Due to the fact that I speak to many groups about how to browse the Internet safely, I hear lots of horror stories about innocent searches that have gone wrong. While the commercial world wants us to believe that playing on the Internet is like going to DisneyWorld, it’s actually a lot like visiting the Wild Wild West. There are lots of fun things to do, but it also can be incredibly dangerous. While “Ye Olde Miner’s Tavern” looks like a fun place to visit from the outside, how do we know that it’s safe? The answer is… we don’t. Most computer users are unaware which practices are safe and which are dangerous, which is why I’ll talk more about best practices in this article.
Idle Clicks are the Hacker’s Tools
How often have you received an email from a friend that has a link to a website your friend wants you to take a look at? It happens all the time. Unfortunately, the bad guys like to use links in emails they send to you to get you to visit websites that they want you to take a look at also. But even the most careless Internet user wouldn’t click on an address like evil.hackers.com for fear of something awful happening to their computer. So the bad guys have a few tricks up their sleeves to try to fool us into clicking on links in our email that will take us to their malicious websites. One of the tricks they use is to make the link look like it will take us to an innocent website. Just because a link in our email appears that it will take us to amazon.com does not mean that it actually will. It might take us to amazon.com eventually, but it will also take us to the malicious website first. This will happen so quickly that we may not even notice it. We also won’t notice our browser unwittingly downloading something from that evil website. Even hovering our mouse over the link in our email and looking at the bottom left hand corner of our screen will not always tell us where the link will actually take us. It’s just much safer for us if, instead of clicking on a link in our email, we open up our browser and type that address in ourselves. That way we are almost completely assured that the address we typed in is where we will end up. Once we stop clicking on links in our email, we take away one of the tools the hackers use to attack us.
Don’t Open That Attachment! You Don’t Know Where It’s Been!
On June 9th of this year, Microsoft released its latest Windows Update patch. Within that patch, there were thirty one fixes of vulnerabilities in Microsoft software. This was the largest patch that had been released to my knowledge and a few of the vulnerabilities were fixes for some of Microsoft’s Office products. One of the ways our attackers have been stealing our information has been using vulnerabilities in products like Excel, Powerpoint, and Word. This should make us think long and hard when we receive an email from a friend that has a file attached to it. It could be an innocent document, or a malicious file that will attack our computer once we open it to see what is inside. Windows Movie files (.wmv) and Quicktime files (.mov) have also been used to spread attacks to our computers. So it’s up to us as the defenders of our computer, to make sure that the attachments we receive are safe before we open them. We can do that by contacting the sender and asking them if they in fact did send us the attachment, and more importantly, do they vouch for its safety. They can do this by telling you that they are the creators of the file or that they received it from a trusted source. It is safer for us to assume that all attachments are malicious until we have proven that they are not. Attacks by file attachments are still very common, so we can lessen the risk to our computers by having the sender of the attachment vouch for its safety before we open it.
Is That All? Am I Safe Now?
Unfortunately, there is a lot more to being a safety conscious computer user than what I’ve talked about so far. But, with the two tips in this article, we take away two common attacks that are used by today’s attackers. In following articles, I will continue to list the best practices that we can use every day to minimize the chances of our computers being hacked. Internet Safety is an always changing topic. As soon as we figure out how to defend against one attack, the hackers invent a new attack that we haven’t seen. As long as we continue to educate ourselves about how to stay safe, we’ll make the hackers job a whole lot more difficult.
Kevin Poniatowski was a software engineer for Department of Defense contractors for over a decade. He has spent the last two years teaching software engineers, testers, and project managers from around the world how to create more secure software. He currently resides in Nashua, NH and spends his free time speaking to groups about Internet Safety and can be reached at firstname.lastname@example.org.