* Posts by Graham Cluley

49 posts • joined 19 Aug 2007

CONFIRMED: Sophos shifting threat response work to India

Graham Cluley

Right here.

1
0

Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE

Graham Cluley

Re: How?

The link works for me.

http://www.welivesecurity.com/2014/03/20/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/

Or you can go straight to the technical paper (PDF) here: http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf

2
0
Graham Cluley

10,000 or 25,000

The explanation is that currently 10,000 Unix servers are compromised by the Windigo attack, but in the entire lifetime of the campaign up to 25,000 servers have been hit.

Hope that helps

3
1

Ten top stories from New Who

Graham Cluley

Re: Midnight

Midnight is superb.

A fantastic piece of writing by Russell T Davies (just when I thought he'd run out ideas) and a terrific piece of acting by the small cast.

I would rate it above Blink personally - although my wife thinks Midnight is the most boring episode of Who ever. Different folks, different strokes I guess.

(Glad to see Girl in the Fireplace also make an appearance)

0
0

Does F-Secure's antivirus turn a blind eye to spook spyware? CEO hits back

Graham Cluley

I believe him

In over 20 years working for anti-virus companies, I never once heard about any pressure being put on us by government agencies to not detect malware.

To be honest, I can't imagine a govt agency *trusting* an anti-virus company (and the variety of nationalities employed inside a typical security lab) to keep such a request secret anyway.

Not to mention, how exactly would an anti-virus company be expected to respond if a customer (who was being spied upon by the agency) sent in a sample, and asked why we weren't detecting it when - say - F-Secure was?

So, I don't think this is happening.

Rather than nobbling the anti-virus companies, I suspect govt agencies are writing malware (just like the bad guys) and working their damndest to avoid detection (just like the bad guys). The fact that any state-sponsored malware is likely to be designed for specific targeted attacks, helps their hand of course...

0
0

John McAfee releases NSFW video on how to uninstall security code

Graham Cluley

Re: Pot meet kettle

I never sawed a person in half on stage at Infosec.

I did once guillotine Janet "Blue Peter" Ellis's hand off. But that was at Networks 96. And I was working for Dr Solomon's at the time.

Sophos tended to be a fair bit more corporate in its trade show presentations than Dr Solomon's, but anything that breaks the monotony of presentations about virtualization, high wire gymnastics on the Symantec booth, and dollybirds handing out USB sticks has to be a good thing I reckon.

6
0

Google bod exposes Sophos Antivirus' gaping holes

Graham Cluley

Onel de Guzman

Point of order. Onel de Guzman, creator of the Love Bug, did his dastardly deed back in 2000 - ten years before the Naked Security blog was written. So we wouldn't have that many articles about him other than the odd retrospective piece. :)

0
0

Study: If your antivirus doesn't sniff 'new' malware in 6 days, it never will

Graham Cluley
FAIL

Flawed methodology

From VirusTotal's own website:

"Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology"

In a nutshell, it ain't a real world test, as VirusTotal does not (and doesn't claim to) mimic the protection that users would experience in the real world where they may have multiple levels of protection, cloud-based lookup, runtime behavioural analysis etc etc..

2
0

Anonymous hacktivists dump 1.7GB load slurped from DoJ site

Graham Cluley

Guy not wearing the mask

He's the host of one of the shows on the TV channel RT (Russia Today).

I don't think we should assume he's in any way connected with the rest of the vid.

0
0

Cyber crime now bigger than the drugs trade

Graham Cluley
Alert

Lest we forget..

Anyone else remember The Register's 2009 article: "'Cybercrime exceeds drug trade' myth exploded"?

http://www.theregister.co.uk/2009/03/27/cybercrime_mythbusters/

1
0

30,000 Shreks besmirch BeautifulPeople

Graham Cluley
Facepalm

It's clearly a publicity stunt

As I explain at http://nakedsecurity.sophos.com/2011/06/20/beautifulpeople this story has duped the likes of The Telegraph, The Daily Mail, The Guardian, Fox News, BBC Radio 4 and now The Register too!

It's clearly poppycock, dreamt up by BeautifulPeople's PR firm. If the Shrek virus exists, I look like Brad Pitt.

5
1

One thumb up for Facebook security improvements

Graham Cluley

Cluley ill?

I'm not medically qualified so I can't give you a definitive answer on this one - but I feel fine, thanks.

0
0

Dear Facebook: your privacy sucks

Graham Cluley
Thumb Down

Facebook's https option

As our letter makes clear, Facebook doesn't turn on https by default - and if you do turn it on they only use it "whenever possible".

What they mean by "whenever possible" is whenever it's convenient for them.

So not, for instance, when you visit the mobile version of their website. And not when you visit third party apps running on the Facebook platform.

It should be on, by default, all the time you're connected to Facebook. Period.

[ps. can we have a Zuck avatar?]

2
1

Hacked BBC streaming websites serve up malware

Graham Cluley
Stop

Don't use VirusTotal for detection comparison

VirusTotal itself says that you shouldn't use it to compare detection capabilities.

See http://www.virustotal.com/about.html#importantnotes

-quote-

Those who use VirusTotal to perform AV comparative analyses should know that they are making many implicit errors in the methodology, the most obvious being:

* VirusTotal AV engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioral analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.

* In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.

-end quote-

Sophos has been blocking the site linked to by the script on the BBC website since 20:42 GMT on 9 February 2011, for instance. But VirusTotal doesn't test that way so it won't know that we'd pick it up as Troj/ExpJS-BO and Mal/IFrame-F.

:-(

1
0

Cockeyed 'Knob Face' confusion masks real malware threat

Graham Cluley

Detecting hoaxes

The difficulty in detecting hoaxes is telling the difference between

"Please watch out for emails about Ed Stewart - the so-called Crackerjack virus will turn your CPU into blancmange. Forward this warning to all of your friends - we need to stamp this one out!"

and..

"There's a new hoax doing the rounds. It warns you to watch out for emails about Ed Stewart - claiming the so-called Crackerjack virus will turn your CPU into blancmange. Please forward this advice to all of your friends - we need to stamp this one out!"

And then there's the issue that virus hoaxes can spread via newspapers, fax, Radio 2, etc. or even as publicity stunts. (Read the story of the Irina hoax virus publicity stunt here: http://virusbusters.itcs.umich.edu//hoaxes/irina.html )

0
0
Graham Cluley

Stewpot

It must have been almost ten years ago. I was in a car, and Ed Stewart was pontificating on Radio 2 about some computer virus or other.

My ears pricked up, and I realised he was telling his loyal band of listeners a load of old nonsense - and was actually reading out a virus hoax.

I called the station, to try to get them to put out a correction, but they must have thought I was a nutter.

Which I probably was. For listening to Ed Stewart.

0
0

New attack bypasses virtually all AV protection

Graham Cluley
FAIL

Need to correct that headline - it DOESN'T bypass virtually all AV

KHOBE can't be described as a way that malware can be installed on computers.

What Matousec describes is a way of "doing something more" **if** the malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as miss the malware. And that's one of the reasons, of course, why security vendors offer a layered approach using a variety of protection technologies.

How can that be bypassing?

There's a good write-up on this by my Sophos colleague Paul Ducklin:

http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth-shaker/

0
0

Sophos sorry for blog comment spam campaign

Graham Cluley

Google is your friend..

Check out the image of the spam on the upset blogger's post.

The offending spam comment includes the commenter's name. Google his name, and you should be able to find out the name of the agency he works for pretty easily.

Sophos is no longer working with the company.

1
0
Graham Cluley

Rent-a-quote Graham's right here!

@Gareth

I'm right here - who do you think was the "spokesman" who spoke to The Register? :-)

My opinion - as you read in the article - is that what happened is appalling, and something that we're all mortified about here at Sophos.

We're not in the business of adding to the spam problem, and we are terribly sorry to those bloggers who received these inane messages from the marketing agency we hired.

Cheers

Graham

2
0

Facebook Fan Check scareware begets malign ware-scares

Graham Cluley
Alert

Still no evidence that the Facebook app was malicious

Hi, I thought I'd just post a follow-up.

We've still seen no evidence that the Fan Check Facebook app which has got everyone scared witless is malicious. We can't be specific about what precisely "Fan Check" does to Facebook users as we're unable to access it.

What isn't in doubt, however, is that the bad guys have set up websites which have been optimised to appear high in Google search results for people hunting for info on Fan Check, but are designed to spread a fake anti-virus application instead.

So, even if it's true that the Facebook app is harmless - there is still a danger out there, that many Fan Check-fearing people are being directed to.

Graham Cluley, Sophos

0
0

Erin Andrews peephole footage spreads Trojan

Graham Cluley
Paris Hilton

Video of malware blocked by YouTube

For reasons best known to YouTube they've deemed the video of the malware attack "inappropriate content".

If you want to watch what the malware does, you can check it out at http://vimeo.com/5662308

0
0

Apple fans targeted by smut-punting malware

Graham Cluley
Alert

@Tim 49

Tim, I think you've interpreted how this works the wrong way because Pareto just posted a picture of the Windows payload on their blog.

The malware served up is different depending on whether you visit the site using Windows or Mac OS X.

We have a video demonstrating what happens if you visit on a Mac over at

http://www.sophos.com/blogs/gc/g/2009/06/10/mac-malware-adopts-porn-video-disguise/

We're seeing more and more of these two-pronged attacks - working out if you're visiting via Windows or a Mac, and serving up the appropriate flavour of malware.

0
0
Graham Cluley
Stop

@Anonymous Coward

What makes you think it only works on Internet Explorer?

We tried it on IE, Safari and Firefox using Windows and Mac OS X computers.

The attack is based around social engineering rather than a flaw in a browser - so any user with a hunger for porn may find themselves tempted into downloading the codec.

0
0

Sophos punts anti-virus for Klingons

Graham Cluley
Happy

Klingon response to The Register

The page has been updated to mention The Register

http://www.sophos.com/klingon/

(and some further explanations at http://www.sophos.com/blogs/gc/g/2009/05/19/klingon-antivirus-facts/ )

0
0

Viral web infection siphons ad dollars from Google

Graham Cluley

Some more information

The obfuscated JavaScript on compromised sites (which Sophos intercepts as Troj/JSRedir-R) accounts for about 42% of all of the infected webpages we've seen in the last week.

That's a mightily impressive six times more infections than the tried and trusted malicious Iframe attack of Mal/Iframe-F.

We've published some further information and stats on our site at http://www.sophos.com/blogs/gc/g/2009/05/14/malicious-jsredir-javascript

I'd recommend that surfers check their protection is up-to-date and fighting this one.

0
0

Twitter worm author gets security job

Graham Cluley

@Nicholas Ettel

*If* Mikeyy Mooney did make a sincere effort to warn Twitter (quite a big "if" to my mind, as it hasn't been suggested before) and they ignored him then his response should never have been to unleash the worm.

*If* they had ignored him, a better thing would have been to have gone to a security journalist, demonstrated the flaw to the journo, and allowed the journo (without publishing details of how to reproduce it) to write about it. You can be sure that would get the attention of Twitter's powers-that-be.

But the fact is that there's no suggestion that Mikeyy has ever contacted Twitter to work out a responsible way of disclosing the flaw. Instead he endangered many innocent Twitter users and disrupted the business.

0
0
Graham Cluley
Alert

And guess what the *latest* Mikeyy worm says

In case anyone missed it, shortly after it was revealed that Mikeyy had been offered this job, a new worm was spreading around Twitter.

One of its messages?

"I work for exqSoft Solutions now - http://www.exqsoft.com/ - mikeyy"

Not a good sign. The CEO of exqSoft says he did not ask for the worm to be written and has been unable to contact his latest recruit to ask if he is the originator.

http://www.sophos.com/blogs/gc/g/2009/04/17/mikeyy-worm-targets-oprah-york-times/

0
0

Japanese porn at heart of Home-Office terrorism snooping

Graham Cluley
Stop

The link is still there

Well, in the form of PDFs about the Technical Advisory Board anyway.

Thanks to the wonder of PDFs they are available as clickable hotlinks for anyone who is bored of technical advice..

0
0

Melissa anniversary marks birth of email-aware malware

Graham Cluley
Heart

Regarding Gigabyte

Re: Cameron Colley's question about Gigabyte, the notorious female virus writer (real name Kim Vanvaeck)

She got arrested in Belgium in 2004 (http://www.sophos.com/pressoffice/news/articles/2004/02/va_gigabyte.html ) but ultimately was let off the hook by the cops with little more than a smacked wrist and a promise not to cause trouble again. As far as I know she followed their advice

I know a guy who met Gigabyte, and told me she was a rather cute-looking blonde. Bizarrely I was once invited to a security conference to sing a karaoke duet with her, but probably wisely turned down the opportunity..

0
0

BBC botnet investigation turns hacks into hackers

Graham Cluley
Alert

Will USA want to extradite BBC reporter?

Do we know where the compromised PCs are based in the world?

What if some of those botnet computers were in the US military? The Pentagon? NASA?

Will the USA try and extradite the BBC's Spencer Kelly just like Gary McKinnon?

I'm running a poll on my blog if anyone wants to give their opinion on whether the Beeb were justified or not in what they did.

http://www.sophos.com/blogs/gc/g/2009/03/12/bbc-break-law-botnet-send-spam/

Cheers

Graham Cluley, Sophos

0
0

Conspiracy theories fly around Norton forum 'Pifts' purge

Graham Cluley
Stop

And the malware authors are close behind..

It looks like the bad guys are up to their trick of jumping on the bandwagon again.

We're seeing evidence that websites containing malware are showing up in search engine results when people hunt for PIFTS. Sophos is picking up some of these sites as Mal/BadRef-A.

The Mal/BadRef-A script redirects to another malicious script (Troj/Reffor-A) which then itself redirects to a page detected as Mal/FakeAvJs-A.

That page leads to a fake anti-virus scan (scareware) designed to frighten you out of your hard earned cash.

Cheers

Graham Cluley, Sophos

0
0

Conficker call-backs threaten to swamp legit domains

Graham Cluley
Unhappy

Why we don't install an anti-Conficker on those websites

I'm afraid that it would be against the law - under the Computer Misuse Act - for us to change the visiting infected computers without the owners' permission.

0
0

Booby-trapped emails fly back into fashion

Graham Cluley
Alert

A new strain

Yes, there was a malware attack spammed out in the summer which was similar in its use of the airline ticket disguise (I refer to it in my blog entry on the Sophos website at http://www.sophos.com/blogs/gc/g/2008/12/04/email-malware-flying-high/), but this is a new campaign which has some new characteristics - and is spreading different malware.

Why are they using such a similar cloak of disguise? Well, a simple reason - it worked before, so they're banking that it will work again. :(

This isn't about believing that you've been sent air tickets you never ordered, but believing that either an airline has screwed up or (most likely) that someone else has used your credit card to make a purchase. Naturally people get so affronted that they open the attached file without thinking of the possible security consequences.

0
0

Malware authors play Mario on Daily Mail website

Graham Cluley
Stop

Who should have found the infection?

@Anonymous coward and @Steen Hive

I do believe it is impractical for the millions of websites out there to check every advertising link served up to them by a third party advertising company to check if it is legitimate. Can you imagine the resources required to do that? Sure, it would be nice if it happened - but is it realistic to expect it?

Didn't The Register itself serve up a malicious banner advert four years ago? As I recall, they responded the right way (as I would hope the Daily Mail would do) by pulling the ads and presumably asking tough questions and perhaps breaking the relationship with the advertising network.

The ad networks need to do a much better job of weeding out the malicious adverts - this is not necessarily easy to do of course.

The addition point I made to The Register, but which got left out of the report I think, is that everyone browsing the web needs to defend themselves. Many websites deliver ads via third parties, and most are not checking them for malicious links. If you have a decent anti-virus solution on your computer then that can help reduce the threat to you.

0
0

David Tennant quits Who

Graham Cluley
Alien

After all, that's how it all started...

It's time to go back to basics with Doctor Who.

When the show started in 1963 it starred a doddery old white-haired man and his granddaughter as his assistant.

Andrew Sachs, anyone?

0
0

Anonymous hacks Sarah Palin's Yahoo! account

Graham Cluley
Paris Hilton

Another Paris Hilton?

What I'm curious about is how was Sarah Palin's email account broken into?

Was her PC compromised with spyware? Did she carelessly connect to an unencrypted Wi-Fi hotspot? Did she choose a dictionary word for her password ("aardvark") that was easy for the hackers to crack?

Or did she fall for a similar trick as the one that caught out a certain Miss Paris Hilton back in 2005. If I recall correctly, Paris's mistake was making the name of her pet chihuahua (Tinkerbell) the secret question/answer to reset her Sidekick's password. Uh-oh.

I made a video comparing Sarah Palin's plight with Paris Hilton's experiences, which Register readers might like: http://www.sophos.com/blogs/gc/g/2008/09/18/paris-hilton-sarah-palin-video/

0
0

SQL injection taints BusinessWeek.com

Graham Cluley
Paris Hilton

@Gordon Fecyk

The SQL attacks *always* have been hitting the big sites as well as the little ones.

These attacks are automated - it's not as though BusinessWeek was specifically targeted. The bad guys use search engines to find vulnerable sites (big or small) and zap! infect them with their malicious scripts.

(Paris, in honour of The Reg bringing back the old icons)

0
0

30 years of Spam - and we ain't finished yet

Graham Cluley

11% of people who came to Sophos's website

The poll was run on our website. According to the marketroids, the typical make-up of people who come to our website are IT specialists and system administrators (as we don't have a consumer product).

I expect they know the difference between spam and "legitimate" marketing emails - but who knows..

We've published links and more information on the Sophos Spam Pledge page at http://www.sophos.com/pledge

0
0
Graham Cluley

Sophos's 95 percent spam stat @Gordon Fecyk

Hi Gordon.

Sophos's figure of 95% of email is spam comes from our spam filtering software and appliances at companies worldwide. We count the amount of legitimate email they receive, and we count the amount of spam they receive. And then do the maths to get a percentage.

Of course, individuals may have varying experiences.

0
0
Graham Cluley

11 percent of people admit to having bought from spam

http://www.sophos.com/news/2007/12/spam-buyers.html

We polled 390 people in November 2007. 11% said that they had bought goods advertised via spam.

Hope that helps.

0
0
Graham Cluley

Why 30 years of spam? Because it works..

The sad truth of the matter is that we are blighted with spam because it works for the bad guys.

We may all roll our eyes at yet-another-letter-from-NIgeria, the endless waves of fake Rolex offers, weight loss pills, and unwanted mortgage loans.. but the only reason these things get sent is because *some* people *occasionally* respond to spam and make a purchase.

What we really need to do is educate more people to NEVER buy, try or reply to spam. The dudes at SophosLabs put a little video together today hoping to raise awareness of the need to never buy goods advertised via spam:

http://www.youtube.com/watch?v=3-E6hkOuEiI

Maybe the readers of The Register are immune from the lure of spam emails, but can we say the same of everyone in our family? Is it our Aunty Hilda's innocent clicking and purchasing of penny stocks what is perpetuating the spam problem?

0
0

Facebook Troll sends mob against Cluley

Graham Cluley

Re: Where was Cluley at Infosec?

I was there! Booth F130. You should have dropped by and claimed your free t-shirt and blue slushie.

By the way, I'm grateful for John at The Register for writing up this story - it appears to have stirred Facebook into action zapping some of the other offending material about me and my family up there.

0
0

eBay scripting trick used to boost seller ratings

Graham Cluley
Black Helicopters

More nice screenshots

If you liked The Reg's screenshots of this incident you can check out more on the Sophos blog here: http://www.sophos.com/security/blog/2008/03/1199.html

(no toolbars present :) ) We also show some evidence that this isn't the first time the bad guys have tried this kind of scam.

Graham Cluley, Sophos

0
0

Mac security site littered with malware

Graham Cluley

The nom de plume

Just so you know, the "x"'s in the name "GxxxxBxxxxxx" are our way of hiding the real pseudonym he used.

0
0

Drive-by download menace spreading fast

Graham Cluley
Alert

Apache web servers hosting malware

Yes, Sophos's research found that 48.7% of the compromised websites were running Apache. The next closest was IIS 6 which was used on 40.6% of the websites hosting malicious code. There is a danger that people may think that just by avoiding Microsoft software they're immune from attack - which is clearly nonsense.

Most of these webpages are poisoned with malicious Iframes and obfuscated Javascript pointing to Trojan horses capable of infecting Windows users. Sophos also saw some financially-motivated Mac malware being distributed via the web in the last few months too.

The full report is available from http://www.sophos.com/securityreport2008 if anyone is interested. You have to fill in a form to get at the PDF with the meat of the report, but you can always say you're Donald Duck if you're paranoid we're going to do something ghastly with your details...

Graham Cluley, Senior technology consultant, Sophos

0
0

Malware authors target Mac emerging markets

Graham Cluley
Jobs Halo

Social engineering

Charles-A Rovira writes that you have to be a moron to install malware onto your Macintosh.

The financially-motivated malware that we have seen so far for the Macintosh typically disguises itself as a Codec to allow the Mac user to view a video. So the user *does* have a good reason to install the program that the website is telling him to download, and *does* have a good reason to tell his Mac that "Yes, carry on.. this is okay with me" if it brings up any security concerns about installing the code.

It's all about social engineering. It's the human element which is the big vulnerability - not which OS you're running. Mac users need to accept they are just as vulnerable to social engineering as their PC cousins if they're going to have a fighting chance at reducing the likelihood of attacks against Mac.

But there's an opportunity for Mac users right now to send a message to the bad guys that it's not worth looking for money on Apple computers. If enough people resist the social engineering, and don't fall for the tricks being pulled by the hackers to lure them into downloading Mac malware, then chances are that the cybergangs will return to their Windows roots and leave the Mac community alone.

It's like throwing chips at seagulls - if you keep giving them chips they'll come back for more. Don't get infected, don't be fooled into behaving unsafely, and you should be able to keep Macs as the much safer place that it currently is compared to Windows.

Graham Cluley, senior technology consultant, Sophos

0
0

Hacked embassy websites found pushing malware

Graham Cluley
Alert

Not the first, and sadly probably won't be the last..

Last September webpages of the US Consulate General in St Petersburg were compromised by hackers. On that occasion cybercriminals planted the Mal/ObfJS-C malicious code, that then attempted to download further malware from a remote server.

As is the norm these days, it was all a ruse to steal business and personal data from unwary visitors. More info was posted on the Sophos blog at http://www.sophos.com/news/2007/09/consulate.html

With something like 6000 new webpages discovered each day carrying malicious code (and over 80% of those being legit websites that the bad guys have hacked) it's becoming clear that you can't trust *anyone* these days to have a squeaky clean site.

I think it's time for the website owners and webhosts to take some responsibility for the security and patching of their sites, rather than just hoping that Joe Public will ensure that their browser and visiting computer are properly defended.

0
0

Clash of the compacts: Eee vs Air

Graham Cluley
Jobs Horns

They shrank it the wrong way

Who cares if the MacBook Air is so skinny? The Asus EEE wins for me because it's smaller - that's what I want from a subnotebook. Something that can fit in my satchel without poking out of the top.

I don't need a big screen or a full-size keyboard. I just need something quick and dirty to get me on the net to read my email, browse the web, and ignore Zombie invitations on Facebook.

The fact that it only costs 200 quid is a big bonus too. I bought one for my IT-luddite mother-in-law for Christmas at Toys R Us and she's over the moon. I know another senior citizen who has bought an Asus EEE after seeing it too.

I think once people see the Asus EEE in action, and realise it's a powerful and useful bit of kit for a neat price they'll find the price hard to resist.

Yes, the MacBook Air will look sexy as hell - but I wish they'd made it with a smaller screen and keyboard so it would have been a true subnotebook.

0
0

Many Facebook users expose all to strangers

Graham Cluley

Good advice for better privacy and security on Facebook

Some good tips there to start people in the right direction on Facebook. The problem is much more of a human one than a technological one -- Facebook have put controls in place, it's just that people aren't using them. Sigh..

Sophos has published some step-by-step advice on how to set your privacy settings on Facebook which may be of use to many readers concerned about identity theft online:

http://www.sophos.com/security/best-practice/facebook.html

0
0

Forums