You might know that I'm a bit of a computer nerd. But not just any run-of-the-mill computer nerd. A security computer nerd. That means I help people understand their security risk and formulate plans to address it.
Usually, I keep this confined to my employer and my family, for whom I am general purpose IT. Although I don't get a kick out of configuring their routers and setting up their new computers (ok, that part is fun) I do get a sense of fulfillment when I make them as secure as they can be.
The top two threats I see facing the average computer user are phishing and drive-by web browser compromises.
Even if you don't recognize the term, "phishing," you would recognize it when you see it. All those goofy emails that you get from UPS or Bank of America telling you that you need to do something right away or your package will go missing or your account will be closed... those are phishing attacks. You aren't expecting a package and you haven't banked with Bank of America since it was Seafirst, but maybe you should check it out.
PWND
Now they have your login and password. Heaven forbid you entered a credit card number or your Social Security number.
Unfortunately, other than telling you not to click on any link you get in email from an unexpected source there's little I can do to help you defend against phishing.
Drive-by attacks, though, I can help with. A drive-by attack, targeting your web browser (Safari, Firefox, Chrome, Internet Explorer, etc.), occurs when the attacker either convinces you to go to a site they control ("Hey! Click this! It's got dancing cats!") or they poison a site you just happen to visit. If your browser is vulnerable their attack may succeed and you'll be...
PWND
So how do you defend? Simple. Stop using the Internet. No? Then make sure you're patched. Of course, knowing whether you are fully patched can be tricky unless you have a tool to help you check.
Rapid7 makes security tools that I use in my professional life. (I'm just an amateur here.) One of these tools will check your browser for vulnerabilities and give you advice on how to fix them.
Click on this link and you'll go to a page that will test your browser.
If you're vulnerable, take a look at the recommendations for patching software like Java, Quicktime, and Adobe products. If you're not vulnerable, wow. Congratulations. You might want to check back here every once in a while to make sure you stay patched. (Seriously, wow. Good job.)
I hope this helps. I wish I could do more, but I can't support everyone. Except family, you get a free pass.
(For more information security tips click here.)
