There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

Browsing the web via a PC or mobile phone isn't without its security risks. In fact, they're growing, day-by-day. Whether its network worms, phishing emails, drive-by downloads or data sniffed from an open wireless network - we're all at risk. To use a computer safely in the 21st century, you have to be prepared to combat a growing number of constantly evolving security threats.

But for every potential pitfall that malware hunters expose and neutralise, there seem to be five more waiting for a careless PC user to plummet into. Your job is to anticipate and evade a vast array of cleverly devised booby traps meant to catch the unwary.

We've addressed the 17 top security threats that you might not be aware of, together with advice on how to defeat them.. The internet's smash-and-grab practitioners and con artists make a living off victims who fail to recognise the tricks of their trade. Failing to take precautions against the current wave of threats is akin to driving cross-country without a spare tyre: you might get away with it, but setting off unprepared for trouble can be expensive and very inconvenient if your luck goes bad.

How to beat card skimmer scams and other money drains

When you think of technology security scams, you think of dangers to your PC more often than the dangers to your pocket. However, both are at risk, we've looked at the biggest scams and how to avoid becoming a victim.

ONLINE PRICING SCAMS

Why you should care: Online stores may take advantage of you.

Scenario: If it seems that five minutes after you searched for an item at an online shop, the price went up, that may not be a figment of your imagination. Prices at big online retailers like Amazon fluctuate almost hourly - based not only on supply and demand, but also on consumer interest level.

If a company determines that you have a strong interest in a particular product, it might hike the price by a few pounds to see whether you're still willing to bite.

The Fix: If you're smart, and refuse to pay more than what you consider a reasonable price, check out the free Amazon PriceWatch tool, an IE or Firefox plug-in that monitors a particular item, and alerts you when the price for that item falls below the threshold amount you set.

NEXT PAGE: Card skimmer scams

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

CARD SKIMMER SCAMS

Why you should care: You can't trust your cash machine.

Scenario: Caroline Knorr usually trusts ATMs, unfortunately, an unknown criminal had placed what's known as a card skimmer device on her cash machine - a plastic housing stuck on top of the ATM's card slot. The skimmer's internal memory records the data from a card's magnetic strip, while another device monitors the ATM's keypad and records the PIN code. Using that information, a thief can manufacture a card and use it at another cash machine immediately. This is exactly what happened to Ms Knorr.

Within 24 hours of her deposit, there were two £348 cash machine withdrawals from her account from different banks, 25 miles away. "I had a really sleepless night that night because we'd had £696 stolen from us. How do you prove that an ATM withdrawal wasn't done by you?" she says. The following morning, there was another £348 withdrawal from a bank 300 miles south of the first transaction.

"The bank said they would credit our account back for the money that was taken out. We just wanted to know how did [the crooks] do it, how did they take the money? My husband thought at first that it was an inside job." But the bank told them that they weren't the only victims.

"In the period between the last two weeks of November and the first two weeks of December, the bank said that a couple hundred victims had had their card numbers stolen."

Thinking back, Knorr "did notice that there was a thing around the card slot. It didn't really register - how often do you scrutinise the card slot on your ATM? But I did notice that something didn't look right... I definitely registered that it looked different".

Knorr's bottom line? "I feel like I don't want to use an ATM ever again, I just want to go inside the bank to do my business."

The Fix: Skimmer devices have become extremely sophisticated. Your safest bet is to familiarise yourself with an ATM's outward appearance, and pay attention to the card slot itself: If there's an unexpected part or sheath surrounding the card slot, either use another ATM or make your transactions inside the bank.

NEXT PAGE: How to plug security holes in your browser

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

How to plug security holes in your browser

You depend on your web browser to link you with the information you need every day. But don't let your browsers' bank information about you that may be damaging or embarrassing.

BROWSER HISTORY SNOOPING

Why you should care: Maintaining your online privacy can save your job - and your marriage.

Scenario: Just because you think you have nothing to hide doesn't mean that your PC's record of your browsing history can't get you in trouble. In the absence of any clarifying context, an observer might easily misconstrue entries in a list of sites you recently visited.

The Fix: Try using your browser's private browsing feature - but don't depend on it. Long a feature of Apple's Safari browser, private browsing is praised as a way of surfing the web without leaving a trail of addresses behind you. Once you turn on Private Browsing in Safari, Apple says, you won't leave any traces of the sites you subsequently visit.

Add-ons for the Firefox browser and Internet Explorer 8 offer Windows users the same benefits. Distrust gives Firefox 2.x and 3.x users a way to manage their browsing history, though some files that Firefox temporarily writes to disk don't get erased until the end of the browsing session. But no browser can completely prevent sites from tracking your visit. For maximum anonymity, you need to use a service such as the fee-based Anonymizer or the free Tor.

TELL-TALE BROWSER CACHE

Why you should care: A browser's cache is a treasure trove of valuable personal information.

Scenario: Maybe you've just received some bad news from your doctor and you do some web research on the topic, or perhaps you've been shopping for the perfect engagement ring, but don't want your other half to get wind of the sites you've been visiting in case it spoils the surprise.

Designed as a way to speed up surfing, the cache keeps copies of the text, images, and other snippets of code from the web pages a person visits. Obviously, you could learn a lot about someone's surfing habits and interests by dumpster-diving in this collection - much more than by just looking at the browser's History list.

Other saved content might include the text of email messages read via webmail. For some time, Firefox, Safari, and some other browsers have given users a lot of control over cache trashing, but IE8's InPrivate browsing mode is the first that lets users delete the browser's history, cookies, and Registry traces that would enable someone to retrace your online steps. Nevertheless, it doesn't render the cache a clean slate.

The Fix: The best way to keep things clean is to prevent the browser from leaving anything on the hard drive. There are two ways to achieve this objective: instruct IE to save its cache to a portable drive that you keep plugged in whenever you need to use the browser, or use a software utility to wipe the cache securely after you're done surfing.

You can do the former (using IE) in four steps: open the Internet Options control panel, click the Settings button in the Temporary Internet Files section, click the Move Folder button, and navigate to a folder on your external drive. To do the latter, try an excellent free tool called Eraser, which securely deletes browser cache files (and other data) by overwriting the files numerous times.

NEXT PAGE: How to protect your online passwords

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

How to protect your online passwords

It seems so unfair: though it's difficult for us to remember all of the passwords to all of the sites and software we use, losing control of them is a big security issue. Here's some advice to help you avoid two common security problems involving passwords.

EASY-TO-GUESS PASSWORDS

Why you should care: Your passwords are the keys to everything you've locked inside.

Scenario: When someone broke into Sarah Palin's Yahoo mail account and published details that it contained, the incident drew public attention to a serious problem. You can generate an awesome, complex, random password for your webmail account, but if the information you provide in the 'secret questions' section of your online profile is obvious or easy to obtain, a hacker won't have too much trouble convincing the webmail service's password-recovery mechanism to hand over the password on a platter.

These days everyone has a LinkedIn account, a Facebook profile and a Twitter feed, and these information middens make it all too easy to guess the answers to commonly used security questions such as the secondary school you attended or the name of your dog. You may have blogged about both of those things half a dozen times or more.

The Fix: Use a password manager religiously, and back up your password files. Using Bruce Schneier's Password Safe is a good place to start. And once you've created a random, unguessable password, generate a second, different password in the manager to use as the answer to the inevitable 'mother's maiden name' question (or questions). Mum may not appreciate being identified in some password bank as Miss 7#BrE_r, but no one will ever guess that that's how you listed her in your 'secret questions' data sheet.

NEXT PAGE: Why you should care about password protection With Public PCs

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.


PASSWORD PROTECTION WITH PUBLIC PCs

Why you should care: You may have to use dangerous public PCs in a pinch.

Scenario: While on a business trip, you check your email at the PC in your hotel's lobby. Here's why you shouldn't: It's distressingly common for public PCs in places like schools, cybercafés, trade shows, and libraries to be infected with password-stealing Trojan horses. In many instances these public PCs are not closely monitored by their owners, so they tend to get infected often and to be cleaned of infections infrequently.

And since scores of casual visitors use them to log into email or other services, data thieves view these PCs as an efficient source of harvestable information, which they then sell to spammers and other unsavoury types.

The Fix: If you can reboot the PC, your safest alternative is to carry a copy of the Knoppix bootable operating system on a CD, DVD, or flash memory drive; you can customise your build with up to 2GB of internet tools, productivity apps, and utilities. But if you have to use the machine's own Windows installation, you're better off running your applications from a portable drive using the excellent tools available from PortableApps.com. This site hosts dozens of apps that have been 'portabilised' so that they store all temporary files, cache files, and history on the portable drive itself.

To protect yourself from malicious software that may be lurking on a public PC, scan the machine with the portable (and free) ClamWin antivirus software, and carry your own customised (and portable) browser, office apps, IM clients, and secure file-transfer tools. There's even a useful password manager tool; you should change, as quickly as you can, any password that you've entered while using a public PC.

NEXT PAGE: How to safeguard your online security

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

How to safeguard your online security

Social networks are fun to use, helpful for job hunting, and great for keeping in touch with friends, business contacts, and relatives. The downside: The bad guys know you're using these networks like crazy, and they're gunning for you.

SOCIAL NETWORKING TRAPS

Why you should care: Sneaky sociopaths are using social network sites to infect, phish, and spam you.

Scenario: A message from one of your friends shows up in your inbox, sent via a social network site that you use regularly, such as Facebook.

The message promises a big laugh, and points to a website you've never heard of. You think you can trust it, so you click the link - and the next thing you know, your PC is misdirected into a phishing page that steals your log-in details or to a drive-by download site that infects your system with a password-stealing Trojan horse. Your friend says she never sent you the message.

Whether the culprit is a fake LinkedIn profile page that serves up dangerous URLs or a bogus Twitter message that purportedly comes from our friends, social networks are rapidly becoming the newest medium for malware attacks. As operating systems and applications became harder to hack directly, online criminals realised that it was much easier to fool people into clicking bad links, opening dangerous files, and running malicious software. And the best place to exploit the trust between friends and colleagues is in the mechanisms of the social network itself.

By now, most internet users are savvy enough to recognise spam email. But what about a spam tweet that seems to come from someone in your circle of friends and takes you to a page that looks almost exactly like the one you use to log in to Twitter? A week may go by, and suddenly the data thieves who now control your account begin sending messages with URLs - some of which perform drive-by downloads and infect the recipients' PCs with malware - to everyone in your social network.

Facebook and MySpace users have already had to deal with a number of worms and other nasties that spread independently of any action taken by the account holder. Expect more of these automated attacks in the future.

The Fix: If you think that your social networking account details have been compromised or stolen, report your suspicions to the site's support team immediately. Change your password frequently, and avoid clicking links that purport to send you back to the social network site. Instead, type the site's address directly into your browser (or follow a bookmark you've previously saved) to get back to your account.

NEXT PAGE: How to avoid credit card exposure online

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.


CREDIT CARD EXPOSURE ONLINE

Why you should care: Resolving fraudulent credit card charges can be a messy, time-consuming process.

Scenario: Scanning your email, you see a message from a large online retailer notifying you that an order you recently completed is ready to ship - but you didn't order anything. You follow a link in the message that supposedly leads back to the site's log-in page, which contains a web-based form that lists the wrong credit card number and address for your account and requests that you fill in the correct information so that the company can initiate its dispute resolution process.

So you enter the card number, the card's expiration date, your billing address, the card verification value (CVV) number printed on the back, your birth date, and your dog's favorite flavour of Pedigree Chum. In your rush to correct the 'mistake', you've just delivered your card details right into the hands of savvy phishers.

You may not pay for the fraud directly and immediately, as banks generally refund the fake purchases, but all credit card users bear the burden in the form of fees and interest rates that factor in the cost of fraud to the credit card issuer.

In addition, you'll spend considerable time cancelling credit card accounts, getting new cards issued, checking your credit reports, and changing the numbers in various accounts if you use them for automatic payments.

The Fix: Some banks still offer single-use, 'disposable' credit card numbers - you log in to your bank's website and identify the total amount of your purchase from the relevant online shop, and the banking site responds by spitting out a ‘credit card' number that can be used only for that amount and at that online store.

NEXT PAGE: Google and your privacy

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.


GOOGLE AND YOUR PRIVACY

Why you should care: Any business that maintains so much information about you puts you at risk of having that data abused.

Scenario: Google seems to be everywhere these days. Aside from running an exemplary search engine, the company offers services for sending email, receiving news feeds, and shopping. Furthermore, many of your favourite websites probably use Google to serve ads, syndicate content, or even track their own performance. Your Google account is like a diary of everything you do online: it can track your surfing behaviour and even show you trends that you may not be aware of.

The sheer breadth of information that Google handles for people is startling: email, instant messaging, VoIP phone calls, photos, maps, finance and investment portfolios, home and work addresses, reading preferences, video interests and assessments, online purchases, most frequent searches, and clicked-on search results. Can you trust a commercial enterprise that has so much valuable information about you at its disposal to live up to its ‘don't be evil' corporate mantra? That remains to be seen.

The Fix: You can partly extricate yourself from Google, but don't assume that the big G isn't still all around you. Change the default (Google) search settings in Firefox if you must; stop using Gmail, iGoogle and your Google Account if you're really concerned. But so many sites now incorporate the company's AdSense, Analytics, and syndication components that going off the Google grid may be virtually impossible for anyone who uses an internet connection.

NEXT PAGE: How to keep your mobile phone info private

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

Keep your mobile phone info private

As mobile phones get smarter and smarter, we tend to store massive amounts of personal and business data on them because they're small, convenient, and mobile. But don't let a trade-up become a personal data security disaster.

Also, if you think email phishing is bad, steel yourself for a new varient called 'vishing' that relies on persuading victims to reveal their personal information over the phone. And finally, be aware of possibility that smarter phones can lead to snoopier phones (think Android).

WIPE YOUR MOBILE PHONE

Why you should care: You may realise too late that you just sold your message archive and address book to someone for the price of a used smartphone.

Scenario: When the news broke last year that John McCain's headquarters sold staffers' BlackBerrys filled with email messages and call records dating back months, as well as a contact list of every major political player in Washington, there was enough egg to liberally coat the faces of everyone at campaign headquarters. Remember, it takes only five minutes to reset a smartphone to its factory-default state. But the McCain campaign is hardly alone in its failure to take this simple precaution. Anyone can buy a used smartphone, and many sellers simply box it up with its data intact before transferring ownership.

The Fix: Before you ditch an old phone, use your phone's reset codes or menu options to clear your message archives and your contacts list.

Visit Mobile Advisor for the latest mobile phone news, reviews, tips & tricks, as well as PC Advisor's unique Apple iPhone 3G Spotlight

NEXT PAGE: Voice phishing and T-Mobile's G1

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.


VOICE PHISHING (aka 'Vishing')

Why you should care: This gambit is just one more method at the disposal of conscienceless creeps who want to steal your bank card numbers.

Scenario: Here's how vishing works: you receive an email or get a prerecorded voice message (purportedly from your bank, or PayPal, or some other financial institution) informing you that a large transaction- one you never performed - has been held up. The message includes a free telephone number that you should call right away to deal with the situation. You're supposed to think: 'Spam fraud always involves a URL, right? This phone number must be safe'.

But you'd be wrong. You dial the number, and a voice menu prompts you to key in your card number before it transfers you to a company representative. The vishers ask you to enter other information as well, such as the expiration date and/or the CVV number printed on the back of your card. If they're bold, they may even ask you for your billing address's postcode and your birth date. If you act without thinking clearly, you might give them everything they ask for. At this point, they have your number - literally - so they may just hang up on you or put you on hold indefinitely.

The Fix: If you get a fishy (vishy?) call or email, ratchet up your suspicion meter. Never call the number provided in an unsolicited email or voicemail message to follow up on some mystery purchase; instead, dial the bank's number printed on the back of your card. Report vishing attempts to your bank.

T-MOBILE'S SNOOPY G1 PHONE

Why you should care: This Google Android-based device may be the nosiest phone ever.

Scenario: Virtually everything you do on Google's Android mobile phone platform (the one used on the T-Mobile G1) is mirrored to the user's Google Account web page. Every email sent, every calendar entry created, even every website visited gets catalogued. The phone's ability to locate itself by radio tower and by GPS may make it highly trackable.

Among the downloadable applets that you can use with the T-Mobile G1 are tools to track the phone's position on a web page or via text coordinates you can plug into a map, and tools to show you other Google Android users within a 10-mile radius. Many of the downloadable applications have access to your phone logs and phonebook, and have permission by default to connect to the internet.

The Fix: For many people, these features are useful and welcome. But if you're seriously interested in privacy, think twice before committing to the G1. We recommend waiting until Google tweaks the Android software to protect you better - or buying a different phone.

NEXT PAGE: How to lock down the data in your apps

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

How to lock down the data in your apps

Your everyday office applications store more hidden information in the documents you create and work on than you may be aware of. Here's how to make sure you don't make data public that should remain private.

HIDDEN DATA IN YOUR DOCUMENTS

Why you should care: Embarrassing comments or proprietary information may reach unintended audiences.

Scenario: You're the accountant for a company whose board of directors has asked you to provide an executive summary of expenditures and revenue - a task that requires you to collaborate with several people. The draft of your report - written in Microsoft Word - changes hands for several days as various participants insert notes, questions, and maybe even a few impolitic gripes.

You clean up the document before submitting it to the board, but the comment 'Do they really expect people to buy this crap?' (along with the name of the person who added it, and the time and date of its creation) hasn't vanished - it's simply hiding.

Among the types of metadata that spreadsheets, Word documents, and PowerPoint presentations may retain in hidden (but readily discoverable) form are the name and initials of anyone who has ever written or edited the document; template data; document revisions; editing comments; the name of your computer, the company whose name appears in the licence information for your copy of Microsoft Office, and the name of the hard drive or server where you saved the document.

Embedded information such as file server names or user names - which often get recycled as log-in credentials - make data theft that much easier for a corporate spy. If you wouldn't publish the details of your company's internal network for the whole world to see, why would you give away chunks of that information embedded in the documents you produce for the web? Some of this information is readily available, while extracting other parts from the document may entail using binary-level file editors.

The Fix: For Office XP and 2003, you can download Microsoft's Remove Hidden Data tool. For Office 2007 documents, you can use the Document Inspector command to view and (optionally) delete unwanted metadata remnants from Word, Excel, and PowerPoint files.

NEXT PAGE: Unsuccessful redaction

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.


UNSUCCESSFUL REDACTION

Why you should care: Allowing sensitive private data to reach the public through carelessness reflects badly on you.

Scenario: Academics, medical researchers, and courts of law sometimes need to publish versions of their private research notes, data, or reports for public consumption. When these documents contain sensitive personal information - names, National Insurance numbers, street addresses, and phone numbers - it's often easier to redact, or cover up, those parts of the document, rather than revising the original file.

The black bars that cover the names of people, locations, and dates in printed documents are adequate for a paper report, but digital documents are another matter. There have been high-profile instances in which third parties easily uncovered supposedly redacted information because the person working with the document didn't know that anyone equipped with the full version of Adobe Acrobat can remove a black bar painted over text in a PDF file.

If you need to release information publicly without disclosing sensitive details, you must take care that the redactions you make are irreversible.

The Fix: In Word documents, it's easy to save a new copy of the file that you plan to redact: Make that sure Revisions Mode is turned off, and then type text over the text you need to redact. To redact content in PDF files, you must either use a third-party plug-in (such as Appligant's $249 (£173) Redax utility) or cover the text with black bars in the PDF file, convert the PDF to a TIFF image, and then reconvert the TIFF to a PDF. The only downside is that readers lose the ability to search text in a PDF that has been converted in this way.

NEXT PAGE: How to stop operating-system attacks

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.

How to stop operating-system attacks

Your PC's operating system is under constant threat of invasion, whether the attacker's aim is to spread malicious malware or to convince you to buy protective software that is really just a rip-off. Here's how to stand guard.

FAKE ANTI-MALWARE OFFERS

Why you should care: Bogus security apps will take your money but won't clean your PC.

Scenario: Fraudulently advertised, ineffective antimalware ranks among the fastest-growing types of online scams. Products with names like DriveCleaner, WinFixer, Antivirus XP, and Antivirus 2009 are touted through online ads that simulate Windows alert messages, warning you that your computer is infected with some sort of malware and advising you to buy a particular antivirus product to fix it.

Some purveyors of sham utilities embed warning messages directly into the Windows desktop, pop up messages from a System Tray applet, and install a program that generates a realistic-looking blue screen of death crash to convince you the problem is serious.

But these scareware tools only pretend to scan your computer for malware, detecting either innocuous, commonly used Registry keys or non-existent (or planted) alien files. Even worse, many of these programs disable key components of Windows - such as the Registry editor or Task Manager - or deactivate options within Windows' Display Properties settings to prevent you from killing the programs or removing the alert messages.

People are especially susceptible to these snake-oil packages because the debased sellers charge a seemingly reasonable fee, often £30 a pop, for them.

The Fix: A legitimate malware remover - one that independent testing has objectively demonstrated to be effective - should be able to deal with the immediate problem of an adware program that won't let you remove it. Check your security software to see if it will do the trick.

NEXT PAGE: Zero-day attacks

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks

There are huge security risks associated with all aspects of technology, whether you browse the web, social network or even use a mobile phone. We've rounded up the 17 biggest threats and shown you how to fix them too.


ZERO-DAY ATTACKS

Why you should care: A PC is most vulnerable to attacks launched before the software maker has devised and released the necessary fix.

Scenario: For a number of years, Microsoft has scheduled the release of most of its security patches for the first Tuesday of each month. But in the final quarter of 2008, two security patches for Internet Explorer were so urgent that the company released them immediately, without waiting until the next 'Patch Tuesday' rolled around.

Such off-schedule releases are known as 'out-of-band' patches. The release date for each was rushed forward when experts detected attacks in the wild that exploited vulnerabilities corrected by the patches.

Microsoft's need to release an occasional out-of-band patch is perhaps inevitable, and the company delivered the two IE patches with commendable speed. But the occurrence of two high-profile, out-of-band releases within two months might signal a worrisome trend.

The Fix: Obviously, Windows' Automatic Updates will eventually install the patches you need. But the Automatic Updates tend to roll out slowly, leaving your PC vulnerable during the critical time between the public release of the patch and the moment when you install it.

There is no technical fix for this danger. You just have to keep up on the latest security news and visit update.microsoft.com as soon as you hear about any out-of-band patches, rather than waiting for Automatic Updates to kick in.

MALWARE FOR MAC USERS
Why you should care: overconfidence may breed lax security practices among Apple adherents.

Scenario: Do criminals avoid targeting the Mac OS because the operating system's security profile is superior to Windows', or is it simply a numbers game? Advertising that touts the Mac's supposed invulnerability to invasive attacks has encouraged arrogant obliviousness among Apple users toward their beloved OS's shortcomings. In fact, Macs are subject many kinds of security problems, including malware that employs deceptive techniques to fool users into installing it.

Not only has the Mac OS proved to be riddled with dozens of security vulnerabilities (as evidenced by 61 security-related patches last year), but it has been targeted by DNSChanger malware (also widespread on the Windows side of the fence), which modifies a computer's DNS server settings.

If bad guys can control where your computer resolves domain names, they can steer your browser to any server of their choosing, which gives them a big advantage in promoting phishing schemes and which may enable them to replace legitimate web advertisements with ones that they stand to make a commission from.

The Fix: If you use a Mac, don't assume that your system is impregnable. You need to keep up with security updates just as Windows users do - both the automatic updates from Apple and patches for third-party software (such as Adobe Reader, Flash, Java, and Office) whose makers may not automatically alert you that a new version is available. If your Mac contracts either the DNSCharger Trojan horse, you can download a removal tool from SecureMac.

  1. We show you how to fix them too
  2. Card skimmer scams
  3. How to plug security holes in your browser
  4. How to protect your online passwords
  5. Why you should care about password protection With Public PCs
  6. How to safeguard your online security
  7. How to avoid credit card exposure online
  8. Google and your privacy
  9. How to keep your mobile phone info private
  10. Voice phishing and T-Mobile's G1
  11. How to lock down the data in your apps
  12. Unsuccessful redaction
  13. How to stop operating-system attacks
  14. Zero-day attacks