La Piazza Blog - PANDA SECURITY SUPPORT

Posted by Nerea Bezares October 08, 2009

Some parents believe that if their children do not have access to new technologies, they may not be preparing them for the future. Consequently, they purchase a PC and pay for an Internet connection for their children to benefit from it.

• Do children really need a computer at home?
• How much time should they spend on the computer?
• What should and shouldn’t they do?

These answers can be provided by your children’s teachers, who will inform you: 

1. Whether they learn about new technologies at school and whether they need a PC at home. 
2. Whether the school has computers children can use out of school hours to do their homework.
3. Whether libraries and youth centers nearby offer basic courses, activities or free Internet use. 

Above all, teachers will know your children and can provide guidance regarding activities and the time they should dedicate every day, depending on their age and educational progress.

You will see children’s enthusiasm as they turn the computer on (without fear or prejudice), and the speed with which they assimilate concepts that adults have taken a long time to assimilate.

• Through educational games (music, letters, numbers, pictures, etc.) they expand their vocabulary, and improve their writing, reading, memory and motivation.
• When they search for information (mostly when working with other students or parents) children learn to overcome obstacles through team work, and are encouraged to share.
• On using social networks (Facebook, Twitter,…), they evolve as individuals feeling part of a group that has their same interests, etc. Remember that this point is not without risks.
• Later on, as children advance, let them explore in a controlled way, monitoring them at a distance. You will be increasing their security and autonomy.

We have found common guidelines among parents and children between four and eight years:

• Parents install games they have previously checked.
• Internet access is limited to specific pages through a control (Antivirus - Parental Control).
• During the week, limit computer use to an hour a day maximum.
• When children have the chance to play with friends, go for walks, on excursions, etc. turn the computer off. 
• If children behave badly, don’t let them use the computer. 
• In the case of adolescents, these guidelines are also valid, but slowly increasing their autonomy according to their level of responsibility.

All this, bearing in mind the danger and tips previously explained in this blog and in your children’s educational environment.

Tell us your experience and whether you want us to focus further on a specific area.

Nerea Bezares -  eknowledge Department

Posted by David San José September 10, 2009

Look!

1. Your children need a bit of peace to use the Internet. Let them shut themselves in their room to search for information online and don’t dare interrupt them, they are probably studying and you surely don’t want to disturb them, do you?
2. Encourage your children to socialize with other people in chats, forums, social networks… but give them their space, you have nothing to fear, pedophiles don’t use technology…
3. Don’t install Web filtering software, let them access everything without restrictions. You are no dictator and your children are responsible enough so as to know which pages they should visit and which they shouldn’t.

No, we haven’t gone crazy… but if on reading this you have realized what you sometimes do regarding how and when your children access information online, we have achieved our goal.

We are not suggesting total Internet restriction for children. In the same way you teach them how to study, manage their money, use the telephone, etc. you should also teach them this aspect.

Remember:

1. The computer must be in the living room. The child should be accompanied by an adult that supervises the sites accessed every day.
2. In the same way you know their friends, get to know their Internet contacts. Tell them not to give out personal details, banking details, etc. 
3. Keep your antivirus up-to-date and the parental control enabled with the restrictions you think appropriate for their age.

In previous posts you can see the information we have published regarding Children’s security on the Internet:

• How safe is your password

Tell us about your experience and if you would like us to focus on a specific subject.

David San José

Posted by Blanca, 07 August, 2009

Internet is an exceptional tool, it makes several tasks easier. However, being used for business and communication increases the possibilities of fraud.

Occasionally, online fraud scams are reported. To carry out online scams, hackers send an email passing themselves off as a bank. The email is used as bait, and readers are told their accounts must be checked, their information must be updated or that they must restore their password or PIN.  On accessing the message, they are redirected to a fake website, and on entering their details the information is sent to hackers, who from then on have access to the accounts.

This type of crime is called Phishing. If hackers obtains the victim’s password they will have access to the victim’s account and can wipe it out. Worse still, they can steal the victim’s identity.

These e-mails appear to come from a legitimate company, usually a financial institution or credit card issuer (though many like to use eBay and PayPal), urging you to take immediate action so your account is not deactiviated.

To increase the chance that they can trick you, they’ll even use the company’s logo, colors, and standard disclosure text. The e-mail will usually contain a link that takes you to a fake site made to look like the company’s legitimate web site.

Obvious clues that an e-mail is a phishing scam include:

• Misspellings and poor grammar. 
• Web site does not have “https://” in the address bar at the top. Legitimate companies employ secure socket layers (SSL) technology to encrypt your personal data. 
• Urgent tone or call to action. Phishing e-mails will allude to dire consequences like, “your account will be deactivated if you do not respond within 24 hours…” in the text. 
• Requests for personal information like social security number, account numbers, credit card information.

Email phishing is the most common form of phishing used by hackers nowadays. However, they also carry out phone phishing by calling people at home or at work. We recommend you to be very careful on answering questions, especially when talking to people who claim to work in the bank you have your savings in.

Remember that no responsible bank or financial institution requests personal and/or sensitive customer data via email or phone.

How to prevent becoming a victim of Phishing.

1. Be wary of unsolicited phone calls, visits or emails requesting personal or confidential information. 
2. Do not send personal or financial information via the Internet, unless you know the recipient.
3. Download program applications and updates directly from the provider’s website.
4. Pay attention to the website’s address. Some malicious websites are identical to the legitimate one, but use different addresses (i.e. www.paypal.Inc.com), when the original address is www.paypal.com.
5. Install your Panda Security antivirus, firewall, browser and e-mail filters and keep them up-to-date to reduce phishing traffic and spam.
6. Frequently check your accounts to make sure there are no inexplicable transactions. 
7. If you think an account or credit card has been compromised, immediately contact your bank and close the corresponding account.

Remember that one of the ways of fighting against fraud is to not becoming a victim; if, as an Internet user you learn to prevent falling victim to hackers, they will have to find benefits elsewhere.

How about you? Have you ever known anybody who has experienced Phishing attacks? Any other useful tips to prevent it? We are all ears!!

Posted by Alvaro, July 10, 2009

Microsoft has publicly announced two new vulnerabilities in Internet Explorer:  

1 .Users get infected on clicking a link to a video

This vulnerability affects the Windows XP and Windows Server 2003 operating systems.

Workaround published by Microsoft

2. Exploit that causes a memory overflow

This exploit takes advantage of a Mpeg2tunerequest stack overflow vulnerability in the msvidctl.dll library. Upon exploitation, an attacker could gain the ability to take full control of a compromised system.

You can find information about this second vulnerability at http://www.microsoft.com/technet/security/advisory/971778.mspx

Microsoft has not publicly acknowledged this vulnerability yet, and so it hasn’t published any official solution.

So far, there is only the possibility of setting a kill bit for the vulnerable control. You can do so by saving this file with the extension .reg and running it as administrator:

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
“Compatibility Flags”=dword:00000400

There is no information about the operating system versions affected by this exploit.

The following video explains how TruPrevent Technologies protect against this type of attack.

                       Sean-Paul Correll from Panda Security

Proactive protection against the msvidctl.dll ActiveX control vulnerability from Panda Security on Vimeo.

All our clients with Retail and/or Corporate products with TruPrevent Technologies enabled are protected against this exploit.

Remember PandaLabs blog, everything you need to know about Internet threats.