After searching in Google for what appears to be ages, finally you find a web page that seems reliable, you start reading and realize that it contains all the information you were looking for! But your happiness is shattered when, suddenly, the host asks you to verify you are not a robot! A robot?! To prove you are a human being you enter your email address and register to the web page.

You rarely stop to think that your email will be captured in the platform’s database and that from now on, it will probably collapse your inbox with spam or fill your email up with malware. The solution to this problem is not to sing up to these web pages with your personal email account, but use instead a disposable one.

There are many programs out there that offer creating disposable email accounts, accounts that last a short period of time and whose spam won’t bother you. Some of the platforms that allow you creating temporal emails accounts are: Maildrop, Yopmail, Air mail, Guerrilla mail, Now my mail, Hide my ass, Mailinator o Email Temporal Gratis.

Most of them don’t require much registration information, others allow you to forward messages, and in some cases, you are able to select the account’s expiration date.

Mailinator, for example, is one of the longest-standing free disposable email services, which denies access to emails with attachments, and by doing so it prevents malware from entering the account. You just have to choose an available name and you may enter your temporary inbox. But we must warn you, these are shared accounts, so there might be more people using it.

Another option is installing a browser extension to create disposable email accounts without accessing a web page. There is an extension available for both Firefox and Chrome, it is called Trashmail. You can create a new account in Trashmail by clicking on “Register a new account” and filling out all the information required, even the email address to which it will redirect your messages.

The next step is selecting your preferences on the General tab: you can choose the message’s lifetime and notify your regular email when the temporal email has expired.

You can also create an alias of your own email address. For example, in Gmail you can receive the messages sent to [email protected]  and the email will arrive to [email protected].

Once you are inside the platform you register yourself with the first address, the alias, so the platform’s database only registers your alias email and won’t fill up your inbox. You can also choose which messages go directly to the trash, which are forwarded to other email accounts or which simply stay on your inbox, just by setting some filters. But you must take into account you will be sharing your real email address.

So, now you know, the next time a website asks you for your email address don’t jump in and write your personal or business one. Be cautious and use a disposable email address. You have everything to gain: it is easy, free and safe.

The post Disposable email address: easy, free and safe appeared first on MediaCenter Panda Security.

Someone is spying on your company’s emails. Probably in your office names like Yesware, Bananatag or Streak don’t ring a bell, but they know a lot of things about you, and how your corporate email is managed.

Because of these three services, anyone that sends an email to your corporate account might know when, where and with what device was the email read. So, all this information is known by the sender and also by these tracking tools.

How do these applications work? Simply insert a transparent 1×1 image into an email, and then notifies the sender where and when that email has been read.

The post Ugly Mail: How to know if your emails are being tracked appeared first on MediaCenter Panda Security.

It is available in hotels, restaurants, libraries, airports or train stations. Nowadays most locations offer public WiFi networks and we don’t hesitate to enjoy its benefits. It is easy and free. We take out our smartphone, our tablet or our laptop and we connect to them without thinking that a cyber-attacker could intercept our device and steal our data.

We have advised you more than once to take precautions before using them, though you probably think that no one in the coffee shop has the knowledge to spy on you. We are sorry to tell you that you are wrong: the attacker does not need a big budget or any special computer skills to steal your data. Actually, if he tries he will be able to do spy on you without any difficulty.

“All you need is 70 euros, an average IQ and a little patience”, says the hacker Wouter Slotboom.  The security expert showed how, in just 20 minutes, he was able to get the personal information of almost all the users of a coffee shop in Amsterdam, even the history of their Google searches.

With only a laptop and a small device the size of a pack of cigarettes, Wouter launched a program and the antenna began to intercept the cellphones and laptop signals in the establishment. Then he ran the classic “man in the middle” attack, making his network to be the intermediary between the victim and the source: users believe they were connecting to the local network, but instead they were connected to the fictitious one the security expert deployed. He claims all the programs needed to do this can be easily downloaded from the internet.

In a short period of time, 20 users were connected to the network. But not only that, Slotboom was able to get their MacIDs and even see the specifications of their mobile phones, an information that could have easily been used for detecting the security gaps of each device. He even discovered what application was using each user.

This hacker asked the Dutch journalist who accompanied him to write his username and password. Within seconds, the data was in his possession. If we use the same password on multiple services, a technique not recommended but highly used, a cyber-attacker could easily access all the details of our virtual life. He also explained how to divert traffic, making the user believe he is entering his banks’ web but instead he is in a cloned site.  This technique can be used to clean you out virtually.

You are probably thinking that because Slotboom is a security expert these tasks come easy to him, but in fact even a child could access your devices if they are connected to a public network, literally. Recently, Betsy Davis, a seven-year-old British girl, was able to spy the communications of the devices around her, which were connected to a public WiFi network, in just ten minutes.

The virtual private network (VPN) provider Hidemyass conducted this experiment to point out these networks insecurities. Betsy created a Rogue Access Point (using the same attack “man in the middle”) and began intercepting data following just the instructions she found searching in Google. The messages from the other users of the public network started coming to her instead to arriving at their rightful recipient.

If even Betsy is capable of spying on the devices connected to a public network, you should start being more careful and stop thinking that the people next to you in the coffee shop are harmless.

Although the best advice we can give you is not to use these networks, if you have to we recommend you to use a VPN service to connect through a private network, and that you access web pages with secure https protocol. Also avoid making bank transactions from an open network, in the unluckily event that there is a thieve waiting to empty your account.

Here you have some tips on how to connect to a public network safely, just in case. Its better be safe than sorry.

The post With only 70€ someone can steal your information on a public WiFi network! appeared first on MediaCenter Panda Security.

The search engine optimization, the well-known SEO, enables Google to show our webpage before than other hundreds of millions of sites. That’s the reason why editors of corporate and personal blogs worry so much about visibility.

If you use WordPress, you will probably have installed “WordPress SEO by Yoast”, the most famous plugin that handles this task and has over 14 million downloads. An essential tool for any blogger, it helps displaying the post’s keywords, a headline and intro making it easier for the search engine and the robot that index the sites to read.

If you have it too, you should know that it has recently been discovered some vulnerabilities, which could be exploited by any attacker to get into your blog.  If you are thinking right now about uninstalling or changing the passwords, because you can’t figure anything else to do, don’t worry: they have already solved the problem. Now, of course you will have to download an update soon!

Security expert Ryan Dewhurst warned about the issue a few days ago. He works for WPScan, an open source security tool that allows security professionals and web administrators evaluate the vulnerabilities of WordPress.

Dewhurst found that a cyber-attacker could break the database’ security and obtain confidential information through a SQL injection attack in version 1.7.4. (version 1.5.3. for those who paid the premium subscription).  In addition, all the previous versions were also vulnerable.

The security gap, in the simplest terms, would allow querying the blog’s database, which would compromise the stored information (authors and subscribers usernames and passwords, for example). Even, the vulnerability could be used to infect the site’s visitors through some malware.

This plugin’ security experts resolved the issue within 90 minutes after realizing it. They patched the vulnerability and offer an update, version 1.7.4. which comes without this damn security gap and you can download it manually from their website.

The people in charge of “WordPress SEO by Yoast” thanked Dewhurst for publishing his findings and asked users to download this update as soon as possible in order to keep themselves safe.

In addition, there is a much more comfortable way for updating all the versions without having to be on the look. If you have already installed WordPress version 3.7., or higher, you can order your plugins to automatically install updates so you don’t have to worry about them. You can do it by using the “Advanced Automatic Updates” option.

The post A security breach has been detected in WordPress SEO by Yoast plugin! appeared first on MediaCenter Panda Security.

Smart TVs bring along benefits that actual televisions can’t offer. Internet access and communication with other devices make possible choose your broadcast program, share your favorite shows, watch YouTube videos and use other apps that we already have on our phones.

As Google couldn’t be less, has already launched Android TV, their small-screen Android operation system. We hope that the giant and the other technological companies are aware that connected TVs not only come loaded with virtues, but also with risks in security issues.

At least for now it doesn’t offer such a wide range of possibilities as smartphones, and it is neither a personal computer, but everything points that in a couple of years they will offer similar benefits. Take for example banking operations, like managing our accounts through the banks virtual platforms or online shopping. A delicious treat for cybercriminals.

A recent research of the European Union Agency for Network and Information Security (ENISA) identifies the cyberattacks as the main threats for Smart Homes, this threat will increase as more and more devices are connected within them and the network.

Apart from banking information, there is much more data at the mercy of the assailants. We just have to take a look into the new controversy that splattered Samsung, accused of listening to their customers conversations through their Smart TV’s microphones.

This is because the service conditions advise that in order to enable Voice Recognition, some voice commands must be captured and analyzed through remote control. The privacy policy states: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

Samsung is not the first company accused of recording their viewers. In 2013, a British developer discovered that LG’s Smart TV was gathering information about the user’s television habits via its smart ad feature. Later that year, Malik Mesellem expert in cyber security found a weakness in Samsung TVs that would make them liable to denial-of-service attacks (the famous DDos).

Despite the South Korean company has strongly denied the listening’s accusation, and “third parties” would only be the company responsible of converting the voice commands into orders, suspicions have not disappeared. If they can spy with your phone microphone, why wouldn’t they do it through this one?

Nor should we forget that TVs also incorporate cameras, so making video calls is just around the corner. As we are connected to the Net, digital offenders may have access to images of your living room. Creating a new window for cyberespionage, directly into your home.

These devices also store large amounts of personal data, all kinds of documents stored both in the device’s internal memory and in the cloud. A malware installed in the TV could extract information and miss use it.

Experts admit that we must not fall into alarmism and completely reject smart appliances, but is important that we know the risks and be careful.

So if you have an Android operating system TV, the best thing you can do is protect it with Panda Mobile Security, our antivirus for Android. You will not regret it!

The post Smart TVs have become the new target for cyber criminals appeared first on MediaCenter Panda Security.

Sometimes, Google Chrome tells us to distrust a website and warns us that that site can be dangerous. But instead of listening to it, we ignore it. We are so obsessed on quickly reaching the neck click, that we don’t even read the message.

A study published by Google’s Chrome team stated that only one in four users pays attention to the SSL security certificate warnings and takes their advice. That’s why they decided to redesign them, reducing and simplifying the text, and adding more graphic information. Hoping, this will make users read the information before taking risks.

But what does SSL stands for? This acronym refers to “Security Sockets Layer”, a secure connection protocol that enables you to browse the Internet with maximum guarantees. When a browser visits a webpage, it checks the site’s identity and its SSL. It informs you when something goes wrong, the site’s certificate is not from a trusted organization, it has expired, or the connection between the browser and the website is not secure. What’s the objective? The main objective is to prevent the users, letting them know that the site could threaten their safety. For example, if you were making a purchase, someone could steal your credit card information.

Many users may not take into account their browser’s opinion. If their browser simply tells them that the SSL is out of date, likely they won’t understand what this means or the risk this entails. Nevertheless, if they, like Chrome already does, point out that an attacker could steal your information, you would be more vigilant.

“Even though we prefer that the user decides things, in some cases, it simply doesn’t make sense. It’s simply impossible to explain something as complex as cryptography to many users,” says Andreas Gal, chief technology officer at Mozilla. Gal refers in this way to the difficulty of transferring and translating information about privacy to those users who should worry about it.

Lujo Bauer, Associate Research Professor CyLab at Carnegie Mellon University, published a paper in which recommended that web browsers present the information in a comprehensible and concise way, and offer the top options to users. This is why Chrome decided to reduce the text and make the warning signal more visible, even highlighting in blue the “Go Back” option and diminishing the “Advanced Options” that allows access to the not safe site.

Would these measures be useful? Or, are we so lazy that we will continue to ignore the information about our own security? The underlying problem is still there: we stop paying attention after viewing new sites several times. According to a research by Brigham Young University, in which after analyzing a variety of 40 different warnings – like anti-virus, software updates, or SSL– the results showed that after seeing them more than once, we stop noticing them.

Communicating security problems is complicated if we don’t read the warnings, and the only thing we want is to keep on browsing without being disturbed. “The immediate cost of heeding the warning is high, because I will not be able to achieve my immediate goal, which is to reach the site and complete the bill payment or the status update that I had in mind,” says Raluca Budiu, senior researcher at usability consulting firm Nielsen Norman Group.

Can they steal our information if we dismiss the warnings? The answer is yes.

Do we have a lack of education about Internet? What else can browsers do to draw our attention in order to stop us from entering untrusted sites? Should they block the accss? Or, it is better that they keep letting us choose? You can reflect on it, or look up your browsers security options, so next time it warns you not to enter a site, you’ll pay more attention.

The post Browsers security: Why do we ignore their warnings? appeared first on MediaCenter Panda Security.