Hotmail Adds HTTPS Encryption For More Protection

HTTPS is a protocol which allows websites to securely transmit data from one point to another. It is more secure than the HTTP protocol because users cannot snoop in on requests and responses.

Hotmail HTTPS

Many popular websites and banks provide users with HTTPS protection including , and . Though currently only Gmail uses HTTPS by default for full-on protection. You can always access sites like Facebook and Twitter using HTTPS too, but it is manual.

Today, the Hotmail team announced that they will be providing users with the option to enhance the security of Hotmail with HTTPS data encryption. However, right now this service is opt-in, so you will have to visit https://account.live.com/ManageSSL to set preferences to use SSL by default.

Other Microsoft services like Microsoft SkyDrive, Photos, Docs and Devices pages will automatically use SSL encryption. One thing to note here is that if you switch over to HTTPS for Hotmail, Outlook Hotmail Connector, Windows Live Mail and Windows Live application for Windows Mobile and will stop working. Future updates to these application may allow you to seamlessly use HTTPS across devices. Sadly, for people like me who use desktop applications to access Hotmail, the HTTPS will have to wait.

Also, if you think that using HTTPS will slow down or degrade services for you, you might want to look at the cost of switching to SSL Google incurred. It was minimal at the most.

More info on this announcement can be found at the official Windows blog.

BlackSheep Thwarts Firesheep Intruders

Firesheep, a for snooping on and  logins on open Wi-Fi connections caused quite a storm when it was released. It went on to show how insecure your computer could be.

BlackSheep Firesheep Protector

The exploit could snoop on unprotected Wi-Fi connections and retrieve login cookies for Twitter and Facebook, which could then be used to login to a users account and access their data. If you are using an open Wi-Fi connection, the first thing to do is to to secure your Wi-Fi connection. If you need help with it, read our earlier guides Wi-Fi Demystified I and Wi-Fi Demystified II.

BlackSheep is another which is designed to combat Firesheep. BlackSheep drops fake session ID information on the wire and then monitors traffic to see if it has been hijacked. If BlackSheep finds that someone is snooping on you, it will display an alert as seen in the image above.

If you have a secure Wi-Fi connection, you have nothing to worry about, but if you don’t, the threat of Wi-Fi snooping by Firesheep is pretty high. You can circumnavigate the threat by using https instead of http while accessing the websites, but to be on the safer side, install the BlackSheep add-on too, which can be downloaded from here.

Also Read: Advice from a Wi-Fi Hacker

(Source: Life Hacker)

NotScripts: NoScript Extension for Opera and Chrome

A large number of browser exploits take advantage of JavaScript and third-party plugins like Java and Flash. NoScript is a popular multi-award winning Firefox add-on that blocks all such scripts and plugins, and allows you to intelligently and selectively execute them only on trusted websites.

I have always felt that using NoScript borders on the verge of paranoia, since it hinders normal web browsing experience. However, a lot of people obviously don’t mind this, since NoScript can protect users against scary click-jacking exploits, XSS vulnerabilities and even zero-day exploits that haven’t been discovered yet. Many Opera and Chrome users have been requesting similar functionality for a long time. However, most NoScript implementations for the aforementioned browsers have been limited due to the rigid nature of their APIs. Fortunately, Eric Wong has found an ingenious way of make NoScript work within the framework of Opera and Chrome’s extension library.

NotScripts is a NoScript inspired extension for Opera and Chrome, that utilises storage quota allocated to HTML5 applications and UserJS files to offer many of the functionalities present in NoScript. It supports both whitelist (everything is blocked, unless explicitly allowed) and blacklist (everything is allowed, unless explicitly blocked) approaches, and allows you to block scripts either temporarily or permanently.

NoScript-Opera

NotScripts is still not perfect, and as mentioned earlier, taking a whitelist approach might create usability problems. Nevertheless, NotScripts is the best implementation of NoScript I have seen for either browser.

[ Download NotScripts for Chrome | Opera ]

Fake Like Button Viral Scam Hits Facebook

Facebook and scams go hand in hand. No matter what you do, you are never safe from one. A new fake Like scam has erupted on Facebook, and though it is not nasty, it shows how scammers can pawn Facebook users and make them like links without their consent.

Facebook OMG Guy St0ned Scam

Take for example this new scam with an enticing link and a video titled "0MG! This GUY must be St0ned to Death for doing this to a GIRL!". Just for the record, there is no video and this link is just a scam which disguises a Facebook like button as a different button. As you can see above, 3 of my friends liked this link. If you visit the site in question, you will see an interface as seen in the image below.

facebook_omg_scam

The site uses an interface similar to Facebook and also sports false copyrights. In case you thought that was bad, your entire intention of clicking on that link was to watch the video. However, there is no sign of any video at all. The "Continue" button in this page is actually a "Fake Facebook Like button", which has been manipulated using some styling. Clicking on it will stealthily like the website and take you back to your profile.

Facebook Like Scam

Once again, some scams are easy to fall prey to. Though they are not 100% avoidable, the best you can do is to visit your Facebook profile page after you have clicked on a link if you find it dicey. If you find any unwanted updates or likes, delete them immediately. In my case, my test account showed that I liked the website after I clicked on the button (see screenshot above).

Facebook Scam Likes

For the record about 221, 572 people have felt to the scam while I wrote this post. Don’t be one of them. Also help your friends by liking this website instead Smile.

Facebook and Twitter are Easy to Hack on Public Wifi

Have you ever used your Facebook or Twitter accounts on a public wifi? The next time you do, you’d better be prepared. It’s now easier than ever to hack into online accounts on unsecured wifi networks. I found out by reading an article recommended by Linda Lawrey.

How is this possible?

firesheep-logoThere’s a new Firefox addon called FireSheep. This new addon makes it very easy to hack into many online services, such as Facebook and Twitter. However, it only works on unsecured networks, like most public wifi hotspots. It can also be defeated by using other methods that I’ll mention below.

Here’s a quick video showing how easy it is to capture accounts using Firesheep.

Wifi Safety Tips:

I don’t think you need to take the video’s advice and stop using public wifi. You just need to be more aware of the danger. If you always use HTTPS (Secure logins) when you sign onto a website, you’ll be able to defeat the majority of attacks like these. Look for a lock in your web browser’s address bar before you login.

https.facebook.login.chrome

Below are links to plugins for Firefox and Chrome that can help you stay secured while surfing.

Firefox browser

arrow-down-double-3 Force-TLS or HTTPS Everywhere

Google Chrome browser

arrow-down-double-3 KB SSL enforcer

Conclusion:

Be careful when using public or unsecured wifi hotspots. Always use HTTPS whenever possible. Another good method is to use VPN tunneling. There are some good tips from Ask-Leo for staying safe on public wifi.

Fake Antivirus Tools from Microsoft – Don’t be fooled

No! Microsoft is not offering fake antivirus tools. However, a new warning from Microsoft’s Windows Security Blog tells the frightening story of a new threat that disguises itself as Microsoft Security Essentials (MSE). As many of you know, MSE is Microsoft’s free antivirus suite. I recommend it, and even Fred Langa recommends it.

How Does it Work?

1. You unintentionally visit a website that places a drive-by download known as FakePAV, onto your computer.

2. Once it runs, you’ll get this bogus warning in your web browser. (images from WindowsTeamBlog)

fakepav1

3. Clicking on Clean computeror Apply actionswill initiate a fake attempt to clean your PC. It will report that it failed and then ask you to Scan Online.

fakepav2

4. After it performs a simulated scan, you’ll be offered this list of Antivirus and Antimalware tools.

fakepav3

5. Clicking on any of the Free Installbuttons starts another install for persistent and more intrusive fake antivirus software.

fakepav4

The final look of this fake antivirus software can take many forms, such as Red Cross Antivirus, Peak Protection 2010, AntiSpy Safeguard, Major Defense Kit or Pest Detector. These apps give you even more false warnings and try to scare you into buying more protection. Applications like these are also known as ScareWare.

red-cross-fake-av peak-protection-fake-av

antispy-fake-av major-defense-fake-av

pest-detector-fake-av

What should you do to protect yourself?

My recommendation is to use good, up-to-date antivirus software. Enable any anti-phishing options in your web browser. I also recommend the free URL filtering service offered by OpenDNS.

What should you do if you are already infected?

The first tool I use on infected computers is MalwareBytes. If that doesn’t do the trick, Keith Dsousa wrote about an application which will Remove Fake Antivirus from Your System. If all else fails and the PC is really trashed, I’ve got an article describing how to Run Antivirus on a PC That Will Not Boot.

If you need good free advice on what to do, there are several malware removal forums that will take you step by step through a recovery process. Bleeping Computer, Major Geeks and especially Temerc Countermeasures are three good ones.

iPhone 4G Facebook Email Is A Scam

has it’s own set of problems with privacy and scams alike, however, if you have been receiving emails about winning a from Facebook, it is a scam.

iPhone 4G Facebook Scam Email

If you receive an email which says "Hello, you won a from Facebook", stay away from it. It is a scam and will not get you anywhere close to that device. The big problem with this scam is that it uses a familiar look and feel and is really very enticing to click on.

However, clicking on it will ensure that you are scammed. Malwarebytes blocks the website on my PC, so you should ensure to use a similar security software for your own PC. If you don’t have any, take a look at some of the Free Antivirus available or visit our section to learn how to protect your PC.

Firefox 3.6.11 and 3.5.14 Released

With Firefox 4.0 hogging all the limelight, it’s easy to forget that most of the users are still using stable builds of Firefox 3.5 and 3.6. Earlier today, Mozilla pushed through a recommended security and stability update for both the trunks.

Firefox

As many as nine vulnerabilities have been fixed in this release, including five critical ones. This update also fixes numerous stability and performance issues – 40 in Firefox 3.6.11 and 23 in Firefox 3.5.14 to be exact. For more information about the fixed vulnerabilities refer to the bugzilla thread for Fx 3.6.11 and 3.5.14.

[ Download Firefox 3.6.11 | Download Firefox 3.5.14 ]

Facebook Beefs Up Security: Adds Remote Logout and One-time Password

Facebook has almost made a habit of getting into controversies surrounding its privacy and security policies. The stinging criticism from a wide section of the press, following the launch of Open Graph at f8, has clearly had an effect on Facebook. The beleaguered social networking giant has been busy cleaning up its act over the past few months.

Now, Facebook has added a couple of more features to enhance security. The first of them is Remote Logout, which Facebook has been testing for some time. As suggested by its name, this feature allows you to remotely log out of Facebook in other systems that you might have used in the past. It can be a lifesaver in case you forget to log out while surfing on a public terminal, and has long been a feature of Gmail. You can access this from Account –>Account Settings–>Settings–>Account Security.

Facebook-Remote-Logout

The other new feature is One-time Password. If you have registered your mobile phone with Facebook, you can text otpto 32665 (FBOOK) to receive a temporary password that can be used to log into Facebook. This password can only be used once and stays valid for twenty minutes. This feature is once again intended for use on unsecured public terminals, which might house keyloggers and malwares.

Both of these features are welcome additions. Unfortunately, like many other Facebook initiatives, their availability isn’t immediately noticeable to users. For example, in Facebook, the remote logout option is buried deep within the settings panel, whereas Gmail presents it in the footer of every page.

Don’t forget to do your bit. Spread the word by sharing this article with your friends.

Free Public WiFi is A Zombie Network

In our residential apartment building my usually connects to a network called "Free Public WiFi" whenever I step into the lobby. The same "Free Public WiFi" is also available below my office building and it turns out that it is available in several other places including airports and restaurants.

Caution Zombies Ahead at Free Public WiFi

However, connecting to this "Free Public WiFi" does not give you access to an internet, puzzling? Well, the Free Public WiFi is not actually a internet network and is a bug which exists in an older version of Windows XP.

According to a blog post from NPR, Free Public WiFi is a bug which has been lurking around in Windows XP, where it creates an ad hoc network with the same name it previously connected to, in this case "Free Public WiFi".

When a computer running an older version of XP can’t find any of its "favorite" wireless networks, it will automatically create an ad hoc network with the same name as the last one it connected to – in this case, "Free Public WiFi." Other computers within range of that new ad hoc network can see it, luring other users to connect. And who can resist the word "free?"

So what happens when you connect to this network?

Free Public WiFi isn’t set up like most wireless networks people use to get to the Internet. Instead, it’s an "ad hoc" network — meaning when a user selects it, he or she isn’t connecting to a router or hot spot, but rather directly to someone else’s computer in the area.

The origin of "Free Public WiFi" networks is not known, however, it does exist in Windows XP. To get rid of this bug, you will need to update to Windows XP Service Pack 3.

Free Public WiFi does not cause any harm as such, but it has been spreading like wildfire considering the amount of networks you see as Free Public WiFi across the United States and other places. Connecting to this network may not cause you any harm, but it would be wise not to do it considering that it does not give you access to the internet anyways.