TechDictionary.com ™ Headerblank

top-curve bottom-curve
blank

SECURITY

Adware, Spyware, Phishing,
Identity Theft


This information is to help you avoid hackers and ID thieves that prey on millions of people every day, but it isn't all you need to know.

SPAM or unsoliticited e-mail is not by itself dangerous but attachments may contain viruses. The best protection is keeping anti-virus software up-to-date.

Most spammer get away but a few are caught, some even have to pay for their actions. In the EU it is easier to track down and sue spammers (ScotchSpam).

If you don't think you are a target for malicious adware, spyware, viruses, and phishing you are in denial.

Viruses, Adware, Spyware & Phishing

The most frequent and worst cases of malicious software, called "malware" is associated with Microsoft products because they are the most commonly used.

Millions of Windows users are switching web browsers because of Internet security issues like spyware.

Popular alternative browsers are Firefox by mozilla.org and Opera. More browser security information below.

Windows users are also switching e-mail programs because of viruses. Eudora, one of the first email programs, and Thunderbird are less vunerable to viruses than Outlook.

Web-based e-mail like Yahoo mail has anti-virus protection and you can access your email from any computer with an Internet connection. Other web e-mail's are Hotmail and Google Mail.

Panda Security identified 25 million pieces of malicious code in 2009 - compared with 15 million samples detected in the previous 19 years. Sixty-six percent of last year's malware were data-stealing programs.

Anti-virus software companies can only release updates to combat newly created viruses after they're released. Since Windows can allow software installation without notifying you some of these anti-virus/spyware programs can detect when software is trying to install itself.

When choosing any software, especially something as important as antivirus software, getting the right antivirus software for your computer is probably somewhere between somewhat confusing and downright puzzling.

After all, how do you know the software you're buying is going to keep your computer safe and not bog your computer down when it runs?

Another place trouble can be found is in Office programs such as Word and Excel. These are malicious macros that can damage your files. Alternatives to Microsoft Office are web-based Office type suites such as ThinkFree and Zoho Virtual Office.

If you use Windows then keep current with updates posted at Microsoft.com. Part of the problem is inherent with Windows so until they change how these programs are designed you will need to be vigilent and keep your anti-virus and anti-spyware software up-to-date. Microsoft Internet Explorer and Outlook have features that are connected with parts of the operating system so they can work with other programs (Back Office). This makes them more vulnerable to hackers.

Adware was first just annoying but recently has become as dangerous as spyware.

Spyware is dangerous, keylogging (keyloging) which captures your keystrokes and passwords then sends the information to criminals. Forexample your ebay, credit card, or banking login and password. Be cautious of ads for Spyware and Adware removal programs unless you know the source.

Anti-virus companies were at first slow to respond to spyware but are now offering comprehensive anti-intrusion software which include anti-virus and anti-spyware. For anti-virus software, anti-spyware visit Amazon's antivirus software

Business & Enterprise:
Enterprise or corporate systems are especially vunerable. Corporate data can be protected in a number of ways and it's best to incorporate as many ways as possible. Always apply the lastest software and operating system updates and patches. Disable default browser and email settings such as AutoComplete on Internet Explorer. Clear stored forms and passwords from the computers cache stored by web browsers. Deploy anti-spyware, anti-virus, and a desktop firewall on every machine no matter how often used. Most anti-virus, anti-spyware companies offer firewall software.

Network Attacks Chart & Global State of Information Security

For corporate users, in addition to the previous links, check out www.ca.com and www.sophos.com

InfoWorld - Spyware: what to know - Security Reviews and Security Product Information

Praetorian Prefect - Security Information



"Phishing" or "Web Spoofing"
Phishing attacks usually involve deceptive e-mail that appears to come from a popular commercial site. The email explains that the recipient has an account problem, or some other reason to visit the commercial site and log in. However, the link in the email sends the user to a malicious "spoof" site that collects user information such as account names, passwords, and credit card numbers. Once your user information is collected by a "spoof:" site, criminals may log into your account or cause other damage. The good guys at Stanford University have developed another cool product (Windows IE): SpoofGuard.

Search Safely
Lots of information on search safety and general Internet security at siteadvisor.com

Password Hashing
Users tend to use a single password at many different web sites. By now there are several reported cases where attackers breaks into a low security site to retrieve thousands of username/password pairs and directly try them one by one at a high security e-commerce site such as eBay. As expected, this attack is remarkably effective. PwdHash is an browser extension (Firefox Windows, Mac, Linux; Windows IE) that transparently converts a user's password into a domain-specific password. Let's hope that the browser companies include this 'type' of protection in future versions.

Covering Your Tracks
In addition to people trying to get access to your computer there is the issue of people getting information about where you've been and what you've done on the Internet. There are a few programs that act as plug-ins for Firefox and some for Safari to hide your identity from those who might want your information.

When you surf the Web, you leave a trail of information. Your browser sends out your data, including your IP address, Web browser version, computer operating system, and the Web page from which your click originated to Web servers.

To surf privately, try two free programs, Tor and Privoxy, both available from tor.eff.org - and work with Firefox and Safari.

The Firefox web browser add-ons provide additional security. FoxyProxy is an advanced proxy management tool that completely replaces Firefox's proxy configuration, it also automatically sets up Tor and lets you configure and switch between proxies. Also Torbutton extension allows you to turn Tor (and Privoxy) on and off by clicking on a button in the Firefox status bar. NoScript allows active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. TrackMeNot protects against search data profiling by issuing randomized queries to popular search-engines with fake data.

To protect your email from prying eyes with encryption you can use PGP, the personal-security product from pgp.com. With PGP you can also encrypt AIM and iChat sessions.

Another interesting approach to email privacy is offered by VaporStream with their "confidential and recordless" communication service.

CISSP Training Certified Information Systems Security Professional

This web site is offering free security education resources to help you expand your knowledge and skills or simply to reach some of your certification goals.

Secure Delete Your Data
Most people are aware that they need to "clean" a computer hard drive if they sell, donate or get rid of their computer. But how many people "clean" their information off their cell phone?

Look in your computer or cell phone manual for how to secure delete your personal information. If you can't find it then you can call the manufacturer. Some companies have the information on their web site.

Also the National Institute of Standards and Technology (NIST) - Computer Security Division - offers guidelines for sanitizing media (disk drives). Good to do before you sell/trade/dispose of that old computer or hard drive. PDF article.

“I’m the creeper! Catch me if you can!” taunted a rogue program called Creeper, written by Bob Thomas, of the BBN (Bulletin Board Network), in 1971. His creation has the dubious honor of being the first worm that spread through many of the early global networks. (more at infoworld.com)


Identity Theft Protection & Consumer Tips

Check washing.
Did you know that most inks can be washed off of a check you write? Criminals use sophisticated methods to “clean” checks which they then can cash. They also use devices to copy your signature. TIP: use Gel ink. Most major pen companies like Bic sell a pen with gel ink. In most cases gel ink cannot be successfully washed off the check.

Mail theft.
Did you know that most mail theft occurs right out of your mailbox? The most common is when people put outgoing mail in their box and raise the “outgoing mail” flag, which becomes a flag for criminals. TIP: drop your outgoing mail in Post Office mail boxes like you find on street corners or at the Post Office.

Of course incoming mail can also be stolen from your mail box. TIP: get a locking mailbox. Also use the services below to remove yourself from mailing lists.

Stop pre-approved offers:
If you want to remove your name from lists for pre-approved offers of credit or insurance obtained from these four consumer credit reporting companies, you will need to contact them. Once you provide your information, your name will be removed from eligibility for pre-approved offer lists provided by all four companies. The information you provide is confidential and will only be used to process your request.

Go to this website www.optoutprescreen.com or you can also complete this process by phone by dialing 888-5-OPT-OUT (888-567-8688). The four companies are Equifax, Experian, Innovis, TransUnion

Credit Report Block:
If you want to protect yourself from someone opening a bank account or getting a credit card in your name you will need to put a Security Freeze on your credit report. You will need to contact each of the credit reporting agencies to sign up (Equifax, Experian, Innovis, TransUnion). At this time you will have to pay around $10 to each company every time you want to freeze or unfreeze your account.

Keep Track Of Your Credit:
A recent amendment to the federal Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies to provide you with a free copy of your credit report, at your request, once every 12 months. Three companies have set up a website and toll-free number www.annualcreditreport.com, or call 877-322-8228 or mail Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281 (ALERT: beware of commercial companies offering free credit reports then charging you.

Stop telemarketers - Do Not Call List
You can register online at www.donotcall.gov or call toll-free, 1-888-382-1222 (TTY 1-866-290-4236), from the number you wish to register. Registration is free. Although annoying most telemarketers are not a security threat.

For other information on Consumer Protection check out this federal government website
www.pueblo.gsa.gov/cfocus/cfprivacy02/focus.htm

Online phone directories – get off the online lists
If your number is listed in the local phone book it is likely on one or more of the online directories. Unfortunately there is no single source for removing numbers, you will have to contact each directory. If you are on the Federal Do Not Call list telemarketers must not call even if you are listed in your phone book or an online directory.
Here are some online phone directories:
AnyWho
WhitePages
Yahoo People Search

Shred for Safety
Most office supply stores sell shredders. Today you can get a good cross-shredder for under $100 which will even do credit cards. Cross shredding is better than straight since it makes it much more difficult to assemble the bits of paper into a readable document.

Once shredded there are a couple of things you can do to make it even safer. You can put the shredded paper in a large plastic garbage bag, fill it with water, punch a few holes in the bottom and let it water your garden or lawn for a couple days. What will be left will definitely be difficult to piece together. We also sometimes keep the shreddings in a big plastic bag and later burn the shreddings (only where legal).


Help for the Interactive Phone Maze (not a security issue)
Paul English created a Cheat Sheet to help you quickly get to a human when you are trying to call a company for service. Even with this, good luck. gethuman.com