Breaches, Hacks, and Lessons to be Learned

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

Seems every new day brings news of yet another database breach or two. There was a time when I followed news of these hacks and breaches with interest but they are now so frequent that, unless one is personally involved, it has all become rather mundane.

However, the whole situation begs a couple of important questions and, at the same time, re-enforces the critical nature of how we choose and manage our passwords.

Important Questions

1) Why are companies/site owners not treating users’ data with the utmost care?

I don’t know about you but I am fed up with the lax way in which companies and site owners treat sensitive data which is entrusted to their care.

In today’s internet world, database breaches are a matter of fact yet site owners continue protecting sensitive data using outdated and weak security protocols. Only just recently a new breach came to light involving 40 million passwords extracted from over 1000 sites associated with a Canadian company called VerticalScope. What security protocol did the sites employ to hash and encode users’ passwords… MD5… a known weak and insufficient algorithm.

2) When will governments legislate to ensure that companies/site owners are accountable?

Surely it is incumbent upon these companies/site owners to protect their patrons’ data with the best and most effective security protocols available. However, as many (if not most) seem apathetic to this most basic of duties, then perhaps it’s time for legislators to consider introducing serious punitive measures for  those who fail to do so.

By the way: in response to news of the breach mentioned earlier, VerticalScope’s vice president of corporate development Jerry Orban was quoted as saying:

“We are reviewing our security policies and practices and implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”

How many times have we heard that pathetic  response – I believe it’s commonly referred to as shutting the stable door after the horse has bolted. Message to site owners: perhaps these steps might be better implemented before a breach rather than after.  Duh!

Lessons to be Learned

How many times have you read the following advice regarding passwords:

· Choose strong passwords and use a different password for each log-in/account.

· Change passwords for critical accounts, such as banking,  PayPal, etc., frequently.

· If two-factor authentication is available, use it!

If there’s one lesson to be learned from all these breaches and hacks it is the absolute need to follow these basic principles. Remember, if you use weak passwords and/or the same password across multiple accounts, if one account is hacked all the rest are at serious risk.

Too many people just glide along ignoring the dangers until it actually happens to them, however, this is surely a lesson better learned from other people’s mistakes rather than from our own.

Cloud Storage – Great Idea or Security Risk?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

“On no, we’ve lost all of little Johnny’s birthday snaps”, the woman cries as she holds her smashed smartphone aloft. With a knowing smile, her husband responds, “Don’t fret dear, they’re all in the cloud”. All is well, peace and harmony reign again.

Even less than a decade ago, any mention of “cloud storage” or “data in the cloud” would have almost certainly elicited a puzzled response. Today though, I’d imagine just about everyone would be familiar with the concept. “The cloud”, it’s a rather exotic term which simply means your data is uploaded to and stored on somebody else’s server, essentially on an internet connected hard disk owned and operated by the cloud service provider.

There is no doubt that the advantage of being able to access data from anywhere on any device creates a massive appeal factor, especially for multiple device users. Not to mention the automatic backup element which is clearly demonstrated in the opening paragraph.

It all sounds like a great idea, that is until you start considering what might and can go wrong. Of course, cloud storage providers take the utmost care with your data, at least according to them. They apply top notch security measures including encrypted data transfers. Trouble is, the encryption key is also stored on their machines, which means any of their staff can access those files as can any hacker who manages to break into the system.

I realize every method is susceptible to hackers, whether the data is stored locally or in the cloud. However, which do you think would represent the most desirable target – a local disk containing only your own personal data or a mega database containing data uploaded from thousands (if not millions) of users, all in one place?

Another concern involves the future viability of a chosen cloud storage provider – just ask those who entrusted their data to Kim Dotcom’s Megaupload. What happens to your data if the company is sold, goes bankrupt, or just closes down? Then there’s the scenario where cloud storage providers can simply change the terms of their plans, exactly as Microsoft did recently when the company drastically reduced the amount of data storage available under its free OneDrive plan.

I guess though, when it comes to data in the cloud, the greatest concern for most people is privacy. While Microsoft OneDrive openly scans all your files – for illegal content of course, most providers will collect data to share with “trusted third parties”. Naturally, many of these providers need to process sensitive information, such as your name, email address, phone number, credit card details and mailing address, in order to “improve their services”. And Santa Claus visits once a year around Christmas.

Despite the cynicism, I do believe that cloud storage can be decidedly useful and I’m certainly not dismissing the practice out of hand. However, as is the case with many situations… everything within reason.

I would not, for example, store any sensitive data in the cloud, whether encrypted locally beforehand or not. Family photos, life-memories, items which are valuable only to the user and serve no purpose for anyone else… sure, no problem.

Regardless, the important thing to remember is that any backup is preferable to no backup at all. If you don’t fancy storing your data in the cloud, dust off that external drive and use that instead. Works for me.

Top 5 Tips to Keep Your Website And Network Secure

Every day, innocent websites are compromised by malicious hackers. Google identifies almost 10,000 malware-infected websites each day, and half of those are genuine websites belonging to legitimate companies. These companies haven’t done anything wrong, but they find themselves blacklisted by Google, and that’s only the edge of the brutal iceberg.

Hackers inject vicious malware into these sites to infect visitors. They confuse and lure users to dodgy websites and they break in and steal important and often sensitive customer information.

It’s a real and constant problem, but there are easy and simple steps you can take to guard against these attacks and keep your site, your network, and your customers safe and sound.

1. Use strong passwords, keep them secure and change them frequently

We all know that we should choose complex passwords, but sometimes laziness takes over and we slack off. This is a crucial mistake. Obviously, you want to choose exceptionally strong passwords for your server and website admin area, because a vulnerable password here is a free ticket for hackers to cripple your site and do untold amounts of damage.

It can be inconvenient to remember frequently changing passwords, but in the end, it’s a simple solution that can save a lot of headaches in the future. It’s also imperative that you enforce good password practices for your users.

Compromised user accounts are a special hell of their own. Demanding that minimum password requirements are met for registration will force users to make smart choices. Insist on eight characters, at least an uppercase letter and a number or special character. It’s a bit of a hassle, but it’s worth it.

Make sure that any passwords are stored as encrypted values. Ideally, you’ll use a one way hashing algorithm like SHA. This method means that during authentication, only encrypted values are ever compared. In a worst-case scenario, if someone hacks in and steals passwords, this will limit the damage.

They can’t decrypt them, and they will be reduced to attempting dictionary or brute force attacks, trying every single combination until a match comes up. It’s time consuming and computationally expensive and just not worth the effort for most people.

Your wireless network password should be seriously strong, and the network should be protected by Wi-Fi Protected Access 2 (WPA2) rather than WEP (Wired Equivalent Privacy). WEP encryption is brittle and hackable in minutes these days and should never be relied upon.

It’s also imperative to ensure that your PCs are well protected against viruses at all times to prevent password theft.

2. Be discreet with your error messages

Make sure your error messages aren’t giving away too much information. If your website requires a login, you should pay attention to how your error messages deliver the message that their login attempt has failed. A quick-and-simple, very generic message such as “incorrect login information” is your best bet.

It doesn’t tell the user if half the query is right (especially not which half!) When a hacker is attempting brute force attacks to gain access to usernames and passwords and the error message identifies one field as correct, that’s valuable information for him. He then knows that he’s halfway there and can concentrate all his attention and effort on the remaining field. Don’t make it easy for them!

3. Keep software up to date

Make sure that you’re consistently and quickly applying security updates to all of your software. From your personal PC’s virus protection, to your server operating system, and website software like content management systems, blogging, forums, and blogging platforms.

Hackers are quick to exploit any known holes and bugs, and you want to get there first. Sign up to the mailing lists and RSS feeds of all your software vendors. They’ll be the first to alert you to any security issues and their solutions. Find out and follow it up.

4. Limit Use of your Administrator Account

Keep your computer’s admin account for installing updates and software, or for reconfiguring the host when you have to. Don’t go online while logged into your admin account. Non-privileged user accounts are not just for guests and visitors: you should have one yourself for everyday use. If you browse the web and read your email with an admin account, you leave yourself open for an attacker to gain entry and access to your host.

5. Ask the experts

You don’t have to do it all on your own. There are good tools out there for monitoring your own website, but not everyone has the time or inclination to stay on top of security 24/7.

It’s possible to find monitoring services for very reasonable prices. These companies will check for malicious activity, give you an alert if your website shows up on a blacklist, scan your site for vulnerabilities, and be there for support and repairs if you do fall prey to a hack.

If you’re dealing with databases of sensitive customer information that are attached to your site, it’s probably worth it to get an expert in from the start, sweeping your code for bugs and building in extra lines of defense from the ground up. For small businesses, companies such as SiteLock and Stop the Hacker offer packages for under $100 a year.

This guest post was provided by Amanda Gareis on behalf of Drexel University Online. Drexel expanded into the online learning sector in 1996 and now offers its recognized curricula to a worldwide audience. Drexel Online offers degrees in Information Science, Information Technology, and Computing and Security Technology. The university also provides an Information Technology Career and Salary Guide resource for those looking to enter the industry.

How To Avoid Online Scams – PC Tools Lays Out A Plan

From this morning’s Tech Thoughts Daily Net News column – “Some of these campaigns consist of emails that are so effectively crafted that they could fool even some of the more advance users, while others look so obviously fake that they are spotted by all but the most inexperienced ones.”

Does this sound like “new” news to you? If, you’re a long time reader here – I suspect, not. Still, at the risk of sounding like a broken record – I’m reposting one of the most read posts from 2012, that can help users (especially less aware users), avoid being scammed online.

Yes, it’s repetitive – Yes, it’s repetitive – Yes, it’s repetitive! But that’s the point. In order to achieve a change in behavior (and, average users must change their online behavior) – repetition of the correct behavior, is fundamental to achieving that goal.

_______________________________________________________

Cyber crooks and scam emails – a natural fit – aimed at the significant number of Internet users who remain unaware of the very real dangers that scam emails  hold for their safety, security, identity – and, their wallet.

Cyber criminals are experts at crafting “attention grabbers” designed to reel in the unwary and undereducated Internet surfer. Here’s a few attention grabbers that consistently pay off – targeted towards the blissfully unaware Internet user. Especially those users who seem to have a natural tendency to “just click”.

Online shopping offers e.g. bargains from unknown stores.

Get rich quick schemes/work from home offers.

Offers to download mobile protection software.

Offers to download antivirus software.

Offers to win a prize e.g. answer this survey ‘for your chance to win’…

Movie offers e.g. search for a popular movie such as Twilight and an offer comes up to download the movie for free.

Online donations.

Occasionally, I’ll post an article directed at the “just click” crowd and, I can say without any hesitation – users who fall into this category of Internet user are ripe for the taking – it’s like picking apples from a tree. It couldn’t be easier.

Here’s a couple of past articles which continue to draw huge numbers of the “just click” crowd.

Kate Middleton Nude – As If!

Nude Pics Of Your Wife/Girlfriend Attached – Click Here

Frankly, I fail to understand how anyone with a lick of common sense, would be drawn in by those nonsense article titles. On the other hand, maybe common sense has nothing to do with it.

It could just as easily be that innate sense of overconfidence that seems to have infected society as a whole – most particularly the “tech savvy” generation.

Mark Twain had it right, I think, when he said – “It aint what we don’t know that hurts us. It’s what we do know that ain’t so – that does.” The “tech savvy” generation in a nutshell – maybe.

My friends over a PC Tools, recognizing the continuing need to educate users, have put together a Top Tips article – How to Outsmart Online Scammers – designed to help the unwary (overconfident) Internet user, to identify online scams.

Richard Clooke, PC Tools online security expert reveals in this article – how to avoid being scammed online:

1. ASK – is this too good to be true?

$50 here, a holiday there, unlimited online offers from the world’s biggest brands – if you’re tempted by any of these free offers, then the answer is probably yes.

Many online scams trick us into revealing our personal information to secure something in return. It’s important to be aware of ‘fake offers’ to avoid being lured by savvy scammers.

2. DON’T – dish your details unless the site is secure.

Never provide personal or financial information in exchange for online offers.  Details such as your mobile number, address, and credit card or banking details should never be entered on a non-secure site. When in doubt:

• Double check the URL before typing a link into your browser.
• Check there is a padlock icon in your browser before using your credit card online.
• Check you’re on a secure site and that the address starts with ‘HTTPS’.

3. THINK – it can happen to me.

Many of us think we are savvy online, but the reality is cybercriminals are cashing in on relaxed attitudes to sharing personal details online. Results from the PC Tools study also showed that most people think scams are more likely to happen to others, rather than themselves.

We need to educate ourselves about online scams and be aware of the risk.

4. DO – invest in scam protection software.

What most of us don’t realize is some online scams don’t involve malware and while traditional Internet security is still essential, we now require additional protection to prevent cybercriminals gaining personal information via other methods.

Regular readers here are familiar with this old request – still, it’s as pertinent as ever.

Be kind to your friends, relatives, and associates, particularly those who are inexperienced Internet users – let them know that there is an epidemic of this types of scam on the Internet. In doing so, you help raise the level of protection for all of us.

Paul Lubic Jr. – A Man on a Cybersecurity Mission

Staying malware free on the Internet – managing privacy issues –  reducing exposure to predators and scam artists (a seemingly inexhaustible list of threats) – takes effort. Increasingly – a major effort.

That effort must include a serious, conscientious, and effective commitment to becoming educated in both the technical, and sociological issues, that  impact your relationship with the Internet. Oh yes – you have a relationship with the Internet. Who knew?  

How successful you are likely to be, will depend to a large extent on the source material you reference. Unfortunately, the nature of the Internet is such, that not all resources will be equally as effective in helping you reach your goal.

Citizen Journalism is a good thing – but, in the real world of Internet and system security – expert opinion, coupled with the ability to convert technical information into human readable form (not so easy) – is critical. If you can’t understand what’s being said………

One expert that I’ve come to rely on (and, you can as well), is my good friend and fellow blogger, Paul Lubic Jr. (Paul’s Internet Security Blog).

Paul, a cyber-security expert whose professional background includes cyber-terror prevention and preparedness (Homeland Security), is committed to his mission to cultivate a new level of cyber security awareness in his readers.

In a major effort to help educate that readership base, Paul has just completed a four part series that should be on all Internet users’ “must read” list. I’ve taken the intros (as posted below), from Paul’s site, so that you can easily judge your interest level in any one of those articles. Simply click on – “Continue reading” – to uh, continue reading.  

Target: Social Networking Sites

Social Networks is the first in a series of “Target” articles, discussing the various areas the cybercrime organizations are attacking. Unfortunately for computer users, our Internet environment is, as the military would say, “a target rich environment”. By social networking sites we refer to Facebook, Twitter, and LinkedIn.

As we’ve mentioned in the past, global cybercrime is organized and the organizations resemble a hybrid of a mafia and a large corporation. Continue reading →

Target: Mobile Devices

Target: Mobile Devices is the second installment of the series of “Target” articles, discussing the various areas the cybercrime organizations are attacking. Unfortunately for computer users, our Internet environment is, as the military would say, “a target rich environment”. See Target: Social Networking Sites, the first article, to get some background on the tactics and strategies of cyber crime organizations.

Mobile devices include smartphones, tablets, PDAs, or any small, handheld computing device that can access the Internet. Continue reading →

Target: Cloud Storage Databases

Cloud storage databases are large server (computer) farms, accessible over the Internet, and owned by a service company for storing customer data for a fee. See The Cloud: A Definition. Companies rent storage space in the cloud to lower their local storage requirements, or as a backup of their data, thus saving them money. Cyber criminal organizations target these very large databases to steal information Continue reading →

Target: eBay, Amazon, & Credit Card Processors

The last (for now) installment of our Target series of articles addresses the large repositories of credit card information such as eBay, Amazon, and of course credit card processors for MasterCard and Visa. They’re huge, they use computers and the Internet to conduct their business, and there’s a market for credit card account information; and…you guessed it: personally identifiable information (PII).

Yes, we’re talking about extremely well-known, successful companies who undoubtedly have the best computer and Internet security money can buy. However, those attributes also make them more of a target in terms of Continue reading →

How to Protect Your Privacy on Social Media

Guest writer Sarah Clare tackles the thorny issue of Internet privacy and offers spot-on advice  to help you keep your online information private.

This week, social media was abuzz over reports that Instagram’s new terms of service allowed the photo-sharing site to hock its users personal photos for advertisements and other promotions. The story prompted outcry about the privacy that members can expect (or not expect) on social media sites like Instagram and Facebook, which purchased Instagram and which has a spotty history when it comes to its users’ privacy.

Understanding your rights and how you can protect your privacy on social media is important. The things you do online leave a virtual footprint that can be traced back to you for years to come. If you really want to protect your privacy on social media, here are a few things you can do:

Use a Dummy E-mail

One of the easiest ways that other users can find you on social media is by searching for your e-mail. You can make it harder, if not impossible, for people to find you by using a dummy e-mail. That way, only your close friends or family who you give the e-mail to can find your profile. Be sure to use an e-mail that does not include your name and that you only use for this purpose.

Use a Fake Name

Of course, even if you’re using a dummy e-mail, if you’re using your real name, anyone can find you. Make it harder for others to connect your profile to you by using a fake name. An easy way to do it is to simply drop your last name, using your first and middle name instead. Or you can use a nickname instead of your first name. Or you can make up a new name entirely.

Again, be sure you keep this name private and only give it to close friends and family who you want to know about your profile. Don’t use the name for any other purposes.

Set Privacy Options

Every social network has options for allowing you to control what you share with your network and with the public. You can control your privacy settings for your whole profile and for individual posts. Take the time to investigate your options and to set what you can to private. In many cases, you can lock down all your information so that it is visible only to your contacts (or even only to yourself).

Keep Business and Personal Separate

Most of us want to maintain some privacy online to protect our professional identities. You can help do this by using one profile for your private connections and another profile for your business connections. Of course, you would use your real name for your business profile and would share little to no personal information on it. You can then share personal information on your personal profile kept private through the previous steps.

Control What You Share

Of course, the easiest way to keep your information private online is not to share it. No matter what you do to protect your information, there will be some way for businesses or other people to see it. Keep your information private by keeping it offline, especially personal photos, information about your children, or thoughts about your political or religious beliefs.

Online privacy is a serious issue, and one which requires a greater level of personal responsibility as the options for connecting online continue to expand. These tips can help you to keep your personal information private while you connect with friends and business contacts online.

Sarah Clare is a writer and oversees the site projectmanagementsoftware.com, where she has recently been researching bug tracking software. In her spare time, Sarah enjoys cooking and scrapbooking.

An IT Professional’s Internet Privacy Tips – Simple And Effective

Internet privacy tips are often complex and mind numbing and, generally promote an overblown reliance on technology. In this guest article, IT professional Robert Coulter, cuts through the knarly knot of the usual wooden security tips with a range of suggestions designed to keep hackers and other nefarious types away from your important private data while online.

As revealed in Wired Magazine, every piece of electronic communication is able to be intercepted by someone, somewhere. Even Internet giants like LinkedIn can be compromised, as an estimated 6.5 million password were hacked earlier this month. With that in mind, the only real way to guarantee complete online security is to never go online at all. Since this is neither practical nor desirable, by most people, there are still steps you can take to protect your online security and protect your personal information while enjoying the benefits of the Web.

Don’t overshare.

This first tip is simply common sense. Don’t share more than is necessary on the Web, especially on social networking sites such as Facebook and Twitter. While it can be fun, consider the risks from sharing every last detail of your life with the world, such as birth date, where you go (check-ins), pictures of your children, details of your job and relationships.

All of these details make social engineering hacks easy to perform and open you up to identity theft. Do your bank accounts have common security questions like “Mother’s Maiden Name?” or “City of Birth?” protecting your passwords in the event you need to reset them? Well, chances are this information is easily found by snooping around your social media profiles, making it an easy matter to reset passwords on sensitive accounts.

If you do insist on sharing, at least tighten up your Facebook privacy settings and keep your circle of friends small and limited to those you actually know. Also, disable the most invasive features, like check-ins and photo tagging.

Use a cloud-based antivirus rather than a signature-based one.

Cloud-based antivirus solutions, such as those offered by Webroot and Symantec, do away with large signature file downloads, which eat up bandwidth and can take up to several gigabytes of hard drive space. Instead, all of the signatures reside in “the cloud” and every file and Web request gets run against this ever-growing, real time database using the provider’s resources rather than your computer’s, speeding things up greatly and providing the most up-to-date protection.

Set stronger passwords.

ElcomSoft recently did a study that estimates just 25% of people regularly change their password. Setting a strong password, and changing it frequently, is key to protect your identity. Many experts suggest using long strings of random gibberish with special characters for greatest safety, but these can become nearly impossible to remember, leading to the insecure solution of storing them in an unprotected spreadsheet or on little bits of paper which can get lost.

One way to get a strong password that is easy to remember is to use a four word phrase, such as “kayaking beats drudge work” and substituting the spaces for a special character, such as “#” or “_.” The length and randomness will take a hacker more time than it is worth to figure out, while also being easy to commit to your own memory.

Use a Mailinator account on potential spam sites.

Mailinator is a great tool for signing up for web offers without actually providing your real email address. Mailinator works by allowing you to invent a disposable email address, which you can check without a password and which keeps messages for only 24 hours before being automatically erased. This is great when signing up for a site which seems to offer something enticing, but which might be spammy or even a hacker site, as your real email address is never revealed.

Deactivate old or unnecessary accounts.

Old accounts might leave your information scattered across the Internet for anyone to mine, especially on sites past their prime and maintained very irregularly by their administrators, as they tend to have lax security measures. The answer is to delete these old accounts. Even Facebook now has a “delete” feature, rather than just the “deactivate” one, so take advantage of this to clean up your online traces and reduce the temptation for hackers to learn more about you in an unwholesome way.

In conclusion, online threats are constantly evolving, and the best guardian of personal data is truly the individual user himself. Be smart and be skeptical when online it just might save you thousands of dollars and countless hours of heartache.

Guest author Bio: Robert Coulter works in the security industry at authentify.com which offers two-factor verification solutions for companies who need increased security protection for their clients.

Five Simple Tips To Prevent Cybercrooks From Screwing You Over During The Holiday Season

Unless you’re related to the Grinch, the holiday season will hit town. Guest writer Liz Cornwell, from Australian software developer Auslogics, has some important and informative tips on how you can avoid potential dangers while shopping online this Holiday season – or, any time for that matter.

The holiday season is a time of year that is wonderful and special for everyone – it’s the time for having fun, being with your friends and family, giving and receiving presents, and even making dreams come true!

For me, giving presents is just as exciting as receiving them. And what fun it is to shop for gifts, knowing that they will bring happiness and joy to your loved ones!

I’m pretty sure that you will do at least some of your shopping online. It’s not a secret that online retailers offer great deals. But at the same time there is always a potential danger of your money getting stolen by shifty dealers, scammers, and spammers.

OK, so maybe some of you don’t mind giving a couple of hundred dollars to thieves. However, it would be much better to donate that money to charity.

If you want to protect yourself from online fraud, then read on! Here are five simple tips that will help you shop online safely.

1. Use a Secure PC

No matter how careful you are, there is no guarantee that your computer is not infected. Anyone who browses the Internet, visits social websites, and downloads software simply cannot be 100% sure that their PC is malware- and spyware-free. So, before you start shopping, check that your computer has comprehensive protection and run anti-virus and anti-spyware scans. Use reliable up-to-date software.

We recommend using Auslogics Antivirus – not only will it protect you against viruses, spyware, and other threats, but it also has a feature called Privacy Control. This feature is especially designed to prevent hackers from stealing your personal data, so shopping online will be more secure. Auslogics Antivirus has a free unlimited 30-day trial, which will keep you fully protected for the next month.

If you can, avoid shopping from public computers, or a PC that your kids use to play online games and chat with their friends. Those PCs are likely to be infested with spyware, so your private data can get stolen no matter how careful you are.

2. Always Shop From Trusted Sites

There are a lot of sites that offer amazing bargains. In fact, some of them are so amazing that they simply can’t be true! Well, most of the time they aren’t – a lot of websites only pretend to be shops. All they want is to steal your money. Remember, nobody is going to offer you a car for the price of a burger. Therefore, I strongly advise you not to use search engine shopping. Or if you do, check and double-check the website before entering any payment details.

Pay attention to:

• security seals
• shipping, return, and refund policies
• use of secure connection (https://) when the website asks you to enter payment details

You can also research unfamiliar shops on sites like RipoffReport.

Never – ever buy anything advertised via emails from unknown senders and never click on any links in those emails either. Those emails are almost always a scam and links take you to websites that put viruses onto your system. And never shop at web-sites that ask you to wire money or send money orders.

3. Control Spam

If you’re concerned about getting spammed by online retailers, you can always either create a separate email address for shopping online, or create aliases. Here’s how it’s done using Gmail.

For example, your address is myemail@gmail.com and you are shopping at a website called greatoffer.com. So, when giving them your email address, type it as myemail+greatoffer@gmail.com. That way all future communication from that shop will be addressed to myemail+greatoffer@gmail.com.

So if they or someone from their network try to spam you, you will know it’s them and will be able to easily block them.

4. Pay With a Credit Card

Most of you will have several bank cards – some credit, some debit. Both can be used for online shopping, but it’s safer to use a credit card. Experts say credit cards give you less hassle when dealing with your bank, should unauthorized charges show up later on a monthly statement. Besides, you wouldn’t want to pay huge interest on your debit card overdraft, would you?

5. Think About Alternative Payment Methods

Did you know that you don’t necessarily have to use a credit/debit card when shopping online? There are plenty of other ways to pay for the goods you purchased – pre-paid credit cards, gift cards and certificates, and sometimes you can pay in cash upon delivery. Also there are websites like billmelater.com that allow you to shop online without having to enter your bank card details. Besides, online retailers actually encourage you to use a service like that by offering free shipping and an option to postpone your payment for up to 6 months.

These tips should help you shop online safely so that you don’t become yet another fraud victim. Enjoy your shopping and have a wonderful holiday season!

Regular readers are aware that I’m a big fan of Auslogics; a company which provides users with some of the best free applications on the Internet including, Auslogics Disk Defrag (recently reviewed here) – a “must have” addition to a serious computer user’s toolbox.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

The Best “Stay Safe On The Internet” App? – Your BRAIN!

Yes, it’s true! There’s an application designed to help keep you safe on the Internet. And here’s the best part – you don’t have to buy, or download and install this application.

Most Internet users, in my experience, already have this app (some don’t – more about that later), and it works surprisingly well with a computer’s Firewall, Security Applications, and Browser security add-ons.

The Brain is a very efficient Internet safety device, and using it will provide a user with the best protection available while surfing the Internet. There’s a small problem with the Brain though – which might explain its frequent unreliability.

Just as a Firewall needs to be “trained”, to reach the best state of efficiency and protection capabilities, similarly, the Brain app requires “training’”; so that it too, can perform to its maximum potential as an Internet safety device.

Failure to train a software Firewall application, for example, can lead, in many cases, to an erratic and uncertain experience. The untrained Brain app as well, can exhibit parallel behavior.

Sadly, a significant number of Brain apps lack this training and as a result, many computer users fail to recognize the dangers, and threats, the Internet poses to their computers, and to their personal privacy.

The following is a current example of the dangers an untrained Brain can be exposed to:

Last week Naked Security warned of a Facebook worm that was spreading on the social network, tricking users into believing that they were clicking on a link to an image.

Although an unsuspecting user may believe that they are clicking on a link to a JPG image, the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.

The ultimate aim of all this malicious activity is to install the Dorkbot malware onto your Windows computer.

Clearly it’s time, if you haven’t already learnt the lesson, to realize that you should always be wary of links shared by friends on social networks – after all, how can you tell it was a friend who sent it or a piece of malware on their computer?

Times have changed; cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Train that Brain – so that you are aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape. Now, more than ever, Brain training is a necessity – a prerequisite to protecting yourself, and your computer, from cybercriminal attack.

Shameless self promotion: Subscribe to Tech Thoughts Daily Net News and stay in the loop. We’ll keep you on top of changing security conditions so that you’re better prepared to make proactive adjustments to your Internet security strategy. Just click on “Follow” – bottom right hand on this page – and you’ll never miss another Tech Thoughts article.

PC Tools Firewall Plus 7 – Free Firewall Software

I’m always surprised when I get asked “The Firewall” question – why do I need one? The answer is – a Firewall, either Hardware or Software, is designed to block unauthorized access to your computer from the Internet, at the same time permitting protected authorized communications – provided it includes outbound protection.

Most casual users that I come into contact with believe that Firewalls need to be expensive to ensure that they get the job none. But, that’s not always the case. PC Tools Firewall Plus 7, for example, is a very robust, uncomplicated, free Firewall, which is non- intrusive, and very appropriate for casual computer users – and gets the job done.

I’ve been running with PC Tools Firewall since I installed Win 7 and I have been impressed with its performance. It installed easily, set up quickly, and has not caused any conflicts with my machine despite my sometimes esoteric running requirements.

Here’s a recent example where my machine is being probed for vulnerabilities from an IP address in China.

The default settings are well thought out, and provide excellent protection for less experience users. Experienced users on the other hand can tinker to their hearts content, customizing and tweaking the application to meet their specific requirements.

The program settings screen is definitely new user friendly, as the following graphic illustrates.

What you need to know:

Protects your PC as you are working, surfing and playing.

Protects against Trojans, backdoors, keyloggers and other malware designed to damage your computer and potentially steal your confidential information.

Includes ThreatFire, a heuristic application for additional protection.

Intelligent, automatic protection without all the questions.

Easy to use – designed for both, novice and expert users.

Advanced rules to protect PCs against common attacks.

Inbound and outbound protection.

Simple, user friendly interface.

Free – no catches, limitations or time-limits.

What’s new since I last reviewed PC Tools Firewall Plus:

Extensive Security Permission (ESP). PC Tools Firewall Plus has extended its Self Protection to block malicious programs bypassing the firewall. Some malicious programs access the internet by disabling the firewall allowing your personal information to be sent to the internet undetected. PC Tools Firewall Plus intercepts termination requests restricting who can terminate the firewall and modify protected objects.

Improved Application rules interface displays an application’s details as well as extended/improved user control over input and output rule creation and modification. The new rules interface also allows creation and modification of new ESP rules. This allows the expert user complete control of the network access.

More informative pop ups PC Tools Firewall Plus is built using the new Windows Filtering Platform (WFP) architecture in Windows 7, Vista™ and Server 2008 to provide you with precise control over all network traffic, including IPv6, on both 32bit and 64bit systems.

Updated Profiles Interface for greater control over network access profiles. Configure trusted and untrusted network profiles to help ensure your network access to tailored to the security level of the network you’re connected to.

Network Display has been extended to include detailed available adaptor information including assigned profile, MAC Address and traffic statistics as well as detailed network information including the IP, Gateway IP and subnet mask.

Normal and Expert modes have been combined into one simple to use interface. The new interface has automatic rule and profile creation for the normal user as well as an interface allowing highly customisable configurations for expert users.

If you are a casual computer user, PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting your expectations.

System Requirements: Windows 7 (32/64 bit), Vista (32/64 bit) and XP (32 bit).

Download at: PC Tools

Note: Test your existing Firewall at Steve Gibson’s site – ShieldsUP! If your current Firewall is not in stealth mode (this test will confirm it), and if it can’t be forced into stealth mode, then you should consider changing your Firewall application.

The following are the results, from Steve’s site, on the test I just completed:

Your system has achieved a perfect “TruStealth” rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests.

Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Note: If you are currently running Windows Firewall, then installation and setup is a breeze. On the other hand, if you are running another Firewall, it’s important that you uninstall this application (use the applications built-in uninstaller), before installing PC Tools Firewall. I mention this as a precaution only, since it’s as likely that you won’t encounter any difficulties. But……..

If your current Firewall does not include a built-in uninstaller, then use Revo Uninstaller which will delete the application including the applicable Registry entries.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.