network
MOBILE SECURITY RISKS

 

    1. Mobile code (Java/JavaScript/ActiveX)

      2. There have been reports of problems with "mobile code" (e.g. Java, JavaScript, and ActiveX). These are programming languages that let web developers write code that is executed by your web browser. Although the code is generally useful, it can be used by intruders to gather information (such as which web sites you visit) or to run malicious code on your computer. It is possible to disable Java, JavaScript, and ActiveX in your web browser. We recommend that you do so if you are browsing web sites that you are not familiar with or do not trust.

      Also be aware of the risks involved in the use of mobile code within email programs. Many email programs use the same code as web browsers to display HTML. Thus, vulnerabilities that affect Java, JavaScript, and ActiveX are often applicable to email as well as web pages.

      More information on malicious code is available in http://www.cert.org/tech_tips/malicious_code_FAQ.html

      More information on ActiveX security is available in http://www.cert.org/archive/pdf/activeX_report.pdf

    2. Cross-site scripting

      3. A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. Later, when the web site responds to you, the malicious script is transferred to your browser.

      You can potentially expose your web browser to malicious scripts by

      • following links in web pages, email messages, or newsgroup postings without knowing what they link to
      • using interactive forms on an untrustworthy site
      • viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags
       
    3. Email spoofing

      4. Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

      Spoofed email can range from harmless pranks to social engineering ploys. Examples of the latter include

      • email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply
      • email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

      Note that while service providers may occasionally request that you change your password, they usually will not specify what you should change it to. Also, most legitimate service providers would never ask you to send them any password information via email. If you suspect that you may have received a spoofed email from someone with malicious intent, you should contact your service provider's support personnel immediately.

      Security Risks5

       

...................................................................................................................................................................

PC Wizard Service | Miami Fl, USA

On Site Computer and Laptop Repair Service

For Appointment In-Shop or On-Site Service! Call 24hrs

Toll Free: (866) 540-5437 Miami: (305) 278-6945 Broward: (786) 228-8052

Miami Dade, South Dade, HomeStead, Broward County FL
OUR PARTNERS
Speed up your computer with memory from 4AllMemory.com! - 128x125 20% Off - Summer Coupon! TigerDirect

Miami (305) 278-6945 Broward: (786) 228-8052 | ©2007-2008 Pc Wizard Service All rights reserved.

Pc Wizard Service | Company Info | Site Map | Hot News | Support | Contact Us | Xml Feeds | RSS Feeds