Security News and Tips

Some of the latest scams to get you to download spyware into your computers

Here are some of the latest scams trying to trick you into installing malware onto your computer

Emails claiming to have video you can watch showing the "latest news" about sex scandals involving the presidential or vice presidential candidates.
Greeting cards from "Good Friend" or "Family Member" that install malware instead of or in addition to displaying a card. For more information: http:⁄⁄www.snopes.com⁄computer⁄virus⁄postcard.asp
Many greeting card sites sell the email addresses they get to spammers, so be VERY careful when you go to a site to send a card to a friend. Even if the site pledges it won't sell the addresses, it doesn't mean that the company that buys them out won't sell the addresses.
Microsoft Security updates to special people via email! Microsoft does not update software by sending you emails with security alerts!
Notification of a failed package delivery and asking you to click on the invoice and reschedule delivery.
Offers to protect you from spam and email fraud!
I haven't seen this yet, but fully expect that people will play on the current economic fears by pretending to protect you from banking or mortgage problems, or to safeguard your deposits or pretending to be the government wanting to help you if your bank has problems.

What we can learn from Sarah Palin's Email account hack

One of the security holes that have often amazed me is the use of "security questions" by banks, email providers and others. I call them 'insecurity questions". I've never understood how they can be such fools. The purpose of these questions are to bypass the password for your account. Think about this for a moment. These questions are often used if you "forget" your password, or someone calls or emails claiming to be you, and doesn't know your password. These questions are essentially alternate passwords. Yet they are frequently questions like, "where were you born?", or "What is your mother's maiden name?". If you answer correctly, then those answers can often be found on the Internet or guessed.

In Sarah Palin's case, the question was, "Where did you meet your spouse?" The answer she put in was "Wassila High", which the hacker guessed on the third try. It has been widely reported that she met him in high school in Wassila. Once he'd made that guess, he was allowed to reset her email password and have access to the account.

Whenever you are asked these security bypass questions, always lie! I normally simply repeat my randomly generated password and make sure I have multiple backups of my encrypted password database. I copy and paste my answer into the program. Sometimes, I make up random answers, like Question: "Year your father was born?" Answer: "chocolate covered ants". I don't repeat the answers.

Avoid Re-using the same password

You need to avoid re-using the same password in multiple places. If some low security site get hacked and criminals get your password, they will try and use it at your bank, or Amazon account and other more important places. You need to have a password database program and use it. I've written an article on their use here

Date: October 2008

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Security News and Tips Some of the latest scams to get you to download spyware into your computers Here are some of the latest scams trying to trick you into installing malware onto your computer Emails claiming to have video you can watch showing the "latest news" about sex scandals involving the presidential or vice presidential candidates. Greeting cards from "Good Friend" or "Family Member" that install malware instead of or in addition to displaying a card. For more information: http:⁄⁄www.snopes.com⁄computer⁄virus⁄postcard.asp Many greeting card sites sell the email addresses they get to spammers, so be VERY careful when you go to a site to send a card to a friend. Even if the site pledges it won't sell the addresses, it doesn't mean that the company that buys them out won't sell the addresses. Microsoft Security updates to special people via email! Microsoft does not update software by sending you emails with security alerts! Notification of a failed package delivery and asking you to click on the invoice and reschedule delivery. Offers to protect you from spam and email fraud! I haven't seen this yet, but fully expect that people will play on the current economic fears by pretending to protect you from banking or mortgage problems, or to safeguard your deposits or pretending to be the government wanting to help you if your bank has problems. What we can learn from Sarah Palin's Email account hack One of the security holes that have often amazed me is the use of "security questions" by banks, email providers and others. I call them 'insecurity questions". I've never understood how they can be such fools. The purpose of these questions are to bypass the password for your account. Think about this for a moment. These questions are often used if you "forget" your password, or someone calls or emails claiming to be you, and doesn't know your password. These questions are essentially alternate passwords. Yet they are frequently questions like, "where were you born?", or "What is your mother's maiden name?". If you answer correctly, then those answers can often be found on the Internet or guessed. In Sarah Palin's case, the question was, "Where did you meet your spouse?" The answer she put in was "Wassila High", which the hacker guessed on the third try. It has been widely reported that she met him in high school in Wassila. Once he'd made that guess, he was allowed to reset her email password and have access to the account. Whenever you are asked these security bypass questions, always lie! I normally simply repeat my randomly generated password and make sure I have multiple backups of my encrypted password database. I copy and paste my answer into the program. Sometimes, I make up random answers, like Question: "Year your father was born?" Answer: "chocolate covered ants". I don't repeat the answers. Avoid Re-using the same password You need to avoid re-using the same password in multiple places. If some low security site get hacked and criminals get your password, they will try and use it at your bank, or Amazon account and other more important places. You need to have a password database program and use it. I've written an article on their use here Date: October 2008 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk