I found a great article about passwords written by Rick Broida at PCWorld. This is a must read for everyone.

Read Complete Article Now

There is a silver lining in the free software market.  It’s called Open Source software.  There is a great explanation here if you would like to read more about Open Source.  Suffice it to say there is a great deal of Open Source software available.  Most Open Source software will have a free version that can be used for personal use. Some restrict commercial use and have a paid version available.  Read the copyright carefully before using Open Source in your business.

One of my favorite Open Source programs is Open Office.  Open Office is a suite of programs similar to Microsoft Office.  It comes with a word processor, spreadsheet, a presentation program, a database, and a drawing program.  It’s Microsoft Office compatible and free for all to use.  These are two of my favorite features.

I have recently updated my Free Downloads page where you will find links to some of my favorite Open Source software.

Be very careful what you download.  Search the internet for issues that other may have experienced. When in doubt just leave it alone.

These days the volume of Spam email is a significant portion of the email distributed online. These Spam emails consist mainly of people trying to promote products using your unsolicited email address as a sales tool but even more sinister people trying to defraud you of money. This is done via a series of emails designed to spoof you into entering key financial information and is growing in frequency all the time.

These emails are referred to as Phishing emails likened to catching a fish where you throw in the rod looking for a bite, in this case entering account numbers and passwords. This identity fraud can ruin you financially and can take you months or years to first prove you were not responsible and to try and recover some of the money stolen from you.

Legally your financial institution is not obliged to return any moneys to you as a victim of online fraud. Their terms and conditions usually state quite clearly that it is your responsibility to maintain the integrity of your username/account numbers as well as any password or pin numbers. So whilst online banking is very convenient the responsibility clearly sits with you in regards to security and privacy of your information.

These phishing emails are designed to collect your financial information and usually do so by copying the websites of your financial institution and pretending that you need to update your username, password, address etc. These sites are so convincing that it only takes a moments lapse in concentration to compromise your security and privacy. Your bank or financial institution would never ask you to update information via email. If you need to carry out a financial transaction do so by going directly to the website and not clicking on any email links.

So how can you prevent being tricked by these phishing emails ? Firstly if the email looks unprofessional with poor spelling and grammar you can assume it is Spam and delete the email. If it is a professional looking email with company logos and colors there is actually a simple way to check if the email you received is legitimate. Most email these days is delivered in HTML format which gives you richer emails with text and graphics.

Move the mouse over one of the hyperlinks and in the status bar of the browser or email client you will see the domain the link is really going to take you. If this is not the domain of your financial institution it’s Spam and delete the email. If it does match the correct domain complete a further check as follows. Somewhere in your email client or browser you should see a ‘View Source’ option. Select that and you will see the HTML code that composes the email.

Look for the link and make sure the address in the ‘href’ tag is a legitimate domain for your financial institution. Again remember emails from your financial institution you should click on are generally marketing, sales or new product information emails. Make sure you have anti-virus and anti-spyware applications installed on your computer to make sure you do not have spyware or malware that could be recording your account numbers and passwords.

Article Source: http://www.articlesbase.com/security-articles/how-to-avoid-being-defrauded-by-phishing-emails-1515749.html

About the Author:

Joey Vella is an IT Consultant with over 20 years of IT and Project experience. Specialising in Windows platforms and system configurations. Joey consults to a number of companies including PCWinTools.com

If you’re connected to the Internet (especially with an “always on” connection such as cable or DSL), you’re at risk for intrusion from hackers or with infection from a virus or spyware. This can happen without your knowledge. You can be browsing, logging on and off various web sites, etc., and be compromised. However, you can protect yourself from this type of intrusion by following a few simple steps.

1.. Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.

2.. Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
3.. Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.

4.. Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.

5.. Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.

6.. Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.

7.. If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

8.. Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.

9.. Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.

10.. Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

When it comes to doing business online, security is a two-way street. Safe online transactions demand smart behavior on the part of consumers and proactive security policies and procedures on the part of Web sites.

Businesses that sell goods or services online also have a responsibility to keep their transactions secure and private. And the more sites know about current e-commerce security threats, the better job they can do at protecting their transactions. Your browser should comply with industry security standards, such as SSL Certificate. SSL(Secure Socket Layer) is a security Protocol.

Article Source: http://www.articlesbase.com/security-articles/10-points-to-keep-your-network-secure-and-safe-from-hackers-and-viruses-1458210.html

About the Author:

Nill Smith is a contributing author for ClickSSL.com, a website that provides discount offers on SSL Certificates from our websites online. If you are searching great offers and discounts for buy ssl certificates. Author can offer branded SSL Certificates at affordable price.

The marketing hype from publishers of anti-virus and anti-spyware software might lead you to believe that do-it-yourself virus removal is simply a matter of installing the right product. However, if you don’t know what you’re doing, your attempts to clean a virus from your computer may be a complete waste of time, or worse yet — cause more problems than you had before you started on your PC virus removal endeavors. Especially if you have contracted a newer virus, or one that only has homegrown tips on how to remove that virus or bug, you run into the real possibility of damaging your computer or losing some, or all of, your important files.

Missing the target – About 600 new viruses and other types of malware are discovered every month. It’s nearly impossible for off-the-shelf anti-virus software to stay in front of that tidal wave, and the shareware products that abound on the internet are usually months out of date. Thus, your software may give you a clean bill of health when in fact your computer is still infected, and spreading the infection undetected, in the background.

Catching it again – An increasing number of viruses are designed to survive detection and removal, by reinstalling themselves every time you start your computer. Most hard-drive based anti-virus programs are powerless against these kinds of viruses, because the viruses load before the anti-virus software gets a chance to. Your computer might be “clean” when you finish your virus removal, only to be re-infected the next time you boot up.

Losing the baby, keeping the bathwater – Some types of “malware” — such as adware — are actually components of freely distributed software programs, which won’t run without them. And an aggressive anti-virus program can often give “false positives”, identifying harmless program components as lethal viruses. If you automatically delete or quarantine them, programs you were counting on may stop working.

Winning the battle, losing the war – Some anti-virus spyware is so aggressive it can use a significant amount of your computer’s memory. Thus, causing your computer to slow to a crawl or interfere with the installation of legitimate software or even day-to-day usage of your PC. With performance degradation like that, who needs a virus?

The hard fact is that virus programmers are much, much more computer savvy than most users. To clean your computer safely, it’s best to turn to a trained professional with high-end tools and the knowledge to be able to tell what’s really a threat and what’s a necessary file.

Article Source: http://www.articlesbase.com/security-articles/dangers-of-diy-computer-virus-removal-1397433.html

About the Author:

CPS provides professional PC virus removal for Brighton, Howell, Hamburg, Pinckney, and all of Livingston County, Michigan.

You hear and see more and more of it. Huge internationally, renown websites fall victim to distributing malware to their visitors via malicious advertisements. Currently it’s the #1 way to distribute malware and not a lot can really be done about it. Here are the 2 most popular ways malicious ads can ruin your online reputation with your users and search engines:

Method 1:

1. A person or group contacts you (or your advertising dept) and buys ad space.

2. Your advertising dept receives a flash advertisement that looks perfectly safe and harmless.

3. The ad is approved.

4. Later that day a script is triggered in the flash animation to automatically download a malicious .exe (like fake-av.exe) as soon as the user (like mom or pop) visits the web site. In some instances users may be redirected to a site that loads a barrage of exploits against the users PC. This is far worse than 1 malicious .exe of course.

5. The site administrator may or may not be alerted quickly to the site hijacking.

6. All it takes is just a few seconds or minutes to infect thousands of visitors.

7. The malicious ad is removed, but it way too late.

Obviously the easiest way to defend against this type of hijacking is just to say no to any scripted advertisements. This will cut down on maliciously scripted ads, however it also cuts down on good advertisers willing to pay good money for ad space. It’s a tough choice.

Method 2 – this is nearly impossible to deal with…

1. A person or group contacts you (or your advertising dept) and buys ad space.

2. Your advertising dept receives a flash advertisement that looks perfectly safe and harmless.

3. The ad is approved.

4. Later that day the landing page for the ad is switched to a malicious landing page.

5. When a visitor clicks the ad they may now be subjected to whatever is on the new malicious landing page.

6. Again, the website administrator may or may not be alerted to the malicious ad in a timely manner.

7. The malicious ad is removed, but it way too late.

Keep in mind that I’ve only discussed 2 ways malicious ads can ruin your online reputation. They are many more.

Article Source: http://www.articlesbase.com/security-articles/how-a-legit-website-starts-distributing-malware-1399154.html

About the Author:

For other tips on protecting your website stop by my blog at remove-malware.com. I also have another blog I’m working on that centers on netbook comparisons and netbook windows 7.

Example 1
Dear user of the your_domain.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (user@your_domain.com) settings were changed. In order to apply the new set of settings click on the following link:

http://your_domain.com/owa/service_directory/settings.php?email=user@your_domain.com&from=your_domain.com&fromname=user

Best regards, your_domain.com Technical Support.

Example 2
Notice of Under Reported Income
Taxpayer ID: frankjames-00000123456789US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):

review tax statement for taxpayer id: frankjames-00000123456789US

Internal Revenue Service

Example 3
You may recieve a email from your bank or other financial institution wanting you to verify your account information for whatever reason. THIS IS ALWAYS AN ATTEMPT TO OBTAIN YOUR ACCOUNT INFORMATION!   DON’T DO IT! Your bank or other financial institution will never request this information from you through an email.   If in doubt call your bank.  Never trust any phone number listed in the email.   Use your latest bank statement or the phone book to find the phone number.

Example 4
You should never recieve an email from yourself.  This is one of the many ways spammers use to fool your email system in to thinking it’s a valid email.

Here are a few simple steps you can use to help protect yourself.

• If in doubt JUST DELETE THE EMAIL!
• Ensure your anti-virus software is up-to-date.
• If you get a lot of email from friends and family then ask them to put a secret code in the subject line.  For example “Pictures from Mike’s Birthday Party – 7654″ Only you know this code so it should be a valid email. A spambot will not know about the code.
• If you think it might be legitamate then Google it. I’m sure someone has ran in to the same email and will have some insite on it’s legitimacy.

• If it’s from an institution that you do business with then call them.   Be sure to use a phone number listed on a current statement or the phone book.
• Never send user ID’s or passwords to anyone through email.  Email is not secure!

Be Safe!

In Passwords Part I: Why Do We Need Them? we discussed the importance of using strong passwords. In this article, we’ll describe strong passwords and how to create them.

So, what makes a password weak or strong…aren’t they all the same? Well, no…they aren’t the same, especially to hackers and their password-breaking programs as mentioned in Part I. Essentially what makes a password strong is its length in characters and the combination of capital and lower case letters, numbers and symbols. You see, a strong password should resemble a string of random characters to a hacker. Let’s take these characteristics one at a time.

The longer the password the stronger it is. Your password should be at least 8 characters in length and the more characters you add, the stronger it will be. Fourteen characters or more is ideal. I know…right about now you’re saying, “I have a hard time remembering my cell phone number; how am I going to remember a password with all these characters?” Settle down, don’t get all puffy faced…I’ll tell you how to create and remember the strongest passwords.

One good technique is to think of a phrase that you can remember; such as “strong passwords” (please don’t use this or any example as your real password). The password would look like “strongpasswords”, a weak password, by the way, according to Microsoft’s really sweet Password Checker found at http://www.microsoft.com/protect/fraud/passwords/checker.aspx . Now let’s make it stronger by using capitals and substituting numbers for look-alike letters and adding a special character such as “Str0ngP455w0rd5!” rated as “best strength”.

We obtained the “best strength” level by mixing up the types of characters. For instance, capitalizing some letters and not others has helped. A password with greater than 8 characters helps. Using numbers and symbols will also strengthen it. Note that the letter O was replaced with zeros, the letter A was replaced by the number four, and the letter S was replaced by the number five. Then we added an exclamation point character at the end.

Remember, the more variety of characters in your password, the harder it is for hackers to guess. I’ve always been one that follows the Keep It Simple Stupid (KISS) principal, but this is one time complexity is a very good thing. Trust me on this.

Article Source: http://www.articlesbase.com/security-articles/passwords-part-ii-what-are-strong-passwords-anyway-1296232.html

About the Author:

Paul Lubic is a seasoned IT guy who’s used computers at home for more years than he’d care to say. His objective is to use this article and his blog site to pass on lots of valuable information that you can use in your home computing endeavors. Check back often to see what he’s up to at Paul’s Home Computing Blog at http://www.paulshomecomputingblog.wordpress.com.

Remember, home computing is a blast…keep it productive and enjoyable.
Paul E. Lubic, Jr.
paulshomecomputing@yahoo.com