" Consumer "

VIEWPOINT: Social networking, passwords and privacy

By Luis Corrons, Director of PandaLabs

We have been warning for a long time of the issue of adding our personal information to any social network. I use them by myself (Facebook, LinkedIn, etc.) and I’m surprised at the amount of personal information that my contacts have there, even more surprised when more than the 90% of my contacts work in security related companies -yes, that means that my social life sucks, I know 😉

Social networks are also a good communication tool, just a few days ago we could see how the Queenstown police arrested a man thanks to Facefook. But things are not black or white, and when the mankind is involved you can also see the dark side. In September 2008 we could see some news reports about terrorist using Facebook to kidnap Israeli soldiers.

But we don’t need to go that far. There is another major issue: people are lazy, we don’t want to have complex passwords that we can’t remember, nor to have a different password for each application; so people just choose an easy to remember password or just create passwords consisting of some of their own personal information, using their birthday, wife/husband name, hometown, etc. Last week 4 people were arrested for blackmailing Spanish singer David Bisbal. Basically they had got into his mail account and used the information stored there. The head of the gang, psychologist, was able to figure out his password after studying all the personal information of the singer that can be obtained from the Internet.

We do not usually have that kind of information about ourselves available for our friends, but we have it on Facebook and similar networks. They are only visible to our friends (we should redefine the word “friend” in a social network enviroment, but I won’t talk about it here). I have not tried (and won’t) to figure out my friends passwords, but I could do it and I’m sure it would work in many cases. And what happens if one of our friend’s accounts gets hacked, is that whoever it is will have access to all his friends info… scary at least.

So please, just follow some basic recommendations:

• Use common sense.
• Restrict viewing of your details to trusted persons.
• Don’t publish your full birth date.
• Don’t reveal your e-mail, phone number or postal address.
• Ignore unsolicited requests to be friends or group membership from unknown people.
• Use different passwords, and change them periodically.

Finally, you can take a look at this list, containing a list of the Top 500 worst passwords of all times, taken from the book Perfect Password (Mark Burnett, 2005). I miss some passwords in this list, as “guest”, “admin” or “backup”, but it is useful so that you can know which ones you shouldn’t choose.

Conficker worm ravages six percent of world’s computers

Panda Security study reveals scale of security crisis

The number of computers infected by the Conficker worm continues to surge, according to data provided by Panda Security, the global IT security vendor. A study carried out by Panda’s malware detection laboratory revealed that almost 6 percent (5.77%) of computers worldwide are infected by this worm.

The study, involving almost 2 million computers, show that the infection, which originated in China, has now extended across 83 countries, and is particularly virulent in Spain, the USA, Taiwan, Brazil and Mexico. In Spain, Panda has identified more than 36,000 infected computers, although the real figure could be much higher.

“Of the 2 million computers analyzed, around 115,000 were infected with this malware, a phenomenon we haven’t seen since the times of the great epidemics of Kournikova or Blaster”, says Jeremy Matthews, the head of Panda Security’s sub-Saharan operations. “This is no doubt an epidemic and the worst may still be to come, as the worm could begin to download more malware onto computers or to spread through other channels.”

Panda’s researchers have also turned up new data on this dangerous worm. Some variants are launching brute force attacks to extract passwords from infected computers and from internal networks in companies. The frequency of weak passwords (common words, own names, etc.) has aided the distribution of this worm. By harvesting these passwords, cyber-crooks can access computers and use them maliciously.

“This highlights the need for users to establish strong passwords both on personal computers and corporate networks as, otherwise, an infection could spread across an entire company leaving computers at the mercy of attackers,” says Matthews.

This worm also uses an innovative system of social engineering to spread via USB devices: in the Windows options menu that appears when inserting a USB device, it has disguised the option to run the program (activating the malware) as the option to open the folder to see the files – so that when users simply want to see the contents of a memory stick, they will actually be running the worm and infecting their computers.

You will find more information about this and other malware in the PandaLabs blog.

Welcome to CyberSafety!

This is blog about keeping safe from cyber threats. We’ll be looking at the nasty viruses out there, malware trends, emerging threats and the technologies being developed to combat these.

Enjoy! (And stay safe…)