Internet Security

Time is money, so today I'm going to save you both by telling you what happens when your Facebook and Gmail accounts get hacked and how to avoid that fate, which is especially important for travelers. Until this happened to me, I thought strong passwords were for other people. Now a hacker knows where I went to school, where I bank and the names of my cats. Using free Wi-Fi hotspots while traveling and having weak passwords may have made me more vulnerable. I've spent countless hours trying to explain to everyone in my contact list that I am not stranded in London and those emails asking for money weren't from me. "Passwords should be long and strong," said Michael Kaiser, executive director of the National Cyber Security Alliance, a nonprofit public-private partnership focused on cyber security awareness and education.

The discovery of a significant flaw in software that was supposed to provide extra protection for thousands of websites has thrown the tech world into chaos as experts scrambled to understand the scope of the vulnerability. On Tuesday, Tumblr, owned by Yahoo Inc., became the largest website to disclose that it had been hit by the "Heartbleed Bug" and urged users to change not just the password for its site but for all others as well. Signaling just how much uncertainty and confusion surrounds the glitch, security experts warned that such a gesture might actually be useless because if a site has not fixed the problem hackers could just as easily steal the new password.

??????Here is a roundup of alleged cons, frauds and schemes to watch out for. Super Bowl cyber attacks For many people, Super Bowl Sunday was an opportunity to get together with friends, eat some good food and knock back a few cold ones. Computer security experts say it was also a big day for cyber criminals, who were targeting the millions of people using their home computers to keep up with the game, visit gambling websites and chat about the commercials. Internet security company PC Tools suggested in a news release that computer users be careful when visiting file-sharing websites that offer links to game or advertisement videos because these links can contain harmful malware.

SACRAMENTO - Californians who use the Internet will get new protection against identity theft and tracking of their personal data under a cluster of bills signed into law Friday by Gov. Jerry Brown. One measure requires state agencies and businesses that operate websites to notify people when security information, including their user names and passwords, has been breached. "Many consumers now conduct their day-to-day personal business online, including banking and paying bills, which creates more opportunities for sophisticated cybercriminals to access and steal their personal information," said Sen. Ellen M. Corbett (D-San Leandro)

The first line of defense against cybercriminals is to have the companies and individuals who connect to the Internet hew to industry standards for minimizing risks. Many of them have so far failed to do so, however, enabling hackers to steal trade secrets, knock sites offline and vacuum up credit card numbers. Sadly, a new Senate bill aimed at improving cybersecurity wouldn't address those security gaps as forcefully as its sponsors originally proposed. But at least it's better than the alternative that passed the House.

The Clinton Administration on Thursday proposed relaxing its policy on government access to computer communications, opening the way for increased exports of certain software products next year. The new policy would permit export of software containing more powerful encoding abilities, hopefully preventing security problems on the Internet. The proposed shift came as Mountain View, Calif.-based Netscape Communications Corp.

The recent blitz of "denial of service" attacks on the Internet raises great concern and uncertainty with regard to the viability and the power of the Internet. Many of the most popular Web servers were shut down for hours with attacks such as "smurfs," "Tribe FloodNet," trinoo, ping storms, etc. These attacks operate by seizing hundreds, even thousands, of surrogate computers (e.g.

WASHINGTON - As head of the FBI's cyber crimes division, Shawn Henry often had to deal with exasperated company executives after his agents informed them that their networks had been hacked and their secrets pilfered. "By whom?" the company officials would ask. "What have they taken? Where did it go?" "Sorry," Henry's agents had to reply, "that's classified. " Even though the FBI in many cases had evidence the attacker had been backed by a foreign intelligence agency, agents couldn't disclose it because the U.S. government believed doing so could compromise top-secret sources and methods.

BEIJING - For a 25-year-old computer whiz enlisted in a People's Liberation Army hacking unit, life was all about low pay, drudgery and social isolation. Nothing at all like the unkempt hackers of popular imagination, the young man wore a military uniform at work in Shanghai. He lived in a dorm where meals often consisted of instant ramen noodles. The workday ran from 8 a.m. to 5:30 p.m., although hackers were often required to work late into the evening. With no money and little free time, he found solace on the Internet.

The Irvine provider of Internet security products said it lost $2.4 million, or 24 cents a share, for the second quarter, compared with a net loss of $1.5 million, or 31 cents a share, for the same period last year. Revenue climbed to $9.1 million from $2.7 million.

BEIJING - For a 25-year-old computer whiz enlisted in a People's Liberation Army hacking unit, life was all about low pay, drudgery and social isolation. Nothing at all like the unkempt hackers of popular imagination, the young man wore a military uniform at work in Shanghai. He lived in a dorm where meals often consisted of instant ramen noodles. The workday ran from 8 a.m. to 5:30 p.m., although hackers were often required to work late into the evening. With no money and little free time, he found solace on the Internet.

More than 30 journalists and executives at western news organizations in China, including the New York Times, have had their computers hacked, according to Mandiant, a security firm that monitors such attacks. Over the last four months, the hackers managed to infiltrate the Times' computers, the newspaper reported Thursday. In a lengthy piece, the newspaper said the hackers had penetrated its computers and obtained passwords for reporters and other employees. The hackers have been blocked and security tightened to prevent another attack, which followed an investigation by the paper into finances of relatives of Wen Jiabao, China's premier.

Microsoft has released a temporary fix for its Internet Explorer browser, which the company says has a security hole that could allow hackers to take over a computer. The security hole, which Microsoft confirmed over the weekend, affects Internet Explorer versions 6, 7 and 8, and could allow malicious code, placed on some unsuspecting websites, to be embedded in a computer system after the browser visited the site.  “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft wrote in a security advisory released Saturday.

WASHINGTON - As head of the FBI's cyber crimes division, Shawn Henry often had to deal with exasperated company executives after his agents informed them that their networks had been hacked and their secrets pilfered. "By whom?" the company officials would ask. "What have they taken? Where did it go?" "Sorry," Henry's agents had to reply, "that's classified. " Even though the FBI in many cases had evidence the attacker had been backed by a foreign intelligence agency, agents couldn't disclose it because the U.S. government believed doing so could compromise top-secret sources and methods.

The first line of defense against cybercriminals is to have the companies and individuals who connect to the Internet hew to industry standards for minimizing risks. Many of them have so far failed to do so, however, enabling hackers to steal trade secrets, knock sites offline and vacuum up credit card numbers. Sadly, a new Senate bill aimed at improving cybersecurity wouldn't address those security gaps as forcefully as its sponsors originally proposed. But at least it's better than the alternative that passed the House.

WASHINGTON -- Activists and lawmakers are geared up for a final push against the latest Internet security legislation, calling on Congress to reject or dial back the Cyber Intelligence Sharing and Protection Act (PDF) because of the considerable power it would give government to examine Americans' online activities. A number of amendments already have been made to the bill as its supporters have tried to secure passage - - a vote is likely on Friday - - by clearing up ambiguities regarding what the law would allow the government to do. CISPA's supporters portray it as a bill focused on opening up communication between the government and private entities for the purposes of sharing information about imminent or emerging cyber security threats, with particular emphasis on those that threaten national security from foreign sources.

The Irvine provider of Internet security products said it incurred a net loss of $2.6 million, or 9 cents a share, for the first quarter, which included one-time charges of $1 million related to an acquisition. The company earned $3.1 million, or 12 cents a share, a year earlier. Revenue advanced 10% to $40.2 million.

* Pilot Network Services Inc., an Internet security company that helps protect corporate computer networks against attacks, disclosed plans to go public amid soaring demand for Internet stocks. The Alameda-based company filed with the Securities and Exchange Commission for an initial public offering that could raise as much as $56 million.

A major cyber-attack in Europe that apparently was launched from Iran has revealed significant vulnerabilities in the Internet security systems used to authenticate websites for banking, email and e-commerce around the world. The attack this summer wreaked havoc in the Netherlands, where the justice minister on Sunday warned the public that the only secure way to communicate with the Dutch government was with pen, paper and fax machine. The digital assault compromised a Dutch company called DigiNotar, which issues digital certificates, computer code that assures browsers that a website is what it appears to be. The certificates also encrypt communications between the user and the site so they can't be intercepted.