The end of the semester is a great time to update your browser. Here are some guidelines and what you should know about three browser-based scams to avoid.
The most important point of this edition of Tech Tuesday – follow these Duke guidelines for browser security.
Please note: This is the final Tech Tuesday of this semester. We will resume the week of fall semester orientation.
But first, here’s our Tech Tip of the Week …
Do you use Excel?
Sure. Everyone does and we all share files. All different types. For example, MyFile.xls or MyFile.xlsx. Or maybe MyFile.xltm or MyFile.csv. Ever wonder what those different file extensions mean? Wonder no more –
Excel Version prior to 2007: .XLS
Excel Version 2007 onwards: .XLSX
Interesting fact. Microsoft changed the file format from an internal one to a more useful XML format. This offered many advantages, including sharing between applications, smaller files and security features. Given the choice, always save as .XLSX.
Other extensions allow macros. Be careful of these – they can contain malware: .XLSM, .XLSB – and template files: .XLTX, . XLTM
Other key extensions used in file sharing and data transfer:
- .CSV Comma-delimited – commas separate the columns
- .TXT Tab-delimited – tabs separate the columns
- .XML Any spreadsheets from applications that store in the XML spreadsheet format.
- .ODS Opendocument spreadsheet (Google Docs, etc.)
- .PDF Adobe’s format. You can retain .PDF formatting of data
Yeah – accountants aren’t the only ones who geek out with Excel.
Do this first for browser safety!
Check out this page from the Duke Security Office on Browser Security. Follow these guidelines and you’ll be in good shape.
TypoSquatting & URL Hijacking –
We’ve all done it. Accidentally typed “goigle.com” when we really meant www.google.com. Easy mistake.
Someone actually expected you to do that, so they purchased URLs similar to Google’s URL and set up fake websites that look like the real thing. They hope that you’ll enter your UserID and Password in their fake site. Then, if you’ve used the same password on other sites, they’ve got you! Yep – just another way to phish for your data.
Heads up – Pretty soon, you’ll be seeing some typosquats related to the upcoming election.
It’s not all bad. Some are not malicious – they just try to sell you something. Some are actually just having fun with it – try www.microtoft.com, a typosquat of Microsoft.
How to protect your data?
- Type carefully when entering a web address
- Use your favorite search engine as your homepage
Drive-by Downloads
A drive-by download is an attack where a site you visit installs malware or adware on your computer without your knowledge. You don’t have to click anything or press a download button. Hackers use these attacks to:
- Spy on you
- Steal your identity
- Ruin your data
- Hijack or disable your device
- Bombard you with ads
We’ve seen drive-by attacks that hijack cameras and disk drives. Several years ago, I saw one that hijacked the keyboard. Usually, the only way to fix your computer is with complete reinstallation of the operating system. This type of attack is made possible by browser vulnerabilities.
How to protect your data?
- ONLY allow admin credentials to install anything on your computer
- Keep your browsers updated and ALWAYS use the latest version.
- Stay away from unknown sites
- Use an ad-blocker – here’s one recommended by Duke
Malvertising
Malvertising is a general term you’ll hear to categorize these attacks:
- Drive-by Downloads (we’ve already discussed above)
- Can be inserted in many places (videos, ad content, links, even individual pixels)
- Force you to a malicious site (redirecting you to a site you didn’t want to go to)
- Display unwanted advertising, content, pop-ups, etc.
How to protect yourself and your data:
- Keep your antivirus up-to-date
- For your Duke-owned machine, connect to the Duke network at least every month
- Use VPN to do this if you aren’t going to be on-site
- Get an Ad blocker – here’s one recommended by Duke
- Keep your browsers updated
- Only go to sites that you trust