La Piazza

Posted by Nerea

Can you be certain you are not INVOLUNTARILY sharing your WIFI network with your neighbors? How can you be sure that your Internet activity is not being monitored when you use a wireless network? Any user within 100 meters is a potential intruder –whether intentional or unintentional- . With wireless networks, information is sent through radio waves, and as they are simply in the air, it is impossible to prevent anyone within a radius of 100 meters capturing the data transmitted.

As you cannot prevent the information being viewed by other people, it must therefore be protected through encryption protocols. At present, the WEP, WPA and WPA2 protocols are used. Although encryption is necessary, it is not enough to prevent unwanted access to your network. There are free programs on the market which are easy-to-use and available to anyone who wants to decrypt connection passwords. Similarly, there is also software that detects any users connected to your network.

Here are a few tips to prevent WiFi intruders or any opportunists that want to hook up to the Internet for free:

1. WPA password (they have been proved to be much better than WEP passwords, as they take 30 minutes to decrypt!).
2. Disabled DHCP (this way it will take intruders longer to discover the type of network).
3. Enable the Firewall module of your antivirus. Install the firewall and update the antivirus, the operating system and the programs.
4. Limit the number of connections to the Router/AP (e.g. if you have one computer why allow two? When necessary, you can extend the range).
5. Administration of the Router/AP (it should only be managed through the network and not via WiFi. This way, you will also prevent them from changing the settings).
6. Disconnect the WIFI router when you are not using it. 

Posted by Blanca

Twitter, Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn.

Data posted on the sites – name, date of birth, address, job details, email and phone numbers – is a windfall for hackers.

A vicious virus Koobface – “koob” being “book” in reverse – has affected thousands of Facebook and Twitter users since August 2008, said Asier Martinez, our security specialist. “Its spread has been very significant and it has been detected in 4,000 different variants,” he said.

The virus hijacks the accounts of social networking site users and sends messages steering friends to hostile sites containing malware, a malicious software often designed to infiltrate a computer system for illicit purposes.

In one of its variants, Koobface sends the victim a warning that its Flash player is outdated along with an invitation to download a new version, which is in fact the virus.

Remenber that malware can be used to steal bank account data or credit card information once installed on a personal computer.

Facebook has sought to resist attacks by Koobface and similar viruses by blocking links to hostile sites and shutting down accounts from users that show signs of infection, such as sending too many messages.  You also must be very careful with people who ask to join your friends list adding that hackers often sent requests.

Another danger of social networking sites are:

• The popular quizzes.
• Horoscopes and games made available for free to users which can sometimes be used to hide links to hostile sites.
• Birthday greetings as well as messages sent at Christmas and other holidays may also appear to come from friends when in fact they are linked directly to sites that try to convince would-be victims to reveal personal information like passwords or bank numbers.

The number of viruses detected in recent years has exploded while the profile of cyber-criminals has changed. Before it was very savvy teenagers who wanted to show off their computer skills. Now you don’t really need to know much about information technology to be a hacker, all the tools have already been created.

Now, why not sharing with me some of your experiences?

Posted by Leyre August 19, 2009

The first thing you must do in order to protect your computer and data is to create a safe password, especially in these days, with the prominence of social networks. People tend to use easy-to-remember passwords, but this is a risk, as hackers can then easily access your confidential information. It is common sense, or would you leave the door of your car unlocked just because it is easier to open it? You wouldn´t, right? Same happens with password safety. Here go a  few useful tips.

DONT´s when creating a password

1. Never use passwords that can be found in a dictionary. They can be cracked with clever – and even not-so-clever – password hacking programs.
2. Never use password containing less than 8-characters long. The shorter the password is, the easier it gets to guess it.
3. Never place numbers after the password if the password Word can be found in a dictionary. It is best to insert numbers and special characters in between a word or replace some of the letters by special characters, for example,  Charles – Ch@rlE$
   This is a little safer.
4. Your cat’s name is not unique. Leave it alone Ditto your name, your birthday, your mum’s maiden name or your birthday.

DO´s when creating  a strong password

1. If you want to have a password which is easy to remember but hard to guess, memorize a sentence. Then, use the initial of each of the words of the sentence as the password. Then add a final point or a special character  (!, @, #, $, %, ^, &, *) at the end, followed by two numbers and a capital letter.For example: April is the month of rain – ( Aitmor@05 )
2. Always use a password that is between 8-14 characters, minimum 8.
3. Combine capital and lower case letters in your password.
4. And if you do need to write it down, try not to do it on a piece of paper entitled “Internet Banking Passwords”
5. Change your password every 30 days.
6. Make sure the user name and password are different

For more information, check out PandaLab´s blog post on Social networking, Passwords and privacy and watch the following video to quickly review the most important tips!!

What do you think about this article? Do you want to share your experiences with us? We would love to hear from you!!

Posted by Leyre, August 13th, 2009

Now that we are on holiday with the kids, it is a great opportunity to teach them how to play online in a safe way, as the risks of using the Internet are on the increase, especially for young people, the most vulnerable. The Web can quickly turn from a being a source of entertainment to a serious problem if children are not alert to the dangers. At Panda, we are socially responsible and we recognise and support projects that contribute to the secure use of new technologies, especially for children.

The dangers in instant messaging, email, social networks etc. can be prevented by following a simple set of guidelines that we want to share with you:

• Speak to your children.
• Learn yourself, and pass the knowledge on to your children.
• Set firm rules for using the Internet.
• Forbid children from giving out confidential information.
• Teach your children to be wary of appearances.
• Install an effective security solution.  The Parental Control feature lets children use the Internet safely by restricting access to inappropriate Web content. Check the latest Panda Internet Security 2010 and Panda Global Protection 2010, they both feature it!

Check Panda Security´s Kids on the Web campaign for detailed information.

On the other hand, cell phones are now widely used by children and adolescents. The risks, therefore, that they face in this respect are similar to those commented above concerning PCs, especially what regards instant messaging services (chatrooms) and spam, in cases related to pornography.

So, restrict the use of mobile phones which include risk features only to older children and give them advise on how to make a safe use of their cell phone.

Once you set limits to your children, tell them about the risks of going online, and teach them how to handle uncomfortable situations, together you can create a fun and safe environment for your children online.

So now, time to enjoy yourselves, adults and kids!! Check out these fun sites and have a super time!

Discovery Channel for Kids
Cartoon Networks
Disney Channel International site
Pocoyo

Share with us other sites you and your children play safely online ¡¡

Posted by Jose, 11 August, 2009

Users play a key role in computer security.  They can compromise a computer’s security, by, for example, running a file attached to an email from an unknown sender.

However, not even users who take all necessary precautions are completely safe. Many times, threats are not easy to identify or even visible… Today, I’d like to talk to you about Alternate Data Streams (ADS), a feature in the NTFS file system (Microsoft’s current standard file system).

Don’t worry, I’ll not bore you with technicalities. Basically, Alternate Data Streams are files within other files. However, these are files that NTFS does not show, which makes for a great way of hiding information.
Follow the steps below if you are curious about this:

1. Create a folder on your hard drive C:. Name it TestADs for example.
2. Copy your favorite song to that folder.
3. Create a text file in the folder. Name it Ads.txt for example.

Dump the song onto the text file, creating an Alternate Data Stream (ADS)

At this point this is what you have in the folder:

• A text file (1 KB).
• The song (several MBs in size).

Delete the song.  Now the folder should only contain the text document. At least, that’s what Windows displays (if you open Windows Explorer and go to the folder, you will see it only contains the 1KB text file). If you open it, you will see it only has the sentence you entered before: “Nothing is what it seems”. So far, so good. However, if you run the command below…

Voilá the song starts playing… Isn’t it amazing? How can that be if you had deleted it? Well, you had deleted the original file, but before that, you had created an Alternate Data Stream (ADS) within the text file. The fact is that Windows doesn’t show this type of association. Microsoft’s policy with regard to ADS is that they don’t need to or shouldn’t be accessed by end-users, but only by the applications that must use them. From Windows Vista and Windows Server 2008, the DIR command can take the parameter /R to list ADS in a file. However, for users of earlier operating systems it is really difficult to even know if a file contains ADS or not.

This feature can be exploited by malware creators to hide executable code in apparently harmless files. That’s why it is so important to have a good antivirus to protect your PC.  Panda Security solutions protect you against these threats, as every time they scan a file, they check to see if it includes an Altenate Data Stream . If it does, they will scan it as well.

Posted by Blanca, 07 August, 2009

Internet is an exceptional tool, it makes several tasks easier. However, being used for business and communication increases the possibilities of fraud.

Occasionally, online fraud scams are reported. To carry out online scams, hackers send an email passing themselves off as a bank. The email is used as bait, and readers are told their accounts must be checked, their information must be updated or that they must restore their password or PIN.  On accessing the message, they are redirected to a fake website, and on entering their details the information is sent to hackers, who from then on have access to the accounts.

This type of crime is called Phishing. If hackers obtains the victim’s password they will have access to the victim’s account and can wipe it out. Worse still, they can steal the victim’s identity.

These e-mails appear to come from a legitimate company, usually a financial institution or credit card issuer (though many like to use eBay and PayPal), urging you to take immediate action so your account is not deactiviated.

To increase the chance that they can trick you, they’ll even use the company’s logo, colors, and standard disclosure text. The e-mail will usually contain a link that takes you to a fake site made to look like the company’s legitimate web site.

Obvious clues that an e-mail is a phishing scam include:

• Misspellings and poor grammar. 
• Web site does not have “https://” in the address bar at the top. Legitimate companies employ secure socket layers (SSL) technology to encrypt your personal data. 
• Urgent tone or call to action. Phishing e-mails will allude to dire consequences like, “your account will be deactivated if you do not respond within 24 hours…” in the text. 
• Requests for personal information like social security number, account numbers, credit card information.

Email phishing is the most common form of phishing used by hackers nowadays. However, they also carry out phone phishing by calling people at home or at work. We recommend you to be very careful on answering questions, especially when talking to people who claim to work in the bank you have your savings in.

Remember that no responsible bank or financial institution requests personal and/or sensitive customer data via email or phone.

How to prevent becoming a victim of Phishing.

1. Be wary of unsolicited phone calls, visits or emails requesting personal or confidential information. 
2. Do not send personal or financial information via the Internet, unless you know the recipient.
3. Download program applications and updates directly from the provider’s website.
4. Pay attention to the website’s address. Some malicious websites are identical to the legitimate one, but use different addresses (i.e. www.paypal.Inc.com), when the original address is www.paypal.com.
5. Install your Panda Security antivirus, firewall, browser and e-mail filters and keep them up-to-date to reduce phishing traffic and spam.
6. Frequently check your accounts to make sure there are no inexplicable transactions. 
7. If you think an account or credit card has been compromised, immediately contact your bank and close the corresponding account.

Remember that one of the ways of fighting against fraud is to not becoming a victim; if, as an Internet user you learn to prevent falling victim to hackers, they will have to find benefits elsewhere.

How about you? Have you ever known anybody who has experienced Phishing attacks? Any other useful tips to prevent it? We are all ears!!

Posteb by Ana, 05 August, 2009

Shopping Online provides a convenient way of making purchases at any time of day, 365 days a year, from a wide range of retailers offering more choice than ever before.

Analysts predict that each year more people than ever will use the Internet for shopping. But they also warn that fraud is on the rise and Internet users need to become better educated on how to protect themselves. Credit cards have helped fuel the Internet economy because they provide security, convenience and reliability for online purchases.

I am a great lover of e-shopping myself! I’ve bought almost anything you can imagine, from a Swiss watch to the tickets of the last Bruce Springsteen’s concert in Bilbao which, by the way, was absolutely great!!! But you must be careful and follow some easy rules.

Here you are some useful tips to take into account:

1. Know who you are dealing with. Conduct business with those companies that you know and that are reputable. Get the seller’s landline phone number and postal address. Remember, you will be sharing your credit card number, your name and possibly your address and phone number. 
2. Check security. Look for the picture of the unbroken key or closed lock in your browser window. Either one indicates that the security is operative. A broken key or any open lock indicates it is not. Look to see if the web address on the page that asks for your credit card information begins with “https:” instead of “http.” Some web sites use the words “Secure Sockets Layer (SSL)” or a pop up box that says you are entering a secure area. These security protections do not work in e-mail. So, make sure you send personal and payment information in a secure web transaction.
3. You should never be asked to tell anyone your card’s PIN number – even if they claim to be from your bank or the police and never use your Social Security Number or PIN as a password. Treat online marketers as you would telephone marketers or anyone else you don’t know. If the deal sounds too good to be true, it probably is, so pass it up. 
4. Only provide your payment card number when you are making a purchase and if you have initiated the negotiation and review your statement immediately and thoroughly. Whether you get your statement by postal mail or online, review each transaction carefully to make sure there are none that you did not make and keep records of what you order.

Now, why not sharing with me some of your e-shopping experiences? Go ahead, I’m really willing to listen to them!