
The Threats
• Malicious link/sites – to click or not to click, that is the question
• Malicious advertisements
• Drive-by download (don’t even have to click!)
• Search engined tricked to present malicious/bogus result near the top of your search results (aka Blackhat Search Engine Optimization (SEO) Poisoning)
Can I click on this?
• Watch for malicious URLs cloaked by URL shortening services like:• TinyURL.com
• Bit.ly
• CloakedLink.com
Malicious Advertisements
• Major ad networks (aka “ad aggregators”) affiliated with Google (e.g. Doubleclick.com), Yahoo (yieldmanager.com), Fox and others, covering more than 50% of online ads, have been infiltrated with “poisoned ads” containing malicious code (Source: Avast!)
• Happened to the New York Times website last fall
Drive-by Downloads
• The scary thing is you don’t even have to click on anything – just visiting a site with malicious code can initiate a download that installs malware on your computer without you knowing it.
• Symantec claims every one of the top 100 websites in the world have served up malicious code at some point
• JavaScript in the ad executes when the page is loaded and tries to exploit a vulnerability in Adobe PDF reader, Java, or Flash… or all three; this is why a tool like NoScript or something that blocks ads is effective
Search Engine Poisoning
• Search engines, like Google, are tricked into presenting a malicious link in the top 10 results for popular searches
• Known as “Blackhat Search Engine Optimization (SEO) Poisoning”
• 13% of Google searches for popular or trendy topics yield malicious links
• Currently used mostly for fake antivirus scams
• Exploit current events, popular topics• January 2010 an all-time high with hackers capitalizing on Haitian earthquake,
release of movie Avatar, and announcement of the iPad
Recognizing Fake Antivirus Alerts
Actual pop-up alert from Trend Micro OfficeScan:
Recognizing Fake Antivirus Alerts
• Example of a Fake AV “scareware” alert that tries trick you into buying worthless software to fix a non-existent infections:
Tips and Trick
• Use a Mac or Linux
• Beware of where you do your online banking – cybercriminals are actively hunting you online and targeting your computer because “that’s where the money is”
• Stay away from questionable sites• Pornography
• Gambling
• Some gaming sites
Tips and Trick
• Risks of social network sites• People tend to reveal too much personal information
• Pay careful attention to the security configurations, esp. for privacy
• Beware of third party applications and advertisements
• Beware of unusual friend requests
• Application whitelisting (specify the programs that can run on the computer – everything else is prohibited)
Tips and Tricks
• Don’t let your browser store/remember important passwords like:
• eID
• Financial accounts
• Don’t keep yourself logged into important accounts
• Similar to letting the browser store username/password;effect is the same – anyone with access to the computer has access to those accounts
• Never do either on a public computer
• Use a password manager
• Windows: Password Safe - pwsafe.org Many useful features, easy to use
Conclusion
• There’s no way to be 100% secure surfing the web these days
• Use multi-faceted approach to reduce your risk (browser security features, browser add-ons, Trend Micro security software, educate yourself)
• These tools and techniques make your browsing experience less convenient and may frustrate you at times, but they are necessary in today’s hostile online climate
• Think before you click!