<div class="gmail_quote">On Fri, Aug 20, 2010 at 3:57 PM, Ray Bowler <span dir="ltr"><<a href="mailto:rbowler@mchsi.com">rbowler@mchsi.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I was just at a site which tests the security of a computer. Since I initiated the contact it had my web address. Everything seems to be in stealth mode except the fact that it can ping my address. Is this a problem?<br>
<br>
</blockquote></div><div><br></div>Was the site owned and created by a company or person you trust? I have found most of the sites that advertise these kinds of services are not from organizations I would trust. They use either predatory sales practices, scary marketing (as in ads that try to scare you into using their product) or are actually sites that try to infect your computer.<div>
<br></div><div>The absolute #1 way to get your Mac hacked over the Internet is to be running out-dated Adobe Flash or Adobe reader plugin. If you have a firewall you can still get hacked because by visiting the site with the plugin installed you're effectively bypassing the firewall by unknowingly downloading a program to your computer and running it.</div>
<div><br></div><div>To make matters worse, the security updates in Mac OS 10.6.4 install a version of flash player that does not have the latest security updates. (see <a href="http://blogs.adobe.com/psirt/2010/06/apple_security_update_2010-004.html">http://blogs.adobe.com/psirt/2010/06/apple_security_update_2010-004.html</a> )</div>
<div><br></div><div>If your computer is connected to the Internet through some kind of router, which is almost 100% certain if you're using wifi to connect, then the kinds of security problems that could affect you by being pinged are pretty slim. The security people I associate indicate that it's much easier to hack a computer by displaying a malicious banner advertisement or sharing a link through IM or social networking.</div>
<div><br></div><div>There is a security contest each year called pwn2own where security professionals get a few min to hack a computer fully patched and up to date. If you hack it you get to keep the computer and depending on how fast you do it you get cash prizes too. Here is an interview with a person who has won several times <a href="http://www.zdnet.com/blog/security/questions-for-pwn2own-hacker-charlie-miller/2941">http://www.zdnet.com/blog/security/questions-for-pwn2own-hacker-charlie-miller/2941</a></div>
<div><br></div><div>The most interesting thing he says there is that Chrome is the browser to use if you're security conscious and Safari for Mac OS is the least secure of all.</div><div><br></div><div>My point though is two fold:</div>
<div><br></div><div> 1. Updating your OS isn't enough, you need to update other software, esp Adobe products (but do update your OS too)</div><div> 2. Getting pinged is not your biggest threat if you've got a router<br clear="all">
<br>-- <br>Matthew Nuzum<br>newz2000 on freenode, skype, linkedin, <a href="http://identi.ca">identi.ca</a> and twitter<br><br>"Never stop learning" –Robert Nuzum (My dad)<br>
</div>