The Threat of Online Security
Innovative software, Web sites, and devices attract attention because they make communicating easier, accomplishing tasks faster, or being online more entertaining. But hackers generally follow to exploit the latest mass market. That’s why computer security researchers say some of our newest technical fascinations—iPhones, social networks, and Internet phone services, to name a few—could present tempting targets in 2008. Sellers of security technology have a financial stake in fanning computer users' fears, but it's useful to know where the bad guys might strike.
Wayward Web Sites
The new generation of sites generally referred to as Web 2.0 act more like traditional PC software: The sites are fast, responsive, and speed up page loading. That means browsers are working harder than ever to pull the data that keeps sites current. Couple that with market imperatives to keep pushing out new features to users, and the emerging Web could present a dangerous brew of software flaws that’s ripe for hackers to exploit.
Not So Social Networks
Social networks like MySpace (NWS) and Facebook have attracted tens of millions of members, and they store on their servers a trove of information about each one. The sheer size of those targets could make them tough for hackers to ignore. In October, 2005, a self-spreading worm took a day to infect 1 million MySpace users, defacing their profile pages. So far, problems on Facebook have mostly been the impaired of unsolicited biddings to join users’ networks. But more serious threats could be on the horizon, security researchers say.
A Target in Your Pocket
Sophisticated cell phones that boast lots of storage, Wi-Fi networking, and souped-up computing capacity offer lots of people the chance to use them as ersatz PCs. But all that data zapping forth from smart phones means cyber criminals are sniffing around for ways to crack into them. Phones with software from Symbian and Microsoft (MSFT) have already been attacked, and security researchers have demonstrated ways to hack into Apple’s (AAPL) iPhone. Google’s newly announced Android mobile-phone software could be next.
Bigger, Badder Botnets
One of the more insidious types of computer virus commandeers a user’s PC, gang pressing it into a network of “bots” that can spew spam, record users’ keystrokes to steal bank account numbers and passwords, or launch attacks against Web sites. Such botnets are getting bigger in size and harder to take down. Case in point: the “Storm Worm” virus that has infected tens of millions of machines this year.
Cybersquatters on the Campaign Trail
One of cyber crooks’ favorite ways to snare unsuspecting victims is to set up a phony Web site where users end up when they mistype a popular address. Remember Whitehouse.com? (The President's site is Whitehouse.gov.) As the Presidential election cycle heats up, so-called cybersquatters are ready to pounce. One has already posted ads to a fake site that’s one letter off from the address of Barack Obama’s official campaign site. In 2008, researchers say hackers could post malicious code or set up phony solicitations for campaign donations.
Virtual Worlds, Real Danger
Internet users are spending actual cash to outfit avatars, stockpile weapons, and decorate abodes in online virtual worlds such as Linden Labs’ Second Life and Blizzard Entertainment’s popular World of Warcraft game. So far, Second Life meddlers—so-called griefers—have only resorted to virtual vandalism. But they'd cause serious trouble if they find a way to pluck real cash from users’ accounts.
Your "Bank" is on Line
VoIP phones offer low-price long-distance calling and the ability to place calls from a PC address book in a snap. But the communications protocol used by many VoIP providers is vulnerable to attacks, and leaves holes that the bad guys can use to cloak their identities, security experts say. Worse, many Internet phone carriers haven’t turned on technology that can encrypt conversations over their systems. Most people don’t respond to those phony e-mails asking them to verify their bank account number. But what about a phone call that sounds like it’s coming from the fraud-prevention department? That kind of ruse could be harder to resist.
Hackers Go Pro
In the past few years, hackers have banded together and worked with organized crime to harvest the most valuable data exposed on the Internet. Next year could witness an even more complete merger between the computer and criminal undergrounds. Developers for hire and professional hacking kits are available through online markets. And criminals are on the lookout for intellectual property that resides on companies’ servers. In 2005 and 2006, hackers stole as many as 94 million credit- and debit-card numbers from the computers of retailer TJ Maxx (TJX). More efficient groups could make break-ins like that even more prevalent.
Security Tips (make your data secure)
Given the assortment of nasty behavior befouling the Internet, what's a PC user to do? BusinessWeek.com consulted the experts, who offered the following advice:
Don't give away any valuable or sensitive personal information on your MySpace or Facebook profile or within messages to other members of the network. And don't click on any links in social network messages from people you don't know.
No reputable company will ask for your password, account number, or other log-in information via e-mail or instant message.
Use one of the many antivirus, antispyware, and firewall programs on the market. Often, vendors offer all three functions in a single package. And many Internet service providers offer them free with your monthly subscription.
Upgrade your browser to the most current version. From Microsoft, that's Internet Explorer 7. Mozilla's Firefox is on version 2, as is Apple's Safari browser.
Pay attention to the messages from Windows that pop up on your screen, especially in the new Vista operating system. They often contain helpful security information that many users overlook.
Turn on Windows' automatic-update function to get Microsoft's regular security patches.
Innovative software, Web sites, and devices attract attention because they make communicating easier, accomplishing tasks faster, or being online more entertaining. But hackers generally follow to exploit the latest mass market. That’s why computer security researchers say some of our newest technical fascinations—iPhones, social networks, and Internet phone services, to name a few—could present tempting targets in 2008. Sellers of security technology have a financial stake in fanning computer users' fears, but it's useful to know where the bad guys might strike.
Wayward Web Sites
The new generation of sites generally referred to as Web 2.0 act more like traditional PC software: The sites are fast, responsive, and speed up page loading. That means browsers are working harder than ever to pull the data that keeps sites current. Couple that with market imperatives to keep pushing out new features to users, and the emerging Web could present a dangerous brew of software flaws that’s ripe for hackers to exploit.
Not So Social Networks
Social networks like MySpace (NWS) and Facebook have attracted tens of millions of members, and they store on their servers a trove of information about each one. The sheer size of those targets could make them tough for hackers to ignore. In October, 2005, a self-spreading worm took a day to infect 1 million MySpace users, defacing their profile pages. So far, problems on Facebook have mostly been the impaired of unsolicited biddings to join users’ networks. But more serious threats could be on the horizon, security researchers say.
A Target in Your Pocket
Sophisticated cell phones that boast lots of storage, Wi-Fi networking, and souped-up computing capacity offer lots of people the chance to use them as ersatz PCs. But all that data zapping forth from smart phones means cyber criminals are sniffing around for ways to crack into them. Phones with software from Symbian and Microsoft (MSFT) have already been attacked, and security researchers have demonstrated ways to hack into Apple’s (AAPL) iPhone. Google’s newly announced Android mobile-phone software could be next.
Bigger, Badder Botnets
One of the more insidious types of computer virus commandeers a user’s PC, gang pressing it into a network of “bots” that can spew spam, record users’ keystrokes to steal bank account numbers and passwords, or launch attacks against Web sites. Such botnets are getting bigger in size and harder to take down. Case in point: the “Storm Worm” virus that has infected tens of millions of machines this year.
Cybersquatters on the Campaign Trail
One of cyber crooks’ favorite ways to snare unsuspecting victims is to set up a phony Web site where users end up when they mistype a popular address. Remember Whitehouse.com? (The President's site is Whitehouse.gov.) As the Presidential election cycle heats up, so-called cybersquatters are ready to pounce. One has already posted ads to a fake site that’s one letter off from the address of Barack Obama’s official campaign site. In 2008, researchers say hackers could post malicious code or set up phony solicitations for campaign donations.
Virtual Worlds, Real Danger
Internet users are spending actual cash to outfit avatars, stockpile weapons, and decorate abodes in online virtual worlds such as Linden Labs’ Second Life and Blizzard Entertainment’s popular World of Warcraft game. So far, Second Life meddlers—so-called griefers—have only resorted to virtual vandalism. But they'd cause serious trouble if they find a way to pluck real cash from users’ accounts.
Your "Bank" is on Line
VoIP phones offer low-price long-distance calling and the ability to place calls from a PC address book in a snap. But the communications protocol used by many VoIP providers is vulnerable to attacks, and leaves holes that the bad guys can use to cloak their identities, security experts say. Worse, many Internet phone carriers haven’t turned on technology that can encrypt conversations over their systems. Most people don’t respond to those phony e-mails asking them to verify their bank account number. But what about a phone call that sounds like it’s coming from the fraud-prevention department? That kind of ruse could be harder to resist.
Hackers Go Pro
In the past few years, hackers have banded together and worked with organized crime to harvest the most valuable data exposed on the Internet. Next year could witness an even more complete merger between the computer and criminal undergrounds. Developers for hire and professional hacking kits are available through online markets. And criminals are on the lookout for intellectual property that resides on companies’ servers. In 2005 and 2006, hackers stole as many as 94 million credit- and debit-card numbers from the computers of retailer TJ Maxx (TJX). More efficient groups could make break-ins like that even more prevalent.
Security Tips (make your data secure)
Given the assortment of nasty behavior befouling the Internet, what's a PC user to do? BusinessWeek.com consulted the experts, who offered the following advice:
Don't give away any valuable or sensitive personal information on your MySpace or Facebook profile or within messages to other members of the network. And don't click on any links in social network messages from people you don't know.
No reputable company will ask for your password, account number, or other log-in information via e-mail or instant message.
Use one of the many antivirus, antispyware, and firewall programs on the market. Often, vendors offer all three functions in a single package. And many Internet service providers offer them free with your monthly subscription.
Upgrade your browser to the most current version. From Microsoft, that's Internet Explorer 7. Mozilla's Firefox is on version 2, as is Apple's Safari browser.
Pay attention to the messages from Windows that pop up on your screen, especially in the new Vista operating system. They often contain helpful security information that many users overlook.
Turn on Windows' automatic-update function to get Microsoft's regular security patches.
