Backup. Restore. Protect

April 4, 2012 By

It may have been April Fools Day on Sunday, but it was actually Saturday March 31 that held all the ironic humour for me this year. That’s because it was ‘World BackUp Day’ (unfortunately the site appears to be down right now!), designed to promote safe and secure second copies of all of your data, and I was spending it reinstalling my operating system due to a malware infection.

 

Malware can get you, even when you’re careful:

I tend to be reasonably careful, particularly on the laptop I primarily use for my business. I have antivirus software installed (McAfee for the record), I run some browser add-ons for extra safety and I try not to visit any websites which I know or suspect could be dangerous.

Security

I also don’t click on links in emails offering Nigerian lottery winnings or direct messages on Twitter which suggest there’s a ‘really bad picture of me’ with a link obscured with a shortened link.

And yet on Friday afternoon I was hit by a spoof version of a legitimate program which not only then covered my desktop in pop-up windows, but also proved a complete pain to remove as it edited the computer’s registry and made sure it reappeared every time I thought I’d successfully eradicated it.

The one good thing is that there are now plenty of websites giving detailed instructions on curing more problems as soon as they appear – unfortunately it took a couple of attempts to find one to deal with the current version of the malware, but it’s worth having a look around to find trusted and reliable sites before you need to Google them in a hurry.

And incidentally, a new piece of research just published shows how easy it is to fall foul of a widespread problem – on average 2 of the top 25,000 websites in the world (ranked via Alexa) serve malware to visitors each day on average. Or problems can occur installing apps – even from ‘official’ sources such as the Chrome Web Store. This doesn’t mean you need to be paranoid, but does mean doing some research and thinking before clicking on links, installing apps, and putting some effort into protecting yourself and your data, including if the worst happens.

 

The importance of backups:

The good news is that I finally managed to remove it successfully, using a couple of anti-spyware programs I hadn’t tried before. Having finally killed the process and restarted my machine to ensure it wouldn’t reappear, I was left with one further problem – the malware had also been created to remove all desktop icons, links and to stop anyone searching from programs which would interfere with it.

hard drive 32/365

So a Restore/Re-Install was needed. But trying the automatic Windows Restore didn’t work – it was only the proprietary manufacturer backup which worked, sending my laptop back in time to the first day of 2011.

I always ensure I have two copies of all data relating to work – one copy is stored on a removable hard drive which is kept in a different part of the house to the laptop when not in use, and the other is stored ‘in the cloud’ on an online storage system which automatically saves any changes made to any files.

Pictures are always backed up on the hard drive, and also uploaded to Flickr on a weekly basis, as are most videos. But I did lose all my (legally) downloaded music as unfortunately I’d cleared all the albums from my hard drive backup whilst I sorted through them and put them into some sort of order.

Aaaaaaaaaargh.

And even worse, I have a nagging feeling that some images and videos of my son appear to be missing, and it was pre-upload/backup, which means they’re gone forever.

Going back so far also means I’ve spent about a week receiving updates every time I fire up my laptop, which then install on Shutdown and leave me stood around for ages when everyone else is going home.

 

Re-install, Rebuild, Update,Protect:

So what have I done since? Well, seeing as I’m fully paid up for McAfee for a while longer I’ve made sure it’s completely up-to-date and double-checked the set-up. I’ve also started testing one of the new programs which seems to have killed the malware on this occasion, and one other anti-virus solution which is available for free download. No single program is lightly to always cover everything 100%, but having 2 or 3 available means I should be able to cover most options.

I primarily use Firefox as a browser, so I’ve added ‘AdBlocker’ and ‘No Script’ to cut down on the risks. There’s a moral issue with using AdBlocker, in that it deprives ad-funded sites of revenue by stopping any advertising from appearing, but you can quickly and easily whitelist sites you trust, as you can with No Script, which stops a lot of sites working initially as it blocks all Javascript. That’s great for preventing malicious attacks, but it’s not a solution that will be 100% effective – for many sites to work, you have to start allowing various processes to run, and as mentioned earlier, even trusted sites can sometimes end up unknowingly spreading malicious software.

Protected Area

But on balance I think I’ve done a reasonable amount, as well as double and triple-checking all backups are running correctly both for the laptop OS and Software, and for the Files and Data. I’ve reinstalled the programs I use on a regular basis, and set them all back up to work properly, and I’m working at full speed again.  You can never be 100% safe, but with the right processes in place the occasional problem isn’t as much of a hassle, and a clean install can be quite a refreshing spring clean of all the old junk you’ve got on your PC which isn’t actually used.

It’s also reminded me to audit my accounts and passwords on my sites, remove unused WordPress plugins, and update everything on social networks etc.

Filed Under: Blog Tagged With: , , , , ,

Content marketing, user data and the dangers of free WordPress themes

January 14, 2011 By

Bit of a link post from me today as I’ve been working on a number of things for clients, and also updating some other projects. So rather than adding to the list that I intend to blog about someday, here’s some important things to consider:

Arm yourself with content, for Goliath is coming: Interesting post which reiterates a lot of the things I’ve been saying about content and marketing over the last 6 months – now is the time to start doing it. More and more companies are realising how useful content and social media marketing can be, and how much ROI it can produce, so you’re going to see more and more content fighting for attention. And given that it takes time to build an attentive audience, you don’t want to wait around any longer!

Myspace on the auction blog. What happens to user data?: Given that I’ve just been writing about social media content and user data from the perspective of future historians having access, it’s also important to consider what happens to that data if a site sells to another owner, rather than shutting down. How do you feel about your content, information and contacts being transferred? Another reason to adopt a hub and spoke model, with ownership of your own content/business/contact hub. And it’s so easy to do with the availability of self-publishing tools…

The hidden dangers of free WordPress themes: But although setting up WordPress, for example, is pretty easy, there are still dangers that you need to be aware of. For instance, only using themes from trusted sources, and checking them before you install them. Do you know what links are contained in the theme you downloaded from a random website? The original post shows the examples of how you can actually decode what could be hidden in a theme. There are a couple of solutions – one is to only pick themes from trusted sources, and the other is to bite the bullet and pay for themes from trusted sources. For instance, in my case, I tend to pay for themes from StudioPress, but there are some other good alternatives, such as Woo Themes (which I’ve used on some client sites, for example).

So why not spend the weekend getting started on your 2011 digital content and marketing. And feel free to pose any questions in the comments – if I can’t answer them, there’s a growing number of people reading this site who probably can!

Filed Under: Blog Tagged With: , , , , , , , ,

Antivirus security is more essential than ever

October 13, 2010 By

This post is supported by Bullguard, who supply free internet security and antivirus software.

The rise of social networks, cloud computing and mobile applications means that having a decent level of security for your business or home has never been more important – and when was the last time you checked your antivirus software was up-to-date or ran a full system scan? There’s not a lot of excuse with the amount of free internet security options around (Either as trials or full products).

It’s something many people writing about the digital world forget to mention – or even neglect to do themselves, but if you consider the rise of digital networking (e.g. 500 million people connected on Facebook), then consider how the viral effect applies to malware and malevolent programmes as much as the latest marketing campaign.

It may seem blindingly obvious considering the fact they’re called viruses, but considering I’ve seen infections transferred via USB sticks swapped between digital marketing experts, for example, it’s always good to have a timely reminder.

A report from Microsoft today revealed that the U.S, for example, leads the figures for hijacked home computers, with over 2.2. million botnets currently out there, which are then controlled by whoever has taken them over – often invisibly to the owner of the computer unless they realise that’s the reason their PC is going a little slower than normal.

And social media could even be making things more dangerous. When search was the primary way to discover websites, there was a clear hierarchy of results, which meant most common terms would have some level of filtering – indeed search engines do employ warnings for know malware sites, although this obviously doesn’t cover many of them.

But when a social networking friend recommends a link, often obscured by a url shortener, how many of us honestly check before clicking on it, or even repeating it to our own network?

And there’s also the illusion that applications, particularly for mobiles, mean that everything is safe – it assumes that every application store and every 3rd party site has examined every single line of code for every application.

If that isn’t enough, there appears to be a rise in hackers actively targeting routers, rather than PCs, meaning they’re reaching anything connecting via that hub – your mobile phone, all your computers, and anything else running software which could be compromised.

Earlier this year, my websites were all disrupted by malware which infected website hosts. The disruption was bad enough, but the thought of anyone getting an infected computer due to one of my sites has been enough for me to educate myself a lot more to minimise the chance of it happening in the future.

Many of us are issued computers by our employers, and quite often we’ll assume that the often over-worked IT department have got everything covered – but a lot of the time they’re maintaining rather than having the time to pro-actively go after the latest major threats.

But there’s no need to panic:

I’m not suggesting you should run away from the internet. It’s actually surprisingly simple to start taking control and responsibility for your own data and safety. You can start by making sure you have decent antivirus software up and running, and updated. Make sure it’s updated regularly and you’re running scans either manually or automatically on a regular basis. And most vendors allow you to try their software for free for a limited time, so there’s really no excuse for not trying it.

Change your router username and password from the default – if you’re still logging in with ‘admin’ and ‘password’ you’re liable for anyone using your wifi to access any website, as well as vulnerable to malicious software.

Store sensitive passwords away from the computers and change them regularly – especially any banking passwords. I use a variety of ways to secure my passwords for most things, but I never store any financial passwords on any computer, or write them and store them anywhere near any of the computers I use. The social element of hacking is best summed up by someone writing their password on a Post-It note stuck to their monitor, and it also applies to someone having an illicit wander through the files on your computer.

And lastly, don’t be afraid to read up, ask stupid questions, and find out about securing your computers. I’m definitely not an expert, and there are plenty of great resources available online to find out what you should do to prevent problems – and to help after they’ve happened. It’s all about taking responsibility for all of the equipment in your care, and all of the things which are precious to you, and at the end of the day, it should become as much a part of your routine as locking the door when you leave the house, and not walking around with a bag of cash sticking out of your pockets… You’ve never be completely safe, but by taking the essential steps you’ll have made your computer and mobile less attractive then the one next to it!

Filed Under: Blog Tagged With: , , , , , ,

Interested in mobile or internet privacy and security?

July 31, 2010 By

If you have any interest in security and privacy on the internet and mobiles (and security is always increasing in importance as more of our lives become so heavily integrated with the digital world), then it’s worth taking a look at what’s coming out of the Black Hat Conference taking place in America at the moment.

There are some really interesting presentations by people looking to raise discussion and awareness on a range of security issues, including being able to eavesdrop on mobile calls with equipment costing $1500, reading RFID tags from over 200 ft away, or hacking ATM machines to let them spit out cash for you. Plus a lot of debate and discussion about how companies and governments can improve security, or nations investing in cyberwarfare.

VentureBeat appears to have just about the most comprehensive and readable coverage, and it’s something we should all be trying to become more aware about. Not only is it important for your personal information and data, and to be aware of what companies and governments are capable of doing – but as we’re the more digitally-aware percentage of the global population, we need to be able to explain these things in simple and accessible ways to those less aware than ourselves…

Related articles by Zemanta
Enhanced by Zemanta
Filed Under: Blog Tagged With: , , , , , , ,

The aftermath of Twitters biggest phishing scam

March 1, 2010 By

Over the last week, many people have fallen foul of the latest phishing scam to do the rounds of Twitter. And an unusual number of high profile individuals have been included in the list of users affected, including the Press Complaints Commission, BBC correspondent Nick Higham, the Guardian’s Head of Audio Matt Wells, bank First Direct, and environment minister Ed Milliband.

Environment Minister Ed Milliband caught by phishing scam

Environment Minister Ed Milliband caught by phishing scam

Phishing scams have long been endured by most internet users – the traditional mechanism has been via email, but as social networks have becoming hugely popular, they’ve become the vector of choice. And Twitter is particularly attractive as the speed with which messages can spread is combined with the use of short urls, which help to mask the malevolence of the message.

While this is just another example of the huge amount of phishing attempts which exist, the higher profile of these attacks as they affect prominent politicians will hopefully lead to a better awareness and response by governments.

It’s probably a forlorn hope, but for example, here are some things which might change:

  • More education about phishing and spam to the ‘general public’ – how about a public awareness campaign?
  • More understanding about how normal users can have accounts compromised very easily – for instance, with ‘Three Strikes Rules’.
  • More people using offline backups of any content that is valuable or useful to them
  • More of a move towards data privacy, and Vendor Relationship Management, to allow users to only share the information they choose with any service provider under strict controls.
  • A rethink of the UK Identity Card scheme which includes private businesses taking fingerprint and photos.

Importantly, it should place the risks of Social Engineering alongside those of teenage cyberwarfare specialists taking down defence satellites from their bedroom. If a private company was, for example, storing fingerprint data, you wouldn’t need to target their infrastructure (Although I’m not sure most chemists have a particularly high level of internet security) – you’d use social engineering on their employees via Facebook, Twitter, or offline in person to gain information and access.

Of course, technology can play a part, and I’m sure Twitter will increase their response to phishers in future, particularly as a high profile attack via any platform is never good for PR. But any measures will always be part of a never-ending arms race, and only when every individual is educated enough will there be any noticeable difference…

Filed Under: Blog Tagged With: , , , , , , , , ,

Big money for hacked Twitter accounts

January 31, 2010 By

Stolen Twitter accounts appear to be commanding a premium amongst hackers sharing details on forums.

Data stealing software is a risk to your details for any site, but according to Kaspersky researcher Dmitry Bestuzhev, he’s seen  a Twitter account with just 320 followers offered for as much as $1000. In this case, the three-letter username may have influenced the price.

That compares with Gmail accounts for $82, Rapidshare accounts for $5 per month, and other sites including Skype and Facebook. Bestuzhev also went on to say Kaspersky had detected 70,000 data stealing programmes in 2009, which is twice as many as in 2008.

Twitter is likely to be a preferred route to spread malware as links can spread in near real-time to hundreds or thousands of followers – each of whom can quickly and easily repeat a malware message to their own network.

Malware messages are also hidden by shortened urls, and with the amount of links spread via Twitter, there’s a good chance people are less suspicious than seeing the same links in an email or IM message.

It’s a reminder to make sure you use a unique password which is a mix of alphanumeric characters, and to change it regularly. Be careful of sharing it with third party sites and tools which aren’t using Twitter’s OAuth protocol, and be careful with links being posted by others – even including people you trust.

(Via Computerworld)

Filed Under: Blog Tagged With: , , , , ,

Stocktwits gets funding, Bit.ly get’s safer, Cli.gs gets bought

December 2, 2009 By

The Twitter ecosystem is busy as always, so rather than try to write 20 posts to cover everything purely for SEO benefit, I thought I’d round up three things which stood out:

Stocktwits has gained $3 million in another round of financing for the social and microblogging network for the stock market. It’s interesting that the service has spun out of Twitter, building its own platform and Adobe Air desktop application which came into life in September. In addition Stocktwit.tv seems to be taking off.

Rather than building your own social network from scratch, perhaps a more realistic plan is to build community on the main Twitter site, before spinning off as Stocktwits have done – a technique that would work on any social network…

URL shortener Bit.ly (as set as the default shortener on Twitter, and heavily used by yours truly) has announced a partnership with security firms including Websense, Sophos and VeriSign to help address the problems of spam and malware-spreading shortened links which are otherwise difficult to spot (Bit.ly already offers a plugin to expand links before you click on them). That adds onto Twitter’s malware detection, and Bit.ly’s spam filtering.

For reference, Bit.ly shortens 35-40 million links a day, and apparently spam links make up less than 0.5% of that number…

And finally, fellow url shortener Cli.gs has been bought by social bookmarking site Mr Wong. That’s good news for users, and also for the White House, which uses Cli.gs. The reason for the sale is given as the time and effort needed on behalf of the founder – something which makes sense in the context of Bit.ly’s 40 million links a day!

Filed Under: Blog Tagged With: , , , , , , , , , , , , , , , ,

Interesting responses to Twitter security worries

January 5, 2009 By

Following my previous post on the implications for Twitter of the first large scale phishing attack, I’ve seen a few interesting responses:

First up, @benbarden responded to my concerns over short urls by suggesting that people could host their own, e.g. 140char.com/link1 etc.

A pretty cool idea, and one that Ben is apparently running on a site already (I might have to beg him for a guide!). The only flaw is that a lot of people run hosted blogs, and will therefore still be at the mercy of shortening services. But for those of us paying hosting costs it’s worth considering.

Then the always friendly @mingyeow from MrTweet asked my opinions on a blog post ‘Addressing Privacy Concerns‘. Suffice to say it’s a very eloquent explanation of how and why the developers of one application are aiming to keep your accounts safe:

One of the points raised is that MrTweet will support OAuth as soon as it becomes available, although it won’t answer every security question, because, as they quite rightly say, securityand convenience are always a trade-off.

There’s some really interesting debate around the use of OAuth from both Jesse Stay on LouisGray.com, and Dave Winer.

Filed Under: Blog Tagged With: , , , , , , , , , , , ,