[DM-MUG] someone pinging my address
Matthew Nuzum
newz at bearfruit.org
Fri Aug 20 17:16:14 CDT 2010
On Fri, Aug 20, 2010 at 3:57 PM, Ray Bowler <rbowler at mchsi.com> wrote:
> I was just at a site which tests the security of a computer. Since I
> initiated the contact it had my web address. Everything seems to be in
> stealth mode except the fact that it can ping my address. Is this a problem?
>
>
Was the site owned and created by a company or person you trust? I have
found most of the sites that advertise these kinds of services are not from
organizations I would trust. They use either predatory sales practices,
scary marketing (as in ads that try to scare you into using their product)
or are actually sites that try to infect your computer.
The absolute #1 way to get your Mac hacked over the Internet is to be
running out-dated Adobe Flash or Adobe reader plugin. If you have a firewall
you can still get hacked because by visiting the site with the plugin
installed you're effectively bypassing the firewall by unknowingly
downloading a program to your computer and running it.
To make matters worse, the security updates in Mac OS 10.6.4 install a
version of flash player that does not have the latest security updates.
(see
http://blogs.adobe.com/psirt/2010/06/apple_security_update_2010-004.html )
If your computer is connected to the Internet through some kind of router,
which is almost 100% certain if you're using wifi to connect, then the kinds
of security problems that could affect you by being pinged are pretty slim.
The security people I associate indicate that it's much easier to hack a
computer by displaying a malicious banner advertisement or sharing a link
through IM or social networking.
There is a security contest each year called pwn2own where security
professionals get a few min to hack a computer fully patched and up to date.
If you hack it you get to keep the computer and depending on how fast you do
it you get cash prizes too. Here is an interview with a person who has won
several times
http://www.zdnet.com/blog/security/questions-for-pwn2own-hacker-charlie-miller/2941
The most interesting thing he says there is that Chrome is the browser to
use if you're security conscious and Safari for Mac OS is the least secure
of all.
My point though is two fold:
1. Updating your OS isn't enough, you need to update other software, esp
Adobe products (but do update your OS too)
2. Getting pinged is not your biggest threat if you've got a router
--
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca and twitter
"Never stop learning" –Robert Nuzum (My dad)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/dmmug/attachments/20100820/e4d867de/attachment.htm
More information about the DMMUG
mailing list