This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions..

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions..

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions..

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions..

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions..

Thursday, October 15, 2009

Computer Networking Tutorial

1 - Introduction to Networking



2 - Networking Basics



3 - Network Topology



4 - OSI Model Physical Layer



5 - OSI Model Data Link Layer



6 - OSI Model Network and Transport Layer

OSI Reference Model

7 Layers OSI Model
Below is another video that give you more information about 7 Layers of OSI Network Model on Cisco Systems. The Understanding the OSI Reference Model by Cisco Systems was presented by Eric Jefferson who did a great job of explaining the 7 Layers OSI Model.


OSI Network Layer

7 Layers OSI Model
OSI (Open Systems Interconnection) Network Layer
Open Systems Interconnection (OSI)Model was developed and defined by the International Standards Organization (ISO). This model was created to define functional communications system in terms of abstraction layers. This reference model is widely used by equipment manufacturers to assure their products inter-operate with products from other vendors.

There are 7 layers all together for this OSI network layer which are listed below ordering from top to lower layer:
  • Layer 7 Application
  • Layer 6 Presentation
  • Layer 5 Session
  • Layer 4 Transport
  • Layer 3 Network
  • Layer 2 Data Link
  • Layer 1 Physical
Below is the video to show you in more detail about this OSI Network Model . But, If you prefer reading rather than watching, please visit http://en.wikipedia.org/wiki/OSI_model.

Understanding IPSEC - Server 2003



In this selection from Server 2003 Network Security Admin LearnSmart Video Training, best-selling network security author Tom Carpenter illustrates the foundations of the IPSEC security protocol, as well as IPSEC policies, architecture and troubleshooting.

What is Network Security?

Matt Sarrel technology expert of the Sarrel Group give brief information of what network security is.

Information Security Fundamentals

Get a sneak preview of information security concepts presented in E-Learning like threats, risks and business continuity - and gain a feel for the types of security threats you and your organization need to look out for.

Introduction to Information Security

An Information Security overview

Monday, June 15, 2009

Do You Want Someone To Know Your Secrets? Protect Yourself with a Firewall

With more and more small and home based businesses getting high speed, full time Internet connections, like Cable modem and DSL, there is an increased need for firewall software and/or hardware.

A firewall can be many things, but the main thing you need to know is that without one you are at risk of someone breaking into your computer. With people staying connected to the Internet full time with Cable modems or a DSL line, you are at a MUCH greater risk of someone accessing your computer from a remote location.

Basically a firewall limits the access to your computer from the Internet. This has nothing to do with your website. That's your webhost's responsibility to protect your site (which is another reason to make sure you have a reputable firm hosting your website). We're talking about someone accessing the computer that's sitting on your desktop right now.

I was amazed at the number of alerts I got when I first installed my firewall. Each alert meant that someone or some automated robot was trying to access my computer. Admittedly, if you are a small business just beginning e-commerce operations, you are not a prestigious target for a hacker to attack. But you might be a fun target for some 8th grader who wants to see if they can get into your computer.

Begin by immediately downloading and installing some free firewall software: You could visit http://www.firewall.com/ for many choices and more technical articles about firewalls.

I got my free firewall at http://www.zonelabs.com . It provides a good beginners level of protection. http://store.mcafee.com/ has a popular firewall for about $40.00. So does http://www.networkice.com/ that has one called Black Ice Defender.

As your business grows, you probably will want to graduate to more sophisticated software and hardware solutions. Just know that you MUST do something and you must do it NOW!

Monday, June 1, 2009

How To Protect Your Identity Online

Surfing the Internet is a daily occurrence for an increasing number of people these days, as technology expands and online services continue to grow. Many people go online to carry out banking transactions, shop, check e-mail, and catch up on news. That’s why it’s more important than ever to protect your identity while surfing the web. As identity theft becomes more prevalent, it’s necessary for everyone to be extra vigilant in protecting personal information – before it gets into the wrong hands.

Every time you go online and conduct some type of transaction, whether it is monetary or an exchange of information, you put your identity at risk. Unfortunately, criminals use the Internet too, making use of the technology to perpetrate identity theft. This type of cyber-criminal gathers personal information online and either sells it to others for profit, or uses it to his/her own purpose.

Luckily, there are many things you can do to stay one step ahead of these “bandits” and keep your identity as safe as possible. The Internet landscape is always changing, so you need to keep on top of things if you want to remain as safe as possible.

The first thing you need to do is learn how to avoid phishing scams. Phishers use fake e-mails and websites to pretend they are actual, trustworthy companies and institutions, such as banks and insurance companies. When people receive a fake e-mail or are directed to a counterfeit website, they are tricked into revealing passwords, credit card numbers, and other such information. Be warned: the criminals are good at what they do, so you must be very careful when dealing with e-mails from your bank or other organization. The key thing to remember is that real institutions never ask you to verify personal information online – be cautious and contact the sender directly, over the phone, to authenticate the request and, if necessary, provide any information they might actually require.

Because many phishers use spam e-mail as a way to obtain your personal passwords and information, install a good spam filter to keep out as much spam as possible. If you strain out most of the problem e-mails from the get-go, you won’t have to worry about dealing with too many suspicious messages on your own. Also, avoid sending any sensitive information via e-mail or instant messengers. Scam artists are notorious for intercepting e-mails and IMs. Use common sense when dealing with e-mail as well. For instance, avoid opening e-mail or IM attachments that you deem suspicious. Only open files from someone if you know the sender and what they are sending you.

And NEVER send your social security number over the Internet. No one should be requesting it, but if you are asked for it, confirm who is requesting it and send it directly to that person.

Another great way to prevent ID theft is by password protecting all your computers, laptops, and PDAs. For each item, come up with a unique user name and password. The same rule should be followed when selecting passwords for any online activity. Why? If one password is discovered by an individual with ill intentions, and all your bank accounts, credit cards, and other private logins use the same password, he/she could gain access to everything. When selecting passwords, create them with letters, numbers, special characters, and make up nonsense character strings not found in the dictionary. These will be much more difficult to decipher by a potential scammer.

Keep the amount of personal data present on your computer to a minimum. In the event that your computer is hacked or your laptop is stolen, you will be much less prone to ID theft because you won’t be giving the thief much to work with. Another good idea is to install a personal firewall program. Although systems such as Windows already contain a basic firewall program, setting up another program will ensure that your computer is hidden from hackers, stop intruders from reaching sensitive information, and let you control Internet traffic.

Purchase antivirus software and keep it updated. A high-quality virus protection package can help prevent and eliminate viruses, Trojan horses, and other dangerous items designed to steal your personal information. It will also scan e-mail and IM attachments for viruses.

In addition to antivirus software, be sure to equip your PC with the latest in anti-spyware protection. Although a great many of the spyware programs out there simply monitor your online actions for the purposes of marketing, some have been created for malicious reasons, including keystroke logging and, of course, identity theft.

One last tip: when you decide to update your computer and throw away or sell your old one, remember to remove all your data from the hard disk. Many people mistakenly believe that simply deleting files makes them disappear – but this is not the case. When you delete files they are still present on your hard drive, and have to be erased prior to handing the machine over to another person. Software known as wipe programs or shredders can be used to overwrite data with zeroes or random patterns making it completely unreadable.

It’s well worth the effort to take the precautions necessary for keeping your personal information under lock and key. Trying to clean up the mess left behind by an identity thief can take years, and will cause you a headache or two. So take charge and protect your personal information, using common sense and a few good tech tools to keep the cyber-thieves at bay.

Friday, May 22, 2009

How Profits Motivates Virus Creators

The motivation behind hackers has evolved noticeably over the last couple of years. Developing harmful viruses is less about “bragging rights” or satisfying the creator’s ego and is becoming more and more about generating profit or commercial return.

The destruction of data on your computer or corruption of programs you use is a common side effect and what people have traditionally associated with a computer virus. The reformatting of your computer “c: drive”, especially at work, and the loss of valuable data used to be an incredibly painful experience.

The widespread deployment of data back up solutions within companies to comply with legislation and other factors means less and less valuable data is now stored on your computer’s local hard drive. More importantly for the virus writer this attack does not generate much tangible profit so there is not much motivation to develop more sophisticated programs to counter improved anti virus applications and corporate network security.

However, there is profit for the virus writer in turning your computer into a spam distribution machine. “Spam” is email sent without the permission of the person receiving the message. Hackers gain control of your computer through a Trojan Horse which gives them the same access rights as the user. Once your computer is controlled by the hacker it becomes known as a “Zombie.” A group of zombie machines is known as a “botnet.”

By controlling a botnet a hacker can generate profit in a number of ways. The botnet can be used to exhort a ransom from a company by threatening launch a damaging “Distributed Denial of Service” (DDoS) attack against its web site. The botnet can also be hired out to other hackers.

The most common way of profiting from a botnet is to use it to send out spam email. According to the security software company Sophos over 50% of all spam email now originates from botnets. Hackers use spam email to drive traffic to pay per click advertising sites or distribute virus programs further. Using a zombie computer helps cover their tracks.

The drive for generating profit is clearly evident in a new form of virus dubbed “Ransomware” by security experts which started to appear in 2005. Ransomware, as the name suggests, holds data on your computer “hostage.” Files on your hard drive are encrypted with a password. The user is then contacted and asked to pay a ransom to release the file.

Here are some simple tips and strategies to help prevent your computer turning into a “Zombie.”

• Keep your computer up to date with the latest software patches for Windows and other Microsoft programs. Most viruses and other malware exploit vulnerabilities in widely used programs.
• Install a reputable anti virus program. Keep the definitions up to date and scan your computer regularly.
• Install a personal firewall or buy a router with a hardware firewall. Ideally you need a firewall solution which filters both incoming and outgoing traffic from your computer to the internet.
• Never open spam email or associated email attachments which is frequently used to distribute virus programs. Use a spam filter to help reduce the amount of spam you receive.

Wednesday, May 20, 2009

How To Recognize Ebay Scams

Shopping and selling on eBay can be one of the most rewarding experiences on the Internet. However you need to be careful of scam artists who will try to take advantage of you through various types of fraud. If you do get scammed on eBay there are ways you can get your money back. However, it is very difficult to ever catch the fraud artist and it is a lot simpler if you can recognize and avoid frauds from the beginning.

One of the scams that are very common today is fake e-mails that appear to originate from eBay or PayPal or even your bank. Keep in mind that anybody can spoof any e-mail address and send an e-mail that appears to be from somebody else. It is even possible to spoof an e-mail coming from the president of the United States. So when you see any e-mail in your inbox that comes from eBay or PayPal and asks you to log in to confirm your password the chances are that this is a scam. E-mails that you receive of this type will have eBay letterheads or PayPal letterheads and will direct you to a link that appears to be eBay or PayPal. However, if you look closely at the bottom of your browser you’ll generally see that the domain these links point to is not actually an eBay or PayPal domain. It just looks like eBay’s web site, but it is actually a scam site asking you to confirm your password. Once you put in your username and password the fraud artist has it. One of the more popular tactics being used right now is to send a fake payment notification from PayPal suggesting that you have paid for something which you did not buy. The e-mail and includes a link right in the center that says “dispute this charge”, and once you click on that link you are taken to a page that looks like PayPal but is actually a fraudulent web site designed to get you to enter your username and password.

One of the easiest ways to protect yourself on eBay is to use PayPal for all transactions. PayPal is a wholly-owned subsidiary of eBay, and so transactions that are paid for via PayPal can be easily disputed. Since it is in eBay’s interest to maintain a secure shopping environment they are generally very quick to resolve disputes that originate by PayPal. If you buy an item and are not satisfied with it and feel like the seller did not deliver what he promised, it is far easier to dispute that transaction fee with PayPal because eBay can reverse the funds themselves. If you purchased by money order or credit card or some other payment method, eBay does not have the opportunity to reverse charges without going through a third-party.

Whether you are buying or selling items is a good idea to stick with PayPal. If you are selling items it is a good idea to only except PayPal as a payment option. The last thing you need is to get a bad check, or have your buyer dispute his credit card charge. If you have fulfilled your end of the seller’s bargain, then all you’ll need to do is prove that to PayPal and eBay without involving a third-party. Generally speaking, if a buyer is unhappy with a product that you sold and does not consider the product to be in the condition advertised, then you should demand that the product be returned before you issue a refund.

In order to sell on eBay effectively you need to learn how to use reserve pricing. One of the most common schemes on eBay is for someone using multiple accounts to place a low bid and a high bid simultaneously under different aliases. This ties up your auction at the high bid price and allows of the fraud to be carried out when the high bid buyer declines to pay and you are confronted with a low second bid. This scam is effective because the seller feels obligated to sell the item to the second-highest bidder once the auction has fallen through with the top bidder. Placing a reserve is essential to avoid this kind of scam so be sure to set a reserve price at the point where you would not sell the product for any less.

It is worthwhile to note right on your auction page that you reserve the right to back out of selling an item if you suspect fraud. While it is easy to get scammed as a buyer it is even easier to get scammed as a seller. Sellers generally have more experience and can recognize these scams, but you should be aware of the pitfalls of selling upfront before you start selling items on eBay.

EBay is a very safe and secure way to shop if you use it wisely and remain aware of how fraud occurs. It is important to always report suspicious activity directly to the eBay or PayPal. Since they have a vested interest in assuring that reliable transactions occur without fraud you can be sure that they will do their best to prevent illegal fraudulent activity.

Friday, May 15, 2009

How To Shop Safely Online For Any Occasions

Here are several things to keep in mind when shopping online for any special occasions.

Pay with a Credit Card and Protect Your Passwords: Credit cards offer you the most protection as a consumer. Never send cash! If you pay by credit card, your transaction is protected by the Fair Credit Billing Act. This limits your liability for any unauthorized charges
to only $50.

Understand the Return Policy: Determine the company�s refund and return policies before you place any order. Generally, any item that has been engraved or personalized in any way, will not qualify for the store�s Return Policy. Some countries don't have the same return policies as we do here in North America, so know where you shop and always read their return policy if has any.

Shop with Security: When online, look for a symbol of an unbroken key or padlock of the bottom of your Web browser window to ensure that your transmission is protected. Always enter the url manually to your browser instead of clicking links thru emails messages to ensure maximum security.

Print all Transaction Records: Make sure to print or save electronically any records related to your online transactions. This will help you keep track of shipping dates, shipping and handling fees, and other details of your transaction. Take as much info as possible including names, their title and phone numbers in case of
disputes.

File a Complaint
If you suspect the business may have broken the law, file a complaint with the Federal Trade Commission. You can call the FTC toll-free at 1-877-FTC-HELP (1-877-382-4357) or file a complaint online at www.ftc.gov. or report it to your local Better Business Bureau.

Check the Site�s Privacy Policy: The company�s privacy policy should let you know what personal information the company is collecting, why, and how the information is going to be used. Be cautious if you're asked to supply personal information, such as your Social Security number or personal bank account information to conduct a transaction. When you shop online, you should never ever have to provide any sensitive information such as your Social Security Number, if they do, shop somewhere else.

Friday, May 1, 2009

10 Steps to Reduce Your Risk of Identity Theft

You've probably heard about identity theft on television or read about it in the newspaper, and you may already be aware of the damage these crimes can cause victims and their families. What you may not know is how to protect yourself from these attacks. Below you'll find ten steps that can help you minimize your chances of becoming another identity theft statistic.

  1. Invest in a shredder – Never throw anything away without shredding it first. Identity thieves will dig through dumpsters and trash bags looking for credit card receipts, voided checks, paid bills, credit card offers, and other items which provide them with your personal information.


  2. Mail everything from the post office – Leaving your outgoing mail in or on your mailbox is an invitation to have it stolen by an identity thief. Not only can they get all of your personal information from the check, but they can even alter the check and cash it themselves. Instead, drop it by the post office or another mailbox..


  3. Use a post office box – Incoming mail is also a target for identity thieves. Your bills, checks, even junk mail can be used by these thieves to steal your
    personal information. If you have a post office box, then your mail will be delivered safely to that box..


  4. Have a non-published phone number – Some identity thieves will also use the telephone in an attempt to get your personal information. For example, one scam involved a caller telling a person he or she had won a government grant that was going to be directly deposited into their checking account. Of course, the caller needed the person's checking account number to deposit the money. If your phone number isn't available, then you won't be harassed by these calls..


  5. Check your accounts weekly – If you don't already, you need to get in the habit of checking the balances of all your financial accounts on a weekly basis. Waiting for monthly statements isn't good enough because by then your account could have been completely drained..


  6. Check your credit report yearly – Every year, you should request free copies of your credit report and check them for any errors, such as credit cards or loans you never took out. If you find out now that someone is using your identity, you can start correcting the problem before you need to use your own credit..


  7. Memorize PIN numbers and passwords – Never write down your PIN numbers or passwords. No place is a safe place to keep these important pieces of information. Keep them in your memory so no one can steal them. Also, make them more complicated than an ordinary word or your birthday. It shouldn't be easy for anyone to guess..


  8. Keep only basic information on checks – Your checks should only include basic information about you, such as your name and address. Your social security number should never be printed on your checks. If it is, then you're basically handing over the keys to your identity to any thief who comes in contact with your check..


  9. Eliminate unwanted credit card offers – Those credit card offers you throw away can be used by identity thieves. They simply have to complete the application and change the address to have a card sent to them in your name. You should shred them, but you can also call 1-888-567-8688 or visit http://www.optoutprescreen.com to opt-out of the credit card offer mailing list so you'll stop receiving them..


  10. Carry only necessities – Never carry anything in your purse or wallet that isn't necessary, such as extra deposit slips, social security cards, birth certificates, etc. The more personal information your purse or wallet contains the more valuable it will be to an identity thief if it is lost or stolen..


  11. Although we only promised ten steps, we're throwing in an extra one to help you protect yourself even further.

  12. Go electronic – Bank statements, most bills, and many other documents can all be viewed electronically so you never have to worry about them being stolen out of your mailbox or your trash. Contact your financial institution, credit card companies, and utility providers about the availability of this option. As an extra bonus, many of these businesses offer incentives to individuals who sign up for these electronic programs..

Wednesday, April 22, 2009

How Fixing Broken Windows Can Decrease Click Fraud

There is a theory in law enforcement that goes something like this:

If someone breaks a window in a building, and it isn't fixed quickly, others will soon be broken. As the evidence of neglect builds, vandals will be more emboldened to break into the building and commit more vandalism and eventually destroy it completely.

If, on the other hand, that window is promptly fixed, it discourages further crime because it is clear that someone is watching the store.

Further, if instead of just fixing the window, you find the vandal and hold them accountable for it, a message goes out loud and clear: we're watching and you will get caught.

The problem with the broken windows theory is that it requires more than police action to put into practice. If the community isn't involved in the cleanup effort, the initiative fails. When the community is drawn in to help police the problems, to report them and to 'mind the store', so to speak, crime rates drop.

This theory can be extended to police nearly any venue where there is unacceptable behavior - including the problem of click fraud in the venue of PPC advertising. At the moment, the PPC industry is like a vacant building with nobody watching the store. It's easy to enter fraudulent clicks. It's even easier to get away with it. At the moment, a large percentage of advertisers leave the detection of fraudulent clicks up to the PPC provider - and the policy of most PPC providers is that they will provide refunds for proven click fraud upon request from the advertiser.

What happens when:

- The PPC provider's software detection methods don't catch the click fraud?
- The advertiser doesn't use fraud detection software?
- The advertiser can't back up the claim of click fraud?
- The major players in the industry refer to the problem as 'negligible'?

Simply put - the click fraudster gets away with it. The rewards are enormous - estimates put the amount of money lost to click fraud in the range of billions of dollars annually. But the loss to any individual advertiser is usually negligible, and even Google sees refunding money to advertisers as no more than the cost of doing business.

If we're ever going to put a dent in click fraud, three things have to happen.

1. Advertisers have to take responsibility for monitoring their own campaigns. If you don't know it's happening, you can't take steps to stop it.

2. Advertisers need to use the information they generate through their analytics to demand refunds from the PPC companies on a consistent basis. As long as the losses are minor compared to the profits for the PPC companies, their incentive for responding is limited.

3. Click fraud perpetrators have to be identified, actively pursued and penalized. Currently, modern techniques that use proxies and 'zombie networks' can make it almost impossible to identify and punish offenders.

Those are the three elements of the Broken Window theory that make it work - community action, official backing and action and penalizing perpetrators.

The first element in combating click fraud as a community is in getting click fraud prevention and tracking software into the hands of all advertisers. The difficulty of sifting through hundreds of pages of data to make comparisons and weed out patterns that signal click fraud is a daunting one for most companies.

Click fraud detection software makes it almost painless - but can be expensive. Other parts of the internet market have benefited from open sourcing of software to manage content, manipulate graphics, and create communities and process payments. An open offering of free click fraud prevention software will encourage advertisers to start monitoring their own logs and records and identify potential fraudulent clicks.

In addition, an open offering encourages others to modify and extend the software and make those extensions available to the community at large.

With those monitors in place, the second part of the equation becomes more possible. When it's easy for advertisers to identify and document fraudulent clicks on their campaigns, it becomes that much easier for them to demand refunds for those clicks. The third part is an outgrowth of creating a community that actively works to eliminate click fraud.

For the time being, click fraudsters are loose in a neighborhood of broken windows. With the right tools, we can begin to repair the windows and create a community that makes it nearly impossible to get away with their tactics.

Tuesday, April 21, 2009

How to Prevent Identity Theft

Internet banking is a piece of cake for all those who know how to handle it. Free online bill-payment, the 'next day’ bank to bank funds transfer and much more, are some of its features that make your life so much easier. But, with this bliss you may also invite a serious trouble. One of the worst things that could happen to you is someone using your identity to borrow money from creditors and stealing money from your bank accounts. This is called Identity theft.

One would only need two pieces of your personal information to impersonate you: your date of birth (DOB) and your Social Security Number (SSN). Technically, these are the keys to your bank accounts, credit files, credit cards, health information and everything. No matter how fool proof banking might be these days you are ALWAYS at a risk of being a victim of Identity theft.

More Information at: www.ehow.com

Monday, April 20, 2009

Spyware The Peeping Toms of the Web

While the internet is a great tool for research, or for just keeping in touch with e-mail or looking for a perfect gift, there is an annoying problem that is becoming increasingly dangerous for your computer. While everyone understands what a computer virus does, many people are still relatively unaware of the problem that is Spyware.

Spyware is another word for Advertising Supported software (Adware). There are several large media companies that place banner ads and pop-ups on certain web pages in exchange for a portion of the revenue from banner sales. This is the front for the more harmful Spyware that almost always comes along with it behind the scenes. While the banner placement may be a great concept, the downside is that the advertising companies also install tracking software on your system, which is continuously "calling home" and using your Internet connection to report on everything on your computer and everywhere you go, and then reports this information back to the source program. While every site you may visit may have a privacy policy about not sharing information, the fact remains that someone put a program on your PC that is sending non-stop information about you and your surfing habits to someone else.

Although Spyware is something that because of its very nature seems like it should be illegal, it actually is not, though there are obviously major privacy issues. Spyware also has a tendency to open your computer up to receiving more computer viruses, which is another reason why someone should look at removing any Spyware from their computer. Spyware detection and removal software often comes with security software like Norton or MacAfee, but there are also plenty of programs out there that exist for the specific purpose of finding and removing Spyware. Any detailed research will help you find programs that you can download to your computer in order to take care of these problems.

There is also the type of Spyware that can be intentionally downloaded to a computer. This type is most often used by parents or guardians to get a monthly report to find out all the various web sites people in their household have visited over the past month. In some Christian circles, a particular type of Spyware has become popular, where a certain group of friends will receive a monthly list of every web site visited in the past month, as an “accountability” thing. Otherwise, most Spyware is best removed from a computer as soon as it is found.

Sunday, April 19, 2009

Top 10 Virus on January 2009

Here are the top 10 Virus/Trojan on January 2008

1. Windx-Maxtrox

Display your desktop wallpaper after modified by the virus Windx-Maxtrox.Virus created with Visual Basic has a body the size of the original around 77Kb, without in-pack. The virus is suspected to originate from the strong North Sulawesi has an executable file infection capabilities. Precisely, it will infected program in the Program Files directory. Technical infection canny enough to avoid implementing it detection heuristic antivirus engine. Characteristics that can be recognized on the infected computer is changing the image of the desktop wallpaper images into animation.

2. Autoit variants

Most variants use Autoit folder icon in the typical virus impersonation.Ciri this one is made using a scripting automation. That if the compile into a executable file, which is also in-pack using UPX. And nearly 90% of all viruses and their variants autoit that we have, using similar folder icon in impersonation. This virus will also create an autorun.inf file at the time of the disk drive or flash drive.

3. Malingsi

The virus attacks the other virus Malingsi fat.Virus well with the size of 705,312 bytes is created using Visual Basic in the pack-use PECompact. It seems this virus is intended to attack another virus, this is seen from the message in the body. This virus breed and spread using intermediaries Personalization, which acts as a bot.

4. Recycler variants

File viruses hiding behind the false Recycle .Whom become typical of this virus is a technique, how it spread. Of all the variants that we have, how that is done the same, namely masquerade as Recycle Bin. For example the virus attacks the flash disk. In the flash disk of the victim will be the folder with the name of Recycler in which there is a folder using the name of alpha numeric example “S-1-5-21-1482476501-1644491937-682003330-1013″ with the icon is similar to the Recycle Bin icon. If this folder, click on or accessed from the Explorer, the file the virus will not be visible. To view them, you can go to command prompt with the command “dir / a”.

5. Fdshield

The name used by Fdshield time spread.Virus made using Delphi language using this icon that resembles the Internet Explorer. Has a file size of 553,472 bytes, without in-pack. One thing the light of this virus is of the name used when spread, labeled “17 + + & Confidential Sexs Women artists Indonesia (foto2_kamera tersembunyi_liputan). Exe”. For users who do not careful - careful, will take the file is an HTML file. If you see in the directory C: \ Windows \ System32, the mother found a file with the name “rundl32.exe”. Do not be deceived again! That is not part of the Windows files, but it really is a file virus. Note the letter “L” is just one. And now see in the Schedule Task, have a new job with the name “Windows FD Shield” which will execute the virus file at the time that he has set.

6. Purwo variant

Message delivered creator.One more new variants, Purwo.C, still created using Visual Basic, with the body size of about 56KB, without the pure-pack. This virus uses Word document icon similar property MsOffice to deceive potential victims. When he infected create a folder with the name “Purwokerto Under Cover” of the hidden attributes, and contain a file called “KoruptorPurwokerto.exe” on each drive that he find. In the folder C: \ Windows \ System32 \ file system also have windowss.exe, and in the C: \ Windows \ javaa \ service.exe. At the time it will show a black screen that contains the text of the message from the author. And be careful, this virus will also remove some of the files belong to you that he met.

7.Formalin

File properties Formalin.Icon virus that is used by this virus resembles the withdrawal folder, and it is created using Visual Basic. On Formalin.D, the file size of 18,432 bytes, with the condition of the pack using UPX. The virus creates a folder “disguise” with names such as seepage problems UAN and UAS, My Completed Downloads, Picture Wallpaper, Crack Program, don’t opened !,Ensurt Data (dont’ removed), and others. At the infected computer, Internet Explorer in the caption will be changed to “Your computer has been infected Formalin virus.” He also tries to disable “safe-mode” with how to remove some registry related. And in the file properties of the virus, the property description in the version information will have any posts such as “Kasian dch loe”.

8. Raider.vbs variant

Raider habits virus body has up-to-encryption.Virus if this type of VBScript, its file opened with Notepad, not a lot of strings that can be read as in most encryption. This has become a habit in every variant. Typically, the Registry, it will provide a key to making the new HKLM \ Software with the same name as the name on the computer name, with its contents as a string value is the name of the virus, Raider, and the date the first time the computer is infected.

9. Autorunme variant

Virus Autorunme hide the Recycle Bin folder that is not a production dibuatnya.Virus local programmers use this pack PECompact. He does not have the icon, only the icon from the standard Windows applications. infected time, he tried to embed the file on the parent directory C: \ Windows \ System with the name and msvc32s.exe with hidden and system attributes, and create new autorun in registry with the name “Windows msvc Control Centers.” The virus can spread through the data storage media such as flash disks can also be spread through Instant Messaging application. In the flash disk, it will make the Recycle Bin folder imitation that contains files with the name autorunme.exe, and direct autorun.inf file to run the virus. So when a user plug and play their flash disk drive and access is, the virus will be active.

10. Rieysha variant

Sma-Virus Found Rieysha variants of Rieysha again, this time with the name Rieysha-high school. Like previous variants, it is still possible to use Visual Basic. This time around the size of 104KB, with the icon that resembles a file Real Media Player. Menginfeksi time, it will create a duplicate file exe, mp3, doc, and replaced with a 3gp himself. In addition, there are at least 2 pieces of virus files on the root drive, with the name “sma3gp.exe” and “CeritaSeru.vbs”.

Source: bibeh.com

Thursday, April 9, 2009

Safe and Secure Online Payments with SSL Certificates

The seamless world of the Internet has broken open the physical barriers that existed across regions on the Globe. Today, therefore, you could be sitting in Munich and buying goodies from Seoul. Very convenient, and thrilling. But, when you pay for your goodies and swipe you’re Credit Card, are you sure, you are paying only for what you paid for? Chances are your Credit Card Information traverses through alien territory into the wrong pair of hands. The result, the next morning, you will find your Bank account eroded or emptied? Not a situation that most of us can afford or enjoy.

How do we then transact on the Internet and yet safeguard our hard earned monies from those Electronic pirates? The answer is relatively simple. Every time you choose to buy product or services through web-sites, before entering your Credit Card and other personal information look for information on whether the payment gateway is secured. Informed customers would always prefer to transact their business through secure sites and this will automatically bring in more business to Websites secured through SSL certificates from well known providers.


Payment gateways are secured through SSL or Secured Socket Layer. When you enter your personal and or Credit Card information into a secure site, an encrypted public key is created. This is termed as a handshake to authenticate safe transaction. The unique encryption method which gets established in the process will have a unique session key. This process protects theft of valuable data and only the transaction that you intend to complete is processed.

SSL certification has been found to be very reliable across, Internet users and also among the customers. These certificates are issued by a reliable and trusted authority, the Certificate Authority. The web-site through which you are attempting to transact business carries signs of the agency which has issued the SSL certificates. There are other similar agencies too, which offer these SSL certifications. When you click on the sign, the details of the certifying agency are displayed.

When you click on such secured domains, your system generates a SSL handshake which is accessed by the web-site server. The unique encryption method employed then allows a secure transaction to go through.

Why all this bother?

When you are transacting valuable business or even sending across precious data, it is necessary to route them through secure servers which have the seal of security such as an SSL certificate. In the absence of this Security, it would compare with sending a snail mail in a transparent envelope.

For E-Commerce and other Web-site owners, the SSL certification acts as a stamp of credibility and assurance of safety to their valuable customers.

For the Service Providers and other Vendors/Merchants in the Internet world, exhibiting their site security sign – a reputed one at that, not only assures the customer that the information he parts with will be securely handled, but also separates them from the crowd. Informed customers would always prefer to transact their business through secure sites and this will automatically bring in more business to Websites secured through SSL certificates from well known providers.

Wednesday, April 1, 2009

The Home Computer User’s Guide to Spyware

As with the computer virus, spyware can be broken down into a number of different categories. Most users are familiar with the term “adware” which refers to software which serves annoying ads. There are however a number of other spyware variants you should be aware of.

To begin with it is important to have a clear definition of spyware. This will also help us understand why the term is commonly used to encompass a number of different variants. Spyware is a program, usually installed without your knowledge, which records what you do on your computer and then shares it with its creator.

The information which the spyware program collects can vary from the websites you visit to log-in and passwords for your online banking site. The sharing of your personal information with a third party is why spyware in its purest form is labelled as a malicious threat and clearly is a major privacy issue.

Adware is the second mostly commonly used term. Adware is designed to display adverts relevant you, commonly based on your surfing habits, to generate Pay-Per-Click advertising revenue or sales through affiliate links. Adware is commonly bundled with free software by developers instead of charging a price.

The malicious nature of adware can vary enormously. At one of the scale, adverts are displayed in a non-intrusive manner in a window within the free program you have downloaded. When the program is not running, ads are not displayed. At the other end of the scale, a user could find their desktop overwhelmed as the adware program spews out multiple pop up ads in a very aggressive manner. Whilst it may be possible to believe the former is not transmitting personal data to a third party, it is difficult to expect the later not to.

The adware issue is further complicated by marketing companies who do not like their software being labelled “spyware.” These marketing companies generate millions of dollars of income often via recognised brand name clients. So to avoid legal issue security companies refer to this software as PUPs (potentially unwanted programs).

Browser hijackers are another aggressive form of spyware. They attack important browser settings like your default homepage which your browser loads when you start the program. Hackers direct you to sites which generate revenue for them like the Russian website “Cool Web Search”. Browser hijackers can also insert sites into your bookmarks. They also can cause your browser to crash and stop working completely and are typically difficult to remove.

Key Loggers capture all your key strokes into a DLL file which the creator retrieves. Software key loggers are often bundled with a Trojan Virus which gives the creator access to your computer.

Here are some tips and strategies to fight the different types of spyware.
- Keep Windows XP and ALL your web browsers (including Internet Explorer and FireFox) up to date with the latest patches.
- Install a reputable anti-spyware program like Webroot Spy Sweeper or PC Tools Spyware Doctor. Run frequent scans and keep the definitions up to date.
- Install a reputable anti-virus program like Norton Anti-Virus or McAfee VirusScan. Run frequent scans and keep the definitions up to date.
- Install a firewall which manages both inbound and outbound connections. Top personal firewall software picks include Zone Labs’s Zone Alarm and Norton Personal Firewall. Alternatively purchase a router with a hardware firewall.
- Avoid downloading free software programs including screensavers and weather toolbars.
- Avoid know high spyware risk area on the internet including illegal music sharing sites, Peer-to-Peer programs, free game download sites and adult sites.

Monday, March 30, 2009

Identity Theft – Who is phishing for your information?

There’s a new type of internet piracy called phishing (pronounced fishing). Internet thieves are fishing for your personal information. They’re looking for ways to trick you into giving out your Social Security Number, credit card number and other personal information that they can use to their advantage. You could become a victim of identity theft that could take years to clear your financial history and personal reputation. But understanding how these internet thieves work, will help you to protect yourself from becoming a victim.

How do these thieves get your information?
Typically, you might receive an email from a company that you are familiar with that looks real. It has the company logo, they may call you by name, and the tone of the email is that they are looking out for your best interests. This email will warn you of some imminent danger to your account or credit card and that you need to take action immediately or you will suffer dire consequences. There will be a link (underlined writing usually in blue) for you to click on that will take you to their website. And guess what? The website they take you to will look like the real thing with the company logo and all.

Next, you will be asked to verify your account, password, or credit card information. If you ever find yourself here, STOP! Do nothing. Do not fill in any personal information. Immediately exit from this website and delete the phony email that you received.

How to know that this is a phishing email.
If you did not email this company asking for information about your account or for help with a problem, be suspicious. If you are still not sure because it looks so real, call the company yourself and ask. You can find these phone numbers on your monthly statement. If it is after hours and no one is there to take your call, wait until the next day when you can reach someone. Don’t fall for the imminent danger message and feel that you have to take action immediately. Phishers are hoping that you will take immediate action – don’t panic and let them trick you into clicking on their link.

What can you do?
Never give someone your password over the internet or phone when it is an unsolicited request. Your credit card company knows what your password and credit card number is. They don’t need to ask you for it.
Likewise, your bank knows what your account number and social security number, they won’t ask you to repeat it verbally over the phone.

Review all of your monthly statements every month as soon as they arrive. Check for charges that you never made. If your statement is ever late in arriving in the mail, call and ask why. Protect yourself from these would-be thieves. Don’t let them take your identity! Please remember to Bookmark Internet Security Center now! Thanks for visiting.

Brought to you by http://www.PrePaid-Legal-Help-4U.com where you have complete legal protection 24/7 for less than $1 a day!

Protecting your self against online credit card fraud

Today more and more people are looking to the internet to do their shopping. With online stores popping up all over the internet the urge to spend money on the World Wide Web has never been stronger. The unfortunate thing is that the urge for scam artists to take your money has never been stronger. So how do you protect your self from these thieves? If you follow these simple steps I promise you’ll enjoy shopping on the internet more having taken these precautions.

The first thing you should consider when buying online is if the website you are shopping on is secure? These days most retail websites have secure pages where you enter your personal information but that doesn’t mean that all sites are secure. The first step in making sure that your information is secure is to check the address bar and look for “https” this means that you are on a secure page. If the address begins with “http” the page is not secure and your information should not be given. The second step in determining if the website is safe is to look for the picture of a closed lock or an unbroken key. These pictures can be found in the bottom right corner of your browser window. When the lock is open or the key is broken the page is not secure. The last thing to look for is mention of secure certificates or “SSL”. These logos usually appear near the bottom of the screen. If you are still not sure if the website is secure you can always ask them through e-mail (make sure to save the reply just in case).

Credit card fraud is still relatively common. Even with all the security that some of the larger websites have, these con artists are still able to scam some people. So what do you do if you suspect that you have been scammed? The first thing you should do is determine if the charges on your credit card are really unauthorized. This is why you should save all of your receipts. Sometimes when a company makes a charge to your card it might show up on your statement as a charge from a name that you don’t recognize so it is important to check your receipts and confirmation e-mails (the company will usually tell you what the purchase will be charged as in the confirmation) to make sure that the mystery charges aren’t legitimate. Once you are sure that you have been scammed either by the store or by someone that has somehow stolen your credit card information your next step is to contact the credit card company. Some companies such as VISA and MasterCard offer zero liability for fraudulent charges. If your credit card issuer does not have a zero liability policy then you are only liable for up to $50 according to federal law.

Shopping on the internet is more popular than ever and with the flood of internet shoppers comes a wave of con artists. Protect your self from these crooks. Follow the information I have laid out for you and remember to save your receipts, look for secure pages and if that isn’t enough then only buy from well established websites that you have had good experiences with.

Sunday, March 29, 2009

Your Next PR Nightmare Could Be Only a Click Away

In the age of Enron and failed intelligence, scandals remain the rage of the front page. Companies want to see positive spin and not scandal related material published. Imagine for a moment the educational software site where employees are identified as regular visitors to pornography websites. The effect to such a company’s image could be devastating.

Leaks, Peeks & Sneaks

There are numerous security risks facing companies with internal networks. Primary among their concerns are stifling leaks and backdoors that allow hackers to penetrate their firewalls. But the threat from within the company may prove to be more devastating to a company’s reputation and subsequently their stock value and much more.

Employees face a four-pronged attack from blended threats across the board. Phishing and pharming are two of the more popular attacks that face Internet users everyday. Typically sent via email, phishing attacks depend on the concern of an employee to take care of matters ranging from personal to financial. The uneducated user will click an embedded link and leave the network vulnerable to an attack.

The sophistication of these attacks can penetrate even the most complex of security systems unless user error can be compensated for. The most popular forms of phishing involve instant messaging and emails. Despite the widely known understanding of spoofing, most users do not expect to receive messages from spoofed accounts.

Increasing a systems security perimeter can block instant messaging ports and prevent such external security breaches. Network security devices can also block web requests to URLs presented in instant messages. Better still, URLs or web requests from internal users can be compared to a database of acceptable websites and disallowed or denied if they do not match.

Living on the Fringe

Installing spyware and malware is another by-product of visiting less than secure websites. Internet users are often besieged by offers for free software, free access and freebies. The lure of the freebie is as potent if not more so on the Internet than it is in real life. Downloading such freebies can come with passenger programs designed to record keystrokes and much more.

The least of the problems that spyware can commit is to tie up bandwidth and computer memory. The worst is that it can actually spawn Internet attacks to other sites, download critical data and send it elsewhere. Employees do not have to be lured just by a freebie either. They can simply make a typo in submitting a URL and find themselves in the wrong Internet neighborhood. Clever programmers can generate pop-up windows and disguise a button with a simple label like ‘close’ and the user will click it, thinking they will only close the nuisance window. Some programs on high-speed network access can be downloaded in the blink of an eye, compromising the computer and potentially the network.

One-Click Scandals

Scandals need very little fuel to fire. A user who chooses to go to a website of questionable integrity and intent and a user who is lured there by a bad link or a typo offer the same type of danger to a company. Scandals do not have to make the front page to generate reputation-damaging issues for a company.

Word of mouth is as fast a delivery service for reputation sabotage as press reporting is. A network security company that cannot protect against hacking of their website does not engender trust or confidence. A financial investment firm that is accused of insider trading when emails and instant messages from employees are subpoenaed and found to be questionable will likely lose clients, capital and more.

The Burden of Responsibility

Scandal can be generated by an innocent act as easily as by one of guilty intent. Corporations are responsible for the actions of their employees. Questionable Internet behavior and activity can and will affect a company’s reputation, financial standing and potentially their legal standing as well.

A corporation bears the burden of responsibility for its employees and their actions. By employing network security devices to monitor and restrict Internet activity, a corporation not only relieves a large measure of their burden, but also protects their interests on numerous fronts. Without such protection, a company is courting disaster and inviting scandal.

Saturday, March 28, 2009

Don’t Be Bugged - Get Bug Detectors

You are walking along, sweeping back and forth, area after area, searching. You are continuing searching when suddenly a sound begins to click, faster and faster. Is it a Geiger counter? No, it is your bug detector. That is right. If you suspect that someone is listening in on your private conversations, strategic development meetings, covert operations, or whatever your reason for secrecy might be, you can stop it instantly and for good with bug detectors.

These handy devices promise you peace of mind and are capable of detecting, locating, and verifying hidden transmitters regardless of where they might be. These work not just in your office or home, or only on your telephone, but even in or on your car.

You may be asking yourself what the difference is between detecting and verifying a hidden transmitter. Obviously, if you detect and locate a bug, you are verifying that you are being bugged, right? Well, verifying in this instance means something else entirely. Let us say that you are sweeping for bugs and the bug detectors you are using begin to squeal or vibrate, telling you that a bug is present. There is a possibility that what it is picking up is not a bug but an ordinary television or radio transmission.

You could drive yourself nuts trying to find a non-existent bug you believe is planted somewhere on your television or radio. But since you are also able to verify with your bug detectors, you will then know that it is not a bug but just a regular, non-threatening transmission.

Thursday, March 26, 2009

Avoiding Identity Theft

What's in a name? Possibly thousands of dollars. That's the word from law enforcement agents who say that Americans lose millions to identity theft each year.

The term "identity theft" refers to a crime in which a person steals your Social Security number or other private information. The criminal then uses that information to charge items or services on your credit or simply steal money from your bank account. The thieves often operate online, making it especially important to take precautions when surfing the Web.

A new book called "Geeks On Call Security and Privacy: 5-Minute Fixes" (Wiley, $14.95) could help you protect your identity. It offers expert advice on securing your computer as well as simple, step-by-step explanations of topics ranging from stopping viruses and spyware to backing up your data. The book explains these tips and others in detail:

Encrypt Your Computer Data

If your computer contains financial statements, credit card numbers, business documents, names and addresses of friends and family or other private information, consider using encryption software.

Social Security Numbers

Never use your Social Security number as a login on a Web site and do not give your Social Security number if an unsolicited e-mail requests it.

Avoid Automatic Logins

Some Web sites offer to save your user name and password so you can avoid the hassle of logging in over and over again. However, saving this information can make it easier for a thief to steal your identity.

Always Log Out

Before exiting an Internet account (online banking, bill pay, etc.), be sure to click the "Log Off" or "Log Out" button. This closes your session on the site and prevents someone from breaking into your account by clicking the back button on your Web browser.

Avoid Credit Card "Auto Save"

Most e-commerce Web sites allow you to store credit card numbers on their databases to make future transactions faster. Unfortunately, these databases are often targeted by hackers.

Wednesday, March 25, 2009

Where Spyware Lurks on the Internet

Spyware has to be the most talked about PC security threat of 2005. It has now surpassed the computer virus as the No. 1 menace to computer user both at home and in the enterprise. Despite efforts from Microsoft and independent security software companies, the spyware menace is set to continue through 2006 and beyond. The research firm Radicati Group expect worldwide anti-spyware revenue to surpass $1 billion by 2010.

There are numerous types of spyware with some more dangerous than others. At one end of the spectrum spyware pushes annoying ads to your computer as is usually referred as “Adware.” It is still spyware as the ads are generally pushed to you based on your surfing habits. A bad infection can also dramatically impact your computer’s performance as your desktop slowly gets overwhelmed with pop up adverts.

At the other end of the spectrum spyware programs can record what you do on your computer including individual key strokes. This information is then shared with a third party. This data is then sold to marketing companies or used to profit from. For example, the program may have captured your bank log-in details or credit card information.

Profit from these activities drives spyware development and deployment. According to anti-spyware vendor Webroot Inc advertising revenue generated from spyware is much more lucrative than trying to generate profit through Spam Email.

Here are the common ways spyware gets onto your computer:

• Bundled with free software like screensavers or P2P file sharing programs which you download. For example Kazaa, a P2P file-sharing application, installs adware onto a user’s computer even though it claims to contain “no spyware.” Waterfalls 3 from Screensaver.com installs spyware and Trojan horses. Examples are courtesy of a report from StopBadware.org’s website.
• Opening Spam email attachments.
• Being enticed into clicking on links in pop up adverts which then downloads spyware. These pop ups usually display messages to do with winning money or entering a special prize drawer.
• “Drive-by downloading” – this is when spyware is automatically downloaded onto your computer from the website you are surfing.

Earlier this year a report published by the University of Washington revealed categories of websites which are mostly like to host spyware or infect users through “drive-by downloads.” Their research revealed the following categories:

• Gaming sites
• Music download sites (I interpret this to mean “illegal” music sharing sites like dailymp3.com or where you can find P2P applications)
• Adult sites
• Celebrity sites
• Wallpaper / screensaver sites

Here are some tips and strategies to reduce the chance of spyware infection:

• Switch on your browser’s pop blocker.
• Install an anti-spyware tool with active protection which helps prevent infection in the first place.
• Keep Windows and other Microsoft applications like office up to date with the latest patches.
• Use SiteAdvisor (http://www.siteadvisor.com). This is a free plug-in for your browser which tells you whether a site is safe or not based on their testing. This is new software which is highly recommended.
• If you are a frequent visitor of the high risk categories please consider changing your surfing habits or at least making sure your system is fully protected.

Tuesday, March 24, 2009

5 Security Considerations When Coding

1. Input Checking

Always check user input to be sure that it is what you expected. Make sure it doesn’t contain characters or other data which may be treated in a special way by your program or any programs called by your program.This often involves checking for characters such as quotes, and checking for unusual input characters such as non-alphanumeric characters where a text string is expected. Often, these are a sign of an attack of some kind being attempted.

2.Range Checking

Always check the ranges when copying data, allocating memory or performing any operation which could potentially overflow. Some programming languages provide range-checked container access (such as the std::vector::at() in C++, but many programmers insist on using the unchecked array index [] notation. In addition, the use of functions such as strcpy() should be avoided in preference to strncpy(), which allows you to specify the maximum number of characters to copy. Similar versions of functions such as snprintf() as opposed to sprintf() and fgets() instead of gets() provide equivalent length-of-buffer specification. The use of such functions throughout your code should prevent buffer overflows. Even if your character string originates within the program, and you think you can get away with strcpy() because you know the length of the string, that doesn’t mean to say that you, or someone else, won’t change things in the future and allow the string to be specified in a configuration file, on the command-line, or from direct user input. Getting into the habit of range-checking everything should prevent a large number of security vulnerabilities in your software.

3.Principle Of Least Privileges

This is especially important if your program runs as root for any part of its runtime. Where possible, a program should drop any privileges it doesn’t need, and use the higher privileges for only those operations which require them. An example of this is the Postfix mailserver, which has a modular design allowing parts which require root privileges to be run distinctly from parts which do not. This form of privilege separation reduces the number of attack paths which lead to root privileges, and increases the security of the entire system because those few paths that remain can be analysed critically for security problems.

4.Don’t Race

A race condition is a situation where a program performs an operation in several steps, and an attacker has the chance to catch it between steps and alter the system state. An example would be a program which checks file permissions, then opens the file. Between the permission check the stat() call and the file open the fopen() call an attacker could change the file being opened by renaming another file to the original files name. In order to prevent this, fopen() the file first, and then use fstat(), which takes a file descriptor instead of a filename. Since a file descriptor always points to the file that was opened with fopen(), even if the filename is subsequently changed, the fstat() call will be guaranteed to be checking the permissions of the same file. Many other race conditions exist, and there are often ways to prevent them by carefully choosing the order of execution of certain functions.

5.Register Error Handlers

Many languages support the concept of a function which can be called when an error is detected, or the more flexible concept of exceptions. Make use of these to catch unexpected conditions and return to a safe point in the code, instead of blindly progressing in the hope that the user input won’t crash the program, or worse!

Monday, March 23, 2009

Background of Password cracking

Passwords to access computer systems are usually stored, in some form, in a database in order for the system to perform password verification. To enhance the privacy of passwords, the stored password verification data is generally produced by applying a one-way function to the password, possibly in combination with other available data. For simplicity of this discussion, when the one-way function does not incorporate a secret key, other than the password, we refer to the one way function employed as a hash and its output as a hashed password. Even though functions that create hashed passwords may be cryptographically secure, possession of a hashed password provides a quick way to verify guesses for the password by applying the function to each guess, and comparing the result to the verification data. The most commonly used hash functions can be computed rapidly and the attacker can do this repeatedly with different guesses until a valid match is found, meaning the plaintext password has been recovered.

The term password cracking is typically limited to recovery of one or more plaintext passwords from hashed passwords. Password cracking requires that an attacker can gain access to a hashed password, either by reading the password verification database or intercepting a hashed password sent over an open network, or has some other way to rapidly and without limit test if a guessed password is correct. Without the hashed password, the attacker can still attempt access to the computer system in question with guessed passwords. However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceeded. With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high. There are also many other ways of obtaining passwords illicitly, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, timing attack, etc.. However, cracking usually designates a guessing attack.

Cracking may be combined with other techniques. For example, use of a hash-based challenge-response authentication method for password verification may provide a hashed password to an eavesdropper, who can then crack the password. A number of stronger cryptographic protocols exist that do not expose hashed-passwords during verification over a network, either by protecting them in transmission using a high-grade key, or by using a zero-knowledge password proof.

My Spyware Nightmare, Your Lesson

Have you asked yourself any of these questions lately?

1. Why is my brand new computer slowing down to a crawl?
2. Why is it taking so long to load a basic word processor?
3. Why do I have so many popups? Where are they coming from?
4. Why do I keep being sent to places I did not ask to go?
5. Where are these embarassing popups coming from? I never visit sites like that!

I did. I was ignorant. I was slow and it cost me a brand new computer. Here is my story.

A couple of years ago, we bought a new eMachine for my wife. She had just enrolled in school and needed something better for her school work. Prior to that, we had an older HP machine. I believe it was a pentium II. It worked pretty well, though a little slow. I wanted us to get another HP, but she wanted an eMachine. Her cousin had one and she thought it was good. I did not like eMachines a lot and did not think highly of them. She was bent on having one so we bought one.

With the arrival of the new computer, the HP was quickly abandoned. I was pretty much the only one that used it. Not because of my disdain for eMachine, but becasue the HP was more in a central location. Our three boys loved the new machine and spent quite some time on it. I was eventually won over to the eMachine and I must confess, it turned out to perform excellently well. It was good on speed and the resolution was great.

Several months down the road, I noticed how the new computer was slowing down. I knew in my mind it was the eMachine. They were no good. And then I thought it was the dial up connection. But I soon realized that it was also slow when I was offline. It was taking long to open up applications and even longer to load webpages. I also noticed there were strange windows openning up at the most awkward times. Some of the pages were to sites I would not ordinarily visit. May be the boys are going to places that we don't know about. As a concerned parent, I asked them and they promptly denied. I was still not sure they did'nt. They were teenagers.

As time passed, it became more difficult to do anything on the eMachine. We gradually migrated back to the HP and there was no immediate need to find out what was wrong with it.

Finally, it was time to act. I was ready to find out what the problem was. I started asking questions and doing querries on google. I was encouraged to get a good popup blockers. I did and it did not do much. That computer was far gone and corrupted. I had waited too long. I was not sure what was going on and did not know where to ask. The warrantee on the computer had also expired.

One afternoon, I turned the computer on to take another look and was greeted by a blank screen. The monitor had also quit I said to myself. Now I knew almost for sure it was the eMachine. They were really no good. My wife disagreed. But to be sure, I hooked the monitor up to the HP and it came alive. So it was'nt eMachine after all. I was a little embarrassed.

I reconnected the monitor and rebooted and was again faced by a blank screen. The following week, I took the cpu to a repair and they told me the computer was dameged beyond repair. I retrived it and took it to a sencond repairman and it never came back.

You know, lightening they say does not strike the same spot twice. But spyware is different. It can strike the same spot many times. Early 2005, I bought another computer, having out grown the HP. Months latter, I noticed the same exact symptons that ruined the eMachine. The slow down, the multiple popups, redirects to undesirable websites, they were all there. This time I did not wait. That afternoon I was frantic. I began searching for a quick answer. It was not until late that night that I found a product that worked for me. And once I found the right solution, spyware was no longer an issue to me.

Spyware can make your online experience a nightmare if you are not forward thinking about internet security. The good news is that there are plenty of products out there that can cure that effectively.

Sunday, March 22, 2009

How to Protect Your Files From a Computer Virus

How safe is your computer? Could you be in danger of getting a virus on your system? Just how real is the danger? What steps should you take if any?

While visiting with a one of my students, I became aware that her anti-virus software was over seventeen months old and had never been updated. Upon informing her that she should update her anti-virus software regularly, she was totally surprised. Furthermore she had no concept how essential this was to ensure her system's safety. Therefore I thought it wise to write about some of the precautions you should take to avoid becoming infected with a computer virus.

While there are many 'virus' hoaxes, and please do not pass any of these hoaxes on as these may actually contain viruses, computer viruses do pose a very real danger. Therefore I've listed a few preventative measures that you should take to ensure computer safety.

1. Do install an anti-virus software program and update it often as there are new viruses discovered everyday. I update my anti-virus database daily. At least weekly should be a goal. If you are not updating perpetually, it is like having an insurance policy and never paying the premiums. In no time at all it would be worthless.

2. Be wary of email from strangers. Never open an email with an attachment from a source that is unknown or suspicious. Virus containing emails can be very persuasive in the subject line. Do not let your curiosity be aroused.

I prefer an anti-virus program that has the ability to check all email sent and received. If you update it often, this should keep you safe, although nothing is 100% secure. There are good programs that offer a free version for personal use. These programs generally allow continual updates. Some may require that you register again at the end of year, but the software and updates will still be free.

Two such programs are:

AVG anti-virus, Free edition
http://grisoft.com

Free avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html

Free Firewall & Antivirus
www.personalfirewall.comodo.com
For more options and reviews on programs you can do a search on google for free anti-virus.

3. Do exercise caution when downloading files from the Internet. Be sure to download from well known and reputable sources. Ascertain that your anti-virus software is set to scan files while you are downloading. I have that feature enabled in my anti-virus program and it scans all files when I am in the process of downloading, and it has on occasion prevented me from downloading a file that was infected or posed a potential danger. These programs work so take advantage of the security your anti-virus will provide by using all of the safety features.

4. New viruses creep upon a daily basis. It is important to back up your important files regularly. CD’s and DVD’s hold a large amount of information. Take advantage of this and store your valuable information and computer programs on these removable disks. In the event that a virus should ever invade your system and your files become corrupted you will be able to replace them with your backup copies.

5. Lastly apply the little rule, 'When in doubt do without'. If you are uncertain, whether it is with an unknown source in your email or a web site that offers a download, then best not to take a chance. No email message or free software is worth the damage to your computer files and the time and expense of repairing your PC. Do not be fooled, computer viruses do affect everyone.

The Internet offers us an array of software, services, entertainment and education that is beneficial. There is no reason to fear the web, it can be safe and secure. Yet it would be unrealistic to assume that there is no danger of computer viruses. There are unscrupulous persons who desire to do you harm. By observing these few guidelines you can minimize any threat of a virus attacking your computer.

Check The Internet Forecast Before You Go Online

According to a recent survey conducted by the Cyber Security Industry Alliance (CSIA), more computer users are becoming increasingly insecure about using the Internet. Forty-eight percent of those surveyed avoid making purchases on the Internet because they are afraid their financial information might be stolen. Fewer than one in five of the 1,150 U.S. adults surveyed believed that existing laws can protect them from fraud, identity theft and other crimes on the Internet. More than two-thirds (70 percent) want Congress to pass stronger data- protection legislation.

Consumers have clearly taken notice of Internet threats and scams, but there have been few resources they can use to understand what the immediate risks are and what they can do to more safely participate in their favorite online activities. Consumers want to be informed of the risk levels associated with common online activities and the precautions they can take to protect themselves. One such tool is The Symantec Internet Threat Meter, which helps computer users become aware of the most recent Internet threats and educates them about the steps they can take to safeguard their computers and personal data while online.

While high-profile computer worms and other online attacks are not as visible as they have been in the past, Internet threats have changed shape and present even more risks to consumers. Today's threats spread in many ways-through Web sites, instant messaging and e-mail-but use more silent, targeted methods than before. Many attacks are launched with criminal intent to steal users' personal data or to take over computers in order to launch targeted attacks that result in financial gain for cybercriminals.

The Symantec Internet Threat Meter helps consumers better understand the Internet landscape by taking an activities-based approach. The index rates the four main online activities-e-mail, Web activities, instant messaging and file sharing--on a low-, medium- or high-risk level based on triggers related to malware, spyware, phishing/online fraud, vulnerabilities, online attacks and spam.

Consumers want to feel more confident about their security when they are online, whether they are communicating via e-mail, conducting financial transactions on the Internet, chatting over instant messaging or sharing files. Just as prepared travelers check the weather forecast for their destination city, consumers who are online now have a tool they can use to help them prepare for a safe and productive experience on the Internet.

‘Spoofing’, ‘Phishing’ and ‘Link Altering’ - Expensive Financial Traps

"Spoofing" or "phishing" frauds attempt to make internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that’s not the case at all, far from it. Spoofing is generally used as a means to convince individuals to divulge personal or financial information which enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.

In "email spoofing" the header of an e-mail appears to originate from someone or somewhere other than the actual source. Spam distributors often use email spoofing in an attempt to get their recipients to open the message and possibly even respond to their solicitations.

"IP spoofing" is a technique used to gain unauthorized access to computers. In this instance the unscrupulous intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.

"Link alteration" involves the altering of a return internet address of a web page that’s emailed to a consumer in order to redirect the recipient to a hacker's site rather than the legitimate site. This is accomplished by adding the hacker's ip address before the actual address in an e-mail which has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail and proceeds to "click here to update" account information, for example, and is redirected to a site that looks exactly like a commercial site such as EBay or PayPal, there is a good chance that the individual will follow through in submitting personal and/or credit information. And that’s exactly what the hacker is counting on.

How to Protect Yourself
• If you need to update your information online, use the same procedure you've used before, or open a new browser window and type in the website address of the legitimate company's page.
• If a website’s address is unfamiliar, it's probably not authentic. Only use the address that you’ve used before, or better yet, start at the normal homepage.
• Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
• If you encounter an unsolicited e-mail that requests, either directly or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.
• Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
• If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is authentic.
• Always report fraudulent or suspicious e-mail to your ISP.
• Lastly, if you've been victimized, you should file a complaint with the FBI's Internet Crime Complaint Center at http://www.ic3.gov.

14 Household Ways To Protect Your Computer From Viruses

Computer viruses are deadly. They often spread without any apparent contact and can be a nuisance, or even worse, fatal to your computer. Individuals who create these viruses, estimated at 10-15 new ones a day, are the electronic version of terrorists. Their goal is to inflict havoc and destruction on as many people as possible by disabling, stealing, damaging, or destroying computer and information resources. Often, they have no specific target in mind, so no one is safe. If you access the internet, share files or your computer with others, or load anything from diskettes, CDs, or DVDs onto your computer, you are vulnerable to viruses.

Fortunately, there are good guys working just as hard as the hackers to develop cures for viruses as quickly as they send them off into cyberspace. And there are many things you can do to keep your computer from catching viruses in the first place.

Defining Viruses:

A virus is a small computer program that can copy and spread itself from one computer to another, with or without the help of the user. However, viruses typically do more than just be fruitful and multiply, which is bad enough in itself because it hogs system resources. Anything else viruses are programmed to do, from displaying annoying messages to destroying files, is called their payload. Often, they cannot deliver their payload until an unsuspecting user does something to make the virus execute its programmed function. This could be as simple as clicking on an innocent looking file attachment with the .exe (executable) extension.

Catching a Virus:

Most viruses are spread through e-mail attachments because it's the easiest way to do it. Although Macintosh, Unix, and Linux systems can catch viruses, hackers are particularly keen on exploiting the security weaknesses in anything Microsoft, particularly Microsoft Outlook and Outlook Express. Because of the popularity of this software, hackers get maximum bang for their buck, and they probably get some satisfaction from continually reminding Microsoft that being big doesn't mean you're perfect.

Solution 1: Anti-virus Software

Your first line of defense is to install anti-virus software. To be extra safe, also install firewall software, which is now included in some anti-virus packages. This software can scan all of your drives for viruses and neutralize them. Here are some features to consider when evaluating anti-virus software.

- Compatibility with your operating system - Make sure the software works with your system, particularly if you are using an older operating system like Windows 98.

- Firewall software - If it's not included, find out if it's available. If you must, buy it from another vendor.

- Automatic background protection - This means your software will constantly scan behind the scenes for infections and neutralize them as they appear. This provides some peace of mind.

- Automatic, frequent updates - Because new viruses appear every day, you'll want regular updates. It's even better if they occur automatically when you connect to the internet. If automatic updating isn't included, you'll have to check the vendor's website and download updates yourself. This is vitally important, because you will not be protected from new viruses if your software is out of date.

- Disaster recovery - Software with a recovery utility to help you get your system back to normal after a virus attack is always good to have.

- ICSA certification - The International Computer Security Associatioin has standards for the detection rates of anti-virus software. Make sure your software has the ICSA certification.

- Technical support - It's a good idea to select a package that offers free technical support, either online or through a toll-free number. If you're ever felled by a virus, you may need it. Some anti-virus software vendors are Symantec Corporation (Norton AntiVirus), McAfee Corporation (McAfee VirusScan), Trend Micro Inc. (PC-cillin), and Zone Labs Inc. (Zone Alarm Suite).

Solution 2: The Virus Scan

If you receive a particularly juicy attachment that you're dying to open, save it on your Windows desktop and run your anti-virus software on it first. To do this, click once gently on the file on your desktop ... don't actually open it ... then right click and choose Scan with (Name of Anti-Virus Software) to activate a virus scan.

If it's infected, your anti-virus software may neutralize it, or at least tell you the attachment is too dangerous to open. On the other hand, don't feel guilty if the very thought of saving a potentially damaging file anywhere on your system is enough to quell your eagerness to open it and make you delete it immediately.

Solution 3: Delete first, ask questions later.

When in doubt about the origin of an e-mail, the best thing to do is delete it without previewing or opening it. However, some viruses, such as Klez, propagate by fishing in people's address books and sending themselves from any contact they find to another random contact. You can spread a virus just by having people in your address book, even if you don't actually e-mail them anything. They'll receive it from someone else in your address book, which really makes life confusing. Because of the proliferation of porn on the internet, e-mail viruses often tempt victims by using sexual filenames, such as nudes.exe. Don't fall for it.

Solution 4: Beware of virus hoaxes

E-mails warning you about viruses are almost always hoaxes. You may be tempted to believe them because you typically receive them from well-meaning friends, who received them from friends, etc. These e-mails themselves usually aren't viruses, but some have actually fallen into the hands of hackers who loaded them with viruses and forwarded them merrily on their way as a sick joke.

The proliferation of e-mails about virus hoaxes can become nearly as bad as a real virus. Think about it, if you obey an e-mail that tells you to forward it to everyone in your address book, and they THEY do it, and this goes on long enough, you could bring the internet to its knees. If you ever want to verify a virus warning, your anti-virus vendor may have a list of hoaxes on it website. It's in the business of providing the fixes, so it will know which viruses are real.

Solution 5: Beware of filename extensions

The extension of a filename is the three characters that come after the dot. Windows now defaults to hiding filename extensions, but it isn't a good idea. Just being able to see a suspicious extension and deleting the file before opening it can save you from a virus infection.

To see filename extensions in all your directory listings, on the Windows XP desktop, click Start button | Control Panels | Folder Options | View Tab. Clear the check box for Hide extensions of known file types. Click Apply | OK. System files will still be hidden, but you'll be able to see extensions for all the files you need to be concerned with. Viruses often live on files with these extensions - .vbs, .shs, .pif, .Ink - and they are almost never legitimately used for attachments.

Solution 6: Disable the .shs extension

One dangerous extension you can easily disable is .shs. Windows won't recognize it and will alert you before attempting to open an .shs file. The extension is usually just used for "scrap object" files created in Word and Excell when you highlight text and drag it to the desktop for pasting into other documents. If this isn't something you ever do, or you have Word and Excell 2000 or later, which allow you to have 12 items on the Clipboard, click the Start button | Control Panel | Folder Options | File Types tab. Under Registered file types, scroll down and highlight the SHS extension. Click Delete | Yes | Apply | OK.

Solution 7: Dealing with double extensions

When you turn on your extensions in Windows, you'll be able to detect viruses that piggy-back themselves onto innocent looking files with a double extension, such as happybirthday.doc.exe. NEVER trust a file with a double extension - it goes against Nature.

Solution 8: Beware of unknown .exe files

A virus is a program that must be executed to do its dirty work, so it may have an .exe extension. Unfortunately, this is the same extension used by legitimate program files. So, don't panic if you find files named Word.exe or Excel.exe on your system - they're your Microsoft software. Just don't EVER open any file with an .exe extension if you don't know what the file's purpose is.

Solution 9: Watch out for icons

Viruses in attachment files have been known to assume the shape of familiar looking icons of text or picture files, like the wolf in the hen house. If you recieve an unexpected attachment, don't open it without first running it through your anti-virus software.

Solution 10: Don't download from public newgroups

What better place for a hacker to lurk and stick his virus than in the middle of a crowd? Sooner or later, someone's bound to download it and get the virus going. Don't download files and programs from newsgroups or bulletin boards, or open attachments sent from strangers in chatrooms ("Let's exchange pictures!") without first scanning with your anti-virus software.

Solution 11: Avoid bootleg software

This may seem like a no brainer, but sometimes that tiny price tag on a popular but expensive package can be too good to resist. Resist it! Likewise, be careful about accepting application software from others. You don't know where it's been, and what may have started out as a perfectly clean package could have become infected during installation on someone else's infected computer.

Solution 12: Protect macros in MS Word, Excel, and Powerpoint

A common type of virus uses macros. Macros are sets of stored commands that users can save as shortcuts to perform long functions in just a few keystrokes. A macro virus may perform such mischief as changing file types from text files or spreadsheets into templates, locking up keyboards, and deleting files. Word, Excel, and PowerPoint come with macro virus protection. To make sure yours is activated, open each application, then click Tools menu | Macro | Security. On the Security Level tab, make sure Medium or High is selected. Clcik OK. If you are already infected with a macro virus, you may find that the steps of this procedure are unavailable becasue the virus has disabled them. In that event, run a virus scan on your system to see if your anti-virus software can kill the virus.

Solution 13: Use passwords

If you share your computer, it's a good idea to assign everyone a password. Passwords should be a combination of letters and numbers no less than eight characters long, and preferably nonsensical. Never write passwords and stick them anywhere near the computer. To assign passwords in Windows XP, click the Start button | Control Panel | User Accounts. Follow the prompts to assign/change passwords.

Solution 14: Update application software

Microsoft constantly issues patches for the security holes in its operating system and applications software. however, don't be lulled into complacency if you have Windows Update automatically checking things for you. Update checks for patches to repair bugs in the operating system, not for security problems.

To get the latest security hotfixes (as Microsoft calls them), visit www.microsoft.com and look for hotfixes for all your Microsoft software, particularly Outlook and Outlook Express.

Microsoft also has a free downloadable package called Microsoft Baseline Security Analyzer (MBSA) that scans your system for missing hotfixes. It works with Windows 2000 and XP Home and Professional only. It doesn't support Windows 95, 98, or ME.

To download the MBSA, go to the TechNet section of the Microsoft Website. Be warned that the information is written in techie language, so you may find it daunting.

Last Words:

Now that you know some ways for avoiding and dealing with viruses, let's wrap things up with some solution you've probably heard before but have ignored.

- Back up your files regularly - If a virus crashes your sytem, you'll feel much better if you've got backup copies of all your important files. Make the backup copies on a media that's separate from the computer, such as on diskettes, CDs, or zip disks. Scan them for viruses before you put them away to make sure they aren't infected. If they are, they'll do you no good if you ever have to use them because they will just transmit the virus right back onto your computer.

- Make a boot disk - Create an emergency boot diskette before you have a problem so you can start your computer after a serious security problem To make a boot diskette with Windows XP, put a blank floppy disk in the drive. Open My Computer, then right click the floppy drive. Click Format. Under Format options, click Create an MS-DOS startup disk. Click Start. Keep the disk in a safe place. With luck, you'll never need to use it.

- Turn off you computer - DSL and cable connections that are "always on" may be convenient, but you should always turn off your computer when its not in use. Hackers can't get to a machine that's powered off.



You are free to reprint this article in its entirety as long as the clickable URLs remain in the "Resource Box" section.