IT'S A JUNGLE OUT THERE, WE CAN HELP!

According to CERT® Coordination Center (CERT/CC) your home computer is a popular target for intruders.

Why? Because intruders want what you've stored there. They look for credit card numbers, bank account information, and anything else they can find. By stealing that information, intruders can use your money to buy themselves goods and services.

But it's not just money-related information they're after. Intruders also want your computer's resources, meaning your hard disk space, your fast processor, and your Internet connection. They use these resources to attack other computers on the Internet. In fact, the more computers an intruder uses, the harder it is for law enforcement to figure out where the attack is really coming from. If intruders can't be found, they can't be stopped, and they can't be prosecuted.

Why are intruders paying attention to home computers? Home computers are typically not very secure and are easy to break into. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target.

No matter how a home computer is connected to the Internet, intruders' attacks are often successful. Many home computer owners don't realize that they need to pay attention to computer security. In the same way that you are responsible for having insurance when you drive a car, you need to also be responsible for your home computer's security. This document explains how some parts of the Internet work and then describes tasks you can do to improve the security of your home computer system. The goal is to keep intruders and their programs off your computer.

How do intruders break into your computer? In some cases, they send you email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access your computer. In other cases, they take advantage of a flaw or weakness in one of your computer's programs - a vulnerability - to gain access.

Once they're on your computer, they often install new programs that let them continue to use your computer - even after you plug the holes they used to get onto your computer in the first place. These backdoors are usually cleverly disguised so that they blend in with the other programs running on your computer.

Whether your computer runs Microsoft® Windows®, Apple's Mac OS, LINUX, or something else, the issues are the same and will remain so as new versions of your system are released.

The key is to understand the security-related problems that you need to think about and solve.

Cyber Alert System

Fraudulent 9/11 Web Sites
added September 11, 2009 at 03:59 pm

US-CERT reports that public reports indicating that attackers are using legitimate web pages to run malicious code on victims' machines.

Reports, including a posting by Sophos, indicate that these messages

   • Include keywords and names related to the 9/11/2001 terrorist attack
   • Prompt users with a fake virus scan that attempts to make users believe they have a security issue. The users are then asked to download fake security software that is actually malicious code.

Please note that these characteristics may change at any time.

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

   • Install anti-virus software, and keep its virus signature file up to date
   • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.