Check it out the Infographic made by Zone Alarm labs which gives much detailed information about these attacks and giving tips to safeguard your information on social media.

Source ZoneAlarm

(1) An up-to date computer system – No matter operating system or the software’s installed on the computer should be fully patched with latest available updates from the Software vendor. For example an operating system with older updates can cause the operating system vulnerable to any potential threats.

(2) Short and Common passwords – It is a common practice that always selecting a short easily predictable passwords. It is always recommended to set a mixed character and at least 8 character long passwords. ( Never put any password hints on your Windows Vista or Windows 7 operating systems)

(3) Turning off the Windows firewall or not using any software firewalls on the computer – Most of the techies used to turn off the firewall for some testing and always forget to turn it back on. This can cause any attacker to intrude in to your computer while you are on any wireless network.

(4) Usage of VPN application – VPN’s are always a network shield when you care about online privacy. VPN’s will help you to encrypt your current session with the internet. It is very useful while browsing from a public Wi-Fi.

(5) No proper security software – Meaning no proper Antivirus tools installed on the computer. A techie person will know which website is good or bad and what software is good to install. That will sometimes stop him installing an antivirus by thinking that he can save some system resources. But believe me over a period of time if you load a good antivirus and do a complete scan you will at least find 5 virus infected files.

This can be used as a check list to avoid any ignorance next time when you wanted to harden your computer systems security.

Image Courtesy @Flickr

Now a days most of the Malware attacks happening because of a vulnerable Internet Browser. A vulnerable browser meaning the browser will be an outdated version or it may have a browser helper object which has vulnerabilities. Also most widely used browser will tend to get more vulnerable. So which ever browser you use you are supposed to test it and make sure it is fully patched to help yourself from being hijacked by Malwares.

Qualys BrowserCheck will scan your Internet Browsers with the help of a browser add-on. When you open the  website in your browser it will detect your browser and according to that it will install the scanner add-on.

Qualys browser will not only scan but also it provides the solution to fix the vulnerabilities and advises to harden the browser security by updating the browser plugins to the latest versions. Once the Scan is executed on your browser it will come up with a result like below and show warning if there is any. Once you click on the Fix button it will automatically take you to the patch and prompt you to update it.

It supports major operating systems like Windows, MAC and Linux.

Also See: How to test Website’s SSL Certificates using Qualys SSL

At time you will feel like your existing antivirus protection is not doing its job when your computer gets infected. The fact is that there will be a delay to update the antivirus definitions in a client computer and that depends the scheduled time of automatic update configuration or the frequency of update pushing from the Antivirus provider. So an outdated antivirus may not help you always to eradicate the malwares. Even not every antivirus company will release the updates sooner the virus hits the network. So when all these Antivirus solutions fail you can make use of online scanner such as Microsoft Safety Scanner.

The newly released Microsoft Safety Scanner is one of such scanner will download the latest updates from their servers and helps to remove any such infections.

Once the scanner is Downloaded it is ready to run on your computer. The executable file itself is a scanner and once it is executed it will show you options to choose a scan type and upon selection it will start to perform the scan and provide you a result once finished.

Keep in mind that this scan engine will get expire after 10 days. So after 10 days if you would like to run a scan again it would be better to get a recent copy of the same file. The reason why is there are chances you will be running the scanner with older virus definition. Microsoft claims that this scanner will run with any other installed Security software in your computer.

Check it out Microsoft Safety Scanner

Also See: Other online scanners available for free.

Now Twitter has also announced the feature to use the twitter account to connect always in HTTPS. Recently Facebook and Hotmail was who enabled HTTPS security on their system. But Twitter had already an https://twitter.com link activated but it was unknown to many that Twitter profile can make use of https function while browsing an unsecured public Wi-Fi. So Twitter has officially announced a feature which will allow you to configure your profile always to be connected on Https.

The feature can be enabled on your Settings Page Check the box for “Always use HTTPS”. That’s it now the Twitter will always connect in HTTPS.

By the ways Twitter had already rolled out this feature on most of its mobile client to connect it directly to HTTP.

Now you can enable more security on your Facebook account by enabling it login on an HTTPS session. If you are  a regular user of Hackstacks you must have read about this new feature in my previous article. Now the service is ready available for you! so let’s configure it and see how it can help you to secure the account from any hacking attempts!

First you need to go to Account>Account Settings>Account Security

1) Secure Browsing (https) – Enabling this feature will use https tunnel to login to your Facebook account so it gives more security when you browse from a public wi-fi or from the airport even it block man in the middle attacks and stops intercepting your browser session.

2) Logon Notification – Enabling this will notify you whenever there is an account log-in activity takes place. Meaning if someone tries to access your account from a different computer you will be notified with information such as computer name, location, IP Address, logged-in time etc.

So if you get such unusual notification on your account you can come to Account Security tab and end that activity from your account. Also make sure you change the account password ASAP.

The above screen will pop-up when you log-in from a new computer so once you enter the computer name and register it with your account it will not prompt this message next. That means the computer name will mark it as trusted under your for your Facebook profile.

Hope it was helpful. Let us know it!

Many of us will ignore setting up the best Wi-Fi security for your wireless routers. Most of the time it would have setup by a tech from the ISP so your lack of knowledge will fail to instruct him to set it up on a high level encryption method. Well sometimes you buy a new wireless router and simply connect it to the network line without setting up security and that becomes an unsecured wireless. Your laziness can lead to big troubles as an unsecured wireless is just like leaving your house doors wide open when you are not home. An unsecured network is open to anyone to access your Wi-Fi internet.

Even if you setup a security and password it does n’t mean that your network is completely secured.

A few things we always failed to change while configuring a wireless router.

• We tend to use the same IP Address range which was configured on the wireless router. Changing the IP Range and default gateway will be good since a hacker will not be able to guess it to launch an attack
• Change the default administrator password. (Default password will be either “password, admin or the device’s name”)
• Do not keep the Wi-Fi router or access point outside the home or never keep it near to the window as the network will be available from outside the home with good signal strength.
• Make a practice of turning off the wireless router when it is not in use. (Can save some energy but it will not be practical but consider it if you go for a long vacation)
• Change the default SSID.
• Turn on the firewall in computers and wireless router.

Most of the Wireless routers are ready to be configured with WEP, WPA v.1, WPA2 security standards. WEP was most widely used security for Wi-FI routers but later it become so vulnerable to the wireless attacks. A WEP used networks were able to crack less than 10 minutes but since WPAv.1 introduced hacking a Wi-Fi was not that easy like before. A brute force to WPA enabled system was taking more than a day to get it cracked. Please note that it is still vulnerable! But compared to the WEP it is difficult. Even WPA2 has more advanced encryption and security standards to client authentication which is mostly used in enterprise networks.

For a home user it is good to configure it on a WPA security. If you did not find WPA security feature you can update your Wireless routers firmware. A new firmware will have all the updated security features. (If you go to the wireless manufacturer’s website you will find the latest firmware updates.

If you are an advanced user you may consider configuring the below features on your Wi-FI router for added security.

Enable Mac Address filtering – When you enable this on the Wi-Fi Router it will lease the IP address only to those devices with the matching Mac Address.

Disable SSID broadcast and hide the SSID – When you disable and hide the broadcast it will no more display it when someone scan for the available Wi-Fi networks.

Configure with static IP Address on your Devices – Like a told you before change the default IP Address configured on the router and setup the computers with a static IP Address.

Conclusion
No security is 100% secure so it is our duty to secure and monitor our network. We do not recommend using WEP protection. Consider using WPA as it will not be so easy to crack it. Change the security pass-phrase often.