Understand and participate in forensics.

In physical crimes, such as robbery and murder, special investigative teams are trained in the science of collecting and analyzing crime-scene data. These teams include on-scene personnel as well as forensic scientists in labs. Computer forensics is no different in its practice. In fact, many people are shocked to find that computer attack forensics is more concerned with law and evidence gathering, handling, and preservation than with computers. Most companies today don't prepare or understand the forensics process until after an attack has occurred. It is our goal in this section to show you what is required and how to prepare before an attack occurs.
First things first—computer crime is increasing and our ability to cope with the complexity of the networks and software applications that are being created is decreasing. Now, this is most certainly a generalization, but it holds true for many of the clients and companies we see every year. Another truth is that given enough time, energy, and incentive, just about any network can be hacked. If you can accept these basic truths, the time you spend planning and training in areas such as computer forensics will seem less like a waste of time and more like an investment.

Computer forensics is about collecting and analyzing data so it can be used and presented in court. Without proper forensic techniques, you are likely to destroy valuable data or render it inadmissible because it was improperly obtained, collected, or stored. Without evidence, you can't prosecute offenders, properly terminate employees for inappropriate behavior, or seek damages when corporate espionage hits home.

DMZ : Demilitarized Zone

DMZ : Demilitarized Zone :
Also called the free-trade zone or the neutral zone, this is an area in your network that allows a limited and controlled amount of access from the public Internet. The DMZ often hosts the corporation's Web and File Transfer Protocol (FTP) sites, email, external Domain Name Service (DNS), and the like. This network segment usually lies between the internal corporate network and the public Internet.

Corporate Security for Your Home Business.

The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.

Corporate Security: Information

Information is the commodity that makes companies unique. That information could be a process your company does better than others; or it could be how to make the unique product you sell; or it could be a collection of information that you have that others want access to. In any case, protecting the information that makes your company viable could mean financial life or death for your venture. There are three simple corporate security solutions you can implement to decrease the likelihood that your information will be leaked or lost.

Make back ups often. If you are like 90% of computer users out there who use Windows, pressing [ctrl] + S is a habit well worth forming. Besides information, time is one of your most valuable resources, so you can't afford to lose hours of work every time the system crashes. Save your work as often as you stop typing. Making additional copies of master files in other places beside your hard drive will mean you won't lose everything if your hard drive becomes corrupted. Keep these discs in a safe place where you can easily access them if you need to.

Keep secret passwords secret. This may seem like a no-brainer, but too often we think of passwords as annoyances slowing us down. Systems are password-protected to ensure that only those persons who should be allowed access are granted access. If you are working out of a home office and have little face-to-face interaction with clients or customers, you may be tempted to leave your system unlocked or pin a list of your user names and passwords near the computer. Remember that children are both curious and smart, and in only a few clicks of the mouse they can accidentally erase important files. Do yourself the favor of memorizing your passwords and changing them on occasion.

Maintain an up-to-date computer system. Computers that run slower also have the terrible tendency of getting overloaded and shutting down. The internet is one of the biggest culprits of bogging down your processing speed, but running several programs at the same time will also do it. Keeping your processor and memory up-to-date will help ensure that you are able to perform all the tasks that are required of you without having to spend a lot of time waiting for your computer to catch up.

Corporate Security: Hardware

Chances are good that IBM's annual technology budget is quite a bit larger than your home business's budget. Between putting food on the table and covering the operating costs of your business, purchasing new equipment might seem like a luxury you'll never have. Protecting your computer system from viruses, spy ware, and malicious software is one of the most cost-effective ways to ensure your computer will last as long as you need it to.

Know what is on your computer. Viruses can come through email, discs, or the internet, and are typically well-hidden on your hard drive. Perform systematic checks of the temporary internet files, cookies folder, and the rest of your hard drive to ensure that you have not accidentally picked up a virus. Software can be purchased that filters spam and helps you manage the internet files and cookies that are downloaded automatically on your computer. A proactive approach in combating viruses and spy ware is usually the most effective way to make sure your hardware stays protected.

Though corporate security solutions may seem like a luxury your home business can not afford, protecting information and hardware are priorities that all companies should have. Following these simple, inexpensive solutions to common security concerns your company may have will go a long way in helping you succeed.

Nick Smith is a client account specialist with 10x Marketing - More Visitors. More Buyers. More Revenue. For more information about cost-effective corporate security solutions, visit ContentWatch.com.

Good Security Habits.

How can you minimize the access other people have to your information?

You may be able to easily identify people who could, legitimately or not, gain physical access to your computer—family members, roommates, co-workers, members of a cleaning crew, and maybe others. Identifying the people who could gain remote access to your computer becomes much more difficult. As long as you have a computer and connect it to a network, you are vulnerable to someone or something else accessing or corrupting your information; however, you can develop habits that make it more difficult.

• Lock your computer when you are away from it. Even if you only step away from your computer for a few minutes, it's enough time for someone else to destroy or corrupt your information. Locking your computer prevents another person from being able to simply sit down at your computer and access all of your information.
  
  
  
• Disconnect your computer from the Internet when you aren't using it. The development of technologies such as DSL and cable modems have made it possible for users to be online all the time, but this convenience comes with risks. The likelihood that attackers or viruses scanning the network for available computers will target your computer becomes much higher if your computer is always connected. Depending on what method you use to connect to the Internet, disconnecting may mean ending a dial-up connection, turning off your computer or modem, or disconnecting cables.
  
  
  
• Evaluate your security settings. Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked. It is important to examine the settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of the software, or if you hear of something that might affect your settings, reevaluate your settings to make sure they are still appropriate (see Understanding Patches, Safeguarding Your Data, and Evaluating Your Web Browser's Security Settings for more information).

What other steps can you take?

Sometimes the threats to your information aren't from other people but from natural or technological causes. Although there is no way to control or prevent these problems, you can prepare for them and try to minimize the damage.

• Protect your computer against power surges. Aside from providing outlets to plug in your computer and all of its peripherals, some power strips protect your computer against power surges. Many power strips now advertise compensation if they do not effectively protect your computer. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Power strips alone will not protect you from power outages, but there are products that do offer an uninterruptible power supply when there are power surges or outages.
  
  
  
• Back up all of your data. Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. You have probably already experienced this at least once— losing one or more files due to an accident, a virus or worm, a natural event, or a problem with your equipment. Regularly backing up your data on a CD or network reduces the stress and other negative consequences that result from losing important information (see Real-World Warnings Keep You Safe Online for more information). Determining how often to back up your data is a personal decision. If you are constantly adding or changing data, you may find weekly backups to be the best alternative; if your content rarely changes, you may decide that your backups do not need to be as frequent. You don't need to back up software that you own on CD-ROM or DVD-ROM—you can reinstall the software from the original media if necessary.

Authors: Mindi McDowell, Allen Householder

The Tasteless Internet Meat of Criminals.

Spam. You've all heard of the crazy pink meat in a can, but what's it got to do with the Internet? Well, it's also the namesake for a major problem in the World Wide Web-unsolicited junk email. Problem! We're talking serious pain in the butt both as a waster of time, space, and money. It is estimated that around half of all email received on the Internet is this sneaky illegal attempt at selling fake consumer goods, pornography, and a whole plethora of 'helpful' services. It's taking up half of all email on the Earth, and it's costing businesses' billions in wasted time, as well as filling personal email accounts to the limit so important messages aren't received. It seems everywhere there's a leap in technology for humanity, there's also a group of people who want to stretch the realm of criminal activity to another level.

The good news is that as it's such a prominent problem, the 'good guys' have made it a main priority on their 'To do' lists. Software has been created to block Spam and is being updated constantly. Recently Bill Gates, richest human on Earth and self-made mogul of software masters' Microsoft spoke of his aim to eliminate Spam by the year 2006. Obviously a lot of people would be quite appreciative if they could achieve this goal.

Supposedly most of the billions of junk emails originate from about 200 people who are intelligent enough to cover their tracks. They have multiple ways of finding out email addresses and then sending thousands upon thousands of unwanted messages to you and I. It usually costs them next to nil so if even one low-quality product sells they receive a profit. That's why they do it; just another greed-induced means of getting rich quick without working for it like the rest of us.

Well, there's a couple main ways of dealing with the Spam dilemma. The main one, and most easy, is to just delete the messages or empty your folder (after moving desired messages to another folder) straight off the server without downloading or 'looking' at the messages. This gives the 'evil' sender the knowledge that you're not reading the mail and therefore the traffic you receive goes down dramatically.

Another way to block the Spam is to use software like Magic Mail Monitor (http://mmm3.sourceforge.net/) or Mailwasher (http://www.mailwasher.net/), which work well at destroying the unwanted, pink, tasteless, unworldly email meat by showing you the mail straight from the server without downloading it.

So, show the criminals you're aware and not ignorant and take the first steps to bringing the Spam Empire down. Protect yourself and eventually the Spam will go where all filth is destined, into the trash.

About The Author

This article is written by Mr.Jesse S.Somer who writes for M6.net.

Internet Shopping - How Safe Is It?

Millions of people make purchases online, but many people are still wary. They fear the unknown and have many doubts and questions about who they are dealing with. They are afraid of being scammed, and rightfully so. Online shopping can be a completely safe and rewarding experience provided you are dealing with a legitimate, reputable retailer. But how do you know if they are legitimate???  Here lies the "fear of the unknown."

Well, as with anything in life, there are precautions to take, questions you should ask yourself, and signs to look out for. Provided you are careful with who you decide to purchase from, online shopping can be a very convenient and pleasurable experience.

Important Safety Precautions:

Take a good look around the website. Make sure you read their Privacy Policy. A privacy policy let's you know the procedures and methods they have in place to secure your personal information. Find the answers to these questions...Do they share your information with others? Some companies sell or distribute your information to other companies. You may wind up on everybody's mailing list. Do they have security measures in place to protect your information (i.e. SSL)? SSL is the abbreviation for Secured Socket Layer. SSL is security software that encrypts information transmitted between browsers. What this means in layman's terms is that your personal information such as name, address, credit card number, etc. is coded or scrambled so that anyone who may try to intercept this information as it is transmitting cannot read it. But don't just rely on them telling you that their site is secure, check for yourself. You will know when you are in a secure browser by looking at the bottom browser bar on your computer (lower right). If the browser is secure, you will see a security lock image. Also check the web address in your top browser bar. Secure web addresses begin with "https" whereas, non-secure pages begin with "http."

Setting up accounts with online stores is quite common. However, many people are leery of this because they don't understand why it is sometimes necessary. Generally, the only information you are providing is your name, address, email address, and sometimes your phone number. This is all necessary information that the store needs in order to ship your order or contact you regarding your order. Setting up an account with the retailer usually provides you with additional such as tracking the status of your order. On the other hand, if the account set-up asks for more than just your basic contact information, then you may not want to proceed. You should not be required to provide your social security number, bank account number, or birthdate. This information is much more personal and should not be necessary to have an order shipped.

Read the shipping and returns policies before making a purchase. Make sure you feel comfortable with them. Find answers to these questions...What is their shipping timeframe? Is it within a reasonable amount of time? Will they notify you if it will take longer than anticipated? What choices will you have then? Do they allow returns? Are there restrictions on what items you can return and explanations as to why? Do they make sense?

Don't make huge purchases right off the bat. Make a small, low cost purchase with the company and consider it a low-risk test of their credibility. This allows the retailer a chance to prove themselves worthy of your business, but limits the monetary risk you are taking. Should all go well, you can make a larger purchase in the future with peace of mind, now knowing that this is a legitimate business.

There are many advantages to purchasing online and as long as you are careful with who you choose to deal with you can reap the rewards.

Here are some of the benefits:

Convenience: Why fight the crowds in the stores, especially during the holidays, when you can sit at home on your computer and shop. And price comparisons are just a click away when shopping on the internet. There's no need to fight traffic running from store to store looking for the "best deal." You can have your purchase delivered to your doorstep within a few days.

Prices: Online retailers and storefronts purchase their products from the same manufacturers. However, an online retailer doesn't have the costly overhead that a storefront has (i.e. Lease payments on the building, heat and electric, just to name a few). Therefore, the online retailer doesn't have to markup the price as much as the storefront in order to make the same profit. So you, the consumer, come out the winner!

Store Hours: Online retailers are open 24 hours a day, 7 days a week. Shop at your convenience.

So as long as you take some simple precautions, shopping online can be a very pleasurable, time saving and money saving experience.

For safe shopping, great prices on lingerie, and excellent customer service, please visit our store at http://www.gottahavitny.com

HackAttack

P C. owners are constantly at risk from attacks by hackers. Spy ware, viruses, trogan horses, and all sorts of other malevolent programs are all trying to take control of your computer.

What can we do about it? How can we be sure that we are properly protected against them?

A hacker will generally not be interested in doing damage to your PC. His main interest is in gaining control of your computer so that he can use it to send out hundreds of thousands of e-mails in your name with the intention of crashing your mail server.

This can get you into very serious trouble with the server. This is something that you do not want. How are you going to prove that you were not to blame?

How do the hackers do it? What tools do they use?

A port scanner. What is a port scanner? A port scanner can locate PCs that are on line and check for an open port. A hacker using a program such as 'Super Scan' can find an open port to gain entrance to your computer. Once in, he can use your computer as if it were his own. The only difference is that to all intents and purposes it is you that is causing all of the trouble.

The main port that the hacker is interested in is port 80. This is the one that you use to log on to the internet.

I am not going to confuse you with all the various programs that are designed to show you what ports are open at any particular time. What you need to know is how to protect your computer against these attacks.

There are a number of programs designed to show you what is going on inside your PC. I will give you a short list of some that are recommended by some of the program makers.

The one that I would not be without is: www.testmyfirewall.com As its name implies it will test your firewall for flaws and scan for open ports and any other security problems you may have. You do have a firewall, don't you?

Another one is: www.pestscan.com This will scan for any nasties that are already on the computer.

Lastly, I use: http://www.security.symantec.com This will run a security check of all my systems.

Don't put of what you should be doing today. Make sure that your protection is doing its job. Check that you have the latest version of whatever protection you are using. An out of date system is worse than useless. It gives a false sense of security and suddenly you find yourself in serious trouble with your ISP.

It is your responsibility to ensure that your computer will not cause problems for someone else. There are so many free systems out there that you have no excuse for not using one or more of them.

Be safe. Be happy. Be responsible. All the best. ?Bob?

---

Robert has been on line for over four years and earns a very good living from some of the very best affiliate programs on the web. This is one of his favorites. If you are interested in growing your very own opt-in mailing list in the shortest possible time, take a look now.

http://www.bz9.com/robjfar 'It's free.'

Remove Rogue Desktop Icons Created By Spyware.

If you have used a Windows machine for a while, whether it's Windows XP, Windows 2000, or Windows 98, you're sure to have noticed desktop icons appearing from out of nowhere. How can icons mysteriously emerge on your Windows desktop?

1. When you buy a computer, many vendors place icons to selected products and services on your desktop, such as links to high-speed Internet Service Providers (ISPs) or add-on services vendors think you may need.

2. As you install software on your Windows machine, icons may appear, either to start the application or link to the manufacturer's website. Installing just one program could add three or more icons to your desktop!

3. It's easy to accidentally drag a Favorite, bookmark, text file, or other icon to your desktop, creating an icon.

Normally, it's easy to delete Windows desktop icons. Just place your mouse pointer on the offending icon, then right-click it and choose "Delete", clicking "Yes" to confirm if prompted.

However, what if the rogue icons are for adult websites, unfamiliar search engines, or other websites you don't recall visiting? You may try removing these icons but get an error, or after removal they still reappear again and again and again!

If so, then more than likely spyware, adware, or other malware has infected your machine. It may have been through file trading software, an inadvertent "yes" click when a popup window asked you to install software, 'freeware' that included adware, or other means. To remove the rogue icons, you need to remove the malware creating these icons.

Removing spyware and adware can be a time-consuming process, fraught with potential disaster as it is possible to accidentally remove files that render your operating system unusable. However, the following software products can help with this process as long as you read the instructions carefully, make backups, and get expert advice if you're not completely sure about removing what they ask you to do:

* Ad-Aware: http://www.lavasoft.com/

* Microsoft Windows AntiSpyware: http://www.microsoft.com/athome/security/spyware/software/

* Pest Patrol: http://www.pestpatrol.com/

* Spybot Search and Destroy: http://safer-networking.org/

* Spy Sweeper: http://www.webroot.com/

So, how can you prevent these icons from appearing in the first place? Practice safe computing.

* Backup your machine. If it does get infected to the point of being unusable, at least you won't lose all your important files.

* Install security-related operating system updates so spyware and adware cannot enter your system through well-known exploits.

* Download or buy a virus scanner, and keep it updated! Virus scanners cannot detect all spyware, but it doesn't hurt to have one. Check online or visit your local computer software store.

* Purchase a hardware or software firewall, and keep it updated! Firewalls help protect your computer from common exploits that spyware or adware can use to infect your machine.

* Consider using a different web browser. Though it is not perfect, Mozilla Firefox is currently less susceptible to spyware than Internet Explorer, mainly because it lacks certain technology (such as ActiveX) that is often exploited by malware writers. Note that depending on your web use, certain websites may not work correctly with other web browsers.

By practicing safe computing and using spyware-removal software, you can help remove rogue desktop icons from your desktop and keep others from appearing.

Andrew Malek is the owner of the MalekTips computer and technology help site. Visit his anti-spyware page for more advice on removing adware, spyware, and other malware.

Keeping Worms Out of Your Network.

No auntie Sookie, not earth worms, computer virus worms that can get to you computer and slowly dig deep into your files and eat them away. Put that eggnog down and I'll tell you some more about these new worms.

This worm is a self-replicating (makes a copy of itself, aunt sookie!) program that reproduces itself over a network. It can be hidden in an email attachment from an unknown sender, a movie download from a suspicious website, or an application sent from someone you don't know.
Once on your computer it then can replace a single file, like a winsock.dll or many files and send copies of itself along with email or newsgroup messages that you can post.

The following are ways to keep these type of worms out of your network:

a) Never, I said never (for emphasis) connect an unpatched, non updated computer or other Internet related device to the Internet. How do you update and patch a computer without connecting to the Internet? Get a cd from Microsoft with the latest and greatest patches and updates, then connect the device and then check for updates while connected to make sure you have protection.

b) Always, I said always (yes I am being redundant) use a firewall between your network of computers and the Internet. Even if your network of computers is 1 or 2 computers, it is still a network and needs a firewall to protect it, really protect it. A single computer connected to the Internet is now part of a world wide network thru it's Internet connection and is therefore vulnerable without protection. Get a firewall, a real firewall.

c) Educate and train anyone who uses your computer(s) network. Many times an infection is invited by careless users who download infected email, visit infected sites, or bring infected machines (laptop's, pda's) into a network from outside.

d) Patch and update, patch and update, patch and update (redundant, oh yeah). Yes it's a pain, and it requires time to do and verify that it's actually patched and updated. However it's definitely simpler and cheaper than trying to fix an infestation, or explain to everyone why the network is down or their computers won't work because a worm is eating through everything they have worked hard to save and protect.

e) Make sure up-to-date anti-virus software is on every machine, everything connected to the Internet. Anti-virus packages aid in protection and detection against worms.

f) Establish security rules for your network and educate everyone who touches the network. They must be enforced, daily.

g) Frequently check your network for vulnerabilities. Visit vulnerability website's, take advantage of free scanning tools on the Internet to test your machines. New vulnerabilities and new exploits are released constantly, and you can't protect against what you have no idea what is coming your way.

********************************************************

Daviyd Peterson: 10-year consultant, instructor, trainer
Helps african american homeschools bridge the digital
divide by becoming computer homeschools. Free article
on "Computer Homeschooling" and other related articles
http://www.homeschoolwireless.com/homeschoolwireless.htm

Does Your Firewall Do This?

The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill!

So anti-virus software is the answer?

An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Previously, the targets of hackers were large institutions, banks and government organisations; now hackers try to steal your personal information, including bank details and passwords directly from your PC on a daily basis.

But perhaps you don't consider that your data is particularly valuable?
You will be the one who suffers the consequences when it is destroyed, and these consequences are usually expressed in economic terms. If you lose your data, you will have to pay someone to try and recover it for you, and if your computer is illegally hijacked and used to attack others, then you will also have to handle any legal issues that may result from this.

What will a firewall do to limit the danger to your systems?
A decent firewall is sometimes referred to as a 'choke-point' or 'bridge'. Every piece of data that comes into your network has to go through the firewall in order that data of undesirable content and unauthorised users cannot gain access to your computer or network.

A good firewall will also hide the fact from others, that you are actually connected to the Internet, stopping software that pings, sniffs and queries IP addresses in the hope of finding a system to attack.

A firewall will cloak me, but which one do I need?
There are two different types of firewall available for you to use; a software firewall that is loaded onto your computer and a hardware firewall. In truth, both types are software, but the hardware one is a dedicated firewall appliance, whose only job is to perform firewall functionality. A clear advantage of a hardware firewall, is that if you happen to install some sort of maleware or virus on your system, it cannot take over your firewall.

Unified Threat Management firewall functionality
Unified Threat Management products are defined as those that act as firewalls, include intrusion detection and protection, and also deal with viruses.

Does your current firewall perform content filtering, spam filtering, intrusion detection and anti-virus duties? All of these functions are usually on a number of different pieces of hardware, taking up valuable space in your server racks.
The technology within business grade firewalls has become considerably more robust recently, and paved the way to add these additional, but vital functions to the one appliance.

The administration time has been cut significantly, as there is only one appliance; product selection is quicker and easier, as is product integration and ongoing support. With only one appliance, troubleshooting also becomes a lot less of an issue. If the firewall were to fail, then only one piece of hardware needs to be swapped out; which means that your business can be back up and running faster.

Winding up
In conclusion a good firewall should do the following things:

• Protect your personal data
• Protect your computers resources
• Protect your reputation and that of your business
• Protect your liability
• Ideally be capable of Unified Threat Management

Rob Green is the CEO of Century Computing Support Services, a WatchGuard Firewall Expert Partner, who provide both business grade hardware and software firewalls at http://www.firebox.uk.com. Fill in the contact form at http://www.firebox.uk.com/catalog/contact_us.php to sign up for the Century Computing newsletter.

What to Look for before You Purchase Spyware Software.

Huge number of spyware software applications are available in the market, some being offered as shareware while rest as freeware. (Shareware means a software available for download / CD, and can be used for a particular length of time, usually 30 days. Some are disabled as well). Before making a decision to purchase any such software we should check the reliability and should consider various attributes possessed by them and then select the best and the most appropriate one. The various attributes that one should consider to be the most important when purchasing spyware detection and removal software are -

The spyware software should include tools to enhance the ease of spyware detection and removal. The software should be able to offer descriptions of detected spyware so we can determine whether or not to keep each item. The software should also have auto-update and auto-scheduling capabilities. Auto-update facility ensures that we never forget to download latest spyware definition file. Auto-scheduling ensures that the system is scanned for these malicious codes at a defined interval. This means that even is the system user has changed, the computer is still safe from these spywares. There should be "undo" capabilities in case we accidentally delete something we actually need, and many other features as per individual requirements. The product should provide real-time protection from spyware. In other words, the software should help us prevent spyware installation instead of just removing it afterward. The product should be effective at finding and removing the many different types of spyware.

The product should be easy to use. Its features should be user friendly avoiding any technical jargon, not so easily understood by an average computer user. The user interface should be pleasing to look at, and more importantly, should offer the ease of navigation. The product should be easy to download and install, it should be comfortable enough for running and us to get it up without consulting a book or a tech support person.

There should be a help section installed with the product and should offer easy to understand answers to our questions. There should be someone we can call for support, and the support staff should respond quickly to our email questions. With the right solution for removing and detecting spyware in place, you can keep your computer privacy protected and PC ad-free.

Few top most Spyware software are- Spyware Eliminator, Spyware Doctor, Spy Sweeper, CounterSpy, MS AntiSpyware, Ad-Aware, McAfee, Pest Patrol, NoAdware, Spybot S&D. Best Personal Firewalls are- ZoneAlarm, Outpost Pro, Sygate Firewall, Norton Firewall, Norman Firewall, SurfSecret, Windows Firewall, BlackIce, Injoy, McAfee Firewall.

Computer security awareness is certainly on the improve however it is still amazing how many computer users leave themselves wide open to malicious attacks. Get more free info at: http://www.nichearticles.com/spyware/

Personal Firewalls - Secure Your Computer

There has not been a time in the history of the personal computer that firewalls and anti-virus programs have been more necessary and in-demand. Today, personal computer security is not only threatened by viruses and worms, but also by spyware - those severely annoying programs that are illegally loaded onto your computer from the internet. Spyware programs can seriously undermine the operating structure of your computer, as well as make you vulnerable to identity theft and other criminal activities. Firewalls, long since a staple in the corporate world for defending large, expensive internal intranets or other networks, has now come into its own as a tool for personal computer owners as well. Your home computer is just as susceptible - if not more so - to online attacks, so why should it not be protected?

What is a firewall, anyway?

For those of you who may not be as versed in the pc security lingual as some, we offer here a fairly simple definition. A firewall is a collection of security programs that act to block unauthorized users from gaining access to a particular computer network (or single computer). Most firewalls also comprehensively monitor and report the data transfers between the network and the outside internet environment. Thus, they are quite effective in keeping your computer or network safe, allowing you to access the internet without taking a high security risk.

Sygate Personal Firewalls

There are few highly reputable firewall providers out there, and Sygate is certainly one of them. Here we go over some of the features of the Sygate line firewalls, so that you may choose the best one for your pc or server.

Sygate currently offers two main personal firewalls: the Sygate Personal Firewall (SPF) and the Sygate Personal Firewall Plus (SPFP). The major differences between the two are the advanced features you will only find on the SPFP. With the Plus version you will get VPN support, intrusion detection system (IDS), active reponse, and anti-mac, anti-ip spoofing. Both versions of the software come with the material that any pc user should really make sure they have: the main "application" firewall, intrusion alarm system, attacker tracing system, and security policy customization. These features are what are really necessary for a firewall to protect your home computer. The firewall needs to be able to block outsiders from gaining access to your computer, and they need to alert you when an attack has been attempted (or is in progress). Considering that the SPF is essentially free to download, and contains the elements you really need, this is the application we recommend for home pc users. For small business networks, the more advanced features offered by the Sygate Personal Firewall Plus is certainly worth the $40.00 pricetag. Both options are solid firewall applications and can be highly trusted to perform well on nearly any system.

Norton Personal Firewalls

Sygates closest competition in the area of personal firewall is Norton. Norton anti-virus programs are very well known, and have largely carried the brand over the last decade. Although less well known, Norton offers a powerful and comprehensive firewall program for home pc owners. Norton Personal Firewall 2005 is similar to the Sygate Personal Firewall program mentioned above. Some of the neat features of this application include the Norton Privacy Control (which keeps information from being sent without your knowledge in email, instant messages, MS Office attachments, and various forms on the web, such as those you enter your credit card number in), and intrusion prevention system that automatically blocks suspicious incoming traffic (from hackers, etc.). If this product is anywhere near as well designed and engineered as the anti-virus programs from Norton, then it is definately worth a look. The software can be downloaded or ordered online for $49.

Bradley James is a senior editor at SciNet.cc, a website containing many helpful consumer electronics review articles. For more information on personal firewalls, please visit our personal firewall webpage.

How to Know Whether an Email is a Fake or Not

A few nights ago I received an email from "2CO" asking me to update my personal data. The sender did not forget to insert a link to log in, too.

Following are the steps that I have usually taken to discover whether an email came from a rightful person/company or a swindler:

Position the mouse pointer above the link provided by the sender(PLEASE DO NOT CLICK IT!). See on the status bar whether the URL that appears is genuine.

If you use Outlook Express, in the message list, select the suspected message. click "File", and then click "Properties". Click "Details" to see the email headers.

Notice the "Return-path" part, where you will see the sender's original email address. Notice the domain name (e.g ...@xyzdomain.com). Now you can guess with more confidence that it is a real or fake email.

If you have ever received an email from an autoresponder, you might have noticed that the "Return-path" part contained the domain name of the autoresponder (e.g. ....@abc.getresponse.com) although the email address looked like from another domain.

If you are still not sure, do the same with the original email which you had received previously (the one from the right person/company) for comparison. If the header of the original email on the "Return-path" part reads "Return-path: ", while on the suspected email the reading is "Return-path: ", you ought to be suspicious that the second is a fake email!

If you want, you can also notice other parts of the header such as "Received-from" and "Message-id". But, please do not be influenced by the "from" part. It is the part that is usually used to manipulate you.

Additionally, please conceive that an organitation which is always cautious about malicious abuses, such as 2CO, ClickBank, etc, will hardly send a link to you to click in the email. As I have experienced personally, if the company has something to inform me, they merely ask me to log-in to my account (There is no link to click).

Dispatching a faked up email can be done very easily by anyone who possesses a little knowledge about programming (php, etc).

I hope this tip will be useful for you.

Heris Yunora

http://www.soft-promotion.com

What is Hacking?

WHAT IS HACKING?

Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose.

For those who don't know better, a hacker, by wrong-definition, can be anything from a computer-user to someone who destroys everything they can get their evil terminals into.

Real hackers want their motivations and ethics to be viewed as legitimate, or at least understood, instead of being simply written off as malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain, or devious teenagers who have nothing better to do than crash every available computer.

It is thanks to the mass media and people who have absolutely no understanding of computers, who use terms like "information superhighways", "IT", and "computer crime" to try and make themselves sound important that it is assumed all "hackers" (the good and the bad) fit the above descriptions. There are people who do stuff like the above but they ARE NOT real hackers, They buy the magazine "2600" and they ask questions. They do not want knowledge. They do not want to learn how things work, they do not want to explore. All They want to know is the answer to their damn questions, they are not real hackers.

They are the real criminals and are the threat to every appliance connected to the Internet, they destroy, steal and mess up the flow of information then let the real hackers take the blame!

Hacking IS NOT about the mindless idiotic destruction of files and/or crashing systems intentionally.

Real hackers have an ethical code of practice, which includes things such as:

☞ Leave a system in the state it was found.

☞ Do not intentionally destroy or modify anyone else's data.

☞ Do not cause any legitimate user problems with computer resources.

☞ Do not access emergency services computers.

Real hackers are enraged when so called "hackers" cause damage to or compromise resources. Hacking is about looking for answers and knowledge, it is about learning. That's why hackers hack, to search around inside a place they have never been, to explore all the little nooks and crannies of a world so unlike the boring cess-pool they live in.

Their aim is to rise above the rest, and then to pull everyone else up to the same new level. Real hackers justify accessing computer systems by claiming that it is not unfair to break into otherwise idle computer resources and to download files with the intent to learn.

The already terrible reputation carried by the real hackers is cased by the ignorant and stupid people who like the label of "hacker" that screw things up, mainly though the destruction of stored information and or all passable activities of computer related fraud.

For those who don't know better it is thanks to the mass Media who have blown it way out of proportion. A hacker, by wrong-definition, can be anything from a computer-user to someone who destroys everything they can get their evil terminals into.

And the people who have absolutely no understanding of computers, who use terms like "information superhighways", IT, and computer crime to try and make themselves sound important that it is assumed all hackers are malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain. There are people who do stuff like the above but they ARE NOT real hackers, They buy the magazine "2600" and they ask questions.

They do not want knowledge. They do not want to learn how things work, they do not want to explore. All They want to know is the answer to their damn questions, they are not real hackers.

They are the real criminals and are the threat to every appliance connected to the Internet, they destroy, steal and mess up the flow of information and let the real hackers take the blame!

Hacking IS NOT about the mindless idiotic destruction of files and / or crashing systems intentionally.

Hacking is about looking, searching for answers and knowledge, it is about learning, satisfying their curiosity. That's why they get into the system, to search around inside a place they've never been, to explore all the little nooks and crannies of a world so unlike the boring cess-pool they live in. They seek to rise above the rest, and then to pull everyone else up to the same new level.

Why destroy that which they love? To take away someone else's chance to succeed in getting in as he did? To fuel an already terrible reputation and increase their chances of getting caught and thus have their lives and careers effectively ruined? IT IS ILLOGICAL!

The real problems are caused by the ignorant and stupid people who like the label of "hacker" that screw thing up by destroying everything they can get their evil terminals into.

It is thanks to the mass Media and people who have absolutely no understanding of computers, who use terms like "information superhighways", IT, and computer crime to try and make themselves sound important that it is assumed all hackers are malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain.

ARE YOU A HACKER?

Too identify users who like the label of "hacker". Even as I type this they are dammaging the already terrible reputation carried by the real hackers. This file is meant to help these people who are not helping the movement by pointing out the errors of their ways! What is that you say, "but I am a "badass" hacker". Just ask your self whether any of the following descriptions sound like you, if so then you are part of the problem!.

You have been surfing the net, and you laugh at those media reports of the information superhighways. You have a red box. You do not have to pay for phone calls. You have crackerjack, and you have run it on the password file at a Unix on which you have an account. Your computer knowledge has impressed everyone at your school, you are the one the teachers ask for help. Am I getting warmer?

Or may be you are one of the free loaders. There are thousands of you out there. You buy 2600 and you ask questions. You read phrack and you ask questions. You join #hack and you ask questions. What is that you say, "what is wrong with that? After all, to be a hacker is to question things, is it not?" Nevertheless, you do not want knowledge. You want answers. You do not want to learn how things work. You only want answers. You do not want to explore. All you want to know is the answer to your damn questions. Dose this sound like you?

Or if not the above you are what I refer to as a non event. You read 5% of 5 or 10 of the hacking FAQs and or tutorial files. You no not fully understand the essentials of hacking. Or the reasons for cacking. You have never heard of social engineering or if you have you think it is not important. You think the world of computers and security opens up to you through a keyboard and your redbox. In short you know nothing. You are brain dead, but you see your self as a master mind criminal. You brag about you hacking factices. You make it up as you go along. You lie over any and all the BBS you can.

Dose any of this sound like you? If so you are not a hacker. You are a little child. It is thanks to you morons that get bested whilst destroying everything you can get your evil terminals into that the established order (governments, companions, the mass Media etcetera) assume all hackers are like you, malicious, vandalising, thieving, terrorist out to take over the computers of the world for personal gain or are devious teenagers who have nothing better to do than crash every available computer. Nothing could be feather from the truth!

You enrage the real hackers when you cause damage or compromise resources. You do not understand the damage you inflect When you bring down a system you take away from everyone the chance to succeed in getting in, you take away that which all real hackers have come to love more that live itself!.

Hacking is about looking for knowledge. It is about learning. That's why hackers hack, to search around inside a place they have never been. To explore all the little nooks and crannies of a world so unlike the boring cess-pool they live in. To increase the flow of information and knowledge, so that Everyone can learn and benefit.

WHAT IS A HACKER?

More times that I can remember, someone has asked me the question "Just what exactly is a hacker?"

For those who don't know better. A hacker can be anything from someone who makes furniture with an axe; (by wrong-definition) A computer-user; An expert at a particular programme; An expert or enthusiast of any kind; but the most wide spread application of the term is to describe someone who destroys everything into which he/she can get their evil terminals. This is true to such an extent that if I were to say to just about anyone (that has not being leaving on the moon since 1982) "I am a hacker", it would immediately be assumed that I am a criminal, a malicious, vandalising, a thieving terrorist, a little shit out to take over the computers of the world for personal gain, or some thing along those lines. For this we have the wanabes and the mass Maida to blame!

What I consider a hacker to be is a person who is self motivated and besotted with exploring the details of programmable systems, a person who loves the intellectual challenge of creatively overcoming or circumventing limitations, and uses that knowledge to continue the fight for freedom of knowledge and information, a person who wants to know everything and most importantly a *real* hacker lives by the "hacker ethic" (the belief that information-sharing is a powerful positive and good thing), and whom follows an ethical code of practice (that typically includes things such as, Leave a system in the state it was found; Do not intentionally destroy or modify anyone else's data; Do not cause any legitimate user problems with computer resources; Do not access emergency services computers; etcetera)

Their motivations for hacking (the activities of a hacker) are generally to learn more about any think that can help them understand more about the way the would works, fore example how computer systems work by making them do things they were never intended to do and/or to challenge security measures.

This is my own definition of what the "normative" boundary markers of *real* hackers are. All real hackers tend to meat the majority of these criteria. However, this is by no means universal, like plants, there are many breads of hacker, most of which are out to achieve that same ends, the ones that do not meat any, or the ones the do all the above, but are intent on destruction are *NOT* hackers, most likely they are the wanabes. See my FAQ "ARE YOU A HACKER?" for more about them.

Now, who are the *real* hackers, whatever their motives they tend to share an, unbridled intimacy and total affinity for their life stilly, they are the ones who are so deeply consumed by learning computer science, cacking, programming, social engineering, boxing, scanning, etcetera, that it means more to them than the feeling that they experienced at the flash point of their first love, for some it is the ultimate buzz like heroin, for many to hack, to get access to a system and escape into the binary world, is to engage in sexual intercourse.

Again this is by no means universal, there are those that merely enjoy it, and the ones that find it a pain. The people that do not in *ANY* *WAY* reflect the above may be real hackers, but finding an elite hacker whom dose not is rare.

If you are a real hacker, like it or not, you are a revolutionary and know it or not every thing you do is in some way connected to your search for the truth, because although to be a hacker is to question things hacking its not about asking questions. It is simply about finding the truth because they must be able to choose for themselves, what ever the consequences, it is their right to have some say it their fate.

No one can be told what the truth is, as it is different for everyone, it is an idea, it is simply sufficient information and experience to allow a person to tell for min/her self. It is not an answer that hackers seek but rather the truth is learnt from the path that each hacker takes to gain experience, which is simply the search for knowledge.

I genuinely do not know what the purpose of this file is, maybe someone somewhere will read it, and know more about the truth concerning hackers. Not the lies of the ignorant!

I am the website administrator of the The Wandle Industrial Museum (http://www.wandle.org). Established in 1983 by local people determined to ensure that the history of the valley was no longer neglected but enhanced awareness its heritage for the use and benefits of the community.

Personal Firewalls for Home Users.

What is a Firewall?

The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network.

The primary goal of a firewall is to implement a desired security policy; controlling access in both directions through the firewall, and to protect the firewall itself from compromise. It wards off intrusion attempts, Trojans and other malicious attacks.

Personal Firewalls:

They are meant for the home user in a networked environment. They aim to block simple attacks, unlike the enterprise level firewalls that the corporate world uses at the server or router end. There are many ways to implement a firewall, each with specific advantages and disadvantages.

Are they really needed?

Nowadays organizations and professionals use Internet technology to establish their online presence and showcase their products and services globally. Their endeavor is to leverage digital technology to make their business work for them.

All the organizations and professionals are shifting from Dialup to broadband and getting a fixed IP. It has led to an increase in security attacks, bugs in everyday working. This does not mean that Dialup being anonymous dynamic link or the firewall of the ISP network make you pretty safe.

Now if your machine was under attack, you must have wondered what went wrong making your system crash suddenly. So I would rather like to say, it's not necessary for anyone to actually know about you or your IP address to gain access to your system.

If you system is infected or prone to intrusions, then beyond the anonymity of your Dialup connection or a dynamic IP, your system can be hacked.

Types of Attacks

Intrusion:

There are many ways to gain unauthorized access to a system. Operating system vulnerabilities, cracked or guessed passwords are some of the more common. Once access is attained, the intruder can send email, tamper with data, or use the system privileges to attack another system.

Information Theft and Tampering:

Data theft and tampering do not always require that the system be compromised. There have been many bugs with FTP servers that allow attackers to download password files or upload Trojan horses.

Service Attacks:

Any attack that keeps the intended user from being able to use the services provided by their servers is considered a denial of service attack. There are many types of denial of service attacks, and unfortunately are very difficult to defend against. "Mail bombs" are one example in which an attacker repeatedly sends large mail files in the attempt at filling the server's disk filesystem thus preventing legitimate mail from being received.

Types of Attackers

Joyrider:

Not all attacks on computer systems are malicious. Joyriders are just looking for fun. Your system may be broken into just because it was easy, or to use the machine as a platform to attack others. It may be difficult to detect intrusion on a system that is used for this purpose. If the log files are modified, and if everything appears to be working, you may never know.

Vandals:

A vandal is malicious. They break in to delete files or crash computer systems either because they don't like you, or because they enjoy destroying things. If a vandal breaks into your computer, you will know about it right away. Vandals may also steal secrets and target your privacy.

"In an incident a Trojan was being used to operate the web cam. All the activities being done in the house were being telecasted on the websites."

Spies:

Spies are out to get secret information. It may be difficult to detect break-ins by spies since they will probably leave no trace if they get what they are looking for.

A personal firewall, therefore, is one of the methods you can use to deny such intrusions.

How Firewalls work?

Firewalls basically work as a filter between your application and network connection. They act as gatekeepers and as per your settings, show a port as open or closed for communication. You can grant rights for different applications to gain access to the internet and also in a reverse manner by blocking outside applications trying to use ports and protocols and preventing attacks. Hence you can block ports that you don't use or even block common ports used by Trojans.

Using Firewalls you can also block protocols, so restricting access to NetBIOS will prevent computers on the network from accessing your data. Firewalls often use a combination of ports, protocols, and application level security to give you the desired security.

Firewalls are configured to discard packets with particular attributes such as:

• Specific source or destination IP addresses.

• Specific protocol types

• TCP flags set/clear in the packet header.

Choosing a firewall:

Choose the firewalls which have the ability to ward of all intrusion attempts, control applications that can access the internet, preventing the malicious scripts or controls from stealing information or uploading files and prevent Trojans and other backdoor agents from running as servers.

The purpose of having a firewall cannot be diminished in order to gain speed. However, secure, high-performance firewalls are required to remove the bottleneck when using high speed Internet connections. The World-Wide-Web makes possible the generation of enormous amounts of traffic at the click of a mouse.

Some of the good firewall performers available in the market are below:

• BlackICE Defender

• eSafe Desktop

• McAfee Personal Firewall

• Neowatch

• Norton Personal Firewall

• PGP Desktop Security

• Sygate Personal Firewalls

• Tiny Personal Firewall

• Zone Alarm

• Zone Alarm Pro

Most of these firewalls are free for personal use or offer a free trial period. All the personal firewalls available can't ensure 100% security for your machine. Regular maintenance of the machine is needed for ensuring safety.

Some of the tasks advised for maintaining system not prone to intrusions:

• Disable file and print sharing if you are not going to be on network.

• Update your antivirus signature files regularly.

• Use a specialized Trojan cleaner.

• Regular apply security patches to your software and operating system.

• Don't open email attachments if you have don't know the contents it may contain.

• Don't allow unknown applications to access to the internet or to your system.

• Regularly check log files of your personal firewall and antivirus software.

• Disable ActiveX and java and uninstall windows scripting host if not required.

• Turn off Macros in Applications like Microsoft Office and turn macro protection on.

• Check the open ports of your system and see them against the common list of Trojans ports to see if they are being used by some Trojan.

• Log Off from your internet connection if not required. Being online on the internet for long duration gives any intruder more and sufficient time to breach system security.

• Unplug peripherals like web cam, microphone if they are not being used.

About The Author

Pawan Bangar,

Technical Director,

Birbals,India

ebirbals@gmail.com

Recovering from Viruses, Worms, and Trojan Horses.

"Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your computer gets infected with malicious code, there are steps you can take to recover."

How do you know your computer is infected?

Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can't, you will need to take additional steps.

What can you do if you are infected?

1. Minimize the damage - If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.
   
2. Remove the malicious code - If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store (see Understanding Anti-Virus Software for more information). If the software can't locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer.

How can you reduce the risk of another infection?

Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections:

• use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current (see Understanding Anti-Virus Software for more information).
• change your passwords - Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess (see Choosing and Protecting Passwords for more information).
• keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
• install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.
• use anti-spyware tools - Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware (see Recognizing and Avoiding Spyware for more information).
  
• follow good security practices - Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).

As a precaution, maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected again.

Using Instant Messaging and Chat Rooms Safely.

"Although they offer a convenient way to communicate with other people, there are dangers associated with tools that allow real-time communication."

What are the differences between some of the tools used for real-time communication?

• Instant messaging (IM) - Commonly used for recreation, instant messaging is also becoming more widely used within corporations for communication between employees. IM, regardless of the specific software you choose, provides an interface for individuals to communicate one-on-one.
• Chat rooms - Whether public or private, chat rooms are forums for particular groups of people to interact. Many chat rooms are based upon a shared characteristic; for example, there are chat rooms for people of particular age groups or interests. Although most IM clients support "chats" among multiple users, IM is traditionally one-to-one while chats are traditionally many-to-many.
• Bots - A "chat robot," or "bot," is software that can interact with users through chat mechanisms, whether in IM or chat rooms. In some cases, users may be able to obtain current weather reports, stock status, or movie listings. In these instances, users are often aware that they are not interacting with an actual human. However, some users may be fooled by more sophisticated bots into thinking the responses they are receiving are from another person.

There are many software packages that incorporate one or more of these capabilities. A number of different technologies might be supported, including IM, Internet Relay Chat (IRC), or Jabber.

What are the dangers?

• Identities can be elusive or ambiguous - Not only is it sometimes difficult to identify whether the "person" you are talking to is human, but human nature and behavior isn't predictable. People may lie about their identity, accounts may be compromised, users may forget to log out, or an account may be shared by multiple people. All of these things make it difficult to know who you're really talking to during a conversation.
• Users are especially susceptible to certain types of attack - Trying to convince someone to run a program or click on a link is a common attack method, but it can be especially effective through IM and chat rooms. In a setting where a user feels comfortable with the "person" he or she is talking to, a malicious piece of software or an attacker has a better chance of convincing someone to fall into the trap.
• You don't know who else might be seeing the conversation - Online interactions are easily saved, and if you're using a free commercial service the exchanges may be archived on a server. You have no control over what happens to those logs. You also don't know if there's someone looking over the shoulder of the person you're talking to, or if an attacker might be "sniffing" your conversation.
• The software you're using may contain vulnerabilities - Like any other software, chat software may have vulnerabilities that attackers can exploit.
• Default security settings may be inappropriate - The default security settings in chat software tend to be relatively permissive to make it more open and "usable," and this can make you more susceptible to attacks.

How can you use these tools safely?

• Evaluate your security settings - Check the default settings in your software and adjust them if they are too permissive. Make sure to disable automatic downloads. Some chat software offers the ability to limit interactions to only certain users, and you may want to take advantage of these restrictions.
• Be conscious of what information you reveal - Be wary of revealing personal information unless you know who you are really talking to. You should also be careful about discussing anything you or your employer might consider sensitive business information over public IM or chat services (even if you are talking to someone you know in a one-to-one conversation).
• Try to verify the identity of the person you are talking to, if it matters - In some forums and situations, the identity of the "person" you are talking to may not matter. However, if you need to have a degree of trust in that person, either because you are sharing certain types of information or being asked to take some action like following a link or running a program, make sure the "person" you are talking to is actually that person.
• Don't believe everything you read - The information or advice you receive in a chat room or by IM may be false or, worse, malicious. Try to verify the information or instructions from outside sources before taking any action.
• Keep software up to date - This includes the chat software, your browser, your operating system, your mail client, and, especially, your anti-virus software.

Authors: Mindi McDowell, Allen Householder :US-CERT

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet. It's about cookies on your computer - what they are, why they are there, and what to do about them. Computer cookies actually have quite a bit in common with their baked counterparts - some are good, some are bad, and they have expiration dates.

Cookies are small text files that a server places onto your hard drive whenever you access a given domain. Cookies typically contain information that the website uses to either customize the page you are viewing or otherwise make your web browsing experience more convenient and enjoyable. The information is stored on your hard drive and accessed whenever you go back to the website that originally gave you the cookie. They usually include an expiration date at which point they will be erased from your computer - it could be when you close your browser; or hours, days, months, or years after it is placed. Some don't expire at all. At the time of this writing I had a cookie stored on my computer that wasn't set to expire until Wednesday, February 25th, 2195 at 3:45:13 am - I deleted it.

Before you run out to your browser's options and delete and block all cookies, let me mention a few common uses of cookies:

* Cookies store information for 'shopping carts' at online stores. When you select an item and place it in the shopping cart, a cookie is created to remember the item and the price so that you can keep shopping. When you are done shopping you simply click the button to check out and the site accesses the information stored in the cookies to complete your order.

* Cookies can be used to remember logins and passwords. While this initially sounds a little disheartening, the purpose is really to save you time. Sites will remember the information for you so you don't have to type it in each time you want to access information.

* Cookies help websites customize their content and layout for you. If you are a diehard fan of the local college's basketball team, and you always access the stats and score from the game at a website, that site might use a cookie to send you straight to your team's page.

* Cookies help identify whether you have already visited a site. They can also count how many times you have visited the site in a given period of time.

* Cookies remember the last page or position you were on at the site. Like a virtual bookmark, this is especially helpful if you are reading online or accessing several pages of information.

There are many other ways cookies can be used, and there is obvious potential for abuse. You probably wouldn't eat a cookie given to you by a complete stranger, especially if you didn't know what was in it. The same common-sense principle holds true while you're online, and exercising a little caution can save you from a lot of heartache later on. Blocking any and all cookies will guarantee no personal information is leaked through the cookies, but many sites will either not be able to or will choose not to interact with you.

The trick, then, is to let the good cookies through while screening out the bad ones, not at all dissimilar to what you do when you hover over the cookie tray at a party - you take the ones you want and leave the rest behind. This can be accomplished in a few different ways.

First, you can periodically delete all the cookies on your hard drive. This will systematically wipe out all unwanted cookies that have made their way to your computer. Unfortunately, it will also take care of all the good cookies too. If you only use the internet occasionally (i.e. a few minutes a week), this option might work for you.

Second, you can try to go about it manually. Many browsers that allow you to block cookies also include a feature that allows you to include a list of sites from which you will allow cookies. The advantage of this method is it places virtually complete control over cookies into your hands, allowing only those that you want to be placed on your hard drive. The disadvantage is that it can become very burdensome (at times downright annoying) having to constantly update the list of allowed sites.

Third, you can call in some third-party software to help out. The best programs will scan your computer to find all the cookies and put them into a table or list. This saves you the trouble of having to dig around your hard drive to find the files yourself (try looking for a folder named "Cookies"). Many programs will also indicate with some degree of confidence whether a given cookie is wanted or unwanted, and provide a convenient way to delete the ones that you decide you don't want.

Nick Smith is a client account specialist with 10x Marketing - More Visitors. More Buyers. More Revenue. For great software to help delete cookies, check out ContentWatch, Inc.

Can I Guess Your Password?

We all know that it's dangerous to use the same password for more than one program. If you sign up for a program run by someone of low moral fibre, what is to stop them running through various programs with your username and password to see what they can access?

But of course remembering all the different passwords can be a headache. And writing them down somewhere isn't a great deal safer than using the same password again and again.
You can buy software that stores the passwords for you, but do you really want to pay money for another piece of software that performs a solitary function?

Try this simple, two-step, technique that lets you generate an infinite number of passwords, without having to remember any of them.

Step One: Choose a 4-6 letter word or number sequence that you can remember easily. Needless to say, don't reveal this to anyone. For the purpose of this demonstration, I'll choose the word "cash"

Step Two: Apply this secret word or number sequence to the name of the program you are setting up the password for.

To accomplish this, invent a couple of easy to remember rules.

Rule 1: Decide which part of the program name you are going to use. It could be the whole name, the first 6 letters of the name, the last 8 letters of the name. It's totally up to you, be as creative as you like.

eg - For the program TrafficSwarm, I might choose the first 8 letters of the name. This give me: "traffics"

Rule 2: Take the portion of the program name you have selected and merge it with your secret word or number sequence to create a unique password. Again, be as creative as you can with this rule. You could replace every second letter, every third letter, every vowel or every consonant.

eg - If I replace every second letter of "traffics" with my secret word "cash", I get " t c a a f s c h "

or

- If I replace every vowel of "traffics" with my secret word "cash", I get " t r c f f a c s ". The "s" and the "h" are not used as "traffics" has only two vowels, but some words will use all four letters of "cash". Some words might have more than four vowels, in which case just start back at the beginning with "c" and "a" and so on?

You don't have to worry about making your rules overly complex. Even the best code-breakers would need to see several of your passwords before they could start to guess what you rules are.

As long as you keep your rules safe and sound, your password is secure. But the real beauty of this system, is that you don't have to remember the passwords you create. You ONLY have to remember the rules.

When you log into the program the next time, just apply your rules to the program name, and you can work out what password you generated. Once you have been using the rules for a while, you'll generate the password in your head, without even having to pause.

Don't worry if it seems a little complicated at first. Read this article through a couple more times and then try this technique with just a couple of programs. Once you are happy with it, all that's left to do is to start working your way through existing programs and update your passwords. It's time consuming, but for peace of mind you'll be glad you did.

David Congreave is owner of The Nettle Ezine, the newsletter for the home business -- online. David lives in Leeds, in the United Kingdom, with his wife Leanne.

Reducing Spam

"Spam is a common, and often frustrating, side effect to having an email account. Although you will probably not be able to eliminate it, there are ways to reduce it. "

What is spam?

Spam is the electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses—valid messages from legitimate sources could fall into this category.

How can you reduce the amount of spam?

There are some steps you can take to significantly reduce the amount of spam you receive:

• Don't give your email address out arbitrarily - Email addresses have become so common that a space for them is often included on any form that asks for your address—even comment cards at restaurants. It seems harmless, so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request.
  
• Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.
  
• Be aware of options selected by default - When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well.
  
• Use filters - Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs.
  
• Don't follow links in spam messages - Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam.
  
• Disable the automatic downloading of graphics in HTML mail - Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message—when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
  
• Consider opening an additional email account - Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You should also use a secondary account when posting to online bulletin boards, chat rooms, public mailing lists, or USENET so that you can get rid of when it starts filling up with spam.
  
• Don't spam other people - Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request.

Authors: Mindi McDowell, Allen Householder