It is becoming more important to have anti-virus software that can isolate web pages from your computer's operating system.

Story here...

Xmas shoppers who carnt spel targeted

Fraudsters have again established thousands of typosquatting sites this year, designed to hoodwink customers of popular shopping sites into handing over personal information to fraudulent gangs.
Utilizing slightly misspelled domain names, prospective marks are taken to mirror sites designed to harvest personal data and credit card details.

>From channelregister.co.uk

During a recent technical comparison of Internet Explorer, Chrome and Firefox, Firefox came in last because it didn't implement a sandbox yet.
Story at TheRegister.

Hackers exploit Adobe Reader zero-day, may be targeting defense contractors.  Story from ComputerWorld.

Here in the 1USA office, we had removed Adobe years ago and switched to Fox-it's .pdf viewer software.  Much more secure.

Apply patches to known holes
>From theregister.co.uk

Patch up warmly this winter if you?re running Java. That?s the advice from .NET shop Microsoft, which reckons Oracle?s platform is the single biggest target for hackers.
Java proved the single most popular target in the 12-month period to the end of June, according to Microsoft?s latest Security Intelligence Report  ?

How do you know if your computer software is up-to-date?
Here at 1USA we use the FileHippo Update Checker software.

BarryZ
 

Per the page on the AVG website that compares the different versions of the AVG software, <here>  the free version of AVG anti-virus software does not fully protect a computer.  The free version primarily is for weekly scanning of a hard drive, and if it finds a virus at that time, it will try to remove it. 
So this tells me that people who use the free version and don't run frequent hard drive scans have the potential to end up with an infected computer, which can probably infect their friends' computers also.

Plus, Avast Pro version loads web pages into virtual memory, thereby protecting the computer from drive-by downloads... a feature that AVG does not have yet.

So to you skeptics... which is cheaper?  A paid subscription of a good brand of anti-virus software, or three hours of Repair Time at your local Computer Repair Shop?

BarryZ
 

According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.

What this means to 1USA customers:
 - that threats on websites can bypass some anti-virus software that doesn't specifically provide protection of the JRE Java Runtime Environment that's on most PCs.
 - that scammers and thieves are finding new ways to separate you from your money.

 - The computer can become infected with a type of computer virus called Malware.
 - The malware can install itself deep in the Operating System... where the only way to remove it is to completely re-install Windows.  (and if you don't make frequent Backups of your photos, documents, emails... then you will lose all those)
 - The computer would need to go to a Computer Repair Shop, which costs additional money... above and beyond the cost of your Intenet Sevice Provider.
(This is one of the reasons why "cheap" internet services are cheap -- they don't provide you with the level of protection needed.)
So if you are not yet a 1USA customer who is reading this.  This is a strong hint to switch to better quality service at 1USA.

BarryZ
 

If you're running Adobe's Shockwave Player, be aware that the company has shipped an update to patch twenty security vulnerabilities, rated "critical." Some could allow an attacker to take over control of the system. Check your version number; if it's 11.5.7.609 or earlier, you need to upgrade immediately.

A good tool to ensure that your interrnet-facing software is kept up-to-date is the UpdateChecker by FileHippo.  Read More...

If you believed everything you read on web sites, you might think that IE is the only web browser that ever has security flaws, and if you just use an alternative browser, you?re completely safe. Of course, the reality is very different. All browsers are vulnerable to security threats and need regular updating. So if your organization?s users are using different browsers, be sure they have the latest and most secure versions.

On June 21, 2010 - Opera released version 10.54 that corrects a number of critical vulnerabilities:

http://isc.sans.edu/diary.html?storyid=9055&rss

On June 23, Mozilla released a new version of Firefox, 3.6.4, that addresses 7 vulnerabilities:

http://isc.sans.edu/diary.html?storyid=9052&rss 

Safari 5, a major overhaul of Apple?s browser, was released earlier this month:

http://www.macnn.com/articles/10/06/08/most.corrected.through.webkit.upgrade/

And Google?s Chrome version 5.0.375.86 includes security updates along with the incorporation of Flash:

http://www.internetnews.com/security/article.php/3889846/Chrome+Gets+Security+Flash+Integration+Update.htm

It is worth the time to review some of these websites and teach people close to you about internet fraud.  Some are neat games to play.

Fun Stuff:
http://www.onguardonline.gov/games/overview.aspx
http://cups.cs.cmu.edu/antiphishing_phil/
http://www.securitycartoon.com/

https://ifraudalert.org/default.aspx
http://www.onguardonline.gov/
http://www.ifraudalert.org/whoweare.aspx
Anti-Phishing page on Payapal
http://www.antiphishing.org/report_phishing.html
http://www.microsoft.com/presspass/press/2010/jun10/06-17fraudalertpr.mspx
 

Secunia.com has software called Personal Security Inspector which goes through your computer looking for obsolete & hackable versions of software. Sometimes, it can get complicated. 
Mozilla.org today announced a feature that checks your computer for obsolete or insecure browser plug-ins.  The page is at http://www.mozilla.com/en-US/plugincheck/

Computerworld broke this story: Microsoft late yesterday issued its second advisory of the last week, warning users that a 17-year-old bug in the kernel of all 32-bit versions of Windows could be used by hackers to hijack PCs. The vulnerability in the Windows Virtual DOS Machine (VDM) subsystem was disclosed Tuesday by Google engineer Tavis Ormandy on the Full Disclosure security mailing list. Coincidentally, Ormandy received credit for reporting the single vulnerability that Microsoft fixed last week on its regular Patch Tuesday. The VDM subsystem was added to Windows with the July 1993 release of Windows NT, Microsoft's first fully 32-bit operating system. VDM allows Windows NT and later to run DOS and 16-bit Windows software.
Advisory on Microsoft TechNet