In the spirit of The Avengers we have our own superhero — a superhero of computer and IT policy. This article is written — in true superhero fashion — anonymously, by The Green Geek, whose real name you may never know.

Join together with the Green Geek in the struggle against evil vector forces that willingly destroy your computer and information security. Vectors in cyber space are villains who would maim your digital dignity, steal your identity, invade your privacy, destroy your data, and ruin your gadgets. If you let them.

What threats put you at risk? What can you do about it? Defend yourself with this Five-Point Plan from The Green Geek:

5. Value your privacy.

If you think privacy is no big deal, think again. You disclose a birthday here, a school there, you friend your mother’s mother on Facebook, expose your address or phone. Here and there you leave puzzle pieces that let us assemble your whole story.

• Villains can steal your identity - costing you much time and money. Stalkers can find you. Weirdos want to know you. Friends have Too Much Information. Employers can and will use what you say against you.
• Be in control. You rule the computer not the other way around. Draw a line in the sand where you will not cross for sharing private information. Use factual security questions that only you know the answer to. Do you really need 1000 people to wish you happy birthday online? Tell us about your vacation when you get back, but don’t tell the world beforehand when your house is empty. If you use f-bombs, serial date, and drink, do we have to see you share that? Do you need to save all the web searches you ever made?

4. ”Don’t talk to strangers.” Vectors include viruses, malware, botnets, robots, scam artists, and worse. This is huge.

• Look before you click. Only open messages and emails from senders you recognize. Someone is fishing for a sucker to bite their bait, in the form of fraudulent email. This is called “phishing“. Various sources estimate spam email takes up 90-94% of ALL email! Their purpose is to get you to look, buy, send money, accept a virus, or join a global botnet. Recognize fake and unwanted messages by their familiar but wrong sender address and weird titles. Report spam to help email vendors improve spam filtering.
• Only click on links from a source you trust. Inspect hyperlinks before you click on a hyperlink, which displays one thing but underneath is the real link.
• Don’t respond to emotional appeals or act on wishful thinking. What is real and hidden in the picture? Yeah, you’re lonely AND beautiful, you believe in love; or that car is a bargain! But if it is too good to be true, then it’s probably not. Some emails are written by robots. Some generic messages say nothing specific that can’t be said to everyone.
• Never enter your password in response to links in an email.

3. Lock your doors, literally and figuratively.

Prevent the entry of illicit vectors into your space by limiting access. Consider security like an onion. At the center of the onion is treasure, payload, your precious stuff. How easy is it to peel off the layers of security, if any?

• Physical access - How safe are your things, from smartphone to PC? Stuff should not be available for just anyone to touch. Keep these objects physically secure, not left laying around. Same as you would protect a wallet. Not left in public bathrooms, unlooked cars, or on the hood of your car.
• Device access - How safe are your data files and screen displays? What if someone has access to your smartphone or PC? Require a screenlock. You should provide a uniquely personal password, finger-swipe, or biometric to see further. If you share the device or PC with other guests, then create a guest portal, so that your user session is separate from theirs.
• Network security - How safe is your connection to a network for internet access?  Beware of Wifi and untrusted networks, where your internet traffic travels on the information superhighway in full view, unencrypted for network admins or sniffers to capture. Be safe and sure, use your own encrypted 4G or 3G air card or USB modem. This is handy for reliable internet access anywhere anytime, and you not only don’t have to compete amongst an entire coffeehouse full of net surfers for bandwidth, but you also have the peace of mind that that your communications are safe.
• Software reliability - Does your software scan for malicious vectors before you open or download objects? When you use the “cloud” – all the services are provided online via the internet on a web site or web server – make sure there is rigorous protection against vectors. Good cloud service providers will filter virus vectors from reaching your PC or device.  so that you either don’t download or get your data ruined by vectors. You want to use email software that filters spam well, for example Google Mail (gmail.com).
• Device defense is 1st and last - We’ve peeled the onion back. The above inevitably fail, because new vectors can sneak through until discovered. Keep your device up-to-date with the latest:  operating system; web browser; anti-virus/anti-malware software; and storage encryption.
• Microsoft Windows vulnerabilities created a multi-billion $$ spinoff industry just to create and administer the IT security. This gave Apple one leg up to bring to market OSX or iOS which were more closed and designed for better security. The Google browser Chrome is touted for its security. Samsung Galaxy Android and Apple iPad/iPhones are now offering the NIST FIPS 140-2 standard encryption for storage.
• If you login to use software (such as email and banking), the appearance of the “padlock” icon in the browser means the network traffic is encrypted using SSL and therefore unreadable.

2. Trust NO ONE to store your credit card.

Online shopping is great. We save gas and time by browsing online, and the item is shipped faster than you can shake a green fist. Unfortunately some companies, to which we entrust our identity or financial credentials, are themselves negligently lax when it comes to IT security.

• DO NOT STORE CREDIT CARDS in online accounts with any vendor. Rather [tediously, yes], enter the credit card information for a one-time purchase each time you make a purchase. This is not risk-proof either, but incrementally better than storing your credit card like a sitting duck waiting for a hunting season.
• LIMIT CREDIT CARDS that you use online to a very short list. If something goes wrong you can more easily assess and contain the damage.
• READ YOUR STATEMENTS. We are unaware until a breach goes public. Take for example, the intrusion to Global Payments servers in March 2012 that was not reported publicly for nearly one month. Global Payments coordinates the steps involved in authorizing the charge and submitting the transaction details for VISA and Mastercard. When you hear news about credit card theft, check your statements and activity ASAP.

1. Protect your passwords.

Some of the most famous security intrusions come from hacking passwords, but your defense in this regard is totally within your control.

• Use strong passwords. A strong password is a character string generally not found in any dictionary for any language. Use a combination of Upper- and lower-case letters, mixed in with numbers and special characters. Create acronyms out of phrases.
• Use different passwords for different accounts, and change the password every 60-90 days. Yes, with all your stuff in the cloud, we’re talking about a load of passwords.
• Assess your risk, and firewall your passwords. Risk means the probability of something bad happening, and the impact if it did. It’s not kosher but the Green Geek does classify different accounts by degree of risk, and ramps up the security of passwords appropriately. For example, to comment on news or blogs, the Green Geek is known to reuse a password or two… For anything with private or banking information, the passwords are inscrutable. By “firewalling” passwords, there should be no crossover from an unimportant account to an important account.
• Use Multi-Factor Authentication! DO IT! Multi- or two-factor/two-step authentication (“MFA” or “2FA”) adds an extra step when you enter your user password, to ensure you are who you are. When you enable MFA, you define a “token” such as a phone; and when you try to login with your username and password, you will receive a message with a code (voice or text) on your phone or token. You enter this code along with the password. If your software provider, bank, or credit card company offers this option then use it (e.g. offered by Google Mail)!

“Social engineering” in IT security refers to the ability to hack based on using known info about a person, in order to crack the security procedures for forgotten passwords, or to guess or reset their passwords. While very common, social engineering can be reduced with the above privacy practices and password discipline. MFA stops social engineering dead in its tracks. Here are three epic social engineering stories:

• In 2008, when Sarah Palin was running for VP, someone hacked her Yahoo Mail and reset her password by correctly guessing Palin’s birthday and her security questions: “Where did you meet your spouse?” (Answer = Wasila High) Half the planet knows Palin’s bio; she compromised her own security when Palin chose that question.
• In 2009, the corporate email, business plans, and files of Twitter.com were hacked, when someone first hacked the wife of Twitter’s founder, and used the same passwords to gain access to the Twitter company.
• In 2011, the firm HBGary which specializes in corporate and government IT security got totally pwned and humiliated, when after bragging about exposing the hacker vigilante group, Anonymous, they were cyber attacked by Anonymous.

“I can explain it to you but I can’t understand it for you.” We can’t defend Stupid. But it’s not that hard. This Five-Point Plan breaks it down for you. The takeaway here is to learn from others’ mistakes, and get comfortable with security awareness.

Read more about internet crime at the FBI’s Internet Crime Complaint Center. If you are a victim of internet crime, file a complaint with the FBI. Crime or vulnerability that puts the nation at immediate risk should be reported to the U.S. Computer Emergency Readiness Team (US-CERT).

What is your best tip for keeping all of your devices protected? Comment below and you’ll be entered to win a $400 Amazon gift card from Kaspersky Lab.

One way to protect all of your devices is with Kaspersky ONE Universal Security. Download your FREE trial today.

This is a sponsored conversation written by me on behalf of Kaspersky Lab. The opinions and text are all mine. Official Sweepstakes Rules.

A new report on Inside Mobile Apps reports that Microsoft may be looking to phase out its Microsoft Point system that it has used since the inception of the Xbox Live Marketplace in favor of real world money, a move that would effect not only Xbox Live, but the Zune Marketplace, and Windows Phone users as well.

Citing memos sent to company partners, the site claims that Microsoft has reportedly been warning said partners to get ready for the change by the end of 2012. Given the recent rash of Xbox Live Point thefts and phishing scams, one has to wonder whether security is a main reason for the possible change.

After confiscating a Massachusetts woman’s cupcake, the federal Transportation Security Administration is defending their decision according to boston.com.

Rebecca Hains of Peabody was not allowed to take her cupcake on the plain from Las Vegas to Massachusetts, and called the TSA’s defense “terrible logic.”

The TSA says the cupcake was packed in a jar full of frosting, which is considered a gel. This violates the policy that prohibits liquids and gels in order to protect travelers from terrorists that design explosives made of such substances.

Travelers are permitted to take cakes, pies and cupcakes through security as long as the gel does not exceed the federal limits.

The U.S. Department of Treasury unveiled a new $100 bill today, equipped with several changes that are meant to enhance security and reduce counterfeiting.

According to Larry Felix, the director of the Bureau of Engraving and Printing, the changes are meant to be “very obvious and visible.” The bill is pretty high-tech and has three major security changes.

The first is the blue 3-D security ribbon that runs down the bill lengthwise, right beside Franklin’s face. When you tilt the bill from side to side, the tiny images on the ribbon switch from bells to the number ’100′.

The second is the inkwell at the bottom of the bill, just to the right of the blue ribbon. It’s engraved with an image of a bell, and changes color from copper to green when you tilt the bill back and forth.

Lastly, there is a giant metallic ’100′ on the back of the bill and on the front in the bottom right corner. The metallic material is harder to counterfeit and it also changes color when the bill is tilted. That security feature is already on bills in other countries, such as Canada.

The $100 is the most counterfeited in America. As it’s the largest bill available for public use, the Department of Treasury said it felt the need to “protect the integrity” of U.S. money and overhaul its security features.

Click here for an interactive view of the new bill.

Click here if you want to see all of the American $100 bill designs, starting from 1862. The 1862 one is seriously awesome.

Digital forensics provider Paraben Corporation has released a new product designed to detect porn on a person’s computer.

According to Paraben, the average age of a person first exposed to pornography online is 11 — whether on purpose or .. cough … not.

The Paraben Porn Detection Stick scans a PC and peripherals like flash cards and external hard drives and seeks out all those nekkid pics.

“Creating a tool that empowers parents with the ability to find risks to their children was very important to me as a parent and as a professional fighting crimes against children,” said Amber Schroader, CEO of the Utah-based firm.

The product’s internal software can scan images for skin tones and body parts on 15 supported image formats. It doesn’t say anything, however, about video files.

The product is $99 and promises a 99 percent success rate.

So that still leaves, what, 10 gigs of porn on your computer?

A Boynton Beach, Fla. woman busted four robbers who broke into her house after she saw them ransacking her home on a digital webcam security system that let her check in on her house from her work computer.

Talk about timing.

When Jeanne Thomas saw four men robbing her house, she called 911 and the cops got there before the thieves could get away with the loot.

In the interview with CBS, Thomas says she used refers to the camera as a “webcam” but Logitech was quick to point out that it was actually their WiLife Digital Video Security System.

The product, while not a traditional webcam per se, is a bunch of webcam-like cameras that you can view from the web.

Names aside, it was a good $250 investment for Thomas.

There are many methods and products for ensuring data encryption, but unfortunately many can run you hundreds of dollars along with countless hours of time in the process.

I’ve always felt that some of the best software is free — take Mozilla Firefox for example.‚  SafeHouse Explorer is another great free product and in my use, I’ve found it to be a comprehensive data encryption solution for most Windows users.

One thing that I’ve noticed and enjoy about SafeHouse Explorer is its very clean look and simplicity of use. The application is designed to have the same appearance as the Windows Explorer and some of the most frequent tasks such as the “open volume” button are well placed and labeled, making the overall interface very functional, yet simple.

SafeHouse Explorer works to protect and encrypt your files by first letting your choose the size of its database or volume file. Then you create a password. I recommend that you choose a strong password (use the password strength indicator to help you), considering this will be your “master password” to all your files that are stored in that one volume. Once this is complete, you can simply drag and drop files into the window, and the program will then index and encrypt the files upon exiting the program.

One feature worth noting is the secure move-ability. This feature enables you easily move files to the SafeHouse application, and once imported, it destroys the files in the original location where they were dragged from.

Recovering your files is simple as well, and there are a variety of ways to regain access to your encrypted files. Users can create desktop shortcuts, double click on the volume file or simply launch the application and use the “open volume” button and navigate to the database or volume file. From there, users must enter their password- in which they assigned previously when they created the volume. SafeHouse Explorer then displays all of their files and the user can make changes. It then automatically creates a network drive when it recognizes you are logged into a particular volume. Once you close SafeHouse Explorer it deletes the network drive from Windows. This option makes it incredibly easy for users to easily gain access to their files using the familiar genuine Windows Explorer without having to use SafeHouse Explorer to access files. When volume is open in the application, users can make modifications directly to the file in SafeHouse Explorer. Many other clients require you to re-import files to make changes.

The company also offers a pro version of SafeHouse that offers additional functionality, but the free version is more than enough for most Windows users just looking to safeguard and encrypt files. There’s no Mac version, however.

You can download SafeHouse Explorer for free at: http://www.safehouseencryption.com/

Well, it’s happened.

Facebook has been hit with instant messaging spam.

Blast saw it first-hand when a friend who we haven’t talked to in a while randomly IM’d us about a “free” “giftcard” she’d “won” at a certain “website”.

We’ve gotten used to Facebook spam, with people’s accounts being hijacked to write on all their friends’ walls, but not this.

Nothing is sacred. Nothing is pure. You bastards.