How secure is your e-mail password?

Hello all!  After a lengthy absence from these pages, I have returned.  It is my goal to provide some helpful information to you at least weekly, and to try to keep you abreast of any current threats or trends of which you need to be aware.

In that vein, let’s talk about the security of your personal e-mail accounts. Most people now have personal as well as business e-mail accounts.  Sites like Yahoo, GMail,, Hotmail, AOL, etc all offer free e-mail with lots of storage space.  It make it easy to keep touch with friends and family, get notifications from your bank or online vendors, etc.  But have you ever thought about the amount of personal information someone could obtain from you e-mail account? Continue reading

The cobbler’s children have no shoes…

How many of you have heard the phrase used in the title?  Essentially, it refers to a professional being so busy with work that their own family lacks the very services they provide to others.

I had occasion to reflect on this statement as I worked on my wife’s laptop this weekend.  Yes, I am ashamed to admit that my own wife’s computer was infected with malware!  You would think a computer security professional’s computers would be safe, right?

Continue reading

Protect your financial information: Use a Live CD for banking and shopping

Today’s topic may be a little technical for the average user, but I’ll try to make it easy for even non-technical users to follow.  If you read this article and are interested, but don’t understand something, feel free to post a comment and I’ll try to help.

So we have talked about a number of ways to protect your personal and financial information, mostly in the context of a Microsoft Windows environment.  But there is another way to make sure that you don’t have Trojans stealing your information when you are banking or doing online shopping – don’t use Windows!  No, I’m not suggesting that you go out and buy a Mac, or that you install another operating system.  I’m suggesting you use a Live CD when you do any financial transactions.

Continue reading

Windows 7 developing a reputation for security

Well, it is almost time for “patch Tuesday”.  On the 2nd Tuesday of every month, Microsoft releases updates and patches for its operating systems (OS) and applications. In particular, this is the day each month that MS patches the critical security flaws that have been discovered in the preceding months.  When previous OS versions have been released, such as XP and Vista, the first few months saw a flurry of critical updates as holes were discovered and patched.

Looking at the advance notification of what is to be released next Tuesday, there appears to be only one patch affecting Windows 7.  Actually, the patch is for Internet Explorer 8, but the vulnerability affects all version of the OS running IE8, including Windows 7. 

With the discovery last month of a flaw that could allow an attack that could cause the system to “blue screen”, this is only the 2nd critical update for Windows 7.  From a security standpoint, that is unprecedented for a Microsoft OS.  It appears that Microsoft gave more than lip service to the focus on delivering a more stable and secure platform this time.  And speaking for myself, I find Windows 7 much easier and more enjoyable to use than Vista ever was. 

So if you are considering buying a new PC for Christmas, and you are worried about Windows 7 being fairly new, my advice is – don’t worry.  From all evidence so far, it is much superior to Vista, and should provide you with a good computing experience. 

(Of course, you should always keep your system updated with the latest patches as they are released.)

Happy Cyber Monday!

So how many of you knew there was such a thing as Cyber Monday? An invention of the National Retail Federation, Cyber Monday is the Monday following Black Friday. Just as Black Friday features all kinds of sales and promotions in the stores, Cyber Monday features sales and promotions by online retailers.

You can be sure that scammers, cyber criminals and identity thieves are ready to take advantage of people going online to search for bargains.  So let’s review a few online safety tips before venturing out on a virtual shopping trip.

Continue reading

New phishing scam:”Watch for errors on Social Security statement”

A new phishing scam is showing up and being caught by the district’s spam filters.  Please be wary of these scams in your personal e-mail accounts.


The scam comes posing as a message ostensibly from the Social Security Administration:

From: []*
Sent: Mon 11/23/2009 5:28 PM
To: [Name Deleted]
Subject: Watch for errors on Social Security statement

Due to possible calculation errors, your annual Social Security statement may contain errors.

Use the link below to review your annual Social Security statement:

This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.

If you click on the link, it takes you to a page that requests you “verify” your personal information, including your Social Security number. If you are foolish enough to do so, the site will say that it is generating a report on your account status.  You will then be asked to download a file called “statement.exe”, which is presented as a self-extracting ZIP archive.  In reality it is a Trojan called Zeus that will steal any banking information on your computer and turn your machine into a “zombie”, part of a bot-net controlled by criminals without your knowledge.

Pleast note a couple of characteristics of this phishing message.  First, the sender could be from any number of domains, but it will NOT be from “”, the domain of the Social Security Administration.

Second, if you hover your mouse over the link, you will see that the domain address of the link STARTS with “”.Sounds official, right?  But remember that the true domain of a web URL is the last two components of the URL before the first “/”.  For example, in the address “”, the domain is “”.  Looking more closely at the URL from the phishing e-mail I examined, the URL was “”. So the actual domain this URL is directed to is “”, which is located somewhere in Belarus. The scammers added the “” to the beginning of the URL to fool the unwary.

Finally, remember that agencies like the Social Security Administration will neve ask for your information in this manner.  If you receive e-mails like this and are concerned, go to the phone book and look up the number of the agency in question and call them. 

Happy Thanksgiving!

Defending your home computer, part 4: Closing the holes in your Windows

Okay, I admit it. Microsoft’s reputation for security sucks.  Whether it is caused by rushing their products to market, poor programing practices or because Microsoft’s dominant position in the market make it the primary target of malware authors, Windows has been full of holes. 

Of course, it has come a long way from Windows 98, which had no security to speak of.  Since that time, Microsoft has made a continuing effort to improve, with mixed success.  Some “improvements”, such as Vista’s implementation of User Account Control (UAC) were so frustrating to users that they turned it off rather than deal with it.  With Windows 7, they seem to have made some significant strides.  In fact, the first patch Tuesday after the release of Windows 7 contained no critical security updates – a first for a new Microsoft OS.

Nevertheless, even if Windows 7 proves to be much more secure than previous Windows versions, there are still holes that need to be closed.  Some holes, such as bugs in the code, must be closed by installing patches and updates.  Others have to be closed through proper configuration and good account management.

Continue reading

Defending your home computer, part 3: One size doest NOT fit all

Trying to select a single security product to meet all of your needs generally doesn’t work well for the home user.  Today we will take a look at the various security  features needed, and take a look at some free or low-cost options to meet those needs.

Yesterday’s post dealt with some behavioral changes you can make to minimize your exposure to malware.  Today, we will get back on the topic of a layered defense, and discuss some of the layers involving security apps to protect against various types of threats.  As you will see, the threats are so diverse that one product can hardly hope to meet all of the needs, especially in the consumer market.  You want to make sure your computers are protected against malware, spyware, intrusion (hacking) and against access to inappropriate or harmful web sites.

Continue reading

Defending your home computer, part 2: Know who’s knocking before you open the door

Locking the doors and windows does little good if you allow the open the door without knowing who is coming in.

To continue a bit with the home security metaphor from yesterday, the best locks in the world cannot protect your belongings if you invite the thief into your home. For that reason, most of us have peepholes or windows that we can look out before we open the doors.  If it is someone we don’t know, someone that looks suspicious, we may not open the door.  We certainly would not invite them in. We would want to know who they are and what their intentions were before we would trust them in that way.

In the area of computer security, however, we often allow access to our computers to unknown intruders all of the time.  These intruders can take the form of viruses, Trojans, worms, spyware, adware, bots and other forms of malware.  And while these intruders can sometimes make their way in despite all of our defenses, all too often we allow them in through the front door by our own actions.

So what are the actions we take to invite these unwanted guests into our computers?  And how do we change our habits to deny them access?

Continue reading

Defending your home computer, part 1: Locking the front door

What constitutes a “well-defended” home computer?  As with any system, relying on a single form of defense is an invitation to disaster.  A good computer security system relies on a layered approach, called in the business a “defense in depth” strategy.  Implementing such a strategy does not have to  be complicated or expensive. Over the next several days. I am going to discuss several aspects of a “defense in depth” strategy that you can easily implement at h0me with little cost and a little effort.

Mention the topic of computer security to the average home user, and their eyes begin to glaze over.  It is a subject that you hear a lot about, but it is hard for the typical home user to relate.  Usually, they bought a new PC that had a trial version of an anti-virus product installed, and that’s good enough for them.  They may have actually purchased a subscription to the AV product on their system, at least for the first year.  But that is often the extent of their attempts to secure their computer and data.  Unless they or someone they know has been hacked or had their identity stolen, security is just not on their radar.

This is unfortunate, because it really doesn’t take a lot of effort to make your system an unattractive target to a hacker or identity thief. In general, these criminals deal in a volume business – they hit thousands, even millions of systems at a time.  They only need to succeed in about 0.5% of the attempts in order for it to be profitable to them.  Unless you are a bank, big retailer or credit card company, they don’t have the time or the inclination to try attack a well-defended system.  They will just move on to the next system, looking for easier pickings.

Continue reading