First Step News and Notes ...

Take the online privacy quiz

Do you blog and post pictures that chronicle your everyday activities?  

Or are you more likely to request that your name be removed from online directories?

Take this short quiz to find out about your privacy profile. Help keep safe from fraud and identity theft.

For more information about online privacy, see Data Privacy Day.

From the Washington Post Security Fix Blog: Microsoft Plugs Three Windows Security Holes

Microsoft today issued a critical software update to plug at least three security holes in its Windows operating systems. The patch, which applies to all supported versions of Windows, is available from the Microsoft Update Web site, or via Automatic Updates.

From the Washington Post Security Fix Blog : Tricky Windows Worm Wallops Millions

A sneaky computer worm that uses a virtual Swiss army knife of attack techniques has infected millions of Microsoft Windows PCs, and appears to be spreading at a fairly rapid pace, security experts warn.

The worm, called "Downadup" and "Conficker" by different anti-virus companies, attacks a security hole in a networking component found in most Windows systems. According to estimates from Finnish anti-virus maker F-Secure Corp., the worm has infected between 2.4 million and 8.9 million computers during the last four days alone.

From the Washington Post Security Fix Blog: Caveat Emptor: Watch Out for Phantom Stores

Most people are proud to say they would never fall for a phishing scam, that they would never give their personal and financial information away at fake banking sites, just because someone asked them to in an e-mail. But how many people will use that same common sense when a too-good-to-be-true bargain presents itself at a no-name online electronics shop?

From the Washington Post Security Fix Blog: Firefox 2 Users Will Get No More Security Updates

Put simply: If you want to keep using Firefox safely, you're going to need to upgrade to Firefox 3. The latest version of the popular browser received mixed reviews on its release, but Mozilla appears to have done a good job ironing out the kinks since then. Most notably, Firefox 3 consumes far less system memory than older releases.

Are you running Firefox 2, or (gasp!) some Firefox 1.x version of the browser? Not sure? Click "Help" and "About Mozilla Firefox" to find out. Firefox 3 is available here.

From the Washington Post Security Fix Blog: Would You Like an Update With Your Java?

Sun Microsystems has released a security update to its Java software. Since cyber criminals have a history of targeting Java vulnerabilities, and because at least 800 million computer users have some version of Java installed, it's probably time for most readers to update this program.

Not sure whether you have Java or the latest version installed? Check out this link.

From the Microsoft Security Tips Blog :

Warning: Financial crisis is a goldmine for online criminals

Criminals are taking advantage of the confusion over recent bank mergers in the United States to send out fake e-mail messages in an attempt to steal your personal information.

For more information about this scam, see Consumers Warned to Avoid Fake E-mails Tied to Bank Mergers.

 

To help avoid phishing scams:

 

If you think you're received a phishing scam, do not respond to it.

Approach links in e-mail with caution.

Don't trust the sender information in an e-mail message.

 For more guidance see:

 

Recognize phishing scams and fraudulent e-mail

How to handle suspicious e-mail

What to do if you've responded to a phishing scam

From the Microsoft Security Tips:

Criminals use fake virus warnings

According to research from North Carolina State University, even sophisticated Internet users can't tell the difference between real and fake warnings about Internet security.

These fake warnings, which might appear in pop-up windows as you surf the Web, are designed to trick you into downloading malicious software. They're known as rogue security software, and they can appear under many different fake product names.  

According to Microsoft's latest Microsoft Security Intelligence Report, rogue security software sightings are increasing as social engineering becomes a more popular vehicle for fraud.

 

To learn more and to see an example or one of these warnings, see Beware of rogue security software.

Microsoft security updates for November 2008

Learn about and download the latest computer security updates for November 2008. Read tips on protecting your computer by using anti-spyware and anti-spam programs.

Adobe Issues Critical Acrobat, Reader Updates

From the Washington Post Security Fix Blog

Adobe has issued a software update to fix at least eight security flaws in its Acrobat and Adobe Reader applications, that if left unpatched could be used by attackers to take control of vulnerable systems, the company said. The vulnerabilities affect Acrobat and Reader versions 8.1.2 and earlier.

Adobe characterizes this as a "critical" update -- its most serious rating -- meaning the flaws could let an attacker run and install malicious software on a victim's computer without the victim's knowledge.

Updates are available for Reader versions on Microsoft Windows, Linux/Solaris and Mac OS X.