Monthly Archives: December 2014

Panda Security

6 tips for shopping online safely at Christmas

Leave a comment

christmas-online-shoppingMany of us now prefer to shop online: you can avoid the queues, it’s easier to compare goods and prices…

No doubt Christmas is one of the times of the year when most online transactions take place. That’s why we want to offer you some tips for shopping online safely.

6 tips for shopping online safely at Christmas

1. Use a secure WiFi or Internet connection

It’s convenient (and cheaper) to use public WiFi connections that are not password-protected.

When you connect from your house or from the office, you know who is responsible for the network and who else could be connected, but on a public network, anyone else could be connected.

For this reason, it is far better if you are going to make transactions online -such as Christmas shopping- to do so from a secure Internet connection.

2. Keep your computer up-to-date and protected

Bank details are some of the most sensitive data that you can transfer across the Internet and they are essential when making such transactions. If this Christmas you intend to buy any presents online, make sure your computer is up-to-date and properly protected.

How? Keep your operating system updated and use the best antivirus. Take a look, and choose the one that best adapts to your needs.

3. Buy from well-known sites with a good reputation

One of the first things you should do when shopping online is check that the URL of the website coincides with the website where you think you are and that it begins with HTTPS.

Buying only from reputable online stores will help prevent you from falling victim to data or identity theft.

4. Check the privacy and refunds policies

Check their privacy policy. It should be in a visible place and up-to-date.

Can you return the goods? And what if you want to change something, say, for another size? These are also important things to consider when choosing places to shop online.

5. Don’t follow links in emails and ads

At this time of year it’s not unusual to receive thousands of ads for unbeatable offers. Though it’s worth stopping to think if they aren’t just too good to be true. 

Such adverts and email campaigns with offers and fantastic discounts are often used as a tool by cyber-criminalsAvoid phishing scams and don’t fall into the trap.

6. Keep an eye on your credit card transactions

It is also important that after making purchases online you check that all the transactions in your statement are the ones you have made yourself.

If you see anything suspicious, get in touch with your bank.

The post 6 tips for shopping online safely at Christmas appeared first on MediaCenter Panda Security.

Typo3

Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS

Leave a comment

Component Type: TYPO3 CMS

Vulnerability Types: Link Spoofing, Cache Poisoning

Overall Severity: Medium

Release Date: December 10, 2014

 

Vulnerable subcomponent: Frontend Rendering

Vulnerability Type: Link Spoofing

Affected Versions: Versions 4.5.0 to 4.5.38, 4.6.0 to 4.6.18, 4.7.0 to 4.7.20, 6.0.0 to 6.0.14, 6.1.0 to 6.1.12 and 6.2.0 to 6.2.8, 7.0.0 to 7.0.1

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C

CVE: not assigned yet

Problem Description: An attacker could forge a request, which modifies anchor only links on the homepage of a TYPO3 installation in a way that they point to arbitrary domains, if the configuration option config.prefixLocalAnchors is used with any possible value. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page. AS an additional pre-condition URL rewriting must be enabled in the web server, which typically is, when using extensions like realurl or cooluri.

Installation where config.absRefPrefix is additionally set to any value are not affected by this vulnerability.

Example of affected configuration:

TypoScript: 

config.absRefPrefix =
config.prefixLocalAnchors = all 
page = PAGE 
page.10 = TEXT 
page.10.value = <a href="#skiplinks">Skiplinks</a>

.htaccess: 

RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteCond %{REQUEST_FILENAME} !-l 
RewriteRule .* index.php [L]

 

Solution: Set config.absRefPrefix to a value fitting your installation

or

Solution: Update to TYPO3 versions 4.5.39, 6.2.9 or 7.0.2 that fix the problem described.

Important Note: Since the changes provided with the TYPO3 update change the way the prefix for local anchors is generated, there might be cases where the update breaks functionality. The impact of the breakage is that the page is reloaded in the browser when a user follows a link where previously the browser only jumped to a certain section of the current page.

Credits: Thanks to Gernot Leitgab who discovered and reported the vulnerability.

 

Vulnerability Type: Cache Poisoning

Affected Versions: Versions 4.5.0 to 4.5.38, 4.6.0 to 4.6.18, 4.7.0 to 4.7.20, 6.0.0 to 6.0.14, 6.1.0 to 6.1.12 and 6.2.0 to 6.2.8, 7.0.0 to 7.0.1

Severity: Low

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C

CVE: not assigned yet

Problem Description: A request URL with arbitrary arguments, but still pointing to the home page of  a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values “all” or “cached”. The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page.

Solution: Removing the configuration options config.prefixLocalAnchors (and optionally also config.baseUrl) in favor of config.absRefPrefix

Credits: Thanks to Gernot Leitgab who discovered and reported the vulnerability.

 

General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note: All security related code changes are tagged so that you can easily look them up on our review system.

AVG

Tech Gift Ideas for Boomers

Leave a comment

These gifts will definitely make your loved ones feel special this holiday, even if they are not very tech savvy.

 

Under $50

Restoration Hardware Travel Charger

 

Winner: Roll Up Travel Charger ($49). I travel a lot and love the simplicity of this travel charger from Restoration Hardware. Not only can it charge up to four gadgets simultaneously, but the roll up design keeps cables out of sight. Perfect!

Runner up: Belkin Bluetooth Receiver ($40). Play music straight from your phone or tablet onto any stereo with a tiny $40 dongle from Belkin.

 

$50-100

Video

Brookestone Virtual Keyboard

Winner: Virtual Keyboard ($99). Many of us, not just seniors, have problems typing out texts on our iPhones or tablets. This is especially true when the message goes beyond LOL!

With a virtual keyboard, you can turn any flat surface into a QWERTY-friendly environment. I like the Brookstone Virtual Keyboard.

Runner Up: Amazon Kindle ($79). I’ve written before about my love of reading and I still believe that e-readers make great gifts for anyone who enjoys a book. Not only that but many classic novels are available for the Kindle for free!

 

$100+

Video

Photo Cube Mini Printer

Winner: Photo Cube Mini Printer ($150). Holidays are a time for gatherings and that means picture taking. However, printing pictures that you’ve taken on your phone can be a bit of a hassle.

The printing experts at VuPoint have a solution. The new-millennium version of the Kodak Instamatic, the Photo Cube Printer will instantly print photos straight from any device. No computer needed.

Runner Up: Ringly ($195). What looks like a cocktail ring, is actually a smart device, synced to your phone. It uses vibrations and colored lights to inform you of any calls or messages so you can keep your phone out of sight.

 

Charitable Causes

I’m looking to make this holiday season more meaningful by giving back.  I love the fact that “Giving Tuesday” is taking hold as a holiday shopping idea.

Here are some tips to finding that perfect gift with a conscience:

NPR Giving Gift List:

NPR Giving Gift

NPR have created a marvelous Giving Gift List encouraging people to donate their money or time to a good cause and/or by purchase handmade gifts from craftspeople in some of the worlds’ struggling countries.

The list contains beautifully curated and intriguing items– from Guate Custom Boots from Central America for $200 to a Bamboo Bicycle Holder from Ghana priced at $20.

 

One World Children’s Fund

One World Children's Fund

One World Children’s Fund has many worthwhile projects deserving your support. Personally, I am treasuring a beautiful handmade basket I received from a friend’s charitable organization supporting a secondary school in Tanzania called Tinga Tinga that emphasizes education for girls.

 

I wish we could set aside every Tuesday as Giving Tuesday. Here’s wishing you happy holidays and I hope this gives you some great gift ideas and a little giving inspiration!