Hacker Exploits

Question

I am fairly new to this Internet thing and keep hearing about all the different ways that hackers can get me. Can you get me up to speed on what to watch for?

- Jules

Answer

This question was answered on June 23, 2005. Much of the information contained herein may have changed since posting.

There are far too many methods used to be able to cover in this short column space, so I will address the most common things that you can do to protect yourself When it comes to “hackers” I generally like to break them down into two different groups The first group I refer to as corporate hackers that specifically go after large corporate systems that contain large amounts of valuable data The most recent example is the credit card services company that was compromised by intruders that exploited software vulnerabilities In that case, the target was 40 million credit card accounts that were used to make fraudulent purchases This type of hacker is very sophisticated and only goes after large targets where they know what is on the other side The second group is less sophisticated and attempts to attack your personal computer via commonly known exploits in popular software programs The easiest way to get exploited by this larger group is to operate an Internet connected computer that is not updated with all of the latest security patches Security patches fill the “holes” found in virtually all software programs that have anything to do with the Internet Your operating system (Windows, MacOS, etc.), browser, e-mail program, instant messaging client and even your word processor and spreadsheet programs are all at risk If you don’t “patch” your software on a regular basis, those wishing to exploit you can generally do so without you even realizing anything is going on Another common method of gaining access to your system is via e-mail messages that have either an attachment or a link prompting you to click on it A common trick employed by those that send e-mail attachments is the double extension that will make a malicious file look like a simple picture file They do this by creating a file that has two extensions: picture.jpg.pif for example Windows, by default, will hide the file extension of known file types so the attachment will appear to be a harmless image: picture.jpg You can tell Windows not to hide these extensions by opening up My Computer then click on Tools and then on Folder Options Click on the View tab at the top and scroll down the Advanced settings section and remove the checkmark in front of the “Hide extensions for known file types” option Phishing scams are another recent e-mail exploit that are designed to trick you into divulging information that would allow for identity theft Don’t click on links in an e-mail that is encouraging you to “update your account” The bottom line with e-mail these days is to be suspicious of everything that you receive! We have posted many more resources for learning how hackers attack you at our website: <strong>DataDoctors.com/help/kenscolumns/20891</strong> Our advice for patching and protecting your computers is posted at: http://www.datadoctors.com/help/approved_software.cfm

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on June 23, 2005