The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. What leaks in practice? We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. How to stop the leak? As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use. For more details, visit : HEARTBLEED.COM
In some situations, you may see new programs or files to the computer. If you are the only user on the computer and new programs are installed, this could be an indication of a hacked computer. However, there are also several legitimate reasons why a new program may appear on the computer, as listed below.
Sometimes, after an online account is hacked the attacker changes the password to your account. Try using the forgot password feature to reset the password. If your e-mail address has changed or this feature does not work, contact the company who is providing the service, they are the only ones who can reset your account. 2. Local computer password If your password to log into your computer has changed, it may have been hacked. There is no reason why a password would change on its own. Log into an administrator account to change your accounts password. 3. E-mail spam being sent: When an e-mail account is hacked or taken over, the attacker almost always uses that account to spread spam and viruses. If your friends, family, or coworkers are receiving e-mail from you advertising something like Viagra your e-mail is compromised. Log into your e-mail and change your e-mail account password.
4. Increased network activity: For any attacker to take control of a computer, they must remotely connect to that computer. When someone is remotely connected to your computer, your Internet connection will be slower. Also, many times after the computer is hacked it becomes a zombie to attack other computers. Installing a bandwidth monitor program on the computer can help determine what programs are using what bandwidth on your computer. Windows users can also use the netstat command to determine remote established network connections and open ports. There are dozens of other legitimate reasons why your Internet connection may also be slow. 5. Unknown programs wanting access: Computer security programs and firewalls help restrict access to programs on a network or Internet. If the computer prompts for access to programs you do not know, rogue programs may be installed, or it may have been hacked. If you do not know why a program needs access to the Internet, we recommend blocking access to that program. If you later discover these blocks cause problems, they can be removed.
6. Security programs uninstalled: If the computers antivirus, anti-malware program, or firewall that has been uninstalled or disabled this can also be an indication of a hacked computer. A hacker may disable these programs to help hide any warnings that would appear while they are on the computer. 7. Computer doing things by itself: When someone is remotely connected to a computer they can remotely control any device. For example, a mouse cursor could be moved or something could be typed. If you see the computer doing something as if someone else was in control, this can be an indication of a hacked computer. 8. Modem users: If the computer is dialing the Internet on its own, it is an indication that a program needs to connect to the Internet. It is common for programs like e-mail clients to do this to check for new e-mail. However, if you cannot identify what program needs Internet access, this can also be an indication of a hacked computer. 9. Internet browser home page changed or new toolbar: Internet browser changes such as your home page changing to a different web page, a new toolbar getting added, your search provider changing, web pages getting redirected are all signs of a browser getting hijacked and not a computer hacker. The price of banking, shopping, and interacting online is the ease with which other people can now steal your information. To stay safe on the internet, use the following strategies.
Method 1 of 3: Protect Your Identity #1 Don’t use lazy passwords: Choosing ''password'' or ''1234'' is like putting a luggage lock on the front door of your house. Also, people will be able to guess it and hack. Instead, come up with a longer password that contains both letters and numbers/characters, preferably one that references something significant only to you. For example, if the name of your beloved childhood goldfish was Sir Bubbles, swap out some of the letters for numbers and you can end up with a very nice password like ''s1rbubb735'' that only you understand. Make sure to write all of your passwords down as well .
If you do not want to receive junk mail or get put on a telemarketer list, look for a small box near the bottom of the page that asks if you want to receive information and offers from other companies. The best sites will have a statement listed that they will not sell your name to other companies (though they may still spam you themselves). Some sites require you to give all your information to get the product. Only fill in required fields that are marked with an '''*'''. If the info box does not have an asterisk, it is optional and you can leave it blank. #3 Do not give out your full name, address, or phone number to anyone online that you don't trust or know ''in person'': This especially important in chatrooms or when negotiating jobs or deals through meet-up sites. Beware of stock letters (i.e. very general response letters that don’t actually address any of the points you’ve made), anyone who wants to negotiate a wire transfer, or anyone who wants to work out a business arrangement while they’re “abroad.” Read "Avoid Scams on Craigslist" and "Avoid Internet Dating Scams" for more details. #4 Keep your eyes peeled for online scams: Beware of spoof email claiming to be from eBay, PayPal, or a bank or a company you trust asking for personal or sensitive information. This is called phishing. The e-mail may inform you that there is a problem with your account/password. There may be a link to click inside. Forward any of these e-mails to the company it claims to be sent from. They will confirm whether the e-mail you received was real or not. Also, bear in mind that e-mail programs like Yahoo!, MSN, Hotmail and Gmail will '''never''' ask you for your e-mail password. Don't fall for it. Read Protect Yourself from Phishing Scams for more information. Method 2 of 3: Protect Your Connection: #1 Make sure you are using (and regularly updating) an anti-virus program, an anti-spyware program, and a firewall: You can use either the firewall that comes standard with your operating system or a third-party software program to your liking. Don’t use two firewalls at once, as they can interfere with / weaken one another. #2 When using a public wireless network, make sure to turn off file sharing and network discovery: These both put your files and system at risk for being opened by ''anyone'' on the wireless network, not just hackers. In Windows, these options can be found under ''Control Panel'' > ''Network and Internet'' > ''Network and Sharing Center''. In Mac OS X, they are under ''System Preferences'' > ''Sharing''. If you are within range of public wireless networks but don’t need to be online, turn off your wireless capabilities altogether. On some devices, there is simply an on/off switch; on others, you will need to configure this yourself (ex. on a Mac, click the Wi-Fi icon and turn off AirPort). #3 Always check for secure transaction info: The best companies will have many security devices in place. You may see a gold lock at the bottom of the page to indicate a secure site. When giving any bank details or other information, make sure the connection is secure (URLs like this begin with ''http<u>s</u>://'' instead of ''http://'') and the site is trustworthy. (Not every site which runs HTTPS or accepts payments is trustworthy, even if the connection is.) #4 Configure your browsers to filter out or block inappropriate content, especially if you have children: Read "How to Restrict Web Browsing Using Internet Explorer","Block Websites on Firefox" and "Block a Website on Mac" if necessary. Method 3 of 3: Download Safely: #1 Only download files or software from sites that have been rated/verified by trusted sources: Choose downloading resources that are up-front about price and ratings and vet their downloads (ex. download.cnet.com). When in doubt, google the name of the site or download along with the word “scam” to see if you get any hits. Do not download illegally (copyrighted material without paying for it). #2 Never open e-mail attachments from strangers unless you can trust them and have security settings on your computer: Some junk e-mails may contain viruses or spyware that can harm your computer. These e-mails may be automatically marked as "spam" or "junk," but virus-ridden emails from unwitting friends can also slip through.
Tips:
Warnings:
Cybercrime is a global challenge worldwide. Citizen Crimes Stoppers (CCS) is a community made up of youths aims at reducing the rate of cybercrimes providing a Web Application to the citizen of any country to report anonymously any cybercrime activities. We are the channel through which information is received and forwarded. It is just a way to pass the information to law enforcement. Above all, we keep the reporter anonymous; that means, the informant will never give his identity. The benefit of being anonymous is the reporter maintains security and none never knows who he or she is. That is why our team is named “The Anonymous Citizens (TAC).” We also offer a toll free to dial for emergency crimes.
With CCS, youth benefit from Security, Trainings, and Tips (if the case is successful). Like our facebook page and Join Us now. It is anonymously easy and free. |