Saturday, January 19, 2008
A number of the personal data gathering methods like reverse lookup phone number directories have recently been an origin of a lot of anxiety and skepticism. Lots of people are worried about the fact that the government could utilize these type of methods to take a look in every single part of our lives, causing us to lose our confidentiality. Needles to say you should not worry about it. Government organizations of technologically highly developed countries like for instance the US, Australia, Japan or the EU countries have a great deal more advanced ways of gathering all sort of information then to use reverse lookup phone number services. Besides, if you are not involved in some form of illegal action what value can the government organizations have of tapping in on your mobile phone calls, there is no government anywhere in the world, that has limitless resources, and that is the reason why governments use those resources with care. Nevertheless the actual trouble are the huge international corporations that are not simply interested to know about your credit score or have you filed all your taxes. Actually they would like, if they can get away with it, to use reverse lookup phone number services and get a hold of every single piece of information about you, and then they can gather it and sell it. Naturally these kind of information can then be exploited for any number of goals, from stealing your identity to bothering you with all kind of marketing materials you actually have no use for or did not sign up for. Things like these can make reverse lookup phone number directories seem like your number one privacy concern. Nevertheless information harvesting services like these are perfectly legal, permitted and checked by various federal laws. In fact, reverse directories are rather similar to the regular assistance directories, just presenting larger number of private information. What is different concerning the reverse lookup phone number services is that a large amount of people regard their cellular phones as very much private possessions, and the risk that somebody could in some way take out private information from them makes many individuals feel threatened. In addition, a lot of people prefer to hide their identity when utilizing their cellular or standard phones, and nowadays when we control the technology to snatch that information they believe that their privacy rights are at risk because of this. In fact, no more info can be collected about you by employing reverse lookup phone number then it can be by utilizing the standard assistance directories, unless someone wants to use paid reverse directories and except you were quite nonchalant about giving it out. That being said I must stress out that the sheer amount of information available through paid reverse phone directories is simply amazing. In most cases you will get far more information from it, then you have hoped for. But to continue, the major portion of your most sensitive private information is restricted and defended by privacy laws imposed by federal government. If you worry that someone could possibly capture your personal info and utilize it in a harmful way, make certain to have both your cellular and standard telephone unlisted. Make also sure to avoid handing over your phone number, name, address, email or any other kind of private information over the internet. Just forget free rewards, nobody will give you something for nothing, what they would like to have is your private information. You can always sign up for a free web based email service such as Yahoo mail or Hot mail and if really needed provide that email address. Ultimately, the security of your private information is mainly in your own hands, anyones identity can be stolen far easier by employing the information from your credit card, drivers license or your social security card, so be careful in keeping them safe. Assistance services such as reverse lookup phone number directories are growing in popularity, and all of us are going to use them to a great extent more in the following years. Luka Zimmerman is an internet based publisher and editor of reverse-phone-lookup-info.com a site where you can get a hold on all the reverse lookup phone number information.
Robert Tappan Morris was the first person convicted by a jury under the Computer Fraud and Abuse Act of 1986. The story of the worm he created and what happened to him after it was released is a tale of mistakes, infamy, and ultimately the financial and professional success of its author. Morris was a 23-year-old graduate student at Cornell University in 1988 when he wrote the first Internet worm in 99 lines of C code. According to him, his worm was an experiment to gain access to as many machines as possible. Morris designed the worm to detect the existence of other copies of itself on infected machines and not reinfect those machines. Although he didn t appear to create the worm to be malicious by destroying files or damaging systems, according to comments in his source code he did design it to break-in to systems and steal passwords. Morris worm worked by exploiting holes in the debug mode of the Unix sendmail program and in the finger daemon fingerd . On November 2, 1988, Morris released his worm from MIT to disguise the fact that the author was a Cornell student. Unfortunately for Morris, his worm had a bug and the part that was supposed to not reinfect machines that already harbored the worm didnâ™t work. So systems quickly became infested with dozens of copies of the worm, each trying to break into accounts and replicate more worms. With no free processor cycles, infected systems soon crashed or became completely unresponsive. Rebooting infected systems didnâ™t help. Killing the worm processes by hand was futile because they just kept multiplying. The only solution was to disconnect the systems from the Internet and try to figure out how the worm worked. Programmers at the University of Berkeley, MIT, and Purdue were actively disassembling copies of the worm. Meanwhile, once he realized the worm was out of control, Morris enlisted the help of a friend at Harvard to stop the contagion. Within a day, the Berkeley and Purdue teams had developed and distributed procedures to slow down the spread of the worm. Also, Morris and his friend sent an anonymous message from Harvard describing how to kill the worm and patch vulnerable systems. Of course, few were able to get the information from either the universities or Morris because they were disconnected from the Internet. Eventually the word got out and the systems came back online. Within a few days things were mostly back to normal. It is estimated that the Morris worm infected more than 6,000 computers, which in 1988 represented one-tenth of the Internet. Although none of the infected systems were actually damaged and no data was lost, the costs in system downtime and man-hours were estimated at $15 million. Victims of the worm included computers at NASA, some military facilities, several major universities, and medical research facilities. Writing a buggy worm and releasing it was Morris second mistake. His first mistake was talking about his worm for months before he released it. The police found him without much effort, especially after he was named in the New York Times as the author. The fact that his worm had gained unauthorized access to computers of federal interest sealed his fate, and in 1990 he was convicted of violating the Computer Fraud and Abuse Act (Title 18). He was sentenced to three years probation, 400 hours of community service, a fine of $10,500, and the costs of his supervision. Ironically, Morris father, Robert Morris Sr., was a computer security expert with the National Security Agency at the time. As a direct result of the Morris worm, the CERT Coordination Center (CERT/CC) was established by the Defense Advanced Research Projects Agency (DARPA) in November 1988 to prevent and respond to such incidents in the future . The CERT/CC is now a major reporting center for Internet security problems. After the incident, Morris was suspended from Cornell for acting irresponsibly according to a university board of inquiry. Later, Morris would obtain his Ph.D. from Harvard University for his work on modeling and controlling networks with large numbers of competing connections. In 1995, Morris co-founded a startup called Viaweb with fellow Harvard Ph.D. Paul Graham. Viaweb was a web-based program that allowed users to build stores online. Interestingly, they wrote their code primarily in Lisp, an artificial intelligence language most commonly used at universities. Viaweb was a success, and in 1998, ten years after Morris released his infamous worm, Viaweb was bought by Yahoo! for $49 million. You can still see the application Morris and Graham developed in action as Yahoo! Shopping. Robert Morris is currently an assistant professor at MIT (apparently they forgave him for launching his worm from their network) and a member of their Laboratory of Computer Science in the Parallel and Distributed Operating Systems group. He teaches a course on Operating System Engineering and has published numerous papers on advanced concepts in computer networking. _____________________________________________________ Marc R. Menninger is a Certified Information Systems Security Professional (CISSP) and is the founder and site administrator for the OpenCSOProject, a knowledge base for security professionals. To download security policies, articles and presentations, click here: Security Officer Forums .
Here is your weekly summary of important computer security news, to keep you safe and sound on the Internet. Yahoo! IM Fix is Now Available Yahoo has now fixed the critical flaw in its Instant Messaging program. As we saw recently, there was a critical flaw in the ActiveX control that could have allowed hackers to install software on your computer. What a scary thought. The patch, or update to version 8.1 is reportedly not vulnerable to this attack. If you use Yahoo IM, you should get the update automatically, or you can go to the Yahoo IM site. June 12 was Patch Tuesday . Microsoft released a bunch of fixes for Internet Explorer, Outlook Express, Windows Mail and others. Four of the patches are critical. Make yourself a note to ensure that your computer updates itself automatically, or do a manual update. Beware also of fake emails telling you to go to a particular site to get the updates. Follow this procedure only: Click Start, Windows Update, OR Start, All Programs, Windows Update, OR launch Internet Explorer and click Tools, Windows Update. More on eBay Phishing Scams I have often warned about eBay phishing scams, which turn up in your email inbox regular as clockwork. It works like this: You get an email from an angry customer who claims to have paid for your auction, but never received the merchandise. You are sorely tempted to click the link, to see what the heck this customer says he bought. If you do, you are asked for your eBay ID and Password, which go straight to the hacker behind the whole scheme. Now here is another long-running eBay s cam that seems to come and go with the seasons. Say you are searching for an item, perhaps an MP3 player, and you find a few entries. But instead of a picture of the item as you were expecting, you see a pornographic image, usually of a nude woman. Again, you are sorely tempted to click on the image. If you do, you may receive a load of spa m, if you are lucky. If you are not lucky, you will be the victim of some sort of malware attack. When surfing eBay or any other site for that matter, do not click on links that donâ™t seem right or that are unexpected or out of the ordinary. I have often repeated, even the best security programs will not protect you unless you think before you click! The Taxman Cometh, Round Two First it was Canadians being targeted with fake tax notices from their Government, now itâ™s the turn of U.S. citizens. Spammers are sending out fake Internal Revenue Service notices, saying you are under investigation. Keep cool; it is a fake, to get you to install a malicious Trojan on your computer. There are various versions, some with an attachment supposedly containing the details of the IRS complaint. If you open the attachment, the Trojan installs itself and gives the criminals complete access to your computer. The IRS does not send out unsolicited emails, so any communication you get from them is almost surely a phishing s cam. Do not be intimidated by the official-looking email or legalese. Do not open the attachment. You can report suspicious emails to the IRS here: email@example.com If you live outside North America, beware of similar scams in your inbox. Be vigilant, and use common sense on the web. Syd Tash is a noted security consultant and author of How to Protect Your Computer Online - A Complete Guide. He has been keeping surfers safe since the last century. For more free Daily Tips and info to keep you safe online, visit mypcsecuritysite.com and bookmark it!
Firefox has been around for a much shorter time than Internet Explorer and still it is much more secure and reliable. Microsoft has released the newest version of their web browser, Internet Explorer 7 Release Candidate 1. Already you can see complaints everywhere about bugs and problems experienced by people who upgraded to the newest version. Internet Explorer 7 boasts an array of new features, but almost all of them have been around in Mozilla Firefox for quite some time. I guess the one feature Microsoft is bragging with the most is the new tabbed browsing interface. This is nothing new to Firefox users and I would rather trust a browser that has been using this feature for a couple of years because it had enough time to straighten out all the bugs and problems associated with it. Internet Explorer 7 is new to the world of tabbed browsing and one wonders how many problems will one experience with this feature before Microsoft gets it right. Iâ™m not saying that there are any problems with its tabbed browsing feature, but if they could not even get the basics right in the past one does not have much trust when they come up with a brand new feature. Later versions of Internet Explorer 6 introduced a built-in pop-up blocker. Users of Mozilla Firefox has been enjoying pop-up blocking long before Microsoft decided to add it to their browser. With its pop-up blocking feature and enhanced security, Firefox has been much less vulnerable to virus and spyware attacks than Internet Explorer. Firefox may not be 100% secure but security issues gets fixed in a much more timely fashion than the ones in Internet Explorer. The main reason for this effective attention to bug fixes is the fact that Firefox is Open Source software. Many people argue that it poses a great security threat having your source code available to the public, because it is easier to discover and exploit vulnerabilities when you have access to the code. This may be true, but the fact that the source code is available to anyone, creates a bigger pool of software developers contributing to the development and enhancement of the software, which results in faster and more effective releases for bug fixes and security issues. You are left at the mercy of Microsoft to get the problems in Internet Explorer fixed and all of us know how slow their response sometimes are when it comes to resolving security issues. Another feature of Internet Explorer 7 is the new anti-phishing scanner. It scans the pages you visit for the possibility of phishing scams. This is a welcomed feature for any browser because there has been an increase in phishing scams over the ears and action has to be taken against them. Now, many people may take the opportunity and throw some stones at Firefox saying that it does not have a built-in phishing scam scanner, but Internet Explorer does. Iâ™m sorry to burst your bubble, but you can add the same feature to Firefox with the Google Toolbar extension. The newest version of Google Toolbar has a feature called Google Safe Browsing that stops the user from visiting a possible phishing site. The fact that you can enhance Firefox with extensions makes it a very versatile browser. Web developers are jumping for joy with the introduction of the Developer Toolbar in Internet Explorer 7. The toolbar includes tools that assist web developers in troubleshooting and manipulating web pages. Again you can add the same (if not better) functionality to Firefox with the Web Developer Toolbar Extension. This extension for Firefox is packed with so many features that you will ask yourself: âœWhat can this toolbar not do?â There is also better CSS (Cascading Style Sheet) support in the newest edition of Internet Explorer compared to previous versions, but any web developer knows that Firefox has always handled CSS much better than Internet Explorer. RSS (Really Simple Syndication) feeds are starting to become a web standard and providing support for it is becoming inevitable. Firefox caters for RSS feeds through its Live Bookmarks and the Google Toolbar also supplies its own way of subscribing to RSS feeds through Google Fusion. Windows Vista will be geared towards RSS feeds and that is why Microsoft decided to incorporate support for RSS feeds in Internet Explorer. So once again, Firefox has been supporting this feature long before Microsoft decided to add support for it in their browser. It took 7 versions of Internet Explorer to get it up to similar standards as Mozilla Firefox that is only at version 1.5 at the moment. Users upgrading from Internet Explorer 6 to version 7 will be introduced to new features, some may be confusing for people not used to things like tabbed browsing and RSS feeds. So if you are willing to learn new ways of browsing the Web, why not switch to Mozilla Firefox, the trustworthy browser that has been doing things right from the beginning. About the Author Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against malicious software. For fast, safe and secure browsing, download Mozilla Firefox with Google Toolbar .
According to Dell technical support, 12 percent of their support calls involve problems related to some kinds of Spyware. Microsoft reports that fifty percent of all computer crushes are caused by Spyware, viruses and Trojans. Thus, it is quite possible your PC is infected this very moment. How did it happen? There are many ways, but most of them are paved through Internet connection. You do not need to surf any dubious websites to open the doors for spyware nasties. It may happen when you search for something on Google or any other search engine. You click on several links, and one of them suddenly redirects you to some crappy page. You close it and continue your search, unaware of spyware already happily installed and doing it s job. Remember: unlike virus, spyware does not need to be executed by user to start its activity! So, when PC is infected with spyware, what happens behind the scene? Key logging: keyloggers copy everything you type to a file and send it to the hacker. The more sophisticated type, which is used for identity theft, copies the information you provide when you are connected to a secure website. You never know there s a keylogger spying on every key you press. Windows Task Manager do not show the corresponding process, and anti-virus software often fails to detect keyloggers. Do you type passwords for online banking? Now you can imagine someone knowing all of your hard-to-crack passwords. Browser hijacking: spyware is capable of changing your start page, search page, search tool bar and redirect your url to specific pages. It takes complete control of what webpages you visit, block certain websites and redirect you to sites you should stay a mile away. Email redirecting: surreptitiously copies all your incoming and outgoing emails and sends to the hacker. Did you believe email to be private? It s gone public thanks to spyware. There are cases when people find there private correspondence published on blogs. Dialers: this spyware install themselves to your dial-up settings and dials numbers without your knowledge, often to out of country numbers. You may be paying for traffic generated by criminals, and you are solely responsible for that. Proxy-servers: these are computers used to provide anonymity. Hackers use proxies when attacking government websites. If your computer is acting like a proxy, you may be filed for investigation. And police will find all traces of illegal activities on your PC. Collectware: the purpose of this type of spyware is to track your surfing habit and transmitting the statistical data to the hacker. This information later gets sold to advertisement companies. And you may have floods of ads delivered to your desktop without ever asking for that. BTW, ParetoLogic Anti-spyware fights all these types of spyware and prevents them from ever installing again. What spyware makes to your user experience usually is: unusual activity of hard-drive when you re doing nothing that could cause HDD to spin like crazy; Windows loading very slow, often with strange errors displayed; overall productivity of Windows considerably decreases. Word takes ages to load, browser opens in multiple windows that clog the desktop space with ads you never want your children to see; Running anti-virus scan doesn t seem to resolve the problems; Still worse, anti-virus programs may be targeted by spyware and lose the ability to detect malware. Some spyware programs will sabotage the programs designed to detect and eliminate them. Head over to XoftSpy antispyware to download a FREE step-by-step guide on managing online privacy at home. Kelly Wright is an author and consultant who writes about Internet privacy management issues, and publishes articles related to PC security maintenance.
Phishing is a deception that is premeditated by online criminals to thieve users of personal information like passwords, credit card numbers, account data, social security number etc. The con artists send tons of fraudulent email messages to millions of mail accounts, while the emails seem to originate from Web sites that users depend on, for instance a bank or credit card company. They are always requesting the user for personal information. Using a variety of spoofing and social engineering ploys the phishers try to trick their susceptible victims. According to one report by the APWG, Anti-Phishing Working Group, in the first half of 2004 the number of Phishing scams increased by 800% and considering the figures from November 2003 and May 2004, the percent was at a stunning 4000. For the month of June 2004, this average attacks reported by APWG was 50 per day from different sources. So with collective emails being sent out, each of these unique attacks can affect almost a thousand users, if not millions, which boils down to nearly three to five percent of the email receivers. This results in huge payoffs for the swindlers since the numbers of people targeted are tremendous. To avoid being a victim of a phishing scam it is important to understand how these Phishing emails look like. As the level of sophistication of scam artists continues to improve, their emails, messages and pop-ups also go on to develop. This means that in order to make emails more legit, the phishers use official-looking logos, identifying information, etc and even place links that appear to go to the legitimate site. However these links actually take the users to phony scam sites or pop ups that are identical to the official site, known as spoofed Web sites. This way a user unknowingly enters personal information at the spoof sites and becomes a victim of identity theft. Here are a few telltale signs of a phishing e-mails that look official and real. Â· Appear to come from a trusted bank, retailer or company and websites like PayPal, eBay and US Bank are also used as masks for the scam. According to APWG study, in 1,422 unique attacks, five hundred had a Citibank front, which makes it the most targeted business by phishers. Â· The emails received by the user request verification of personal and account details like passwords, date of birth, pin codes, etc. for security reasons. Â· Mails that warn users that their credit card number has been stolen and ask them to follow a link on the mail where they are to key in the credit card number after logging in. Since this data is used for online baking, the phishers scam the victims out of their money. Â· Fines for junk mails, lottery scams, etc The Federal Trade Commission (FTC) cautions users to be apprehensive of any official-looking e-mail message that solicits for renewing personal or financial data and appeals such email addressees contact the organization to check if the email is legitimate. We are a team of experienced writers, editors, SEO experts and quality control personnel who work in close association to produce quality, keyword-rich content. We have worked on web content, press releases, ebooks, blogs, travel guides as well as articles on a myriad of topics. Our endeavor is to provide you long term support in your content development efforts. CNS Zone...We Build On Words!!
With the growth of the internet on a world wide basis, there has also been an increase in the number of scams and attempts to procure money or identity details illegally. This has given rise to the need to exercise caution in the websites frequented and to use credit card details responsibly for online purchases. Here are some guidelines to increase safety and protect your identity. 1. Always ensure that your browser version is keep up to date. This ensures that you are not exposed to old security flaws that are exploited by â˜phishersâ™. You can also consider using a browser such as Firefox which is less susceptible to attacks than Internet Explorer. 2. Always install operating system updates, service packs and released patches. This prevents outside attacks from exploiting known system vulnerabilities or taking control of system commands. 3. Install virus software and run this on a regular basis. Always update this continually to keep your database current. This will insulate your system against current known agents and help to remove or quarantine any suspicious files. 4. Run regular spyware and malaware checks to remove any files the software considers a problem. With browser hijackers, keyloggers and advertising tracking all presenting potential security threats, running regular system checks will keep your system free of unwanted files. 5. Do not reply to complete security or account details email requests unless you are absolutely sure the email is authentic. Many commercial companies are being targeted by â˜phishersâ™ who email account holders and direct them to third party websites under the false pretense of updating personal details. Individuals who comply are exposed to potential identity theft. 6. Complete online banking through secure channels and log out immediately after you have finished. Do not provide any account details to individuals over the internet or through email. 7. Install a firewall and keep it regularly updated. This will protect your computer from system attacks and port scan attempts by hackers looking for vulnerabilities. If you follow the above advice you greater improve your personal security and minimize the chances of security breaches and identity theft. The best defense against malicious behavior is to take offensive action by installing appropriate security software and maintaining regular protocols when using sensitive personal details. Andrew Winthorp owns and operates phishing-defense.com Phishing Learn more about how to improve your computer security.
If you are using WiFi (802.11a,b.g) public hotspots then you are sending and receiving all of your traffic in the clear . It is penetrating walls, it is zooming across the street, and it is all readable plain text. Many hotels have sniffable wired networks. Go to a conference with your competitors and from the comfort of your hotel room you might be exchanging more than greetings. If your data is in the clear on a sniffable network everything you do is available for public perusal. If you check your email on a sniffable network anyone with a sniffer can record your usernames, passwords, destinations, and any payload that you sent or received. If you received a spreadsheet via email it may be on some hacker s hard drive before it gets to yours, and with wireless networks the hacker could be a half mile away. Your instant messages may be flying across someone else s laptop screen right now. HotSpotVPN allows you to protect yourself by encrypting your traffic and cloaking your destination in a Virtual Private Network. What is VPN? A virtual private network typically provides you with a private connection to your end destination. We provide you with a secure tunnel to the Blacklogic VPN Servers. To do this a tunnel is created through an untrusted network (the internet). Everything in the tunnel is encrypted on the way in and decrypted on the way out. It no longer matters that someone can sniff your packets. All they will see is an unreadable series of letters and numbers. Additionally, anyone snooping around on your connection will not be able to discern the final destination or the type (web, email, chat, streaming video) of service you are connected to. The VPN Service we provide will conceal your real IP and replace it with a another. In doing so, your online activity is anonymous and prevents harassment caused by people tracking you by your IP address.. The connection is also encrypted using the latest encryption technology to ensure you with a secure internet connection at all times. Especially at WiFI Hot spots! It prevents local ISP from speed capping P2P traffic. Tests have shown the download speed is significantly improved however this is not always true. Other factors need to be factored into the equation! Also, a ssl vpn is not the same as a PPTP vpn. The speed of a SSL vpn is slower than the VPN sold by us. Log files are destroyed and ISP Providers have nothing on your internet use. Furthermore, ISP (Internet Service Provider) don t know you are using it. It is masked as a regular connection. You no longer need to use a proxy site. You can Bypass skype blocked in your region, bypass all blocked web sites, such as poker, adult, blog sites, watch American TV and more. Depending on your location the VPN connection may stop working, let us know and we will provide a new connection file to resume your VPN service. VPN Service Anonymous Surfing VPN account
Excuse me for being so forthright, but designing a web site exclusively for a specific browser is downright stupid. The time when the Internet was monopolised by a single browser is long over. Internet Explorer, Firefox, Opera and Safari are some of the most popular browsers used by surfers today, with Internet Explorer and Firefox taking up the biggest part of the browser market share. It is a dreadful Internet marketing mistake and you loose thousands of visitors by focussing on one specific browser and shutting out the rest. But choosing the wrong browser does not only have economical effects on your web site, it also puts the security of your visitors at risk. The history of Internet Explorer has been plagued by security flaws and rendering bugs. Many web designers know how hard it is to display a perfectly coded site correctly in Internet Explorer. A site may display beautifully in Mozilla Firefox, but may appear completely broken in Internet Explorer. The rendering bugs in Internet Explorer require clever tricks and âœhacksâ to work around them. This means double production time when developing a web site. You first need to develop the site in general and then test it with Internet Explorer to see where you need to employ these workarounds. By restricting your visitors to Internet Explorer only, you force them to use an insecure browser and you waste your time by patching its rendering flaws with clever workarounds. Who knows, a rendering flaw may be exploitable and you are promoting those flaws by forcing your visitors to use a browser that is the direct cause of the rendering problems of your site. By working around these flaws you may even make it easier for hackers to exploit them. I know I am exaggerating a bit, but I will feel much safer using a browser without these rendering issues. At least I know there is no chance of exploitation. Another thing is the basic HTML coding errors that are automatically fixed by Internet Explorer. I have seen inexperienced web developers spending hours developing a web page, experiencing no problems when displaying it with Internet Explorer, but suddenly encountered difficulties displaying the page in Firefox. Firefox is not there to cover up for your mistakes, coding standards are there for a reason. Imagine developing a compiler for a programming language that has to fix common coding errors made by programmers. It is a complete waste of time and code, you can simplify the code of the program substantially by removing these useless error-controlling routines. It will make debugging much easier and faster. Why do you think does Microsoft take so long to get security flaws fixed, I reckon Internet Explorer has far more complex code than Firefox? You can cut your web development time in half if you test your web site in a browser like Firefox, which is far more compliant with W3C standards than Internet Explorer. There is nothing wrong in âœfixingâ your web site for Internet Explorer visitors, you are only making your web site accessible to more users, without forcing them to use a different browser. But the whole irony behind âœfixingâ your web site comes down to fixing something that is not broken. A standards-compliant Cascading Style Sheet (CSS) must be amended with redefinitions of widths and heights to make your site compatible with Internet Explorer. When you run the style sheet through a CSS-validator, you will receive warning messages for a document that was actually 100% compliant before these changes. Some bugs are not always that easy to fix. For instance the transparency bug with Portable Network Graphics (PNG) files. You either must choose to keep the PNG files and live with the bug or convert all your PNG images to Graphics Interchange Format (GIF) files. Every web designer must aim to develop a web site that is compliant with web standards, not a specific browser. An open source browser like Firefox supports most of the features in Internet Explorer and you can easily add functionality that is not supported by default, with the use of an extension. So this brings me only to one conclusion, web designers designing Internet Explorer specific sites are only spiteful. The only reason why you are unable to open a specific page, is not because your browser does not support it, it is because the designers are deliberately blocking it. Why block a browser, which most probably does a better job than Internet Explorer with that specific page of your site? I can only see it as childish jealousy over other browsers doing things better than Internet Explorer. You may end up creating security flaws on your own site by being so narrow minded and making things so complicated. If a web site requires a visitor to use a specific browser, it implies that that certain client side processing is required, that is dependent on a specific browser and cannot be done on the web server. That is extremely dangerous, especially when it comes to capturing sensitive information. The visitor never knows whether the web site owner wants to exploit a flaw in a specific browser or steal your private information without raising any alarms caused by certain browsers. Many people may argue: âœHey you are fast to point the finger to other designers. You have a notice Best Viewed With Firefox displayed at the top of each and every page of your site, for every user not browsing with Firefoxâ. But there is a huge difference between âœBest Viewedâ and âœOptimised Forâ. A site is best viewed in a specific browser, but you can still view it with any other browser. A pure standards-compliant web site should render correctly in any of the latest mainstream browsers, which is the main goal of HTML and CSS coding standards. It is not my fault if a browser cannot render my web site correctly when I adhere to these standards. Best Viewed With Firefox simply means that if my web site appears broken, then it is because you are using an inferior browser. Rediscover the web by using a browser that displays a site as it is supposed to appear on your screen, without the need of clever monkey tricks and coding workarounds. Do not let selfish companies force you to substitute your security for access to their web site. About the Author Coenraad is webmaster and founder of Cyber Top Cops , leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.
Nobody wants their children to be exposed to mature websites and pornography but at the same time, their activity can not be constantly observed. There are bound to be occasions when they mistakenly come across websites which are not for their eyes leading parents to question exactly how they can protect them. Supervision is probably the first step that a parent should take, particularly with younger children but not forgetting teenagers. Children can be curious and search âœnaughtyâ words as a joke but it is more likely that they could stumble upon unwanted content. Experts have previously advised parents to limit the amount of Internet activity but this can be hard for parents of children who use online research facilities to help them with their homework. In this case, a web filtering service would be ideal as it could diminish the likelihood of a child discovering mature content or pornography on the web while searching for gossip on their favorite musician, for example. Web filtering services are excellent as they aim to phase out multiple levels of pornography and mature content often extending to gambling sites and references to alcohol and drug use. They can be quite restrictive, however, but this type of service is constantly improved to iron out the problems and perform an important task. Web filtering services basically protect children from adult content when their guardianâ™s eyes are elsewhere. Education is also important as it can offset any accidental discoveries which could lead to trauma and uncomfortable questions. By letting the children know that there are things on the Internet that are not for their eyes and should be looked at, it may save a few problems if they did see something upsetting as well as preparing them to instantly shut down any website that does not seem legitimate. One of the most important things to inform children and young people who use the Internet is of the dangers and threats that exist online. It isnâ™t a good idea to scare the children but it would be worse if they were not aware of anything and were subjected to adult conversations or pornography by someone they became friendly with in a chat room for instance. It may be impossible to guarantee that children are absolutely protected from harm but a certain amount can be blocked from use on a computer and some parental guidance can be ideal whenever a child wishes to try out a new website. If the parent views it beforehand they can be aware of any mature content that may or may not exist on the site and then take action. It is also useful to keep an eye on the Internet history to ensure that the younger members of the family have not seen anything untoward. Ruth is actively involved with the internet and she finds it very exciting. Her passions are people and pet health. She is a wife, a stepmom a dog owner and a business person. She is married for almost 30 years to Chris who has been, and still is, battling the monster MS. Cyber Crime, Identity Theft And Computer Hackers are a concern to Ruth. She is currently helping to fight the battle against cyber crime. Her About Page: ruthbird.com Her Fight Cyber Crime: cyber-protector.com Her Stop-Cyber-Terrorism Blog - stopcyberterrorism.com/gethelp
Many people wonder if they should pay for an anti virus protection program instead of purchasing one. The reason why these people want to know about a free anti virus protection program is because the Internet has conditioned us to think that everything should be free. However, when you are looking for an anti virus protection program, you need to understand that just because someone is telling you that you can have this program for free, does not necessarily mean that it is free. So, whenever you are choosing a good virus protection program, you should stop to think about this for a minute you will understand that a person who has spent a huge amount of time developing and maintaining an anti virus protection program will want to make money off of it somehow in order for them to be able to create new programs. Plus, with these programs you will more than likely not get any type of technical support because the person who designed the program is giving it away for free. If you still choose to use a free anti virus protection program, you should know that there are probably some type of spyware attached to it. This spyware will then allow your computer to be tracked for advertisement purposes. You may also have your computer scanned for e-mail addresses or other pertinent information that you would not want to give anyone. For these reasons alone, you need to be very careful whenever you install these free programs on your computer. Even better yet, you should pay for your anti virus protection program. These programs really are not that expensive and yet they will help keep you safe from any malicious attacks on your computer. Of course, you should also be using a firewall in order to ensure the complete safety of your computer. When you ready for shopping antivius protection software check for following things. Does it provide 24/7 suppport system. How regular they update antivirus software. Do they have high speed downloads Do they block Spyware, Spam and Popup-ad Filrewall feature available etc. spywareantivirus.info
Blackworm started on the 3rd of February and has been programmed to attack an infected computer on the 3rd of every month thereafter. So far it has been estimated that over 300,000 computers have been infected. It can also disable the keyboard and mouse of infected computers. Some Internet users have already lost important files after becoming infected by the Blackworm mainly because the clock time on their computer was wrong. Like many Internet worms, Blackworm attempts to spread by mailing itself to contacts in a user s address book. The e-mails containing the worm can have a wide variety of Subject fields and attachment names. The worm also tries to add itself to the auto-start programs in the Windows registy. Once a computer in a network has been infected, Blackworm will try to infect all other systems in the network. To prevent getting infected by Blackworm you shouldn t open attachments or click on Web links within these e-mails, especially if these e-mails have a porn-related subject line. You should also backup any important files that you would like to preserve. Most antivirus products will detect Blackworm assuming the worm hasn t disabled the antivirus software. It is also recommended to scan your computer for viruses and use a firewall. About the Author: Edward is the owner of thespywareterminator.com where you can download the highest rated spyware remover for 2005. This superior software removes many unwanted Internet parasites such as viruses, trojans, popups, adware and spyware. It has been downloaded over 35 million times by people in over 100 countries. It really works!
Weâ™ve been amazed by it since its introduction. Who canâ™t remember the address given by Steve Jobs of Apple when he introduced the revolutionary iPhone? Who wasnâ™t amazed at the device that was capable of surfing the web, taking pictures, listening to music and of course receiving and placing calls? Nothing new, right? Just as the iPhone was released, hackers around North America started to dig into what makes this tick. The primary reason was to unlock the phone so that you didnâ™t have to sign-up with ATandT but with any carrier that supported the technology. But could there me more nefarious reasons to hack the iPhone? Skilled hackers could now take their phone onto any carrier, but more importantly they could create and enable custom ring tones (without having to pay for buying ring tones), enable custom wallpapers and more. In process of hacking into the iPhone, several tidbits were gleaned - such as the fact that the software on the iPhone runs as root - in the Unix world this basically gives you full and complete access to the machine. You could bring down entire servers and even chains of servers if you have ROOT access to a Unix machine. So how does this impact you, the average user of the Apple iPhone that isnâ™t planning on hacking into their phone? Well someone may want to hack into your phone and they now have the blueprint to do it. While Apple is working hard to try and prevent hacking by playing cat and mouse game, it will always be a cat and mouse game. If you happen to surf into a questionable website that happens to download software to your iPhone you could end up in a whole heap of trouble. In an article in the New York Times Technology section from July 23, 2007, an iPhone flaw was found to let hackers take over the iPhone. Remember that most people store entire lives on their digital assistants (whether this is a Smart Phone, the iPhone or even a PDA). They keep names, addresses, phone numbers, e-mail addresses on them. Not to mention passwords, banking information (such as bank account numbers) and even digital images taken by the built-in camera. Now imagine if a hacker has access to all this data. The security firm, Independent Security Advisors found that through common flaws (and without even hacking into the phone) they were able to gain unauthorized access to the contents of the phone through a WiFi connection or by tricking users into visiting websites that insert malicious code onto the phone. The hack enabled the firm to gain a wealth of personal information that the phone contained. Dr. Miller, who was a former employee of the National Security Agency also demonstrated the hack by visiting a website of his own design, inserting some malicious code onto the phone and then proceeding to have the phone transmit data to the attacking computer. He went on to say that the attack could be used to program the phone to make calls thereby running up the phone bill of the user not to mention the phone could be used to spy on the individual by turning it into a portable bugging device - remember, it does have a built-in camera. How can you protect yourself? As with any device, common sense should prevail. Donâ™t open e-mails from people you donâ™t know - if you open them, and there are attachments avoid opening the attachments or visiting the websites in question. Since the Apple iPhone has automatic updates, always ensure your iPhone has the latest updates by visiting the manufacturerâ™s site. If you are very concerned about threats to your iPhone you may also want to visit the website exploitingphone.com/, which is run by Independent Security Evaluators to stay on top of hacks and threats to your personal data on the iPhone. Even doing simple searches in Yahoo, Google, or MSN with iPhone hacking threats will give you a wealth of information. Copyright Â© Mohammed Bhimji Get more information about adware, spyware, malware and viruses plus information on wireless wifi theft and securing your wireless connection at free-adware-spyware-virus-removal.com
You can become a real live Hero to yourself and your family, by taking part in the next technological revolution: Watch heroes online. Heroes are one of the most popular series fiction and drama series ever to hit the television screen. Since it was launched a year ago, it has really captured the imagination of the television viewing public of North America and all across the planet. You can now watch heroes online. The very concept that a simple group of average people suddenly discovering that they have been given super powers is an exciting concept, and one that all of us are inclined to daydream about. Heroes has become amongst the most-watched programs on television, and the current series continues to attract record breaking audiences. But let s say that you are one of the people who, for some reason or another, cannot be around to watch television when Heroes is airing. You have to work, you have to make a journey for business or pleasure. You can now watch heroes online. Until recently it was a lost cause and you had to wait for a rerun or listen to your friends and work mates telling you how last nights episode was so interesting. And how it was a shame that you missed it. You will be glad to know that these days can now be over for you and you can watch heroes online asap. You may have noticed if you surf the internet a new software program that has been developed that allows you to access hundreds if not thousands of television channels straight from the internet. The advert may have caught your eye, and in your sub-conscious you may have said too good to be true You may even have entered their web site and read a little and then decided Why be a hero! and moved on. And you may have become one of the many tens of thousands who have discovered that this software innovation is true and anyone who takes the steps of investing around fifty dollars to purchase and download has indeed become a real hero and blessed with special powers/ The special power to free themselves from the shackles of the cable and satellite programs suppliers who have been charging them a fortune for a less sophisticated version of this software technology for years. All you have to do is check it out and I guarantee you will be watching heroes online in no time. Many people here the word software and technology and they immediately panic Technology scares me and that s why I prefer to stick with the cable or satellite companies they say. Yet it is so simple to operate the software and enjoy the benefits of television viewing freedom all that is required is access to a broadband connection, and thousands of television channels are yours for the viewing. Once the purchase has been made and the software successfully downloaded and installed, then a whole new world of viewing pleasure will be available to you and your family. Not only watching football on your computer monitor or TV screen will become a matter of course, but also a wide range of other television programs and films as well as including watching heroes online of course. The day to day operation is very straightforward and the software comes with a user friendly interface that even the children will find easy to use. No doubt about it, with this new edition to your software collection, you can become a genuine Hero and watch TV series, news and current affairs and sporting events from all over the World around the clock. You can send the cable guy on his way never to darken your doorway again. Become a Hero to yourself and your family by installing a TV/PC connection. The following link will take you to watch heroes online .
There are many threats from hackers and con artists when a company does business online. Here are some of the main types of fraud: Supplying fake products: Fraud can occur at the very outset of your business when you try to contact a supplier for the product that you have chosen for your online business. The supplier turns out to be untrustworthy and disappears with your money leaving no trace and no hopes of a business. This type of fraud is similar to anything that can happen in the brick and mortar world of business as well. Remember that almost anything that can happen in the real world can happen in the virtual world too, so take the same precautions that you would as for an offline business. Clones: A common problem that more established businesses face is clone businesses that set up with similar sounding names and logos. These businesses will often target your trading companyâ™s clients, and make no mistake; they are after your business specifically. This can create a number of problems for the online trading business, since there is a lack of physical interaction with the customers and it is easier to pull this off. Customer can become confused and either leaves you for the other company unknowingly or be put off by the incompetence of the other company and blame your business. It is a headache for many companies that operate solely online. Credit card fraud: This is the most wide spread type of fraud by hackers and is not limited to the web. But operating online does make it easier for a hacker to find a weakness in your system and exploit it. Most times, hackers will gain access to secured financial information and credit card data and use this to purchase products and transfer money to their own accounts. This can be done so cleverly by an experienced hacker that the trail is impossible to follow. The FBI has been involved in many cases that involve large amounts being stolen in this way and often are unable to locate culprits. It is essential to have plenty of security and use the services of established players in the market such as Pay Pal, etc. Click fraud: Business Week has reported the sharp rise in click fraud as one of the growing problems with doing business online. It implies the software that is now available to fake clicks on an advertisement online, which results in incorrect statistics about the popularity of the site and the number of visitors. Since online business sites pay per click, the advertiser ends up paying much more money than he should. Many unethical affiliates and advertising agents use this type of fraud to make a lot of money. Phishing A common hacker practice online, Phishing or password harvesting has acquired a special name. It is a technique used by hackers via email or Instant Message to subtly and creatively find out an unsuspecting personâ™s financial and personal information. Sensitive data such as passwords, account names and numbers, credit card details, social security numbers are smoothly extracted with the help of a little social engineering practices. Phishing hackers are known to pose as government bodies to defraud even online businesses of access to their databases. William King is the director of UK Wholesalers and UK Wholesale Drop Shipping Suppliers Directory , Drop ship Dropshippers and Dropshipping Supplies and Pakistani Properties and Pakistan Real Estate Homes Plots Offices Property . He has 18 years of experience in the marketing and trading industries and has been helping retailers and startups with their product sourcing, promotion, marketing and supply chain requirements.
This is part 1 of a 10 part series on tuning up your PC. When you get a new PC you marvel at how fast it runs and handles all your tasks and applications. However, as time rolls on, your PC may start to gradually become slower and slower. Your PC also may bog down abruptly. Either way, there are a few easy steps the average computer user can take to get that PC back to its peak performance. Stop Viruses and Spyware Ensure that you have antivirus and anti-spyware software installed and up to date. Viruses and spyware can not only slow a computer down, they can be a security risk. Windows XP comes with Virus Protection software, but XP does not provide enough protection and a standalone program is best (note: ensure that the Virus Protection in XP is turned on). There are many choices for virus protection software, both commercial and free applications. One popular and effective anti-virus program is AVG. AVG Anti-Virus Free Edition 7.5.472 can be downloaded, installed and used for free from download.com. No matter which program you choose, ensure that you keep your software and definitions up-to-date. It is best to use the auto-update option in most programs. Whenever you use your computer to access the Internet, you will eventually receive spyware. Spyware can be harmless or malicious. The first thing is to make sure that you XP Firewall is running. Although not the perfect protection, it does provide some. Make sure that your XP is up-to-date and turn on the Auto-Updates option. Once again, there are many choices for spyware protection. For the home user, there are several free programs that will provide very good protection. One is Ad-Aware and can be downloaded at download.com. The other program is Spybot Search and Destroy at: safer-networking.org Ad-Aware and Spybot can be installed on the same computer and they both can run at the same time. NOTE: Do not install more than one third-party anti-virus program (it is okay to have Windows XP Virus Protection on with another anti-virus program running). As with the anti-virus, keep spyware software up-to-date. If after updating and running your anti-virus and spyware programs, you think that you still have some spyware or virus, run your computer in Safe Mode and run the programs again. The software mentioned above, along with keeping your operating system up to date, will provide reasonable protection from viruses and spyware. Author of simplepctalk.com blog James Owens has over 18 years experience with computers. He holds a BS in Computer Studies from University of Maryland UC and is currently employed by a major university in Indiana as an IT specialist.
Trojans - What Are They And How Do They Work? There are many ways computer trojans are spread. The most common technique used for spreading computer trojans is to send files to unsuspecting users over chat systems. Files downloaded from the Internet using Ares P2P software may carry computer trojans, worms, or viruses that can potentially damage your computer or cause other harms. Trojans The named after the Trojan Horse of ancient Greek history, a trojan is a network software application designed to remain hidden on an installed computer. Trojans sometimes, access personal information stored locally on home or business computers, then send these data to a remote party via the Internet. Trojans may serve as a backdoor application, opening network ports to allow other network applications access to that computer. Unlike worms and viruses, trojans do not replicate themselves or seek to infect other systems once installed on a computer. A Trojan is a program that enters your computer undetected, giving the attacker who planted the Trojan unrestricted access to the data stored on your computer. A Trojan allows the hacker to take complete control over the infected computer. Criminals have all the reasons to create viruses, worms, and Trojans, ranging from being able to steal user information to being in control of a zombie network of thousands of infected computers. Worst case scenario: A third party may gain access to your computer and steal your identity or download so much spyware that it renders the computer useless. Security Trojans can transmit credit card information and other confidential data in the background. Trojans are often not caught by virus scanning, because this is focused on viruses, not Trojans. Trojans are the most common way of bringing a virus into a system. They are malicious codes that masquerade as harmless programs. They seldom do damage, as a virus would, because the master wants his control to remain hidden. Trojans can also be spread through email attachments. Once installed on your computer, Trojans have the ability to create, delete, rename, view, or transfer files to and from your computer. Keeping computer software collection up to date with patches is essential to keeping your computer clean and healthy. A combination of firewalls and antivirus software protect networks against trojans. If you really want to take the work out of looking for that right Spyware Protection from a Spybot go to the Internet and get a Free Spybot Download or a Spybot Search and Destroy Download to prevent your vital information from being ripped from your computer.
Industrial Espionage. These methodologies are being used on a daily basis by competitors maybe even against you. I knew a Private Investigator who used to break into other firm s voicemail boxes. He was suspected of erasing messages and stealing potential clients. I know you may be thinking that is not right. Maybe so but if a Private Investigator cannot protect him/herself than what use are they to a client. This happens all the time. If you think it is bad here in the United States try overseas. It is pretty much considered fair game and rarely enforced. Even the Concord was remembered for being heavily bugged . What you may find surprising is just how easy it is to do. You could even use off the shelf items, although fully assembled models are readily available and cheap. The best way to learn is to do. A little bit of paranoia and a lot of imagination goes a long way. Just look around your house and see what can be used. Baby monitors can be remotely activated and used to listen in on you. Your cell phone can be hacked through its Bluetooth Feature, so not only can all the data be copied, but also settings could be changed. Your phone could be called and answered without you knowing; thereby listening to your conversation. Your phone can also be used to make a call to someone else without you touching a button ideal for incrimination purposes. There was a technique originally developed to remotely view what you watch on your television, now adapted for computer screens. You can find the plans to build this on the Internet from many sites. This is used in Europe, particularly the Balkans all the time against ATMs. There is still the good old fashion radio scanner to listen to cordless phone calls. Then you can say, Well I use a digital, spread spectrum model using 2.4 or 5.8 frequencies. True that is good protection, but given time the packets of data (digital remember) can be reassembled and decoded. Thankfully that takes time, but you can buy a digital scanner to listen to real time conversations. You can also buy software overseas to work with scanners and laptops for listening to cell phone calls. An interesting side note: Some of these same companies that provide such equipment constantly steal from each other. Outside your house or in the basement of your apartment building are boxes where your land line phone service comes through. You just need a telephone/ linesman butt set or build one from a phone to listen in. So you say, What does this have to do with industrial security? Well usually certain people are targeted when looking for a means into an organization. Plus, they can make a convenient scapegoat and distraction to investigators. Believe it or not it is often I.T. and security personnel who are targeted. Although they may be more aware of security they also have higher privileges than most. Many times they use a popular and recognized remote access program when telecommuting. If you can capture their username and password that may be all that you need. Sometimes there may be more advanced authentication procedures. For instance, the server you will log into or firewall you wish to bypass may require extra authentication. Sometimes it may request a MAC address. This is the unique serial number burned into network cards. This can be copied and you can change yours to that one with a software application. If you have the IP Address, then you can switch your IP Address as well. When you access the victim s computer and place a remote access program of your own, don t use one with obvious hacker names like Back Orifice. Using one that they already have, such as PC Anywhere or Remote Desktop would be ideal. Don t worry about tackling a wireless computer network. Even with security enabled that could just be a speed bump to the dedicated. If probing a victim s computer then I recommend making it appear as spam. If they have a firewall, you can probe it and see what version they are using. Afterwards look around for data on cracking that firewall. Any firewall can be cracked and guess what? You can always break into their home and place whatever it is that needs to be placed. Alarm systems can be defeated rather easily if you know how. Many times these burglar alarm systems were installed by poorly trained or overworked employees who take short cuts to get the job done. Sometimes you will actually see the keypads mounted outside the door to a home or easily viewable through a window. What happens if they cut the phone line or cover the siren box? Locks can also be bypassed by means other than just lock picking. You could install a high security lock, but if all the hardware around it is weak than what good is it? Dogs can be tricky and are usually the toughest obstacle to overcome. Believe it or not, little dogs that are the worst. Big attack dogs can be overcome and sedated or contained; even the well trained ones. But little dogs that run around and make a racket are a menace. Once a dog starts barking, the rest neighborhood s dogs will join in. Even using a high frequency sound device to annoy the dog on a property you wish to enter can alert other dogs. If you do break in, check the bedroom and den first. Bedrooms are where the most important items usually are. You are not there to steal but to place bugs, software etc. and to copy anything of interest, such as a security card, hard drive or key. Bring a digital camera and photograph the scene before moving anything. If there is too much dust then leave it alone. Dust leaves a telltale sign, which is very noticeable when moved. Most locks used to secure desks are easy to pick so that s not a big deal. Bring a hard drive cloning devices and a Linux Boot Disk to copy entire hard drives. This way even if they are password protected and encrypted you can crack them later at your leisure. You can carry MP3 players and iPods to act as a second portable hard drive. That can be particularly handy when in a public environment. Someone thinks you are fiddling with a MP3 player but you are actually downloading somebody s hard drive. Carry all the cables you may need since some machines may not have a particular port like firewire. If they do have a faster transfer rate type port, then by all means use it. You can do something else while it is busy copying data. Remember to look under the keyboard for passwords and pay attention to Post-its. Those little pieces of paper are gold mines. Also, and maybe more importantly, copy data from cell phones and PDAs, if they are available. This can be done with cables to your own PDA or laptop. There are portable dedicated units for this purpose as well. The safe if they have one are usually in the bedroom. Use a metal detector to find it. Place the metal detector wand on its lowest setting, so only a significant metal object will trigger it. Sometimes a safe can contain something you can use as blackmail. There are devices which mount to a safe s dial which automatically attempt countless combinations; some are stand-alone, while others are connected via laptop. You can also try the basic combinations for that make and model. Some safe technicians use the default combination or may try to use some thing you can remember like a child s birthday. If all else fails try 36-24-36, it s very popular with certain bachelors. Placing bugs around the house is usually useless. Most people have a tendency to put the television set or stereo on when they are home. The only exception may be over the head of the bed and wait for pillow talk. You may as well concentrate on telephones lines. They may use a cell phone in the house but once again you may not be able to hear the conversation. Even when using a laser mike which focuses a beam against a window and picks up vibrations in a room may not work, especially if they have plush carpeting or heavy drapes. You can record a conversation on video you can always lip-read if audio is not available. If you have the time and they have a garage, see if it opens automatically. Go over to the garage door and make a copy of the remote for yourself. This works even with the rolling code models. This is just a general outline of what you can do. Make sure to check the soles of your shoes before and after a break in. I suggest wearing a popular brand in case the police make a cast of your footprints. You can also place a pair of hospital booties over your shoes to cover your tracks. It is not a bad idea to wear a jogging suit as opposed to being dressed as a ninja. If you have to run, you would not seem too suspicious. It is wise to take as few chances as possible. If you have more time, the best way to infiltrate an organization is to join it. If not directly then as one of it s support people such as food services or building maintenance. Cleaning crews usually work after hours under little scrutiny. These companies have such a high turnover that they are always hiring and do no background checks. If you do show up for an interview or to do some sort of sales pitch come mentally prepared. Hang around the places where the target organization s employees are and pretend to be a headhunter. Hand someone your demo CD. Of course that CD should have more on it than they expect. Anti-virus protection can be completely by-passed using this method. I will even guess that you have done this countless times without a second thought. If the job interview is for a technology-based position, they will tip their hand by asking you what do you know about such and such. A good skill to pick up will be the ability to read documents facing away from you on a desk. While you are at it develop an excellent memory for detail, especially numbers. Taking a few acting classes could help here, too. What I like about situations like this is that these are the ideal times to place bugs. If you think it may be discovered, then just dispose of something in their wastebasket. Blow your nose while placing a micro-transmitter in it. I doubt any one will inspect the contents of a used tissue. They will end up getting rid of it for you. There is a chance that said item could be discovered by personnel who do paper shredding services. Most companies do not use this service. This could also be a good idea to do some dumpster diving later and see what they throw out. You can carry a micro digital camera and record everything you see. Just pretend to be listening to an iPod or something. Whatever you do, pretend that you belong. If someone tries to stop you, start grooving to some imaginary tunes and head for the elevator. Always have an excuse ready. You can also use something known as video ham radio. This transmits video images via radio signals; more commonly used by rescue crews. This is different from the more conventional covert video systems used out there. Video systems tend to use a lot of battery power so bring spares. Ideally it would be nice to place cameras in the copy machine but usually a copy machine technician best accomplishes this. Some operators have gone as far as replace whole machines. The FAX machine is the best for tapping. No one seems to ever suspect that is tapped but will scrutinize everything else. You may think that that is an oversized DSL filter on it but maybe it is not. If there is a damaged door with a lock still attached try to remove it. A good locksmith can build master keys by analyzing the pin tumblers. With some practice you can do this as well. Cut a key for both before and after removing spacers from pins if they have them. This is what is called a master keying system. What you would want to make is the grandmaster key. This will allow you total access. If you do start opening doors, be aware that there may be door contacts. These are magnetic switches used in burglar alarm and access control systems. You can use basic electronic tools to locate the magnet and use your own magnet to fool the door. There are different devices out there which can record and analyze security/ prox/access control cards Weigand output. The Weigand output is when a card reader emits a radio wave, which energizes the card. The card then sends out a unique identifier. This is what you want to catch. With another device you can replicate this identifier, mostly using a PDA. Laptops are better but conspicuous compared to a PDA. Smart cards and the magnetic strips from more conventional credit card types can be duplicated on the spot. Just be aware that with most modern access control software the face will show up on the computer screen that accompanies the card being used so enter with a group. If there is a numeric keypad you can use ultraviolet light to check for smudges and you can guess from there. If you have access to a thermal imagery device, you can see the heat signatures. These are so cheap now that they are popping up in the most unlikely places. Hunters are using them for the slight advantage it gives them. Usually the stronger trace is the most recent. That will be the last one pressed. From there you can guess accordingly. Many systems have a three strikes and you are out policy, so proceed with caution. Otherwise, if you are in a mantrap the doors will stay locked and you are trapped and security will be alerted. Biometrics is growing in popularity but as you probably guessed by now, can be defeated. It is rare for somebody to wipe their prints off. A lot of these devices are fingerprint based so get copies of fingerprints. One way is to get them from the biometric reader itself. Some crime scene photographers have special software or film that accentuates photos of fingerprints. Some scanners that check for retinas and such can occasionally be tricked by trying out a bunch of well-made fake eyeballs and a flashlight. You can remotely access the security and camera system either by the Internet or through a phone line (pre-paid cell phone included). You can give yourself privileges on a blank access card and erase video files of your activities. Sometimes the video files may be also network storage based. Once again you should access anything with any trace of your existence. You can also defeat the cameras individually. Strong light devices can blur an image or anything that emits strong electrical signals can cause static or snow. If the camera is too far you can use a HERF (hi-energy radio frequency) gun. This can send a focused burst which can either be disruptive or destructive. Think of using your cell phone next to a clock radio for an analogy. These are not as hard to acquire as you might think. If you are this close you should monitor the security guards radio frequency. You can use a radio that can communicate with theirs try not to talk to them for any reason. Many sites are now recording radio transmissions for insurance reasons. Voice print recognition has come a long way. Be aware of their call signs and any related lingo. If you have a crazy notion of knocking out a guard just be aware that their radios have a tilt feature so if a guard goes down there is an alert. If you are thinking about doing a late night sneak and peek consider the perimeter defenses. The use of fiber optics in fencing is common and almost invisible to the intruder. Break a branch onto it so that part of the fencing system is deactivated or simply overlooked. In and around can also be seismic intrusion detection, which basically is sensitive to footsteps. This can be tricked with a device called a thumper. It is basically a box that stamps its foot at whatever pace. Certain cameras may be programmed to react to the disturbance. If you are looking for infrared sources use a passive night vision scope/goggle. You are looking for IR emissions; you are trying not to create your own which an active model could do. There are little badges you can wear that can alert you if you are under IR observation. Do not wear divers watches since the tritium will light you up like a ghost to any nocturnal observer with night vision goggles. If the facility is using thermal imagery, than you will need to really do your homework; chances are they are serious about protecting whatever it is they are tasked with. One way to defeat that is by wearing different types of neoprene suits. Everything must be covered not a very comfortable way to spend an evening. Otherwise you will have to wait for a storm to hit before you make a move. Now you may not approve of the disclosure of such information. The truth is such knowledge is freely available to anyone. Just buy a video game to get the latest inventions and their use. Remember this: the most successful operations are the kind that go undetected. Maybe a little bit of paranoia is a good thing. The author of this article is a freelance security consultant contracted by competitive intelligence firms, such as BHE Security, and private investigators. There seems to be a decided lack of knowledge on the techniques and technology of Industrial Espionage .
A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. A good firewall will help protect you from malicious attacks of spyware, adware, malware, worms, trojans, and hackers. Firewalls are security mechanisms that control who can access and send data thru your network or computer. They can be applied to both hardware and software on your computer; many systems use a combination of each for greater protection. All data or messages entering or leaving your computer has to pass thru the firewall, which checks all messages and blocks those that don t meet your specified security criteria or rules. To put it in simple terms: think of a firewall as a security guard or a security scanner for your computer or network. Anything going in or out must be checked thru this system and must obey your rules! Of course, this is just a simple explanation, firewalls can be very complex; consisting of a whole combination of techniques that can be used in concert depending on the level of security you wish to achieve. These firewall techniques may include: Application gateway -- places security mechanisms on specific applications (FTP, Telnet, etc.) Packet filters -- examines each packet using your computer and accepts or rejects according to your rules Circuit-level gateway -- security measures for such connections as TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) Proxy server -- all messages entering or leaving your network must go thru this proxy server, effective for hiding your true network or computer address Also, for greater security, many networks use encrypted data. If you are operating a computer or a server, putting up firewalls will provide protection for your data and information that s passed along your network. If you regularly surf the Internet, placing a firewall on your own personal computer is a must. There is no reason not to have a firewall in place, you can download a free firewall from zonealarm.com for your own personal use. Keep in mind, no system is foolproof; any computer or network hooked up to the Internet can be hacked! Therefore, most people in the know, always keep a back-up of their important data/information on a secure off-line source: floppy disks, CDs, or on a computer that s not connected to the Internet. Do daily or weekly back-ups to make sure your data and programs are safe. Still, a good firewall will go a long way in protecting yourself from any unauthorized access to your computer. With the occurrences of spyware, adware, and other more invasive scumware increasing daily; putting up a firewall and protecting yourself should be your first line of defense against such unwanted and rude visitors. Nuke them at the gate and save yourself from some major headaches. Put that firewall up right now! To learn more about Spyware and Adware Click Here: Spyware Remover Guide Copyright Â© 2005 Titus Hoskins of Internet Marketing Tools . This article may be freely distributed if this resource box stays attached.
Anti-Spyware Software - Is There A Way You Can Do Without It? You may be one of those people who keep on wondering what all the fuss about getting anti-spyware software is all about. Whatâ™s more you may even have managed to survive for quite a long time without seeing any spyware trouble. Now that is the most dangerous position to be in because it makes you very vulnerable because at any moment you can fall victim of credit card fraud or identify theft and as those who have been through it will tell you, it certainly is not fun at all. But what exactly is spyware software and what is the truth about the sort of damage that it is capable of causing? How can you get anti-spyware and how can you be sure that it is genuine stuff? Spyware is computer software that collects personal information and data about every web site you visit as well as every secret password you use to access every sensitive and non-sensitive account that you operate from the computer that has been secretly infested with the spyware software. This information is then automatically sent to the remote location where the spyware originated. You can imagine what kind of damage can be caused when a nasty guy gets hold of the sort of information that I have just described. Huge amounts of funds can be transferred from your accounts and in fact you identity can be stolen meaning that somebody takes over access to all your online accounts. Spyware is for real and you should take the threat very seriously indeed before it is too late. A good idea is to use an established website that deals in anti-spyware software. Go now to an established site that deals with anti-spyware software .
Once you ve completed a security assessment as a part of your web application development, it s time to go down the path of remediating all of the security problems you uncovered. At this point, your developers, quality assurance testers, auditors, and your security managers should all be collaborating closely to incorporate security into the current processes of your software development lifecycle in order to eliminate application vulnerabilities. And with your Web application security assessment report in hand, you probably now have a long list of security issues that need to be addressed: low, medium, and high application vulnerabilities; configuration gaffes; and cases in which business-logic errors create security risk. For a detailed overview on how to conduct a Web application security assessment, take a look at the first article in this series, Web Application Vulnerability Assessment: Your First Step to a Highly Secure Web Site . First Up: Categorize and Prioritize Your Application Vulnerabilities The first stage of the remediation process within web application development is categorizing and prioritizing everything that needs to be fixed within your application, or Web site. From a high level, there are two classes of application vulnerabilities: development errors and configuration errors. As the name says, web application development vulnerabilities are those that arose through the conceptualization and coding of the application. These are issues residing within the actual code, or workflow of the application, that developers will have to address. Often, but not always, these types of errors can take more thought, time, and resources to remedy. Configuration errors are those that require system settings to be changed, services to be shut off, and so forth. Depending on how your organization is structured, these application vulnerabilities may or may not be handled by your developers. Oftentimes they can be handled by application or infrastructure managers. In any event, configuration errors can, in many cases, be set straight swiftly. At this point in the web application development and remediation process, it s time to prioritize all of the technical and business-logic vulnerabilities uncovered in the assessment. In this straightforward process, you first list your most critical application vulnerabilities with the highest potential of negative impact on the most important systems to your organization, and then list other application vulnerabilities in descending order based on risk and business impact. Develop an Attainable Remediation Roadmap Once application vulnerabilities have been categorized and prioritized, the next step in web application development is to estimate how long it will take to implement the fixes. If you re not familiar with web application development and revision cycles, it s a good idea to bring in your developers for this discussion. Don t get too granular here. The idea is to get an idea of how long the process will take, and get the remediation work underway based on the most time-consuming and critical application vulnerabilities first. The time, or difficulty estimates, can be as simple as easy, medium, and hard. And remediation will begin not only with the application vulnerabilities that pose the greatest risk, but those that also will take the longest to time correct. For instance, get started on fixing complex application vulnerabilities that could take considerable time to fix first, and wait to work on the half-dozen medium defects that can be rectified in an afternoon. By following this process during web application development, you won t fall into the trap of having to extend development time, or delay an application rollout because it s taken longer than expected to fix all of the security-related flaws. This process also provides for excellent follow-up for auditors and developers during web application development: you now have an attainable road map to track. And this progression will reduce security holes while making sure development flows smoothly. It s worth pointing out that that any business-logic problems identified during the assessment need to be carefully considered during the prioritization stage of web application development. Many times, because you re dealing with logic - the way the application actually flows - you want to carefully consider how these application vulnerabilities are to be resolved. What may seem like a simple fix can turn out to be quite complicated. So you ll want to work closely with your developers, security teams, and consultants to develop the best business-logic error correction routine possible, and an accurate estimate of how long it will take to remedy. In addition, prioritizing and categorizing application vulnerabilities for remediation is an area within web application development in which consultants can play a pivotal role in helping lead your organization down a successful path. Some businesses will find it more cost effective to have a security consultant provide a few hours of advice on how to remedy application vulnerabilities; this advice often shaves hundreds of hours from the remediation process during web application development. One of the pitfalls you want to avoid when using consultants during web application development, however, is failure to establish proper expectations. While many consultants will provide a list of application vulnerabilities that need to be fixed, they often neglect to provide the information that organizations need on how to remedy the problem. It s important to establish the expectation with your experts, whether in-house or outsourced, to provide details on how to fix security defects. The challenge, however, without the proper detail, education, and guidance, is that the developers who created the vulnerable code during the web application development cycle may not know how to fix the problem. That s why having that application security consultant available to the developers, or one of your security team members, is critical to make sure they re going down the right path. In this way, your web application development timelines are met and security problems are fixed. Testing and Validation: Independently Make Sure Application Vulnerabilities Have Been Fixed When the next phase of the web application development lifecycle is reached, and previously identified application vulnerabilities have (hopefully) been mended by the developers, it s time to verify the posture of the application with a reassessment, or regression testing. For this assessment, it s crucial that the developers aren t the only ones charged with assessing their own code. They already should have completed their verification. This point is worth raising, because many times companies make the mistake of allowing developers to test their own applications during the reassessment stage of the web application development lifecycle. And upon verification of progress, it is often found that the developers not only failed to fix flaws pegged for remediation, but they also have introduced additional application vulnerabilities and numerous other mistakes that needed to be fixed. That s why it s vital that an independent entity, whether an in-house team or an outsourced consultant, review the code to ensure everything has been done right. Other Areas of Application Risk Mitigation While you have full control over accessing your custom applications during web application development, not all application vulnerabilities can be fixed quickly enough to meet immovable deployment deadlines. And discovering a vulnerability that could take weeks to rectify in an application already in production is nerve-wracking. In situations like these, you won t always have control over reducing your Web application security risks. This is especially true for applications you purchase; there will be application vulnerabilities that go unpatched by the vendor for extended periods of time. Rather than operate at high levels of risk, we recommend that you consider other ways to mitigate your risks. These can include segregating applications from other areas of your network, limiting access as much as possible to the affected application, or changing the configuration of the application, if possible. The idea is to look at the application and your system architecture for other ways to reduce risk while you wait for the fix. You might even consider installing a web application firewall (a specially crafted firewall designed to secure web applications and enforce their security policies) that can provide you a reasonable interim solution. While you can t rely on such firewalls to reduce all of your risks indefinitely, they can provide an adequate shield to buy you time while the web application development team creates a fix. As you have seen, remedying web application vulnerabilities during the web application development lifecycle requires collaboration among your developers, QA testers, security managers, and application teams. The associated processes can seem laborious, but the fact is that by implementing these processes, you ll cost-effectively reduce your risk of application-level attacks. Web application development is complex, and this approach is less expensive than reengineering applications and associated systems after they re deployed into production. That s why the best approach to web application security is to build security awareness among developers and quality assurance testers, and to instill best practices throughout your Web application development life cycle - from its architecture throughout its life in production. Reaching this level of maturity will be the focus of the next installment, Effective Controls For Attaining Continuous Application Security . The third and final article will provide you with the framework you need to build a development culture that develops and deploys highly secure and available applications - all of the time. About Caleb Sima Caleb Sima is the co-founder of SPI Dynamics a web application security products company. He currently serves as the CTO and director of SPI Labs, SPI Dynamics RandD security team. Prior to co-founding SPI Dynamics, Caleb was a member of the elite X-Force RandD team at Internet Security Systems, and worked as a security engineer for S1 Corporation. Caleb is a regular speaker and press resource on web application security testing methods and is a co-author of the book titled, Hacking Exposed Web Applications: Web Security Secrets and Solutions, Second Edition About Vincent Liu Vincent Liu, CISSP, CCNA, is the managing director at Stach and Liu ( stachliu.com) a professional services firm providing advanced IT security solutions. Before founding Stach and Liu, Vincent led the Attack and Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International.
Have you been contacted by someone from Nigeria asking for your help in transferring money out of the country? If so, then you are one of thousands of people all over the world, including doctors, lawyers engineers and professors, who have been targeted by what is sometimes called the Nigerian letter scam or Nigerian advance fee fraud . Although Nigerian is the name given to it, this scam is international. The letter or email you get may also pretend to come from another country. It is estimated that Australians lose $2.5 million every month to the Nigerian scam! How the scam works The scam varies, but usually you will receive a letter, or more often, a fax or email offering you a business proposal or transaction. The Nigerian scam typically involve a letter or email from a person overseas claiming to need help transferring a large sum of money. They typically offer to provide a significant portion of that money in exchange for bank account details Once you are hooked, you will be asked to pay all sorts of advance fees (eg. customs, taxes, bribes, legal fees) to facilitate the transfer. Of course, there is no wealth to be transferred and they just use your bank account details to swipe your hard-earned money from your account. New versions of the notorious Nigerian scam circulating via email The Nigerian scam letter is popping up everywhere using slightly different names and different con stories. Regardless of what name is used, position they say they have, or what story is spun, these offers of quick wealth are fraudulent and will only result in lost time and money, and the awful feeling of knowing you have been fooled. Below we have listed the some of the recent versions of the Nigerian scam in circulation: Request to use a bank account to deposit a large sum of money. This scam requests the victim to allow them to use their bank account so a large sum of money may be deposited into. Initial contact with the victim is made by a mass produced email. The money offered may be from a secret bank account, unexpected inheritance, overpaid Government contract or a forgotten sum of money left in a Nigerian bank. In each instance, before the money is placed into the victims bank account, a series of fees and charges are required to be paid before the money can be released, eg. taxes, legal fees etc. Despite the victim making numerous payments to individuals in different countries, there are always delays which prevent the money being sent and require a further payment to be made. A key ingredient of this scam is the victim is required to keep the money transfer secret. Business Opportunity. A business may receive a request from a Nigerian person posing as a public official offering the opportunity to become involved in a large commercial operation being undertaken in Nigeria. The most common example involves projects in the Nigerian oil industry although other examples have been identified in the telecommunications industry. The offer will involve very large financial returns and will require the victim to finance a portion of the Nigerian contract. All payments will be required to be forwarded via money transfer agencies such as Western Union in amounts between $5,000.00 and $10,000.00. Examples of the requests for money include: legal fees, taxes, money transfer fees etc. In each instance, the money will be required to be sent to numerous individuals in different countries such as Benin, Togo, United Arab Emirates and the United Kingdom. Online relationship. This scam targets victims, who are met through internet dating sites, chat rooms or Instant Messenger services. The fraudster may present one of a variety of scenarios including: * Australian citizen in Nigerian hospital - A common scenario begins with the victim chatting online with an Australian citizen living in Nigeria. Communication suddenly stops until contact is made by a Nigerian doctor saying their friend has been in a car crash and needs money to pay for urgent surgery. The victim wishing to help their friend commences sending money to Nigeria via a money transfer facility such as Western Union and as each sum of money is forwarded, a further request for more funds is made. * Internet Romance - With the internet dating scam, the fraudster represents they wish to travel to Australia however needs help to pay for airfares, visa charges or a passport. Once these costs have been paid, the fraudster requests more money to pay for their local taxes, family hospital bills and other costs. In each instance, the fraudster represents they have missed their flight to Australia and requests more money to be sent to Nigeria to pay for further airfares. The fraudster continues this scam until the victim runs out of money or refuses to send any more to Nigeria. Fraudulent cheque/ credit card scam. This scam targets small business owners and persons who have been caught in the internet dating scam. In this example, the fraudster requests goods be sent to him in Nigeria and sends a bank cheque to pay for the goods. The cheque is usually from a foreign bank and is for an amount in excess of the value of the goods and freight forwarding charges. The victim also pays for all the freight forwarding charges and sends the balance of the funds to the fraudster using a money transfer system such as Western Union. When the cheque is deposited into the victims bank account in Australia, depending on the quality of the forgery, it may initially clear. This provides the victim with the assurance the cheque is of good value as represented and they purchase the goods and sends them to Nigeria. Several weeks later, the cheque is identified as being fraudulent and the victim ends up bearing the cost of the whole transaction. The credit card scam involves the fraudsters contacting Australian businesses and requesting the purchase of goods or services. The orders often are significantly higher than that the business would usually receive and appears to be a financial windfall for the business owner. Accommodation providers are regularly asked to provide quotes for Nigerian representatives seeking to attend Queensland for businesses reasons and wishing to book accommodation and conference facilities. Once the quote is provided, the fraudster provides a series of credit cards for the payment to be made from. If a card is not active, then alternative credit card numbers are supplied. Once the payment has been made, the fraudster cancels the accommodation and conference and requests the funds be refunded via a money transfer service such as Western Union. Once the business has refunded the money, they may be notified by the credit card company the transactions were fraudulent and the business must refund the money. Charity Scam. The charity scam differs to the other Nigerian scam as victims are not seeking anything in return. The fraudsters seek victims amongst Church related web sites and chat rooms seeking persons to make regular donations to themselves to run a specific charity. The fraudster represents themselves to be a Reverend or Pastor who operates an orphanage or Church and is desperately seeking funds. There are no means provided to identify whether the charity actually exists or whether the person seeking the funds is who they represent themselves to be. What can you do? Never reply. Throw the offer in the bin or delete the email. Do not forward them on to your friends as they suggest, as you will only be creating trouble for them too. Never give your bank account number or other personal details to unauthorised people. If you have got caught yourself, or if you come across any evidence of Australian involvement in this scam, contact your state or territory police. Do not become the latest victim of these scams They are not only illegal, but they may also be life-threatening as there have been unsubstantiated reports in the past that people with healthy bank accounts were flown overseas first class to meet with the scammers, but on arrival were promptly kidnapped and held for ransom. When the scam is based overseas, it is outside our jurisdiction so the Office of Fair Trading cannot investigate or assist if you find you have lost your money. Consumers are also warned to beware of other scams, including fake requests for donations, bogus bank emails, phoney lotteries, chain letters, pyramid schemes, envelope stuffing schemes and invoice fraud. Remember if it sounds too good to be true, it s probably a lie. The author recommends AVG Internet Security as a solid and reliable choice for protection against today s evolving Internet security threats. Visit avg-antivirus.com.au for more information or to download your FREE 30 day AVG trial. AVG editions are available for you to trial as fully functional products, with no obligation. During the evaluation period, you will be able to test the functions, features and capabilities of AVG software, as well as having access to technical support. David Furlong is a qualified and experienced IT specialist and Technical Trainer. His list of credentials includes a Masters in Networking and Systems Administration, MCSE, and MCSA. He is the founder of the computer consultancy firm, Axiom Networking Solutions .