Category Archives: Yahoo

Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

imageI’ve been known to  stare at my monitor, humming a few bars of  – “IM malware go away, and come back another day”, from time to time. Doesn’t seem to work though.  🙂 IM malware never goes away – it just fades into the malware background chatter.

Despite the fact that Instant Messenger malware (which has been with us since 2005, or so), doesn’t create much of a fuss, and seems to prefer to stay just below the horizon, it’s as dangerous as it’s ever been.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

–   Yahoo Instant Messenger Under Attack Again or Still? (May 4, 2010)

It’s easy to forget about the risks associated with Instant Messaging precisely because of this lack of profile. Until, that is, IM malware comes knocking – hard – like now!

BitDefender’s, Bogdan Botezatu, reports in a recent Blog post, that Yahoo Messenger is currently under attack – and, taking a hard knocking.

From the Blog:

New Yahoo Messenger 0-Day Exploit Hijacks User’s Status Update…and spreads malware, of course!

A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version.

Since you’re an astute and educated user, none of this comes as a surprise, I’m sure. But, what about a typical user – would he/she be surprised, do you suppose?

Let’s take a look –

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users – just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Unfortunately, the only surprise here is – this is not a surprise.

The harsh reality is, from a security perspective, Instant Messaging applications can present considerable security risks. So naturally, cyber-criminals use Instant Messaging as a primary channel to distribute malware and scams.

We’ve talked about IM security a number of times here, but with this ongoing attack, a quick refresher might be in order.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Instant Messanger changed Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

BTW, you can hum “IM malware go away, and come back another day”, to the new version of that old familiar tune – Rain Rain Go Away.    Smile

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

Filed under Cyber Crime, Instant Messenger Safety Tips, Interconnectivity, Malware Advisories, Online Safety, Yahoo

Should You Forget About Password Safes and Write Down Your Passwords?

image There are days when Surfing the Internet, it seems to me,  is like skating on thin ice – one wrong move and you’re in trouble. I know – this past weekend I got hacked. After 20+ years – BAM!

There are any number of possibilities as to what happened, but one of those possibilities is not unauthorized access to my online saved Passwords. I don’t save passwords online. I never have, and I never will.

Instead, I write my passwords down, and record them in a special book; a book which I keep ultra secure.

There are some who disagree, for many reasons, with this method of password control, but I’m not about to change my mind on this issue, and here’s why –

The world is full of advice that on the face of it seems reasonable, responsible and accurate. You know how it is – if you hear it often enough then it must be true.

One piece of computer security advice that you’ve probably heard over and over again is – don’t write down your password/s. The problem is; this piece of advice couldn’t be more wrong, despite the fact it seems reasonable, responsible and accurate.

Here’s the dilemma we face. Complicated, in other words, safe passwords are hard to remember, whereas easy passwords, in other words unsafe passwords, are easy to remember. No surprise then that most computer users’ employ easy to remember, and unsafe passwords.

You know the kind of passwords I’m talking about – obvious passwords, like your first name, or your wife’s name, child’s name, date of birth date, etc. – passwords you’re not likely to forget. And that’s the problem – there’s no point in having a password at all if cyber-criminals will have no difficulty in figuring it out.

Cyber-criminals use simple processes, all the way to highly sophisticated techniques, to capture online passwords as evidenced by the Hotmail fiasco last year, in which an anonymous user posted usernames, and passwords, for over 10,000 Windows Live Hotmail accounts to a web site. Some reports indicate that Google’s Gmail, and Yahoo Mail, were also targeted. This specific targeting is one possibility that might explain how my Gmail account got hacked.

Not surprisingly, 123456 was the most common password captured, followed by (are you ready for this?), 123456789. Some truly brilliant users used reverse numbers, with 654321 being very common. Pretty tricky, huh? I’m being a little cynical, but..

I know that on the face of it, writing down your password seems counter intuitive and flies in the face of conventional wisdom, since the issue here is one of security and safety.

But, ask yourself this question – is your home, office, wallet etc., more secure than your computer? If the answer isn’t “yes”, then you have additional issues that need to be addressed.

While it may be true that you don’t want your wife, lover, room mate, or the guy in the next office, to gain access to your written list of passwords – and writing down your passwords will always present this risk; the real risk lies in the cyber-criminal, who is perhaps, thousands of miles away.

image Computer security involves a series of trade-offs – that’s just the reality of today’s Internet. And that brings us to the inescapable conclusion, that strong passwords, despite the fact that they may be impossible to remember – which means they must be written down – are considerably more secure than those that are easy to remember.

Here are some guidelines on choosing a strong password:

Make sure your password contains a minimum of 8 characters.

Use upper and lower case, punctuation marks and numbers.

Use a pass phrase (a sentence), if possible. However, not all sites allow pass phrases.

Since brute force dictionary attacks are common, keep away from single word passwords that are words in a dictionary.

Use a different password for each sign-in site. This should be easy since you are now going to write down your passwords. Right?

You are entitled, of course to disregard the advice in this article, and look at alternatives to writing down your passwords, including Password Safe, a popular free application. As well, a number of premium security applications include password managers.

Guest writer, Glenn Taggart’s article from yesterday – LastPass Password Manager – Secure Your Passwords and User Names, offers a terrific review of another free password application.

If you have difficulty in devising a strong password/s, take a look at Random.org’s, Random Password Generator – a very cool free password tool.

As an additional form of protection, you should consider the Firefox add-on KeyScrambler, which will protect you from both known and unknown keyloggers.

For additional info on password management, checkout Rick Robinette’s “PASS-the-WORD”… Basic password management tips” Many regular readers will remember that Rick is a very popular guest writer on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

28 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Email, Freeware, Gmail, Google, Internet Safety, Online Safety, Personal Perspective, Software, System Security, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP, Yahoo

With Online Translators, Read Tech Thoughts in Hebrew, French, Polish……

There’s good reason why the Internet is called, the “world wide web”. It certainly is that. Yes, I know, the Internet, and the world wide web, are not necessarily one and the same. But that’s a purely technical difference, rather than a true functional difference.

English is the primary language used on the Internet, but it may surprise you that it holds this position by only a small margin, as the following graphic indicates. It’s inevitable, that as a percentage, English will lose this prime position.

English 1

I read scores of Blogs, visit numerous tech web sites, and general purpose sites every day (well, every evening), and it never fails to amaze me, how North American centric (including spelling), these sites tend to be.

There’s a disconnect between the reality of who actually makes up the Internet market place (by geographical location and language), and the North American centric focus of many web sites. If you were guided by these sites, you’d be forgiven if you believed that most Internet users were North American, and spoke English

But the following graphic, courtesy of Internet World Stats, certainly proves otherwise.

English 2

To assist those whose primary language is not English, a number of free translation service are readily available to translate Internet content to their mother tongue.

These translation services include Google Translate, (which can translate to and from, 57 languages), Microsoft Bing Translator, (slightly fewer languages), Yahoo’s Babelfish, and Babylon, which, according to the site has more than 800 language pairs to choose from.

The following screen captures show Tech Thoughts translated into Hebrew, French, and Polish by recent site visitors, using a free translation service.

Hebrew:

Tech Thoughts in Israeli

French:

Tech Thoughts in French

Polish:

Tech Thoughts in Polish

If you’re wondering how it is I know that these specific articles were translated, by readers, to these particular languages; the answer is simple – Statcounter.

Statcounter is a free website tool with a range of tools including –

Configurable Counter

Configurable Summary Stats

Popular Pages

Entry and Exit Pages

Visitor Paths, Visit Length and Returning Visits

Recent Page load Activity and Recent Visitor Activity

Country/State/City Stats

Recent Visitor Google Map

ISP Stats, Browser Stats and O.S. Stats

As an alternative to online translators, add-ons are available for Firefox, Internet Explorer, and Opera.

If you’re a Chrome user, then you already know that Chrome incorporates translation in the browser itself, without requiring additional plugins or extensions.

Note to fellow bloggers: If you want to increase readership, recognize the reality, write for the “world”, and be cautious of being North American centric.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Cloud Computing Applications, Freeware, Google, Interconnectivity, Online Translators, Productivity Software, Windows Tips and Tools, Yahoo

Internet Privacy – You’re Kidding, Right?

Rick Robinette’s guest writer article might surprise you. Rick lays out what the sum total of your Internet activity might mean for you now, and in the future.

Once It Is Out There, It Is Out There

I was thinking about the time I first accessed the internet, up to the present, AND was questioning myself; “What have I put out there?” Now, I am talking about anything and everything from emails, web accounts, web mail, online purchasing, online chatting, files, credit card numbers, etc.

Actually, I try to be very careful of what I am doing; however, what little I have put out there, is out there AND there is no turning back. The little bit of information I have put out there is just enough that my identity and privacy could ultimately be breached.

Recently we all read in the news where the ESPN reporter was a victim of a peepster who posted shots of the reporter on the internet. I actually was chuckling when there were reports of trying to stop this transgression and get it back.

There is no getting it back… In this case, the internet takes over, and these shots were sprinkling down on people’s PC’s like rain (a million drops a second). There is just no way to stop it and there is no way to get it back.

image

It amazes me what people are putting out there on the social network sites, such as Facebook and MySpace. Remember, when the information you are posting is “all about you”, it could come back to haunt you years down the road.

The younger generation, oblivious to privacy, is telling it all and exposing sensitive matters about themselves that would make a sailor blush.

Email is another interesting tool that we use that leaves a trail. My email sending policy, is to keep it short and never express my feelings about something or someone. Once you hit that send button, it rockets into cyberspace, which in essence can be infinity.  Email can remain on servers forever.

To give you an example, when I retired, my email account (at a government agency) remained active for over 2 years until I demanded it be terminated.  Termination of the account took it out of the public’s view; however, my data and email correspondence was still there.

The purpose of this article is to heighten your awareness about your identity and privacy; AND to make you think about what information you are giving away about yourself. It is human nature to investigate and to be curious. With just knowing your name and your zip code, a person with bad intentions can get your address, a map to your house, a photo of your residence, your property tax records, and it goes on and on.

Are you out there?

Simply by using Google or Yahoo you can find an abundance of information by simply entering a person’s name; however, there are online services that specialize in deeper searches.

I encourage you to perform a search for your name, using these services. If you know of any other services, please leave a comment below.

image

image

image

image

image

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC. Like me, you’re sure to become a frequent visitor.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under Email, Google, Interconnectivity, Internet Safety, Privacy, Windows Tips and Tools, Yahoo