Consumers and politicians alike have been appalled by the prospect that Apple has the ability to keep tabs on users’ location via a hidden iPhone file. The furor may distract from more nefarious threats, though. Industry experts say that last year there were 286 million types of malware responsible for more than 3 billion attacks on computer users, while the software guarding against those attacks generally catches only 60% of what it comes up against. Although there may be no 100% guaranteed strategy for beating hackers and stopping snoopers, there are some simple safeguards to put in place:
Focus on security
Every day, millions of people post online pictures of their kids, vacations and family events. Most are unaware of the wealth of data that can easily be extracted.
Digital photos contain an “EXIF” (Exchangeable Image File Format) data file that stores information about the image — much of it fairly innocuous. A simple browser plug-in (or standard photo viewers) can tell what shutter speed and aperture was used, the date and time a photo was created and even if a flash was used. The danger comes from higher-end cameras and photos taken with cellphones and smartphones. These can add GPS information and geo-tagging that provides an exact longitude and latitude of where the picture was taken. A quick trip to Google Maps can zero in on the exact address. In some cases — although usually intentionally by professional photographers — a full name and phone number can be embedded.
All that information is a boon to potential stalkers and a quick way to ruin the anonymity of a blogger. Combined with personal information offered on such sites as Twitter, FourSquare and Gowalla, the use of EXIF data can be an invitation to burglars and other evidoers. National security can even be compromised, as is detailed in a report issued by the Pentagon that warned personnel against inadvertently revealing troop positions. There are two basic ways to protect yourself. One is to disable the geo-tagging feature in your smartphone, a task that can be as easy or complicated as your particular manufacturer makes it. (The website ICanStalkU.com offers guides for many popular brands.)
You can also strip EXIF data from photos using Microsoft’s Picture Viewer in Windows (right-click to “properties,” and click on “remove properties and personal information”). Apple’s OS similarly enables the removal of data, as does the popular editing software, Adobe Photoshop.
Dupe of URL
In its April Internet Security Threat Report, Symantec points out that “Social network platforms continue to grow in popularity, and this popularity has not surprisingly attracted a large volume of malware.”
“One of the primary attack techniques used on social networking sites involved the use of shortened URLs,” it says. These shortened website addresses serve as an alternative to long, unwieldy links, but can hide a website’s real location and be used to trick victims into phishing and malware attacks.
“In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area,” the report says. “The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes.”
According to Symantec, last year 65% of malicious links in news feeds used shortened URLs. Of these, 73% were clicked 11 times or more.
What to do? Most browsers have third-party extensions or plug-ins (such as Interclue on Firefox) that allow you to hover over a shortened link to see its longer form before clicking. The site LongURL.org allows you to paste in a copied short URL to see where a link would really take you.
You log onto websites a dozen times a day for email, bank accounts, shopping, bill payments, Facebook, your company intranet and any number of other things. Each time, you’re at risk. The easiest way for an identity thief to set up shop is to use logins as a gateway to personal data. The pickings are even easier when you use the same password, or slight variations, for multiple sites and services. One approach for the malevolent is a “brute force attack,” using a software program to spew a barrage of number and letter combinations until one picks the lock. Another approach is using a “key logger,” a program that records every character you type and transmits information back to whoever managed to sneak the installer onto your computer via a virus or Trojan horse. With minimal guesswork they can figure out passwords, credit card numbers and anything else you transmitted.
Making your password more complex may stall a brute force attempt, but a key logger won’t be challenged much.
Numerous programs are dedicated to the task of protecting your password. One simple way to at start protecting yourself is to type a series of random letters and characters into a text file, with your passwords among them. Instead of typing in your password, copy and paste it from the text file into the login field. All the key logger will see is a click of your mouse or a simple control-V.
Yard sale danger
Going to sell off an old computer on eBay or at a flea market? You may think you wiped your hard drive clean, but the recycle bin is hardly the final word in taking out the trash.
Data you drop in the bin isn’t really erased, just stashed away and hidden elsewhere on the drive until other bits and bytes write over it.
Don’t just rely on clicking “delete.” Windows, Apple’s OS and most flavors of Linux (as well as software you can buy retail) can be used to overwrite your disk multiple times, completely erasing your data so well it would meet military standards.
It may seem generous to leave the operating system and programs intact for a buyer, but don’t. Only a complete erasure will make sure stray files or bits of personal information, including stored passwords, are not still hiding in the corners of your C drive.
A familiar threat
Email is great, isn’t it? You can conduct business by day and catch up with family and friends at night.
Unfortunately, we all have that aunt or grandparent who perpetually sends flash-based greeting cards, cute animations and sparkly affirmations. The emails, often forwarded among hundreds or thousands of people, can have hazardous files embedded in them. At the very least, your email address is being passed along again and again, an invitation to spammers and schemers.
It would be heartless to suggest that you never again open anything sent from those repeat offenders. But turning off the “preview pane” in your email program can help keep some malicious code from launching. Going to “tools,” “options” and “read” in Outlook or similar email programs lets you set a preference so all messages appear in plain text. This not only eliminates the epilepsy-inducing unicorns and teddy bears, but stops an embedded virus dead in its tracks. Just be sure to never download anything from a suspect message.
Clicks for kicks
If a pop-up ad flashes onscreen, your first instinct is to click it away. But some pop-ups are built so what appears to be a “no” button or “X” might as well read “click here to download malware.”
If an ad seems suspicious, won’t minimize or demands your permission “to navigate away” or some such lie, don’t take chances. In Windows, control-alt-delete and shut down your browser manually or end the “process” it is running. Don’t take the chance of clicking around on it.
Through a combination of either laziness, generosity or lack of know-how, many fail to password protect home Wi-Fi connections. Left open, hackers can gain access to your computer through the connection, using it to steal data or make your computer a “zombie” infecting other machines or even downloading illegal materials that will track back to your IP address.