Paul Vodra's Blog

In my latest role as a developer focused on security, I thought I should round up some tips I’ve gathered on using the Internet more securely in 2013.

• Use an web browser other than Internet Explorer. Google Chrome has been rated as the most secure browser, and has some nice auto-updating features.
• Uninstall the Java browser plug-in. This is one of the most popular attack vectors for malware, and Oracle doesn’t make it very easy for users to keep Java up to date. You can also disable the browser plug-in functionality in the Java control panel if you prefer to keep Java installed. If you need Java for a specific website, consider installing the Java plug-in in a different browser, such as Safari or Firefox, that you use only for that website.
• Adobe Flash and Adobe Reader are also prevalent attack vectors, though Adobe Reader has gotten a lot more secure with recent updates. Keep these programs up to date. Chrome keeps its version of Flash updated for you, another great reason to use it.
• Use a free updating tool such as FileHippo to alert you to out of date and potentially vulnerable software on your computer.
• On the second Tuesday of the month, Microsoft regularly releases critical software patches to Windows and other Microsoft software. If you are in charge of keeping your computer up to date with Windows Update, make sure to apply these patches ASAP. If your system administrator applies these patches, remember that these often require your computer to restart and plan accordingly. The window of time between the public release of these patches and your application of them is a period of heightened risk as attackers learn of these vulnerabilities and attempt to exploit them.
• Password reuse is both a reality and a danger. We all have way too many passwords to remember, but reusing the same password on multiple sites increases the risk that one site will lose your password to criminals and compromise much more of your online identity. Use a secure password manager such as 1Password (stores passwords in a secure lockbox on your hard drive or Dropbox) or LastPass (stores passwords in its secure cloud service) to generate secure passwords for all your logins and populate them in your browser for you.
• Many online services are now implementing 2 step authentication. This feature sends a code to your mobile device which is required to login from a previously unused browser or location. Services that support 2 step authentication include Yahoo, Google, Apple, Facebook and Dropbox, and the list is growing constantly. Enabling this can prevent your critical email, identity and cloud accounts from compromise by criminals.

Please consider following all of these steps to keep yourself safe and secure online.