On Computer Security

Understand how to protect yourself on the web. A discussion of fraud, security, and virus.
Post Reply
User avatar
markcrobinson
Site Admin
Posts: 310
Joined: Sat Apr 28, 2001 7:00 pm
Location: Amherst, NH

On Computer Security

Post by markcrobinson »

On Computer Security
See also: How Credit card companies rip us off: http://theenergygrid.com/security/creditcard.htm
- By Mark Robinson

The internet is becoming more and more dangerous. This article is a guide for my friends, customers, and associates about protecting yourself on the internet.

Contents:

Passwords
Online Banking
Monitoring your accounts
Phishing
Security Breaches
Identity Theft
Secure Sites
Virus, Trojan, & Spyware
What's Next?
7/8 - Update. The Instant Messenger Services
11/2005 - Suggestions and recommendations



1 - Passwords

Most people's passwords can be guessed in about 20 tries. There are password-guessing programs that use the most common passwords or every word in the dictionary. Take your passwords seriously. They are to be at least 6 characters long, preferably more with both numbers and letters. Don't use your ATM number.

Most people have the same password they use everywhere. Realize that you give your password out to non-secure sites (like this message board) and secure sites (like credit cards). Bulletin board passwords are easy to find. If you use the same user name and password on a bulletin board that use for your credit card, you are at high risk.

Have at least two passwords: one for insecure sites that you really don't care about and a different username and password that you use for secure sites.

Write down your passwords. Keep them with your passport. Keep them updated. If you are going to keep a list of passwords on your computer in a Word document, then save the word document with a complex password.

Change your passwords annually. How about on April 1st? It's a pain, but it's worth it.



2 - Online Payments and Banking.

I believe in this. I do a great deal of on-line transactions.I feel that they are as safe as face-to-face credit card transactions (but that's not saying much). Follow good practices on passwords and avoiding scams. Avoiding on-line banking won't protect you -- being careful will.



3 - Monitor your accounts

Do an online check of your accounts weekly. Just log on to your bank and credit card sites and look at the last couple of transactions.

Sign up for a credit watch service. You will be notified if someone tries to open an account in your name. These are available at http://www.equifax.com, http://www.experian.com, and http://www.transunion.com.

DO NOT RESPOND TO "FREE CREDIT REPORT" OFFERS. They are, for the most part, scams themselves.

Examine your credit report, at least annually, to make sure that there are no accounts on it that you don't know about.



4 - Phishing

This is what it's called when someone sends out thousands of emails trying to get someone's username and password. Usually, this comes in the form of an email that looks EXACTLY like an email from your bank, your credit card, ebay, paypal, or someone else you do business with. It can contain official seals, signatures, and even personal information, These emails tell you that you need to "Click Here" to resolve it. The link they ask you click on could say: Click here http://www.ebay.com. Do Not Click. Just because it says it will take you to ebay, does not mean that it will. Often:

1 - It will take you to an EXACT DUPLICATE of the ebay site
2 - You will enter your user name and password in the familiar places
3 - Your information gets sent to the thief
4 - Now the REAL EBAY site appears with a message that you incorrectly entered something. Please try again.
5 - You enter it again, you get into ebay and you think everything's fine.
6 - You've been robbed.

This can be done, easily, with any site, your bank, your credit cards, anything.

What to Do? Don't click on links in your email. Don't paste links from your email into your browser. If you get an email from your bank telling you to log in, go to your bank's website the same way you normally do (type in http://www.CityBank.com) and see if there are any message for you.

Exception: You sign up to be on a mailing list or something and you get a confirmation email asking you to click to confirm. This is OK. First, you're expecting the email. Second, when you click on the link you're not going to be asked for your password -- or if you do, it will be the password you use for non-secure sites.

Other Tricks: When you click on the email link, it really does take you to the ebay website (you can tell by the URL in your browser), but a little pop-up window shows up asking you for your password. The ebay site was real, the pop-up belonged to a thief.

Not Sure? If you're suspicious, try typing in the wrong password the first time. Your bank's site will say "Please try again." A Thief's site will say "Thank you very much." (a polite thief).


5 - Security Breaches

From time to time you will hear about secure sites that have been hacked, credit card numbers stolen from financial website, and more. This will happen, no matter what you do. Be ready for it.

1 - Have all your credit card numbers, their login information, and passwords in one (very secure) place so that you can change them all in a few hours if need be.
2 - Your credit monitoring service will let you know if someone is trying to open an account in your name.


6 - Identity theft - From Identity theft resource center

Identity theft is the fastest growing crime in our nation today. Besides dumpster diving, mail theft and lost/stolen wallets, criminals are stealing information by overhearing conversations made on cell phones, from faxes and emails, by hacking into computers, from telephone and email scams, and even from careless online shopping and banking. In fact, more than 20% of all cases involve telecommunications and the Internet. (FTC) It is of prime importance to understand how thieves steal your information via the telephone and computer systems. Compare this to a defensive driving course if you will. It is not enough to know how to use a phone or the Internet. One must know how to use this technology safely, including increased awareness of situations that lead to identity theft or the use of the technology will create more problems than it solves. Scam artists are good at putting together legitimate-sounding scripts, websites and emails. http://www.idtheftcenter.org/alerts.shtml has a great reference about email, phone, and person-to-person scams.

7 - Secure Sites

When you transmit information over the internet, it is sent in a 'plain text' format that can be read by any of the many servers it passes through on its way. Servers can be set up to scan data for stings of numbers that look like SS#'s, credit card numbers, and more.

When you are on a secure site, the address of the site begins with "https://" instead of "http://" AND a small picture of a lock, closed. When you click on a lock, you'll see the certificate and to whom it was issued.

Image

I have only heard one breach of this ssl technology, and it was with the Firefox browser. See details. This has been since fixed.



8 - Virus, Trojans, and Spyware

Be Afriad. This is scary. You could inadvertently load a program onto your computer that will send all of your financial information to a thief. It could be accomplished by a virus, spyware, or trojan.

A Virus is a program that copies itself, moves to other computers, and does whatever it is programmed to do, when it is program to do it. The answer is virus protection that it updated constantly. These have annual charges associated with them and occasionally let you know that you're downloading. If your virus protection is running, there should be an icon on the lower left side of your toolbar. Clicking on this icon should give you the opportunity to scan your computer and get updates. You can get virus' from downloading software, running programs that people have emailed you, and more. There are reports about virus' you can get from simply looking at a website. You can't stop them so you need to be protected with an up-to-date virus protection program.

A Trojan is a program that you load onto your computer that contains a nasty surprise. It's named after the Trojan Horse, in which the attacking Greeks were the 'nasty surprise'. A Trojan is a delivery program for a virus.

Spyware is software that watches what you do, and sends the information it gets to someone else. There is a lot of acceptable spyware, "Good Spyware". The Google Toolbar, for example, if you authorize it to do so, sends anonymous information to Google about your searching and browsing. It uses this information to make its search engine better. Common applications like Weatherbug, Gator, and more do the same. Some of these programs even deliver small ads onto your desktop in exchange for letting you use them. This is OK if you know about it, authorize it, and don't mind it. "Bad Spyware" works just like good spyware except the information it sends and the ads it puts on your desktop are not OK.

Surprisingly, a lot of spyware is not hidden. That "I Agree" button you click often contains a statement like "I agree to allow xxxx to monitor my internet activity and send...." I actually read those things now.

Virus protection can be purchased from Mcafee or Symantec/Norton. Personally, I like the ZoneAlarm product. It one a PC Week Editor's Review. All three allow you to do a free scan from their website. ZoneAlarm currently has a $10.00 off special that can be accessed by clicking here:

Download ZoneAlarm Pro and Save $10
http://www.jdoqocy.com/click-1771916-10293896

Firewall protection allows you to monitor what goes in our out of your computer. If, for example, you install a program on your computer and it tries to contact the outside world through the internet, you are informed and have the option to "Allow Once" if you're registering a program, "Allow Always" if the program is supposed to send information on the internet, "Deny Once" or "Deny Always." It gets a little confusing from time to time, but it's the right way to manage internet access.

Spyware is a little more difficult. There are several anti-spyware programs available, but I've found that different programs detect different type of spyware. Microsoft is coming out with an anti-spyware program which will, most likely, take over the market. Try it here. http://www.microsoft.com/athome/securit ... fault.mspx
Currently, my favorite program is the Lavasoft Free version of Ad-Aware. http://www.lavasoftusa.com/software/adaware/. Be sure to scroll down the page far enough to get the free version.

Vulnerability. There's another kind of problem, often referred to as a "Vulnerability". This is where a 'hole' is found in Windows that allows someone to inject a virus into your computer without you doing anything. Microsoft is responsible for solving this and, when they do, they send updates to all computers set up to receive them. Check the Windows Update site to scan your computer to make sure you have the latest security fixes. Microsoft Office (Word, Excel, Outlook) also needs to be updated frequently. Check here for the updates.



What's Next?

It's going to get worse. As we arm ourselves against the current onslaughts, new methods of attack will be devised. They will hack our cellphones, get into our computers through the infrared ports that we didn't even know we had, sneak in through the Wi-Fi. It's the modern version of streetsmart. We've all got to stay aware, stay informed, and keep an eye on our accounts.

7/8 - Update. The Instant Messenger Services are being attacked. See article. This suggests that we be aware that Instant Messages might not be from who we think they are. Don't click on unknown links in an IM and obviously, never give out security information. The article also mentions IM attachments. IM attachments could contain virus. Your Instant Messenger program should offer a way to Block Attachments. MSN Messenger claims that it will not dangerous attachments to be sent. AOL instant messenger has an option to block under Edit Options - >Edit Preferences ->File Transfer

Information on a worm that uses MSN Messenger attachments.
http://www.symantec.com/security_respon ... 11-1125-99
This particular virus, among other bad things, will cause this picture to appear -- (no kidding!)
Image


Resources:

Federal Trade Commission - Identity Theft
The US government's central website for information about identity theft
http://www.consumer.gov/idtheft/

FTC Resources - Take Charge: Fighting Back Against Identity Theft
http://www.consumer.ftc.gov/features/fe ... tity-theft

Microsoft on "Safe Browsing"
http://www.microsoft.com/athome/securit ... afety.mspx

Microsoft offers steps and tools to protect yourself
http://www.microsoft.com/athome/securit ... fault.mspx





Topics > Privacy & Security > Viruses & Worms >
From PC World.com

Study: Threat Increases From IM-Based Attacks

Instant messaging called "the undefended medium."
http://www.pcworld.com/article/id,12171 ... ticle.html
Peter Saalfield, IDG News Service
Tuesday, July 05, 2005
A study released today by instant messaging security vendor IMlogic reported that hackers and virus writers are recognizing and exploiting the opportunities presented by IM-based attacks, the numbers of which have risen sharply over the last two quarters.
The number of IM attacks such as viruses, worms, and phishing scams has increased from 20 for all of 2004 to 571 in the second quarter of 2005 alone, representing an increased threat to both enterprise users and the average consumer, the study said.
The study--performed by the IMlogic Threat Center with the support of IT security companies Symantec, McAfee, and Sybari, as well as IM leaders America Online, Yahoo, and Microsoft--reported that 70 percent of IM-based attacks target public IM networks and 30 percent target enterprises.
"IM usage has reached critical mass, and virus writers have now recognized it as a mostly undefended medium," said IMlogic Chief Executive Officer and cofounder Francis deSouza. "These [viruses and worms] are mutating, high-velocity, and invisible to most companies until they hit. All these factors combine to create a serious risk."
IMlogic sells products that protect against IM-based attacks, as do Akonix Systems and Trend Micro.
How Attacks Happen
IM attacks act much like e-mail worms and viruses, stealing information from the user's computer or turning that computer into a so-called zombie by tricking users into clicking on phony links or into opening malicious attachments. IM-based attacks can be even more threatening because people receive false instant messages from a name on their buddy list rather than a strange e-mail address, DeSouza said.
"Having an army of zombies is the economic equivalent of having an oil well," said analyst Alan Paller of SANS Institute. "The two most important things [for a user] to do are block all attachments on IM and to filter IM traffic so you only get it from trusted sites."
The Kelvir, Opanki, and Gabby worms were the most common in corporate environments, the study said.
Most IM Services Vulnerable
Some attacks are tailored to a specific user and appear to be, for instance, a highly personalized message. The study said that these attacks made up less than one percent of the recorded IM attacks. For the most part IM attackers aren't sophisticated enough to single out any one user, Paller said. However rare "targeted" attacks may be, Paller emphasized that they are the most dangerous.
The vast majority--86 percent--of reported attacks involved viruses or worms that capitalize on real-time protocols. The study showed that all of the most successful IM services--AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger--were vulnerable to and affected by IM attacks.

11/2005 Recommendations-

1.. The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks.

2. Do not sign the back of your credit cards. Instead, put "PHOTO ID REQUIRED".

3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.

4. Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. (DUH!) You can add it if it is necessary. But if you have it printed, anyone can get it.

5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We've all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards.

If your wallet is stolen:

6. We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.

9. File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one).

3. Call the 3 national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit.

Here are the numbers you always need to contact about your wallet, etc., has been stolen:
1.) Equifax: 1-800-525-6285
2.) Experian (formerly TRW): 1-888-397-3742
3.) Trans Union: 1-800-680-7289
4.) Social Security Administration (fraud line): 1-800-269-0271
Mark C Robinson
HandicappedPets.com
For Elderly, Disabled, and Injured Pets; products, services, and support.
smirnoff
Posts: 5
Joined: Fri Jul 22, 2016 3:16 am

Re: On Computer Security

Post by smirnoff »

Wow there is so much you have to protect you'r self against on the web these day's nothing is safe

Thanks
Post Reply