Home Browsers Microsoft Office 97 Site Search Windows
Stay informed.
Groups fighting unsolicited commercial e-mail operate Web sites to share information about their efforts to reduce the clutter in everyone's inbox. These groups include:

* Spam Abuse
* Coalition Against Unsolicited Commercial Email (CAUCE)
* Privacilla
* Network Abuse Clearinghouse
* Hoaxbusters

| Click here for some Q & A on Key loggers |

| Try some Security Freeware

| Family Matters

| Going Phishing? Hackers are |

| Freeware | Freeware From A-Z

| More On Security

| Virus Information

Site Updated on 09/06/06 

Freeware | Freeware From A-Z | Security | Virus Information | Site Updated on 09/06/06
[In Other Computing News] [Bo's Digital Tech] [Computing & Government] Go Phish? | Family Matters |

Do your have Microsoft's Patch of the day? Not sure?
Check out Bohunky0's Microsoft Bug of the Month Page
Think you may have a virus? Check out the latest virus list and the archive list. See: Bo's Recent Virus List
Find a borken link? A link that points to a site other than the one intended? Please click here and tell us about it.
Are you concerned about Spyware? You should be! Check out our favorite Spyware eradicator,
Spybot Search & Dystroy

Q&A: What is a low threat virus?
            Examine e-mail headers to determine their real origin
                Wiping an infected computer is best for any OS [Spyware triumphant] from TechRepublic  

Security? 
Yeah, we got that!

 

Leopard nipping at Vista's heels

The new Mac OS is due in spring, which would put it after Vista. But if the Windows update slips again, that could let Apple get in first.

Lieberman defeat a win for 'Netroots' politics?
In taking down the incumbent senator, Ned Lamont relied heavily on Net. A sign of campaigns to come? >> C|Net | Read full story

The security risk in Web 2.0
Security has become a no-brainer for desktop software, but the same doesn't hold true for the booming world of Web applications.
C|Net | Read full story

JavaScript opens doors to browser-based attacks
Malicious JavaScript embedded in a Web site can let a miscreant map a home or corporate network and attack connected devices.
C|Net | Read full story

Attack code puts Windows PCs at risk
Two new exploits that could help hackers create attacks have been released onto the Internet.
C|Net | Read full story

Perspectives

Zero-day Wednesdays
Why are attacks via unfixed flaws coming out the day after Microsoft's Patch Tuesday? Think corporate espionage, CNET editor Robert Vamosi says. Read Full Story

Virus Via Email Pretends It’s From Microsoft - Watch Out For It
Taken from Lockergnome

Bo tip: Microsoft never sends updates or security software through e-mail
Take note of what is important here, bad grammar or spelling mistakes are a dead give-away.

Symantec sees an Achilles' heel in Vista
New networking technologies in Windows Vista will be less stable and secure than in XP, at least in 
the short term, Symantec researchers say.
C|Net.com | Read full story

Security agency war game tries to teach Net defense
In a less clandestine role, NSA pushes federal agencies--and everyone else--to master art of guarding networks.
C|Net | Read the story

Security expert dubs July the 'Month of browser bugs'
Each day this month, a prominent security expert will highlight a new vulnerability in a major browser. Happy surfing.

Security questions the feds ought to be asking
On the heels of the Veterans Administration's giant data breach, the White House is reviewing data security practices of several federal agencies. Here are some questions I hope they're asking.
READ FULL STORY | ZdNet  

Forget the NSA - here's another scary list. Are you included?

Trojan targets Google hosting service
The Trojan waits for people to log on to banking Web sites, then tries to steal personal information by capturing keystrokes.

New Excel zero-day flaw used in attacks
At least one customer reports being the target of a cyberattack that exploits a new, yet-to-be-patched hole in the spreadsheet software.

More info. on "proof-of-concept macro virus", AKA: "Virus.StarOffice.Stardust.a"or "SBasic.Stardust.A!int". Open Office reports that this is not a real virus as it is not self-replicating. As is the case with any macro invasion, it must be opened and run by the user. Never, ever accept documents from someone you do not know and even then, be very suspicious of any downloaded document. Click this link for more: http://www.openoffice.org/security/

In Other Security News:

Spamfighter 4.3.7 - Freeware
Spamfighter 4.3.7Filter spam from your Microsoft Outlook or Outlook Express inbox. Simple, reliable, and efficient.
OS: Windows 98/Me/NT/2000/XP
Fake Antispyware
Fake antispyware software has been a problem for years, and this week we have two new examples. BraveSentry hits all the hot buttons: drive-by installs, false positives, and exaggerated claims in advertising. Read about it in the Fake Antispyware section. Read this story | PC/Mag

Want to know more about security and some great sites to help? Click one or more of the below:

Internet ScamBusters
Avoiding Internet Scams
ScamWatch
Internet Scams - General Information

 

Police to develop national video ID system
Facial recognition will automatically identify images of wanted criminals, according to police business plan.

University server in hackers' hands for a year
Intruders go undetected on three servers containing student data at Ohio University for unprecedented amount of time.

 

Q: I recently read of a new virus, then found my antivirus software called it a low-threat, "proof-of-concept" virus. What's that? -- Sally,

A: Security researchers and hackers sometimes write virus code to see whether something is possible and submit that code. Like a virus or worm found on the Internet, the code is then named and analyzed by antivirus researchers. Often there are crippling flaws that prevent the code from spreading from computer to computer, but the underlying concept is unique or interesting. These are labeled proof of concept, since their purpose is to demonstrate that something is theoretically possible rather than to exploit that possibility with a legitimate threat. 

Examine e-mail headers to determine their real origin

E-mail security

I've mentioned that it's possible to identify forged e-mail by reading the e-mail headers. This generated a lot of feedback, mostly from readers wanting to know how to do it.

E-mail headers, as a topic for Internet security, aren't as exciting as an exploit or the latest Internet worm. But learning how to quickly determine the authenticity of e-mail is important-especially if someone is abusing an open SMTP relay on your network.


Our Questions and Answers Section on Security and computing:


How Do I Detect Key-Loggers?

 

Reader Jimmy writes: My friend found out that there is an “eye icon” on the taskbar and we believe that someone may have put a spyware (bug) to find out what we are e-mailing to each other. Is this possible and how can we delete such a bug?

 

Answer:

Your description is consistent with a range of programs from key-loggers (programs that track every keystroke) to various malicious programs including an old version of the Navidad virus, which has a blue eye that gets added to your Systray (to the left of the clock on the bottom right corner of the screen).

The first step in determining what it may be is to float your mouse over the top of the icon to see if it gives you a description. If you can get anything to appear, try typing it exactly as you see it into Google with quotation marks around it (which tells Google to only bring back sites that have that exact phrase) to learn more about exactly what you may have installed in your system.

There are a host of key-logger programs that can be installed so that a record of everything you type (every word in every e-mail, every username/password in every secured Web site, every Web address, etc.) is sent via a silent e-mail to a remote e-mail address.

There is no shortage of this type of malicious code designed to help steal your identity, but many parental control programs also have a component of the system that is designed to use this process to help parents keep track of what their kids are doing online from a remote computer. Using a removal tool may disable this ability. The program may not be able to differentiate between your parental controls and a malicious key logger.

There are a number of ways that someone can install such a program onto your computer, but generally, they would need access to your computer. If they were trying to spy on you, however, they would generally do so without leaving such an obvious marker (the eye icon).

It's possible that you contracted a RAT (Remote Access Trojan) via an e-mail attachment (just another in a long list of reasons to be extremely suspicious of ANY e-mail file attachment), which could allow a remote user to access your computer or log all of your keystrokes.

Most anti-spyware programs such as Ad-Aware and Spybot Search and Destroy (both are free and available by visiting www.datadoctors.com/approved) can detect and remove commonly known key-logging programs.

Not every program that is capable of logging your keystrokes is detectable by traditional spyware detection programs, but since they all do create a log file there is a more fundamental way to see if anything is logging your activity.

Another free program called KL-Detector (also available at www.datadoctors.com/approved) is a simple program that, once installed, can monitor disk activity to see if a log file is created during a test session. (Be sure to follow the directions exactly or you may get a false positive!)

 

Identity theft has become such a big business on the Internet that large organized crime syndicates are now behind many of the attempts to compromise your personal information, so always pay attention to what you open or install on the Internet and keep all of your security software constantly updated!

 


Q: If I use a public terminal, is there any way to log in without fear of hidden keystroke loggers?
--Hunter  

A: Yes. You can avoid the keyboard altogether by using the Windows On-Screen Keyboard and your mouse. Click Start, All Programs, Accessories, then On-Screen Keyboard. Mouse over the login box, click it, then mouse over and click the individual keys you want to input. It's slow, but it's more secure. When you're done with the public terminal, be sure to clear the browser's cache and history, as well.


Identity Theft a Five Step Stop Plan

You'd almost have to live in a cave not to know about identity theft. It's in the news on a regular basis. In addition, you may have already been a victim -- or know someone who has been victimized.

Everyone also seems to be aware that electronic identity theft 

For the fifth year in a row, identity theft topped the list of complaints reported to the Federal Trade Commission in 2004, accounting for 39% of all complaints received annually by the FTC. It also tops our ScamBusters prediction list of the worst scams for 2005:

The consequences of becoming a victim of identity fraud include: having a scammer open up accounts in your name (and running up debts to those accounts), losing your job, being denied insurance, or even being arrested for crimes you didn't commit.

However, what you may NOT be aware of is that fully 50% of reported identity fraud is perpetrated by relatives, friends and neighbors, or acquaintances of the victim.

That's a truly amazing statistic. And whereas many people think that computer crimes account for most identity theft, computer crimes, in fact, only accounted for 11.6% of all identity theft where the cause was known in 2004.

According to a survey done by Javelin Strategy & Research, these 'close encounters' by friends and family are costing much more money -- and time to resolve -- than 'stranger' fraud would.

Here's an example: the median loss from phishing scams is $2,320. But when the identity theft is a result of fraud by family and friends, the median loss is $15,607!

So how do you decrease your chances of your identity being stolen by a neighbor or a nephew?

Here are 5 tips:

1. Don't give ANYONE access to your PIN #s.

2. Don't leave financial mail or statements lying around your house or your car -- you'd be appalled at how much information can be gleaned from your checkbook, bank statements, credit card account statements and tax records.

3. When you are discarding things, shred any personal documents that may contain personal or financial information.

4. As much as possible, sign up for electronic banking and account monitoring, and then review your accounts regularly. Any fraud will be detected sooner -- and more easily -- than if you wait for monthly mail.

5. Review your credit report, bank accounts and credit card bills frequently. Self detection is the best way to find out about identity fraud early.

For more tips on how to prevent and detect identity fraud, visit:


FBI Issues Warnings About New Computer Virus 

A new email that looks like it originates from the FBI with a virus attached surfaced last week.

The email notifies recipients that they have visited illegal Web sites, and then asks them to answer a set of questions that are supposedly in the attachment.

For example, one email says: "We have logged your IP address on more than 40 illegal Web sites. Important: Please answer our questions! The list of questions are (sic) attached."

Opening the attachment will infect PC computers with the Sober-K worm, which first appeared last week.

The major virus protection companies have definitions for this virus.

Actions: 1. Recognize that the FBI does not conduct business by notifying people they are a target or potential target of investigation by email.

2. Update and run your virus protection software.


Q: How do avoid becoming a victim of identity theft from the Internet?

A: Identity theft is a problem that has been around much longer than the Internet and is more of a problem offline than on. While the Internet can help criminals acquire the information they need to steal your identity, it is more often used to take advantage of victims once the critical information has been acquired.

A much more common method of getting information such as Social Security number, credit card numbers, or banking information is from your snail-mailbox, personal or business trash, and lost or stolen wallets. The classic dumpster diving (going through your trash) method of getting critical information is one of the most common, since it's easy and relatively safe for the criminal.

If you've ever thrown out a pre-approved credit card offer, old bank statement, old tax return, or any official form that contained personal information without first destroying it (ripping it in half won't cut it), then you are ripe for the taking.

A paper shredder is an absolute must in today's information age for both the office and home and should be used religiously. With a price tag of only $20 to $50 for a basic unit, it is the single most cost effective tool you can buy to fight identity theft.

Your physical mailbox is another easy target for thieves; if possible, make it difficult to get mail that has been deposited in your mailbox with a lock or some other security device.

If you suddenly notice that mail has stopped coming to you, it could be a sign that someone put in a change of address for you and is collecting all of your mail in order to carry out an identity theft.

When it comes to the Internet, there are a few simple rules that can help minimize your chances of identity theft:


Family Matters:
when it comes to keeping our children safe online

Kid-Safe Internet Access
One way to protect your kids from sites they shouldn't see is to restrict Internet access to the family computer, where you can see what they're up to. The real danger here isn't that your kids will go where they shouldn't -- it's that they'll type in the wrong URL and wind up at an adult site instead of their intended destination.
- Parenting of K-6 Children Guide Kimberly L. Keith

Sen. Clinton: Feds must help parents on video games
Hillary Clinton, a longtime critic of video games, calls on the government to do more to find out how electronic media harms kids.

Is tech injuring children?
Prolonged exposure to technology use by kids has many expecting a rash of new repetitive stress injuries.
C|Net | Read the story

When digital kids rule the classroom
Schools aim to turn children's predilection for technology into a learning opportunity for both student and teacher.
C|Net.com | Read the story

Kids outsmart Web filters
At schools around the country, tech-savvy teens are using proxy sites and software to get to prohibited Web destinations.
C|Net.com | Read the story


Going Phishing?
Hackers are!

Phishers come calling on VoIP
Cheaply available VoIP numbers and Net calling are helping crooks launch new scams aimed at pilfering sensitive information.

PayPal fixes phishing hole
A Web site flaw was being exploited in a scam to pilfer sensitive information from PayPal customers.

One phish, two phish
Robert Vamosi: Think you're too smart to fall for a phishing attack? You might be surprised by the results of a new survey which finds that the best fraudulent sites could still fool more than 90 percent of their highly educated participants.

Security Watch: One phish, two phish
Where you click and--more importantly--why you click remains largely up to you. But if you think you are too smart to fall for a phishing attack, you might be surprised by the results of a new survey by researchers at Harvard and the University of California at Berkeley who found that the best fraudulent sites could still fool more than 90 percent of the survey's highly educated participants.
Click Here for to read the full Story from C|Net

See also: Download: Use this contact list to report phishing incidents
Fight back against phishers by reporting their activities. This list includes contact information for 50 banks, brokerages, Web sites, and online payment systems typically used in phishing exploits.

Phishers try a phone hook
In a new twist, fraudsters are combining e-mail and spoofed phone systems to try to con people into handing over their details.
C|Net  | Read the story

Season over for 'phishing'?
President Bush has signed into law a bill that mandates minimum sentences for ID fraudsters, including Net-reliant "phishers."

See also:
Neighborhood watch for phishing launches
A search is on for volunteers to handle reports of suspected online scams and to help take down fraudulent Web sites.

Why is Microsoft chasing phishers?
Richard Stiennon: I applaud any effort to prosecute these cyberjerks, but banks should be deploying more immediate defenses.
READ FULL STORY | ZdNet.com

Internet Explorer 7 anti-phishing tech: Work-in-Progress
Microsoft to fight phishers in Europe

Harm on the Pharm
Phishing vs. pharmingPhishing vs. pharming
Phishing involves the receipt of an e-mail message that appears to come from a legitimate enterprise. Pharming attacks compromise at the DNS server level, re-directing you to a hacker's site when you type in a company's Web address.