Saturday, September 30, 2006

Target: Internet Explorer

Go where the people are.

That's the philosophy of Target, IKEA, Staples and every major retailer and advertiser. It's such a good and profitable philosophy, it's been adopted by spammers, hackers and cyberscum.

It makes good sense too. Everyone wants to get the most bang for their buck. And there's only so much buck to go around. So, do you put your message in front of 500,000 people when you can just as easily put your message in front of 5 million people?

It's common sense. Advertisers and cyberscum alike make the smart choice - and put their message in front of as many people as possible.

Let's look at it from the perspective of the criminal. If lots of people are using one particular type of software, that's the software that they are going to target in their attacks.

That's why Microsoft is exploited so frequently. Lots of people give Microsoft lots of grief, and while I may agree they deserve much of it, they don't deserve all of it. Most cyber criminals focus all their time and resources to cash in on Microsoft weaknesses because that's where the people are.

That's why you need to go where the people aren't. Take Microsoft's Internet Explorer. It's been the target of so many attacks, you're really taking a lot of risk if you continue to use it. Especially when there are other excellent and safer options available.

If you want to surf the Net more securely, check out my personal recommendation - Mozilla Firefox. It's safer (less people) and it's free!

To Your Safe Surfing,

. . . Stephanie

technorati tags:, , , ,

Monday, September 25, 2006

They May Be Sending You More Than a Greeting

Just a quick alert here. . .

Watch out for an email telling you that you have received a Yahoo! Greeting Card. The purpose of the email is to lure you to their site and then Whamo! They start collecting your private information.

I got hit today, but luckily didn't click through. Such a shame since I've always enjoyed e-greetings - both sending and receiving.

For details and screenshots, visit Websense.

. . . Stephanie

Sunday, September 17, 2006

Chase Goofs Up For Circuit City Customers

On the heels of one of the largest mishaps to happen at the U.S. Department of Veterans Affairs, which said in May that data on 26.5 million veterans was stolen, comes the Circuit City credit card (a division of JP Morgan Chase) debacle.

On Thursday, September 7, Chase Card Services said that it mistakenly tossed out computer tapes with the personal information of Circuit City card holders. Now this is not a hacker or cyber intruder, mind you, this was just a stupid mistake.

Chase is trying to make it right. Though no attempts have yet been identified to misuse this personal information, Chase is offering customers a free, one-year credit monitoring service is being offered to individuals whose social security number was on the thrown out tapes.

All other Chase cards are still secure. This incident effects Circuit City credit card holders only, and you should be contacted by Chase soon.

We always need to protect ourselves from online predators, but sometimes we just need to protect ourselves against sheer incompetence.

. . . Stephanie

Wednesday, September 13, 2006

Wipe It Or Risk It All

eBay is a great marketplace. Whenever I need some hard-to-find item, it's one of the first places I look. And I'm not alone. More than 75 million people other people do too.

So hearing about the latest security breaches that involved eBay and reselling in general didn't come as too much of a surprise.

I have always preached the importance of reformatting your hard drive before you dispose of it or give it away. Well, lots of people are now selling their old computers, smart phones and PDAs on eBay - without removing confidential, personal information first!

"Personal and corporate data is being sold on the open market through eBay, and it's also available to anyone who finds, steals or purchases a used smart phone or PDA from any other source," Nick Magliato, chief executive of Trust Digital, said in a statement. "The general public needs to immediately be made aware of this fact."

In a recent sampling of 10 mobile devices purchased on eBay, nearly 27,000 pages of sensitive data was retrieved.

According to Trust Digital, the users of these devices included the corporate counsel of a multibillion-dollar technology company that serves the legal market, a former employee of a publicly traded security software company, and an employee of a Web services company.

Many people think that simply deleting files makes them disappear - but that's not how it works. When you delete files, they remain on your hard drive and can be found by anyone wanting to access them. You can purchase software (known as wipe programs) to overwrite your information and make it completely unreadable.

So remember, before making that charitable donation or making a couple of bucks on eBay, erase your hard drive.

. . . Stephanie

Tuesday, September 12, 2006

Just How Safe Is Safe?

You go to a website. It looks interesting. They tell you your information is safe. You enter your information. Some time in the future, you get a letter. Uh oh. Security has been breached. Your information isn't so safe anymore.

Now I don't mean to be a prophet of doom here. This is more the exception than the rule. But, heads up. . .it does happen.

Take
SecondLife.com. SecondLife is a three-dimension online world where residents (you) buy and sell virtual land using Linden dollars, which can be redeemed for real currency. The residents are portrayed as animated characters that users design for themselves to interact with other participants.

The site is not all fun and games for some. Fortune 500 companies like Coca-Cola and Wells Fargo, along with professional authors, musicians and architects, set up virtual outposts of their organizations or personas in SecondLife to represent themselves inside the online world.

In a letter to its 650,000 users this weekend, Linden Lab, the company behind the "Second Life" site, said that its customer database, including names, addresses, passwords and some credit card data, had been compromised by an intruder.

Whoops! Like I said, I'm not trying to be a fear monger. I just want you to be aware that security breaches can and do happen. So be careful about what you put out there. Have fun, but let's be careful out there!

. . . Stephanie

Monday, September 11, 2006

Just Another Patch Tuesday

I was trying to sing, "Just Another Patch Tuesday" to the tune of "Just Another Manic Monday" by the Bangles (am I dating myself?), but I just couldn't get it to work. Ah heck, I used the title for this blog post anyway.

We've got another Patch Tuesday upon us (Microsoft releases fixes the second Tuesday of every month) and while they are still issuing one "critical" and two "important" updates, this is probably the calmest Patch Tuesday in weeks.

The software giant will issue the bulletins Tuesday morning, and you can be pretty certain there will be some zero-day exploits - or malicious software (malware) released the same day a flaw is made public, and after the patch is released.

I get emails all the time from readers who say, "just get a Mac - you'll have no worries about spyware and viruses." And while I do agree that threats to a Mac are minimal (yes, I put it in writing), all of my subscribers and most of readers use PCs with Microsoft Windows. So I'm sticking with it.

Once again, get your Window Updates regularly or sign up for Automatic Updates.

. . . Stephanie

Saturday, September 09, 2006

Do You Want More Bang With Less Buck?

Sometimes, cheaper is better.

My mother always taught me, "You get what you pay for," and in most cases that's true. But when I can get a better product for less money - I'm the first person in line.

So when industry analysts said that computer security products are
not only getting better, they're getting cheaper too, I did my
happy dance.

And they're crediting Microsoft with the competitive shake-up.

You see, Microsoft released their first security product in May of
this year. It's called Microsoft OneCare, and it's taken over the
number 2 spot in security sales in June and July.

It is by far the cheapest option too. As a result of their
release, other security software giants are going to start bucking
up and bundling features instead of selling them all separately,
and reducing their prices in the process.

For instance, Microsoft OneCare comes bundled with an antivirus,
anti-spyware and firewall software with backup features and several
tune-up tools for Windows PCs. You can also use the same software
on up to three other computers - most security software companies
require you to purchase separate software for separate computers.

If you're interested, I recommend you pick up
Microsoft OneCare on Amazon- it comes with a $19.99 price tag (list price $49.99, Best Buy price $29.99).

So, get ready to get more bang for your buck.

Computer security just got cheaper.


technorati tags:, , , , , ,
Are Your Ready For More Bang and Less Buck

Monday, September 04, 2006

Phishing Alert - Phoney Apple Ipod & More

I've talked about phishing in the past, and I'll continue to do so. It's that important. Every day these depraved degenerates (sorry, was that harsh?) come up with new, innovative ways to disguise phishing emails as legitimate ones.

Let's take the new Apple Ipod Phishing Scheme.

An email arrives in your inbox claiming that the popular music player is being shipped via FedEx and that a payment of $479.95 has been received from your e-gold account. The malicious email's subject line usually reads: "Track your Order".

Of course you open it (no, don't!) because you didn't order it and you don't want to pay $479.95 for something you didn't order.

When you open it (I said, please don't!) there is a file attached called OrderInf.zip, which unpacks to OrderInfo.exe. Executing this file infects your computer with a Trojan horse that attempts to download further malicious code from the internet. Guess what else - no Apple Ipod either! :)

We've all gotten the phishing emails from eBay, PayPal, and various banks and credit unions. They're just getting more creative now. If you've posted a resume on Monster.com, you may get an email from Saphire Technologies claiming they found your resume on Monster and please fill out additional information because they're interested in hiring you. You click the link (OK, how many times can I say . . . no, don't!), fill out the form, and POOF - you're our newest victim.

It bears repeating. Please don't click on a link in an email. Go directly to the site (eBay, PayPal, Monster, your bank, etc) and enter your username and password there. Clicking a link in an email is just asking for trouble.

. . .Stephanie

Saturday, September 02, 2006

Windows Live OneCare Family Safety Beta Released

Got kids?

Do they use the Internet?

As a parent, you want to ensure their experience on the Internet is safe. I hope I don't need to tell you about the evil elements lurking in cyberspace just waiting for your child to get online.

There are lots of Internet monitoring software programs and parental controls you can buy for your computer. Microsoft just debuted their beta version of Live OneCare Family Safety, and it's free.

Here's a quick review of the features of Live OneCare Family Safety:

  • Allows you to review and filter your child's online activity
  • Customizable for each family member
  • Ability to restrict access to sites or types of sites (ie. gambling, pornography)
  • Access to individual activity reports (you can see what sites your child has visited)
  • Online help
If you have an MSN Hotmail, MSN Messenger or Passport ID, that's all you need to get started. If you don't, setting up an account is still pretty simple.

Keep in mind, setting up your family's individual accounts and their restrictions will initially take some time. You will be accessing the Internet through the Live OneCare Family Safety software - unless you disable it, which is easy with your administrative password.

As with any beta program, there are bound to be bugs. So if you have patience with that, give it a go. Your child's personal safety is well worth it.


Windows Live OneCare Family Safety Beta Released

Friday, September 01, 2006

Don't Believe Everything You Read

I’m a skeptic. Some would even say I’m a cynic. I just think I’m cautiously realistic.

And I don’t believe everything I read or see.

The Internet has opened up a whole new world for us, and unfortunately there are those who are taking advantage of that. And while these cyber scammers continue to profit from their cyber scams, we get more and more scared.

Is someone trying to steal my information? Is someone going to steal my identity? Is someone going to steal my money?


My poor husband is one of those people. He spends countless hours running spyware scans, virus scans, erasing histories, cookies and temp files. And while I advocate all of these things, I do so as a matter of cautious reality, not to instill fear and terror. I’m still trying to convey that to him. I think he spends more time “cleaning” his computer than he does actually using it!

Criminals (yes, that's what they are) set up websites and send you emails telling you your information is at risk. Here’s one example.

There is a new wave of email scams disguised as Microsoft Security Bulletins. You may receive an email message which urges you to immediately install a cumulative security patch for the "plug and play" vulnerability. It looks deceptively like a Microsoft Security Bulletin, so you have no reason to question it, right? Wrong!


Once you visit the site (by clicking the link in the email) and run the code, you are infected with a password stealing Trojan Horse.
Lots of people still fall for this because we want to be sure our systems are patched and we’re protected. It is just a sophisticated way of taking advantage of the fear created in the marketplace.

Here are just a few ways to protect yourself:
  • Only download security updates directly from the Microsoft website
  • If there are misspellings in the email, chances are it’s a scam
  • Never click a link in an email
  • Never open an attachment in an email

    Here's a screenshot of the scam email:

    . . . Stephanie