Google Warns against Sophos Antivirus

Tavis Ormandy, one of Google’s security experts, claimed he revealed a few serious security vulnerabilities in Sophos Antivirus, so it shouldn’t be used at important computer systems. The security expert claims that Sophos makes easy mistakes and fails to issue patches quickly. He published a report where several flaws were mentioned that were caused by the company’s poor development practices and coding standards. Sophos didn’t respond fast enough to his warning, which only made things worse.

For instance, it turned out that Sophos’ on-access scanner could be used to launch a worm by targeting a firm receiving an attack email through Outlook. The vulnerabilities were all tested on a Mac, but the expert believes that wormable remote root can affect all platforms that run Sophos.

Tavis Ormandy made a conclusion that users who install Sophos Antivirus expose their computers to considerable risk. Unless Sophos doesn’t improve its security in the nearest future, its deployment may cause considerable risk to global networks and infrastructure. Ormandy pointed out that he gave Sophos 2 months to address the problem before he published the report.

Of course, Sophos was not happy about 30-pages report saying that it fails to do its job. It replied that lots of flaws had been fixed and the company hadn’t seen the fixed flaws being exploited in the wild. Sophos announced the release of further fixes in the end of November. However, Sophos believes it would take half a year to release a patch that fixes a single line of code, while Ormandy says two months. The security expert admits that the company is working with good intentions, but is still ill-equipped to address the flaws he alone revealed in his spare time.

Password Method That Chase Hackers Away

1. DISCARD THAT DICTIONARY : If your password can be found in a dictionary, you might as well not have one. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.

2. NEVER USE THE SAME PASSWORD TWICE:  We are all guilty of this, where we tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use thesame password to crack probably your e-mail or where more valuable financial and personal data is stored.

3. COME UP WITH A PASSPHRASE:  The longer your password, the longer it will take to crack. Ideally a password of at least 14 characters will make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem .

4. JAMMING ON YOUR KEYBOARD:  For sensitive accounts, you can randomly jam on your keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive.

5. STORE YOUR PASSWORDS SECURELY:  Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re toast. You can store your password file or a password hint file on an encrypted USB drive for which would have a complex password to access. then you can copy and paste those passwords into accounts so that, in the event an attacker installs keystroke logging software on the computer, they cannot record the keystrokes to the password.Just try to keep it off the internet

6. A PASSWORD MANAGER: Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashDataand AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned:  it still lived on the computer itself. “If someone steals the computer, you’ve lost the passwords.

7. USE DIFFERENT BROWSERS: Use different Web browsers for different activities “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important,”. “When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.

8. SHARE CAUTIOUSLY:   Whenever possible, never register for online accounts using your real e-mail address. You could use a “throwaway” e-mail address, like those offered by 10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later.

Truth: “At some point, you will get hacked — it’s only a matter of time,” warned Mr. Grossman. “If that’s unacceptable to you, don’t put it online.”

Gotten from : Yahoo Business