Antivirus software Spyware and Update you system.

Problems with WEP

2008-06-16T19:00:00.000-07:00

Wireless transmissions are inherently unsafe, as they allow wireless hackers (wardrivers) to access your data from a nearby parking lot. As most readers also know, the IEEE 802.11 standard includes basic protection, known as the Wired Equivalent Privacy (WEP) protocol. This protocol defines a set of instructions and rules by which wireless data can be transmitted over airwaves with added security.

The WEP protocol standardizes the production of hardware and software that use the IEEE 802.11 protocol. To secure data, WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. RC4 is a secure algorithm and should remain so for several years to come. However, in the case of WEP, it is the specific wireless implementation of the RC4 algorithm, not the algorithm itself, that is at fault.

The following section will show in detail how WEP is cracked. On a busy corporate network, a wardriver can capture enough data to break your WEP encryption in about two to six hours. Breaking a home user's encryption might take longer (up to two to four weeks), since the flux of data is often much lower. Nevertheless, we recommend that you use WEP when possible, not just as a minor security barrier, but also because it serves as a gentle warning (akin to a login banner disclaimer on a network) that your network is private, rather than shared with the entire community. Also, some products (such as Windows XP) automatically associate with the strongest wireless signal by default. Using WEP prevents your neighbors from inadvertently sucking up your bandwidth, or from unknowingly browsing the Web using your home IP address!

Understand and participate in forensics.

2008-06-04T19:37:00.000-07:00

In physical crimes, such as robbery and murder, special investigative teams are trained in the science of collecting and analyzing crime-scene data. These teams include on-scene personnel as well as forensic scientists in labs. Computer forensics is no different in its practice. In fact, many people are shocked to find that computer attack forensics is more concerned with law and evidence gathering, handling, and preservation than with computers. Most companies today don't prepare or understand the forensics process until after an attack has occurred. It is our goal in this section to show you what is required and how to prepare before an attack occurs.
First things first—computer crime is increasing and our ability to cope with the complexity of the networks and software applications that are being created is decreasing. Now, this is most certainly a generalization, but it holds true for many of the clients and companies we see every year. Another truth is that given enough time, energy, and incentive, just about any network can be hacked. If you can accept these basic truths, the time you spend planning and training in areas such as computer forensics will seem less like a waste of time and more like an investment.

Computer forensics is about collecting and analyzing data so it can be used and presented in court. Without proper forensic techniques, you are likely to destroy valuable data or render it inadmissible because it was improperly obtained, collected, or stored. Without evidence, you can't prosecute offenders, properly terminate employees for inappropriate behavior, or seek damages when corporate espionage hits home.

Privilege Management

2008-06-04T19:36:00.000-07:00

DMZ : Demilitarized Zone

2008-06-04T19:33:00.000-07:00

DMZ : Demilitarized Zone :
Also called the free-trade zone or the neutral zone, this is an area in your network that allows a limited and controlled amount of access from the public Internet. The DMZ often hosts the corporation's Web and File Transfer Protocol (FTP) sites, email, external Domain Name Service (DNS), and the like. This network segment usually lies between the internal corporate network and the public Internet.

What does antivirus software do?

2008-05-07T00:24:00.001-07:00

There are a variety of antivirus software packages that operate in many different ways, depending on how the vendor chose to implement their software. What they have in common, though, is that they all look for patterns in the files or memory of your computer that indicate the possible presence of a known virus. Antivirus packages know what to look for through the use of virus profiles (sometimes called "signatures") provided by the vendor.

New viruses are discovered daily. The effectiveness of antivirus software is dependent on having the latest virus profiles installed on your computer so that it can look for recently discovered viruses. It is important to keep these profiles up to date.

More information about viruses and antivirus software can be found on the CERT Computer Virus Resource page
http://www.cert.org/other_sources/viruses.html

What is NAT?

2008-05-07T00:22:00.000-07:00

Network Address Translation (NAT) provides a way to hide the IP addresses of a private network from the Internet while still allowing computers on that network to access the Internet. NAT can be used in many different ways, but one method frequently used by home users is called "masquerading".
Using NAT masquerading, one or more devices on a LAN can be made to appear as a single IP address to the outside Internet. This allows for multiple computers in a home network to use a single cable modem or DSL connection without requiring the ISP to provide more than one IP address to the user. Using this method, the ISP-assigned IP address can be either static or dynamic. Most network firewalls support NAT masquerading.

CAPTCHA! Gmail bot detector system cracked

2008-02-27T17:39:00.000-08:00

The Gmail CAPTCHA has been cracked—albeit not easily—raising new concerns about spammers' ability to abuse Google's e-mail services. Websense Security Labs pointed out the security breach late last week, noting that spammers have a lot to gain by being able to use bots to automatically sign up for new accounts.

Google's free e-mail services and a highly-desirable gmail.com domain—one that is unlikely to be blacklisted by anybody's spam filters—are just two of the features that induced spammers to crack the CAPTCHA and have bots do all the work. On the upside, it apparently wasn't easy—Websense says that it required two bot hosts to crack instead of just the one that recently cracked Windows Live Mail's CAPTCHA (Websense believes that the same group was involved with both). It also believes that the two hosts are required because the first host may fail at cracking the code the first time around (and possibly time out), but the second host may also be required to check the work of the first. Additionally, only one in every five CAPTCHA-breaking requests on Gmail succeeded. Still, a 20 percent success rate is relatively high when you consider that spambots are trying to register hundreds (or thousands) of e-mail addresses at a time.

The CAPTCHA test—Completely Automated Public Turing test to tell Computers and Humans Apart—is one we're all familiar with. When signing up for new services, we are often asked to decipher a series of letters and numbers embedded in an image that is supposed to be difficult for computers to read. But, while the CAPTCHA has worked well in the past, hackers are getting better at programming computers with the ability to read them.

Read More

Securing Wireless Networks

2008-02-26T19:31:00.000-08:00

How do wireless networks work?

As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area.

Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an internet connection. This provides a "hotspot" that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID.

What security threats are associated with wireless networks?

Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.

What can you do to minimize the risks to your wireless network?

Change default passwords - Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Changing default passwords makes it harder for attackers to take control of the device (see Choosing and Protecting Passwords for more information).
Restrict access - Only allow authorized users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network.
Encrypt the data on your network - WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data .
Protect your SSID - To avoid outsiders easily accessing your network, avoid publicizing your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess.
Install a firewall - While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer

Clean your Windows registry

2007-12-11T01:26:00.001-08:00

CleanMyPC Registry Cleaner 3.50 - The Most Popular Registry Cleaner

PC runs much slower than when you first bought it

PC crashes for no apparent reason

You keep receiving error messages and don't know why

Solution: You need a Reliable Registry Cleaner!
CleanMyPC™ Registry Cleaner can clean your Windows registry, tune up your PC and keep it in peak performance!

The Windows registry is a database repository for information about a computer's configuration. The registry keep growing when you use Windows. As it does so, it attracts obsolete and unnecessary information, and gradually becomes cluttered and fragmented. With the growing of the registry, it can degrade the performance of the whole system and cause many weird software problems. To keep your computer in top performance, it is recommended to periodically clean your Windows registry with a reliable and efficient Registry Clean

CleanMyPC Registry Cleaner scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free. The backup/restore function of the tool let you backup your whole Windows Registry so you can use it to restore the registry to the current status in case you encounter some system failure. Besides above, the startup and BHO organizer feature let you manage your startup and IE BHO items with ease, and you can control the programs started with Windows and IE more handy with this feature!

In short, CleanMyPC Registry Cleaner help you get rid of the bloat in Windows registry and achieve a cleaner, faster system.
The latest version adds the registry defrag/compact and privacy eraser features.

Main Registry Cleaner Features:

Automatic Registry Scanning and Cleanup

Backup and Restore the full Registry

Registry Defrag and Registry Compact

Tracks Eraser feature for privacy protection

Startup Organizer

IE BHO Organizer

Improve system performance

Remove Trojan which utilize startup items and IE BHO

Try It

Protecting Portable Devices: Data Security.

2007-11-18T22:52:00.000-08:00

Why do you need another layer of protection?
Although there are ways to physically protect your laptop, PDA, or other portable device (see Protecting Portable Devices: Physical Security for more information), there is no guarantee that it won't be stolen. After all, as the name suggests, portable devices are designed to be easily transported. The theft itself is, at the very least, frustrating, inconvenient, and unnerving, but the exposure of information on the device could have serious consequences. Also, remember that any devices that are connected to the internet, especially if it is a wireless connection, are also susceptible to network attacks (see Securing Wireless Networks for more information).

What can you do?

Use passwords correctly - In the process of getting to the information on your portable device, you probably encounter multiple prompts for passwords. Take advantage of this security. Don't choose options that allow your computer to remember passwords, don't choose passwords that thieves could easily guess, use different passwords for different programs, and take advantage of additional authentication methods (see Choosing and Protecting Passwords and Supplementing Passwords for more information).
Consider storing important data separately - There are many forms of storage media, including floppy disks, zip disks, CDs, DVDs, and removable flash drives (also known as USB drives or thumb drives). By saving your data on removable media and keeping it in a different location (e.g., in your suitcase instead of your laptop bag), you can protect your data even if your laptop is stolen. You should make sure to secure the location where you keep your data to prevent easy access.
Encrypt files - By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
Install and maintain anti-virus software - Protect laptops and PDAs from viruses the same way you protect your desktop computer. Make sure to keep your virus definitions up to date (see Understanding Anti-Virus Software for more information).
Install and maintain a firewall - While always important for restricting traffic coming into and leaving your computer, firewalls are especially important if you are traveling and utilizing different networks. Firewalls can help prevent outsiders from gaining unwanted access (see Understanding Firewalls for more information).
Back up your data - Make sure to back up any data you have on your computer onto a CD-ROM, DVD-ROM, or network (see Good Security Habits and Real-World Warnings Keep You Safe Online for more information). Not only will this ensure that you will still have access to the information if your device is stolen, but it could help you identify exactly which information a thief may be able to access. You may be able to take measures to reduce the amount of damage that exposure could cause.

Authors: Mindi McDowell, Matt Lytle

Packet Sniffing

2007-10-25T01:00:00.001-07:00

A network sniffer, or packet sniffer, is an application that captures all traffic traveling past a network interface attached to some network. Packet sniffing is useful for network troubleshooting and software developers; however, it can also be used to eavesdrop on unencrypted traffic (unencrypted email, Web packets, IM, and more).

When people communicate via IM, they do not realize their communication is probably hopping around numerous times through various networks and routers. On any network segment along this path, someone can use a packet-sniffing tool to intercept such communications. However, scanning through a large number of packets to extract something useful is very difficult. Thus, attackers also employ communication filters, software to detect and identify specific types of communication currently underway.

When attackers get access to some wire, they attach a network device to that network segment. Next, they install a communication filter to capture packets that contain specific strings or patterns, such as the "password" keyword. If a pattern in the filter matches traffic from the wire, that packet is recorded for subsequent analysis.

Flat, unswitched local area networks are particularly vulnerable to sniffing attacks because every packet traveling between two hosts is broadcast to all nodes on the network segments to which each host belongs. Thus, a sniffing device or program could be connected to any port or installed on any machine on the same segment. A few years ago, switching technology became sufficiently inexpensive to be widely accepted as a standard LAN building block. In many installations, switches replaced broadcast hubs and were used to micro-segment LANs into numerous virtual segments. Switches also establish point-to-point channels between pairs of hosts as they initiate conversations. This alleviates the problem of sniffing but does not eliminate it completely (especially if attackers can access the switch itself).

In the real world it is at least difficult, if not impossible, to gain access to ISP facilities and install sniffers there. Therefore, the biggest source of sniffing threats stems from LANs and public facilities. Cable modem technology is particularly prone to sniffing-based attacks, because all users on a cable segment can see (and therefore sniff) all traffic on that segment. Companies or organizations that support remote access for cable modem-based users should definitely use more secure implementation, preferably those based on IPSec.

Because so much information used in popular messaging software now takes the XML format using the HTTP protocol, traffic vulnerability to sniffing is actually on the rise. The latest trend is to convert everything to XML formats. Unfortunately, this also means that using HTTP without SSL or TLS is tantamount to sending information in clear text from the hacker's perspective. This explains why sniffer attacks are both insidious and potentially very dangerous because they can decode and reveal lots of sensitive information.

To prevent information leaks, you can't rely on communication programs that use no encryption mechanisms; you must use IPSec or VPN solutions to secure communications both on the local network and for all remote access. If IM services are deployed for business purposes, use applications similar to Microsoft Exchange Server 2000, which enables you to operate your own IM server that might or might not interact with the rest of the world. As a matter of security policy and user education, users should also be coached on which types of communication and file transfer are appropriate using IM outside organizational boundaries—if indeed such use is permitted at all.

Using Caution with Email Attachments

2007-10-17T21:16:00.001-07:00

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.

Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.

Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:

Be sure the signatures in your anti-virus software are up to date.

Save the file to your computer or a disk

Manually scan the file using your anti-virus software

Open the file

Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
Consider additional security practices - You may be able to filter certain types of attachments through your email software or a firewall.

Excel 2007and Excel Services 2007 involving calculation

2007-10-10T18:59:00.001-07:00

Excel 2007and Excel Services 2007 involving calculation of numbers around 65,535.This issue was introduced when we were making changes to the Excel calculation logic in the Office 2007 time frame. Specifically, Excel incorrectly displays the result of a calculation in 12 very specific cases (outlined below). The key here is that the issue is actually not in the calculation itself (the result of the calculation stored in Excel’s memory is correct), but only in the result that is shown in the sheet. Said another way, =850*77.1 will display an incorrect value, but if you then multiply the result by 2, you will get the correct answer (i.e. if A1 contains “=850*77.1”, and A2 contains “=A1*2”, A2 will return the correct answer of 131,070).

So what, specifically, are the values that cause this display problem? Of the 9.214*10^18 different floating point numbers (floating point) that Excel 2007 can store, there are 6 floating point numbers (using binary representation) between 65534.99999999995 and 65535, and 6 between 65535.99999999995 and 65536 that cause this problem. You can’t actually enter these numbers into Excel directly (since Excel will round to 15 digits on entry), but any calculation returning one of those results will display this issue if the results of the calculation are displayed in a cell. All other calculation results are not affected.

fixes for this issue in Excel 2007 and Excel Services 2007 are available for download from the following locations:

Excel 2007: http://download.microsoft.com/download/6/1/3/61343075-aa12-4152-a761-fccc16d6cef4/office-kb943075-fullfile-x86-glb.exe
64-bit Excel Services 2007: http://download.microsoft.com/download/c/d/c/cdcccd84-86cd-4199-b01c-1df2dac66534/office-kb943076-fullfile-x64-glb.exe
32-bit Excel Services 2007: http://download.microsoft.com/download/c/d/c/cdcccd84-86cd-4199-b01c-1df2dac66534/office-kb943076-fullfile-x86-glb.exe

KB Articles have been posted as well:

Excel 2007: http://support.microsoft.com/default.aspx/kb/943075/
Excel Services 2007: http://support.microsoft.com/default.aspx/kb/943076

Registry Clean Expert: Fix&Backup registry

2007-10-01T03:23:00.001-07:00

Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free. The backup/restore function of the tool let you backup your whole Windows Registry so you can use it to restore the registry to the current status in case you encounter some system failure. Besides above, the startup and BHO organizer feature let you manage your startup and IE BHO items with ease, and you can control the programs started with Windows and IE more handy with this feature!

In short, Registry Clean Expert help you get rid of the bloat in Windows registry and achieve a cleaner, faster system..

Feature highlights include:

Scan Windows registry and find incorrect or obsolete information in the registry.

Fix the obsolete information in Windows registry with this Registry Cleaner and boost your Windows performance.

Make backups for Windows Registry.

Restore Windows Registry from previous backup.

Manage the programs started when Windows starts up with the Startup Organizer.

Manage the IE BHOs with BHO organizer.

Remove Spyware, Adware and Trojan hidden in your startup items and BHOs.

Registry Compact and Registry Defrag.

Built-in Tracks Eraser for privacy protection.

A user-friendly interface makes it easy for anyone to use Registry Clean Expert.

Use Strong Passwords.

2007-09-27T03:12:00.001-07:00

Your living space has doors and windows, and perhaps most of the time they’re locked. For each lock that uses a key, chances are that each key is different. You know to lock up and not to share the keys with strangers, and probably not with most of your friends. You should not hide keys under the mat or in a flowerpot on your front porch.

Passwords for computers are much the same. For each computer and service you use (online purchasing, for example), you should have a password. Each password should be unique and unrelated to any of your other passwords. You shouldn’t write them down nor should you share them with anyone, even your best friends.

A password can also be complicated. Most schemes let you use any combination of letters, both upper and lower case, and numbers; and some also let you use punctuation marks. Lengths can vary. You can create a password to be as complicated as you want. The key (no pun intended) is to be able to remember this password whenever you need it without having to write it down to jog your memory.

Like the thief at your door, computer intruders also use trial-and-error, or brute-force techniques, to discover passwords. By bombarding a login scheme with all the words in a dictionary, they may “discover” the password that unlocks it. If they know something about you, such as your spouse’s name, the kind of car you drive, or your interests, clever intruders can narrow the range of possible passwords and try those first. They are often successful. Even slight variations, such as adding a digit onto the end of a word or replacing the letter o (oh) with the digit 0 (zero), don’t protect passwords. Intruders know we use tricks like this to make our passwords more difficult to guess.

Just like the front door key, even a complicated password can be copied and the copy reused. Remember the earlier discussion about information on the Internet being in the clear? Suppose that really strong password you took a long time to create – the one that’s 14 characters long and contains 6 letters, 4 numbers, and 4 punctuation marks, all in random order – goes across the Internet in the clear. An intruder may be able to see it, save it, and use it. This is called sniffing and it is a common intruder practice.

The point is that you need to follow the practice of using a unique password with every account you have. Below is a set of steps that you can use to help you create passwords for your accounts:

The Strong test: Is the password as strong (meaning length and content) as the rules allow?
The Unique test: Is the password unique and unrelated to any of your other passwords?
The Practical test: Can you remember it without having to write it down?
The Recent test: Have you changed it recently?

In spite of the SUPR tests, you need to be aware that sniffing happens, and even the best of passwords can be captured and used by an intruder.

You should use passwords not only on your home computer but also for services you use elsewhere on the Internet. All should have the strongest passwords you can use and remember, and each password should be unique and unrelated to all other passwords. A strong password is a password that is longer than it is short, that uses combinations of uppercase and lowercase letters, numbers, and punctuation, and that is usually not a word found in a dictionary. Also remember that no matter how strong a password is, it can still be captured if an intruder can see it “in the clear” somewhere on the Internet.

Norton Internet Security 2008

2007-08-29T01:16:00.001-07:00

Norton internet security 2007 is a very useful internet security utility that will protect your computer while you surf online.

The chaos and rapid growth of the world wide Web have created the perfect environment for malicious and damaging entities that threaten your PC and your identity. The important documents stored in your computer must be protected from hackers and other virtual prowlers. With Norton Internet Security, you will be able to enjoy your computer with confidence, knowing that viruses and spyware will be either blocked or removed. All kinds of malicious programs will be removed automatically, including the damaging side effects.

Key Technologies

Antispyware

Antivirus

Two-Way Firewall

Advanced Phishing Protection

Intrusion Prevention

Rootkit Detection

Features

improved performance delivers faster starts and scans.

One click access to expert support.

Network security monitoring helps protect your wireless network.

Norton Identity Safe delivers enhanced i dentity theft protection.

Works quietly in the background.

Protection for up to 3 PCs per household

Blocks identity theft by phishing Web sites

Protects against hackers

Detects and eliminates spyware

Removes viruses and Internet worms automatically

Protects email and instant messaging from viruses

Prevents virus-infected emails from spreading

Rootkit detection searches underneath the operating system using patented technology

Includes protection updates and new product features as available throughout the renewable service period

On-going Protection option automatically renews your subscription

Need antispam or parental controls?

Go to Norton Internet Security 2008

Update Salfeld Child Control 2007

2007-08-27T19:43:00.001-07:00

Computers are the place for children. This is the place where they can sharpen their agility as well as their abilities. They can learn and make new friends. What’s more, the Internet provides information for homework assignments. So far, so good. But they also need to be protected from the computer—for one thing, so that they don’t lose their sense of time and forget to go out and play with their friends once in a while, and for another, because of the dangers lurking on the Web. That’s why responsible parents everywhere install Child Control on every computer that their children use.

Give children an “allowance” of time
Child Control 2007 keeps track of the time your kids spend in front of the computer. Once their time is up, the computer automatically shuts down and won’t start up again—something any kid can understand. Our experience has shown that Child Control 2007’s verdict is accepted without arguments—there is no debate and no discussion. Another way of looking at it: “Child Control gives your kids back time that they are then free to spend in other ways.”

Safety on the Internet
It isn’t always easy to watch your young ones’ every move on the computer—and it’s even harder to follow what they’re doing on the Internet. Child Control 2007 can also help you here, by automatically shutting the door on their Internet connection once their allotted time is used up. Parents can easily regulate how many hours a day each child can spend on the Internet, and even specify the precise hours of the day when the gate to the worldwide online community will be available.

The Dark Side of the Internet
Sure, you can find any number of sites that are useful for learning, reference, and games. Then there are the other ones that are clearly inappropriate for children and teens. Some parents also worry about their children ending up on one of these sites by accident, or as the result of a dare. These fears can be quickly put to rest by Child Control 2007, which has already made a name for itself in Internet monitoring.

Control Internet access using filters
Child Control lets you activate filters to block all websites oriented toward violence or sex. You can also filter out specific words that may appear on various websites. Alternatively, you can limit access to only the websites that you specify. In that case, your kids will only be able to access these sites, and all others will be off-limits. In the 2007 version, parents can also limit their kids’ stay on certain sites to a specified time, so that eventually they will have to put their online games away and get back to their homework.

System Requirements
Our products use very few system resources and can easily be run on older PC's. Software programs listed here can be run on all current Windows platforms (Windows 95(b), 98, ME, NT, 2000, XP, XP SP2 (home und professional). Resource usage is relatively light: a Pentium II, Celeron, or AMD Athlon/Duron running at 266 MHz or above; a mouse; VGA (800x600 or higher); 64MB RAM; and 5 MB free disk space per application are sufficient.

Download the trial version : Salfeld Child Control 2007
Visit Site : www.salfeld.com

Microsoft Windows Vista Weather Gadget vulnerability

2007-08-24T02:12:00.001-07:00

The Windows Vista Weather gadget contains a vulnerability that may allow and attacker to execute code.

Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to the way Windows Vista treats other executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as web pages are. HTML content in the Gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to applications (.exe files) downloaded from the Internet.

Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls, and because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user.

This document outlines some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets.

Never Trust Input

This is the same advice we have given for years, and it still holds true for Sidebar Gadgets. Many Gadgets read, manipulate, and then display untrusted data, such as that coming from an XMLHttpRequest object or an ActiveX control. All such input needs to be validated.

Validate Untrusted Input

There is no replacement for a good input checker. You should build a function or functions that include regular expressions to verify that the input is correctly formed, and if it is not, you should reject the data. Below is a loose example that only allows numbers, brackets, dashes, and spaces between 6 and 14 characters long.

More Information MS07–048

What is Phishing and Pharming?

2007-08-06T21:45:00.001-07:00

Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.

Avoiding Social Engineering and Phishing Attacks

2007-08-06T21:34:00.001-07:00

What is a social engineering attack?

To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

How do you avoid being a victim?

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Don't send sensitive information over the Internet before checking a web site's security policy or looking for evidence that the information is being encrypted (see Protecting Your Privacy and Understanding Web Site Certificates for more information).
Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.html).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account (see Preventing and Responding to Identity Theft for more information).
Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

Warns Public of Fraudulent Phishing Email.

2007-08-06T21:31:00.001-07:00

US-CERT is aware of a recent surge in fraudulent phishing e-mail messages. The messages, claiming to be from the United States National Medical Association, contain a subject line that reads "The United States National Medical Association" and a link that, when followed, will direct the user to a malicious website. These messages are not from any United States government agency.

Users are encouraged to take the following measures to protect themselves from phishing attacks:

Do not follow unsolicited web links received in email messages.

Verify the legitimacy of the email by contacting the company or agency directly through a trusted contact number.

Visit the Anti-Phishing Working Group for more information on known phishing attacks.

Mozilla Releases Update to Address URI Sanitization Vulnerability

Mozilla has released an update for the Firefox browser to address two vulnerabilities with URI sanitization. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

More information regarding these vulnerabilities and the Firefox update can be found in the following:

Vulnerability Note VU#783400
Vulnerability Note VU#403150
Mozilla Foundation Security Advisory 2007-27
Mozilla Firefox update

US-CERT encourages users to upgrade to Firefox 2.0.0.6 which has been released to address these vulnerabilities.

Microsoft Windows URI Protocol Handling Vulnerability

US-CERT is aware of a vulnerability in the way Microsoft Windows determines how to handle URIs, which may be be leveraged by a remote attacker to execute arbitrary commands on an affected system. Public reports demonstrate that Mozilla Firefox can be used to pass malicious URIs to Windows, but other applications may also act as attack vectors for this vulnerability.

More information regarding this vulnerability can be found in Vulnerability Note VU#403150.

4 steps to protect your computer

2007-07-18T02:56:00.001-07:00

Step 1. Keep your firewall turned on.

A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.

Step 2. Keep your operating system up-to-date.

High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.

Step 3. Use updated antivirus software.

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antivirus technology to help prevent viruses, and you need to keep it regularly updated.

Step 4. Use updated antispyware technology

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help prevent spyware, and you need to keep it regularly updated.

Using Caution with Email Attachments

2007-07-03T20:30:00.001-07:00

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.

Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.

Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.

Save and scan any attachments before opening them. If you have to open an attachment before you can verify the source, take the following steps:

Be sure the signatures in your anti-virus software are up to date (see Understanding Anti-Virus Software for more information).

Save the file to your computer or a disk .

Manually scan the file using your anti-virus software Open the file.

Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it. Consider additional security practices - You may be able to filter certain types of attachments through your email software (see Reducing Spam) or a firewall (see Understanding Firewalls).

3 Steps to Ending Scams and Virus Problems.

2007-06-04T20:23:00.001-07:00

Watching how the traditional media covers the latest virus or scam would make one think we are all innocent victims and it is the "evil Internet" at work once again. News flash! Innocent? More like uninformed. Victim? In many cases add the word "willing." The media's point of view and how they choose to portray these occurrences always makes me chuckle.

In the past decade, there has been very little progress when it comes to onliners wanting to acquire just enough information and knowledge to know how to protect themselves. They throw their hands up claiming "I'm not a techie!" while they proceed to want to participate in "technienology." The truth is these issues are part and parcel of participation.

Many do not update their virus programs (that is if they even have one in the first place) and they believe some of the most gratuitously ridiculous offers. That is as long as those "offers" insinuate easy riches with little effort or expense. To that end; there is your weakest link. The propensity to believe misinformation that caters to one's inner desires.

When did plain old common sense go out the window? Why do the natural rules of trust, common sense and due diligence for some reason not seem to apply online? Off-line if these tactics were used, most would probably laugh the salesperson right out of the building! But online, we enter the surreal world of possibilities combined with the perception that some of the most important issues of all are ours to ignore or disregard if we so please.

When it comes to impeding scams and viruses there are three simple solutions:

1. For Scams: Simply don't believe it; none of it! If it comes in an e-mail you didn't request-just hit delete! If it's on a Web site, do your due diligence to confirm claims and to ask for recommendations and proof. Investigate how long the site has been online. Read their terms and conditions. E-mail them with every single question you may have before you give them one red cent of your hard earned dollars. Only proceed if you receive timely and concise answers. Not willing to make these efforts? Then plan on getting ripped off and you deserve it! Buyer beware? More like buyer be informed!

2. For Viruses: Update your virus software every time you log on. Simple. Don't click on any links within e-mails that you are not expecting. Most virus software has an automatic scheduler so that the software can update daily at specified times. Once this is setup you will no longer have to manually update. Then, keep your update subscription current. Remember, you computer doesn't know what to protect you from without these updates!

3. Make an effort in both these areas to understand the tools and resources available to you to help you participate in a smart and informed manner. You can literally check anything out online by searching Google to find reviews, warnings or even accolades and recommendations. Take the time to use and absorb the information available to you if you want to participate in information technology!

By following the above three steps, those who create viruses wouldn't have a leg to stand on and the scammers would not be in business by taking advantage of what folks don't want to take the time to understand or verify.

As long as Netizens do not make a concerned effort to be informed there will be someone out there willing to take advantage of them. Don't blame technology; don't blame the scammers and hackers. The blame should be placed with those who can easily avoid these situations, but choose to not be informed enough to do so.

About the Author:

Judith Kallos is an authoritative and good-humored Technology Muse who has played @ http://www.TheIStudio.com for over a decade.

Check out her popular Technology Cheat Sheets: http://www.LearnAndThrive.com

F-Secure Patches multiple vulnerabilities in Products.

2007-05-31T20:28:00.000-07:00

Finnish security vendor F-Secure has patched multiple vulnerabilities in its software, including a buffer overflow vulnerability affecting a number of its products.

The buffer overflow vulnerability lies in the processing of LHA archives and may allow an attacker to execute arbitrary code or create a denial-of-service condition. This flaw is related to a similar problem discovered last fall involving the way the Gzip decompression utility handles LZH-compressed archives, F-Secure officials said in an advisory.

"An attacker may create a specially crafted LHA archive, which then in its decompression phase exploits the described buffer overflow vulnerability, allowing arbitrary code to be executed or the exploit to create a denial-of-service condition," said officials at the Helsinki, Finland-based company.

The bug affects F-Secure's Anti-Virus, Internet Gatekeeper and Internet Security product suites.

Two other vulnerabilities were patched Wednesday as well. One is an IOCTL (Input/Output Control) vulnerability in the Real-time Scanning component of F-Secure workstation and file server products for Windows. An attacker with local access to the system can escalate their privileges to the system with a specially crafted IRP (I/O request packet) due to improper access validation of the address space used by Real-time Scanning, company officials said.

The final flaw patched Wednesday is a bug in F-Secure's Policy Manager Server that could be used by attackers to launch a denial-of-service attack. A DoS condition can be triggered by using NTFS-reserved words as URL filenames, company officials warned. France-based security research organization FrSIRT rates this particular flaw, which is remotely exploitable, as low risk.

By Brian Prince www.eweek.com

Corporate Security for Your Home Business.

2007-05-22T23:34:00.001-07:00

The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.

Corporate Security: Information

Information is the commodity that makes companies unique. That information could be a process your company does better than others; or it could be how to make the unique product you sell; or it could be a collection of information that you have that others want access to. In any case, protecting the information that makes your company viable could mean financial life or death for your venture. There are three simple corporate security solutions you can implement to decrease the likelihood that your information will be leaked or lost.

Make back ups often. If you are like 90% of computer users out there who use Windows, pressing [ctrl] + S is a habit well worth forming. Besides information, time is one of your most valuable resources, so you can't afford to lose hours of work every time the system crashes. Save your work as often as you stop typing. Making additional copies of master files in other places beside your hard drive will mean you won't lose everything if your hard drive becomes corrupted. Keep these discs in a safe place where you can easily access them if you need to.

Keep secret passwords secret. This may seem like a no-brainer, but too often we think of passwords as annoyances slowing us down. Systems are password-protected to ensure that only those persons who should be allowed access are granted access. If you are working out of a home office and have little face-to-face interaction with clients or customers, you may be tempted to leave your system unlocked or pin a list of your user names and passwords near the computer. Remember that children are both curious and smart, and in only a few clicks of the mouse they can accidentally erase important files. Do yourself the favor of memorizing your passwords and changing them on occasion.

Maintain an up-to-date computer system. Computers that run slower also have the terrible tendency of getting overloaded and shutting down. The internet is one of the biggest culprits of bogging down your processing speed, but running several programs at the same time will also do it. Keeping your processor and memory up-to-date will help ensure that you are able to perform all the tasks that are required of you without having to spend a lot of time waiting for your computer to catch up.

Corporate Security: Hardware

Chances are good that IBM's annual technology budget is quite a bit larger than your home business's budget. Between putting food on the table and covering the operating costs of your business, purchasing new equipment might seem like a luxury you'll never have. Protecting your computer system from viruses, spy ware, and malicious software is one of the most cost-effective ways to ensure your computer will last as long as you need it to.

Know what is on your computer. Viruses can come through email, discs, or the internet, and are typically well-hidden on your hard drive. Perform systematic checks of the temporary internet files, cookies folder, and the rest of your hard drive to ensure that you have not accidentally picked up a virus. Software can be purchased that filters spam and helps you manage the internet files and cookies that are downloaded automatically on your computer. A proactive approach in combating viruses and spy ware is usually the most effective way to make sure your hardware stays protected.

Though corporate security solutions may seem like a luxury your home business can not afford, protecting information and hardware are priorities that all companies should have. Following these simple, inexpensive solutions to common security concerns your company may have will go a long way in helping you succeed.

Nick Smith is a client account specialist with 10x Marketing - More Visitors. More Buyers. More Revenue. For more information about cost-effective corporate security solutions, visit ContentWatch.com.

Benefits of BCC (blind carbon copy).

2007-05-22T23:10:00.001-07:00

What is BCC?

BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Unlike addresses in the To: field or the CC: (carbon copy) field, addresses in the BCC: field cannot be seen by other users.

Why would you want to use BCC?

There are a few main reasons for using BCC:

Privacy - Sometimes it's beneficial, even necessary, for you to let recipients know who else is receiving your email message. However, there may be instances when you want to send the same message to multiple recipients without letting them know who else is receiving the message. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. You may also want to avoid listing an internal email address on a message being sent to external recipients.

Another point to remember is that if you use the To: or CC: fields to list all of your recipients, these same recipients will also receive any replies to your message unless the sender removes them. If there is potential for a response that is not appropriate for all recipients, consider using BCC.
Tracking - Maybe you want to access or archive the email message you are sending at another email account. Or maybe you want to make someone, such as a supervisor or team member, aware of the email without actually involving them in the exchange. BCC allows you to accomplish these goals without advertising that you are doing it.
Respect for your recipients - Forwarded email messages frequently contain long lists of email addresses that were CC'd by previous senders. These addresses are highly likely to be active and valid, so they are very valuable to spammers. Furthermore, many email-borne viruses harvest email addresses contained in messages you've already received (not just the To: and From: fields, but from the body, too), so those long lists in forwarded messages pose a risk to all the accounts they point to if you get infected.

Many people frequently forward messages to their entire address books using CC. Encourage people who forward messages to you to use BCC so that your email address is less likely to appear in other people's inboxes and be susceptible to being harvested. To avoid becoming part of the problem, in addition to using BCC if you forward messages, take time to remove all existing email addresses within the message. The additional benefit is that the people you're sending the message to will appreciate not having to scroll through large sections of irrelevant information to get to the actual message.

How do you BCC an email message?

Most email clients have the option to BCC listed a few lines below the To: field. However, sometimes it is a separate option that is not listed by default. If you cannot locate it, check the help menu or the software's documentation.

If you want to BCC all recipients and your email client will not send a message without something in the To: field, consider using your own email address in that field. In addition to hiding the identity of other recipients, this option will enable you to confirm that the message was sent successfully.

Authors: Mindi McDowell, Allen Householder

How can you reduce the amount of spam?.

2007-05-07T22:52:00.001-07:00

What is spam?

Spam is the electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses—valid messages from legitimate sources could fall into this category.

How can you reduce the amount of spam?

There are some steps you can take to significantly reduce the amount of spam you receive:

Don't give your email address out arbitrarily - Email addresses have become so common that a space for them is often included on any form that asks for your address—even comment cards at restaurants. It seems harmless, so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request.
Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.
Be aware of options selected by default - When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well.
Use filters - Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs.
Don't follow links in spam messages - Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam.
Disable the automatic downloading of graphics in HTML mail - Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message—when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
Consider opening an additional email account - Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You should also use a secondary account when posting to online bulletin boards, chat rooms, public mailing lists, or USENET so that you can get rid of when it starts filling up with spam.
Don't spam other people - Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request.

Authors: Mindi McDowell, Allen Householder

Good Security Habits.

2007-04-26T02:12:00.001-07:00

How can you minimize the access other people have to your information?

You may be able to easily identify people who could, legitimately or not, gain physical access to your computer—family members, roommates, co-workers, members of a cleaning crew, and maybe others. Identifying the people who could gain remote access to your computer becomes much more difficult. As long as you have a computer and connect it to a network, you are vulnerable to someone or something else accessing or corrupting your information; however, you can develop habits that make it more difficult.

Lock your computer when you are away from it. Even if you only step away from your computer for a few minutes, it's enough time for someone else to destroy or corrupt your information. Locking your computer prevents another person from being able to simply sit down at your computer and access all of your information.
Disconnect your computer from the Internet when you aren't using it. The development of technologies such as DSL and cable modems have made it possible for users to be online all the time, but this convenience comes with risks. The likelihood that attackers or viruses scanning the network for available computers will target your computer becomes much higher if your computer is always connected. Depending on what method you use to connect to the Internet, disconnecting may mean ending a dial-up connection, turning off your computer or modem, or disconnecting cables.
Evaluate your security settings. Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked. It is important to examine the settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of the software, or if you hear of something that might affect your settings, reevaluate your settings to make sure they are still appropriate (see Understanding Patches, Safeguarding Your Data, and Evaluating Your Web Browser's Security Settings for more information).

What other steps can you take?

Sometimes the threats to your information aren't from other people but from natural or technological causes. Although there is no way to control or prevent these problems, you can prepare for them and try to minimize the damage.

Protect your computer against power surges. Aside from providing outlets to plug in your computer and all of its peripherals, some power strips protect your computer against power surges. Many power strips now advertise compensation if they do not effectively protect your computer. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Power strips alone will not protect you from power outages, but there are products that do offer an uninterruptible power supply when there are power surges or outages.
Back up all of your data. Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. You have probably already experienced this at least once— losing one or more files due to an accident, a virus or worm, a natural event, or a problem with your equipment. Regularly backing up your data on a CD or network reduces the stress and other negative consequences that result from losing important information (see Real-World Warnings Keep You Safe Online for more information). Determining how often to back up your data is a personal decision. If you are constantly adding or changing data, you may find weekly backups to be the best alternative; if your content rarely changes, you may decide that your backups do not need to be as frequent. You don't need to back up software that you own on CD-ROM or DVD-ROM—you can reinstall the software from the original media if necessary.

Authors: Mindi McDowell, Allen Householder

Lottery Scam, What It is and how to Avoid It?

2007-04-19T01:55:00.001-07:00

Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago. You can read about it here! And there are many other scams like Lottery, Letter of Credit, money transfer, black money conversion, real estate, fraudulent order and the list goes on and on.

Looking at my daily doze of scam letters, looks like, the lottery scam seams to be gaining popularity among the con artists. This scam is similar to other forward fee schemes, where the goal of the con artist is to persuade an unsuspected victim to send an advance payment for some dubious offers that the swindlers never plan to fulfill.

Email Lottery Scam

The subject of the emails from an unknown source to you will, probably show, something similar to, "Congratulation! You have own a lottery". With minor variations the text in most of these letters is virtually identical.

The letter, usually, claims to be issued by a Lottery Company based in some countries like The Netherlands, Switzerland, England, Canada or the USA.

And then it says that you are one of many people randomly chosen from all over the world to participate in a lottery of a very large sum. You along with some others have won this lottery. You will be asked to contact them immediately to claim your prize money. Most certainly, the letter will also warn you to keep this as a secret and will specify that the offer has a time limit.

If you contact them after receiving this letter; there are number of variation how the thugs will try to swindle you. They are quite imaginative and sometimes very innovative in their endeavors.

In general the idea is - you have to pay a fee before the lottery company can release the amount to you. The pretexts are, usually, an investigation company has to make sure that you are the right person who won the lottery, as a foreigner you have to pay a tax before you can get your prize and there is a processing and handling fee that has to be paid before hand, etc.

Don't think that these dubious offers are only sent by emails. People received them by regular mails, by direct phone calls and even by SMS.

Phone Call Lottery Scam

One fine morning you may receive a call from a person, claiming to be a lawyer from a prestigious law farm, and will tell you that you have won a foreign lottery; that a processing fee is due before the prize money can be released to you. The seniors are most likely to be the victims of these telemarketers. If you are located in the USA, most likely, the person will introduce himself as a Canadian lawyer and will inform you as if you have won a Canadian Provincial Lottery.

Lottery Scam by SMS

You may even receive a SMS message advising that you have won a foreign lottery. You will be instructed to log onto a website and enter a login and password, which would be provided to you in the message. The site will have the same look and feel of a legitimate lottery site, but in fact, it is a copy site created by the scammers. The URL address will have a very minor, virtually, unnoticeable difference. Once you log in and see for yourself that you have really own the lottery, you will be asked to forward a gaming tax of US $100 to US $500 before you claim your prize.

How to identify these scams and avoid being conned?

The number one motto that you should follow is - if it is too good to be true, then probably, it is indeed too good to be true! There is no way you can win a lottery, in what you have never participated!

The followings are the signs of probable scam offers, you will be better off if you avoid them scrupulously:

Any offer, where you have to send cash upfront to redeem you prize.

Any offer of a substantial percentage of a large sum of money to be transferred into your account, in return for your "discretion" or "confidentiality";

Requests for signed and stamped, blank letterhead or invoices, or for bank account information;

Requests for payment in advance of transfer taxes or other fees; Statements that your name was provided to the soliciting party either by someone you do not know or by "a very reliable contact;"

Unsolicited calls asking if you would like to be in a "Lottery pool";

Mail notifying you that you have already won a substantial sum of money.

Nowshade Kabir is the founder, primary developer and present CEO of Rusbiz.com - a Global B2B Exchange with solutions to create e-catalog, Web store, business process management and other features to run a business online. You can read various articles written by Nowshade Kabir at http://ezine.rusbiz.com.

A High Tech Identity Theft With A Low Tech Solution.

2007-04-19T01:54:00.001-07:00

Have you ever got an email asking you to confirm your account information from a bank or a company that you have never done business with? The email looks official and it even has a link that appears to take you to the company's website. The email you have received is actually from an identity thief. These crooks are hoping people that have an account with the business will click on the link and submit their account information for verification purposes. These thieves are phishing for account information. Phishing is a sophisticated way to lure you to phony websites where you voluntarily surrender your passwords and account information to identity thieves without realizing it.

These types of emails often threaten you. You must take action within a limited time or the consequences will be dire. Some AOL customers received a phishing email stating if they did not verify their account information within 24 hours, their service would be terminated. Other phishing emails will state your account has been flagged or has a problem and the account information needs to be verified. We received an email for Pay Pal that stated our account had been flagged and we needed to verify our account information. The identity thieve was lucky. We do have an account with Pay Pal. We open the email and it appeared to be an email from Pay Pal. We click on the link and it took us to https://www.paypal.ae.com. The site looked Pay Pal's website. The web page was asking for our account information for verification purposes. We knew right away it was a phony because our Pay Pal account was opened with another email address. This particular site has been shut down, but doesn't mean the identity thieve was caught. You could receive a phishing email from the same thieve tomorrow. What can you do to avoid such a trap?

First, realize reputable companies will never send you an email asking you to confirm your account information. The email will look authentic and this may cause you some concern. If this is the case, you can always call the company and ask about your account. An alternative to calling is checking your account online. Do not click on the link in the email. Log completely out of your email and open another window and type in the company's web address to verify your account.

You're probably thinking why would you want go to the trouble to close your email and open another browser window. The link in the email is a cloaked redirection link that will take you to another website that is not associated with the company. A cloak link will show you the correct web address when you move your mouse over it. If you do click on that link, the web address, or URL, will be similar to the company's address, but it will not match exactly. The website will look just like just like you expect it too look. The web page will ask for your account information. You're just one click away from submitting your account information to the identity thieve. We went to the actual Pay Pal website and, sure enough, our account was ok.

Identity thieve have been known to attach a file to a phishing email. The attachment contain a program to transmit your personal information on your hard drive to the identity thieve. You will never know the program has been installed on your computer. Never open an email attachment unless you specifically requested it and are expecting an email with an attachment. The phishing email may be from someone you know. His or her computer could be infected with a virus that sends email to everyone in his or her address book. Delete the emails with attachments without opening the email.

Finally, if you get an email that is phishing for your information, forward it to spam@uce.gov. If you know how open the email headers, cut and past that information into the email to help the FCC track down these identity thieves.

George Burks of http://www.mybiweeklymortgagepayment.com has offered a biweekly mortgage payment plan with no enrollment fees since 1999. His interest in financial topics is varied and includes identity protection. Please visit our financial library.

Avoiding the Spam Trap: Get Your Message Delivered!

2007-03-05T02:22:00.001-08:00

Your message is not being delivered.

If you send emails to your customers, I have some bad news for you. Not all of your emails are making it to your intended recipients. Between ISP spam filters, spam-blocking email servers, spam-killing email software, and email content filtering everywhere in between, the chances are high that your messages just aren't making it past all of these roadblocks.

Recent studies show that opt-in subscriptions are erroneously spam blocked at rates of 17% (according to Return Path) to 38% (according to Mail.com). So, 17% to 38% of the e-mail you send to people who want it or even pay for it in many cases, does not reach them. Just by choosing the wrong words or phrases, or sending the wrong type of attachment, your email can become a "false positive", and end up filed into some garbage bin where it gets mixed up with various offers to increase the size of some random body part -- never again to be seen.

These false positives can occur even if the intended recipient is very interested in receiving your message, even if their life (or livelihood) depends upon receiving that message. Even if automated spam filters don't destroy your message, as in-boxes fill up with more and more garbage, it's becoming common for people to simply overlook wanted mail and inadvertently delete it.

It's only going to get worse.

When the new federal law dubbed "The CAN-SPAM Act of 2003" (Controlling the Assault of Non-Solicited Pornography and Marketing) was passed in December, many were startled and confused by the apparent legalization of spam. Now, as long as an emailer complies with the law regarding header falsification, misleading titles, and opt-out procedures, it would seem that marketing through spam has become legitimate!

The CAN-SPAM law only restricts the legality and processes involved in sending Unsolicited Commercial Email (UCE). There is no implied responsibility on behalf of any provider to guarantee delivery of all messages. In fact, ISPs are given the right to filter and block email any way they deem necessary according to their policies. The law doesn't burden ISPs to discriminate whether the email was permission-based or unsolicited. They can block incoming bulk email simply on the basis of a single complaint.

And if that wasn't bad enough, the CAN-SPAM Act suggests a bounty of 20% or more of fines collected go to the people who turn in spammers. As more "offenders" are reported, more ISPs are blacklisted, and the more likely your message will end up vaporized long before it hits home.

So now, with more and more marketing efforts involving purchased and shared opt-in lists, more and more companies able to legally spam, and more and more Unsolicited Commercial E-Mail floating around on the internet, there is bound to be a reaction, and that reaction is sure to be quite strong. Following the Red Queen Principle, as spammers continue to find a means to push out spam -- ISPs, hosts, and email packages will continue to improve their defenses, as well, blocking more mail than ever before.

Has E-mail Come to an End?

No one could have imagined that things would get this bad. Spammers and virus authors are rapidly crippling email. Even though e-mail was once dubbed the "killer app" of the Internet, some doomsayers are going so far that viruses, spam, and spam filters are joining forces to bring about the death of email. The theory is that, eventually, inboxes will become so full of unwanted garbage emails, and so many desired messages will be deleted along the way, that email will become useless.

Some e-mail publishers are considering giving up on e-mail altogether and finding other ways to deliver their message. While this may sound pretty extreme, the spam wars are an extreme situation. And extreme situations call for drastic measures...

RSS to the Rescue

One such alternative is RSS, which stands for either Really Simple Syndication, or Rich Site Summary, depending upon with whom you're speaking. A primary reason that RSS is a viable alternative is that since readers select their RSS Feeds, spam is no longer an issue. This is because RSS works a little bit differently than email, using pull, instead of push, technology.

By notifying people interested in your content, as well as web sites that collect and package content announcements (called aggregators), you "feed" them your content. From this process we get the term "RSS feed." By providing an RSS feed, another site may pick up your "news" through your feed and syndicate it. Only the feed publisher can designate what information gets into the feed, and the only information the subscriber pulls down is what the publisher puts there.

If email continues on its self-destruct course, RSS could very well become the new standard, either replacing email subscriptions or, more likely, as an email supplement.

What are RSS Feeds?

An RSS feed is a Web-accessible XML file containing a listing of web pages with related news or information. RSS is basically a stream of raw data: content completely separated from presentation. The XML-based RSS feed contains content information, such as the headline, description, an excerpt, and the URL where the subscriber can find the content in its entirety. Once uploaded to a website, the RSS feed should be validated for completeness and accuracy. Once it is validated, the feed can then be submitted to engines.

A sample feed can be seen at: http://www.EnvisionSoftware.com/Articles/Index.xml

Consuming the Syndicated RSS Feed

Individual subscribers can view RSS feeds in special feed reader software, called a news reader. Additionally, webmasters can syndicate your news feeds to their website using an aggregator. Both aggregators and news readers consume RSS feeds, presenting them in a format for use by humans in pretty much the same way Web browsers work with web pages.

To subscribe to a newsfeed, the subscriber tells their feed reader to periodically poll a certain site's RSS feed file, pasting the URL for the RSS feed into their feed reader, much like bookmarking a page in your Web browser.

Then, to read the news, the feed reader visits the subscribed feeds, grabs the latest information, and displays a sorted list of the latest headlines from each source. Sometimes the reader will show brief descriptions of the content, but it always links to the full content on the publisher's site.

Not quite ready for prime time

Even though it's been around for a decade, RSS technology is still in its infancy. This immaturity presents a few challenges.

The biggest issue today is that mainstream web and e-mail clients do not yet support RSS feeds. Expect to see some movement in this direction as the RSS movement swells.

There are lots of freestanding news readers out there, and they each have their unique shortcomings. Over the next year or two, RSS software should improve significantly and RSS will become a more robust publishing platform.

RSS usage and news aggregator adoption is still very limited. So, RSS will not be a complete solution without greater subscriber participation.

RSS is text-only. Attractive layout and graphics cannot make up for poor quality content in the world of news feeds.

The RSS Business Model

Content publishers need to determine how to make RSS content distribution profitable. Just as there are paid e-mail newsletters, there can be paid RSS news feeds. It's just another file that resides on a web server, so it can be served from a password protected web site. However, with a paid RSS newsfeed, readership is reduced, as subscribers are limited to using RSS aggregators or news readers which support authentication.

While content publishers may be afraid of RSS, the business model of e-mail publishing doesn't really change using RSS. Readers still see the same content, with the same design, layout, and ads in an HTML newsletter. The trick is to have content which strikes the reader's fancy -- headlines and descriptions have to be worthy of clicking on, before the readers will see the full content.

What Does The Future Hold for RSS?

RSS has gained quick acceptance in certain circles such as small technology companies, innovative consulting organizations, and self-publishers. Even Microsoft has started publishing RSS feeds without attempting to strong-arm themselves into a dominant position, thus far.

AOL's upcoming AOL 10 software will support RSS technology. Microsoft will most likely support RSS in Outlook and Outlook Express, similar to its current support for newsgroups. Additionally, web hosting tools like Geocities offer tools to syndicate RSS feeds.

It may take some time, however, for RSS to gain momentum in the IT departments of midsize-to-large companies, which are typically slower to adopt nascent technologies like RSS.

Should you consider RSS for your publication?

While RSS may not be an immediate replacement for the email newsletter, it will become a powerful choice in corporate and personal communication in the very near future. Once the big guys adopt RSS as a content sharing and distribution medium, it will gain greater acceptance. The benefits of RSS will be widespread, and full-featured RSS news readers will be prevalent.

Moving your subscriber base from e-mail newsletters to RSS feeds might be a tall order at this juncture. For now, it's up to publishers to sell readers on the RSS concept, and explain how it alleviates the pain of spam.

Whether you decide to convert to RSS full force or simply offer RSS as an alternative for your subscribers, it's important to realize that e-mail is starting to lose its luster, and now is a very good time to include RSS in your publishing repertoire.

About The Author

Daiv Russell is a Software Engineering Strategist with Envision Software, a software project management and development outsourcing company committed to helping information technology organizations solve problems, increase revenues, and reduce costs by guiding software development teams through project management chaos. Envision publishes Luminary, a monthly software project management newsletter.

DRussell@EnvisionSoftware.com

Three Faces of SPAM.

2007-03-05T02:21:00.001-08:00

Like everybody who will ever read this, I get spam in my e-mail. Mine seems to fall into one of three categories. The first is the Nigerian scam about helping some poor, pathetic soul collect megabucks, supposedly from someone who has died and left a fortune. I'm not sure what is worse: that there are people desperate enough to believe those messages, or that there are people despicable enough to prey on the desperate. The net result is the despicable con the desperate into sending money which the desperate will never see again.

The second type comes from people who sound innocent enough. They have a product or a business or a service or something else that is perfectly legitimate. They surf the web, find one of my sites, find the "contact us" link, and send me information about whatever they have to offer. I suppose, in their minds, it isn't any different than walking down the street or going through the telephone book writing down addresses, and then sending out bulk business mail with the same offer. They could get the same information for more money and less time by buying a mailing list. THAT is perfectly legitimate. Harvesting e-mail addresses off of web sites is NOT. Spam is officially defined as "unsolicited commercial electronic mail." The key word is "unsolicited." If I didn't ask for it and you send it anyway, it is unsolicited. When people harvest e-mail addresses off of web sites and then send commercial messages, that, by definition, is spam. I report them to my ISP and you should, too.

The third type isn't so innocent. These people, like the second type of people already discussed, surf the web, find sites, and harvest the e-mail addresses from the "contact us" link. Instead of starting out by sending you what they have to offer, they get devious, sneaky, and just plain under-handed. They send you a message asking for more information about whatever you have to offer on your site. When you graciously respond, it turns out they couldn't care less about what you have to offer. The ONLY thing they want is to confirm your e-mail address so they can start to dump offers on you, hoping you will buy something from them. Nasty trick.

Let me give you an example from one that once came across my screen. It seemed to be from a nice lady with homey graphics and nice colors in her e-mail. If my memory serves me well, she even stated that she was disabled and looking for ways to earn a living off the internet. In my mind, that's a hard combination to resist. A great deal of effort was put into this to make it sound as if she had built an internet community around her site and services. Maybe she did; I don't know. Anyway, I was na๏ve enough to respond with the information she had requested. Soon solicitations for this, that, and whatever business offer, etc. began arriving in my inbox. I finally put two and two together and realized that they were from her, but I was still reluctant to report it as spam, so her messages went quietly into the trash. I mean, she seemed SO NICE! Then I got this huffy message, apparently broadcast to her entire mailing list, about how if people didn't want to receive her messages, why didn't they just unsubscribe, etc. It seems quite a few people had reported her as a spammer and she was getting into trouble. It was time for me to respond, so I told her, bluntly, that what she was sending out WAS spam. It was unsolicited. I never signed up to be on her mailing list, and no doubt the people who had reported her never signed up to be on her mailing list, either. I only responded to a request FROM HER for information and that in no way implied that I wanted to be on her mailing list or that I wanted to receive her offers. She must have gotten the message because I have received nothing else from her.

So how about you? Are guilty of sending out e-mail to people who did not specifically request to receive offers from you or about a business that you represent? If you go around looking for e-mail addresses to harvest for your own purposes, you are guilty of sending SPAM. Instead, post your offers on your web site and market them legitimately. It's the right thing to do. When people fill out your form, they are giving you permission to send them information. Keep a record so you can defend yourself if they ever forget what they did.

If you are on the receiving end of unsolicited offers, go ahead and report them as spam. Don't feel guilty; you are not the guilty party. Just make sure you really didn't sign up for a newsletter or something and then forgot! It is sooooooooooooooo not cool to report spam that really isn't!

Sandi Moses has been involved in internet marketing since November, 2003. Visit her sites at http://www.123iwork4me.com http://www.123-home-based-business-works-4-me.com

Remove Rogue Desktop Icons Created By Spyware.

2007-02-21T22:11:00.001-08:00

If you have used a Windows machine for a while, whether it's Windows XP, Windows 2000 you're sure to have noticed desktop icons appearing from out of nowhere. How can icons mysteriously emerge on your Windows desktop?

1. When you buy a computer, many vendors place icons to selected products and services on your desktop, such as links to high-speed Internet Service Providers (ISPs) or add-on services vendors think you may need.

2. As you install software on your Windows machine, icons may appear, either to start the application or link to the manufacturer's website. Installing just one program could add three or more icons to your desktop!

3. It's easy to accidentally drag a Favorite, bookmark, text file, or other icon to your desktop, creating an icon.

Normally, it's easy to delete Windows desktop icons. Just place your mouse pointer on the offending icon, then right-click it and choose "Delete", clicking "Yes" to confirm if prompted.

However, what if the rogue icons are for adult websites, unfamiliar search engines, or other websites you don't recall visiting? You may try removing these icons but get an error, or after removal they still reappear again and again and again!

If so, then more than likely spyware, adware, or other malware has infected your machine. It may have been through file trading software, an inadvertent "yes" click when a popup window asked you to install software, 'freeware' that included adware, or other means. To remove the rogue icons, you need to remove the malware creating these icons.

Removing spyware and adware can be a time-consuming process, fraught with potential disaster as it is possible to accidentally remove files that render your operating system unusable. However, the following software products can help with this process as long as you read the instructions carefully, make backups, and get expert advice if you're not completely sure about removing what they ask you to do:

* Ad-Aware: http://www.lavasoft.com/

* Microsoft Windows AntiSpyware: http://www.microsoft.com/athome/security/spyware/software/

* Pest Patrol: http://www.pestpatrol.com/

* Spybot Search and Destroy: http://safer-networking.org/

* Spy Sweeper: http://www.webroot.com/

So, how can you prevent these icons from appearing in the first place? Practice safe computing.

* Backup your machine. If it does get infected to the point of being unusable, at least you won't lose all your important files.

* Install security-related operating system updates so spyware and adware cannot enter your system through well-known exploits.

* Download or buy a virus scanner, and keep it updated! Virus scanners cannot detect all spyware, but it doesn't hurt to have one. Check online or visit your local computer software store.

* Purchase a hardware or software firewall, and keep it updated! Firewalls help protect your computer from common exploits that spyware or adware can use to infect your machine.

* Consider using a different web browser. Though it is not perfect, Mozilla Firefox is currently less susceptible to spyware than Internet Explorer, mainly because it lacks certain technology (such as ActiveX) that is often exploited by malware writers. Note that depending on your web use, certain websites may not work correctly with other web browsers.

By practicing safe computing and using spyware-removal software, you can help remove rogue desktop icons from your desktop and keep others from appearing.

Andrew Malek is the owner of the MalekTips computer and technology help site. Visit his anti-spyware page for more advice on removing adware, spyware, and other malware.

How to Manage Your Username and Password The Easy and Secure Way.

2007-02-21T22:10:00.001-08:00

Have been an Internet user for more than 9 years, I have 100's of logins and passwords to keep. I'm paranoid. I'm now even more paranoid after I joined YMMSS because I use online payment systems on weekly basis if not daily.

I used to use Microsoft Excel to manage my usernames, passwords, and other registration information, both online and offline. Excel is not safe because there are programs to crack password protected Excel workbooks and I even cracked the spreadsheet and VBA source code password for one of my old Excel financial models I developed. Today I still use Excel to store some personal information but I only save the Excel file on my another PC that is not connected to Internet.

In my article "6 Essential Steps to Protect Your Computer On the Internet", I highly recommended the award winning RoboForm. Free version of RoboForm (http://www.roboform.com) does come with limitations such as 10 Passcards only. If you don't want to buy the Pro version (costs $29.99 as of my writing), there is an easy-to-use freeware (see below) you can download right now and manage unlimited usernames and passwords.

Download freeware Password Safe from SourceForge.net - the Open Source community.

https://sourceforge.net/projects/passwordsafe/

Here are some great features of Password Safe:

- No installation is required. Simply download and double click the pwsafe.exe file.

- Easy portable. Just copy and paste the EXE file and .dat database file to any disks. Be aware that when you open Password Safe in the other disk, you need to specify the database file location (the .dat file).

- One master password unlocks an entire password database that can contain all your other passwords.

- Grouping. Usernames and passwords can be grouped into different categories you define, eg. Email Address, Payment, etc. You are in total control.

- Strong, random password generation.

- Copy username and password to clipboard so that you don't have to type them. Always keep in mind that you should never type any username and password.

- Browse to URL. With one click, the URL related to your username and password can be opened in your default web browser. Another save on typing.

- You can create more than one password database (but you have to memorize more than one master password. Not recommended.)

Here are some tips of using Password Safe (version 2.04) and managing password in general.

Tip #1 - Always create a strong master password (Safe Combination as used in the software).

Strong password should meet the following criteria:

- At least 8 characters long to prevent cracking. The longer the better.

- The password should contain lowercase, uppercase, numeric, and any other characters that are available on keyboard.

- Ideally you should not use any meaningful words or numbers in the password. Totally random password is the best.

Tip #2 - Let PasswordSafe generate random password for you.

To generate random password:

- Click the menu item Edit.

- Select Add Entry (or use corresponding icon button).

- When the dialogue window opens, on the right hand side, you can see a Random Password Generate button. Click it, a random password will be automatically inserted in the Password field.

The generated random password is constructed according to the password policy defined in Password Safe. You can modify the default policy.

- Click the menu item Manage. - In the dropdown menu, click Options. - Click the Password Policy tab. - Change the policy based on the strong password criteria stated above.

Some sites only allow alphanumeric passwords so make sure you select the appropriate check boxes when this is the case.

Tip #3 - Very Important: Never type your master password when open PasswordSafe.

Keylogger spyware can record keystrokes.

How can you enter master password without typing? I do this.

Step 1: Open a Notepad file (.txt).

Step 2: Copy and paste an article from any Internet website to this .txt file.

Step 3: Select characters from this article and copy, paste to form your master password.

Tip #4 - Very Important: Never lose your master password.

I memorize my master password. In addition, I also physically write it down to a hand written study material that has my previous uni works. Among the 1,000's of words, I placed my 22 characters master password in two different pages in encrypted format that can let me derive my master password.

Tip #5 - Categorize username and password.

When you add a new entry, you need to specify Group, Title, Username, Password, and Notes. The entries that share the same Group name will be gathered together automatically.

One Group can contain another Group as its sub Group. For example, I have Email Address group which contains three sub-groups as Friend, Work, Family.

Tip #6 - For security reasons, always use Copy Username to Clipboard and Copy Password to Clipboard.

Remember, never type username and password on a web form. This is how to do it.

- Highlight an entry.

- Right click mouse.

- In the pop-up menu, select Copy Username to Clipboard or Copy Password to Clipboard

- Go to your login form, paste the username or password.

You can use mouse to do copy and paste. If you prefer short-cut keys, this is how.

Copy: Ctrl+C Paste: Ctrl+V

Tip #7 - Use "Browse to URL" rather than typing URL in browser address bar.

When you enter a new entry or edit an existing one, you can enter a URL (must start with http://) at the first line in the Notes field. You can save website login page's URL in this field. When you need to open a login page in browser, right click the entry and click Browse to URL in the pop-up menu. Then the login page will be opened in your default web browser automatically.

Tip #8 - Don't forget to backup your password database file.

Use the Make Backup menu item to save a second copy of your password file.

Tip #9 - Store your backups in a different offline computer or location.

This is a widely used backup strategy.

Tip #10 - Use the Notes field to store as many information as you want. Very handy for memo.

If you don't have two computers, you need to use other storage media to save a second copy of your backup file and version them by date (easy to track back). Other storage media can be zip drive, thumb drive, floppy disk, CD, etc.

Off site backups are also important. Don't overlook this. You lose all your data if you lose both your computer and your other storage media all together for any reason.

Many companies provide online storage services for a fee. You can store any digital files (you should password protect these files first) on their secure servers. Search Google and you will find a lot.

I have two computers. One is used to surf net and it does not have any sensitive info stored on it. Another one is for my development work (not connected to Internet) and it has my backup files. I also store my backups in a thumb drive and CDs sometimes.

The author, Jerry Yu, is an experienced internet marketer and web developer. He is a proud member of YMMSS. Visit his site Get Paid Full Time Income By Reading Ads Online - YMMSS for FREE "how-to" step-by-step action guide to kick start a successful online business, tips, knowledge base articles, and more.

Top 10 Ways to Get Spyware or Viruses on Your Computer.

2007-02-21T00:13:00.001-08:00

If you use the internet, you have probably been infected with a virus, trojan or spyware. According to the SANS Internet Storm Center, the average unprotected PC is infected within 20 minutes of normal internet usage. Many people want to know what they did to get infected. Unfortunately, usually it was just one wrong click.

Here are the top reasons people get infected and how to prevent these common internet security threats.

10. Exchanging files in chat rooms.
You should never download files from sources you don't trust. Viruses and other internet security threats can look like valid files or photos. Always scan files with a virus scanner before opening them.

9. Clicking on popup ads.
If you're like most people, you probably don't like popup ads. But whether you like them or not, you should never click on them. Popup ads can take you to a website that secretly downloads adware onto your computer. Enabling a popup blocker on your computer can help protect you. Some popups come from adware programs that have downloaded onto your computer, so if you still see popups after installing a popup blocker, scan your computer for spyware or adware.

8. Email attachments.
Viruses can be sent out as email attachments to infect your computer if you open them. If you download your email into an email program, scan all email attachments with a virus scanner. Most major webmail programs scan attachments before you download them, but you should still not download files from unknown sources. "Phishing" email, claiming to be from your bank or other financial institution which asks you to provide personal information or download something to your computer is another common email threat.

7. Instant messaging.
Because people are cautious with email attachments, new viruses are spreading through instant messaging programs. Infections look like valid files or photos, so always be careful accepting file transfers, even from sources you trust.

6. Downloading music.
Many websites that advertise free music downloads are loaded with spyware. You can even get spyware from these websites without manually starting a download. Other sites make you accept a spyware download to get the music you want.

5. Browsing websites.
Some websites use "drive-by downloads" - misleading dialogue boxes to secretly install spyware programs. Sometimes spyware can install even if you do not choose "yes" or "accept". Keep your browser security settings on default to protect yourself against these infections.

4. Installing free programs or screen savers.
Check the license agreement of any program you install to confirm it does not come bundled with other programs. License agreements are supposed to explain if the software you are downloading will cause advertisements or other downloads. These programs may have long or confusing license agreements where they have buried this information. Always carefully read what you agree to before you download free software.

3. Adult-related websites.
Many of these sites make a profit by forcing viewers to download spyware and adware to access their site. You may not be able to view these sites if you are using a secure browser or have your security settings too high.

2. P2P programs like Kazaa or Limewire.
If you share music using peer-to-peer networks, you may be forced to download advertising software onto your computer. This software can generate popups from within your computer. In these cases, you may see popups even if you are not online.

1. Gaming websites.
It may seem that viewing spoilers for online games will let you win faster, but it can slow down your computer with spyware. Mick Lathrop, part of StopSign's Spyware Research team says, "I get most of my spyware samples from gaming-related websites." Avoid any site that requires a software download to access information.

Even if you have an anti-virus product on your computer, confirm that it protects against the growing threat of spyware. Enable a popup blocker and firewall for further protection. Using safe browsing habits and good security software can keep you safe on the internet.

Marla Porter is part of the Product Development Team at eAcceleration Corp., the makers of StopSign anti-virus and spyware remover. StopSign detects and removes viruses, trojans, spyware, worms, keyloggers and browser hijackers. Learn more about StopSign at http://www.stopsign.com. StopSign is a product of eAcceleration Corp: http://www.eacceleration.com.

Tips For Stopping SPAM.

2007-02-20T01:59:00.001-08:00

If you are buried in SPAM then you're not alone. It's been suggested that as much as 50% to 75% of the e-mail traffic on any given day is SPAM. Reading through SPAM is a waste of your time and it subjects you to potential viruses, trojan horses, and sexual material which can be quite offensive. Here are some tips on how to win the SPAM war:

1. Use a throwaway email address when posting to public news groups and chat rooms and for your Yahoo or MS Messenger Chat accounts. You can get free email addresses at Yahoo, HotMail and other places. Use your personal ISP-provided email address only to communicate with trusted sources. If you are an AOL user then set up an additional email account to use for public posting purposes. When your free or spare email account starts getting abused just close it and open another.

2. Take the time to set up different email addresses for different purposes. Have one for business communications, another for personal and another one for shopping online. That way you can avoid the risk of exposing one e-mail address to all of your contacts.

3. If you own your own web site then the chances are that your hosting account comes with the ability to create new e-mail addresses on the fly. These are addresses that will automatically forward to your main address. If you have that capability then use a unique address for each web site or mailing list that you choose to join. For example, if your site name is abc.com and you decide to join the mailing list located at xyz.com, you would join using the address xyz@abc.com. If you start getting SPAM to this address then you know that the people who run xyz.com are responsible. You can complain to them and their ISP and you can easily delete that email address.

4. Don't list your email address on your own web site in plain html or as a link to a contact form. Spammers use automated robots to capture these addresses and add them to SPAM databases. Instead use an email cloaking script whenever you need to show your email address. You can search at Google.com using the phrase "email cloaking" and come up with a lot of options. Just pick the one that works best for your particular needs.

5. Do not buy anything from a company that sends you SPAM. Not only might the company or offer be a scam but you are jumping right into the fire by letting spammers know that your email address is active and that you buy from spammers. Your address will be sold to thousands of other spammers.

6. Never reply to a spammer or click the "remove my address" link. That only lets them know that your address is good.

7. If your email service or email client comes with SPAM filters use them.

8. You might want to think about subscribing to a SPAM prevention service. Search on Google.com for "SPAM prevention service" and review your options.

Following these simple tips could cut your SPAM down by as much as 90%. Wouldn't that be great!

Copyright ฉ 2004 Cavyl Stewart. Discover 52 Ways To Do More With Software by signing up for my exclusive Free ecourse. Get resources, tips, reviews and recommendations you can use right now to help you achieve more, easier, and cheaper! 100% Original content. Visit: http://www.find-small-business-software.com/52ways.html

Protecting Yourself With A Porn Filter.

2007-02-20T01:58:00.001-08:00

The harmful affects of pornography use and addiction are well documented by science. As with most things in life, prevention is the most effective way to avoid ever having a problem with pornography.

The internet is a wonderful place to access information, read updated news, and connect with people from all over the globe. Unfortunately, pornography on the internet is everywhere, and it isn't always easy to avoid. Even people taking responsible measures to keep porn off of their computer screens can stumble across it sometimes. The tips found in this article will help you protect yourself and your family online from inappropriate pictures and text.

Take measures to filter spam. Spammers can make money if only one person of the thousands of people they send sexually explicit emails to clicks on their ad and pays for their service. Do everything you can to keep those emails from ever reaching your inbox. If you have allowed your children to have their own email accounts, filtering spam is the best way to ensure inappropriate images never become accessible to them through email. A quick list of things you can do to eliminate spam includes:

Only give your email address out to people you know and trust. Do not put your personal email address down for every mailing list or website that asks for it. Many free email services exist now - set up a free account with one of them and use that to sign up for mailing lists.

Never click on any links in spam and if at all possible, avoid ever opening the email. Both of these actions confirms to spammers that you actively use your email account and you will likely start to receive more spam.

Purchase and use a spam filter. Many come packaged with a porn filter as well as other features that will help keep inappropriate content off of your computer screen.

Be careful what you download. This should be a universal precaution you take by now each and every time you download something off the internet. Viruses, spyware, and pornography can very easily be hidden in the files that you download - prevention in this case is much easier than fixing the problem after the files have already made their way onto your hard drive. Only download files from sources that you trust, and if you ever have a question as to whether something contains a virus or pornography, do NOT download it.

Use a search engine to find websites. Pornographers use domain names that are similar to popular websites or brands in hopes that people will type in the address incorrectly and end up at their pornography site. I knew a child that wanted to look up codes for his favorite video game, so he typed in the name of the game and ".com." He had the presence of mind to close the browser and tell his parents, but was still exposed to the material.

One of the best ways to avoid this is searching for the address in Google. Then you can preview the results in a text-only format before clicking on the link to go to the page. Many of the popular search engines have a built-in porn filter that you can adjust to control the type of content you don't want to appear in the search results. Others even offer "for kids" versions of their search engines that only return pages deemed appropriate for children.

Use filtering software that includes a porn filter. No matter how careful you are about the sites you visit, chances are good that someday you will accidentally come across a porn site. A porn filter will help ensure that inappropriate material is blocked when you or someone in your family stumbles across a pornographic website. The parents of the boy who stumbled across pornography while looking for his favorite Nintendo game quickly installed a porn filter to make sure their son was protected in the future.

Avoid pornography offline. Porn was around long before the internet. Carry around your own internal porn filter and avoid places that you know will have inappropriate images, movies, or books displayed. If your children are with you, be extra cautious of where they are in the store. If you think there is a chance that they may be able to access inappropriate material while you are shopping, let the store manager know of your concerns. Likely, you are not the only one who is worried about the issue, and real changes can come about from one person simply speaking up.

Take the appropriate precautions now to avoid pornography. If you or someone you know has a problem with pornography use or addiction, seek professional help. Pornography problems not only affect the individual viewing the picture but everyone who interacts with that person.

Nick Smith is a client account specialist with 10x Marketing - More Visitors. More Buyers. More Revenue. For a porn filter and more information about protecting your family online, visit ContentWatch, Inc.

The Tasteless Internet Meat of Criminals.

2007-02-20T01:57:00.001-08:00

Spam. You've all heard of the crazy pink meat in a can, but what's it got to do with the Internet? Well, it's also the namesake for a major problem in the World Wide Web-unsolicited junk email. Problem! We're talking serious pain in the butt both as a waster of time, space, and money. It is estimated that around half of all email received on the Internet is this sneaky illegal attempt at selling fake consumer goods, pornography, and a whole plethora of 'helpful' services. It's taking up half of all email on the Earth, and it's costing businesses' billions in wasted time, as well as filling personal email accounts to the limit so important messages aren't received. It seems everywhere there's a leap in technology for humanity, there's also a group of people who want to stretch the realm of criminal activity to another level.

The good news is that as it's such a prominent problem, the 'good guys' have made it a main priority on their 'To do' lists. Software has been created to block Spam and is being updated constantly. Recently Bill Gates, richest human on Earth and self-made mogul of software masters' Microsoft spoke of his aim to eliminate Spam by the year 2006. Obviously a lot of people would be quite appreciative if they could achieve this goal.

Supposedly most of the billions of junk emails originate from about 200 people who are intelligent enough to cover their tracks. They have multiple ways of finding out email addresses and then sending thousands upon thousands of unwanted messages to you and I. It usually costs them next to nil so if even one low-quality product sells they receive a profit. That's why they do it; just another greed-induced means of getting rich quick without working for it like the rest of us.

Well, there's a couple main ways of dealing with the Spam dilemma. The main one, and most easy, is to just delete the messages or empty your folder (after moving desired messages to another folder) straight off the server without downloading or 'looking' at the messages. This gives the 'evil' sender the knowledge that you're not reading the mail and therefore the traffic you receive goes down dramatically.

Another way to block the Spam is to use software like Magic Mail Monitor (http://mmm3.sourceforge.net/) or Mailwasher (http://www.mailwasher.net/), which work well at destroying the unwanted, pink, tasteless, unworldly email meat by showing you the mail straight from the server without downloading it.

So, show the criminals you're aware and not ignorant and take the first steps to bringing the Spam Empire down. Protect yourself and eventually the Spam will go where all filth is destined, into the trash.

About The Author

This article is written by Mr.Jesse S.Somer who writes for M6.net.

Internet Shopping - How Safe Is It?

2007-02-20T01:34:00.001-08:00

Millions of people make purchases online, but many people are still wary. They fear the unknown and have many doubts and questions about who they are dealing with. They are afraid of being scammed, and rightfully so. Online shopping can be a completely safe and rewarding experience provided you are dealing with a legitimate, reputable retailer. But how do you know if they are legitimate??? Here lies the "fear of the unknown."

Well, as with anything in life, there are precautions to take, questions you should ask yourself, and signs to look out for. Provided you are careful with who you decide to purchase from, online shopping can be a very convenient and pleasurable experience.

Important Safety Precautions:

Take a good look around the website. Make sure you read their Privacy Policy. A privacy policy let's you know the procedures and methods they have in place to secure your personal information. Find the answers to these questions...Do they share your information with others? Some companies sell or distribute your information to other companies. You may wind up on everybody's mailing list. Do they have security measures in place to protect your information (i.e. SSL)? SSL is the abbreviation for Secured Socket Layer. SSL is security software that encrypts information transmitted between browsers. What this means in layman's terms is that your personal information such as name, address, credit card number, etc. is coded or scrambled so that anyone who may try to intercept this information as it is transmitting cannot read it. But don't just rely on them telling you that their site is secure, check for yourself. You will know when you are in a secure browser by looking at the bottom browser bar on your computer (lower right). If the browser is secure, you will see a security lock image. Also check the web address in your top browser bar. Secure web addresses begin with "https" whereas, non-secure pages begin with "http."

Setting up accounts with online stores is quite common. However, many people are leery of this because they don't understand why it is sometimes necessary. Generally, the only information you are providing is your name, address, email address, and sometimes your phone number. This is all necessary information that the store needs in order to ship your order or contact you regarding your order. Setting up an account with the retailer usually provides you with additional such as tracking the status of your order. On the other hand, if the account set-up asks for more than just your basic contact information, then you may not want to proceed. You should not be required to provide your social security number, bank account number, or birthdate. This information is much more personal and should not be necessary to have an order shipped.

Read the shipping and returns policies before making a purchase. Make sure you feel comfortable with them. Find answers to these questions...What is their shipping timeframe? Is it within a reasonable amount of time? Will they notify you if it will take longer than anticipated? What choices will you have then? Do they allow returns? Are there restrictions on what items you can return and explanations as to why? Do they make sense?

Don't make huge purchases right off the bat. Make a small, low cost purchase with the company and consider it a low-risk test of their credibility. This allows the retailer a chance to prove themselves worthy of your business, but limits the monetary risk you are taking. Should all go well, you can make a larger purchase in the future with peace of mind, now knowing that this is a legitimate business.

There are many advantages to purchasing online and as long as you are careful with who you choose to deal with you can reap the rewards.

Here are some of the benefits:

Convenience: Why fight the crowds in the stores, especially during the holidays, when you can sit at home on your computer and shop. And price comparisons are just a click away when shopping on the internet. There's no need to fight traffic running from store to store looking for the "best deal." You can have your purchase delivered to your doorstep within a few days.

Prices: Online retailers and storefronts purchase their products from the same manufacturers. However, an online retailer doesn't have the costly overhead that a storefront has (i.e. Lease payments on the building, heat and electric, just to name a few). Therefore, the online retailer doesn't have to markup the price as much as the storefront in order to make the same profit. So you, the consumer, come out the winner!

Store Hours: Online retailers are open 24 hours a day, 7 days a week. Shop at your convenience.

So as long as you take some simple precautions, shopping online can be a very pleasurable, time saving and money saving experience.

For safe shopping, great prices on lingerie, and excellent customer service, please visit our store at http://www.gottahavitny.com

HackAttack

2007-02-20T01:31:00.001-08:00

P C. owners are constantly at risk from attacks by hackers. Spy ware, viruses, trogan horses, and all sorts of other malevolent programs are all trying to take control of your computer.

What can we do about it? How can we be sure that we are properly protected against them?

A hacker will generally not be interested in doing damage to your PC. His main interest is in gaining control of your computer so that he can use it to send out hundreds of thousands of e-mails in your name with the intention of crashing your mail server.

This can get you into very serious trouble with the server. This is something that you do not want. How are you going to prove that you were not to blame?

How do the hackers do it? What tools do they use?

A port scanner. What is a port scanner? A port scanner can locate PCs that are on line and check for an open port. A hacker using a program such as 'Super Scan' can find an open port to gain entrance to your computer. Once in, he can use your computer as if it were his own. The only difference is that to all intents and purposes it is you that is causing all of the trouble.

The main port that the hacker is interested in is port 80. This is the one that you use to log on to the internet.

I am not going to confuse you with all the various programs that are designed to show you what ports are open at any particular time. What you need to know is how to protect your computer against these attacks.

There are a number of programs designed to show you what is going on inside your PC. I will give you a short list of some that are recommended by some of the program makers.

The one that I would not be without is: www.testmyfirewall.com As its name implies it will test your firewall for flaws and scan for open ports and any other security problems you may have. You do have a firewall, don't you?

Another one is: www.pestscan.com This will scan for any nasties that are already on the computer.

Lastly, I use: http://www.security.symantec.com This will run a security check of all my systems.

Don't put of what you should be doing today. Make sure that your protection is doing its job. Check that you have the latest version of whatever protection you are using. An out of date system is worse than useless. It gives a false sense of security and suddenly you find yourself in serious trouble with your ISP.

It is your responsibility to ensure that your computer will not cause problems for someone else. There are so many free systems out there that you have no excuse for not using one or more of them.

Be safe. Be happy. Be responsible. All the best. ?Bob?

---

Robert has been on line for over four years and earns a very good living from some of the very best affiliate programs on the web. This is one of his favorites. If you are interested in growing your very own opt-in mailing list in the shortest possible time, take a look now.

http://www.bz9.com/robjfar 'It's free.'

Remove Rogue Desktop Icons Created By Spyware.

2006-12-13T01:01:00.000-08:00

If you have used a Windows machine for a while, whether it's Windows XP, Windows 2000, or Windows 98, you're sure to have noticed desktop icons appearing from out of nowhere. How can icons mysteriously emerge on your Windows desktop?

3. It's easy to accidentally drag a Favorite, bookmark, text file, or other icon to your desktop, creating an icon.

Normally, it's easy to delete Windows desktop icons. Just place your mouse pointer on the offending icon, then right-click it and choose "Delete", clicking "Yes" to confirm if prompted.

* Ad-Aware: http://www.lavasoft.com/

* Microsoft Windows AntiSpyware: http://www.microsoft.com/athome/security/spyware/software/

* Pest Patrol: http://www.pestpatrol.com/

* Spybot Search and Destroy: http://safer-networking.org/

* Spy Sweeper: http://www.webroot.com/

So, how can you prevent these icons from appearing in the first place? Practice safe computing.

* Backup your machine. If it does get infected to the point of being unusable, at least you won't lose all your important files.

* Install security-related operating system updates so spyware and adware cannot enter your system through well-known exploits.

* Download or buy a virus scanner, and keep it updated! Virus scanners cannot detect all spyware, but it doesn't hurt to have one. Check online or visit your local computer software store.

* Purchase a hardware or software firewall, and keep it updated! Firewalls help protect your computer from common exploits that spyware or adware can use to infect your machine.

By practicing safe computing and using spyware-removal software, you can help remove rogue desktop icons from your desktop and keep others from appearing.

Andrew Malek is the owner of the MalekTips computer and technology help site. Visit his anti-spyware page for more advice on removing adware, spyware, and other malware.

Free Spyware Removal.It's Not As Easy As It Sounds.

2006-12-13T00:59:00.000-08:00

Nobody wants to pay to remove spyware. At the very least, I don't. The blasted stuff shouldn't be on my computer anyway, so what ever would make me want to shell out cash to get rid of something that I shouldn't have in the first place?

Spyware removal tools come in many different forms, and from many different places. Lavasoft's Ad-Aware is from Sweden, and Spybot: Search and Destroy is from Germany, I think. (Their error messages come up in German, so I have to assume..)

Purchasing adware removal software can even be dangerous, so to speak. If you're buying it from a pop-up then more than likely you're just lining the pockets of the person that infected your machine in the first place. I've had many infested machines have icons for spyware removers magically appear on the desktop. Of course, if you want to actually clean anything, you have to shell out some dough.

If you're going to go it alone, for free, then there are a few tools you'll need. The first is Ad-Aware, as mentioned above. Spybot: S&D is a second excellent choice. The third, and much more advanced (and therefore difficult to use) spyware remover is HijackThis. Almost all scanners will miss various adware items, simply because there is so much produced nowadays so quickly. It's impossible to keep up.

Once you have the aforementioned software downloaded, installed, and updated then you're going to want to boot to safe mode. Why not scan now immediately? Cause the adware is still running. You can't delete a file that's in use. That said, safe mode is less effective than it used to be, but it still may work.

To get to safe mode: Reboot the machine, press F8 repeatedly once it restarts until a menu comes up that has "safe mode" listed. Select it, and press enter. Windows will load nothing but the essentials.

As soon as safe mode is loaded then go ahead and do a full system scan with Ad-Aware and Spybot or whatever you happen to have. Following that, reboot and see how your computer runs. If it still has issues, then HijackThis will be neccesary. In order to use this tool, you'll need to have a pretty good grasp on what should and shouldn't be loading in startup, as well as a grasp of what Browser Help Objects you need. (Technically, none, but some software you have installed may use them)

You can get HijackThis help, but if it eludes you then you really should have an experienced user have at it.

Kevin Souter is a full time computer repair technician, and runs sites in his spare time dispensing his knowledge on free spyware removal and computer repair.

Keeping Worms Out of Your Network.

2006-12-11T01:37:00.001-08:00

No auntie Sookie, not earth worms, computer virus worms that can get to you computer and slowly dig deep into your files and eat them away. Put that eggnog down and I'll tell you some more about these new worms.

This worm is a self-replicating (makes a copy of itself, aunt sookie!) program that reproduces itself over a network. It can be hidden in an email attachment from an unknown sender, a movie download from a suspicious website, or an application sent from someone you don't know.
Once on your computer it then can replace a single file, like a winsock.dll or many files and send copies of itself along with email or newsgroup messages that you can post.

The following are ways to keep these type of worms out of your network:

a) Never, I said never (for emphasis) connect an unpatched, non updated computer or other Internet related device to the Internet. How do you update and patch a computer without connecting to the Internet? Get a cd from Microsoft with the latest and greatest patches and updates, then connect the device and then check for updates while connected to make sure you have protection.

b) Always, I said always (yes I am being redundant) use a firewall between your network of computers and the Internet. Even if your network of computers is 1 or 2 computers, it is still a network and needs a firewall to protect it, really protect it. A single computer connected to the Internet is now part of a world wide network thru it's Internet connection and is therefore vulnerable without protection. Get a firewall, a real firewall.

c) Educate and train anyone who uses your computer(s) network. Many times an infection is invited by careless users who download infected email, visit infected sites, or bring infected machines (laptop's, pda's) into a network from outside.

d) Patch and update, patch and update, patch and update (redundant, oh yeah). Yes it's a pain, and it requires time to do and verify that it's actually patched and updated. However it's definitely simpler and cheaper than trying to fix an infestation, or explain to everyone why the network is down or their computers won't work because a worm is eating through everything they have worked hard to save and protect.

e) Make sure up-to-date anti-virus software is on every machine, everything connected to the Internet. Anti-virus packages aid in protection and detection against worms.

f) Establish security rules for your network and educate everyone who touches the network. They must be enforced, daily.

g) Frequently check your network for vulnerabilities. Visit vulnerability website's, take advantage of free scanning tools on the Internet to test your machines. New vulnerabilities and new exploits are released constantly, and you can't protect against what you have no idea what is coming your way.

********************************************************

Daviyd Peterson: 10-year consultant, instructor, trainer
Helps african american homeschools bridge the digital
divide by becoming computer homeschools. Free article
on "Computer Homeschooling" and other related articles
http://www.homeschoolwireless.com/homeschoolwireless.htm

Virus Nightmare..Lessons Learned

2006-12-11T01:36:00.001-08:00

I got a virus the other day, Thursday I believe and since then I have been making FRANTIC efforts to save all my info.

The most important thing for me to save are my Outlook Express emails and my Roboform passwords. That way I can at least access all the places I need, to download and re-install all the software I use.

Thankfully I was able to still access my Laptop and very, very slowly(the system was painfully slow because of the damge done by the virus) start a process of trying to save my system without having to reformat the whole disk. I say thankfully because after a virus attack not everyone is able to even access the system.

I tried anti-virus software, I attempted to fix things using the various "malicious advertising" expulsion applications(Ad-aware, Spybot etc.). All to no avail. After almost three days I resigned myself to the fact that it would have to be a re-format which means restoring my Laptop to factory settings. What a nightmare!

First of all I made a backup of my Outlook express email software, emails, account settings etc. For this I downloaded a great little free trial software application called Outlook Express Back Up Wizard, a free trial can be downloaded here:
http://www.outlook-express-backup.com/ This software met by needs better than others I tried.

If you don't use Outlook Express then you can download others by searching here:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=RNWE,RNWE:2004-35,RNWE:en&q=email+backup+free+downloads

The I did a search for some backup software to back up the files that I could and also to use for future occasions. After trying a few that either wouldn't work on my system, or didn't back up to the medium that I wanted(CD Rom Discs) I found a great tool that just did the trick and in fact I plan to buy as soon as the free trial is up. The software is called "NTI Backup Now 4 Deluxe Suite" and it is so straightforward that even a tech dummy like me found it simple.

Again you can use the full version for 30 days free:
http://www.ntius.com/

I added my Roboform(www.roboform.com) passwords, my Internet Explorer favourites, my Outlook Express backup, my Microsoft Money backup files(For accounting purposes), as many software installation files as I had and most of the files and folders that I have used recently.

Of course what I also ralised is that I have not kept the Install files of loads of the software that I have on my Laptop. Bad mistake! This means that I will have to go search for these again to download to my reformatted system.

What I will do in future is save every Install file in it's own folder with passwords, serial numbers and any other useful info in a notepad file alongside them.

The hard lesson I have learned is to make sure in future I do frequent backups of my system. I have been online since 1998 and never had any major problems. This is the first and I foolishly underestimated the damage a virus could do.

My next step is to get an external drive to use as a backup and as I mentioned to use it frequently.

I hope this has given you some food for thought. As I sign off here I am going to insert my Toshiba Product Recovery CD-Rom.

If I had taken the necessary precautions I wouldn't have just lost three days of my time. Three days I could have been putting to better use.

Ah well, there is positive in every bad situation. Or at least that's what I keep telling myself:-).

Mal Keenan is editor and publisher of Home Business Tips Newsletter:
http://www.home-business-tips-newsletter.com/
For more help and support from Mal Keenan visit his online training site:
http://www.pluginprofitstraining.com

Does Your Firewall Do This?

2006-12-06T00:06:00.000-08:00

The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill!

So anti-virus software is the answer?

An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Previously, the targets of hackers were large institutions, banks and government organisations; now hackers try to steal your personal information, including bank details and passwords directly from your PC on a daily basis.

But perhaps you don't consider that your data is particularly valuable?
You will be the one who suffers the consequences when it is destroyed, and these consequences are usually expressed in economic terms. If you lose your data, you will have to pay someone to try and recover it for you, and if your computer is illegally hijacked and used to attack others, then you will also have to handle any legal issues that may result from this.

What will a firewall do to limit the danger to your systems?
A decent firewall is sometimes referred to as a 'choke-point' or 'bridge'. Every piece of data that comes into your network has to go through the firewall in order that data of undesirable content and unauthorised users cannot gain access to your computer or network.

A good firewall will also hide the fact from others, that you are actually connected to the Internet, stopping software that pings, sniffs and queries IP addresses in the hope of finding a system to attack.

A firewall will cloak me, but which one do I need?
There are two different types of firewall available for you to use; a software firewall that is loaded onto your computer and a hardware firewall. In truth, both types are software, but the hardware one is a dedicated firewall appliance, whose only job is to perform firewall functionality. A clear advantage of a hardware firewall, is that if you happen to install some sort of maleware or virus on your system, it cannot take over your firewall.

Unified Threat Management firewall functionality
Unified Threat Management products are defined as those that act as firewalls, include intrusion detection and protection, and also deal with viruses.

Does your current firewall perform content filtering, spam filtering, intrusion detection and anti-virus duties? All of these functions are usually on a number of different pieces of hardware, taking up valuable space in your server racks.
The technology within business grade firewalls has become considerably more robust recently, and paved the way to add these additional, but vital functions to the one appliance.

The administration time has been cut significantly, as there is only one appliance; product selection is quicker and easier, as is product integration and ongoing support. With only one appliance, troubleshooting also becomes a lot less of an issue. If the firewall were to fail, then only one piece of hardware needs to be swapped out; which means that your business can be back up and running faster.

Winding up
In conclusion a good firewall should do the following things:

Protect your personal data
Protect your computers resources
Protect your reputation and that of your business
Protect your liability
Ideally be capable of Unified Threat Management

Rob Green is the CEO of Century Computing Support Services, a WatchGuard Firewall Expert Partner, who provide both business grade hardware and software firewalls at http://www.firebox.uk.com. Fill in the contact form at http://www.firebox.uk.com/catalog/contact_us.php to sign up for the Century Computing newsletter.

What to Look for before You Purchase Spyware Software.

2006-12-06T00:04:00.000-08:00

Huge number of spyware software applications are available in the market, some being offered as shareware while rest as freeware. (Shareware means a software available for download / CD, and can be used for a particular length of time, usually 30 days. Some are disabled as well). Before making a decision to purchase any such software we should check the reliability and should consider various attributes possessed by them and then select the best and the most appropriate one. The various attributes that one should consider to be the most important when purchasing spyware detection and removal software are -

The spyware software should include tools to enhance the ease of spyware detection and removal. The software should be able to offer descriptions of detected spyware so we can determine whether or not to keep each item. The software should also have auto-update and auto-scheduling capabilities. Auto-update facility ensures that we never forget to download latest spyware definition file. Auto-scheduling ensures that the system is scanned for these malicious codes at a defined interval. This means that even is the system user has changed, the computer is still safe from these spywares. There should be "undo" capabilities in case we accidentally delete something we actually need, and many other features as per individual requirements. The product should provide real-time protection from spyware. In other words, the software should help us prevent spyware installation instead of just removing it afterward. The product should be effective at finding and removing the many different types of spyware.

The product should be easy to use. Its features should be user friendly avoiding any technical jargon, not so easily understood by an average computer user. The user interface should be pleasing to look at, and more importantly, should offer the ease of navigation. The product should be easy to download and install, it should be comfortable enough for running and us to get it up without consulting a book or a tech support person.

There should be a help section installed with the product and should offer easy to understand answers to our questions. There should be someone we can call for support, and the support staff should respond quickly to our email questions. With the right solution for removing and detecting spyware in place, you can keep your computer privacy protected and PC ad-free.

Few top most Spyware software are- Spyware Eliminator, Spyware Doctor, Spy Sweeper, CounterSpy, MS AntiSpyware, Ad-Aware, McAfee, Pest Patrol, NoAdware, Spybot S&D. Best Personal Firewalls are- ZoneAlarm, Outpost Pro, Sygate Firewall, Norton Firewall, Norman Firewall, SurfSecret, Windows Firewall, BlackIce, Injoy, McAfee Firewall.

Computer security awareness is certainly on the improve however it is still amazing how many computer users leave themselves wide open to malicious attacks. Get more free info at: http://www.nichearticles.com/spyware/

Personal Firewalls - Secure Your Computer

2006-12-05T00:03:00.000-08:00

There has not been a time in the history of the personal computer that firewalls and anti-virus programs have been more necessary and in-demand. Today, personal computer security is not only threatened by viruses and worms, but also by spyware - those severely annoying programs that are illegally loaded onto your computer from the internet. Spyware programs can seriously undermine the operating structure of your computer, as well as make you vulnerable to identity theft and other criminal activities. Firewalls, long since a staple in the corporate world for defending large, expensive internal intranets or other networks, has now come into its own as a tool for personal computer owners as well. Your home computer is just as susceptible - if not more so - to online attacks, so why should it not be protected?

What is a firewall, anyway?

For those of you who may not be as versed in the pc security lingual as some, we offer here a fairly simple definition. A firewall is a collection of security programs that act to block unauthorized users from gaining access to a particular computer network (or single computer). Most firewalls also comprehensively monitor and report the data transfers between the network and the outside internet environment. Thus, they are quite effective in keeping your computer or network safe, allowing you to access the internet without taking a high security risk.

Sygate Personal Firewalls

There are few highly reputable firewall providers out there, and Sygate is certainly one of them. Here we go over some of the features of the Sygate line firewalls, so that you may choose the best one for your pc or server.

Sygate currently offers two main personal firewalls: the Sygate Personal Firewall (SPF) and the Sygate Personal Firewall Plus (SPFP). The major differences between the two are the advanced features you will only find on the SPFP. With the Plus version you will get VPN support, intrusion detection system (IDS), active reponse, and anti-mac, anti-ip spoofing. Both versions of the software come with the material that any pc user should really make sure they have: the main "application" firewall, intrusion alarm system, attacker tracing system, and security policy customization. These features are what are really necessary for a firewall to protect your home computer. The firewall needs to be able to block outsiders from gaining access to your computer, and they need to alert you when an attack has been attempted (or is in progress). Considering that the SPF is essentially free to download, and contains the elements you really need, this is the application we recommend for home pc users. For small business networks, the more advanced features offered by the Sygate Personal Firewall Plus is certainly worth the $40.00 pricetag. Both options are solid firewall applications and can be highly trusted to perform well on nearly any system.

Norton Personal Firewalls

Sygates closest competition in the area of personal firewall is Norton. Norton anti-virus programs are very well known, and have largely carried the brand over the last decade. Although less well known, Norton offers a powerful and comprehensive firewall program for home pc owners. Norton Personal Firewall 2005 is similar to the Sygate Personal Firewall program mentioned above. Some of the neat features of this application include the Norton Privacy Control (which keeps information from being sent without your knowledge in email, instant messages, MS Office attachments, and various forms on the web, such as those you enter your credit card number in), and intrusion prevention system that automatically blocks suspicious incoming traffic (from hackers, etc.). If this product is anywhere near as well designed and engineered as the anti-virus programs from Norton, then it is definately worth a look. The software can be downloaded or ordered online for $49.

Bradley James is a senior editor at SciNet.cc, a website containing many helpful consumer electronics review articles. For more information on personal firewalls, please visit our personal firewall webpage.

How to Know Whether an Email is a Fake or Not

2006-12-01T00:01:00.000-08:00

A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too.

Following are the steps that I have usually taken to discover whether an email came from a rightful person/company or a swindler:

Position the mouse pointer above the link provided by the sender(PLEASE DO NOT CLICK IT!). See on the status bar whether the URL that appears is genuine.

If you use Outlook Express, in the message list, select the suspected message. click "File", and then click "Properties". Click "Details" to see the email headers.

Notice the "Return-path" part, where you will see the sender's original email address. Notice the domain name (e.g ...@xyzdomain.com). Now you can guess with more confidence that it is a real or fake email.

If you have ever received an email from an autoresponder, you might have noticed that the "Return-path" part contained the domain name of the autoresponder (e.g. ....@abc.getresponse.com) although the email address looked like from another domain.

If you are still not sure, do the same with the original email which you had received previously (the one from the right person/company) for comparison. If the header of the original email on the "Return-path" part reads "Return-path: ", while on the suspected email the reading is "Return-path: ", you ought to be suspicious that the second is a fake email!

If you want, you can also notice other parts of the header such as "Received-from" and "Message-id". But, please do not be influenced by the "from" part. It is the part that is usually used to manipulate you.

Additionally, please conceive that an organitation which is always cautious about malicious abuses, such as 2CO, ClickBank, etc, will hardly send a link to you to click in the email. As I have experienced personally, if the company has something to inform me, they merely ask me to log-in to my account (There is no link to click).

Dispatching a faked up email can be done very easily by anyone who possesses a little knowledge about programming (php, etc).

I hope this tip will be useful for you.

Heris Yunora

http://www.soft-promotion.com

What is Hacking?

2006-12-01T00:00:00.000-08:00

WHAT IS HACKING?

Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose.

For those who don't know better, a hacker, by wrong-definition, can be anything from a computer-user to someone who destroys everything they can get their evil terminals into.

Real hackers want their motivations and ethics to be viewed as legitimate, or at least understood, instead of being simply written off as malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain, or devious teenagers who have nothing better to do than crash every available computer.

It is thanks to the mass media and people who have absolutely no understanding of computers, who use terms like "information superhighways", "IT", and "computer crime" to try and make themselves sound important that it is assumed all "hackers" (the good and the bad) fit the above descriptions. There are people who do stuff like the above but they ARE NOT real hackers, They buy the magazine "2600" and they ask questions. They do not want knowledge. They do not want to learn how things work, they do not want to explore. All They want to know is the answer to their damn questions, they are not real hackers.

They are the real criminals and are the threat to every appliance connected to the Internet, they destroy, steal and mess up the flow of information then let the real hackers take the blame!

Hacking IS NOT about the mindless idiotic destruction of files and/or crashing systems intentionally.

Real hackers have an ethical code of practice, which includes things such as:

☞ Leave a system in the state it was found.

☞ Do not intentionally destroy or modify anyone else's data.

☞ Do not cause any legitimate user problems with computer resources.

☞ Do not access emergency services computers.

Real hackers are enraged when so called "hackers" cause damage to or compromise resources. Hacking is about looking for answers and knowledge, it is about learning. That's why hackers hack, to search around inside a place they have never been, to explore all the little nooks and crannies of a world so unlike the boring cess-pool they live in.

Their aim is to rise above the rest, and then to pull everyone else up to the same new level. Real hackers justify accessing computer systems by claiming that it is not unfair to break into otherwise idle computer resources and to download files with the intent to learn.

The already terrible reputation carried by the real hackers is cased by the ignorant and stupid people who like the label of "hacker" that screw things up, mainly though the destruction of stored information and or all passable activities of computer related fraud.

For those who don't know better it is thanks to the mass Media who have blown it way out of proportion. A hacker, by wrong-definition, can be anything from a computer-user to someone who destroys everything they can get their evil terminals into.

And the people who have absolutely no understanding of computers, who use terms like "information superhighways", IT, and computer crime to try and make themselves sound important that it is assumed all hackers are malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain. There are people who do stuff like the above but they ARE NOT real hackers, They buy the magazine "2600" and they ask questions.

They do not want knowledge. They do not want to learn how things work, they do not want to explore. All They want to know is the answer to their damn questions, they are not real hackers.

They are the real criminals and are the threat to every appliance connected to the Internet, they destroy, steal and mess up the flow of information and let the real hackers take the blame!

Hacking IS NOT about the mindless idiotic destruction of files and / or crashing systems intentionally.

Hacking is about looking, searching for answers and knowledge, it is about learning, satisfying their curiosity. That's why they get into the system, to search around inside a place they've never been, to explore all the little nooks and crannies of a world so unlike the boring cess-pool they live in. They seek to rise above the rest, and then to pull everyone else up to the same new level.

Why destroy that which they love? To take away someone else's chance to succeed in getting in as he did? To fuel an already terrible reputation and increase their chances of getting caught and thus have their lives and careers effectively ruined? IT IS ILLOGICAL!

The real problems are caused by the ignorant and stupid people who like the label of "hacker" that screw thing up by destroying everything they can get their evil terminals into.

It is thanks to the mass Media and people who have absolutely no understanding of computers, who use terms like "information superhighways", IT, and computer crime to try and make themselves sound important that it is assumed all hackers are malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain.

ARE YOU A HACKER?

Too identify users who like the label of "hacker". Even as I type this they are dammaging the already terrible reputation carried by the real hackers. This file is meant to help these people who are not helping the movement by pointing out the errors of their ways! What is that you say, "but I am a "badass" hacker". Just ask your self whether any of the following descriptions sound like you, if so then you are part of the problem!.

You have been surfing the net, and you laugh at those media reports of the information superhighways. You have a red box. You do not have to pay for phone calls. You have crackerjack, and you have run it on the password file at a Unix on which you have an account. Your computer knowledge has impressed everyone at your school, you are the one the teachers ask for help. Am I getting warmer?

Or may be you are one of the free loaders. There are thousands of you out there. You buy 2600 and you ask questions. You read phrack and you ask questions. You join #hack and you ask questions. What is that you say, "what is wrong with that? After all, to be a hacker is to question things, is it not?" Nevertheless, you do not want knowledge. You want answers. You do not want to learn how things work. You only want answers. You do not want to explore. All you want to know is the answer to your damn questions. Dose this sound like you?

Or if not the above you are what I refer to as a non event. You read 5% of 5 or 10 of the hacking FAQs and or tutorial files. You no not fully understand the essentials of hacking. Or the reasons for cacking. You have never heard of social engineering or if you have you think it is not important. You think the world of computers and security opens up to you through a keyboard and your redbox. In short you know nothing. You are brain dead, but you see your self as a master mind criminal. You brag about you hacking factices. You make it up as you go along. You lie over any and all the BBS you can.

Dose any of this sound like you? If so you are not a hacker. You are a little child. It is thanks to you morons that get bested whilst destroying everything you can get your evil terminals into that the established order (governments, companions, the mass Media etcetera) assume all hackers are like you, malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain or are devious teenagers who have nothing better to do than crash every available computer. Nothing could be feather from the truth!

You enrage the real hackers when you cause damage or compromise resources. You do not understand the damage you inflect When you bring down a system you take away from everyone the chance to succeed in getting in, you take away that which all real hackers have come to love more that live itself!.

Hacking is about looking for knowledge. It is about learning. That's why hackers hack, to search around inside a place they have never been. To explore all the little nooks and crannies of a world so unlike the boring cess-pool they live in. To increase the flow of information and knowledge, so that Everyone can learn and benefit.

WHAT IS A HACKER?

More times that I can remember, someone has asked me the question "Just what exactly is a hacker?"

For those who don't know better. A hacker can be anything from someone who makes furniture with an axe; (by wrong-definition) A computer-user; An expert at a particular programme; An expert or enthusiast of any kind; but the most wide spread application of the term is to describe someone who destroys everything into which he/she can get their evil terminals. This is true to such an extent that if I were to say to just about anyone (that has not being leaving on the moon since 1982) "I am a hacker", it would immediately be assumed that I am a criminal, a malicious, vandalising, a thieving terrorist, a little shit out to take over the computers of the world for personal gain, or some thing along those lines. For this we have the wanabes and the mass Maida to blame!

What I consider a hacker to be is a person who is self motivated and besotted with exploring the details of programmable systems, a person who loves the intellectual challenge of creatively overcoming or circumventing limitations, and uses that knowledge to continue the fight for freedom of knowledge and information, a person who wants to know everything and most importantly a *real* hacker lives by the "hacker ethic" (the belief that information-sharing is a powerful positive and good thing), and whom follows an ethical code of practice (that typically includes things such as, Leave a system in the state it was found; Do not intentionally destroy or modify anyone else's data; Do not cause any legitimate user problems with computer resources; Do not access emergency services computers; etcetera)

Their motivations for hacking (the activities of a hacker) are generally to learn more about any think that can help them understand more about the way the would works, fore example how computer systems work by making them do things they were never intended to do and/or to challenge security measures.

This is my own definition of what the "normative" boundary markers of *real* hackers are. All real hackers tend to meat the majority of these criteria. However, this is by no means universal, like plants, there are many breads of hacker, most of which are out to achieve that same ends, the ones that do not meat any, or the ones the do all the above, but are intent on destruction are *NOT* hackers, most likely they are the wanabes. See my FAQ "ARE YOU A HACKER?" for more about them.

Now, who are the *real* hackers, whatever their motives they tend to share an, unbridled intimacy and total affinity for their life stilly, they are the ones who are so deeply consumed by learning computer science, cacking, programming, social engineering, boxing, scanning, etcetera, that it means more to them than the feeling that they experienced at the flash point of their first love, for some it is the ultimate buzz like heroin, for many to hack, to get access to a system and escape into the binary world, is to engage in sexual intercourse.

Again this is by no means universal, there are those that merely enjoy it, and the ones that find it a pain. The people that do not in *ANY* *WAY* reflect the above may be real hackers, but finding an elite hacker whom dose not is rare.

If you are a real hacker, like it or not, you are a revolutionary and know it or not every thing you do is in some way connected to your search for the truth, because although to be a hacker is to question things hacking its not about asking questions. It is simply about finding the truth because they must be able to choose for themselves, what ever the consequences, it is their right to have some say it their fate.

No one can be told what the truth is, as it is different for everyone, it is an idea, it is simply sufficient information and experience to allow a person to tell for min/her self. It is not an answer that hackers seek but rather the truth is learnt from the path that each hacker takes to gain experience, which is simply the search for knowledge.

I genuinely do not know what the purpose of this file is, maybe someone somewhere will read it, and know more about the truth concerning hackers. Not the lies of the ignorant!

I am the website administrator of the The Wandle Industrial Museum (http://www.wandle.org). Established in 1983 by local people determined to ensure that the history of the valley was no longer neglected but enhanced awareness its heritage for the use and benefits of the community.

Personal Firewalls for Home Users.

2006-11-29T20:59:00.000-08:00

What is a Firewall?

The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network.

The primary goal of a firewall is to implement a desired security policy; controlling access in both directions through the firewall, and to protect the firewall itself from compromise. It wards off intrusion attempts, Trojans and other malicious attacks.

Personal Firewalls:

They are meant for the home user in a networked environment. They aim to block simple attacks, unlike the enterprise level firewalls that the corporate world uses at the server or router end. There are many ways to implement a firewall, each with specific advantages and disadvantages.

Are they really needed?

Nowadays organizations and professionals use Internet technology to establish their online presence and showcase their products and services globally. Their endeavor is to leverage digital technology to make their business work for them.

All the organizations and professionals are shifting from Dialup to broadband and getting a fixed IP. It has led to an increase in security attacks, bugs in everyday working. This does not mean that Dialup being anonymous dynamic link or the firewall of the ISP network make you pretty safe.

Now if your machine was under attack, you must have wondered what went wrong making your system crash suddenly. So I would rather like to say, it's not necessary for anyone to actually know about you or your IP address to gain access to your system.

If you system is infected or prone to intrusions, then beyond the anonymity of your Dialup connection or a dynamic IP, your system can be hacked.

Types of Attacks

Intrusion:

There are many ways to gain unauthorized access to a system. Operating system vulnerabilities, cracked or guessed passwords are some of the more common. Once access is attained, the intruder can send email, tamper with data, or use the system privileges to attack another system.

Information Theft and Tampering:

Data theft and tampering do not always require that the system be compromised. There have been many bugs with FTP servers that allow attackers to download password files or upload Trojan horses.

Service Attacks:

Any attack that keeps the intended user from being able to use the services provided by their servers is considered a denial of service attack. There are many types of denial of service attacks, and unfortunately are very difficult to defend against. "Mail bombs" are one example in which an attacker repeatedly sends large mail files in the attempt at filling the server's disk filesystem thus preventing legitimate mail from being received.

Types of Attackers

Joyrider:

Not all attacks on computer systems are malicious. Joyriders are just looking for fun. Your system may be broken into just because it was easy, or to use the machine as a platform to attack others. It may be difficult to detect intrusion on a system that is used for this purpose. If the log files are modified, and if everything appears to be working, you may never know.

Vandals:

A vandal is malicious. They break in to delete files or crash computer systems either because they don't like you, or because they enjoy destroying things. If a vandal breaks into your computer, you will know about it right away. Vandals may also steal secrets and target your privacy.

"In an incident a Trojan was being used to operate the web cam. All the activities being done in the house were being telecasted on the websites."

Spies:

Spies are out to get secret information. It may be difficult to detect break-ins by spies since they will probably leave no trace if they get what they are looking for.

A personal firewall, therefore, is one of the methods you can use to deny such intrusions.

How Firewalls work?

Firewalls basically work as a filter between your application and network connection. They act as gatekeepers and as per your settings, show a port as open or closed for communication. You can grant rights for different applications to gain access to the internet and also in a reverse manner by blocking outside applications trying to use ports and protocols and preventing attacks. Hence you can block ports that you don't use or even block common ports used by Trojans.

Using Firewalls you can also block protocols, so restricting access to NetBIOS will prevent computers on the network from accessing your data. Firewalls often use a combination of ports, protocols, and application level security to give you the desired security.

Firewalls are configured to discard packets with particular attributes such as:

Specific source or destination IP addresses.
Specific protocol types
TCP flags set/clear in the packet header.

Choosing a firewall:

Choose the firewalls which have the ability to ward of all intrusion attempts, control applications that can access the internet, preventing the malicious scripts or controls from stealing information or uploading files and prevent Trojans and other backdoor agents from running as servers.

The purpose of having a firewall cannot be diminished in order to gain speed. However, secure, high-performance firewalls are required to remove the bottleneck when using high speed Internet connections. The World-Wide-Web makes possible the generation of enormous amounts of traffic at the click of a mouse.

Some of the good firewall performers available in the market are below:

BlackICE Defender
eSafe Desktop
McAfee Personal Firewall
Neowatch
Norton Personal Firewall
PGP Desktop Security
Sygate Personal Firewalls
Tiny Personal Firewall
Zone Alarm
Zone Alarm Pro

Most of these firewalls are free for personal use or offer a free trial period. All the personal firewalls available can't ensure 100% security for your machine. Regular maintenance of the machine is needed for ensuring safety.

Some of the tasks advised for maintaining system not prone to intrusions:

Disable file and print sharing if you are not going to be on network.
Update your antivirus signature files regularly.
Use a specialized Trojan cleaner.
Regular apply security patches to your software and operating system.
Don't open email attachments if you have don't know the contents it may contain.
Don't allow unknown applications to access to the internet or to your system.
Regularly check log files of your personal firewall and antivirus software.
Disable ActiveX and java and uninstall windows scripting host if not required.
Turn off Macros in Applications like Microsoft Office and turn macro protection on.
Check the open ports of your system and see them against the common list of Trojans ports to see if they are being used by some Trojan.
Log Off from your internet connection if not required. Being online on the internet for long duration gives any intruder more and sufficient time to breach system security.
Unplug peripherals like web cam, microphone if they are not being used.

About The Author

Pawan Bangar,

Technical Director,

Birbals,India

ebirbals@gmail.com

What Can Be Done About Spyware And Adware.

2006-11-29T20:55:00.000-08:00

Having a good Spyware eliminator on your computer is vital now a days with all of the different Spyware, Adware, and other malicious computer parasites that are out there. Most of them are reasonably priced and very easy to use.

Two of the biggest things that these Anti-Spyware programs accomplish for you are that they help in protecting your online privacy and they help make your computer run a lot better. You may wonder about what I'm talking about. Well as far as your privacy goes, companies put this Spyware on your computer through you downloading different things from the Internet. By doing this they are able to track your surfing habits and even get your e-mail address so that they can send you a lot of junk e-mail such as different advertisements. As far as helping your computer run better, you eliminate a lot of these programs from your computer, which are constantly running in the background and eating up a lot of your system resources.

You will see a difference with your computer and you'll also feel a lot more secure with a good Spyware eliminator.

About spyware removers

Spyware removers are a dime a dozen on the Internet. Everyone seems to claim they have the best one. With all of the competition going on with these programs, it may not be an easy choice for you to choose one.

That's why I would like to recommend to you a Anti-Spyware program called NoAdware. First of all, the reason why I recommend this product is because I personally use it and it works. Second of all, it's the most downloaded and used Anti-Spyware program from the Clickbank digital download network.

The program is absolutely simple to use. Just download the program to your computer, install it, and let it do its thing. It will search your computers hard drive and find any Spyware, Adware, and other computer parasites you may have. It is simple to use and very easy to understand.

Robert Dorrance:

Your guide to understanding Spyware, Adware, and other malicious computer parasites. Find out more at http://www.destroy-adware.com

3 Simple Steps to Stay Safe from Spyware.

2006-11-24T20:53:00.000-08:00

There are several basic concepts to keep in mind when deciding to stay spyware free for good. This article will outline a spyware checklist for you to keep in mind when getting tough on spyware and taking back control of your computer using two popular free applications, Ad-Aware,and Spybot - S&D. Using these two programs in conjunction will eliminate a vast majority of spyware problems from your computer. For the purposes of this article, "spyware" refers also to adware, malware, and other not-so-nice "features" of today's computing reality.

These are some tell-tale warning signs that your computer may be suffering from spyware-

You receive many pop-ups
Your computer is running slowly
You may have invasive toolbars hijacking your browser
Your home page may have been hijacked

Your first step to escaping spyware's wrath is to download and run Ad-Aware and Spybot - S&D, the two leading spyware fighting tools out there, boasting millions of downloads each. Please remember it's always safest to backup your system before installing a new program or executing one. After downloading the two programs, be sure to run the update feature to be sure they are current when it comes to detecting the latest threats. Remove the detected spyware using these two programs, then move to step two.

The second step in staying spyware free involves you to be proactive. At this point your computer should be free from spyware. What you want to do now is keep it this way, to do that there are helpful tips to guide you. In Windows 98 you can use msconfig to view the startup programs on your computer. This is helpful because you can control what programs automatically load when you boot your computer. To access this invaluable tool, go to START >> RUN, type MSCONFIG. If you check the startup programs occasionally you may see a new spyware entry that will alert you it's time to clean out the spyware again.

The third step involves your web browsing habits. It means you must never click on an activex screen that asks you if you want to allow an innocuous looking toolbar, or "surfing aid"be installed. By clicking "allow" you are effectively giving these perfidious spyware authors free reign over your system and personal information. If possible you should surf with the security settings on "maximum" for safest surfing.

In summary, it's important to avoid spyware for your computer and personal identity health. To do so, use free tools available to you and be mindful of your computer settings and surf the Internet responsibly. Following these easy steps will ensure a safe and spyware free existence for you and your computer!

Written by Erich Bihlman, of Bihlman Consulting - PC and Internet Tutoring and Website Design in Prescott, Arizona. Bihlman.com. For additional helpful articles visit IQZone

Instant Messaging ? Expressway for Identity Theft, Trojan Horses, Viruses, and Worms

2006-11-24T20:51:00.000-08:00

Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.

John Sakoda of IMlogic CTO and Vice President of Products stated that,

"IM viruses and worms are growing exponentially....Virus writers are now shifting the focus of their attack to instant messaging, which is seen as a largely unprotected channel into the enterprise."

Because Instant Messaging operates on peer-to-peer (P2P) networks, it spawns an irresistible temptation for malicious computer hackers. P2P networks share files and operate on industry standard codec (encyrption codes) and industry standard protocols, which are publicly open and interpretable. Anti virus software does not incorporate protection for Instant Messaging services.

Like sharks in a feeding frenzy, these hacker mercenaries view Instant Messaging clients as their personal "Cash Cow" because of the ease by which they can access your computer via the publicly open and interpretable standards, unleash a Trojan horse, virus, or worm, as well as gather your personal and confidential information, and sell it to other depraved reprobates.

Please, don't be na๏ve enough to think it won't or couldn't happen to you!

Want to see how easy it is for hackers to access your Instant Messaging chat and what can happen to you as a result?

Did you know that some hacker-friendly providers offer processor chips that can be bought on the Internet? (I guess it would be pretty hard to walk into a store and ask the clerk to help them find a processor chip that could be used to illegally hack into a victim's computer for the sole purpose of spreading malicious code or stealing someone's identity!)

Did you know that hacker-friendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their Trojan horses, viruses, and worms?

Hacker manuals are also conveniently accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the "command prompt" on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.

"Sniff" is a tool (originally intended to help telecommunication professionals detect and solve problems) that reprobate hackers use to tamper with the protocol and "sniff out" data. When hackers sniff out your Instant Messaging data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on your conversations, gather information, and sell it to other depraved criminal entities.

Don't set yourself up to be the next Identity Theft Victim because you like to chat using Instant Messaging.

Identity theft is one of the most sinister of vulnerabilities you are inadvertently be subjected to. Identity theft is defined by the Department of Justice as

"?the wrongful obtaining and using of someone else's personal data in some way that involves fraud or deception, typically for economic gain."

Identity theft is the by-product of hacker mercenaries obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc., from the Internet. You become a virtual "Cash Cow" for hackers as your information is then sold to other felons for financial gain. Using your information, these criminals then:

ท access your bank account funds

ท create new bank accounts with your information

ท create driver's licenses

ท create passports

Attorney General Ashcroft stated that,

"Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America's businesses."

A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.

According to a Press Release issued by the Department of Justice on February 28, 2005, a hacker was convicted of several counts of fraud, one in which

"?he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts."

Trojan Horses, Viruses, and Worms - The Toxic Trio

According to Dictionary.com, a Trojan horse is "...a subversive group that supports the enemy and engages in espionage or sabotage---an enemy in your midst." The toxic cargo of Trojan horses can include viruses or worms.

A Trojan horse is a program that Internet criminals use to interrupt and interfere with your security software and produce the following results

-Terminates processes
- Removes registry entries
- Stops services
- Deletes files

Hackers, who have gained access to your computer, because of the easily accessible programs and software as mentioned above, are enthusiastically incorporating this venomous little program into their arsenal of weapons.

As recently as March 4, 2005, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.

On January 28, 2005, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by "?creating and unleashing a variant of the MS Blaster computer worm." Christopher Wray, Attorney General - Criminal Division stated that,

"This ? malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world."

By the way, "malicious" is defined by Webster as "...intentionally mischievous or harmful".

On February 11, 2005, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm,

"?directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoft's main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours."

March 7, 2005, Symantec.com posted discovery of a worm named "W32.Serflog.B" that spread through file-sharing networks and MSN Messenger - networks that operate on publicly open and interpretable industry standards administered by P2P systems that host Instant Messaging clients-none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.

SOLUTION

Avoid at all costs, P2P file sharing networks as they operate on publicly open and interpretable industry standards. (Instant Messaging services run on P2P file sharing networks.)

If you like the convenience of text chatting via Instant Messaging, then why not consider an optimally secure VoIP (voice over internet protocol), also known as a Computer Phone, that incorporates the Instant Messaging feature. Make sure the VoIP internet service provider does not operate on P2P file sharing networks that use industry standard codec or industry standard protocols that are publicly open and accessible. (Don't forget, these standards create the vulnerability which reprobate hackers are capitalizing on because of their easy accessibility.)

Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology which is hosted in a professional facility. Simply put, when a VoIP internet service provider is optimally secure, the Instant Messaging feature on the VoIP softphone is also incorporated in their optimally secure technology.

Here's the bottom line.

If you are currently using Instant Messaging of any sort, you need to make a decision:

a. Continue enticing hacker mercenaries and remain as a user of an Instant Messaging service, or

b. Take immediate corrective action.

If you decide to take immediate corrective action:

1. Find an optimally secure VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology.

2. Find an optimally secure VoIP internet solution provider that has their own proprietary high end encryption codec.

3. Find an optimally secure VoIP internet solution provider that has their own proprietary patented technology.

4. Find an optimally secure VoIP internet solution provider that hosts their proprietary patented technology in a professional facility.

Need Help?

Here's a place you can look over to see what an optimally secure VoIP internet solution provider looks like--one that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND one that incorporates the Instant Messaging feature. http://www.free-pc-phone.com

**Attn Ezine editors / Site owners **
Feel free to reprint this article in its entirety in your ezine or on your site so long as you leave all links in place, do not modify the content and include the resource box as listed above.

Dee Scrip is a well known and respected published author of numerous articles on VoIP, VoIP Security, and other related VoIP issues. Other articles can be found at http://www.free-pc-phone.com

How to Remove Your Name From a Mailing List.

2006-11-22T20:08:00.000-08:00

We’ve all found our name on a junk mailing list at one time or another. It’s frustrating to continuously receive unsolicited and unwanted mail that only ends up becoming landfill. If you’re not interested in receiving piles of catalogs and solicitations in your daily mail, you’ll be happy to know that this is easily remedied.

One way to remove your name from a mailing list is to go directly to the source. Contact the business or individual and request your name be deleted from their files. You can do this over the phone, but it will probably better to do this in writing since it’s a good idea to have a paper trail.

You might also be able to go to the businesses’ web site and request removal. Request confirmation that this has been done. If a business continues to send you mail after several requests, you might be able to file harassment charges, so it pays to keep good records.

There are also organizations in which you can register to have your name removed from multiple mailing lists. The Direct Marketing Association is one of those organizations. Since it handles mailing lists from hundreds of different companies, you can go to their website and request removal. This will keep your name off of their junk mailing lists for five years at which time you can put in another request. If you submit the form online it will cost $5.00. To submit your request for free, you can send it the old fashioned way to the P.O. Box listed on the DMA’s website. If you’d like to be removed from junk or spam email mailing lists, you can also do this at the DMA’s website.No one wants their mailbox clogged with unwanted catalogs and solicitations from banks, credit cards companies and others. If this is happening to you, you can take steps to prevent this from happening. Not only will you save your home from clutter; you’ll protect the environment as well.

James Hunt has spent 15 years as a professional writer and researcher covering stories that cover a whole spectrum of interest. Read more at http://www.best-mailing-lists.info/

Recovering from Viruses, Worms, and Trojan Horses.

2006-11-21T02:26:00.000-08:00

"Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your computer gets infected with malicious code, there are steps you can take to recover."

How do you know your computer is infected?

Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can't, you will need to take additional steps.

What can you do if you are infected?

Minimize the damage - If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.
Remove the malicious code - If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store (see Understanding Anti-Virus Software for more information). If the software can't locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer.

How can you reduce the risk of another infection?

Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections:

use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current (see Understanding Anti-Virus Software for more information).
change your passwords - Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess (see Choosing and Protecting Passwords for more information).
keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
use anti-spyware tools - Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware (see Recognizing and Avoiding Spyware for more information).
follow good security practices - Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).

As a precaution, maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected again.

Spy Sweeper New version 5.2

2006-11-18T01:53:00.000-08:00

What ' s new in 5.2

Spy Sweeper 5.2 stops spyware in its tracks while offering home computer users the ability to configure the program to suit their specific needs, such as:

Choose a Quick, Full or Custom Sweep:
With Spy Sweeper 5.2, you can easily choose to perform a quick, full or customized sweep. If you're looking for an immediate diagnosis, choose a quick sweep. For a pinpointed search, customize your sweep to have Spy Sweeper skip files by folder or file extension. For a deep cleaning, opt for a full sweep.

Exclude Files from a Sweep:
Spy Sweeper allows you to save time during a sweep by skipping specific files or different sections of your PC. You can select specific file extension, such as .xls or .mpg to exclude.

Additional Highlights

As soon as it's installed, Spy Sweeper gives 360 degrees of protection against spyware, including:

Simple Sweeps:
Detecting spyware and removing unwanted programs found on your computer in three effortless steps

Easy Management:
Quickly and simply configure program, sweep and upgrade options

Fast Home:
Use the home screen to access the most commonly used functions of Spy Sweeper

Shields Summary:
A redesigned shields summary page makes it simple to see at a glance which shields are on or off

Action Alerts:
Receive clear, easy-to-understand notifications when new spyware threats are detected

Even Easier to Use

We performed extensive user interaction testing and refined the Spy Sweeper interface to make it even easier for users of all technical abilities to stay protected. Advanced users continue to have the power to configure the program to suit their unique needs, while new users can breeze through the straightforward setup and menus. The new interface sets the standard in ease-of-use and efficiency for spyware removal programs.

Commanding Spyware Detection and Removal

Spyware programs are known to mutate quickly. Spy Sweeper uses adaptive definition technology for detecting spyware mutations that haven't yet received a defense definition. This is yet another benefit of having the world's best spyware research team on your side.

More Powerful Blocking Defenses

Enhanced Smart Shields prevent highly developed spyware programs from ever installing on your PC. You'll receive valuable action alerts to any changes in your computer's core functions, including startup, memory and Internet security settings.

Enhanced Rootkit Discovery Methods

Malicious spyware uses rootkit technology to bury its files deep within your PC. Spy Sweeper finds and destroys these programs with robust rootkit discovery methods, a feature many other anti-spyware programs lack.

Using Instant Messaging and Chat Rooms Safely.

2006-11-15T01:12:00.000-08:00

"Although they offer a convenient way to communicate with other people, there are dangers associated with tools that allow real-time communication."

What are the differences between some of the tools used for real-time communication?

Instant messaging (IM) - Commonly used for recreation, instant messaging is also becoming more widely used within corporations for communication between employees. IM, regardless of the specific software you choose, provides an interface for individuals to communicate one-on-one.
Chat rooms - Whether public or private, chat rooms are forums for particular groups of people to interact. Many chat rooms are based upon a shared characteristic; for example, there are chat rooms for people of particular age groups or interests. Although most IM clients support "chats" among multiple users, IM is traditionally one-to-one while chats are traditionally many-to-many.
Bots - A "chat robot," or "bot," is software that can interact with users through chat mechanisms, whether in IM or chat rooms. In some cases, users may be able to obtain current weather reports, stock status, or movie listings. In these instances, users are often aware that they are not interacting with an actual human. However, some users may be fooled by more sophisticated bots into thinking the responses they are receiving are from another person.

There are many software packages that incorporate one or more of these capabilities. A number of different technologies might be supported, including IM, Internet Relay Chat (IRC), or Jabber.

What are the dangers?

Identities can be elusive or ambiguous - Not only is it sometimes difficult to identify whether the "person" you are talking to is human, but human nature and behavior isn't predictable. People may lie about their identity, accounts may be compromised, users may forget to log out, or an account may be shared by multiple people. All of these things make it difficult to know who you're really talking to during a conversation.
Users are especially susceptible to certain types of attack - Trying to convince someone to run a program or click on a link is a common attack method, but it can be especially effective through IM and chat rooms. In a setting where a user feels comfortable with the "person" he or she is talking to, a malicious piece of software or an attacker has a better chance of convincing someone to fall into the trap.
You don't know who else might be seeing the conversation - Online interactions are easily saved, and if you're using a free commercial service the exchanges may be archived on a server. You have no control over what happens to those logs. You also don't know if there's someone looking over the shoulder of the person you're talking to, or if an attacker might be "sniffing" your conversation.
The software you're using may contain vulnerabilities - Like any other software, chat software may have vulnerabilities that attackers can exploit.
Default security settings may be inappropriate - The default security settings in chat software tend to be relatively permissive to make it more open and "usable," and this can make you more susceptible to attacks.

How can you use these tools safely?

Evaluate your security settings - Check the default settings in your software and adjust them if they are too permissive. Make sure to disable automatic downloads. Some chat software offers the ability to limit interactions to only certain users, and you may want to take advantage of these restrictions.
Be conscious of what information you reveal - Be wary of revealing personal information unless you know who you are really talking to. You should also be careful about discussing anything you or your employer might consider sensitive business information over public IM or chat services (even if you are talking to someone you know in a one-to-one conversation).
Try to verify the identity of the person you are talking to, if it matters - In some forums and situations, the identity of the "person" you are talking to may not matter. However, if you need to have a degree of trust in that person, either because you are sharing certain types of information or being asked to take some action like following a link or running a program, make sure the "person" you are talking to is actually that person.
Don't believe everything you read - The information or advice you receive in a chat room or by IM may be false or, worse, malicious. Try to verify the information or instructions from outside sources before taking any action.
Keep software up to date - This includes the chat software, your browser, your operating system, your mail client, and, especially, your anti-virus software.

Authors: Mindi McDowell, Allen Householder :US-CERT

New OpenSSH 4.5/4.5p1 released Nov 7, 2006

2006-11-07T18:19:00.000-08:00

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
Changes since OpenSSH 4.4:
This is a bugfix only release. No new features have been added.
Security bugs resolved in this release:

Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities. This release includes the following non-security fixes.
Several compilation fixes for portable OpenSSH.
Fixes to Solaris SMF/process contract support (bugzilla #1255)Thanks to everyone who has contributed patches, reported bugs andtested releases.

Source : http://www.openssh.com/

"W32/Mandei.worm" MSN Messenger Virus

2006-11-07T18:02:00.000-08:00

Worm : W32/Mandei.worm
Risk Assessment :Low
Date Discovered: 7/10/2006

W32/Mandei.worm is an instant messenging worm that propagates over the MSN Messenger targeting the Win32 platform.

When run , the worm may send a message containing a website link to the user's MSN contact list, that could look like the following:

"Voce je viu a montagem q fizero com suasfotos e Eu Particularmente achei uma brincadeira de muitomau gosto... Veja as fotos voce mesmo -->>http://mywebpage.netscape.com/net(hidden)/Fotos.scr"

This link typically contains a PWS-Banker variant that could monitor/steal Internet banking passwords.
After execution, W32/Mandei.worm modifies sets the hidden file attribute on itself, and remain resident in the memory.

Indications of Infection
The following registry key may be added to execute the trojan on Windows startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run\msnmsgr = "%Windir%\System32\msnmsgr.exe"
(Where %Windir% is the Windows folder, e.g. C:\Windows)
Presence of one or more of the following file(s):
%Windir%\System32\msnmsgr.exe

Method of Infection
This worm propagates over the MSN Messenger network by sending messages to the contact list containing a malicious web link.

Source : Mcafee

Web and Computer Security.

2006-11-05T22:50:00.000-08:00

Well, if that would have been said to me by my father when I was 2 years of age, I would have understood. But when today, my own computer tells me that when I am 34, I wonder why I spent $1500 on my computer hardware and software just to enjoy the (un-realized) benefits of this great and revolutionary information technology?

Today’s cyberspace is hazardous. None of today’s PC users can claim that they never had a computer virus issue or a PC security breach. Now, if you count today’s number of PC users worldwide, they will soon be 1 billion by 2010 according to analysts. When I see all the computer viruses, infections, trojans, and what not around me, and compare it with the 1 billion innocent computer users around the world, I simply feel sorry not only for those billion users but for myself too. But again, as a common user myself, I must admit it was not all doomsday for the whole industry since 1987 when I started to use computers. So, as a responsible member of this great IT revolution, I must share some of the best tips and tricks that I learned to use to make the minimum room for productivity on my computer.

Please note this is a tutorial for someone who has basic know-how of computer usage. For those who are newbies, I would recommend asking a local expert’s help before trying anything out mentioned in this tutorial. In that case, make room for payment from deep pocket. For your own convenience, print this tutorial for step-by-step instructions.

Whenever my computer is infected, I act on any of the following options;

1. FORMAT HARD DISK: I back up all of my data on a CD-Writer if it is still accessible. And then format the whole hard disk drive and re-install each and every application.

2. USE SOFTWARE: I exhaust all anti-virus and other software options. This is usually my first priority as compared to formatting the whole computer hard disk drives.

Now, let me explain both options in detail;

PRE-REQUISITES: Make sure you have a CD-Drive (Writer), empty writable CDs, Windows OS CD (bootable) that contains files such as Format.exe, Scandisk.exe, FDisk.exe, and Attrib.exe files. Microsoft Office CD, Anti-Virus CD, GoldenHawk CD Writing Software in DOS (copy2cd.exe and cdtools.exe), Serial Numbers of your License, Driver CDs of Motherboard, VGA, Network, Sound and Modem devices. Optionally, download (using www.download.com or www.tucows.com) these software from any Internet Caf้ when your own computer is inaccessible and save it on a CD so that you can use it anytime for security purposes;

Golden Hawk DOS based CD Writing Software

HTech Fireman Windows based CD Writing Software

Driver Genius Pro

Partition Magic

AVG AntiVirus

SpywareBlaster & SpywareGuard

Spybot Search & Destroy

Ad-Aware

IE-SpyAd

ZoneAlarm

HiJackThis & CWShredder

I have intentionally avoided mention of many commercially good and more friendly software’s mention here as I wanted everything to do FREE without any additional costs apart from the usual OS licenses. For your own convenience, you can research Google or Yahoo search engines find further information about such commercial software and their availability / pricing.

1. FORMAT HARD DISK

I know it is painful and surgical type of solution, but sometimes, it is the ONLY solution left after exhausting all of our efforts to revive our computer machine after a virus attack. Follow this procedure;

Booting Up: Try booting your computer normally first and see if you can login easily. If you can’t or your computer hangs up, try holding F8 key when starting Windows and you will get the Safe Mode. Even if you don’t get the Safe Mode, don’t worry.

Power up your computer and press DEL key or F2 key to login your CMOS. In CMOS, go to Boot Preferences and make CD Drive as boot drive as your first boot drive and change the hard disk drive as the second boot drive. If you don’t see your CD Drive in the boot-up options, your CD Drive is not properly installed. Check the connectors or ask your CD Drive provider for instructions to install the CD Drive. Now, when your CD Drive is ready, insert your Windows OS CD in the CD Drive and restart your computer machine. When prompted, select the option “Boot from CD with CD Option”. When you get the prompt, Notice the CD Drive letter that was allocated to your CD Drive when it installed the CD Driver. It is usually D: drive or the last drive letter depending on the number of your partitions. Note it down as it is the actual drive letter where you will have to type a DOS command like d:

You should now be able to run all software utilities such as Format, Scandisk, FDisk or Windows Installation Setup.exe files. Right now, simply make sure they exist by typing a DOS command dir at the CD drive letter. If you don’t find it with this simple directory command, use dir/s filename to search the file. For example, to search fdisk.exe file, type dir/s fdisk.exe.

BACKING UP YOUR DATA: Before formatting your hard disk drive, please make sure you have proper back up of your critical data files such as Microsoft Word, Excel, Powerpoint, etc files on a CD or any other media for backup that you have access to. In this tutorial, we assume you have a CD-Writer installed for taking backups on Writeable CDs. Their capacity is usually 700MB or less. Here, you should seriously consider using Zipping software like WinZip or WinRAR.

VIA WINDOWS: If you can luckily login to your Windows OS, you should run the CD-Writer software such as HTech Fireman to back up all of your data on an empty CD. If you don’t know how to do it, read their user manual for detailed instruction set. If you can’t access your Windows OS, read on.

VIA DOS: Some of the files that you wish to make back-up, may be hidden. To un-hide them, use attrib *.* +r +s +h.

Now, use the software from Golden Hawk file named as copy2cd.exe to backup your data files or directories on a writeable CD. Before using this command, make sure you are in an appropriate path on the computer such as E:/ where the actual file copy2cd.exe file resides;

Copy2cd c:data*.* f:

Here we assumed that f: is a CD Writer drive. Now, repeat the same for all of your files to back up. When finished, run cdtools.exe command i.e. cdtools f: to finish by selecting option “Disc Finalization”.

If you can’t back up your data using the above-mentioned procedure, either ask an outside expert’s help personally or via internet. If all fails, forget your data forever and carry on installing a new OS as mentioned in this tutorial.

Backing up Your Drivers: An interesting tool to mentioned here is a software that automatically backs up all of your drivers of CD, modem, sound card, vga, usb, printer or just about anything that is currently installed on your system. But this software works only in an operational windows OS, and not in DOS. It is a good and time-saving practice to keep a backup of all of your drivers on a CD by using such a software. Its name is Driver Genius Pro and it is commercial software, not a freeware.

USING FDISK: You may skip this option and go straight to Formatting Hard Disk option, if you wish to use other useful partitions that may contain your data. Before going ahead with this option, Make sure there is no useful data left on your computer to be backed up. This option will delete all of the computer partitions and create new ones.

i) Boot up your computer using Windows OS CD.

ii) Run this command
fdisk

iii) Press option 3 to delete all current partitions.

iv) To create a new partition, select option 1 and select Y to answer the maximum size question by the program.

v) Next, select option 2

vi) Press Esc key to quit and restart your computer to

See the URL http://www.compguystechweb.com/troubleshooting/fdisk/fdisk_scr.html for detailed instructions alongwith screenshots. Now, that you have created the primary partition, you can continue to format the newly created partition. There is a very user-friendly but commercial software called Partition Magic by PowerQuest to manage your partitions easily after installation of Windows.

FORMATTING HARD DISK: Now that you have created new partitions, It is time to format them so that you can start installing Windows. This is how you make your C: drive usable by your Windows OS for installation. Boot up your computer with Windows CD and type format c: command at the prompt. When prompted for maximum size, press, YES. After complete processing you will be presented with the successful report about the formatting of the C: drive. Select your new drive name and press ENTER to finish.

INSTALLING WINDOWS: Microsoft has made it very easy for a newbie to install a completely new OS on a newly formatted partition. It is all wizard based and you simply have to click NEXT each time whenever asked a question. Boot up your computer from the Windows CD and select Start with CD Option. When on DOS prompt, change to the CD Drive that it just created which is usually d: if you have only one partition C. Now type command setup.exe to start the windows installation process.

During installation, make sure you properly name your PC as per your preferences and select your regions and Time zone. When finished, the computer will re-boot and during next re-boot it may ask some drivers of your Sound Card, VGA, Network, or other devices attached. Provide the requisite driver CDs and locate the paths of the appropriate drivers. If you are not sure, leave it like that and press NEXT to ignore. When your windows installation is complete, you can install Microsoft Office, setup internet connection and start using it as normally as you would. Please make sure you install all the security software such as anti-virus, anti-spyware, adware, and other software as mentioned in the next section.

2. USE SOFTWARE

Installing Anti-Virus: Download free AVG Antivirus software and install it. Make sure you get its free key from their website by registering. This software is not auto-updated for critical viruses and for an auto-update version, you will have to pay. If you wish to pay, we would recommend world’s most popular brands Symantec, McAfee and Trend Micros instead. No matter what Anti-Virus software you install, make sure you enable its Auto-Protect feature for automatic protection of your computer’s resources and in-coming or out-going emails from any virus attack. Some software even allow you to setup silent detection and destruction without any disturbance to your work. Further, they are auto-updated via internet at the regular interval that you setup. Hence, you can rest assured that whenever a security threat is spread all over the world, your software will automatically download the requisite updated version and install its defense on your computer.

BROWSER SECURITY: To setup your browser (Internet Explorer on Windows) for maximum security against the usual threats, follow this procedure;

i) Start up your browser

ii) Go to IE > Tools > Windows Update > Product Updates, and selected Security Updates to be automatically updated. Microsoft releases patches and security patches from time to time to make sure your system's security is up-to-date.

iii) Now, go to Internet Options/Security/Internet, press 'default level', then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'. Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

If you use another browser such as Firefox or Netscape, see their documentation on how to securely set it up against any such internet threats.

Installing Anti-Spyware: Spyware, adware, browser hijackers, and dialers are some of the fastest-growing threats on the Internet today. By simply browsing to a web page, your computer may become a victim. You can install SpywareBlaster and SpywareGuard to effectively guard your computer from such internet threats.

It includes Fast Real-Time Scanning engine for known spyware and heuristic/generic detection capabilities to catch new / mutated spyware and Download Protection along with Browser Hijacking Protection in real-time.

Simply download the software (free) from their website and install it on your system. Make sure you download its latest update too or enable its Auto-Update feature to be updated automatically in the background. Now, when you are ready, run the software to check the spyware on your computer. When spyware are found, it reports accordingly. Press "select all", then press option "kill all checked". Although it won't protect you from 100% spyware, But it is a very important extra layer of protection.

Next, install another software that is called Spybot Search & Destroy. It works exactly like SpywareBlaster, but it never hurts to have a double layer of spyware detection alongwith Spybot R&D.

Installing Anti-Adware: Adware is a common term used to describe potentially dangerous websites and scripts that do data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components. There is a very good software called Ad-Aware available to scan and remove such nuisances from your system.

To start using it, simply visit Lavasoft USA website and download its free non-commercial version of Ad-Aware Personal Edition. Run its setup program and install it. When prompted, ask it to scan your computer. If there are any adware found, it is detected and removed automatically by Ad-Aware. Run this software on a weekly or daily basis, if possible to keep your system clean.

In addition to the Ad-Aware, Internet Explorer comes with a very handy tool that allows you to block specific sites that may carry well-known advertisers, marketers, crapware pushers to the Restricted sites Zone. If you had to input 50000+ of such sites manually yourself, it would takes years. Luckily, there is a software that does it all automatically and it is called IE-SPYAD. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC. It is not an ad blocker. It will stop top unwanted crapware from being installed behind your back via "drive-by-downloads"; prevent the hijacking of your home page.

This Restricted sites list is based in part on info from: discussions in the SpywareInfo Forums and other forums that specialize in crapware removal major crapware reference sites: doxdesk, cexx.org, Kephyr.com, PestPatrol and SpywareGuide.

To start using it, simply download it from their website and run its install.bat file. Make sure you run its update as well soon after its installation.

INSTALLING FIREWALL: A firewall software acts as a defense shield against hackers, intruders, and blocks access attempts to your computer. ZoneAlarm is a professional firewall software that works in a stealth mode automatically and makes your computer invisible to anyone on the Internet.

Download it from ZoneLabs website and run its setup for installation. I recommend you use its Express Settings which automatically configures your most commonly used software like browser, chat messengers, ftp software to access internet, while blocks every other internet traffic in real-time. If any software or service tries to upload or download any data, it pops up an alert whereby you can allow or disallow such internet traffic.

Computer Slow Down: It is very common to see many complaining about their computer slow-down. The fastest and easiest cure is using Windows’ built-in Defragmenter utitlity that you can find in Startเ Programs เ Accessories เ System Utitlities เ Disk Defragmantor and run thorough defragmantation. It will take a while before it ends.

If your system’s performance does not improve after running defragmantation utility, consider scanning your computer via a software utility called HiJackThis which you can download and install on your system. Use this tool carefully as it is intended for advanced users only. HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, online updates and more.

CWShredder is a utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). This tool will find and destroy all traces of the CoolWebSearch (CWS) hijacker on your system including redirections, IE slowdowns, start page changes, un-authorized addition of sites in IE Trusted Zone, and blocking access to IE options or setup.

Download CWShredder from their official website only as there is a similar named virus/trojan on the loose at various websites which you may accidently download and install, hence become more infected than being cured instead. When it is installed successfully, run the software to scan your local machine. Select the fix button & it will get rid of everything related to CoolWebSearch. Close ALL other programs & windows, including IE, before running CWShredder. Reboot after doing this.

I know there is still a lot left, but as I wanted to keep this tutorial as brief as possible, hence I covered only the critical elements here. I am sure you will have fewer breakdowns (if not ZERO0 and more productive hours on your computer. I would recommend you to setup all the software’s auto update and auto-check options to free your time for more productive things than just playing hide and seek with spywares, adwares or viruses. Happy and safe computing!

This article is submitted by Kashif Raza http://www.networkingtutorials.net

Delete Cookies: New-Age Diet or Common Sense Internet Security?

2006-11-03T20:20:00.000-08:00

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet. It's about cookies on your computer - what they are, why they are there, and what to do about them. Computer cookies actually have quite a bit in common with their baked counterparts - some are good, some are bad, and they have expiration dates.

Cookies are small text files that a server places onto your hard drive whenever you access a given domain. Cookies typically contain information that the website uses to either customize the page you are viewing or otherwise make your web browsing experience more convenient and enjoyable. The information is stored on your hard drive and accessed whenever you go back to the website that originally gave you the cookie. They usually include an expiration date at which point they will be erased from your computer - it could be when you close your browser; or hours, days, months, or years after it is placed. Some don't expire at all. At the time of this writing I had a cookie stored on my computer that wasn't set to expire until Wednesday, February 25th, 2195 at 3:45:13 am - I deleted it.

Before you run out to your browser's options and delete and block all cookies, let me mention a few common uses of cookies:

* Cookies store information for 'shopping carts' at online stores. When you select an item and place it in the shopping cart, a cookie is created to remember the item and the price so that you can keep shopping. When you are done shopping you simply click the button to check out and the site accesses the information stored in the cookies to complete your order.

* Cookies can be used to remember logins and passwords. While this initially sounds a little disheartening, the purpose is really to save you time. Sites will remember the information for you so you don't have to type it in each time you want to access information.

* Cookies help websites customize their content and layout for you. If you are a diehard fan of the local college's basketball team, and you always access the stats and score from the game at a website, that site might use a cookie to send you straight to your team's page.

* Cookies help identify whether you have already visited a site. They can also count how many times you have visited the site in a given period of time.

* Cookies remember the last page or position you were on at the site. Like a virtual bookmark, this is especially helpful if you are reading online or accessing several pages of information.

There are many other ways cookies can be used, and there is obvious potential for abuse. You probably wouldn't eat a cookie given to you by a complete stranger, especially if you didn't know what was in it. The same common-sense principle holds true while you're online, and exercising a little caution can save you from a lot of heartache later on. Blocking any and all cookies will guarantee no personal information is leaked through the cookies, but many sites will either not be able to or will choose not to interact with you.

The trick, then, is to let the good cookies through while screening out the bad ones, not at all dissimilar to what you do when you hover over the cookie tray at a party - you take the ones you want and leave the rest behind. This can be accomplished in a few different ways.

First, you can periodically delete all the cookies on your hard drive. This will systematically wipe out all unwanted cookies that have made their way to your computer. Unfortunately, it will also take care of all the good cookies too. If you only use the internet occasionally (i.e. a few minutes a week), this option might work for you.

Second, you can try to go about it manually. Many browsers that allow you to block cookies also include a feature that allows you to include a list of sites from which you will allow cookies. The advantage of this method is it places virtually complete control over cookies into your hands, allowing only those that you want to be placed on your hard drive. The disadvantage is that it can become very burdensome (at times downright annoying) having to constantly update the list of allowed sites.

Third, you can call in some third-party software to help out. The best programs will scan your computer to find all the cookies and put them into a table or list. This saves you the trouble of having to dig around your hard drive to find the files yourself (try looking for a folder named "Cookies"). Many programs will also indicate with some degree of confidence whether a given cookie is wanted or unwanted, and provide a convenient way to delete the ones that you decide you don't want.

Nick Smith is a client account specialist with 10x Marketing - More Visitors. More Buyers. More Revenue. For great software to help delete cookies, check out ContentWatch, Inc.

Can I Guess Your Password?

2006-11-03T20:18:00.000-08:00

We all know that it's dangerous to use the same password for more than one program. If you sign up for a program run by someone of low moral fibre, what is to stop them running through various programs with your username and password to see what they can access?

But of course remembering all the different passwords can be a headache. And writing them down somewhere isn't a great deal safer than using the same password again and again.
You can buy software that stores the passwords for you, but do you really want to pay money for another piece of software that performs a solitary function?

Try this simple, two-step, technique that lets you generate an infinite number of passwords, without having to remember any of them.

Step One: Choose a 4-6 letter word or number sequence that you can remember easily. Needless to say, don't reveal this to anyone. For the purpose of this demonstration, I'll choose the word "cash"

Step Two: Apply this secret word or number sequence to the name of the program you are setting up the password for.

To accomplish this, invent a couple of easy to remember rules.

Rule 1: Decide which part of the program name you are going to use. It could be the whole name, the first 6 letters of the name, the last 8 letters of the name. It's totally up to you, be as creative as you like.

eg - For the program TrafficSwarm, I might choose the first 8 letters of the name. This give me: "traffics"

Rule 2: Take the portion of the program name you have selected and merge it with your secret word or number sequence to create a unique password. Again, be as creative as you can with this rule. You could replace every second letter, every third letter, every vowel or every consonant.

eg - If I replace every second letter of "traffics" with my secret word "cash", I get " t c a a f s c h "

- If I replace every vowel of "traffics" with my secret word "cash", I get " t r c f f a c s ". The "s" and the "h" are not used as "traffics" has only two vowels, but some words will use all four letters of "cash". Some words might have more than four vowels, in which case just start back at the beginning with "c" and "a" and so on?

You don't have to worry about making your rules overly complex. Even the best code-breakers would need to see several of your passwords before they could start to guess what you rules are.

As long as you keep your rules safe and sound, your password is secure. But the real beauty of this system, is that you don't have to remember the passwords you create. You ONLY have to remember the rules.

When you log into the program the next time, just apply your rules to the program name, and you can work out what password you generated. Once you have been using the rules for a while, you'll generate the password in your head, without even having to pause.

Don't worry if it seems a little complicated at first. Read this article through a couple more times and then try this technique with just a couple of programs. Once you are happy with it, all that's left to do is to start working your way through existing programs and update your passwords. It's time consuming, but for peace of mind you'll be glad you did.

David Congreave is owner of The Nettle Ezine, the newsletter for the home business -- online. David lives in Leeds, in the United Kingdom, with his wife Leanne.

Reducing Spam

2006-11-01T02:32:00.000-08:00

"Spam is a common, and often frustrating, side effect to having an email account. Although you will probably not be able to eliminate it, there are ways to reduce it. "

What is spam?

How can you reduce the amount of spam?

There are some steps you can take to significantly reduce the amount of spam you receive:

Don't give your email address out arbitrarily - Email addresses have become so common that a space for them is often included on any form that asks for your address—even comment cards at restaurants. It seems harmless, so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request.
Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.
Be aware of options selected by default - When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well.
Use filters - Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs.
Don't follow links in spam messages - Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam.
Disable the automatic downloading of graphics in HTML mail - Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message—when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
Consider opening an additional email account - Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You should also use a secondary account when posting to online bulletin boards, chat rooms, public mailing lists, or USENET so that you can get rid of when it starts filling up with spam.
Don't spam other people - Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request.

Authors: Mindi McDowell, Allen Householder

Update F-Secure Virus Definitions November 01, 2006

2006-11-01T02:25:00.000-08:00

Latest virus definitions for F-Secure Anti-Virus 5 and F-Secure Anti-Virus 4.

Whenever a new virus is found, the databases need to be updated for F-Secure Anti-Virus to be able to detect it.

F-Secure Anti-Virus offers an easy to use protection against viruses for your PC.

With F-Secure Anti-Virus you can open e-mail attachments and use your computer without fear of virus infections. You can also be sure that you are not sending viruses to others.

Just install and forget, F-Secure Anti-Virus will automatically keep viruses away from your computer.

Download and execute the FSUpdate utility. Note, that to update the databases again, you need to download the utility again.

ClamWin Free Antivirus 0.88.5 Released

2006-10-29T20:39:00.000-08:00

ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP and 2003.
ClamWin Free Antivirus 0.88.5 updates ClamAV scanning engine in order to address potential security vulnerabilities and adds some new exciting features:

New "Memory Scanning" functionality available as a standalone option or during a scheduled scan
ClamWin now supports additional archive formats: RAR v3 and 7-Zip LZMA method
Several improvements in scanning of Microsoft Office Attachments, MSI and CAB files

An Open Door To Your Home Wireless Internet Network Security?

2006-10-28T00:18:00.000-07:00

This is not some new fangled techno-speak, it is a real tool to be used for the protection of your wireless internet network and LAN. African American SMBs have to realize that if your Internet connection is on 24/7 then your network, and it is a network that your computer is connected to, is at risk. Any business that uses the Internet to share or exchange information, news, or ideas with clients, vendors, partners, or other locations look in the reflection of your monitor and realize that your business is an unintentional (or intentional) target.

You should already be aware of all the thousands of bugs, viruses, denial of service attacks and other unfriendly items that lurk on the internet and virtually try attacking every second. It's like having a screen door on your most valuable assets. Let's not repeat what you know about, let's look at a larger picture that should concern everyone - the unknown. There are attacks that go unreported for various reasons, these are the ones that the major software and hardware vendors have no clue about and can only warn you after an attack is reported.

If your files, email, identity, client or product information are important to your african american business and you cannot afford a network being down for 24 hours. Then a firewall is what should be between the internet and everything else. You need to expect an intrusion if you have a small amount or no network protection. Hackers have tools that search the Internet 24/7 looking for a vunerable point to destroy. Overzealous marketers use similar tools to harvest information to use for spamming and unfortunately no one currently calls that a crime that we know as identity theft.

You have a deadbolt and a door lock on your front door and some even have a home security system in place. Why have a screen door latch on your home computer network, when you know there are people trying that door 24/7?

If you want to put a digital rottweiler between your home wireless network and hackers, marketers and other cyber-vandals then evaluate a strong firewall for your african american business.

Don't have the time or resources to get your home wireless network protected and need a african american Wireless Solution Provider partner to be there for you? We can help give you your freedom back...and a whole lot more. M.D.T.G.

Anti-Spyware Protection: Behind How-To Tips.

2006-10-28T00:17:00.000-07:00

There is no doubt that "how-to articles" have become a separate genre. One can find such an article about almost anything; there are even some entitled "How to Write a How-To Article". And, of course, the Web is swarming with the ones like "10 Steps to Protect Your PC from Spyware"(if not 10, any number will do; odd ones like 5,7,9 are most popular) or "How to Forget About Spyware For Good". Please don't accuse me of being sarcastic -- I am not; all these articles by all means are informative and so very useful. They all include really handy tips to protect you from this recently emerged plague called spyware. But?

A typical how-to article is short and snappy, with all unnecessary particulars carefully avoided. An ideal one is a clear scheme of what to do and how (because it is a how-to article). Some essential facts will surely be omitted just for the sake of brevity. Let's look into the author's "trash bin" for info ruthlessly (and maybe baselessly) thrown away.

Hint one: What on earth is spyware?

When you decide to apply "anti-spyware protection", you'd better realize what you want to be protected against. Unfortunately, there is not such thing as complete security. And?

"There is no such thing as spyware in itself"-- you are perplexed, aren't you? I bet you are; what's more, it was Kaspersky who recently expressed this opinion. "The term spyware is basically a marketing gimmick," wrote Kaspersky in the company weblog on March 03, 2005. "Just to separate new ersatz-security products from traditional ones, just to push almost zero-value products to the security market."

This quote (extremely curtailed and out of the context) have already spread all over the Internet, but it is very useful to read the whole posting to see the whole picture, so visit http://www.viruslist.com/en/Weblog?Weblogid=156679222

Few definitions caused so much controversy and confusion as did "spyware". Eugeny Kaspersky blames marketers for having coined this term--and partially he is right. But only partially.

As a professional, he classified various malicious programs according to their structure and characteristics; in this classification there is indeed no place for "spyware", which is too vague term to exactly denote anything with a particular structure.

On the other hand, marketers and journalists needed an expressive, easy-to-remember word to name existing (!) information-stealing programs to tell users (who may be not so versed in software as its developers) how to protect their computers.

What is "spyware" then? Spyware is a commonly used general term for any type of software that gathers personal information about the user without his or her knowledge and transmits it to a destination specified by the author of the program. Spyware applications are frequently bundled in other programs--often freeware or shareware--that can be downloaded from the Internet.

So, the term is very general and doesn't reflect either structure or characteristics of such software. After all, it is only a conventional word for programs that steal information.

According to Kaspersky, programs which are now called spyware, have existed for years. It's true. Who disagrees? Password-stealing Trojans were actually known as far back as in 1996. But it's also true that most dangerous information-stealing programs are on the rise. Spy Audit survey made by ISP Earthlink and Webroot Software (the survey lasted for a whole year 2004) showed--16.48% of all scanned consumer PCs in 2004 had a system-monitor, 16.69% had a Trojan.

Another bitter truth is that some unscrupulous producers now are jumping at the chance of making quick money. There are lots of suspicious, low-performing, or adware-installing products. See, for example, the list at http://www.spywarewarrior.com/rogue_anti-spyware.htm But saying that all the dedicated anti-spyware solutions are like that?To put it mildly, it's a bit too much.

Hint Two: Too Many Promises Made -- Is it Possible to Keep them?

There are loads of software programs nowadays created for fighting spyware. An ordinary consumer tends to get lost in plenty of information and lots of products, which are supposed to help him get rid of spyware. If all the advertising claims were true, it would have been easy. In reality it isn't.

Anti- spyware and anti-viruses work almost the same way. The efficiency of most anti-spyware programs is determined (and restricted, too) by signature bases. The more code clips (i.e. signatures) there are in the base, the more effectively the program works - it means the more spyware programs it can identify. Only programs from the signature base are recognized as spyware; all other spy programs will be running unnoticed and unstopped.

So, absolutely all the signature- basis- containing programs are pretty much the same, whatever their ads say. They all rely on the same "match pattern"; the difference is only how many signatures each of them contains.

What conclusion we can make here? The bigger the signature base, the more reliable the product is, no matter whether it is anti-spyware or an anti-virus. If the software applies signature base, it's better to choose a product from a big company, which can afford spending plenty of money on research and updates.

Another conclusion we can make is that all such software without constant updating pretty quickly becomes useless and even dangerous, because users still expect it to protect their PCs. New spyware is constantly being developed, and anti-spyware developers have to catch up with it all the time. This race started when very first malicious programs appeared, and it is impossible to say whether it will ever end.

Alexandra Gamanenko currently works at Raytown Corporation, LLC--an independent software developing company. Software, developed by this company, does not rely on signature bases. Its innovative technology is capable of disabling the very processes of stealing information,such as keylogging, screenshoting, etc.
Learn more -- visit the company's website: http://www.anti-keyloggers.com

AOL Nullsoft Winamp Lyrics3 heap buffer overflow.

2006-10-27T20:32:00.000-07:00

AOL Nullsoft Winamp contains a heap based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.
Lyrics3 is a system for embedding the lyrics inside an MP3 song file. AOL Nullsoft Winamp fails to properly handle malformed Lyrics3 tags allowing a heap based buffer overflow to occur.
This vulnerability may be triggered by persuading a user to access a specially crafted playlist file or connect to a malicious server with Winamp

Impact

A remote, unauthenticated attacker execute arbitrary code on a vulnerable system.

Fix IT

Upgrade

This vulnerability is addressed in AOL Nullsoft Winamp version 3.51.

Until it is possible to upgrade to AOL Nullsoft Winamp version 3.51, the following workarounds will help reduce the chances of exploitation:

Disable Winamp playlist file association

Disable the file association for Winamp playlist files to help prevent Windows applications from using Winamp to open playlists. This can be accomplished by deleting the following registry key:

HKEY_CLASSES_ROOT\Winamp.Playlist

Disable Shoutcast and Ultravox protocols

Links to malicious playlist files may be accessed using the Shoutcast (shout:) or Ultravox (uvox:) protocols. Disabling these protocols will reduce the chances of exploitation. This can be accomplished by deleting the following registry keys:

HKEY_CLASSES_ROOT\ICY HKEY_CLASSES_ROOT\SC HKEY_CLASSES_ROOT\SHOUT HKEY_CLASSES_ROOT\UVOX

Do not open Winamp playlist files

Do not open Winamp playlist files (.PLS or .M3U) from untrusted sources.

Credit
This vulnerability was reported by iDEFENSE.

This document was written by Jeff Gennari.

Is Your music player Spy on You?

2006-10-27T10:31:00.000-07:00

In today's times spyware is a very serious issue and all computer users should be aware of the possible damage it can cause. It is estimated by well known industry insiders that nearly 90% of all computers are infected with some kind of spyware. This no
surprise as spyware programs can be highly contagious and spread from computer to computer via emails and network exchanges rapidly.

Spyware's main intent is usually to track where you go on the internet. This includes websites you visit, what you buy from the internet, and generally what you use the internet for, all the while the spyware program will report this information back to the publisher. The publishers of spyware are rich with all the information of thousands of computer users surfing habits and they make a huge profit by selling this information to third parties who may not take your privacy concerns in to account.

You may think that running anti-virus programs and firewalls on your computer will be enough to protect you from this threat but think again. Spyware can easily slip past these programs as spyware disguises itself as a part of a program that you actually want to install on your computer. Programs that you use daily may be harvesting spyware.

One of the most popular music players on the internet that millions of people use to play, download and organise their favourite music with is actually spyware. Can you guess what it is? RealPlayer is not just a feature rich jukebox anymore, it's spyware. If you read the agreement before you install the player for the first time, RealPlayer actually tells the unsuspecting user that it will record all the information about what music you listen to, what videos you view and how often. It then transmits this private information back to it's corporate office using your resources while doing so. This information is kept on file and used to profile you. Unfortunately you have no say in what information they have access to.

Spyware detection and removal software is imperative to keeping your private information private and keeping your computer healthy. It's a scary thought that companies are armed with the technology to snoop on you when you are simply enjoying music and watching videos you enjoy in you own home.

Arm yourself with the knowledge you need to stay as protected as you can by visiting Spyware Advice where we provide free unbiased information on the latest spyware threats, how to remove them and how to stay protected.

Malware: Computing's Dirty Dozen

2006-10-26T02:50:00.001-07:00

It seems that no sooner do you feel safe turning on your computer than you hear on the news about a new kind of internet security threat. Usually, the security threat is some kind of malware (though the term "security threat" no doubt sells more newspapers).

What is malware? Malware is exactly what its name implies: mal (meaning bad, in the sense of malignant or malicious rather than just poorly done) + ware (short for software). More specifically, malware is software that does not benefit the computer's owner, and may even harm it, and so is purely parasitic.

The Many Faces of Malware
According to Wikipedia, there are in fact eleven distinct types of malware, and even more sub-types of each.

Viruses. The malware that's on the news so much, even your grandmother knows what it is. You probably already have heard plenty about why this kind of software is bad for you, so there's no need to belabor the point.

Worms. Slight variation on viruses. The difference between viruses and worms is that viruses hide inside the files of real computer programs (for instance, the macros in Word or the VBScript in many other Microsoft applications), while worms do not infect a file or program, but rather stand on their own.

Wabbits. Be honest: had you ever even heard of wabbits before (outside of Warner Bros. cartoons)? According to Wikipedia, wabbits are in fact rare, and it's not hard to see why: they don't do anything to spread to other machines. A wabbit, like a virus, replicates itself, but it does not have any instructions to email itself or pass itself through a computer network in order to infect other machines. The least ambitious of all malware, it is content simply to focus on utterly devastating a single machine.

Trojans. Arguably the most dangerous kind of malware, at least from a social standpoint. While Trojans rarely destroy computers or even files, that's only because they have bigger targets: your financial information, your computer's system resources, and sometimes even massive denial-of-service attacks launched by having thousands of computers all try to connect to a web server at the same time. Trojans can even

Spyware. In another instance of creative software naming, spyware is software that spies on you, often tracking your internet activities in order to serve you advertising. (Yes, it's possible to be both adware and spyware at the same time.)
Backdoors. Backdoors are much the same as Trojans or worms, except that they do something different: they open a "backdoor" onto a computer, providing a network connection for hackers or other malware to enter or for viruses or spam to be sent out through.

Exploits. Exploits attack specific security vulnerabilities. You know how Microsoft is always announcing new updates for its operating system? Often enough the updates are really trying to close the security hole targeted in a newly discovered exploit.

Rootkit. The malware most likely to have a human touch, rootkits are installed by crackers (bad hackers) on other people's computers. The rootkit is designed to camouflage itself in a system's core processes so as to go undetected. It is the hardest of all malware to detect and therefore to remove; many experts recommend completely wiping your hard drive and reinstalling everything fresh.

Keyloggers. No prize for guessing what this software does: yes, it logs your keystrokes, i.e., what you type. Typically, the malware kind of keyloggers (as opposed to keyloggers deliberately installed by their owners to use in diagnosis computer problems) are out to log sensitive information such as passwords and financial details.

Dialers. Dialers dial telephone numbers via your computer's modem. Like keyloggers, they're only malware if you don't want them. Dialers either dial expensive premium-rate telephone numbers, often located in small countries far from the host computer; or, they dial a hacker's machine to transmit stolen data.

URL injectors. This software "injects" a given URL in place of certain URLs when you try to visit them in your browser. Usually, the injected URL is an affiliate link to the target URL. An affiliate link is a special link used to track the traffic an affiliate (advertiser) has sent to the original website, so that the original website can pay commissions on any sales from that traffic.

Adware. The least dangerous and most lucrative malware (lucrative for its distributors, that is). Adware displays ads on your computer. The Wikipedia entry on malware does not give adware its own category even though adware is commonly called malware. As Wikipedia notes, adware is often a subset of spyware. The implication is that if the user chooses to allow adware on his or her machine, it's not really malware, which is the defense that most adware companies take. In reality, however, the choice to install adware is usually a legal farce involving placing a mention of the adware somewhere in the installation materials, and often only in the licensing agreement, which hardly anyone reads.

Are you ready to take on this dirty dozen? Don't go it alone. Make sure you have at least one each of antivirus and antispyware software on your computer right now.

Article Source:Reprinted Articles.com

About the author: Joel Walsh writes for spyware-refuge.com about malware removal: malware remover www.spyware-refuge.com

Is there spyware and adware on your computer?

2006-10-26T02:32:00.000-07:00

The Shocking Facts are that 85% to 90% of computers that are connected to the internet today are infected by some type of adware and spyware!- Source CNN

These malicious software programs Invade your privacy and send personal and private data to third parties and also take up hard drive space and slow down your PC.

Spyware tracks your on line internet browsing and surfing habits. It moniters each location you visit and what you have looked up on that site. Spyware programs can even track every keystroke you make on your keyboard and record every bit of data you add to a online form, such as name, location and credit card data when you make a purchase. This can lead to identity hijacking and theft of personal and private credit card information. Your PC surfing habits and personal and private information is then sold to third parties.

Adware is another kind of spyware. It doesn't work by tracking your information as spyware does, but what it can do is literally switch your browser settings without your permission. It can cause pop up ads to appear on your PC. A toolbar can also be installed on your computer without your knowledge. Most of us are unaware of the presence of adware programs installed on our computer untill it starts to slow down, crash, blue screen or programs stop working properly.

The spyware business is a billion dollar a year industry with people getting very rich selling the information they steal about you.

Downloading and installing anti-spyware software will remove and protect your computer from spyware, adware, keyloggers, pop ups, trojans and worms.

You can if you wish go to http://www.adwareremoval4you.com and download an excellent anti-spyware program that will scan, remove and protect your computer from all these hidden parasites.

Article Source:Reprinted Articles.com

Basic Spyware Tips

2006-10-26T02:25:00.000-07:00

Basic Spyware Tips
Nowadays, it's a sad but true fact that spyware and adware programs are a far greater threat to your internet security than the dreaded computer viruses. Indeed, spyware, adware and other so-called malware (such as key loggers and trojan horses) actually constitute the biggest single online threat to your privacy and the security of your data.

It's also a major reason for system slowdowns on computers, as these types of programs generally use up precious system resources including RAM (memory) and hard drive space.

So, let’s look at some basic facts about spyware and adware, where these programs come from, what they are, and what you can do about protecting yourself.

Spyware comes in various guises and forms, but basically, it is a program or piece of information that is secretly placed on your computer, that sends data about you or your computer habits to someone else on the Internet, without your knowledge. This can be a company that is collecting data, or a thief seeking to steal access to your computer or the information held in your database (passwords, credit card details and so on).

Spyware can also be a program that places unwanted ads on your computer, often in the form of a malicious cookie. A cookie is a little piece of information placed in your web browser to track your web habits, which, in its more generally benign form, is useful as, for example, a web site can see you have visited it before and let you on without a registration process. Again, in its more benign guise, a cookie can help you by keeping track of your progress through a web store. They are also used to customize website ads to your likes and dislikes.

But, obviously, when they are used for spyware or adware purposes, a cookie is not a welcome guest on your PC!

Spyware programs can get into your computer in several different ways. Sometimes they arrive as an automatic download from a website you are surfing. Porn and online gambling sites are notorious for this, for example.

Sometimes, if you download a free or illegal piece of software, they are embedded in the installation process, or spyware can get on your computer via an email attachment that you shouldn't have opened. (Tip here - if an e-mail comes from an unrecognized source with an attachment, DO NOT open it - it's almost guaranteed to be some sort of program that you definitely don't want!)

Spyware and adware are bad news for several reasons:

They hog precious system resources like memory and hard disk space. If you computer runs much slower than it did previously, then it probably is infected with spyware. If you have never done a spyware scan, then it’s almost guaranteed that there is spyware on your system slowing things down.

They can seriously compromise your privacy and security, providing outsiders with information about your computer habits. For example, by installing a keylogger, spyware can capture your keystrokes and send it to a third party. This can potentially expose your user IDs and passwords to thieves.

Other program such as trojans which allows someone to log into your computer remotely and use it for their own purposes like sending spam or launching malicious attacks on other computers on the Internet, making it look like you are at fault.

So, it’s bad! Let’s look at how to get rd of it.

There are lots of both paid and free anti-spyware programs out there, and, like all things in life, some are better than others. The question often asked is, which is better, a free program or a paid one.

The simple answer is that the best approach is a combination of the two, and, unlike anti-virus programs, you can run more than one anti-spyware program on your system without any problems.

First thing to do is to install the totally free Spybot Search and Destroy program, which will eliminate 70-85 per cent of all known spyware.

The, invest a little money in a good paid program like Spyware Doctor, NoAdware or Spyware Nuker to complete the job for you. Yes, I know that it means spending some money, but if it can prevent someone stealing your credit card details, for example, then it's a sure fire thing that its going to be money well spent.

Another advantage of the paid programs is that they generally have a more effective "pro-active" nature to them than the free programs do. In other words, they are usually far better at stopping spyware and adware actually getting into your PC in the first place, and, clearly, preventing the problem is far easier and less time consuming than having to deal with it once your PC becomes infected.

Article Source:Reprinted Articles.com

Steve Cowan is an enterpeneur,businessman & writer.Steve is also an international racing driver & full time father.Find more,visit his site at webbizz99.com/spyware & adware

Keeping Children Safe Online.

2006-10-25T20:18:00.000-07:00

“Children present unique security risks when they use a computer—not only do you have to keep them safe, you have to protect the data on your computer. By taking some simple steps, you can dramatically reduce the threats.”

What unique risks are associated with children?

When a child is using your computer, normal safeguards and security practices may not be sufficient. Children present additional challenges because of their natural characteristics: innocence, curiosity, desire for independence, and fear of punishment. You need to consider these characteristics when determining how to protect your data and the child.

You may think that because the child is only playing a game, or researching a term paper, or typing a homework assignment, he or she can't cause any harm. But what if, when saving her paper, the child deletes a necessary program file? Or what if she unintentionally visits a malicious web page that infects your computer with a virus? These are just two possible scenarios. Mistakes happen, but the child may not realize what she's done or may not tell you what happened because she's afraid of getting punished.

Online predators present another significant threat, particularly to children. Because the nature of the internet is so anonymous, it is easy for people to misrepresent themselves and manipulate or trick other users (see Avoiding Social Engineering and Phishing Attacks for some examples). Adults often fall victim to these ploys, and children, who are usually much more open and trusting, are even easier targets. The threat is even greater if a child has access to email or instant messaging programs and/or visits chat rooms (see Using Instant Messaging and Chat Rooms Safely for more information).

What can you do?

Be involved - Consider activities you can work on together, whether it be playing a game, researching a topic you had been talking about (e.g., family vacation spots, a particular hobby, a historical figure), or putting together a family newsletter. This will allow you to supervise your child's online activities while teaching her good computer habits.
Keep your computer in an open area - If your computer is in a high-traffic area, you will be able to easily monitor the computer activity. Not only does this accessibility deter a child from doing something she knows she's not allowed to do, it also gives you the opportunity to intervene if you notice a behavior that could have negative consequences.
Set rules and warn about dangers - Make sure your child knows the boundaries of what she is allowed to do on the computer. These boundaries should be appropriate for the child's age, knowledge, and maturity, but they may include rules about how long she is allowed to be on the computer, what sites she is allowed to visit, what software programs she can use, and what tasks or activities she is allowed to do. You should also talk to children about the dangers of the internet so that they recognize suspicious behavior or activity. The goal isn't to scare them, it's to make them more aware.
Monitor computer activity - Be aware of what your child is doing on the computer, including which web sites she is visiting. If she is using email, instant messaging, or chat rooms, try to get a sense of who she is corresponding with and whether she actually knows them.
Keep lines of communication open - Let your child know that she can approach you with any questions or concerns about behaviors or problems she may have encountered on the computer.
Consider partitioning your computer into separate accounts - Most operating systems (including Windows XP, Mac OS X, and Linux) give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give her a separate account and decrease the amount of access and number of privileges she has.
If you don't have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your browser (see Evaluating Your Web Browser's Security Settings for more information), avoid letting your browser remember passwords and other personal information (see Browsing Safely: Understanding Active Content and Cookies). Also, it is always important to keep your virus definitions up to date (see Understanding Anti-Virus Software).
Consider implementing parental controls - You may be able to set some parental controls within your browser. For example, Internet Explorer allows you to restrict or allow certain web sites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options..., choose the Content tab, and click the Enable... button under Content Advisor.
There are other resources you can use to control and/or monitor your child's online activity. Some ISPs offer services designed to protect children online. Contact your ISP to see if any of these services are available. There are also special software programs you can install on your computer. Different programs offer different features and capabilities, so you can find one that best suits your needs. The following web sites offer lists of software, as well as other useful information about protecting children online:
- GetNetWise - http://kids.getnetwise.org/ - Click Tools for Families to reach a page that allows you to search for software based on characteristics like what the tool does and what operating system you have on your computer.
- Yahooligans! Parents' Guide - http://yahooligans.yahoo.com/parents/ - Click Blocking and Filtering under Related Websites on the left sidebar to reach a list of software.
Authors: Mindi McDowell, Allen Householder

Defending Cell Phones and PDAs Against Attack

2006-10-25T19:14:00.000-07:00

What unique risks do cell phones and PDAs present?

Most current cell phones have the ability to send and receive text messages. Some cell phones and PDAs also offer the ability to connect to the internet. Although these are features that you might find useful and convenient, attackers may try to take advantage of them. As a result, an attacker may be able to accomplish the following:

abuse your service - Most cell phone plans limit the number of text messages you can send and receive. If an attacker spams you with text messages, you may be charged additional fees. An attacker may also be able to infect your phone or PDA with malicious code that will allow them to use your service. Because the contract is in your name, you will be responsible for the charges.
lure you to a malicious web site - While PDAs and cell phones that give you access to email are targets for standard phishing attacks, attackers are now sending text messages to cell phones. These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file (see Avoiding Social Engineering and Phishing Attacks for more information).
use your cell phone or PDA in an attack - Attackers who can gain control of your service may use your cell phone or PDA to attack others. Not only does this hide the real attacker's identity, it allows the attacker to increase the number of targets (see Understanding Denial-of-Service Attacks for more information).
gain access to account information - In some areas, cell phones are becoming capable of performing certain transactions (from paying for parking or groceries to conducting larger financial transactions). An attacker who can gain access to a phone that is used for these types of transactions may be able to discover your account information and use or sell it.

What can you do to protect yourself?

Follow general guidelines for protecting portable devices - Take precautions to secure your cell phone and PDA the same way you should secure your computer (see Cybersecurity for Electronic Devices and Protecting Portable Devices: Data Security for more information).
Be careful about posting your cell phone number and email address - Attackers often use software that browses web sites for email addresses. These addresses then become targets for attacks and spam (see Reducing Spam for more information). Cell phone numbers can be collected automatically, too. By limiting the number of people who have access to your information, you limit your risk of becoming a victim.
Do not follow links sent in email or text messages - Be suspicious of URLs sent in unsolicited email or text messages. While the links may appear to be legitimate, they may actually direct you to a malicious web site.
Be wary of downloadable software - There are many sites that offer games and other software you can download onto your cell phone or PDA. This software could include malicious code. Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate (see Understanding Web Site Certificates for more information). If you do download a file from a web site, consider saving it to your desktop and manually scanning it for viruses before opening it.
Evaluate your security settings - Make sure that you take advantage of the security features offered on your device. Attackers may take advantage of Bluetooth connections to access or download information on your device. Disable Bluetooth when you are not using it to avoid unauthorized access (see Understanding Bluetooth Technology for more information).

Author: Mindi McDowell

Avoiding Social Engineering and Phishing Attacks.

2006-10-24T23:50:00.000-07:00

"Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information. "

What is a social engineering attack?

What is a phishing attack?

How do you avoid being a victim?

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
Don't send sensitive information over the Internet before checking a web site's security (see Protecting Your Privacy for more information).
Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.html).
Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

What do you do if you think you are a victim?

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

Understanding Anti-Virus Software.

2006-10-24T19:27:00.000-07:00

"Anti-virus software can identify and block many viruses before they can infect your computer. Once you install anti-virus software, it is important to keep it up to date. "

What does anti-virus software do?

Although details may vary between packages, anti-virus software scans files or your computer's memory for certain patterns that may indicate an infection. The patterns it looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that you have the latest definitions installed on your computer.

Once you have installed an anti-virus package, you should scan your entire computer periodically.

Automatic scans - Depending what software you choose, you may be able to configure it to automatically scan specific files or directories and prompt you at set intervals to perform complete scans.
Manual scans - It is also a good idea to manually scan files you receive from an outside source before opening them. This includes
- saving and scanning email attachments or web downloads rather than selecting the option to open them directly from the source
- scanning floppy disks, CDs, or DVDs for viruses before opening any of the files

What happens if the software finds a virus?

Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting you that it has found a virus and asking whether you want it to "clean" the file (to remove the virus). In other cases, the software may attempt to remove the virus without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.

Which software should you use?

There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. All anti-virus software performs the same function, so your decision may be driven by recommendations, particular features, availability, or price. See the references section for a link to a list of some anti-virus vendors.

Installing any anti-virus software, regardless of which package you choose, increases your level of protection. Be careful, though, of email messages claiming to include anti-virus software. Some recent viruses arrive as an email supposedly from your ISP's technical support department, containing an attachment that claims to be anti-virus software. However, the attachment itself is in fact a virus, so you could become infected by opening it.

How do you get the current virus information?

This process may differ depending what product you choose, so find out what your anti-virus software requires. Many anti-virus packages include an option to automatically receive updated virus definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing email chain letters that claim that a well-known anti-virus vendor has recently detected the "worst virus in history" that will destroy your computer's hard drive. These emails are usually hoaxes. You can confirm virus information through your anti-virus vendor or through resources offered by other anti-virus vendors. See the references section for a link to some of these resources.

While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect viruses that have signatures installed on your computer, so it is important to keep these signatures up to date. You will still be susceptible to viruses that circulate before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.

References

CERT^® Coordination Center Computer Virus Resources - <http://www.cert.org/other_sources/viruses.html#VI>
Computer Security Division: Computer Security Resource Center (CSRC) Virus Information - <http://csrc.nist.gov/virus/>

Spyware versus Adware; the Difference Impacts Your Privacy

2006-10-24T19:10:00.000-07:00

Many people use the terms Spyware and Adware interchangeably. You shouldn’t! There are important differences between the two. True, both terms refer to the act of tracking your computer activity, such as how long you visited a particular Web site.

However, the key difference is the intent behind how and why a business collects your information. Adware is commonly associated with pop-up advertisements used by businesses trying to sell you something. However, Spyware, the more malicious of the two, isn’t trying to sell you, instead, it’s trying to take something from you -- your credit card and social security numbers and bank account information. Some Spyware collects information about you and, if placed in the wrong hands, could be detrimental to your financial wellbeing and used to steal your identity. Adware is usually something you can see. Whereas Spyware often can’t be seen, in fact, businesses behind Spyware don’t want you to know they’re lurking. Therefore, you may have a Spyware infection and not know it. One vicious Spyware is keylogging, a tool that hangs about in the background, logging your keystrokes, including account numbers and passwords you type on your keyboard, and then sends the information to the originating source.

Future of Spyware
Spyware will only become more invasive with no concern for your privacy, regardless of what you want or think. Worse, no one piece of software will protect you from the above. Why? One belief is that there are far more research dollars being spent on developing Spyware than combating it, since the information derived from the former is more lucrative.

Protecting Yourself
There are two methods to protect yourself, both are equally important.
1. Manage your computer usage behavior. If you download most anything for free – movies, software, music, etc., then you can anticipate being exposed to highly aggressive forms of Spyware.
2. Utilize anti-spyware software programs and a hardware firewall. Both help to fend off Spyware. Lavasoft’s Ad-Aware se and Microsoft’s AntiSpyware (Beta) programs are reputable.

About the author:

About the Author
Sharron Senter is co-founder of - an on site computer repair, security and networking company serving north of Boston, Southern NH and Maine. Visiting Geeks’ technicians are crackerjacks at squashing viruses, popups and securing and making computers perform faster. Learn more about Sharron at

Windows XP System Tools

2006-10-24T18:54:00.000-07:00

Well, we all have been there. We turn on our computer (boot up) getting ready to type that school report, or business presentation and guess what, our computer just does not want to work today. Whether it's the word processor, spreadsheet, or financial package that isn't working, most people do not know that Microsoft Windows XP has a built in feature that just may come and save the day. That feature is called "System Restore."

Basically, System Restore is like a little hound that runs behind the scenes taking "snapshots" of various parts of the Microsoft Windows XP operating system. So, if a part of Microsoft Windows XP stops working one day, the System Restore utility is able to reference one of the "snapshots" it took and restore your system from a previous day (a day when your computer worked). It's kind of like going back in time to a day when your computer worked. All your current data (Microsoft Word files, etc.) are still retained, so you don't have to worry about losing any present day files.

In order to restore your computer just follow these simple steps:

1. Close any open programs.
2. Click on the Windows "Start" button (normally located on the bottom of your computer desktop)
3. Click on "All Programs"
4. Click on "Accessories"
5. Click on "System Tools"
6. Then click on "System Restore"
7. At this point the System Restore wizard will launch. You will have two options:

a. "Restore my system from an earlier date"
b. "Create a system restore point"

If you just need to restore your system and get it working correctly again, just select option "a" and click "Next."

8. On this screen you can select a date from the calendar that you would like to try and restore from. So, if you knew that your computer worked fine two days ago, just pick that date on the calendar and click "Next."
9. The next screen is the confirmation window. Just verify the information on the screen and click "Next." Windows XP will then reboot and try to restore your system with the settings from the date you selected.

The System Restore process can take anywhere from 10 to 30 minutes depending on how much reconfiguration Windows XP needs to do and how fast of a PC you have. When System Restore is done, a screen will popup with the results of the restore. If it was successful, you can then log into the system and start using the computer again. Any quirky issues that you were having are now hopefully gone.

Now, on step 7b above, I mentioned the "Create a system restore point" option. This option is for when you want to force Windows XP to take a snapshot of your system just before you install a program or alter any system settings that you are not sure of. It is like a safety net for when you install any internet programs (sometimes riddled with spyware) or system drivers (video, audio, etc). If you want to revert back to a virgin state just create a restore point "before" installing any software. This way, if your machine starts acting weird, you can just restore your settings from the selected point.

With a little practice, the System Restore utility is easy to use and a great way to help ensure the safety of your computer.

About the author:
Scott Morris gathers information about virtual pbx software
pbx phone system

Oracle Critical Patch Update - October 2006

2006-10-19T00:55:00.000-07:00

Oracle has released the Critical Patch Update - October 2006. According to Oracle, this CPU contains:

22 new security fixes for the Oracle Database
6 new security fixes for Oracle HTTP Server
35 new security fixes for Oracle Application Express
14 new security fixes for the Oracle Application Server
13 new security fixes for the Oracle E-Business Suite
8 new security fixes for Oracle PeopleSoft Enterprise PeopleTools and Enterprise Portal Solutions
1 new security fix for JD Edwards EnterpriseOne
1 new security fix for Oracle Pharmaceutical Applications

Many Oracle products include or share code with other vulnerable Oracle products and components. Therefore, one vulnerability may affect multiple Oracle products and components. For example, the October 2006 CPU does not contain any fixes specifically for Oracle Collaboration Suite. However, Oracle Collaboration Suite is affected by vulnerabilities in Oracle Database and Oracle Application Server, so sites running Oracle Collaboration suite should install fixes for Oracle Database and Oracle Application Server. Refer to the October 2006 CPU for details regarding which vulnerabilities affect specific Oracle products and components.
For a list of publicly known vulnerabilities addressed in the October 2006 CPU, refer to the Map of Public Vulnerability to Advisory/Alert. The October 2006 CPU does not associate Vuln# identifiers (e.g., DB01) with other available information, even in the Map of Public Vulnerability to Advisory/Alert document. As more details about vulnerabilities and remediation strategies become available, we will update the individual vulnerability notes.
Solution
Apply patches from Oracle
Apply the appropriate patches or upgrade as specified in the Critical Patch Update - October 2006. Note that this Critical Patch Update only lists newly corrected vulnerabilities.
As noted in the update, some patches are cumulative, others are not:
The Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications and PeopleSoft Enterprise PeopleTools patches in the Updates are cumulative; each Critical Patch Update contains the fixes from the previous Critical Patch Updates. Oracle E-Business Suite and Applications patches are not cumulative, so E-Business Suite and Applications customers should refer to previous Critical Patch Updates to identify previous fixes they want to apply.
The October 2006 CPU lists 35 vulnerabilities affecting Oracle Application Express. These vulnerabilities are addressed in Oracle Application Express version 2.2.1. Oracle Application Express users are encouraged to upgrade to version 2.2.1 as soon as possible.
Vulnerabilities described in the October 2006 CPU may affect Oracle Database 10g Express Edition (XE). According to Oracle, Oracle Database XE is based on the Oracle Database 10g Release 2 code.
Patches for some platforms and components were not available when the Critical Patch Update was published on October 17, 2006. Please see MetaLink Note 391563.1 (login required) for more information about patch availability.
Known issues with Oracle patches are documented in the pre-installation notes and patch readme files. Please consult these documents and test before making changes to production systems.

Avoid Internet Theft, Fraud and Phishing

2006-10-18T20:24:00.000-07:00

Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Online services such as Internet banking save time and money. However, from the depths of its vast expanse have come the dregs of society intent on preying on the new, the na๏ve, and the less informed.

Phishing is one of the main scams in the present moment. People set up phoney websites and email addresses. Then they spam Email inboxes with official-looking messages explaining that your account with Company X has encountered a problem and that they need you to login and confirm some details. The email addresses are masked to appear official and the links provided in the email all seem to check out. If you click on the link provided then you will usually be taken to a site that looks for all intents and purposes to be official. When you click 'submit' your details will be sent to a criminal somewhere who will do as they please with your information, such as withdrawing money from a bank account or purchasing things in your name.

The scam has been labelled 'Phishing' because the criminals engaging in the activity behave similarly to a fisherman throwing bait out in the hope that they'll receive just one bite from the millions of people that receive the email.

So how do you avoid these online scams? First and foremost, it is important to realise that no legitimate organisation should be sending you a request to fill out your personal details because of some server error or for any other reason. Your bank will never send you an email with content along the lines of "We've lost your bank account number and password... please supply them again for our records". You should also know that no bank is going to require your social security number, bank account number, and PIN number just to log in to your account or retrieve your password. Other sites such as Ebay, PayPal, and the like will not email you asking for these details either.

If you're a little unsure as to whether or not an email is official, scroll down a bit until you find the link that they are requesting you to click and simply hold your mouse pointer over the link text without clicking. Now take a look at the bottom left-hand corner of your browser window. The link text is often the address that the phisher wants you to think you will be heading to but the real address will be revealed in the bottom of the browser. This address will most likely not have anything whatsoever to do with the company that the email is attempting to imitate. It could be a dodgy web site or even just a page on someone's personal computer. If the address doesn't appear in the bottom left-hand corner then you can right-click on the link, select 'properties' from the pop-up menu and then read the address listed in the information box.

To avoid further scams make sure that you have updated firewall and anti-virus software active on your system at all times. This will make it harder for anyone to install key loggers, Trojans, spyware, or other similar devices intended to retrieve your information. Keep your operating system up to date with the latest security patches and updates and be careful where you enter your details. Always look into the reputability of the site that is requesting your details and keep an eye on the lower right-hand corner of your browser. If the page you are viewing has a little padlock symbol appear in the corner, then it means that your details are being secured by some encryption method. You can double click on the icon to get more details if you wish. Sites without the padlock icon don't have encryption, which means that your details are a lot easier for malicious crooks to get a hold of.

Even if you're sure the website is legitimate, it's not a good idea to send your details over an unsecured connection. By the way, email does not count as a secure connection, and neither does any instant messaging program, (such as MSN, ICQ, Yahoo Messenger, AIM etc.) so don't give out personal details that way either.

Another common scam very similar to phishing involves the emailing of promises of great wealth. Seriously, what do you think your chances are of winning the lottery, let alone one that you never even entered? Or of some obscure yet ridiculously rich person in Africa dying and you being legally allowed to pick up their money? Or of a foreign prince wishing to smuggle money out of his country using your account? These emails are all scams. I wish it were true that I won three different lotteries every single day, but if you get in contact with the people sending these messages they're going to do their utmost to clean out your pockets. Unfortunate as it may sound, the 'Please Donate to Charity' emails sent are usually also scams.

If you really want to donate money to a charity, look them up and send it the usual way, don't respond to a multi-recipient email that may or may not be real. You also shouldn't donate to some random charity that no one has ever heard of before. Some of the Internet lowlifes have started up fake charities, 'dedicated to helping Tsunami victims' or similar and are simply pocketing the donations.

Everything in this world can be used for either good or evil purposes and the Internet is no exception. Staying alert and having just a little bit of Internet know-how can keep you out of harm's way for the majority of the time, and allow you access to the wonderful online services available with relative safety.

Daniel Punch

http://www.m6.net