Protect your online banking accounts

Most of us have heard of 'Phishing Attacks' where innocent enthusiastic banking online users find themselves on the receiving end of criminal attacks by having their online bank accounts compromised/swindled. Though most are aware of the dangers, there are some who believe in their online immortality - that is 'It just cannot happen to me'!!! These are the guys I want to alert!!

Check out this detailed explanation of an online banking swindle attack targetted at Indian Banks (this is specifically for Reserve Bank of India accounts).  Just to alert you on the methodology and maybe, for you - it is seeing (by example) is believing!! And hope you never become a victim.

Check out this website of a reputed anti-virus/cyber security company called F-Secure.

Hope this example helps to convince you take necessary care!!

Software Protection Initiative

Food for thought for our Defence Forces whose IT Security awareness/implementation needs a big overhaul considering the massive dependence on IT today!!
Check out the US Air Force 'Software Protection Initiative' and specifically the 'Lightweight Portable Security' Linux OS - which is the need of the hour. This one (LPS) has made it to my CD utility box!!!


Extract from the Software Protection Initiative Site of the US Air Force:

"Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The ATSPI Technology Office created the LPS family to address particular use cases. LPS-Public is a safer, general-purpose solution for using web-based applications. The accredited LPS-Remote Access is only for accessing your organization's private network.

LPS-Public allows general web browsing and connecting to remote networks. It includes a smart card-enabled Firefox browser supporting CAC and PIV cards, a PDF and text viewer, Java, and Encryption Wizard - Public. LPS-Public turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer. Simply plug in your USB smart card reader to access CAC- and PIV-restricted US government websites.

LPS differs from traditional operating systems in that it isn't continually patched. LPS is designed to run from read-only media and without any persistent storage. Any malware that might infect a computer can only run within that session. A user can improve security by rebooting between sessions, or when about to undertake a sensitive transaction. For example, boot LPS immediately before performing any online banking transactions. LPS should also be rebooted immediately after visiting any risky web sites, or when the user has reason to suspect malware might have been loaded. In any event, rebooting when idle is an effective strategy to ensure a clean computing session. LPS is updated on a regular basis (at least quarterly patch and maintenance releases). Update to the latest versions to have the latest protection. "

Debian is the champ - 2011

Great post on Linux distros at Tuxradar

Of course Debian is the champ :)

Where is the doubt??????????

PGP vs S Multipurpose Internet Mail Extensions

Came across an excellent and lucid blog on PGP/MIME and S/MIME - a choice many of us struggle with. Thanks Aaron Toponce! A small relevant extract from the blog is posted below for quick brief


PGP/MIME

1. Uses the OpenPGP RFCs and standards.
2. The “signature.asc” detached signature is in plain text.
3. Flexibility in algorithm choice for encryption, signing and compression.
4. Relies on a distributed trust model.
5. Not as widely deployed in MUAs as S/MIME.
6. Public key must be distributed separately from the signature.
7. Trivial to integrate with webmail providers.
8. Can only be used with signing documents.
9. An expiration date does not need to be set on the public key.
10. Free.

S/MIME

1. Based on a number of RFCs and standards.
2. The “smime.p7s” detached signature is in a binary format.
3. Generally, the Certificate Authority (CA) chooses the algorithm and key size.
4. Relies on a centralized trust model.
5. More widely deployed than PGP/MIME
6. Public certificate distributed in each detached signature.
7. Difficult to integrate with webmail providers.
8. Can be used for both signatures and encryption.
9. Generally, the public certificate expires once per year.
10. Some CAs provide certs free for personal use, but most if not all CAs charge for professional use. As low as $20 per year, depending on the CA.