In the spirit of The Avengers we have our own superhero — a superhero of computer and IT policy. This article is written — in true superhero fashion — anonymously, by The Green Geek, whose real name you may never know.

Join together with the Green Geek in the struggle against evil vector forces that willingly destroy your computer and information security. Vectors in cyber space are villains who would maim your digital dignity, steal your identity, invade your privacy, destroy your data, and ruin your gadgets. If you let them.

What threats put you at risk? What can you do about it? Defend yourself with this Five-Point Plan from The Green Geek:

5. Value your privacy.

If you think privacy is no big deal, think again. You disclose a birthday here, a school there, you friend your mother’s mother on Facebook, expose your address or phone. Here and there you leave puzzle pieces that let us assemble your whole story.

• Villains can steal your identity - costing you much time and money. Stalkers can find you. Weirdos want to know you. Friends have Too Much Information. Employers can and will use what you say against you.
• Be in control. You rule the computer not the other way around. Draw a line in the sand where you will not cross for sharing private information. Use factual security questions that only you know the answer to. Do you really need 1000 people to wish you happy birthday online? Tell us about your vacation when you get back, but don’t tell the world beforehand when your house is empty. If you use f-bombs, serial date, and drink, do we have to see you share that? Do you need to save all the web searches you ever made?

4. ”Don’t talk to strangers.” Vectors include viruses, malware, botnets, robots, scam artists, and worse. This is huge.

• Look before you click. Only open messages and emails from senders you recognize. Someone is fishing for a sucker to bite their bait, in the form of fraudulent email. This is called “phishing“. Various sources estimate spam email takes up 90-94% of ALL email! Their purpose is to get you to look, buy, send money, accept a virus, or join a global botnet. Recognize fake and unwanted messages by their familiar but wrong sender address and weird titles. Report spam to help email vendors improve spam filtering.
• Only click on links from a source you trust. Inspect hyperlinks before you click on a hyperlink, which displays one thing but underneath is the real link.
• Don’t respond to emotional appeals or act on wishful thinking. What is real and hidden in the picture? Yeah, you’re lonely AND beautiful, you believe in love; or that car is a bargain! But if it is too good to be true, then it’s probably not. Some emails are written by robots. Some generic messages say nothing specific that can’t be said to everyone.
• Never enter your password in response to links in an email.

3. Lock your doors, literally and figuratively.

Prevent the entry of illicit vectors into your space by limiting access. Consider security like an onion. At the center of the onion is treasure, payload, your precious stuff. How easy is it to peel off the layers of security, if any?

• Physical access - How safe are your things, from smartphone to PC? Stuff should not be available for just anyone to touch. Keep these objects physically secure, not left laying around. Same as you would protect a wallet. Not left in public bathrooms, unlooked cars, or on the hood of your car.
• Device access - How safe are your data files and screen displays? What if someone has access to your smartphone or PC? Require a screenlock. You should provide a uniquely personal password, finger-swipe, or biometric to see further. If you share the device or PC with other guests, then create a guest portal, so that your user session is separate from theirs.
• Network security - How safe is your connection to a network for internet access?  Beware of Wifi and untrusted networks, where your internet traffic travels on the information superhighway in full view, unencrypted for network admins or sniffers to capture. Be safe and sure, use your own encrypted 4G or 3G air card or USB modem. This is handy for reliable internet access anywhere anytime, and you not only don’t have to compete amongst an entire coffeehouse full of net surfers for bandwidth, but you also have the peace of mind that that your communications are safe.
• Software reliability - Does your software scan for malicious vectors before you open or download objects? When you use the “cloud” – all the services are provided online via the internet on a web site or web server – make sure there is rigorous protection against vectors. Good cloud service providers will filter virus vectors from reaching your PC or device.  so that you either don’t download or get your data ruined by vectors. You want to use email software that filters spam well, for example Google Mail (gmail.com).
• Device defense is 1st and last - We’ve peeled the onion back. The above inevitably fail, because new vectors can sneak through until discovered. Keep your device up-to-date with the latest:  operating system; web browser; anti-virus/anti-malware software; and storage encryption.
• Microsoft Windows vulnerabilities created a multi-billion $$ spinoff industry just to create and administer the IT security. This gave Apple one leg up to bring to market OSX or iOS which were more closed and designed for better security. The Google browser Chrome is touted for its security. Samsung Galaxy Android and Apple iPad/iPhones are now offering the NIST FIPS 140-2 standard encryption for storage.
• If you login to use software (such as email and banking), the appearance of the “padlock” icon in the browser means the network traffic is encrypted using SSL and therefore unreadable.

2. Trust NO ONE to store your credit card.

Online shopping is great. We save gas and time by browsing online, and the item is shipped faster than you can shake a green fist. Unfortunately some companies, to which we entrust our identity or financial credentials, are themselves negligently lax when it comes to IT security.

• DO NOT STORE CREDIT CARDS in online accounts with any vendor. Rather [tediously, yes], enter the credit card information for a one-time purchase each time you make a purchase. This is not risk-proof either, but incrementally better than storing your credit card like a sitting duck waiting for a hunting season.
• LIMIT CREDIT CARDS that you use online to a very short list. If something goes wrong you can more easily assess and contain the damage.
• READ YOUR STATEMENTS. We are unaware until a breach goes public. Take for example, the intrusion to Global Payments servers in March 2012 that was not reported publicly for nearly one month. Global Payments coordinates the steps involved in authorizing the charge and submitting the transaction details for VISA and Mastercard. When you hear news about credit card theft, check your statements and activity ASAP.

1. Protect your passwords.

Some of the most famous security intrusions come from hacking passwords, but your defense in this regard is totally within your control.

• Use strong passwords. A strong password is a character string generally not found in any dictionary for any language. Use a combination of Upper- and lower-case letters, mixed in with numbers and special characters. Create acronyms out of phrases.
• Use different passwords for different accounts, and change the password every 60-90 days. Yes, with all your stuff in the cloud, we’re talking about a load of passwords.
• Assess your risk, and firewall your passwords. Risk means the probability of something bad happening, and the impact if it did. It’s not kosher but the Green Geek does classify different accounts by degree of risk, and ramps up the security of passwords appropriately. For example, to comment on news or blogs, the Green Geek is known to reuse a password or two… For anything with private or banking information, the passwords are inscrutable. By “firewalling” passwords, there should be no crossover from an unimportant account to an important account.
• Use Multi-Factor Authentication! DO IT! Multi- or two-factor/two-step authentication (“MFA” or “2FA”) adds an extra step when you enter your user password, to ensure you are who you are. When you enable MFA, you define a “token” such as a phone; and when you try to login with your username and password, you will receive a message with a code (voice or text) on your phone or token. You enter this code along with the password. If your software provider, bank, or credit card company offers this option then use it (e.g. offered by Google Mail)!

“Social engineering” in IT security refers to the ability to hack based on using known info about a person, in order to crack the security procedures for forgotten passwords, or to guess or reset their passwords. While very common, social engineering can be reduced with the above privacy practices and password discipline. MFA stops social engineering dead in its tracks. Here are three epic social engineering stories:

• In 2008, when Sarah Palin was running for VP, someone hacked her Yahoo Mail and reset her password by correctly guessing Palin’s birthday and her security questions: “Where did you meet your spouse?” (Answer = Wasila High) Half the planet knows Palin’s bio; she compromised her own security when Palin chose that question.
• In 2009, the corporate email, business plans, and files of Twitter.com were hacked, when someone first hacked the wife of Twitter’s founder, and used the same passwords to gain access to the Twitter company.
• In 2011, the firm HBGary which specializes in corporate and government IT security got totally pwned and humiliated, when after bragging about exposing the hacker vigilante group, Anonymous, they were cyber attacked by Anonymous.

“I can explain it to you but I can’t understand it for you.” We can’t defend Stupid. But it’s not that hard. This Five-Point Plan breaks it down for you. The takeaway here is to learn from others’ mistakes, and get comfortable with security awareness.

Read more about internet crime at the FBI’s Internet Crime Complaint Center. If you are a victim of internet crime, file a complaint with the FBI. Crime or vulnerability that puts the nation at immediate risk should be reported to the U.S. Computer Emergency Readiness Team (US-CERT).

What is your best tip for keeping all of your devices protected? Comment below and you’ll be entered to win a $400 Amazon gift card from Kaspersky Lab.

One way to protect all of your devices is with Kaspersky ONE Universal Security. Download your FREE trial today.

This is a sponsored conversation written by me on behalf of Kaspersky Lab. The opinions and text are all mine. Official Sweepstakes Rules.

A flag for the Anonymous hackers group.

Cyber security is under constant threat as hackers are increasingly bold, organized, and sophisticated in their attacks.

Most recently, the loose confederation known as “Anonymous” has made waves for defacing and hacking websites ranging from the Boston Police Department to Paypal.

To track down hackers across the U.S. and globally, law enforcement efforts focused on one informant who would help catch the group of “politically inspired hacktivists,” the New York Times reported.

The informant’s aid helped charge four men in Britain and Ireland with computer crimes yesterday. In Chicago on Monday, the FBI arrested 27-year-old Jeremy Hammond in relation to a breach of Stratfor, a global intelligence provider. He hacked into Stratfor, allegedly stole credit card information, and accumulated $700,000 worth in charges, the New York Times said.

Two others, Darren Martyn, 25, also known as “Pwnsauce,” and Donncha O’Cearrbhail, 19, known as “Palladium” were also charged in New York, according to the New York Times.

Law enforcement members have reason to suspect a possible association of the prosecuted hackers with the Anonymous movement. Interpol recently announced 25 arrests of people suspected for being Anonymous members, the New York Times reported.

Serving as the informant, 28-year-old New Yorker Hector Xavier Monsegur – -known for his Twitter alias “The Real Sabu” — is a former hacker who pleaded guilty to counts of conspiracy in attacking computers last August.

Since his court appearance, Monsegur continued to spur on followers — and potential hackers — to instigate computer attacks on companies and government agencies, the New York Times reported. He also suggested his followers attack Interpol’s websites following the arrests of the potential Anonymous members.

One of his tweets suggested the federal government consists of “cowards,” and he urged his followers, “Don’t give into these people. Fight back. Stay Strong.”

According to the New York Times, the informant’s ability to hack and simultaneously “deceive fellow hackers” could “sow even more distrust in the ranks of Anonymous.”

“It is going to be very difficult for Anonymous to recover from such a breach of trust,’’ said Mikko Hypponen, a security researcher at F-Secure Labs in Helsinki, in an interview with the New York Times. “You can see the Anonymous people now looking left and right and realizing, if they couldn’t trust Sabu, who can they trust?’’

Anonymous has been known for its methods that aim to “slow or shut down sites,” or to “break into computer systems and expose embarrassing communications,” the New York Times noted. Other Anonymous hacking victims have been Fox News, Sony, and the FBI.

A former prison inmate at Plymouth County Correctional Facility pleaded guilty to the federal crime of damaging the prison’s computer systems.

Acting US Attorney Michael K. Loucks and Warren T. Bamford, Special Agent in Charge of the Federal Bureau of Investigation-Boston Field Division announced September 15 that Francis G. Janosko, 43 pleaded guilty to one count of intentional damage to a protected computer in Federal District Court in Boston.

During 2006 and 2007 While an Inmate at Plymouth, Janosko hacked a computer provided to inmates for legal research. The computer had restrictions disallowing use of email or Internet and various other functionality. Janosko was also able to gain access to a file containing names, addresses and social security of around 1,000 current and former employees of Plymouth County Correctional Facility. Janosko also attempted, albeit unsuccessfully to access a vital prison management software.

Janosko had been released from Plymouth County Correctional for some time but has been incarcerated since his apprehension in November 2008. The FBI and the Plymouth County Sheriff’s Office investigated this case. Assistant US Attorney Scott L. Garland of Michael K. Loucks’s Computer Crime Unit is prosecuting the case.

Judge O’Toole set the sentencing date for December 15. Under the terms set forth in a plea bargain Janosko faces 18 months in prison.

In a report outlining the updated priorities of US intelligence, China and Russia were placed alongside Iran and North Korea on a list of nations that challenge US interests at home and abroad, the French press agency AFP reports.

China was added, amongst other things, for “increasing natural resource-focused diplomacy and military modernization,” while Russia was singed out because, despite a growing partnership with the US on fighting things like nuclear terrorism, “it may continue to seek avenues for reasserting power and influence in ways that complicate US interests,” according to the AFP.

The National Intelligence Strategy (NIS), a report released every four years, calls China and Russia “aggressive” in the cyberworld and while the NIS did not explicitly name either countries as a cyber threat, it did outline cause for concern.

“At the tactical level, they are intent on penetrating our critical infrastructure, information systems, and leading industries,” it said, AFP reports. The report went on to recommend the US employ tactical strategies “across the cyber domain to protect critical infrastructure.”

The report also lists Iran and North Korea, unsurprisingly, as parts of its main opposition. It stressed the possibility of further partnerships with China and Russia to help strengthen relationships, however saw no hope of immediate reconciliation with either countries.

“Iran poses an array of challenges to US security objectives in the Middle East and beyond because of its nuclear and missile programs, support of terrorism, and provision of lethal aid to US and coalition adversaries…North Korea continues to threaten peace and security in East Asia because of its sustained pursuit of nuclear and ballistic missile capabilities, its transfer of these capabilities to third parties, its erratic behavior, and its large conventional military capability.”

Its assessment of Iran and North Korea was much harsher than of its two newcomers.

The report also highlighted Al-Qaeda as a continuing threat to both Americans and American interests at home and abroad and said the US’ main objective for the next four years will be to enhance “cyber security”, combat extreme terrorism and ensure weapons of mass destruction are not created or bought by any opposing nations.

The promotion and spread of democracy was not listed as a main priority.

When our MacBook Pro was new, we assumed that while a 120 GB hard drive wasn’t exactly the largest Apple offered the max was 250 GB, by the way it was plenty roomy enough to last us. Fast forward to two years later, where it seems that every few days our computer is constantly barking at us that the startup disk is almost full, Parallels runs the computer to a halt, and iPhoto was slow enough before we had to move all of our photos to our Time Capsule. Plus we hate toting around an external. There’s got to be a better solution, right?

It turns out that there are a couple ingenious hackers out there who have realized that the space your optical drive sits in is some very valuable real estate space which could easily be repurposed and filled with another hard drive. One intrepid blogger, Reid, has decided to throw his MacBook warranty out the window, removed the optical drive and replaced it with a 256 solid-state hard drive, seeing as they both run via a SATA connector. Check out his blog to see the nitty-gritty of what he did.

While Reid could have just as easily replaced the optical drive with a standard drive did you know they make 1 TB laptop drives now? solid state drives have many advantages over your standard drives. The flash memory inside a solid state hard drive has no moving parts, so they are more durable and last longer than your standard hard drives. Oh, and they’re FAST. How fast do you say? Reid found a seven-fold increase in speed in benchmark tests he ran.

The best part of all these shenanigans is that in the interest of bettering the human race, Reid is offering to help you trick out your laptop too. He’s posted all the instructions be warned, there’s some soldering required and a list of the $10 of parts you need to purchase from Amazon.com. Or for the slightly more adventurous, he’ll ship you the connector for $30. Or, if the whole performing surgery on your laptop makes you feel a bit queasy, you can ship your laptop to him with the hard drive you want installed, and for $35 plus $14 shipping, he’ll do everything for you.

We haven’t handed our laptop over to Reid €¦yet so remember these caveats: we don’t know Reid, though we’re sure he’s a stand-up guy, so you’re shipping your precious laptop to a blogger while simultaneously voiding your warranty. That being said, comparable services on other sites run $150 plus shipping for an install alone. Granted, MCE will perform a similar service and install a brace that keeps the hard drive from banging around, which might be important if you’re not installing a SSD, but it’s still quite a bit steeper than what Reid is promising.

Either way, with optical drives in notebooks going the way of the dodo, this just may be the life saving hack that will convince us to keep our notebook around for a little while more.

The bad guys are going virtual more and more, and American businesses and government networks are getting victimized at a record pace, according to an FBI report.

“The increasing number of such crimes not only impacts the economy but threatens national security,” the FBI said Friday.

The man at the head of the opposition is the FBI’s Shawn Henry, recently appointed head of their Cyber Division. He told reporters Wednesday that the FBI has literally thousands of open cyber crime cases.

“One case in point: We joined our international partners yesterday in announcing a major takedown of a transnational criminal network that was buying and selling stolen financial information through an online forum known as ‘Dark Market‘,” the FBI said Friday.

“The business of the United States is done on the Internet,” said Henry, “And the information that flows electronically 24/7 is increasingly the target of not only identity thieves and scammers, but organized crime groups, terrorists, and overseas governments.”

Yes, even other countries are trying to virtually penetrate the U.S. Henry says about 24 different governments have an “aggressive interest” in obtaining information from or making attacks against American cyber infrastructure.

Henry says that individual hackers and crackers have grouped up into “virtual gangs.”

“In years gone by, if a gang wanted to rob a bank, it needed crooks with various skills — safe cracker, get-away driver, look-out, etc. That’s essentially what we’re seeing in the cyber world today, only these virtual gang members have never met in the physical world,” Henry said.

“There are organized groups that are very successful.”