An IT Professional’s Internet Privacy Tips – Simple And Effective

Internet privacy tips are often complex and mind numbing and, generally promote an overblown reliance on technology. In this guest article, IT professional Robert Coulter, cuts through the knarly knot of the usual wooden security tips with a range of suggestions designed to keep hackers and other nefarious types away from your important private data while online.

As revealed in Wired Magazine, every piece of electronic communication is able to be intercepted by someone, somewhere. Even Internet giants like LinkedIn can be compromised, as an estimated 6.5 million password were hacked earlier this month. With that in mind, the only real way to guarantee complete online security is to never go online at all. Since this is neither practical nor desirable, by most people, there are still steps you can take to protect your online security and protect your personal information while enjoying the benefits of the Web.

Don’t overshare.

This first tip is simply common sense. Don’t share more than is necessary on the Web, especially on social networking sites such as Facebook and Twitter. While it can be fun, consider the risks from sharing every last detail of your life with the world, such as birth date, where you go (check-ins), pictures of your children, details of your job and relationships.

All of these details make social engineering hacks easy to perform and open you up to identity theft. Do your bank accounts have common security questions like “Mother’s Maiden Name?” or “City of Birth?” protecting your passwords in the event you need to reset them? Well, chances are this information is easily found by snooping around your social media profiles, making it an easy matter to reset passwords on sensitive accounts.

If you do insist on sharing, at least tighten up your Facebook privacy settings and keep your circle of friends small and limited to those you actually know. Also, disable the most invasive features, like check-ins and photo tagging.

Use a cloud-based antivirus rather than a signature-based one.

Cloud-based antivirus solutions, such as those offered by Webroot and Symantec, do away with large signature file downloads, which eat up bandwidth and can take up to several gigabytes of hard drive space. Instead, all of the signatures reside in “the cloud” and every file and Web request gets run against this ever-growing, real time database using the provider’s resources rather than your computer’s, speeding things up greatly and providing the most up-to-date protection.

Set stronger passwords.

ElcomSoft recently did a study that estimates just 25% of people regularly change their password. Setting a strong password, and changing it frequently, is key to protect your identity. Many experts suggest using long strings of random gibberish with special characters for greatest safety, but these can become nearly impossible to remember, leading to the insecure solution of storing them in an unprotected spreadsheet or on little bits of paper which can get lost.

One way to get a strong password that is easy to remember is to use a four word phrase, such as “kayaking beats drudge work” and substituting the spaces for a special character, such as “#” or “_.” The length and randomness will take a hacker more time than it is worth to figure out, while also being easy to commit to your own memory.

Use a Mailinator account on potential spam sites.

Mailinator is a great tool for signing up for web offers without actually providing your real email address. Mailinator works by allowing you to invent a disposable email address, which you can check without a password and which keeps messages for only 24 hours before being automatically erased. This is great when signing up for a site which seems to offer something enticing, but which might be spammy or even a hacker site, as your real email address is never revealed.

Deactivate old or unnecessary accounts.

Old accounts might leave your information scattered across the Internet for anyone to mine, especially on sites past their prime and maintained very irregularly by their administrators, as they tend to have lax security measures. The answer is to delete these old accounts. Even Facebook now has a “delete” feature, rather than just the “deactivate” one, so take advantage of this to clean up your online traces and reduce the temptation for hackers to learn more about you in an unwholesome way.

In conclusion, online threats are constantly evolving, and the best guardian of personal data is truly the individual user himself. Be smart and be skeptical when online it just might save you thousands of dollars and countless hours of heartache.

Guest author Bio: Robert Coulter works in the security industry at authentify.com which offers two-factor verification solutions for companies who need increased security protection for their clients.

BitDefender Warns Of iPhone Jailbreaking Malware Attack

iPhone “jailbreaking” – the user taking all-inclusive command of the device, which includes running non-approved Apple applications, is apparently not without risk.

Security researchers at BitDefender, the well known security application developer, have just uncovered a malware scheme, aimed at iPhone jailbreakers, that according to BitDefender “deploys a keylogger ……. which allows the malware creators to intercept the victim’s visited sites, usernames, passwords, and bank accounts information – such as pin number, bank account numbers, passwords, etc.”

Delivery of the Trojan, identified by BitDefender as Trojan.Generic.3010833, begins with the user’s positive response to an email which offers software designed to unlock an iPhone, as the following graphic illustrates.

Graphic courtesy of BitDefender.

The body of the email reads as follows:

“Our software is compatible with all firmwares (including the latest version) and will unlock 3G, 3GS, & 2G iPhone models within just a few minutes.

You can download the iPhone unlocking software from here: http://www.unlock……………. /iphone3gs-3g.exe”

Clicking on the link triggers an executable file download to the potential victim’s computer. Running the downloaded executable (and who’s not going to at this point), triggers the installation of a Trojan which according to BitDefender “attempts to change the preferred DNS server address for several possible internet connections on the user’s computer to 188.210……………..”

The following graphic illustrates BitDefender’s security application’s response to Trojan.Generic.3010833.

Graphic courtesy of BitDefender.

Regular readers here are very familiar with the following cautions, but they bear repeating.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

BTW, BitDefender offers a host of highly regarded free security applications which you can checkout here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Yahoo Instant Messenger Under Attack Again or Still?

A new variant of an old Yahoo Instant Messenger Worm spreading fast.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users who want real-time computer contact with each other, and so, they form a perfect attack vector for malware distribution.

Symantec, along with a number of other security providers, are warning users of Yahoo Instant Messenger specifically, they are being targeted by a new variant of an old IM Worm, identified by Symantec as W32.Yimfoca.

(Graphics courtesy of Symantec)

If you are a Yahoo Instant Messenger user, you need to be particularly cautious, at the moment, in saving what appears to be a JPG or GIF file, but in fact could easily be this malicious executable.

This threat drops a worm which will lead to the attacker taking control of the victim’s computer. Additionally, the Worm is programmed to attack those in the victim’s contact list.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

Click here: “Keep Your Kids Safe With Free Parental Control Bar”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Free S10 Password Vault – Secure your Usernames, Passwords

Popular guest writer Rick Robinette, has done it again! Rick, who has a knack for finding great free applications, introduces us to his latest find, S10 Password Vault. A password vault that will work with any program (that requires a username and password), and not just web site accounts.

What I have found, as a result of following the software circuit, is that oftentimes software (during its lifespan) can end up being over developed and bloated.  As a result, the end user becomes frustrated and drops the software in search for something more understandable and simpler. I have found that to be the case with many of the software applications that serve as password managers.

Recently, I was looking for an easy-to-use application to store my usernames and passwords and came across S10 Password Vault. Initially I was skeptical, since I had never heard of this application; however, after a test run I knew I was onto something good.

S10 Password Vault is FREE for personal use, can be run as a PORTABLE APP or a FULL INSTALL, is small in windows size, is  not cumbersome, will autotype the usernames and passwords for you, and will generate random passwords if need be.

The really “cool factor” to this password vault is that it will work with any program (that requires a username and password) and not just web site accounts.

Another thing I found, that I was in search for is, I can use it as a bookmark manager and program launcher, as well (even though it is touted as a password vault). This is especially useful on my flash drive. I commend the author, Sten Herlitz, for developing a really nice (easy-to-use) password vault that is feature enriched and developed with the end user in mind.

Master Password Screen

Folder Hierarchy Example

Account Editor

Features of S10 Password Vault:

Customizable folder/account hierarchy

Launching of websites and programs

Autotypes info in websites and programs

Account matching via window titles

Custom account information fields

Drag-and-drop support

System tray icon showing lock state

Quick unlock using partial password

Auto-start when Windows starts

Print capability and “View All” mode

Export URLs to browser Favorites

Compact program (647KB download)

Highly secure 256-bit AES encryption

Single file protected by master password

Optional key file on USB drive

Strong password generation

Foils malicious keyboard loggers

Auto-lock timeout and automatic file backup

Secure synchronization between PCs

Secure folder sharing with other users

A portable version runs on USB drive

Digitally signed – no spyware/adware

No browser plugins or toolbars

Central configuration for businesses

System requirements: Windows all (32 and 64 bit).

Download at: Developer’s site

Note: A portable version is also available.

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC. Like me, you’re sure to become a frequent visitor.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

USBThief – Making it Easy for Cyber Criminal Wannabes

With access to your passwords, cyber-criminals (they come in all shapes, sizes and flavors – so don’t be fooled), can and will, steal your identity and without a doubt severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.

There are numerous ways of course that a password can be stolen. Popular methods employed by cyber criminals include, but are not limited to:

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity to start the process of infecting unaware computer users’ machines

Search engine redirection: Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware including password stealers on your computer without your knowledge.

Added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we now have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players, such as a iPod, into a USB port on our computer.

USBThief is a free hacking application – available for download on virtually every torrent download site that I investigated – which can be installed on a USB flash drive, or even an iPod, or other MP3 player.

I haven’t tried (yet), to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.

USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.

There is no requirement that the culprit is a seasoned hacker – all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.

After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.

Learning to use this application is an absolute “no brainer” – there are multiple sites on the Internet offering tutorials (including video tutorials), in the use of  USBThief.

Here’s a little blurb from a hacking site:

1.Insert the USB in your victim’s computer.

2.View folder “dump” to see the passwords. It also makes a second dump folder in the batexe folder. Tested and Working perfectly!

I have not written this article to produce paranoia, or to make you suspicious of either your family, or your friends, but so that you are aware of the ever increasing challenges we all face in protecting valuable information in a world that threatens us, at every turn it seems.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Online Banking Do’s and Don’ts

While it’s true that the Internet, despite its fundamental design flaws, has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices, and decisions, that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the positive hype surrounding financial institutions’ system security, we have learned, much to our detriment, that there are no absolutes in computer system security.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, the active security features offered by your financial institution.

Examples of security features offered by financial institution:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that resembles a lock, or a key, when you conduct secure transactions online. Look for this symbol so that you have reason to believe your connection is, in fact, secure.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words, that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your password in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer, even at home, unattended, once you have signed in to online banking.

After completing your transactions, ensure that you sign out, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly, many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party, or website, other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number, or password, on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, (absolutely NOT recommended), to be safe, change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by someone else. The best passwords are made up of an alpha-numeric combination that are more than eight characters long, and a combination of capital and lower case letters.

This is an example of an Online Banking email phishing attempt.

Final words – don’t use:

A password you use for any other service.

Your name, or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number, or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Online Login Security Tips

Don’t think much about your online passwords? Guest writer Mark Schneider gives you the lowdown on why you should.

Today, many of us live online – we bank, we shop, and we communicate with old friends via the internet. The problem with online life is; your identity is out there in so many places, and eventually, one of those sites will be compromised.

To protect ourselves, we come up with passwords that, supposedly, only we know. The problem is – people don’t take the time to use properly secure passwords because they are often too difficult to remember.

How many people use the word “password” for their password? It happens all the time. So, to combat this, many sites require passwords of minimum length. This is fine except if you are using a word out of the dictionary, which is fairly easy to crack.

So, to really get a secure password, you need to use a password with more than a few characters, and it needs to include letters, numbers, and if the site allows it, symbols to make a decently secure password.

Another problem then arises: how do you remember your password? Security expert Bruce Schneier, recommends people write down their passwords and post them by their computer. This may sound crazy, but his point is simple. It’s more important to have a secure password you’ll never remember, than one that’s easily discovered by hackers. The fact is, if someone has physical access to your computer all bets are off anyway.

My only problem with this idea is, many people need to access their secure information while they’re away from home, or office. Having your passwords written down while you’re on the road, is not a good idea. So you need to devise a way to create secure passwords that you can easily remember. Doing this isn’t as difficult as it sounds. Just devise a method that makes sense for you, and use it consistently.

One method I recommend is – take a line you remember from a song you like, then take the first letter of the line and then add numbers, or symbols to it that make sense to you.

For example, I use lines from old songs I remember and I add numbers of old addresses, birthdates, or a series of numbers I just picked at random, but can easily remember.

The important thing is, it should be easy to remember and totally random. The length of the password is also important – less than 8 characters is too short; 20 characters is considered totally secure.

Many people prefer to use a program to remember their passwords. A couple of very good programs I’ve used which are secure and easy to use are:

Roboform (Free).

and KeePass (Free).

While I don’t use them anymore, I think both offer a great service and should be considered by anyone looking for a simple way to manage passwords in a secure fashion.

Another and potentially more serious problem which I see everywhere online is, the vulnerability in resetting passwords. Several public figures have had their accounts hacked by the use of poor authentication protocols that websites use to reset passwords in case you forget, or lose it.

What happened to Sarah Palin, the Vice Presidential candidate in last year’s national election in the United States, is a great example. Her Yahoo mail account was hacked because her security question was easily guessed, and her password was then made available on Wikipedia.

This problem is perhaps the single largest login security hole you have to face. Typically websites ask questions such as your mother’s maiden name, or your first home town. This information can often be found in publically available locations.

A better protocol would be for sites to have the user set their own “secret question”. While this is better, you would still need to be careful not to use questions which can be guessed, or are known by others.

On a more delicate note, it’s important to realize that identity theft is committed most frequently by people that are known to the victim. It’s not a good feeling, but it’s statistically a fact, and shouldn’t be ignored.

So how do you get around this problem of authentication? Simple – you lie. If you have to use your mother’s maiden name, make up one you can remember. Use the name of someone else you may know, or use a color you hate. There’s no law that says your mom’s maiden name isn’t pink, or that you have to be truthful. Just make sure you remember the fake name you choose.

Logging into websites we use is easy to take for granted. The problem is, once your identity is compromised it can be a nightmare to fix all the issues that will arise.

Take the time to use good, secure passwords, and remember – the security questions you are asked are just as important as your passwords.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Avoid Worms – Instant Messaging Tips

I wrote earlier today about a new worm currently circulating on the Internet, which Panda Security identifies as the MSNWorm.GU.

This worm uses MSN Messenger, and other chat applications, to spread. It infects systems silently, and without any visible symptoms.

Infection occurs when the victim clicks on a download link contained in a message received from a contact. Clicking on the link installs the worm on the target system, and the infection begins.

So, is there anything unusual about this worm; is it just a one off occurrence? Not at all – instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware. In fact, recent statistics indicate almost 50% of worms use instant messaging applications to spread.

Regrettably, from a security perspective these applications can present considerable security risks. Security risks increase  substantially when these programs are used to share files, folders, or in some cases even entire drives.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

Click here: “Parental Control Bar”

On the whole, the best protection against Instant Messaging threats involves having good antivirus and firewall protection to guard your security at all times. Elsewhere in this Blog, you can read an article on free security software and download those you might find useful.

Click here: “Best Free Security Applications”

For information on how Skype has become open to scamming, read the article Skype says I’m infected with malware … by my tech wizard friend Techpaul.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How to Conduct Online Banking Safely

I’ve noticed a surge recently, in search engine referrals to this site on online banking fraud, so it’s time for a refresher on how to safely carry out your online banking.

As use of the Internet continues to expand exponentially, banks and other financial institutions have increased their use of the Internet to deliver products and enhanced financial services, or simply to improve communications with consumers.

The Internet, despite its fundamental flaws, does offer the potential for safe, convenient, and new ways to shop for financial services and conduct banking business, any day, any time.

While it’s true that the Internet has the “potential” for safe and secure financial transactions, safe banking online relies on you making good choices and decisions that will help you avoid costly surprises, or even carefully crafted scams and phishing schemes.

Despite all the hype concerning inpenetrateable system security, we have learned, much to our detriment, that no such inpenetrateable systems exist.

The inescapable fact remains; you are your own best protection while conducting financial transactions on the Internet. So it’s important that you learn about, and take advantage of, security features offered by your financial institution.

Some examples are:

Encryption is the process of scrambling private information to prevent unauthorized access. To remind you that your transmission is encrypted, most Internet browsers display a small icon on your screen that looks like a lock or a key, when you conduct secure transactions online. Avoid sending sensitive information, such as account numbers, through unsecured e-mail.

Passwords, or personal identification numbers, should be used when accessing an account online. Your password should be unique to you, and this is extremely important, you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess.

Always carefully control to whom you give your password. For example, if you use a financial company that requires your passwords in order to gather your financial data from various sources, make sure that you are aware of the company’s privacy and security practices.

General security over your personal computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers, or Internet service provider, to ensure you have the latest in security updates.

Tips on safe computing practices when conducting your online banking at home, or at a public computer:

Never leave your computer unattended once you have signed in to online banking.

After completing your transactions, ensure that you sign out of online banking, clear your cache, and close your browser. Often, it is easy to forget to sign out of an online banking session

Keep your password and card number safe. This seems like a no brainer, but surprisingly many users do forget this critical step in the process.

Do not share, disclose, or provide your bank card number, or password, to another party or website other than your bank. Most banks will not send you an email requesting this information. If your bank practices this very unsafe routine; you should change banks.

Do not save your bank card number or password on a publicly accessed computer.

If you do use a public access computer such as at an Internet café or public library, to be safe change your password after completing your session by calling your bank’s telephone banking number.

When selecting a password, choose a series of characters that cannot be easily guessed by anyone else. The best passwords are made up of an alpha-numeric combination that’s more than four characters long and a combination of capital and lower case letters.

This is an example of an Online Banking email phishing attempt.

Don’t use:

A password you use for any other service.

Your name or a close relative’s name.

Your birth date, telephone number or address, or those of a close relative.

Your bank account number or bank card number.

Do not share your personal verification question answers with anyone, and do not disclose them in any emails. It’s simple; giving your password answers to another person, or company, places your finances and privacy at risk.

For an article on Phishing and how to protect yourself see Gone Phishing? Protect Yourself – Stop · Think · Click , elsewhere in this Blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

USBThief – Designed to Steal Your Passwords

We all know that the purpose of computer passwords is to protect personal information that you’ve stored on your computer, as well as in your online accounts.

With access to confidential passwords, cyber-criminals (they come in all shapes, sizes and flavors – so don’t be fooled), can and will, steal your identity and without a doubt, severely compromise your financial security. Stolen passwords have the potential to cause serious havoc in your life.

There are numerous ways of course that a password, or software license key, can be stolen. Popular methods employed by cyber criminals include:

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words, they exploit our curiosity, emotions and fears, to start the process of infecting unaware computer users’ machines

Search engine redirection: Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines. Malware, including password stealers can be installed on a computer simply by visiting a site.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common recently. They are crafted to automatically download and install malware, including password stealers, on your computer without your knowledge.

Now, added to the burden we already carry in protecting our computers, our private personal information, and our confidential financial information, we have to be careful, and perhaps even suspicious of our friends, or for that matter anyone, who inserts a USB drive including MP3 players, into a USB port on our computer.

USBThief is a free hacking application available for download on virtually every torrent download site that I investigated – which can be installed on a USB flash drive, or even an iPod, or other MP3 player. I haven’t tried to install this on a Digital Camera, but I suspect (with some modification), that it can be done. Consider how often a friend, or family member, has connected any one of these peripherals to your machine.

USBThief has been designed and crafted with only one purpose in mind, and that is to steal both the passwords, and software keys, on the duped party’s computer.

The culprit doesn’t need to be a seasoned hacker; all that’s needed is that an ethically challenged individual download the program; decompress the archive and put all the files located in the folder “USBThief” onto a USB drive.

After connecting and removing the tweaked USB drive from the victim’s computer, the cyber-criminal simply views the dump folder to view the captured information.

Should you now be suspicious of your family, or your friends? Of course not; but you do need to be aware of the ever increasing challenges we all face in protecting our valuable information.

Good news for all of us however, is in the works. Windows 7 addresses this problem with its Guest Mode feature which when activated, will prevent users from writing to any USB, or other attached device or drive.