Security Secrets the Bad Guys Don't Want You to Know

You already know the basics of internet security, right?

By Robert McMillan
Mon, July 19, 2010

IDG News Service — You already know the basics of internet security, right?

You know to keep your antivirus program and patches up to date, to be careful where you go on the Internet, and to exercise online street-smarts to resist being tricked into visiting a phishing site or downloading a Trojan horse.

But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks.

Remember, however, that security is all about trade-offs. With most of these tips, what you gain in security, you lose in convenience. But hey, it's your computer. Be as paranoid as you want to be.

Avoid Scripting

This may be the one piece of advice that will do most to keep you the safe on the Web: Steer clear of JavaScript, especially on sites you don't trust.

JavaScript is very popular, and for good reason. It works in almost all browsers, and it makes the Web a lot more dynamic. But it also enables bad guys to trick your browser more easily into doing something that it shouldn't. The deception could be something as simple as telling the browser to load an element from another Web page. Or it could involve something more complicated, like a cross-site scripting attack, which gives the attacker a way to impersonate the victim on a legitimate Web page.

JavaScipt attacks are everywhere. If you use Facebook, you may have seen one of the latest. Lately, scammers have set up illegitimate Facebook pages offering things like a free $500 gift card if you cut and paste some code into your browser's address bar.

That code is JavaScript--and you should never add it to your browser. "Scammers use this technique to open up unwanted surveys, fill your social networking profiles with spam or even to send you to phishing pages," says Chris Boyd, a security researcher with Sunbelt Software.

But miscreants can add JavaScript to hacked or malicious Web pages, too. To avoid attacks there, you can use a free Firefox plugin called NoScript that lets you control which Websites can and cannot run JavaScript in the browser. NoScript goes a long way toward preventing rogue antivirus programs or online attacks from popping up when you visit a new Website.

By blocking scripting everywhere and then using NoScript to build a whitelist of trusted sites, you can derail most of the so-called Web drive-by attacks that currently plague the Internet.

Continue Reading

Originally published on www.pcworld.com. Click here to read the original story.
White Papers »
Getting Ahead of the Compliance Curve
In a survey by IT Policy Compliance Group, a consortium dedicated to helping IT security professionals meet policy and compliance goals, 70 percent of all respondents reported being subject to multiple regulatory compliance mandates, as well as contractual obligations and industry standards.
Best Practices in SSL Certificate Management
SSL Certificates make it possible for users around the world to communicate sensitive information. Losing track of SSL Certificates, however, can cause significant financial loss and reputation damage. Fortunately, discovering and managing SSL Certificates within the enterprise does not have to be complex or time-consuming. This white paper will present the pitfalls associated with poor SSL Certificate management, why they are potentially dangerous to the enterprise, and how enterprises can keep track of SSL Certificates effectively.
2011 Mid-Year Cyber Risk Report
The HP DVLabs Mid-Year Cyber Security Risks report features in-depth analysis and attack data from HP DVLabs, Application Security Center, and Fortify as well as vulnerability disclosure data garnered from the OSVDB and focuses heavily on Application Security.
Simplifying the Challenges of Mobile Device Security
Leaving mobile security out of your integrated security strategy opens your network to breaches, data loss, and regulatory compliance issues. This whitepaper introduces three steps that enterprises can take to reduce security risks around mobile devices and improve overall security management.
PCI Compliance Through Network-Based Intrusion Prevention
The number of data breaches involving consumer credit card information is growing at a staggering rate and PCI DSS compliance is a must for a growing number of organizations. This whitepaper discusses the primary PCI DSS requirements and how HP TippingPoint addresses each requirement.
Defining Next-Generation Intrusion Prevention
As we continue to see increases in the severity and the number of security threats, we hear more discussion about the need for next-generation intrusion prevention. This HP newsletter includes a recent report by Gartner that defines the security features needed for next-generation IPS.
Webcasts »
Mobile and Beyond: Future-proofing Endpoint Security and Systems Management
Date: Thursday, March 15, 2012
Time: 11am PDT/ 2pm EDT

A brief discussion of how IBM Endpoint Manager, built on BigFix technology, helps to address these issues will also be provided during the Webinar session.
Gartner Next Generation Network IPS Webcast
Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.
McAfee Continuous Compliance
3 minute Flash video - overview of the need for and value of Configuration Control.
Frank Hauck - VDI Trends
Hear Frank Hauck, President of VCE, talk about pressing trends that make VDI necessary.
Vblock FastPath Demo
Help simplify and accelerate desktop virtualization with the Vblock™ FastPath Desktop Virtualization Platform. Learn more about the benefits of Vblock™ FastPath.
The Rise of the Analytic Platform in Big Data
Date: Thursday, March 22, 2012
Time:11:00 a.m. Pacific / 2:00 p.m. Eastern

By attending this Webinar you will:
*Learn how big data can fuel new insights and opportunities within your company
*Identify ways to create extreme company value using big data
*Understand the benefits of matching data and workloads to the proper platform
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Getting Ahead of the Compliance Curve

Best Practices in SSL Certificate Management

2011 Mid-Year Cyber Risk Report

Simplifying the Challenges of Mobile Device Security

PCI Compliance Through Network-Based Intrusion Prevention

Defining Next-Generation Intrusion Prevention

Understanding the Bot Threat

PCI DSS Compliance with Stingray Application Firewall Module

Best Practices for Active Directory Administration

Managing the 12 Essential Tasks of AD Domain Services

Solving Active Directory's Security Challenges

The Challenges of Controlling & Managing Privileged Accounts

Reduce PCI DSS Scope and Ease Payment Data Concerns

DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape

Verisign State of DNS Availability Report

2012 Cyber Crime Threats and Trends

DNS: Risk, Reward and Managed Services

Expert Guide to Secure Your Active Directory

Security-In-Depth Using Integrated Risk-Conscious Controls

Continuous Monitoring: Responding to New Threats in More Complex IT Environments
Sponsored Links

It's time to Be Bold. See what's new at BlackBerry World 2012.

TelecityGroup. Outstanding data centres, expertise you can trust.

Accelerate Your Journey To The Cloud With HP VirtualSystem For Microsoft

Get Best-In-Breed Virtualization Technology With HP & Microsoft!

Web application attacks are on the rise. Read the 2011 Mid-Year Cyber Risk Report from HP DVLabs.

Best security practices for migrating from physical to virtual environments

Learn how network-based intrusion prevention can help achieve PCI Compliance

HP Enterprise Security recognized as leader in Gartner's DAST Magic Quadrant - get it now!

Splunk translates machine data into "aha" moments for IT and the business.

Evolving Your Data Center for the Cloud

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Converge your infrastructure with HP. Access white papers, case studies, videos and more.

High performance. Delivered. Click to see Accenture's client successes

See how Accenture helps clients perform at the highest levels

Connect with global CIOs now at Enterprise CIO Forum

More than 55,000 customers love ManageEngine. See the value here for yourself.

Optimize your cloud strategy with Stackato by ActiveState. Any language, any stack, any cloud using one platform.

Virtualization Made Easy With HP VirtualSystem For Microsoft.

Cut Through The Virtualization Fuss With HP & Microsoft. Register Today!

What does next-generation intrusion prevention really mean?

Understand how to defend against BotNets - HP TippingPoint whitepaper

Eliminate storage boundaries with HP.View the on-demand webinar to learn more

Push the limits of virtualization with HP. Get the tech dossiers and learn how you can put an end to runaway virtual sprawl.

ShoreTel UC cuts costs like no other. Mobilize your business today.

Managed Hosting Buyer's Guide - Benefits to key considerations

Converge your infrastructure with HP. Access a valuable case study in the CI Resource Center now.

Redefine Software support with HP

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Resource Center
buy a link »
Ads by TechWords