Posts Tagged ‘Internet’

Google’s Chrome Web Browser Helps Protect Your Privacy

Friday, January 23rd, 2009

Full Article

Did you think was just a search engine? Well, they do lots of other things, such as, invented a cell phone, mapping and aerial photos.

Now, they have developed a web browser that helps protect your personal information. Your browsing history, cookies and other Internet activity are treated with special care.

Safe Web Surfing

Friday, January 23rd, 2009

Full Article
Firefox is the safest way to surf the world wide web according to Mozilla. It is an open source project by the same group that invented one of the web’s first browsers, Netscape. Some years ago AOL purchased the Netscape brand, but the Mozilla group remained independent.

Google’s New Web Browser Let’s You Go Incognito

Sunday, January 18th, 2009

Web browsing has become safer with Chrome, ’s browser. You can download if for free. It’s lightweight on your computer resources but heavy duty on surfing the web. Pages load faster.

There is also an awesome feature that is the antithesis of Microsoft’s Internet Explorer (IE) web browser — secure browsing. Whereas Microsoft tries to track your movements and uses practices that are questionable for your privacy and security, Google has built in features to help protect you. In particular, you can click on the little wrench icon in the upper right hand corner and select, “New incognito window.”

A new browser window opens and tells you:

You’ve gone incognito. Pages you view in this window won’t appear in your browser history or search history, and they won’t leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.

Going incognito doesn’t affect the behavior of other people, servers, or software. Be wary of:
* Websites that collect or share information about you
* Internet service providers or employers that track the pages you visit
* Malicious software that tracks your keystrokes in exchange for free smileys
* Surveillance by secret agents
* People standing behind you

Is your company keeping information secure?

Thursday, January 15th, 2009

Federal Trade Commission

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

Take stock. Know what personal information you have in your files and on your computers.
Scale down. Keep only what you need for your business.
Lock it. Protect the information in your care.
Pitch it. Properly dispose of what you no longer need.
Plan ahead. Create a plan to respond to security incidents.

Protect Your Computer

Thursday, January 15th, 2009

Microsoft Security

4 steps to protect your computer

Step 1. Keep your firewall turned on
What is a firewall?

A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.

• How to turn on your firewall

• How to choose a firewall

• Learn more about firewalls for your operating system


Step 2. Keep your operating system up-to-date
What are operating system updates?

High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.

• How to update your operating system

• Microsoft security updates: Frequently asked questions

• Learn about using Microsoft Update

• Go to Microsoft Update


Step 3. Use updated antivirus software
What is antivirus software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antivirus technology to help prevent viruses, and you need to keep it regularly updated.

• How to get antivirus software

• Get regular antivirus scanning with Windows Live OneCare

• Get a free safety scan

• Learn about viruses

• Learn more about virus protection for your operating system


Step 4. Use updated antispyware technology
What is antispyware software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help prevent spyware, and you need to keep it regularly updated.

• Get antispyware technology

• Use Windows Defender, free antispyware for Windows XP SP2

• Learn about spyware

• Learn more about spyware protection for your operating system

New in-session phishing attack could fool experienced users

Wednesday, January 14th, 2009

By Joel Hruska | Published: January 13, 2009 - 11:15AM CT

Another year, another form of phishing. This one, I have to admit, is pretty good in terms of potentially fooling a user. Unlike most phishing attack vectors, it doesn’t rely on the victim being ignorant and/or moronic. The new technique has been dubbed “in-session” phishing and it stays out of your e-mail altogether.

Related StoriesStudy: PEBKAC still a serious problem when it comes to PC security
Twishing attacks steal data in 140 characters or less
Report: Many evils lurk in the “dark corners” of the Internet
Google opens up malware blacklist API
Security researchers with Trusteer have published a report (PDF) on this new type of phishing along with a suitably vague description of how the attack works. As its name implies, in-session phishing requires that the victim first log into a secure website; Trusteer uses an online bank site as one example of a tasty target.

Here’s how the attack works: A user legitimately logs into his bank, authenticates, and then does whatever he logged in to do. Once finished, he opens another browser tab (or browser window) and leaves the bank website open. Shortly thereafter, he encounters a website that has been injected with the malicious code in question. Once run, the malware creates a pop-up (supposedly from the bank or secure site that’s still open in another tab or window. The “authentic” pop-up prompts the user to enter his login credentials again in order to resume the session. Trusteer notes that the attack could be used to present different types of lures including online surveys or mini-flash games (punch the Yeti, enter your personal data, and win a free Llama!).

In order for the attack to function, Trusteer states that two conditions must be met. First, a website must be compromised and infected—the higher traffic the better, obviously. Secondly, the downloaded malware must be able to identify whether or not the unknowing carrier is logged into a relevant website. Trusteer does not state how long the window of opportunity is open for this particular attack to execute, but does note that the malware infection is temporary.

Trusteer explains how the bug works. It is present in the JavaScript engine used by popular browsers like IE, Firefox, and Safari, as well as Chrome, and allows a site to determine whether a user is also logged into another site.

The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.

The researchers recommend that users and companies deploy appropriate web security tools (which the company happens to sell), immediately log out of any secure sites once you’ve finished your tasks (good advice), and to be extremely wary of pop-ups that randomly drop in if you haven’t clicked anything.

The JavaScript vulnerability that Trusteer has discovered obviously needs patching, but in-session phishing doesn’t appear to be a major threat. In order to function successfully, the malware requires that a user have simultaneous browser windows open to both a login/secure site and an infected site, and that the secure site is on the malware’s pregenerated list of targets. There are some rather simple ways for banks and other targeted institutions to fight back; options include rapid disconnects if a user becomes idle and prominent notifications of the company’s login policy.

Many companies (Blizzard and AOL come to mind) prominently and repeatedly inform customers that neither the company nor its representatives will ever, ever, ask a user to disclose their password. A similar warning against in-session phishing might state that the company will never ask users to log in via a pop-up or any third-party service. Between currently available solutions and inevitable patches, I think in-session phishing is going to find its nets mostly empty.

Online Verification: Who Can You Trust in the Virtual World?

Wednesday, January 14th, 2009

BusinessWeek reader and full-time law student Stephanie Dube writes that the Web offers free tools to help identify and thwart potential scammers
By Stephanie Dube

Plano (Tex.)-based reader Stephanie Dube is full-time law student and freelance writer. You can find out more about her at

Kaylee was struggling. Diagnosed with a heart condition and cancer, she was scared. So she started a blog. Soon, people across the country answered her plea, writing notes of encouragement and even trying to mail her care packages. One night, she wrote a supporter. “I’m overwhelmed right now. I’m dying.”

Brief interactions evolved into late-night, long-hour conversations. But things only got worse. And that was the problem.

In early December 2008, Kaylee added a new blog entry titled, “Coming Clean.” She didn’t have cancer. She had never been sick. In a move eerily reminiscent of the fake “Kaycee Nicole” of 2001, “Kaylee” revealed to her numerous followers that she had been lying for two years.

The news was a blow, but there had been signs. In fact, whenever anyone is revealed as an imposter, you can almost always look back and find signs.

Are You Real?
How do you know if someone online is genuine? Sometimes it’s pretty transparent. We’ve all received messages about magic bank accounts filled with rivers of cash. One of my favorites was an e-mail from a supposed FBI agent. He requested that I send money to prove I wasn’t a terrorist. (I’ve got to admit, that was pretty creative.) I also fondly remember an e-mail from “David Palmer” of the show 24. He needed money, too, because apparently TV characters are real. I’m still waiting for a message from Jack Bauer.

Alfred Adler, a psychologist who collaborated with Sigmund Freud, said: “Trust only movement. Life happens at the level of events, not of words. Trust movement.” The philosophy transfers to the online world quite well. Don’t just trust words, authenticate them. This is especially vital when the communication involves your business. You can verify someone in two ways: through technology and observation. The technical side can often be faked, but a scammer will always give off a psychological “tell.”

Technical Authentication
Here are a few tools, available free on the Web, that will help you identify who’s for real and who’s surreal (and likely up to no good, at your expense):

Run Internet background checks. Google (GOOG) is your friend. Use the popular search engine to look up a contact’s e-mail address. Is the first part used as an alias? If your contact has a Web site, run a search on it. Visit Who Is Domain Tools to see who owns the site and when it was launched. Finally, plug your contact’s phone number into Who Called Us to see if he has been identified as a scammer.

Trace the e-mail. You can use an e-mail’s header to find the sender’s location. What Is My IP Address works great for this. You’d be amazed how many times I’ve found that an e-mail came from Nigeria! This method isn’t foolproof, though. Many scammers use proxies to hide their location.

Check Web statistics. Most people have a Web tracker on their blog or site (I like StatCounter.) If a new contact says he found your Web site through a search, check your Web stats to see if a visitor from his IP address really was referred in that way.

Psychological Tells
Identifying scammers is like calling a bluff in poker. Technical observation isn’t enough. Look for subtle behavior changes that give away a person’s real intentions.

Think about whether he or she is being consistent. Creating a fake persona takes a lot of work, so pay attention to details. If the contact should be in surgery, was she online instead? Also, is the tone a little too urgent, too desperate? Fake personas create situations that demand (your) immediate attention.

As your mom no doubt always told you, trust your gut instincts. Does your new contact sound too good to be true? Is her photo too perfect? Many scammers steal photos from modeling Web sites and stories from fairy tales.

The hallmark of many fake personas is drama. The craziest things keep happening—over and over and over. Sometimes, you’re the only person in the world who can help—or so you’re told.

Finally, emotional scammers crave attention. Does he come up with a new problem when you try to end a conversation? Scammers will not respect your boundaries. Watch for signs that he is keeping an eye on you, as if you’re a fish on a line that he doesn’t want to get away.

All of this was driven home to me during the first week of this new year, when a woman on Twitter learned the hard way that people online are quite unpredictable. After a particularly rough night putting her daughter to bed, the frustrated mom “tweeted” that she wanted to smother her child so she would fall asleep. Later that night, there was a knock on her door. One of her followers had reported her to the police.

It’s best to not just be authentic, but wisely authentic. Watch who you interact with and what you say online. You never know who’s listening.

Stephanie Dube is a full-time law student and freelance writer based in Plano, Tex. You can find out more about her at