Archive for December, 2007

According to Symantec (the Norton Internet Security people) the biggest threats are going to come from the web instead of email in 2008.

Websites that take advantage of security holes in our web browsers are becoming more of a threat than unknown attachments and the like coming through email.

I guess it makes sense. As more people become aware of one type of threat, the hackers will try to find new ways to attack. It’s a never ending cat-and-mouse game.

One of the most important steps you can take is also one of the easiest. Make sure your browser is up-to-date with all the latest security fixes.

And if you’re still running Internet Explorer 6, stop reading this right now and go download either version 7 or Firefox. IE6 is one of the most insecure products ever to come out of Microsoft.

Physical Security

Most people who have been online for any length of time are familiar with the usual internet security threats – viruses, spyware, adware, etc.

But something they don’t often think about is their computer’s physical security. How about you? Is your computer safe?

Physical security is related to the computer itself – not its connection to the internet. For example, if you use a laptop how easy would it be for someone to pick it up and run? Or do you ever leave it in the trunk of your car?

Imagine for a moment how you would feel if someone stole your computer, laptop or not. Do you have a lot of personal information on it that you wouldn’t want anyone to be able to access?

What about work-related stuff? Is there anything on your computer that could compromise your company in some way?

The amount of physical security you’ll need will depend on how and where you use your computer. For example, if you work at your local Starbucks, don’t ever leave your computer unattended, or if you do use a security cable to lock it down.

On the other hand, if your computer isn’t portable and is always at home, it’s less likely to be grabbed. But if it’s in plain site from a windows or somewhere else outside, it can be a tempting target for a break-in.

Always use your common sense. Make sure your computer isn’t in a spot where it could be easily stolen. Use a cable lock to attach it to a desk, table or something else that isn’t easily moved. Use a login password and an encrypted file system if possible in case it is ever stolen (that way the thief won’t be able to access your data).

Don’t take chances with any of the personal or work information on your computer. The day you let your guard down is the day you’ll regret it.

The Various Types Of Malware

Malware is a general term covering a bunch of different internet security threats. Viruses, worms, trojan horses, adware, and spyware are all considered malware.

Let’s take a quick look at each one of them.

Viruses

A virus is a type of computer program that can make copies of itself and infects other computers, much like a human virus which is of course where the name comes from.

Viruses are not always destructive, but most have some kind of “payload” – the action they take when activated. This can include deleting files, showing a message on the screen, or damaging Windows system files.

Trojan Horse

A trojan horse is a program that “hides” inside other programs – usually something that appears to be helpful or useful in some way such as a free screensaver or other program you might download from the internet.

To activate the trojan, you need to run the program it’s hiding in. This is why it’s so dangerous to open unknown email attachments – you never know what is coming along with them.

Trojans often open up your computer for access by hackers via the internet, who can then use it as a “bot” for attacking other computers.

Worm

A worm is similar to a virus, but they use a computer network to infect other computers by sending a copy of themselves to the other systems.

Since the internet is really just a big network of computers, it can be affected by a worm. For example, the MyDoom worm is estimated to have infected 250,000 internet-connected PCs in a single day.

Spyware

Spyware programs are usually installed without your consent, or by tricking you into giving your consent. They collect various types of information about you and your computing habits and send them back to the source.

These programs could track sensitive information such as your online banking details or it could track less critical information such as the websites you visit for advertising purposes.

Adware

Adware programs is similar to spyware, but it is only used to display advertising of some sort. This usually comes in the form of pop-up windows, often when you are not expecting them.

Question About Website Rankings

If you operate any kind of website and want to get more traffic, you should be reading James Brausch’s blog. One of the helpful things he does is answer questions for his readers on a regular basis.

Today he asked for questions about ranking better in Google, Yahoo, or MSN so here is my question for you James.

Is it worth spending time promoting your articles, videos, blog posts you’ve commented on or any other pages that link to you from other sites? For example, if I submit an article to Ezinearticles.com, is it worth the time to do some link building for my article on Ezinearticles? Will doing some promotion to prop that page up a bit ultimately help my site (that is linked from the article on Ezinearticles) rank better or is the return on investment too low to spend time & resources on this?

Thanks for all your help James.

Problems That Are Out Of Your Control

I went to pick up the mail at the post office today (I use a post office box for my business address) and when I sorted through the various things, one in particular jumped out at me.

It was a new credit card. But not for me, it was for the person in the next box over.

That’s just an identity theft problem waiting to happen. If the wrong person had found that credit card in their box, they could have taken steps to steal the true owner’s identity (for this card at least) and started charging things up on the card.

Now I realize that the credit card companies take steps to prevent this, such as requiring a authentication phone call from the card owner’s home phone number, but a resourceful identity thief can work around a lot of these types of protection.

I don’t receive a lot of mail so I only check my box every couple of weeks. I really wonder how long that card was sitting there before I found it, and whether the card owner had followed it up at all.

Chances are they hadn’t. Most people pay no attention to the expiry dates on their credit cards. They just know it expires when the new one arrives in the mail.

This is the wrong way to handle it. You should always take note of when your credit cards expire, and make a note to follow up with the credit card company a month or so prior to that date. Find out when you should expect to receive the replacement, and if it doesn’t arrive when expected, call them back and follow it up.

That way, if someone ever grabs your new card before it gets to you, you’ll be able to have the credit card company cancel it and send you a new one.

It may be a bit of an inconvenience, but much less so than having to spend weeks, months or even years fixing your credit and all the other problems that come with identity theft.

If you want to find out more about how to protect yourself from identity theft, take a look at my Online Security Toolkit at http://www.onlinesecuritytoolkit.com

What Is Phishing?

Phishing is a common email scam where criminals send emails that appear to be from a legitimate source, such as your bank or Paypal, trying to get you to give up your username and password.

The message usually says something like “We have detected an attempted fraud using your account. Please log in and confirm that your account has not been affected.”

There will be a link in the message that appears to take you to the website for your bank, Paypal, eBay, etc. where you would normally log in.

The catch is that the web page is fake and if you enter your login information, it goes straight to the scammer – who then has access to your account.

In some cases, there might even be a login form right in the email itself.

There are a couple of simple ways to identify these scams.

First, none of these websites will send you an email with a login form right in the message itself. They will sometimes include a link to their website, but in many cases they don’t even do that. If you get an email with a login form in the message, delete it and DO NOT enter your information there.

Second, if you point at the link in an email message for a couple of seconds, most email programs will show you the actual page it goes to.

If the email appears to be from Paypal for example, the link should start with http://www.paypal.com/

If it’s something like http://22.293.21.92/cgi-bin/paypal.com it’s a fake. There shouldn’t be anything between http:// and www.paypal.com.

The safest way to deal with these messages is not to click on the links at all. If you’re concerned it could be a legitimate email, just go to your web browser and go to the website directly.

If there is really something up with your account, you’ll get a message about it after you log in.

Why You Need To Use Strong Passwords

Anyone who uses a computer these days probably has a bunch of passwords they need to use. Passwords to log into websites, connect to the internet, check your email – and many others.

In some cases, your computer “remembers” your passwords so you don’t have to enter them every time you log in.

But in a lot of cases, people use the same password for everything and an easy password for them to remember, such as a pet’s name, their kids’ names, their birthday – sometimes even just “password”.

The trouble with this is making a password easy for you to remember also makes it easy for someone else to guess.

The worst possible password is a blank one. One case of a deliberate attack that took advantage of this was the Spida worm that spread in mid-2002. It caused all kinds of problems with a certain type of computer system, and sent sensitive information back to the source.

This worm worked by attempting to log into a computer with a blank password, on the assumption that at least some would be successful. You wouldn’t think that an IT system administrator would make this mistake, but Spida infected over 10,000 computers in the first month.

What Makes A Weak Password?

A weak password is something that is easy for a hacker to figure out. This can be caused by a number of things such as being too short, not changing a default password, using people’s names or birthdays or using a common word.

Examples of weak passwords include the following:

  • password
  • 120307
  • johndoe789

What Makes A Strong Password?

Strong passwords are pretty much the exact opposite – long enough to not be easily guessed, a mixture of numbers, letters and symbols, mixed upper and lower case letters, and no obvious names, birthdays or other personal information.

Examples of strong passwords include the following:

  • nISmm2298*d
  • soCceR%raFteR39
  • *ndldkjsn2*&3@

The trouble with some of these is that they are very hard to remember.

There are two options that can make this easier.

First, combine two actual words with a symbol between them, a mix of upper and lower case, and some numbers mixed in as well. The second example in the list above shows this – it’s a combination of “soccer” and “rafter”.

The second option is to use a program that will store all your passwords for you, with a master password to “unlock” the list of passwords.

There are several of these programs available but the one I use is called Roboform. It will track all your passwords for you plus automatically fill them in for any websites you might visit. It also has a strong password generator so you don’t have to make one up every time you need a password.