Right Click and SAVE link. Paste it into
your RSS Reader to
Subscribe to our Security Alert RSS Web Feed.
It keeps you totally
informed of the latest web page updates, Newsletter Editions and Blog
posts as soon as they're made!
What's an RSS Feed?
your No.1 Use of the Internet?
Please take this one minute mini-survey.
Let us know how we can
best serve your primary interests so you can avoid Hacker and spy
We'll give you a nifty and entertaining Free
eBook on Coping With Your Stresses
as a Thank You for your time
Information for the everyday Non-technical Computer user, Internet
User and Web Surfer who just wants to be safe doing basic stuff.
pleased that you're here today,
and look forward to
your early return to the Security Alert Blog.
Using the Web Feed or book-marking this page will make it a lot easier to visit
Thanks, Richard Rossbauer (
Save This Page )
hesitate to express
your views and opinions on my Security Alert Blog postings (easily done by clicking on
the highlighted 'COMMENT' |
'TRACKBACK' at each post
July 26, 2006
- our third weekly
One day each week devoted to
a specific security issue - to remind all of us Internet and
Computer users about keeping our defenses intact and current.
A keylogger is a program that runs in your computers background
secretly recording all your keystrokes. Once your keystrokes are
logged, they are hidden away for later retrieval by the attacker.
The attackers then carefully review the information in hopes of
finding passwords or other information that would prove useful to
them. For example, a keylogger can easily obtain confidential emails
and reveal them to any interested outside party willing to pay for
Keyloggers can be either software
or hardware based. Software-based keyloggers are easy to distribute
and infect, but at the same time are more easily detectable.
Hardware-based keyloggers are more complex and harder to detect. For
all that you know, your keyboard could have a keylogger chip
attached where anything being typed is recorded into a flash memory
sitting inside your keyboard. Keyloggers have become one of the most
powerful applications used for gathering information in a world
where encrypted traffic is becoming more and more common.
As keyloggers become more advanced, the ability to detect them
becomes more difficult. They can violate a users privacy for
months, or even years, without being noticed. During that time
frame, a keylogger can collect a lot of information about the user
it is monitoring. A keylogger can potentially obtain not only
passwords and log-in names, but credit card numbers, bank account
details, contacts, interests, web browsing habits, and much more.
All this collected information can be used to steal users personal
documents, money, or even their identity.
Not all keyloggers are used for illegal purposes. Keyloggers have
been used to monitor web sites visited as a means of parental
control over children. They have been actively used to prevent child
pornography and avoid children coming in contact with dangerous
elements on the web. Are the children being spied upon? Yes. Should
they be aware of the existence of surveillance software on the
family computers, or on their own computers? This is a Parental
The legitimacy of their applications depends upon the intent of the
individuals who caused them to be implanted on a given computer.
Employers use them to monitor their employees use of company
computers on company time, often as a deterrent to loss of
production by visits to pornographic websites, unauthorized instant
messaging, email joke exchanges, visiting chat rooms, etc. All of
these activities have the potential of infecting the Employers
computer systems with viruses, worms, and malicious trojans which
could lead to loss of Confidential Company information.
Are they legitimate? Employers have the right to protect themselves
from possible legal problems, loss of production, damaged
reputations, complete shutdown of their computer networks, etc. All
of these, and more, can happen from an employees unauthorized use
of Company equipment.
Consider the application of Spyware for monitoring failing
relationships. It is used by Spouses, Lovers, and Life Partners to
monitor Instant Message logs, Chat Room visits, and email messages.
(Even without Spyware, many of these records are already hidden in
your computer files). Spyware does a better job of recording every
keystroke made by a suspected partner.
July 23, 2006MySpace
targeted to sucker punch millions of its unsuspecting
members with a drive-by Trojan infection
Drive-by downloads install backdoor Trojans without having to click
a button, text link, or accept a program with a legitimate sounding
name. Just landing on
a page with the booby trap is often enough to trigger the download.
In an article by
Jessica Dolcourt, Assistant Editor at Download.com, Ms. Dolcourt
makes two very important points in addition to highlighting the
negative effect to MySpace's trustworthiness:
1. there are still plenty of people who haven't
installed their current security
updates from Microsoft.
(Reminder - they're free!)
2. scammers and online criminals are targeting
high-traffic Web sites.
Apparently, a phony ad banner located at the top of the MySpace
screen carried the Trojan. The question, of course, is how were the
clever spyware writers able to place their ad on a site so trusted
by millions of users?
Even if you aren't active in the many online communities like
MySpace, this article vividly points out the need to keep your
security programs and operating systems up-to-date.
July 20, 2006Trojan
Horses - our Second weekly
One day each week devoted to a
specific security issue - to remind all of us Internet and Computer
users about keeping our defenses intact and current.
A Trojan Horse is a
destructive program that masquerades as a harmless application.
Unlike viruses, Trojan Horses do not replicate themselves, but they
can be just as destructive. One of the most dangerous examples of a
Trojan is a program that promises to rid your computer of viruses
but instead introduces viruses into your computer.
The Trojan can be tricky. It can cause an advertisement to pop up
claiming to be able to rid your computer of some nasty virus. Or,
even more frightening, it can have an email sent to you that claims
to be alerting you to a new virus that can threaten your computer.
The emai promises to quickly eradicate, or protect, your computer
from viruses if you simply download a free, attached software into
You may be skeptical but the software looks legitimate and the
company sounds reputable. You proceed to take them up on their offer
and download the software. In doing so, you have just potentially
exposed yourself to a massive headache and your computer to a
laundry list of ailments.
What else might happen when a Trojan is activated? Some
Trojans are more annoying than malicious. Some of the less annoying
Trojans may choose to change your desktop settings or add silly
desktop icons. The more serious Trojans can erase or overwrite data
on your computer, corrupt files, spread other malware such as
viruses, spy on the user of a computer and secretly report data like
browsing habits to other people, log keystrokes to steal information
such as passwords and credit card numbers, phish for bank account
details (which can be used for criminal activities), and even
install a backdoor into your computer system so that they can come
and go as they please.
To increase your odds of not encountering a Trojan, follow these
1. Remain diligent. Trojans can infect your computer through rogue
websites, instant messaging, and emails with attachments. Do not
download anything into your computer unless you are 100 percent sure
of its sender or source.
2. Ensure that your operating system is always up-to-date. If you
are running a Microsoft Windows operating system, this is essential.
(and just as important for Firefox, Opera and others).
3. Install reliable anti-virus software and download all updates
frequently to catch new Trojan Horses, viruses, and worms. Be sure
that the anti-virus program(s) that you choose can also scan
incoming and out-going-emails and files.
4. Install a firewall. A firewall prevents unauthorized use and
access to your computer. Its not going to eliminate your computer
virus problems, but when used in conjunction with regular operating
system updates and reliable anti-virus software, it can provide
additional security and protection for your computer.
Nothing can guarantee the security of your computer 100 percent.
However, you can continue to improve your computer's security and
decrease the possibility of infection by consistently following
...Richard More Information: Trojan,Firewalls More blogs about TrojanHorse. |
July 16, 2006 SPAM, it keeps coming!
Where's it coming from? Will it ever end?
Sunbelt Software Company's
Antispam expert Allan McDaniel, developer for the consumer version
of iHateSpam, reported these four latest trends in spam during an
interview posted in the Company's Newsletter.
The first source he
mentioned - most spam now comes from zombie computers.
A zombie computer is a computer attached to the Internet that has
been compromised by a security cracker, a computer virus, or a
trojan horse. Generally, a compromised machine is only one of many
in a "botnet ", and is used to perform malicious tasks under remote direction. Most owners of zombie computers
are unaware that their system is being used this way.
The zombie code can access the address book and send legitimate
looking email to the zombie machine owner's friends.
The second trend is the increase in the amount of image spam - spam
that contains an image instead of text. The spammer's message is
contained in the graphic image instead of text so that there is no
practical way to try and detect spam by looking at the contents of
The amount of image spam is currently around 5% - 10% of the total
amount of spam.
Mr. McDaniel expects to see this increase to 20% - 30% in the next
year or two.
In my opinion, the third trend - phishing- is the most threatening.
Phishing sites are so good that many are hard to detect. Mr.
McDaniel has seen a dramatic rise in the amount of phish email in
the past 6 months. He expects to see that increase continue because
there is so much money to be made with very little effort or risk.
I doubt that many Internet users are aware of the fourth trend. It's
phoney "returned email". There has been a marked increase,
especially with those that show an attachment. It is particularly
nasty because an attachment on a returned email doesn't seem
abnormal or unexpected.
Some undelivered email with attachments contain spam or a link to a
malware site instead of the original email message. Mr. McDaniel
warns us to be real careful to make sure that the "bounce" (rejected
email) is actually something that we sent. If it isn't, it's very
likely that our machine is infected.
In the interview, Mr. McDaniel reminds us how to keep spam to a
open any email that looks suspicious. If you don't recognize
the sender - it's suspicious.
Use a good
spam filter. No spam filter is perfect so you should probably
use at least two different brands.
on the "unsubscribe" link in emails.
at least one disposable email account. Get one from Hotmail or
Gmail and use it on web sites that require you to become a
member. You can discard these after a while and get new ones
Valuable reminders from an
expert and excellent advice on the use of spam filters.
More Information: on SPAM,
... Richard |
July 12, 2006Fighting Off Viruses - Our first
I am simplifying the
important Security issues by breaking the volume of Safety
information into smaller, easier to read and understand chunks to
remind allof us Internet and Computer users about
keeping our defenses intact and current.
Fighting off Viruses - Advancements in Antivirus Software Suites
Protecting your computer from a virus is getting harder and harder
each day. While it may border on the paranoid, it goes without
saying that you cant leave your guard down for one second.
In the good old days, before the advent of the Internet and
downloadable programs, life was simple in terms of computer viruses.
With the primary way in which a virus could be transmitted being
limited to floppy disks, the ability to catch and eradicate the
virus was a lot easier.
Actually, computer users were pretty savvy on how to protect
themselves in terms of scanning all floppy disks before copying them
to our desktop.
The Internet helped change all that. It provided a way that viruses
could move from host to host with lightening speed. No longer could
a computer user just worry about floppy disks as points of entry,
but they now had to worry about email, email attachments,
peer-to-peer file sharing, instant messaging, and software
Todays viruses can attack through multiple entry points, spread
without human intervention, and take full advantage of
vulnerabilities within a system or program. With technology
advancing everyday, and the convergence of computers with other
mobile devices, the potential of new types of threats also increase.
Protecting Your Computer
Luckily, the advancement of antivirus software is keeping pace with
current virus threats. Antivirus software is essential to a
computers ability to fend off viruses and other malicious programs.
These programs are designed to prevent a virus from entering a
computer through email, web browsers, file servers and desktops.
Computer users should remain diligent and follow a few simple steps
to protect against virus threats:
1. Evaluate current computer security
systems. With the threat of a new generation of viruses able to
attack in a multitude of ways, the approach of having just one
antivirus software version has become outdated. You need to be
confident that you have protected all aspects of your computer
system from the desktop to the network, and from the gateway to the
server. Consider a more comprehensive security system which includes
antivirus, firewall, content filtering, and intrusion detection.
This type of system will make it more difficult for the virus to
penetrate your system.
2. Only install antivirus software created by well-known, reputable
companies. Because new viruses erupt daily, its important that you
regularly update antivirus software. Become familiar with the
softwares real-time scan feature and configure it to start
automatically each time you boot your computer. This will protect
your system by automatically checking your computer each time it is
3. Make it a habit to always scan all new programs or
files no matter where they come from.
4. Exercise caution when opening binary, Word, or Excel
documents of unknown sources, especially if they were received
during an online chat or as an attachment to an email.
5. Perform regular backups in case your system is
corrupted. It may be the only way to recover your data if infected.
July 9, 20062006 Security Watch - What
does the rest of the year have
in store for us? What are we going to do about it?
There is a lot going on in
the information security space. 2006 has proven to be an interesting
year so far. Here are some things to watch for during the balance of
year, some of them are good and, unfortunately, some arent.
Good news First:
- Were getting a lot more serious about our security. There are a
lot of reasons for this. For example, new privacy laws are mandating
organizations to tighten their security. Look to see more consumer
privacy laws passed in the coming year and more tightening of
- Authentication requirements are increasing - closing in large
security holes. Corporations are requiring a great deal more of
authentication to get into secure systems (this also is on the bad
- There is a mass of sophisticated programs to help us be more
secure and they will continue to get better. Competition right now
is strong in the security industry sparking a lot of innovation.
- ISPs (Internet Service Providers) are taking on more
responsibility to help with our online security.
Now the bad news:
- Spammers keep finding more creative ways to fill our email boxes.
Don't look for this trend to stop anytime soon.
- Hackers are getting more sophisticated. For example, Botnets are
becoming more complex and harder and harder to catch and stop. Do a
search on botnets on the Internet. They really are causing a whole
lot of problems, but it doesnt stop there. The number of viruses
and malware out there is staggering.
- Securing our networks is costing us. Most companies are
globalizing their organizations and making them secure - costing a
lot of money. It will get worse before it gets better.
- Authentication requirements are increasing. This is getting
claustrophobic. Corporations are requiring a great deal more
authentication to get into secure systems (This is also on the good
news side). Unfortunately, for the end user, it is one more thing to
be unhappy about, not unlike airport security lines.
What are we going to do about all of this?
I doubt that there are many people using the Internet who havent
heard time and again how important it is to build and maintain their
personal defenses against these problems.
Maybe theyve heard it so often that its become overwhelming to
some, and just plain background noise to others. Possibly, theres
too much detail involved to encourage people to take action.
Possibly, simplifying the important issues and breaking the volume
of Safety information into smaller, easier to read and understand
chunks will remind Internet and Computer users to keep their
defenses intact and current.
Were going to find out if this works.
For the next few months, I'm going to post short Security
Review-Day Reminders once a week on the Firewalls and Virus
Protection Security Alert Blog. Watch for them every Wednesday or
Thursday. I promise to keep them Brief, Useful, and To-the-Point.
July 7, 2006 A recent article in the New
York Times about Identity Theft
was a real "eye-opener".
It was an interview with a 20 year
old (from his prison cell) who stole $150,000 in cash and
merchandise over a 2 year period using email solicitations and phony
Commonly known as phishing, it's
just one of the many ways Shiva Sharma was able to rob dozens
of people of their money. For computer-savvy thieves like Mr.
Sharma, the Internet provided the means for stealing identity and
account information and a place to use it.
The New York Times article describes how his career of Hacking grew
from spending time just surfing online to frequenting Chat rooms where
instructions and tools for harvesting peoples email addresses
could be purchased.
He eventually acquired 100,000 or so of these addresses and sent
phishing emails that looked like official AOL requests to re-confirm
billing information and a lot of other personal information. He
concentrated on AOL users because he felt they were most likely to
be new to the Internet and less knowledgeable about online Identity
Many of the AOL subscribers who received these phony requests did
respond, and they're the ones whose identities were used to fill Mr.
Sharma's pockets with thousands of dollars of stolen money!
But AOL subscribers are not the
only Internet users under attack. We all are, and we're just as
likely to get these phony phishing spam emails as anyone else. The
cyber criminals are very adept at creating new ploys to seduce and
All the more reason to learn all you can about their methods.
Forewarned is Forearmed. The "MASTER E-COURSE in IDENTITY THEFT and OTHER
SCAMS" will fully arm youwith all of the vital information
you need to secure your identity, know where to turn, what to do,
and how to respond if you ever have the sad misfortune of
becoming a victim.Sign up for your
free eCourse in the July 1 post below.
As I sit here enjoying the American holiday
celebration of the beginning of our Independence, I'm enjoying the
day lazily surfing the Internet. But I'm also getting a bit annoyed.
Are you like so many of us other web surfers? Do you
Read a lot of stuff online?
Subscribe to a lot of
newsletters about your top interests?
Get many invitations in
your email inbox to read or subscribe
to other information sources?
How about invitations to
I get all of those, too;
many from addresses I don't recognize.
If the Subject line looks interesting, there's a possibility that
the message might be of interest, too. (It did get through the Spam
Then, if the message sparks my interest enough to read through to
the end, I might consider taking the action encouraged by the
But! I'm immediately turned off after scrolling down to find out
who sent the message and there is no full name.
I want to know who I'm dealing with.
"Joe", "Jim", "Mary", "Sigfried", from a stranger is not enough to
begin to build my trust.
"Your Friend", "GetRichQuick LLC", "LoseWeight.com" and similar
signatures are even a bigger turn off.
In addition to that, they make me suspicious. Am I being Spammed or
Scammed, set up for a Trojan Horse intrusion, or some other
CLICK DELETE. The question is resolved - and the sender lost an
opportunity to share their information, sign up a new subscriber, or
possibly even make a sale of stuff I could use.
Does this bother you, too? What's your web surfing pet peeve? Care
... Richard Rossbauer |
More blogs about Peeve.
July 1, 2006(Repeated)
A breach in your personal privacy
protection could easily lead to
hackers, online, and offline thieves stealing your identity.
The threat of Identity Loss exists on more
than the Internet. The potential for the theft of our identities is
everywhere around us. Read on to learn how you can protect yourself-
Nearly everyone is aware that Identity
Theft is a serious crime and that people whose identities have
been stolen can spend months or years - and their hard-earned money
- cleaning up the mess thieves have made of their good name and
Despite our best efforts to manage the flow of personal
information or to keep it to ourselves, skilled Identity Thieves
use a variety of methods to gain access to our personal data.
Can we fight back? Yes! One of the best ways is to be
informed of the tricks and ploys used by Identity Theft criminals
and to understand how they attack. Forewarned is Forearmed!
And you can be fully armed with all of the vital information
you need to secure your identity, know where to turn, what to do,
and how to respond if you ever have the sad misfortune of
becoming a victim.
There's a lot to know, and you can learn it from our Free
E-COURSE in IDENTITY THEFT and OTHER SCAMS".
With the generous assistance of Victor K Pryles, a popular
media consultant, radio broadcaster, publisher and Author, we
developed this e-course to arm you, your family and your friends
against the devastating consequences of Identity Theft
It really does cover everything you need to know to protect
In fact, it is so meaty with USEFUL, VITAL information each
lesson only arrives every four days - so you can implement what you
learn AS YOU GO THRU THE LESSONS. There are eight lessons, in
After taking this Free course, you'll be protected, wise, savvy and
safe, because you'll learn
* How Identity Theft Occurs
* How to prepare your defenses
* How to tell if you're a victim
* Immediate steps for victims to take
* Where and How to get your free Credit Reports
This is a Free course for followers of my Security Alert Blog,
newsletter and website and you will not get any commercial
announcements after registering for it.
After you send your blank email, you will be
sent a CONFIRMATION email. Click the link inside to
start your E-Course. This way, no one can sign you up without your
I do hope you sign-up and share it with
your family and friends. You can print each lesson and have your own
hard copy of the manual, or you might prefer to share the email
address above so your friends can get their own lessons.
It's Free to them, too.
PS. When you receive your first lesson, Victor will give you a
Complimentary copy of: "The Top 501 Most Inspirational Quotes!" from
his "ilovebooks" book club. In the meantime, you might like to check
out some of his other inspiring books in his
I'd like to hear from you.
Your comments are really appreciated. Try to avoid anything inappropriate (hateful, abusive,
explicit, etc.), they'll be deleted before posting.
Please stick to the theme of "Security Awareness and Safety on the
Internet'. Your email address will never be displayed and will not
be shared with third parties.
.... Richard Rossbauer
July 1, 2006 (UPDATED) Use RSS
add current Web Feeds to
automatically update your daily reading lists
More and more of my favorite websites, newsletters and blogs
Now, even more display the
button. Clicking on it automatically adds that feed to my personal
MyYahoo page. If you don't have a Free 'MyYahoo' page, it's very easy to get one from the Yahoo site.
The same is true for
Using RSS feeds has saved a lot of time!, I don't have to go on a search for the latest
information published on my favorite sites -- every new bit of information, post, or
announcement appears in my RSS Reader. (The new IE7 browser is expected to
refer to these as "Web Feeds.")
After you put the first Web Feed into you RSS Feed Reader and have
up-to-date notices delivered to you without worry about
opening an email notice, you'll appreciate how great this RSS stuff
really is. Try It. You'll enjoy it!.
Subscription to the Security Alert News Reporter
Newsletter with periodic updates on the latest
events and issues affecting your
personal security We Value Your Privacy
Click Button to Read a recent issue and subscribe