If you are having trouble viewing this email, click here to view this online



   ISSUE 28

28 November  2013

Article of the Month  Around the World

Facebook and Social Media, how you can avoid getting in to trouble


If you are part of Generation Y then your daily life is all about being connected. Internet has revolutionized normal day to day life and people are addicted to social media.


  Social media in our lives now has become cannot dispatch partner, in which we've come to an era that we tend to have a look at our social media accounts even before getting off from the morning bed after waking up. Expanding one’s network to a great extent, Social media is a place where a one can gain knowledge in many areas. There’s nothing like making connections online via Facebook and other social networks. For some Twitter, it is the place where real-time conversations happen more often.
And social media can be used in many other ways too. For an example, Facebook is a good place for marketing purposes and data mining stuff. It’s a diamond mine for a one who deals with market pattern analysis. Facebook one single click leaves you what people like; accordingly you can set your product strategies.
While the Internet has provided an array of benefits and advantages to today's society, With all these advantages with internet and social media, its darker side has substantially emerged as well. Many a people get into trouble because of Facebook. Maybe their unawareness or maybe thanks to their negligence. Either way number of people who get into trouble because of Social media rises day by day.
There’re quite a few ways that you can get in to trouble. One way is Phishing. You get a link from a one of your well known friends and you click it. Then it asks for your Facebook or other account’s username and password. You enter relevant details and check what is inside it. Real problem comes after next. After sometime you can’t access to your Facebook account. Someone has hacked your account. But what happens really is something else. The link you get directed you to a fake web site. The link is the bait, as soon as you enter your details, those usernames and passwords are being collected by the site. The one who sent the link has the access to the site and that one can get your usernames and passwords easily. Afterwards you enter username and password, link will direct you to the real site whatever thing you wanted to check. To get rid of this,

• Don’t click on any links provided by unknown people.
• Don’t give any of your E-mail or Facebook account credentials for an example User Name, Password to anyone else
• Check whether the link is http or https especially in the link. Always use secure https connection.

• Stay within your “friend” list and don’t make any private information public on Facebook.
• Always check that you’re accessing the correct URL.

Another way that someone could get into trouble is sharing passwords. Most of the time girls confront an agonizing state of life due to social media sharing passwords with their boyfriends. By any chance if the affair breaks, then the fellow starts evaluating all possible ways to hurt the girl. So sharing passwords with someone else is really matter of concern. After someone gets to know your account details there are numerous ways that one can derail your normal day to day peaceful life.
So to get rid of these troubles, overall we can suggest few things. Do not deny these things at the expense of security and your good name.

• Always create password for online accounts is a critical factor for safer Social Media practice. Always use a password more than 8 characters long which consists of Uppercase letters, Lowercase letters, digits and symbols.
Main issue in using those digits & symbols in password is, it’s difficult to remember. For that, pick a wording easy to reminiscence and transform it with uppercase letters, Lowercase letters, digits and symbols as mentioned above.
For instance take Happy Birthday:
This can be now transformed to: h@ppY_b1rthd*Y
• Split your emails. Rather than linking Facebook, Twitter, newsgroups, forums, shopping and banking sites to one email address, use multiple addresses. As a minimum, use one for social activities and one for financial business.
• Use multi factor authentication wherever it is possible and it will help you to figure out if someone is trying to access your accounts using a different machine or without your knowledge.
Up above we discussed that how to prevent from internet harassments as always Prevention is better than cure. But if a one gets into trouble, yet there are options that you could take to get rid of such tantalizing situations. For an instance if it is a Facebook case first option is to go through Facebook’s Report option which has provided by the Facebook itself as for securing users privacy. If Facebook doesn’t take any action you can report to Sri Lanka CERT|CC by calling or emailing. In case of a cyber-harassment, Sri Lanka CERT|CC is the government authority that can help you.
Not only Facebook cases, from website hacking to any other internet crime, you can report to Sri Lanka CERT|CC.

Sri Lanka  CERT:
Tel: +94 11 269 1692 / 269 5749 / 267 9888

Poorna Chathura Wickremasinghe

Poorna is an undergraduate of the University of Colombo School of Computing who is currently following Bachelor of Computer Science(CS) Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC




 Microsoft Opens High Tech Cybercrime Center

“. . . Microsoft said Thursday that it has opened a new cybercrime center that combines the software giant's legal and technical expertise along with cutting-edge tools and technology and cross-industry expertise to combat cyber-crime..."

  The True Cost of Free in the Enterprise

'.... Because free often flies under the radar, IT and security teams are not actively monitoring for or thinking about these programs and frankly, can have little insight into their existence....'

Security Tools, Templates, Policies


'.... CSOonline's Security Tools, Templates & Policies page provides sample documents contributed by the security community.
Feel free to use or adapt them for your own organization.*

Want to provide a policy or checklist? Contributions are welcome, as is expert commentary on any of the articles here. We will add materials on an ongoing basis.Send your thoughts to Senior Editor Joan Goodchild at jgoodchild@cxo.com.

The New Bank Robbers: Emerging Cloud Threats


'.... Modern-day bank robbers aren't using masks and guns, but rather computers and social engineering.
As businesses move their intellectual property and client data into cloud technologies, it's clear that the new bank robbers are going to be found in the cloud........'

Eight Security Predictions for 2014

''.... 2013 was not an easy year in cyber security and we expect 2014 attacks will be even more complex. In a new report out today, Web sense Security Labs researchers collectively outlined eight predictions and recommendations for 2014. ....”

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in October 2013
 Fake + Harassment
 Gender wise
 Statistics - Sri Lanka CERT|CC


Malicious PDF Analysis Evasion Techniques

'.... In many exploit kits, malicious PDF files are some of the most common threats used to try to infect users with various malicious files. Naturally, security vendors invest in efforts to detect these files properly – and their creators invest in efforts to evade those vendors........'

Meet The Company That Tracks More Phones Than Google Or Facebook

'.... More than 400,000 apps now use the tool and, in return, funnel much of that user data back to Flurry. Flurry thus has a pipe into more than 1.2 billion devices globally and is inside seven to ten apps per device. It continuously triangulates among them all, collecting on average 3 terabytes of data each day.....’

Safer SmartphoneS - a guide to keeping your device Secure

'.... Smartphones are revolutionising how millions of us go online each day. We use them to make calls, send texts, check emails and run an ever-growing number of applications.But these devices may also carry some risks. Should your smartphone fall into the wrong hands, it is a potential treasure trove of information. If you download a rogue application, it’s even possible for hackers to hijack your phone without it leaving your side........'

How an epic blunder by Adobe could strengthen hand of password crackers Engineers flout universal taboo by encrypting 130 million pilfered passwords.


'...... Four weeks ago, Adobe disclosed a sustained hack on its corporate network that threatened to spawn a wave of meaner malware attacks by giving criminals access to the raw source code for the company's widely used Acrobat and ColdFusion applications........'

Bypassing security scanners by changing the system language



'..... So, what would happen if the setup language was not English, but Chinese or Portuguese? As their research showed, if the target SQL server doesn't use English by default, the scanners won't be able to find some obvious security problems.........'

Notice Board
  Training and Awareness Programmes - November/ December 2013
- 21-11-2013 "Safe use of Internet awareness" session for the pre service trainess Ruwanpura National College of Education


25-11-2013 to 13-12-2013 Animation and Graphic Training Programme for the academic staff serving in Zonal and Provincial ICT centers. National Institute of Business Management
- 02-12-2013 to 13-12-2013 Hardware Maintenance Training Programme for the academic staff serving in Zonal and Provincial ICT centers.  National Institute of Business Management
- 06-12-2013- 08-12-2013 Annual planning workshop Ruwanpura National College of Education

Brought to you by: