So many times I hear people around me saying “hey, my computer is
infected, but it’s okay, I can still do my things.” You can still do
your things, but who knows who else is doing *their thing*, intercepting
your browsing sessions or logging every key that you press. That includes, all of
your activity on social networks such as Twitter, leading to easy account
hijacking scenarios.
Be careful what links you click on. URL shortening services like bit.ly
are doing a “great job” masking the final destination of your click. You
can unwittingly land on a server which is hosting phishing sites or
pages distributing malware. Cybercriminals have
made Twitter their favorite phishing target now, and they often will send @
messages to users that look like they contain information of interest or come
from a username that’s slightly different from someone you follow.
If they cannot guess the password, cyber criminals will try to make you
give it to them, without you even realizing. Keep your eyes wide open
when you see e-mails asking you to reset your password, especially if
you have not requested it. These phishing
messages often will come to email addresses other than the one that’s
associated with your Twitter account, which is a major red flag.
Here’s a nice tip instead. Think of a phrase that is most likely unique
and easy to remember, for example, “uniqueeasytorememberphrase”. Be sure
no dictionaries used in brute-force attacks include such a password.
Also, after using it for several days you will start typing it faster
than the blink of an eye.
Do not use trivial passwords. Think of something unique, a password
which no one else would think of. Don’t necessarily add numbers
or hard to remember characters – “admin123” will never be *much* safer
than “admin”, and if you add strange characters, you’ll wake up one
day having a hard time remembering your password.
In general, a lack of user education and
strong policies regarding online security often lead to undesirable
events. Whether you manage an official Twitter account or a personal
one, you should know how Twitter accounts get hacked so you can protect
yourself.
Here are some methods:
From the NoScript Options screen, select the Embeddings tab to find options for dealing with potentially dangerous objects on untrusted sites. You can also choose to apply these restrictions of whitelisted (trusted) sites. If this option is too intrusive, it can be turned off at the cost of increased risk.
NoScript for Firefox is an open-source add-on that pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.
Because Firefox does not have easily-configured security zones like Internet Explorer, NoScript is needed to configure the web browser options on a per-site basis.
Mozilla offers a useful Plugin Check service that scans a user’s machine for vulnerable (outdated) plugins and provides a feature to update these plugins. Be sure to visit the Plugin Check page (http://www.mozilla.com/plugincheck/) and update all those plugins.
From the Encryption tab, make sure you are using secure protocols (SSL 3.0 and TLS 1.0).
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
