You know how I preach about passwords? Well, here’s a password joke:
During a recent password audit at Bank Of Ireland it was found that Paddy O’Toole was using the following password:
MickeyMinniePlutoHueyLouieDeweyDonaldGoofyBerlin
When asked why he had such a long password he replied: “Oi was told it had to be at least 8 characters long and include one capital!”
Cheers!
The Geek
P.S. See the post below this one to get your Geek Toolkit!
The holidays are behind us and I want to wish everyone a
Happy and Prosperous New Year and extend my thanks once again to
everyone who made their generous donations during the Holiday
Giveaway. If you donated, your gift is on the way to you via USPS
First Class mail.
I’ve received a few inquiries from people who missed the opportunity
to take advantage of the Holiday Giveaway for various reasons. They
wanted to know if I would still give them the gift if they donated
now, even though the deadline has passed. I would love to be able to do
it, but I promised I wouldn’t make the same offer again.
However, I am making the Geek Toolkit available to my Ask the Geek readers via secure download for $37. You won’t have to wait for the mail to arrive; you can download and begin using the toolkit immediately. As soon as I receive notice of your payment, I will send you a link to download the password protected archive. Click here to get your Geek Toolkit
The Geek Toolkit is loaded with literally hundreds of security,
system maintenance and productivity tools that have been part of my Geek arsenal for more than five years. All of them are safe, proven, and
malware-free. It would literally take you hundreds of hours to research and compile this collection on your own. Here’s just a few of the categories in the kit:
-Web Servers
-Useful Utilities
-Spyware Killers
-Security
-Disk Tools
-Disaster Recovery Info
…and 11 more.
This newly updated toolkit will save you time and money and make
your life easier and more productive in several ways. Here’s that link again: Click here to get your Geek Toolkit
Remember, you won’t have to wait for the mail to arrive. As soon as
I receive notice of your payment, I will send you a link to download the
password protected archive.
Get your Geek Toolkit today!
Cheers!
Ken “The Geek” Harthun
P.S. If you really, really want to have the Geek Toolkit on a 2GB
flash drive, click here.
P.P.S. If you’re not completely satisfied, I’ll happily refund your
money.
P.P.P.S. No affiliate links here. This is my own compilation, so you’re dealing directly with me.
I want to take this opportunity to thank you once again for your generous support of Ask the Geek in 2009 and wish you a very Happy and Prosperous New Year.
Cheers!
The Geek
First of all, I want to wish you and yours a Merry Christmas and a Happy Holiday season. I also want to thank you for being a loyal Ask the Geek subscriber. I hope you continue to find the site useful. You’ll be happy to know that in 2010, I’ll be making some major improvements to both the layout and the content, so stay tuned.
As you know, I cover all the costs to bring you Ask the Geek. My hosting, domain names and my mailing list management services aren’t free. Your generous donations have kept me going for the better part of five years and for that I am truly thankful. So, I want to give you a special opportunity.
Everyone who makes a donation of $20 or more to Ask the Geek between now and December 31st, 2009 will receive a 2GB flash drive loaded with literally hundreds of security, system maintenance and productivity tools that have been part of my Geek arsenal for more than five years. All of them are safe, proven, and malware-free. It would literally take you hundreds of hours to research and compile this collection on your own and I won’t be making this offer again, so jump on board while you can. Just hit that “Donate” button over there to the right and follow the instructions.
And don’t forget, “14 Golden Rules of Computer Security” will be released in January and will be free to my subscribers, so be sure to sign up to my list, whether or not you decide to donate.
Again, Happy Holidays and best wishes for a Safe, Happy and Prosperous New Year!
Cheers!
Ken “The Geek” Harthun
It isn’t getting any better on the Wild, Wild Web, despite state and federal government attempts to arrest and prosecute those responsible for electronically-perpetrated criminal acts. Spyware and malware of all kinds are increasingly more stealthy and difficult to remove thanks to rootkit technology. With the advent of Web 2.0 and its emphasis on sharing and collaboration through such social networking websites and services as Twitter, Facebook, MySpace, and the like, web-based attacks are more prevalent than ever. These sites are based on active, dynamic content and rely on special programs that run in your web browser to perform their magic. These programs can be modified by malicious hackers to steal your passwords, bank account information and virtually anything stored on your computer.
New laws have done little to deter or eliminate spammers, largely because many of them aren’t located in the United States. Despite the few high profile cases in the news, the truth is that few spammers are ever caught. Considering studies that show some spam campaigns can produce as much as $3.5 million in a year, it’s easy to see why today the spam problem is worse than ever–some estimates place the amount of spam email at 80% to 90% of all emails sent.
These days, everyone is at risk of falling victim to cyber-crime, even those of us who know and practice computer security on a daily basis. The average person who goes to the local big box electronics store and buys a PC or laptop for use at home is often lulled into a false sense of security because their purchase is bundled with some “security suite” by some big-name company. They go home, take everything out of the box, plug it all in and usually end up getting infected with all kinds of nasty things in very short order.
I put this book together in hopes that it will make a difference, however small, in how people look at computing and the Internet. Maybe it will save someone from the hardships of financial loss caused by using a compromised PC to access their bank and credit card accounts. Maybe it will save someone from having to pay a big bill to a technician to clean up a severely infected computer. Maybe, just maybe, it will help take some of the profit out of spam and malware. One can always hope.
At the very least, I hope that you, Dear Reader, find this information useful and that it helps make your computing experience more enjoyable.
Ken Harthun
Note: Any discussion of security, cyber- or otherwise, must be based on the concept of a security baseline—the bare security essentials without which all else is futile. The articles that follow assume that a good baseline already exists, whether the computer is just out of the box, or has been running for awhile What’s a good PC security baseline? I propose these four bare security essentials: “…a NAT router; a good antivirus program; a good anti-malware program; and, a good software firewall.” These days antivirus, antimalware and a software firewall are usually combined into a single suite. I choose to align with Windows Secrets’ Security Baseline page: “…a hardware firewall that’s built into your [NAT] router, security software that guards against all types of malware threats, a software-update service to ensure that your applications are patched against the latest exploits, and a secure browser.”–KH
I reported on Panda Cloud Antivirus back in June and July in my Security Corner posts, Panda’s Cloud Antivirus (Beta) is a Winner! and Panda’s CloudAntivirus Update.
I tested Panda Cloud Antivirus extensively on my systems while it was in beta and only recently switched to Microsoft Security Essentials (MSE) for evaluation. Today, I’ll switch back to Panda on my older, slower system to compare performance of each one. I have noticed a slight performance degradation with MSE that was all but non-existent with Panda. Now that Panda Cloud Antivirus is out of beta, I can make a fair comparison which I will report on later. Check out the full report in this Security Corner post.
“Although not so well know in some parts of the world, Bullguard Internet Security is a top level security suite from Denmark. With firewall technology licensed from Agnitum (Outpost) and anti-malware components from BitDefender you will appreciate the pedigree of this software. One of the product’s most interesting features is the way support is provided. Bullguard support staff can be contacted directly from the GUI and response times are reputed to be amongst the fastest in the industry.
“The vendors are generously offering a full 12 month licence for Bullguard Internet Security free for all Gizmo’s Freeware visitors for two days only commencing at 00.01 PST on Thursday 5th November and closing at 23.59 PST on Friday 6th November 2009. This offer comes with full support from Bullguard.”
Click here to get it: http://www.techsupportalert.com/content/get-top-rated-bullguard-internet-security-suite-free.htm
Cheers!
The Geek
Let me introduce a very special guest blogger, Mr. Paul Shirey. Paul is a young man (13 years old) who definitely has a handle on what this Internet thing is all about. In fact, given that people of his generation have this kind of savvy, I think there’s hope that the Internet will evolve from it’s current state of “Wild, Wild, Web” into something more akin to a world wide communications and information portal that is safe for everyone to use. It’s quite possible that you’ll be hearing more from this young man as a future mover and shaker.
You can contact Paul through his website at http://www.teenradiojourney.com or you can leave a comment here. Here’s his article.
——————————————–
In the digital age, most of us, if not all, depend on the Internet to get us through the day: some jobs are even 100% online. Well, sometimes the Internet isn’t all that great, and might be infected with malicious files. Luckily, there are ways you can defend yourself against the Internet terrorists of the digital age.
Online Accounts
The number of online accounts you have can really affect the chances of your accounts being hacked and your identity stolen. The more accounts you have, the more at risk you are. If someone steals your identity and commits a crime in your name, it is possible that you could be the one that ends up behind bars, and none of us want that to happen.
There is a simple way to keep your online accounts secure–don’t use the same password for every online account you have. Imagine this: One day your computer gets infected with malware called a keylogger. Keyloggers record everything you type on your computer. If the hacker behind the malware can find out one of your online passwords before you get the malware removed, that person would have access to all of your online accounts because you used the same password for every account.
Though using the same password for every account you create can be helpful for you (because you won’t have to remember what the password is for every account), it is a serious security threat. There are some very simple ways you can stop this bad habit.
1. If you don’t have a lot of online accounts, use a series of passwords and rotate them between accounts. This way it would be harder for someone to hack into your accounts, and your account could even be temporarily suspended from too many log in attempts.
2. Using a password keeper is an excellent way to create multiple passwords, and most of them have password generators built into them. Even though it might be a little bit annoying to have to copy and paste passwords all the time to log in, it could really be a life saver. You wouldn’t necessarily have to create a generated password for all of your accounts, just the ones you couldn’t afford to get hacked like your bank account or PayPal account. You can download a free password keeper by going here http://keepass.info/. This password keeper can even go onto a USB stick.
Spam
Spam is another way internet hackers gain control of people’s computers and lives. There are some very simple ways you can tell if an email message is spam.
· Contains mostly links and is in plain text.
· Comes from a free email service like Gmail or Yahoo
· Your email client tells you that it is spam
Spam can be very hard to filter out; some spam may even make it through the spam filter. One example of spam that is very tempting is emails that say that you have one a large amount of money. If the email is in plain text and the email address is from a free email service like Gmail or Yahoo, its spam. Delete it and forget it.
If your email client tells you it is spam there is a very small chance that it might not be spam, if you are at a business building using business email, chances are that a lot of non spam emails go to spam due to high filtering settings. You do however need to be able to tell spam from non-spam.
Password Changes
Sites like eBay or PayPal that are heavily encrypted send you an email when your password is changed, even if you were the one that changed it they will still send you an email for security reasons. If you do get one of these emails and you didn’t change the passwoord, you need to contact them immediately.
Imagine that you are opening the door of your house to go inside after a long day at work, but you forget to disarm your security system. The alarm will go off and the alarm company will call you. You tell them that it was only a false alarm and give them your pin number for the alarm system, and they reset the alarms.
So, going back to the site, the alarm going off when you enter your house is just like you changing your password on a highly encrypted site. The website will contact you just as the alarm company would, except with the website, you usually don’t need to tell them if you changed it or not.
Free Items
Have you ever seen those ads on websites telling you to click to win a free item of high value like a MacBook Air ™ or an expensive car? Well to tell you the truth the website that you clicked on that ad from is just trying to make money, because advertising is how most free websites run. However, that form you will out to get the free item is just collecting your personal information, and you could start receiving tons of spam in the snail mail.
Online Shopping
Another way hackers can attack computers is through online shopping. My rule is the site either has to be approved by internet security companies like McAfee, or use PayPal for orders. I usually will only shop at an online shop if they use PayPal because the only information the store will see when you pay with PayPal is your Name and/or email. That’s a lot better than giving them your credit card number.
The best thing you can do to defend yourself while shopping online is by making sure the shopping website you are buying from is secure. Though eBay and Amazon are very secure, if they were to get hacked it is likely that websites like these would shut down part of their system temporarily until they are sure that the problem is fixed.
Downloads
Downloads can be handy, but if you download multiple programs every day, you could be even more prone to getting a virus. You need to be extremely careful when downloading files from file sharing sites, unless you truly know the person that is hosting them, or were redirected by a software company that you trust.
Sum it up
The key to internet safety is this: if a website or email doesn’t look safe, either don’t go to it, or do searches on it to see if it is safe. Don’t just look at one search result; look at multiple ones so you are sure that the website is secure. There is a neat little antivirus programs that can keep you safe on the internet, and will even warn you if you try to open an infected webpage or email, and then clean any infected files. You can download this antivirus program by going to http://www.avast.com/. If you already have an antivirus program you trust go ahead and download McAfee Site Advisor http://www.siteadvisor.com/.
Whether you like it or not, you need an antivirus program, it might make your PC a bit slow(er) but it is worth it, you never know when your computer could be threatened in an internet infection.
Paul Shirey
Picture this: Someone tries to steal your laptop off your desk and as soon as they pull the plug from the wall, your latpop emits a screaming siren that won’t quit until your password is entered to unlock the laptop and disable the alarm.There’s another scenario: You take one of your old USB thumb drives (maybe the one you used to make an anti virus bootable scanner) attach a chain to it and secure it to your desk; if someone tries to move your laptop, unplugging the USB thumb drive in the process, the alarm goes off.
This is possible because of an interesting piece of software called “LAlarm.” It’s free for personal use and there’s a nominal fee for commercial use. Download LAlarm from this link: http://www.lalarm.com/en/index.htm.
I tested this software by installing it on my Dell laptop. It works. You simply install the software, configure the options you want and restart your laptop. To set the alarm, you just press Windows key + L to lock the workstation. If anyone pulls the plug or removes the thumb drive, the alarm sounds.
There’s much more to the software than just an alarm. You can set the software to destroy your data in selected folders in the event of a theft. You can also set zones based on IP addresses and cause an alarm to sound if the IP address changes.
The theft alarm is not affected by the system volume control setting–it’s screaming loud no matter how you have your volume set.
It’s a very cool tool.
What’s a ROBAM? you ask. Check out this post: Protecting Your Business from Online Banking Fraud. SANS says, “The number one recommended mitigation [to online banking fraud caused by infostealer infections] is to use a read-only bootable alternative media (ROBAM) as an isolated environment for financial transactions.”
You can use a USB thumb drive instead of a CD if you do the following:
1. Download your alternative Linux OS choice (I prefer Ubuntu or Knoppix) in .iso format
2. Download UNetbootin from http://unetbootin.sourceforge.net/
3. Create a bootable USB thumb drive using UNetbootin
4. Set the properties of the drive to “read only”
This should have the same effect as using a Linux live CD.
I haven’t tried this, so comments welcome.
