Sophos Cloud Optix![Tracking malware in the wild, Crocodile Hunter-style [VIDEO]](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2012/10/badware-movie-thumb.jpg?w=250&h=250&crop=1)
We’ve seen some good videos lately helping raise awareness of computer security issues.
For instance, the humorous anarchic puppet show about spam, the mindreader who has a little help from Facebook, and Sophos’s own movie about what happens when you go cycling around London, hunting for unsecured Wifi access points.
Now we have an affectionate spoof of the “Crocodile Hunter” TV shows made famous by the late Steve Irwin, with the intention of helping raise the public’s understanding of web safety issues.
The video, timed to coincide with National Cyber Security Awareness Month, comes from the folks at StopBadware.org and Bluehost.
Here are some quick tips:
- Keep your computers protected with up-to-date software and security patches – not just on the computers you use to browse the web, but the servers you use to host your website too. Malicious hackers are always on the lookout for computers that are not running the latest versions of software, hoping to exploit vulnerabilities.
- Remove any software or plugins that you don’t actually need. For instance, we recently described how to disable Java. This not only makes it easier to ensure that your computer is running the latest versions of software and is up-to-date with security fixes, it also reduces the number of potential opportunities for attack.
- Always use strong, hard to guess, unique passwords. Never use the same password for multiple sites.
- Keep your anti-virus software up-to-date – hundreds of thousands of new pieces of malware are discovered every day.
(By the way, is it just me who is surprised they didn’t make a joke involving the word ‘Safari’?)
Haha, Aussie accent? I don't think so! Aussie landscape? I don't think so! Still, makes you laugh… and makes you think.
Yeah! The accent alone is "Badware". That would get you shot in the Aussie Eatherscape so beware, don't visit any site without an Aussie voice scanner. This is sooooo bad it's not bad.
Cheers Mate
pretty funny video. the hackers scene was good.
STOP!
It is about time we all stopped blaming the victim – the poor old end-user – the least expert in any cybersecurity matters. The REAL problem is the ICT industry itself and those providing systems and application software, network services and the like. So – let's look at the "quick tips":
– "up-to-date software and patches" – sorry – many home users are still with Windows-XP and it is just fine for their applications. It should be the responsibility of the vendor, just as in any other industry, to sell a product that is "suitable for the intended use" and this must be enforced by law and regulation. Why is ICT exempt?
(Remember NSA and SELinux!)
– "don't actually need" – the average home user has no idea what is and is not needed? Disable Javascript – no banking systems work! etc etc.
– "passwords" – even Bill Gates said these were obsolete 10 years ago (remember the "Palladium" project from Microsoft! What nonsense – different passwords for each site! Wow – a home user would have a notebook full of account names and passwords. Much better – a home version of the classic "PINPad" as at the supermarket with a chip card! AND mandatory for access to important sites and supplied by the bank, etc. NOT going to help with keyboard loggers, etc. anyway!
– "up-to-date" – "hundreds of thousands per day" – hold on – that is just impossible by definition! Oh – and my Sophos sub-system has just isolated 216 REAL update software sub-systems. Sophos blew any confidence in that by demonstrating real problems in simple software testing and quality control!
So – as in the aborted US cybersecurity Bill to congress – government has to take a hand – now – in putting the cybersecurity obligation WHERE IT BELONGS – with the industry itself!
That will never happen.
I seriously question both your sanity and experience in the field. You're mentioning locking down "software sub-systems" a lot, which is a rather Star Trek-esque term – it's certainly not a legitimate term I've ever come across in serious discussions about information security.
Assuming you're not a troll (I'm guessing you are), you seem to have forgotten one major aspect of information security: it is secondary to business growth and profit. At some point there is a line where we say "hey, users, this is old and we aren't supporting it any more, please upgrade". Windows XP is still fully supported in terms of security patches, but older OSes from Microsoft aren't, which is fair considering they're over a decade old now.
The password problem you mentioned is indeed a problem, and it's why we're seeing more two-factor authentication in sites and software. Dropbox is a good example, as is Faceook's mobile authentication. The thing about passwords is that they're good when the integrity of the website is intact, as long as the password isn't awful and the website has some basic live-cracking countermeasures. That's not too much to ask, really. On the "one password per site" front, you should check out Keepass, 1Password, LastPass, etc. They're great password managers, which effectively solve this problem. Identity on the internet is hard, and passwords are the only globally viable solution that can be used right now.
The rest of your post seems to be jibberish, so I'll avoid further analysis of it.
In future, remember that you're posting on a technical site where most of the readers actually know what they're talking about, and can easily see through the sort of trash that uninformed trolls post.
If a company considers information security to be less important than business growth and profit, then I have zero sympathy for them when they are the subject of virus or malware attacks. It's like saying that proper accounting, legal compliance, and avoiding sexual harassment lawsuits are secondary to business growth and profit, so we'll just let those things slip by.
That Bill. =]
For people with non boring keyboard, the ascents is a great way to change password =]
Like Cagão, Cágao Câgáo, Càgaô …. same password, different type
i didn't know that i recently put java in! thanks.
I was initially going to complain about the accent, but after hearing the puzzling mix of australian, new zealand, south african, irish, and american access exhibited throughout the video I'm glad that Sohphos have made it clear that this wasn't made by someone from my country. Seriously, what the hell was that?
There are plenty of Aussies in America that I'm sure you could have hired for this…