Benjamin

Computer

Services, Inc.

Contact Us

INFORMATIONAL NEWSLETTER

About Us

National Cyber Alert System
Cyber Security Tip ST04-013 archive
 

Protecting Your Privacy

Before submitting your email address or other personal information online, you need to be sure that the privacy of that information will be protected. To protect your identity and prevent an attacker from easily accessing additional information about you, avoid providing certain personal information such as your birth date and social security number online.

 

How do you know if your privacy is being protected?

  • Privacy policy - Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists. Look for indications that you are being added to mailing lists by default—failing to deselect those options may lead to unwanted spam. If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site. Privacy policies sometimes change, so you may want to review them periodically.

     

  • Evidence that your information is being encrypted - To protect attackers from hijacking your information, any personal information submitted online should be encrypted so that it can only be read by the appropriate recipient. Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a lock icon in the bottom right corner of the window (see Understanding Web Site Certificates for more information). Some sites also indicate whether the data is encrypted when it is stored. If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor's system could access your personal information.

What additional steps can you take to protect your privacy?

  • Do business with credible companies - Before supplying any information online, consider the answers to the following questions: do you trust the business? is it an established organization with a credible reputation? does the information on the site suggest that there is a concern for the privacy of user information? is there legitimate contact information provided?

     

  • Do not use your primary email address in online submissions - Submitting your email address could result in spam. If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use online (see Reducing Spam for more information). Make sure to log in to the account on a regular basis in case the vendor sends information about changes to policies.

     

  • Avoid submitting credit card information online - Some companies offer a phone number you can use to provide your credit card information. Although this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.

     

  • Devote one credit card to online purchases - To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.

     

  • Avoid using debit cards for online purchases - Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

     

  • Take advantage of options to limit exposure of private information - Default options on certain websites may be chosen for convenience, not for security. For example, avoid allowing a website to remember your password. If your password is stored, your profile and any account information you have provided on that site is readily available if an attacker gains access to your computer. Also, evaluate your settings on websites used for social networking. The nature of those sites is to share information, but you can restrict access to certain information so that you limit who can see what (see Staying Safe on Social Network Sites for more information).
Author: Mindi McDowell
Copyright 2004 Carnegie Mellon University. Terms of use
US-CERT
Last updated October 8, 2009

 
National Cyber Alert System
Cyber Security Tip ST06-006 archive
 

Understanding Hidden Threats: Corrupted Software Files

Malicious code is not always hidden in web page scripts or unusual file formats. Attackers may corrupt types of files that you would recognize and typically consider safe, so you should take precautions when opening files from other people.

 

What types of files can attackers corrupt?

An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a web site. Depending on the type of malicious code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files (such as a particular piece of software running on a particular operating system) or only affects certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and Trojan horses (see Why is Cyber Security a Problem? for more information). However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including

  • interfering with your computer's ability to process information by consuming memory or bandwidth (causing your computer to become significantly slower or even "freeze")
  • installing, altering, or deleting files on your computer
  • giving the attacker access to your computer
  • using your computer to attack other computers (see Understanding Denial-of-Service Attacks for more information)

How can you protect yourself?

  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

     

  • Use caution with email attachments - Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first (see Using Caution with Email Attachments for more information). Not only is it possible for attackers to "spoof" the source of an email message, but your legitimate contacts may unknowingly send you an infected file.

     

  • Be wary of downloadable files on web sites - Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate (see Understanding Web Site Certificates for more information). If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.

     

  • Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.

     

  • Take advantage of security settings - Check the security settings of your email client and your web browser (see Evaluating Your Web Browser's Security Settings for more information). Apply the highest level of security available that still gives you the functionality you need.

Related information

Author: Mindi McDowell
Produced 2006 by US-CERT, a government organization. Terms of use
US-CERT
Last updated January 7, 2009

 

HOME

Links

Services
and Prices


  Sign my Guestbook!

Read my Guestbook!

About Us