Security posts on CNET

Security

6 security tips for using public Wi-Fi

Don't expose yourself in public. We all do it: switch on a phone, laptop, or tablet and hop on to a Wi-Fi hotspot in airports, coffee shops, trains, hotels, and other public places. The problem is, those networks are open -- even if they require a login and password, you may be sharing your files or leaving doors open to data thieves. You can't secure the network, but you can raise siege walls between your private information and the barbarians. Follow these six tips to network more safely.

1. Lock down your security settings.

Go to the security … Read more

Heartbleed: Two steps to protect your information

Heartbleed is a security flaw that's plaguing as much as two-thirds of the Internet, including many popular sites like Yahoo and GitHub. On sites affected by Heartbleed, user accounts are vulnerable -- your username, password, credit card number, and other private information may be exposed. Companies are scrambling to patch their sites.

But don't sit around waiting for a fix. Take these two defensive steps (and one more if you have an Android device):

1. Check whether your most-visited sites are vulnerable

CNET has already checked the top 100 sites to see if they have Heartbleed patches, so … Read more

Spruce up your PC for spring with these top apps

Every machine needs tune-ups, and that includes your PC. Without regular cleaning and updates, your system performance suffers, slowed down by hefty files and unneeded software. Fortunately, many fine -- and free! -- utilities can do the system spring cleaning for you. Here's a roundup of our favorites.

CCleaner

CCleaner is one of our go-to, no-nonsense Registry cleaners. It scans your PC for junk files, unnecessary Registry entries, and unused cookies. It's good practice to run these scans at least once a month.

Revo Uninstaller

Revo Uninstaller is an alternate uninstallation utility for Windows. What it lacks in … Read more

Spot and avoid the latest online scams

Netflix users are receiving bogus e-mails telling them their account has been suspended and instructing them to call a toll-free number to regain access. The fake Netflix/Microsoft support person tricks them into giving the criminal access to their computer, as Techlicious's Fox Van Allen explains.

Not only is their personal information stolen, the victims are blackmailed into paying the crooks $400 to "fix" the problem.

Here's the real solution: Don't ever click a link in an e-mail message. Instead, open your browser and enter the URL in the address field manually. You just can'… Read more

Security lessons from RSA

The RSA Conference, the flagship meetup for cryptography, information security, and IT experts from around the world, just wrapped on February 28. While RSA is largely for IT professionals and businesses rather than consumers, I learned a couple of new lessons about personal protection in the age of big data. Read on for lessons learned and tips for taking control of your online security and digital privacy.

1. Beware of hackers and protect your passwords

Hackers are no more evil than the average netizens, nor are they loners: They build social communities around their illicit activities. Whether they're cyber-criminals … Read more

Mac and iOS users, here's how to install that major security fix

Grab your iOS and OS X devices -- this is a security update you can't afford to ignore.

According to a study by Chitika released yesterday, only 25.9% of users have updated their operating system with a bug fix that prevents third parties from intercepting and fiddling with activity on an iOS device.

More specifically, without the update, the system does not check SSL/TLS hostnames, so connections that should be encrypted are left wide open.

The same security hole is also apparent in systems running OS X Mavericks.

iOS devices (all iPhone, iPad, and iPod Touch devices) … Read more

Uh-oh, this computer virus can spread via Wi-Fi

British researchers have created a computer virus that they say is the first to spread like a real airborne contagion.

Chameleon can spread through densely populated areas like the common cold, the University of Liverpool researchers claim, by hopping from network to network via access points, spreading rapidly among homes and businesses. If as that wasn't bad enough, the virus can avoid detection and identify weak wireless access points -- those that are least protected by encryption and passwords. … Read more

Trusted open-source apps for Windows

Open-source apps must maintain accountability when it comes to security. They have an active community of developers and users who help discover vulnerabilities, peer-review code, and perform routine audits on a mass scale. Security holes are patched at a rate that discourages programmers from placing back-door malicious codes. Though not every open-source app is secure, the ones that are benefit from the community in a way that closed-source programs and applications can rarely duplicate.

Many of the apps listed here have been so widely distributed and scrutinized that even RSA Conference attendees trust and recommend them.

Gpg4Win

Gpg4Win is a … Read more

How to encrypt your Kindle Fire HDX

Device encryption can be a great way to keep your data secure in case it falls into the wrong hands. For many users, however, it can be overkill and there's usually a performance hit to a device that's been encrypted. Using a PIN code to lock the device is usually an effective deterrent and software tools like Find My iPhone and Android Device Manager can help track, lock, or wipe lost devices.

Unfortunately for Kindle Fire HDX owners, there's no app available that's comparable to Find My iPhone or Android Device Manager. If you want to … Read more

Protect your Mac from SSL bug

Recently, Apple released an iOS update to address a bug with its SSL implementation, which would allow a nefarious individual on the same local network as your computer to intercept sensitive information as you browse the Web.

This type of attack, called a man-in-the-middle attack, is possible because in the latest versions of OS X and iOS (up to version 7.0.5) the operating system does not check the signature in a TLS Server Key Exchange Message, allowing a third-party to spoof a private key or simply omit using one and intercept the SSL data. Since encrypted SSL data … Read more