During the holiday seasons countless people spend more and more money online. Online shopping is becoming more popular, for many reasons. It’s easier than fighting crowds at large stores. Many online stores run special sales during holidays. Overall it’s just a more convenient way to shop, but the convenience could also have a price. Scams and phishing attempts rise during holidays. There are a few simple steps that can be taken to reduce the risks.

• Always be sure of the website your visiting. IE Bookmark your favorite store’s website.
• If that email offer seems to good to be true, it usually is.
• Always verify offers from the retailer’s website.
• When checking out verify the payment method
• Probably the most important is to use a good security software to protect your computer from malware that could compromise your personal information

(more…)

According to The Register the conficker worm will have a signature that admins will be able to use to find which machines might have the worm. Up til now the only way was to monitor traffic and with Conficker C that was impossible as it didn’t send any traffic on the network but was waiting for instructions on a certain day.

Tags: IT, security, worm

F-secure has noticed a trend that more malware is being spread though FTP. As most can remember when viruses and other nasties were spread through email attachments, well that’s be fairly well defeated. Then came the drive-by-downloaders which use http to transfer the infectious payload, that’s been slowing down since browsers have evolved. Now though there is a new way to become infected, through trusty old FTP. How this happens is that a user receives a spam email with some links claiming they have an offer which can’t be refused and as we all know most really can’t refuse it. So the unsuspecting user clicks the link and a ftp connection to some bot-net controlled computer is initiated and some infected files downloaded. So now there is one more thing to scan for in your emails.

Tags: computer, IT, malware, spam

Core Security has the full report but if your using VMWare Workstation, Player, or ACE on Windows there is a security exploit in the shared folders feature that allows a traversing of folders not being shared. According to VMWare until a patch is release there is this workaround.

To disable shared folders in the Global settings:

1. From the VMware product’s menu, choose Edit > Preferences.
2. In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.

To disable shared folders for the individual virtual machine settings:

1. From the VMware product’s menu, choose VM > Settings.
2. In the Options tab, select Shared Folders and Disable.

Tags: exploit, IT, patch, security, vmware, windows

It appears that the disk encryption schemes used by different operating systems can be easily circumvented. Princeton Researchers have disproved a common misconception of one of the key components of a computer, that the system’s RAM loses all information stored on it as soon as power is cut from the chip. The researchers claim that the contents of the memory remain for seconds after the power is cut, and if cooled to low temperatures that that time can be extended to hours.

Princeton computer science professor Edward W. Felten, states that by using an inverted can of compressed air, a common item in most offices, you can effectively freeze the data on the chip for 10 minutes. In contrast using liquid nitrogen, not so common item in the office unless it’s a cryogenics office, the time can be increased to hours. Then the ram can be used cold boot the machine and the encryption key is still on the memory and can be used to access the encrypted disc contents.

Source: Information Week

Tags: Edward W. Felten, encryption, IT, memory, ram, science