Find more Phishing Funda....
Sunday, June 29, 2008
Don't Miss Information Because of Misinformation
Of course with an equal amount of mis-information, it also has the ability to make you dumber, faster, than any other medium on the planet.
So how do you decide which sources of information to trust and which sources to avoid?
It has long been a source of debate, whether or not, any information can be 100% reliable. There is, it is said, no such thing as absolute truth (is that an absolute truth?).
Really though, there is no point in driving yourself mad with such trivial philosophies. All you have to do is decide, in your own mind, where your level of skepticism begins and ends. And skepticism is important in this day and age. That isn’t a negative viewpoint, it’s just a realistic assessment of what you need to survive.
Imagine for a moment that you're looking for a solution that will send your weekly newsletter to your eagerly awaiting mailing list. You can choose from a myriad of different software, hardware, third-party solutions. Some free, some cheap, some expensive and some unreliable. A decision has to be made. Who’s going to help you? Look at the options.
SPAM: Lots of unsolicited emails promise to have the definitive solution and at one time this might have been worth a look. Today, however, if a company is so discourteous that they ignore the generally accepted rules of spamming do you really want to do business with them?
Verdict: Dubious
WEBSITE: Ranked high on Google, plenty of glowing testimonials, even a 30 day money-back guarantee. But wait! Are those testimonials real or fictitious? Is there a clause that will prevent you from returning the product if you dislike it? Can you really believe anything you are being told?
The reality is, that many companies will say anything to make a sale. This is true both on the Internet and the High Street. Desire for profit can quickly deteriorate good intentions. I don’t need to preach about this. You know it’s true.
Accept this, then temper your paranoia by checking the facts. Legitimate companies exist on the Internet by the thousand. The ones worth buying from will happily talk to you on the phone and answer your questions in person. They will respond to your questions by email, probably on the same day. And, if they’re really worth spending money on, they will let you personally contact previous customers so you can confirm that what they’re saying is true.
Make the company work for the sale. If they can’t be bothered to reply to your emails or turn the answering machine off, don’t bother to give them your credit card number.
Verdict: Tread carefully
RECOMMENDATIONS: The product/service is recommended by a third party, perhaps in an ezine, or on a website. Sounds great? A genuine testimonial? But wait!
What is the recommender’s motive?
Love for fellow man?
Appreciation of the product?
Cash?
If you picked option number 3, you’re probably right. Joint ventures and affiliate programmes have led to many a recommendation of a product/service that hasn't been evaluated or even used. There are exceptions but there’s a good chance that the recommendation is linked to a commission.
This doesn’t, by itself, mean the testimonial is bogus. It simply means, as previously stated, that you should use some skepticism.
Look for recommendations from newsletters or websites that have been around for some time. If they have a reputation to consider, they will (should?) think twice before promoting something they haven’t fully investigated.
Verdict: Useful, be sure about the source
SEARCH ENGINES: Once you’ve found the product/service that sets you alight, look for negative feedback. Search for the product name alongside words like "hate" or "problem".
If lots of people have used this product and had problems, then at least few will likely have posted their experiences on a forum.
If no results appear, take this as a good sign and move on.
Verdict: Essential step
FORUMS: If you're really having difficulty finding what you are looking for, forums could be the key.
Look around for about half a dozen forums that you like and have plenty of traffic. Then post a description of what you need on all of them. Check back frequently and see what comes up.
Forums are an excellent way to find uncensored information offered solely for its value. Generally speaking, what you see is what you get.
There are, of course, exceptions. Occasionally someone might recommend something, solely because they are affiliated in some way. But if the forum is busy enough, they probably won’t get away with it.
Verdict: About as safe as you can hope to find
Does the above sound obvious to you? Maybe it is, but every day hundreds or even thousands lose money on poor or useful products/services that they were convinced were perfect. If you doubt it, check through a few related forums.
If you run your own ezine/website/forum, ask yourself what you can do to help those who aren’t as experienced. Your honesty will set you apart from the rest.
If all of this seems helpful, all well and good. Your final task is to apply the above information to this article and ask yourself, with just a touch of skepticism:
"Is it information or misinformation?"
Sunday, June 22, 2008
Spy Scanners - Don't Compromise your Privacy
Spies, spyware, internet parasites are among what they are usually called. These are scouts that monitor your web activities. The work undercover to check on your surfing patterns, spending habits, items bought, they extract email addresses, hijack browsers, steal credit card information. These are just some of the things a spyware is capable of.
A spyware is mainly an information hungry parasite determined to gather data from a user or surfer without him knowing it.
The information gathered by these parasites are then sent to the originator without the users consent. Most often, the information gathered by the spyware are used to generate ads and pop-ups on the user’s PC.
Spywares and Adwares aside from being a nuisance and an invasion of privacy can also jeopardize the optimal performance of your PC. They can eat up unused disk spaces and position themselves in an inconspicuous location in your hard drive. They can also eat the bandwidth, crash your system and oftentimes inflict themselves in the Registry or in the memory of your computer.
Spyware and Adwares have become very rampant nowadays. Prevent yourself from being a victim of these by:
* Being careful of Freeware and Shareware Downloads
- Some of these downloads are tagged with spywares which may be unknown to the user. Refrain from downloading sharewares and freewares from unknown sources.
* Installing a good spyware/adware scanner and removal software
- There are a number of spyware scanner and/or removal softwares in the market today. A good spyware scanner can effectively locate all spywares installed on your PC and a good spyware removal tool can effectively remove all the spywares detected.
Spy Scanners are programs designed to detect spies in your PC. A good spy scanner can effectively search through the most unnoticeable embedded files that spy on you.
Most Spy scanners include a spyware removal function. Other spy scanners do not entail spyware removal features but display the logs of the spyware detected in your PC. The information in the logs contains the location and nature of the spywares.
For spy scanners with no built-in spyware removal functions, a manual deletion of the spyware files could also be done since the location and the file type is specified in the logs. Some Spy scanner products on the market today have spyware scan available for non-paying users and the removal tool available only for paying users.
Spy Scanners when installed can be chosen to run on demand or periodically.
Friday, June 20, 2008
How to Manage Your Username and Password The Easy and Secure Way
Have been an Internet user for more than 9 years, I have 100's
of logins and passwords to keep. I'm paranoid. I'm now even
more paranoid after I joined YMMSS because I use online payment
systems on weekly basis if not daily.
I used to use Microsoft Excel to manage my usernames, passwords,
and other registration information, both online and offline.
Excel is not safe because there are programs to crack password
protected Excel workbooks and I even cracked the spreadsheet and
VBA source code password for one of my old Excel financial
models I developed. Today I still use Excel to store some personal
information but I only save the Excel file on my another
PC that is not connected to Internet.
In my article "6 Essential Steps to Protect Your Computer On the
Internet", I highly recommended the award winning RoboForm. Free
version of RoboForm (http://www.roboform.com) does come with
limitations such as 10 Passcards only. If you don't want to buy
the Pro version (costs $29.99 as of my writing), there is an
easy-to-use freeware (see below) you can download right now and
manage unlimited usernames and passwords.
Download freeware Password Safe from SourceForge.net - the Open
Source community.
https://sourceforge.net/projects/passwordsafe/
Here are some great features of Password Safe:
- No installation is required. Simply download and double click the
pwsafe.exe file.
- Easy portable. Just copy and paste the EXE file and .dat database
file to any disks. Be aware that when you open Password Safe in
the other disk, you need to specify the database file location
(the .dat file).
- One master password unlocks an entire password database that can
contain all your other passwords.
- Grouping. Usernames and passwords can be grouped into different
categories you define, eg. Email Address, Payment, etc. You are in
total control.
- Strong, random password generation.
- Copy username and password to clipboard so that you don't have to
type them. Always keep in mind that you should never type any
username and password.
- Browse to URL. With one click, the URL related to your username
and password can be opened in your default web browser. Another
save on typing.
- You can create more than one password database (but you have to
memorize more than one master password. Not recommended.)
Here are some tips of using Password Safe (version 2.04) and
managing password in general.
Tip #1 - Always create a strong master password (Safe Combination
as used in the software).
Strong password should meet the following criteria:
- At least 8 characters long to prevent cracking. The longer the better.
- The password should contain lowercase, uppercase, numeric, and any
other characters that are available on keyboard.
- Ideally you should not use any meaningful words or numbers in the
password. Totally random password is the best.
Tip #2 - Let PasswordSafe generate random password for you.
To generate random password:
- Click the menu item Edit.
- Select Add Entry (or use corresponding icon button).
- When the dialogue window opens, on the right hand side, you can
see a Random Password Generate button. Click it, a random password
will be automatically inserted in the Password field.
The generated random password is constructed according to the password
policy defined in Password Safe. You can modify the default policy.
- Click the menu item Manage.
- In the dropdown menu, click Options.
- Click the Password Policy tab.
- Change the policy based on the strong password criteria stated above.
Some sites only allow alphanumeric passwords so make sure you select
the appropriate check boxes when this is the case.
Tip #3 - Very Important: Never type your master password when open
PasswordSafe.
Keylogger spyware can record keystrokes.
How can you enter master password without typing? I do this.
Step 1: Open a Notepad file (.txt).
Step 2: Copy and paste an article from any Internet website to
this .txt file.
Step 3: Select characters from this article and copy, paste to form your
master password.
Tip #4 - Very Important: Never lose your master password.
I memorize my master password. In addition, I also physically write it
down to a hand written study material that has my previous uni works.
Among the 1,000's of words, I placed my 22 characters master password
in two different pages in encrypted format that can let me derive
my master password.
Tip #5 - Categorize username and password.
When you add a new entry, you need to specify Group, Title,
Username, Password, and Notes. The entries that share the same Group
name will be gathered together automatically.
One Group can contain another Group as its sub Group. For example,
I have Email Address group which contains three sub-groups as
Friend, Work, Family.
Tip #6 - For security reasons, always use Copy Username to
Clipboard and Copy Password to Clipboard.
Remember, never type username and password on a web form. This is how
to do it.
- Highlight an entry.
- Right click mouse.
- In the pop-up menu, select Copy Username to Clipboard or Copy Password
to Clipboard
- Go to your login form, paste the username or password.
You can use mouse to do copy and paste. If you prefer short-cut keys,
this is how.
Copy: Ctrl+C
Paste: Ctrl+V
Tip #7 - Use "Browse to URL" rather than typing URL in browser address bar.
When you enter a new entry or edit an existing one, you can enter a URL
(must start with http://) at the first line in the Notes field. You can save website login
page's URL in this field. When you need to open a login page in browser,
right click the entry and click Browse to URL in the pop-up menu. Then
the login page will be opened in your default web browser automatically.
Tip #8 - Don't forget to backup your password database file.
Use the Make Backup menu item to save a second copy of your password file.
Tip #9 - Store your backups in a different offline computer or location.
This is a widely used backup strategy.
Tip #10 - Use the Notes field to store as many information as you want. Very handy for memo.
If you don't have two computers, you need to use other storage media
to save a second copy of your backup file and version them by date
(easy to track back). Other storage media can be zip drive,
thumb drive, floppy disk, CD, etc.
Off site backups are also important. Don't overlook this. You lose
all your data if you lose both your computer and your other
storage media all together for any reason.
Many companies provide online storage services for a fee. You can
store any digital files (you should password protect these files
first) on their secure servers. Search Google and you will find a lot.
I have two computers. One is used to surf net and it does not have any
sensitive info stored on it. Another one is for my development work
(not connected to Internet) and it has my backup files. I also store
my backups in a thumb drive and CDs sometimes.
Wednesday, June 18, 2008
Behavior to Stay Safer Online
1. Importance of a Virus Scanner: A Antivirus program can help to prevent you from becoming infected with a Virus or Trojan. It is extremely important to make sure this program is updated at least once a week, and all drives are scanned. Viruses usually are used to destroy your Data or Hardware. Where as Trojans are used to gain remote access into your system. Always scan any new files you receive as well, even if they are off a friend, you don't know where those files originated from. ALWAYS use a little common sense when on the Internet as well. Don't accept files from an entrusted source. Don't go to web sites you have received spam for, they can be infected with viruses or asking you to download files that are infected. Always go only to official sites (i.e... If you ask for a web address for Norton and someone says ww.nortfix.com, that is obviously not an official site). Keep in mind that an Antivirus will only detect known viruses. It is possible that someone can create a new virus or manipulate an existing Virus or Trojan to the point it will no longer be detected by an Antivirus. As each unknown virus is discovered it is then added into the Antivirus database. Always create rescue disks for your Antivirus program, these will enable you to access your computer through MS-DOS if you are unable to access it through windows. If you do not have an Antivirus program try the HouseCall free online virus scan the link if on the top right side of this page. Also never run 2 different Antivirus . By using two different Antivirus software, sometimes the rule sets can cause conflicts in each other.. or think the other is a virus.. which can also give false positives (meaning it detects a file as a Virus or Trojan, when it isn't one).. or not detect viruses as it should. Always delete files you do not remember downloading.
2. Importance of a Trojan scanner: A Trojan scanner is exclusively designed to guard against Trojan horses. A Trojan is a method of intrusion into a system. It is a malicious, security breaking program that is disguised as something harmless. A Trojan can grant complete access to your system to unknown parties, allowing them to commit criminal offenses with your Internet connection. If those offenses are investigated the trail will lead right to you. It also possible for them to get personal or business data and some passwords memorized within your computer. The Cleaner is a good Trojan scanner located on www.moosoft.com. Never open any file or download a file off an entrusted source, spammed web sites being one of them. It is very common for someone to set up a web site, then spam that web site saying you are infected with some virus or Trojan download this fix, or saying they have some great password cracking program, etc. Then you fall for it and your infected. Never use any war tools that require you to install something that brings up a warning on your Antivirus, why not to do this will be explained more on the IRC Newbie page. Always delete files you do not remember downloading.
3. Importance of running a Firewall: A Firewall is one of your best defenses of being hacked. That is if your using a good Firewall and have it configured right. ZoneAlarm free download is a decent Firewall. Although I would recommend ZoneAlarm Pro, which blocks a lot of commonly used hacking attempts. Another one I would not recommend is BlackIce, if you see that one run like there is no tomorrow (gives a lot of false positives). Ultimately though I would recommend running at least one Firewall, even if your computer is connected behind a gateway/router. When looking into firewalls it is a good idea to check what features it has. While one may block a number of hacking attempts, it may not block ads or cookies. Make sure to get all the details before deciding on a Firewall to purchase.
Also if you on Windows XP you can configure the Firewall they have built into it, go to start menu ... control panel ..... click network connections ..... double click local area connections ..go to properties ... then select the advanced tab. There you will find the XP Firewall and can enable it. You can also click on the link they provide to learn more about it. Never run 2 firewalls unless one is a software and the other a hardware. Security threats such as those dealing on the application level (your Operating System).. software Firewall can analyze that data better. Whereas hardware better analyzes incoming data from the Internet (snifters, etc.). If you have your own server.. good idea to choose a good one of each (hardware and software). If I am not running a Firewall but would like to see what connections my computer has open how do I do that? Simply go to your start menu under programs or programs/accessories you will find the MS-DOS prompt/Command prompt once you have that open type the command "netstat -an" without the quotations. There is will list the protocol of the connection TCP/UDP, the local address and foreign address, as well as the state which will show either as listening or established. Keep in mind that any connection to the Internet will show up there.
4. Importance of Windows Updates: It is extremely important to update windows. If you are not sure how to, just go to your start menu, then to programs you will see Windows Update there. Windows critical updates are related to security issues within Windows itself. These security issues can be exploited by hackers, these issues can also cause you to get infected easier with a virus if you are a Outlook Express user. As vulnerabilities are detected in Windows critical updates are released for them.
Always be sure to update Windows on a regular basis.
5. Safer Passwords: Never have Windows remember your passwords. If you ever do get an intruder on your system passwords saved in Windows can be retrieved. Instead what I recommend is saving all your passwords to notepad then saving them on a floppy disk. A simple copy and paste to use your passwords for any sites you visit, or accounts you may have online. Never use simple passwords such as names of places, things or people. Also do not use passwords that consist of either all letters or all numbers. The best passwords to have should have a combination of letters and numbers(e.g. g74npw2m5), when possible, use symbols (e.g. #^&%!). If the password is case sensitive, then use upper and lower case . Also make sure that the letters and numbers you use are not in clusters on your keyboard (within same general area on keyboard). Make your passwords longer then you may normally make them. Doing this will make any passwords you have harder for an outside party to crack. Apply this to anything you do on the Internet that requires a password. This one I speak from experience on, my last website on a free host, the password was cracked and the content of those pages changed. For many things available on the Internet you require Username and a password, if someone knows your Username or can figure it out, that is half their battle. So make the other half of their battle as difficult as possible. On Irc including characters in your passwords such as ¤, å, ¥, § ,etc... will help even more, to make your passwords harder to crack. Never use any of the following for your passwords (in whole or part): your name or a pet's name, girlfriend, boyfriend. Anything relating to any hobbies you have. Numbers dealing with you, relatives, friends, family, etc. (birthdays ,Social Insurance Number, significant dates, etc.). All of this can and WILL come back to haunt you.
6. What is Spyware?: Software that is installed on your computer/or a virus, which gathers information about you without your consent or knowledge of it. This information can end up in the hands of advertisers, spam e-mail lists, and other interested parties. It can gather information from cookies on your computer. Cookies can store information about websites you have visited, to develop a general idea of your online activity. Cookies generally store information such as preferences from websites, and they are stored on the hard drive of your computer. If your not comfortable with the idea of someone getting any information about your online activities, as most people are. There are programs out there that can be used for either removing cookies from sites you have visited as well as programs that will detect and remove known spyware programs. Lavasoft Ad-aware is a good program for removing spyware programs. Window Washer is an excellent program for removing a lot of your online history (cookies/temp Internet files... etc...). For people who use Kazaa, don't be surprised if that shows up on an Ad-aware scan, It will. Once you remove the spyware detected, Kazaa will fail to work without it. A suggestion for future use, switch to Kazaa Lite.
Monday, June 16, 2008
5 Simple Steps to Protect Your Digital Downloads
A couple of days ago, I was searching for a popular eBook online.
Now I'm not going to tell you the name of this eBook for reasons you'll understand in the next few minutes.
Okay, so here I was, opening Google, entering the name of the eBook - clicking search, and checking through the first few pages of search results.
-> Forward to Page 5 of Google
I saw a link that looked like a PDF document.
Right click -> open in new window
There, in full glory, was the eBook I was searching for!
The complete eBook, mind you, not a trial or demo - sitting there for the world to download.
And this is a product that sells for over $25 online!!
Obviously I'm not going to tell you the name of the eBook because it would not be fair to the reseller.
But it just made me realise that one of the reasons digital theft is so prevalent is simply because... its so EASY!
Don't get me wrong. I don't condone theft of any kind - digital or otherwise.
But would YOU shell out $25 for a product that everyone can 'legally' download off the 5th page of Google?
Most people would just shrug their shoulders, hit the save button and thank their lucky stars.
Result: The opposite of $ KA-CHING $ for the sellers
One of the problems with selling digital products online is that it is so SIMPLE to do. So now everyone and their grandmother wants to do it.
But most newbies have no idea that it requires only a few simple steps to ensure a moderate degree of security for your downloads.
So here I've outlined the five most BASIC security steps That anyone selling digital products online must take.
These will take you only a few minutes to do, and you do not need any special software or programming knowledge.
1. ZIP THAT FILE
The biggest problem arises when sellers store their downloads as PDF documents, as in my experience above.
Now you should know that Google, Altavista and many other search engines can read and list PDF files.
While this may not be a problem for those adding content to their sites in the form of PDF newsletters and reports, it also means that you must never store a product you want to SELL as a PDF file (unless it is in a password- protected folder).
It gets worse. Google also converts your PDF files into HTML documents. So ordinary browsers not only have access to your PDF file, but - horror of horrors - they can download your SOURCE FILE as well!!
The next logical step is for them to customize it with their own links, compile it and sell it or give it away.
Result: The opposite of $ KA-CHING $ for the sellers ...AND the author.
A simple way of keeping your files out of the reach of spiders is to upload them as a zip file. Search engines cannot look inside zip files (yet) and list their contents.
2. CREATE AN INDEX.HTML FILE
You MUST have an index.html file in EVERY folder. It acts like a curtain that keeps your files away from prying eyes.
A folder without an index file is like a house without walls. Everyone can enter and help themselves to the valuables.
The 'index.htm' file is the default file that opens when you click on the link here -
http://ebizwhizpublishing.com
If you don't create an index.htm or index.html file, you'd be allowing everyone to directly access the root directory of the folder where you store your downloads.
Here is a folder I uploaded to show you what happens when you DON'T have an index file.
http://ebizwhiz-publishing.com/test/
As you can see, all the files stored in it are clearly visible and ready to download.
And yes, feel free to help yourself - I won't accuse you of stealing :-)
3. SHOW PEEPING TOMS THE EXIT
You can use a simple script to redirect peeping Toms back to your home page.
Here's the easiest way to do it using what it called a "meta refresh tag." Add it between the Header tags like this.
Just replace my URL with your own in the example above and paste it into the head of your document (before your text).
You can see how it works by clicking on the test folder here.
http://ebizwhiz-publishing.com/redirect/
Now even though you click on the folder URL, you will be sent to my home page.
4. SPIDER-PROOF YOUR DOWNLOAD PAGES
To prevent search engine spiders from reading and listing the download pages that link to your eBooks add the tag below in the head of the document.
This "Robot" tag tells the spider that this page is not to be spidered or indexed. As a result it should never show up on a search.
5. CHANGE YOUR DOWNLOAD LINKS OFTEN
To prevent unscrupulous people from posting your download links on forums or message boards, change the folder or file name where you store them from time to time, even if it means having to change the download links in your merchant account.
Using these methods will give you a good degree of satisfaction, knowing that you have taken the most basic steps to protect your digital valuables - and at absolutely no cost to you.
Saturday, June 14, 2008
Beware of the Newest Activity Online: Phishing
No. I’m not talking here about the outdoor activity enjoyed
by many. And no again; I did not misspell it. Phishing is
the name given to the latest online scam where millions of
unwary Americans are getting their identities stolen.
This fraudulent activity is considered the fastest growing
crime of modern times. The favorite target groups of
phishers seem to be very young children and senior citizens,
as they do not often ask for credit reports, fill out credit
card applications or solicit loans. This allows the thieves
to go undetected for longer periods of time; but still, be
careful. We all are potential targets.
Remember when throwing away unshredded documents with
personal information in the trash bin was considered a big
risk for identity theft? While this still happens, identity
thieves have become more sophisticated in recent times, and
this is how they do it…
Phishers create bogus e-mails that look as if they came from
large, well-known institutions and banks, such as eBay,
Paypal, Citibank, EarthLink, and Wells Fargo among others.
These e-mails claim that you are due for an account update,
or that the account number, password, social security number
or other confidential information needs to be verified. Then
they warn you, stating that if you do not do it within a
certain period of time, that your account will be closed,
terminated, the service discontinued, or something to that
effect.
They even provide you with links to websites that look
legitimate, because they hijack the real logos of these
well known banks, and trusted institutions and companies.
And that is the scary part… these e-mails look 100%
legitimate, but they are not.
In some cases it goes even further… some of these phishers
are installing spyware on your computer to monitor your
online activities. So… should you leave the online world for
good? Not necessarily.
These are a few things you can do to protect yourself from
these scammers:
1. Do not respond to any e-mail that asks for personal
information from you, such as account number, credit card
number, user names, passwords, etc. If you suspect that the
e-mail, indeed, be legitimate, contact your bank or
institution to verify this.
2. When in doubt, visit the Anti-Phishing Working Group for
an update of the latest scams, and tips to avoid becoming a
victim. The website’s URL is www.antiphishing.org
3. Websites like www.Paypal.com, www.citibank.com, and
www.ebay.com, offer security tips and tell you what
information they’d never ask for in an e-mail.
4. Get anti-virus software and keep it up-to-date.
5. If you suspect you have received a fraudulent e-mail, do
not click on any links within it, and forward it to the FTC
at uce@FTC.gov
Finally, if you suspect you’ve been a victim of this fraud,
get a copy of your credit report immediately to check for
unusual activity. If you discover that you’ve been a victim
of identity theft, close your account at once and…
- Call the Credit Bureau.
- File a police report.
- Call the FTC ID theft hotline at (877)IDTHEFT.
- Alert other financial institutions where you have accounts.
According to the Anti-Phishing Working Group, phishers send
millions of e-mails a day, getting about 5% response. Even
with this low response, it is estimated that about 150,000
Americans have fallen prey to these scams since May of 2004.
Get informed. Do not become a victim yourself.
Thursday, June 12, 2008
Information Security for E-businessmen: Just a Couple of Ideas
If you constantly deal with bank or electronic accounts, it must be
your worst nightmare--to wake up and learn that you are a bankrupt.
Some crook stole your personal data and all the money you have been
sweating blood for years has flown to somebody else's account. Almost
everybody must have heard that such a tradegy is called identity theft
and millions of people in the USA alone suffer the same every year.
Poor consolation for its victims, isn't it?
Unfortunately, businessmen frequently are targets for identity
thieves, especially online. Lots of articles on identity theft,
"how-to-avoid" tips, and scary stories about the victims circulate
through the Web and other media. The authors remind people again and
again that they should be cautious when giving anybody their private
info as well as care for their PCs' security. But in spite of all
their effort identity theft is still the most rapidly growing crime.
Software developers are doing their best, too. They can't be of much
help if somebody plainly looks over your shoulder and writes your
credit card number down. It's for you to take care and never reveal
your personal info to anybody who asks for it. What they can do is to
create new solutions to the urgent problems like data stealing.
Keylogging spyware--the very programs that make lots of such crime
possible--are pretty much written about lately. These programs
secretly monitor everything users do on their PCs.
Keyloggers are used--by themselves or as a part of a virus or a Trojan
-- much more widely than PC users think; it is an open secret that the
lion's share of identity theft that happens online is because of
keylogging spyware. The losses caused by stealing PINs, logins, and
other valuable data, are well comparable with the damage from viruses.
Actually, if a virus or a Trojan contains a built-in key logger module
(and it often does), the end user finds himself in a pretty tough
situation. The problem is that most anti-keylogging programs warn
users when it is too late. The data have already been captured and
sent. Why does it happen?
Almost all anti-spy software existing at the present moment works
using the same scheme: spy program is detected and then blocked or
eliminated. Detecting viruses or spy software is the crucial step of
the whole process--all the protection depends on whether the anti-spy
software is able to detect as many spies as possible. Signature bases
which all these products depend on, is actually the "list" of
signatures – small pieces of spy programs' codes. Anti-virus or
anti-spy program actually scans the system and compares its codes with
those in signature bases. So, in this case only the spies whose
signatures already are in the base will be detected and eventually
"caught". As long as anti-spy software is regularly updated and the
system doesn't come across some unknown spyware product, everything is
all right.
The problem is that lots of programs which could be used for stealing
data are not included into signature bases right now. Some of them
will never be.
There is good deal of people capable of creating something brand-new
spy, unknown to anti-spyware developers. The period of time when a new
spy already exists, but the updates have not been released yet, is the
very time when hackers make their biggest profits.
Spy programs can be created for the specific purpose, such as
industrial espionage, so they will never be represented in the base.
Moreover, some monitoring programs can be used as spy programs as
well, though they are not always included into signature bases. As we
can see, a signature base is the weak spot of anti-spy protection; it
is, so to speak, a joint in the armor. Information thieves also know
about it.
Fortunately, software developers are constantly looking for new
solutions. One of the new trends in anti-spyware developing is not to
use signature bases as means of detecting spyware. There is three
basic advantages in such an approach. First, the product gets rid of
its the least reliable part; second, there is no so urgent need for
updates anymore; and last, but certainly not least-–the product
becomes capable of blocking the destructive activity of even unknown
spyware. To read more about this new approach follow the link in the
signature.
When products of such a kind become widespread, there would be much
more problems for hackers in future. However, there is no guarantee
that no innovative spy software appears in response.
Whether we like it or not, all malware "evolves" very quickly; new
schemes are being developed, and new software which online criminals
create and utilize becomes more and more malicious and "selective".
New keyloggers as well as keylogger-containing viruses and Trojans,
appear all the time; the losses these programs may cause to a business
are enormous. That is why in some businesses there is an acute need
for separate anti-keylogging protection.
Tuesday, June 10, 2008
I Spy...Something Terribly Wrong (In Your Computer)
This really chapped my lips...
I recently bought a new computer. Mine was getting old, had lost its whistle, and the few remaining bells didn't ding a nicely as they had in the past. Yep, it was time for a new state-of-the art dream machine with CD burner. DVD player, a bazillion gigabyte drive and more RAM than Rambo has. I whipped out my trusty credit card and told my local CompUSA to ring it up.
Well, needless to say I was enthralled. Blazing speed, working whistles, and bells that were more like the Big Ben gong! I could tear through spreadsheets with one CD/ROM tied behind my back. One day, about three months later, my Son came home form college. having heard all about my new pride and joy, he sat down behind the keyboard and fired that puppy up. He put it through its paces for about 30 minutes and then turned and said "It's nice Dad, but I thought it would be faster". HE THOUGHT IT WOULD BE FASTER? What was he, crazy? This box was so hot that it came with it's own fire department.
Then he started poking around the hard drive. "Dad", he said "You need an exterminator. Your PC is infested." "Infested with what, bugs?". "Nope", he said "Spyware". "Spy What?". "Spyware", he replied. And then he explained.
Even thought I had a good virus prevention utility installed, it didn't protect me against Spyware. Spyware, it seeks, are nasty little programs that get downloaded in similar fashion to the way a virus does. It can be attached to an email, or even one of those new talking E-Cards. it can hide in one of those "Click Here to close this window" boxes, or in any of seemingly a hundred other secret ways.
There are essentially two types of Spyware. The less dangerous type either causes lots of ads to pop up every time you go on the Internet, or records your shopping and surfing habits in order to report them back to Big Brother somewhere. Of course, these steal your PC's clock cycles, and cause your hard drive to get bloated, which ends up slowing your entire system down. The problem is, the loss of speed is gradual and you don't even know it's happening until Mr. Big Shot college kid comes along and tells you that your PC is slow.
OK, that's bad enough. But then, there is the second kind of Spyware. used by real spies, or at least the kind that want to steal your credit card and personal information so they can clean out your bank accounts and assume your identity. You know, the scary stuff that you're starting to hear about more and more.
So, what should I do? Did I need to reformat my hard drive? I hoped not because THAT was no walk in the park. Fortunately my college geek was up on the subject and took me to a site that specialized in safely removing Spyware. We downloaded and installed it in just a few minutes and then fired it up. Holey Schmolie, I was infested. After about 25 minutes of chunking and plunking, the software pronounced me fit and clean. Well, at least my PC was. We rebooted and Boom! All of the speed and performance that had gradually been lost slammed right back into life. Even my Son was impressed.
Folks, this Spyware is serious stuff. You can't afford to be wiped out by some cyber terrorist half way across the world. protect your PC, and your identity. You probably already are infested. There's only one way to know for sure, you need to check it out for yourself.
Sunday, June 8, 2008
Mall Protection
The Loss Prevention Manager should be receptive to the needs and
objectives of upper management and work to prevent and reduce loss from crime, fire accidents etc.
With the continuing threats brought to us by our AL Quaeda and Taliban enemies and the outbreak of new TV shows that reinforce the danger we all face on a daily basis, one must look within as to how we can protect ourselves from threats both real and imagined. I said imagined because we can become either hypochondriacs or completely oblivious to the dangers around us.
The situations we will focus on in this brief evaluation are those where large volumes of people congregate on a daily basis. Much has been written about airports and how the Government has stepped in to facilitate the security of baggage and boardings etc. Although Schools and theatres could be targeted, one area I would like to review is the Mall, which we have first hand knowledge of since we frequent them almost daily. The mall, some large and some small all handlelarge volumes of people daily. Its close proximity to the airports has caused me to visualize a frightening scenario from time to time. This also should be addressed in any critique of
physical protection
Security for malls throughout the country is based on protecting the occupants and the property primarily from fire and water damage.
Personnel are generally given basic information as to what should happen in the case of fire and subsequent damage control, but essentially the function of either Security officers or tenants is to pull the fire alarm and wait for the fire trucks to get there, hopefully as quickly as possible.
Business continuity is a primary situation for the Mall and yet there is little accomplished to meet those requirements. With this in mind a good security officer should be a fireman and or be trained in fire prevention and training. In the world of fire training there are those who are listed as fire police. They are primarily there at the scene of a fire to direct traffic and move gawkers away from danger.
Mall security would seem to fit in this category, as they are not really trained in fire prevention nor fire combating. This exclusion in training on a primary and continual basis is a danger faced by the visitors and businesses that expect protection.
Fire-personal as well as the police, by nature, are trained to meet the demand for medical aid in the event of minor or major medical emergencies. At the least, basic first aid should be a required continual training program for all Mall personnel, with an emphasis on the Security Guard. The fact that defibrillators are available at Malls along with first aid kits but with little or no training approved by the Mall is a condition that should be addressed.
Most security guards are usually hired because they are between jobs, work cheap and don't ask a lot of questions. Training consists of reading a manual, taking an open book test that consists of :
1. Appearance
2. Where the fire equipment is located
3. Reporting problems
4. How to tour the inside and outside of the building and
5. Limits of authority.
It is not the job of the Security Guard to fight fire, provide medical assistance or use force. The primary use of Security personnel is to walk the Mall during the business day and to report from time to time that they have gone into a tenant's space and shown their presence. Observing possible loss pevention does not appear in their lexicon.
Over the years the defensive tools used by security personnel has been reduced to carrying a set of handcuffs, which can only be used under the direction of a local law enforcement Officer
in the completion of his duty. Again, without basic and ongoing
training, the uniformed Protective Services officer is of no other use than to be seen. Physical contact with individuals is totally prohibited due to the same reason above. Lack of training creates liability to the Mall and to the officer.
The physical plant known as a Mall has many egresses and entrances. Sets of keys are used by housekeeping, maintenance and protection services to secure the movement throughout the site. In most cases the key systems work as the keys are assigned to individuals and are signed for. Various situations cause damage to the doors, some by the stores themselves and by visiting vendors. Unlawful entrance and egress from the stores occur at all times of the day or night. Doors that are broken and unable to be secured with a key are not repaired in a timely manner. Automatic closing devices are tampered with and are inoperable and in many cases doors are intentionally left open to allow easy access to various parts of the building by not only the Mall employees but many of the store personnel as well. Damaged doors and poor maintenance precludes the hazards to all visitors and employees as well. The ability to enter the building and to cause damage, either unintentionally or inntionally should be of paramount concern to the administration as well as injury to visitors and employees from individuals who may be emotionally, politically or criminally motivated. Daytime situations are normally different than evening and overnight due to the fact that more personnel are available and more activity promotes little opportunity for problematic situations. On one hand this combination of light and sound along with the presence of people creates the environment for
terrorism and or criminal acts. During the evening hours there is the added problem produced by teenagers and young adults who
create disturbances causing security extra work which distracts them from actual security and placing them in the position of acting as police, which they are not trained for. The use of force has been all but totally removed from their arsenal of protection. No training in civil disturbance or any other disturbance is given on any basis.
Radio communications is used in various ways depending on the
requirements of the various departments within the Mall. The benefit is that communications are available to identify negative situations that would require fire, police, housekeeping and maintenance. In the event of an emergency, radio frequencies will be modified to meet the needs of security. Maintenance and housekeeping as well as Mall
administration should be subordinate to security. The standard
operating procedure would require that the individual in charge be completely cognizant of the workings of the building and at least have the workable phone numbers of department heads. In many situations of various venues, the phone numbers of employ ees are not kept up to date and can cause unnecessary delay not only in emergencies but also on a day to day basis to contact personnel who are due in for shift changes. It should be the responsibility of at least one person in administration to make sure that the phone numbers are kept up to date.
Video surveillance, on the most part, functions well. The worst problem is the lack of light particularly in the parking lot. Often the failure of pole lights creates blackout areas during evening hours. This makes it impossible to check activities from the control center. If there is only one guard on the midnight shift, it requires that the control center may be left unattended to check the lot as well as the entrance and loading doors. video cameras with night vision capabilities would provide the necessary protection of the lot. The inability to patrol and or visually observe the site have created criminal acts from break-ins,vandalism and murder. Using the parking lot or a lover's lane cannot be tolerated.
Without listing banal conclusions to these initial thoughts, lets recognize the need to be aware of that, which surrounds us. Remember, God is in the details!
Sunday, June 1, 2008
Passwords or Pass Phrase? Protecting your Intellectual Property
Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. A new theory on passwords is emerging that may help us remember our access codes, be more secure, and generally keep hackers and thieves out of our networks.
A password is a combination of words, letters, and special characters that only the user knows, allowing access to a computer or other information resources. As humans we have a large number of codes and numbers we need to remember every day – such as the key lock on our apartment entries, national identification numbers, automobile license or tag numbers, telephone numbers – it is a large and confusing suite of items we need to memorize.
When selecting a new password or pass code for access to a computer system, most of us understand how difficult it is to remember complex codes, and thus we select something already know n to us, such as names, birthdays, national identifiers, or other known items, and then place a number or character in front of the name or number thinking it is secure. This is easy to understand, as most of us simply do not have an ability to instantly recall large numbers of complex codes.
In a worst case we simply write down the complex code on a piece of paper, and leave it in a desk, our pocketbook, or in many cases taped to the front of our computer monitor.
However, to a hacker this makes access to your network or computer much easier, at they generally only have to learn a couple things about you, and add a few numbers to the front or ending of your personal data – you would be surprised how often this grants access to computers and networks. Ad some good “cracking utilities” to the hacker’s suite of tools, and you can understand the threat.
PassPhrases are a concept that will help us create more secure, easy to remember safeguards for our computer and network resource protection. A passphrase is a selection of words and/or numbers that are 15 characters or more in length, and are easy for us to remember. A couple examples of a good pass phrases are:
• igotodalaieejdaily
• shehasbeautifulhair
• surfinginhawaiiisgreat
According to Mark Minasi, a noted security consultant, a 15 character pass phrase will require a cracking program the following number of computations to try and break a 15 character pass phrase:
• 15 lowercase letters = 1,677,259,342,285,725,925,376 possibilities
• Try a million a second, it’ll take 531,855 centuries/years to break the code
As you can see, this is a pretty good level of security for your resource.
Another concern with passwords is if you forget or lose the password, and are using a utility like Microsoft’s Encrypting File System (EFS), you run the risk of losing all access to your important files if you require a hardware reset of your password. All EFS encrypted files are linked to your login profile, meaning if you encrypt a directory or file with EFS, and you do a hardware reset on your computer, those files and directories are lost FOREVER.
For Microsoft Windows users you can now also use spaces within your pass phrase, however we would not recommend embedding spaces in your pass phrase, as that actually does allow a cracker better access to getting your code – it may help them crack it in 100,000 years rather than 250,000!