Since I've just seen that one of the forums I use has an "interesting" iframe situation, I'll explain it in simple terms. I work in the security industry and write for work. So here a couple of tips and ideas about browser and browsing security:
- get yourself an up-to-date browser and keep it that way. That means running and accepting ALL updates. Knowingly so. Ninite.com provides apps to keep things up-to-date and they're rather good
- update *all* your applications, but especially the big ones. Adobe is on Reader X, Firefox is version 8 (yes, really) and Thunderbird? I can't remember but it's not 2. Update. Now. The same for Windows. Yes, there were six or so updates yesterday, it was Black Tuesday.
- Use something like ABP and NoScript. ABP - AdBlockPlus - kicks butt for removing scripts off of your page. Now it looks a bit like the iframe *may* have been an advert - or could be seen that way - but it gets stopped by the popup blocker. I'm not that bothered, I have my ABP stopping it, even if it's on a website / system I normally trust. ABP at least gives me the options of looking at things... NoScript is a pain to configure at the start, but that's the way it goes.
- Change your passwords regularly, and use complex ones, preferably using the first few or last few of a bunch of random words with some letters, numbers and punctutation thrown in. Read this - http://xkcd.com/936/ - for some background - but the concept is completely true. Password safes are to be recommended, but please use a real passphrase on the password safe and not just "mypasswords"...
- Defence in depth is the only way to go. Firewall on the outside, another one on the inside, software on the machines, AV updated regularly and preferably some kind of object reputation testing - is pretty damned essential if you're going to be messing - and the best bit is this: you are only ever as safe as the worst admin on all of the websites you surf. How good are they? Do you really, really know?
- Educate yourself on the important bits about computer security. What do your kids know? Where are they surfing? What are they trying to do? There was a great story on a forum about and 11-year-old who'd worked his way up from bikini girls to porn within a week. The only reason he'd been found out was through the browser history. Now, if dad didn't know how to deal with this stuff....
Get on top of at least the basics. Start now. Ask your kids for help if you need to, they'll enjoy the turnabout and it'll bring you closer together. You want something from me? Fine, ask! I will do what I can.
- The other nice bit is that the issue above might actually not have anything to do with the website, it could be a dodgy ad. You don't know and you can't prove it. It's not relevant anyway - wherever it came from, you don't want it and the best way around is to defend at all layers.
And keep a good, reliable, consistently updated backup or be prepared to lose all your data....When was the last time a hard disk of yours stopped working? Did you have a backup then?
- Bret
No comments:
Post a Comment