Holiday Shopping - Give Some Security
Happy Thanksgiving to all of our USA readers! For most countries, this weekend coming up is the start of the holiday season. For many retailers, tomorrow (Friday November 23rd) is "Black Friday" and recently there's been the introduction of "Cyber Monday" (Monday November 26th) when everybody comes back to work and uses their office computers to go shopping online. However and wherever you shop, and whatever your customs and traditions are, as we enter another holiday season it's time once again to think about computer security for our family and friends.
This is a golden opportunity for information security professionals around the world to spread the word about security and to "give some security" when you exchange presents later this year. Let us know what you plan to give as a security gift to your friends and families. Do you know of any cool ideas that other readers might like? Did somebody give you something last year that really helped you with security? I doubt that grandma would appreciate a copy of Hacking for Grannies Exposed but I'm sure that there is something on the shelf that would be good for her in a security sense. Please use our contact form to let us know your plans to "give some security" this year. We'll post the best ideas here later in the day.
UPDATE
Art wrote us with a good idea: instead of buying security stuff, he is making CD's for friends and family. He'll put free stuff on them, FREE AVG, Spybot Search and Destroy, and links to other downloads in a .txt file such as Windows Defender. He said it's not so much a gift for them as it is for him. Less headaches, he said. He also suggested a gift his wife might consider, a Cisco PIX. Nice touch, Art! I hope that Santa is good to you.
Another reader tells us that he rarely buys a security product for friends and family, but he sometimes does the following when he visits people over the holidays:
- Makes sure their Firefox, JRE, Flash, Quicktime, Acrobat reader, Itunes, etc. are up to date. He uses the online checker at secunia.com as a convenient way to check the versions of everything, and to get links for downloading the updates.
- Makes sure their MS updater is set up to update their machine automatically.
- Teaches them not to use IE, and to use Firefox, if they don't already know this.
- Looks for any other lame or dangerous software they might have installed.
- Makes sure they have a way to backup their critical data and that they are using it.
When visiting, he always carry a few bootcds, including Helix, Backtrack, and Knoppix, just in case he is asked to diagnose a machine that won't boot.
Marcus H. Sachs
Director, SANS Internet Storm Center
Russian Business Network - Additional Analysis
One of our readers, David Bizeul, spent the past three months researching the Russian Business Network (RBN). The RBN is a virtual safe house for Russian criminals responsible for malicious code attacks, phishing attacks, child pornography and other illicit operations (we previously provided an analysis of the RBN that was produced by iDefense.) The 70-page paper is on David's web site, and David said that he may update it in the future. We are mirroring the paper for him just in case his site gets overloaded. David's contact information is in the paper so if you like what you see please let him know.
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments