Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users.
Don't let that happen to you. Read on for descriptions of 11 of the most recent and most malignant security threats, as well as our complete advice on how to halt them in their tracks.
[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. | For more security tips, check out "How to create secure passwords you can remember." ]
Most tweets, and lots of other electronic messages, include links that have been shortened by services such as Bit.ly, Tr.im, and Goo.gl. The URL aliases are handy, but they pose a risk, too: Since short URLs give no hint of the destination, attackers can exploit them to send you to malicious sites.
Use a Twitter client: Programs such as TweetDeck include options in their settings to display previews of shortened URLs. With such a setting enabled, clicking a shortened URL within a tweet brings up a screen that shows the destination page's title, as well as its full-length URL and a tally of how many other people have clicked that link. With this information at your disposal, you can make an informed decision about whether to click through and visit the actual site.
Install a URL-preview plug-in: Several Web browser plug-ins and services perform a similar preview function. When you create a shortened address with the TinyURL service, for instance, you can choose an option to create a preview version so that recipients can see where it goes before clicking. Conversely, if you're considering visiting a TinyURL link, you can enable its preview service to see the complete URL. For the TinyURL previews to work, though, you must have cookies enabled in your browser.
ExpandMyURL and LongURLPlease both provide Web browser plug-ins or applets that will verify the safety of the full URLs behind abbreviated links from all the major URL-shortening services. Rather than changing the shortened links to their full URLs, however, ExpandMyURL checks destination sites in the background and marks the short URLs green if they are safe.
Goo.gl, Google's URL-shortening service, provides security by automatically scanning the destination URL to detect and identify malicious Websites, and by warning users when the shortened URL might be a security concern. Unfortunately, Goo.gl has limited application because it works only through other Google products and services.