Archive for Computer Crimes

Steps to help prevent infection on your computer

Here are some tips for PC and Mac users alike — and smartphone users, too. Though there are “few” Mac viruses in the wild, there are plenty of unscrupulous programmers and con-men spreading free fraudulent software and malware.

Take the following steps to help prevent infection on your computer:
  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software.
  • Use up-to-date antivirus software.
  • Limit user privileges on the computer.
  • Use caution when opening attachments and accepting file transfers.
  • Use caution when clicking on links to webpages.
  • Avoid downloading pirated software.
  • Protect yourself against social engineering attacks.
  • Use strong passwords.
Let me elaborate on a few points:
Get the latest computer updates

Updates help protect your computer from viruses, worms, and other threats as they are discovered. It is important to install updates for all the software that is installed in your computer. These are usually available from the providing company’s website. The following are programs I recommend updating straight from the source:

  • Adobe (www.adobe.com):
    • Flash
    • Acrobat Reader
    • Air
    • Shockwave
  • Java (www.java.com): Check this one monthly.
Use up-to-date antivirus software

Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software. If you have a “subscription” for update service, make sure you renew annually. Antivirus, contrary to popular belief, is not free-for-life.

Use caution when opening attachments and accepting file transfers

Exercise caution with email and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources. When in doubt, reply to the sender, assuming it is someone you know, and confirm that they meant to send you the attachment. It’s possible their computer is infected and sent you the file without their knowledge. I’ve seen this happen several timers in the course of a year.

Use caution when clicking on links to webpages

As above: Exercise caution with links to webpages that you receive from unknown sources, especially if the links are to a webpage that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a webpage with harmful content.

Avoid downloading pirated software

Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading “cracked” or “pirated” software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information, see ‘The risks of obtaining and using pirated software‘.

Protect yourself from social engineering attacks

While attackers may attempt to exploit vulnerabilities in hardware or software to compromise a computer, they also attempt to exploit vulnerabilities in human behavior to do the same. When an attacker attempts to take advantage of human behavior to persuade the affected user to perform an action of the attacker’s choice, it is known as ‘social engineering’. Essentially, social engineering is an attack against the human interface of the targeted computer. For more information, see ‘What is social engineering?‘.

Use strong passwords

Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you use a strong password – one that cannot be easily guessed by an attacker. A strong password is one that has at least eight characters, and combines letters, numbers, and symbols. For more information, see http://www.microsoft.com/protect/yourself/password/create.mspx.

Things You Should Never Share on Facebook

Facebook has millions of Americans sharing their photos, favorite songs and details about their class reunions, but there are a handful of personal details that you should never share or post if you don’t want criminals — cyber or otherwise — to rob you blind.

Furthermore, many an ill-advised Facebook post can get your insurance cancelled or cause you to pay dramatically more for it: home, auto, fire, flood, life or other forms of insurance included. Almost everybody knows that drunken party photos can cost you a job; and now experts say debt collectors are switching from phone books to trolling social networking sites to find deadbeats.

Facebook No NosYou can certainly enjoy networking and sharing photos, but you should know that sharing some information puts you at risk. What should you never say on Facebook, Twitter or any other social networking site? Read on…

Your birth date and place. Sure, you can say what day you were born, but if you provide the year and the place you were born too, then you’ve just given identity thieves a key to stealing your financial life. A study by Carnegie Mellon showed that a date and place of birth could be used to predict most — sometimes all — the numbers in your Social Security number.

Home BurglaryVacation plans. There’s no better way to say “Rob me, please” than posting your vacation countdown or your moment of departure or arrival at the airport. Post the photos on Facebook when you return, if you like, but don’t invite criminals to your home by telling them “I’m not home!”

Home address. Great follow-up to the last item, eh? So many people do this though. A recent study by the Ponemon Institute found that social media users were at greater risk of physical and/or identity theft because of the information they shared. In fact, some 40% listed their home address; 65% didn’t even attempt to block out strangers with privacy settings; and 60% said they weren’t confident that their “friends” were really the people they know, or even that they fully trusted them either way.

Katie Furlong 2009 FacebookConfessionals. You may hate your job; lie on your taxes; or be a recreational drug user, but Facebook is not the place to let it all out. Employers commonly peruse social networking sites to determine who to hire and who to fire.

Need proof? Just last month alone there were two such cases. In the first case a prison guard at the Lebanon Correctional Institution in Ohio was fired after posting a threatening comment about the state governor; and in Winfield, West Virginia the mayor fired the local police chief after his son posted a disparaging comment about a teenager who had been struck by a train. Last year a NYC teacher was fired after posting a comment that she thought some of her school kids should drown. (A Manhattan judge recently ruled she should be given her job back).

A 2009 Proofpoint study showed that 8% of companies with over 1,000 employes had fired someone for “misuse” of social media.

Password clues. If you’ve got online accounts, you’ve probably answered a dozen different security questions, telling your bank or brokerage firm your Mom’s maiden name; the church you were married in; or the name of your favorite song.

Got that same stuff on the information page of your Facebook profile? Are you playing games where you and your friends “quiz” each other on the personal details of your lives? You’re giving crooks an easy way to guess your passwords.

Maybe it’s time to review your social media profiles?

Thinning out the Inbox

On April 30 I posted an article Make May Day “Unwanted Email Unsubscribe Day” with tips on clearing your Inbox of unwanted email — not spam, but subscriptions you signed up for, but no longer had an interest in. The article was well received and it received a few comments, too.  (Surprisingly I received a lot of email about it).

One great comment came from David Bondelevitch at dB’s Blog, who said:

Not just the inbox; every once in a while I will run a search in my trash for the word UNSUBSCRIBE and click on most of them.

Be careful though, some e-mails use that link to phish, and all you are doing is confirming to them that it is a functional e-mail address.

Today, I am still thinning out the Inbox and unsubscribing to several emails.

I am also updating my subscriptions, too. Some of the email addresses I subscribed with are addresses I’m not interested in using as much as I used to. So in some cases I am going back the original signup web site and updating my subscription details.

Some of the companies I receive mail from have taken this into consideration, and they’ve included a “Update your Preferences” link at the bottom of the email. Some other haven’t prepared for this possibility. In extreme cases, I have had to unsubscribe one address and resubscribe with another.

So keeping the Inbox thin is just like keeping yourself thin. The work never ends, it’s an ongoing process.

Make May Day “Unwanted Email Unsubscribe Day”

I get way too much email. The bulk of my email isn’t even personal messages, but mostly bulk email messages from newsletter subscriptions, web site and online shopping offers, fan site updates, business networking updates, social networking updates, Twitter alerts, Facebook notices, etc.

I’ve been getting so many of these that the personal and direct business emails have been getting lost under it all in my Inbox. On top of that, my mail files has become so large that the file became corrupted, and I wasn’t able to delete some messages.

Usually I spend a little bit of time one or two days a week just going through my mail sorting and deleting. It gets hard to keep up with it all, and I am still missing important messages.

I finally concluded: “the best thing to do is to reduce the amount of email I receive”.

So the first of May is tomorrow. Often referred to as May Day, which reminds me of the distress call “Mayday!”. I have made this the day, starting today, that I sit down with my email, take a good look at these bulk mail messages, and I UNSUBSCRIBE to them.

Here’s what I did:

  1. In my Inbox I clicked the top of the column where it says “From”. This sorts all my mail into groups of people and organizations.
  2. Then I scroll through the list looking for the biggest groups. These probably send to me every single day of the week.
  3. If I don’t want to see their emails again, I open one and scroll down to the bottom to find the UNSUBSCRIBE link. Bulk mailers are supposed to include an unsubscribe link.
  4. I click the link, which takes me to their web site where I am clearly offered an option to UNSUBSCRIBE, or they notify me that I will no longer receive their emails. (They have 10 days to comply according to the FTC).
  5. After I’ve unsubscribed I close the email message, and then I delete all the other messages in that group.

So save yourself, your Inbox, and your sanity, and make today your Email Unsubscribe Day!

Here on Long Island. Hacker Admits Guilt, Forfeits $1.65 million

Identity TheftJust over a year ago I reported on the Justice Department’s indictment of 11 “individuals” involved in an identity theft ring that targeted wireless retail networks of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, and DSW, among others. They were charged for stealing over 130 million credit and debit card numbers.

Albert Gonzalez, hacker

Albert Gonzalez, hacker

One of those indicted was a U.S. citizen named Albert Gonzalez, age 28. Gonzalez, under arrest on one ID theft case, had been working as an informant in a second case, and was found to be criminally involved in a third identity theft ring. Over the weekend he admitted his guilt in an older case, and agreed to forfeit assets gained by crimes.  Among his assets were a condominium in Miami, a 2006 BMW, various computers and laptops, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches.

tjxGonzalez was scheduled to go to trial Sept. 14 in federal court in Central Islip, N.Y. His charges included operating a fraud scheme from April through September in 2007, and hacking into computers at the corporate headquarters of the Dave & Buster’s restaurant chain where he stole debit and credit card numbers. He faces 15 years to 25 years in prison.

#1 in Identity Theft Protection

On the second case, Gonzalez faces as many as 35 years in prison.In that case Gonzalez and the other hackers malware and so-called “injection strings” to attack the computers and steal data. They installed “sniffer” programs to capture data “on a real-time basis” as it moved through the computer networks. They used instant messaging services to advise each other on how to navigate the systems. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence.

Homeland Security and Laptop Searches

Image from ARS Technica

Image from ARS Technica. (Click image for article)

This past Thursday, August 27, 2009, Department of Homeland Security (DHS) Secretary Janet Napolitano announced new directives to enhance and clarify oversight for searches of computers and other electronic media at U.S. ports of entry. New guidelines are being designed to reinforce the Department’s efforts to combat crime and terrorism while protecting personal right’s to privacy and civil liberties.

The new directives and guidelines will “enhance transparency, accountability and oversight” of searches at borders, airports, and other ports of entry to the U.S.  Included are new administrative procedures “designed to ensure that officers and agents understand their responsibilities to protect individual private information and that individuals understand their rights.”

Airport laptop search. Image from Center for American Progress.

Airport laptop search. Image from Center for American Progress. (Click image for article)

The DHS further stated that searches are permitted by law and are not restricted to detection of terrorist plans, but are also necessary to uncover possession of child pornography and criminal possession of intellectual property, trademark and copyright infringement.

You can read three reports made available by the government along with this recent announcement. First, the DHS Privacy Office released a Privacy Impact Assessment, which is also available at www.dhs.gov/privacy. This document is designed to improve the public’s understanding of the authorities, policies, and procedures used during searches. It also let’s them know what is being done to protect individuals’ privacy.

(In a related story, the DHS Office for Civil Rights and Civil Liberties (CRCL) will also conduct a “Civil Liberties Impact Assessment” within 120 days.)

Next, additional reports were released by the U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE).  Their guidelines also made mention of searches of iPods and other digital media players, as well as video and digital cameras. Click the links to see the PDFs of the reports.

laptop searchThis is all well and good, but I was a little surprised to learn that out of the 221,000,000 (that’s 221 million) travellers that crossed U.S. borders in the last 10 months that only 1,000 laptops were searched in this period, and that less than 50 of those searches were in depth. That’s about 3 laptops a day being checked out. Typically, the laptop wner is asked to turn on the laptop and demonstrate that it is a working computer, but apparently there are at least 3 PCs a day that require a little bit more scrutiny.

Have you had your camera, iPod, or laptop searched while you were travelling and out of the US? Tell me your story. I’m sure I’m not the only one who’d like to hear it.

Spam Fighting Update

My blog post titled “I’m Fighting Acai Berry Spam Today” from August 14, 2008 is the 4th most read post on Skylarking. It has received a fair amount of commentary since April of this year. The comments have lead me to add an update to the post to clarify the intent and purpose of the article:

This post is about spam in general, using Acai Berry spam as an example. I aim to (1) illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT it is my opinion that web sites can be easier to track.

So my point is that spam is often associated with a web site, and discrepancies between a web site and an email message can often help determine the validity of the email and/or the site.

You can read the updated post and comments here.

Thanks to everyone who has commented, and added their thoughts, ideas, and knowledge concerning the subject. And thank you for leading me to elaborate further. I look forward to hearing more comments and thoughts on the subject.

Truth About Email Petitions

I received the following question just last night:

I received an email telling me that email petitions and chain letters use tracking software and cookies to collect email addresses from anyone who receives that email message. I was also told that email petitions aren’t acceptable by congress like a signed petition would be. Are both these items true?

Well, the first is false, and the second is true.

Tracking Emails and Tracking Software

The only way an email can be tracked is from one sender to the first recipient. If I send an email message to a friend, it is possible for me to be notified when they open the message. If my friend forwards the message to someone else, there is no way for me to tell that has happened; nor is there any way for me to receive the email address of that second recipient, or any recipient after that. So, no, there are no tracking programs of this sort.

BUT, Remember the concept “Six Degrees of Separation”? Erase email addresses before forwarding a message

The idea of “Six Degrees of Separation” says that everyone is 6 steps away from any other person on the planet. Which in my way of thinking means that we are all six steps or less away from a spammer. The problem here being that when people forward an email message they usually leave any previous email addresses in the message, too, plus most people add new addresses of their own when they forward the message. The best practice here is after you click FORWARD and before you click SEND make sure you erase/delete any email addresses that appear within the email message. That is, just before you click SEND, read through the message and erase any email addresses you find in the message. If you don’t, you never know who in the chain knows or is a spammer.

BCC: Blind Carbon Copy Hiding Email Addresses

When you are sending an email message to multiple recipients, use the BCC or Blind Carbon Copy feature to address your message. That is, use BCC instead of TO. An, if your email software says, “At least one recipient is required in the TO field”, then put your email address in the TO field, and everyone else in the BCC field. The BCC field hides the email addresses from the recipients. When the sender uses the BCC field to address an email message, the recipients of that message will see “undisclosed recipients” in the TO field or elsewhere in the message. If you can’t find the BCC feature in your email software, contact your email service provider and have them tell you how to access it. Or you can contact Skylarking and I will help you find the feature.

Email Petitions Don’t Work

That much is true. A genuine petition requires signatures and street addresses. Anyone can type a list of names and email addresses into a petition, but there is no way for the recipient to prove or disprove that those people participated in or knew about the petition. It is best that each individual person email or contact their representative directly, and not as part of some long list of names in an email message. Additionally, you wouldn’t want to include your street address in such a petition, since you never know if that message might eventually end up in the hands of a spammer or an identity thief. After all, most acts of identity theft are performed by the victims friends, co-workers, and family members.




Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

14 year old arrested for texting in school

samsung-messager-now-from-cricket-2Several “news” web sites are carrying the story of a 14 year old girl in Wauwatosa, Wisconsin who was arrested at the school on Tuesday, Feb. 17 for texting in class.

Most of the sites report the story as it was originally reported on The Smoking Gun web site, in that they all wonder if it was necessary for school officials to call the police. Apparently, she has frequently texted in class in the past, and had frequently been told by her teachers to put away her phone.

Wauwatosa, WI

Wauwatosa, WI

Some of you may be thinking, “Wauwatosa!?!  What else are you supposed to do in Wauwatosa?” Don’t get carried away on the rustic name. It’s a city in the Milwaukee metropolitan area.

Of course, the details about the police interaction with the student are telling about the students honesty and trustworthiness:

1. The girl repeatedly denied having a phone on her person, but a subsequent frisking of the girl revealed a cell phone hidden in the back of her pants.

2. When asked for her mother’s phone number, the student gave several false numbers, just off by one or two digits before finally offering the correct phone number.

    Regardless of whether or not you feel it was necessary to call the police, it is clear that the student has problems with self-discipline and honesty. Texting in class is just another impediment to getting the most out of your education. Apparently she was texting in her math class, too. Tonight, she can show her parent’s how to deduct $268 from their bank balance for bail on disorderly conduct. It would be interesting to know what her grades are like, in general, and I’ll venture a guess she was texting other students in the building.

    Granted, people will say it’s the parent’s responsibility to teach their kids better, but when they fall short of that goal are the rest of us supposed to excuse the child’s actions and say, “It’s not the kid’s fault. Their parents should have done better.” I don’t think so. In this case the crime is minor, and due to her age it will probably be sealed, so details won’t come out later. Perhaps if she learns anything from this incident she’ll turn around and have her record cleared later.

    In the meanwhile she’s been held on $268 bail for disorderly conduct. Hopefully her mother will discipline her appropriately, and, hopefully, the child will learn something valuable from this.

    Of course, she’ll probably enjoy the fact that she’s been barred from the school grounds for a week. Now she’ll be able to text her friends from the comfort of home unless her parent’s choose to take the phone away from her. Barring her from school was probably the most unnecessary punishment for her in this case.  She probably has enough class time to make up for already.

    Those of you who are reading this on your cell phones in class or in the conference room at work probably think I’m nuts.

    ————————————————————–

    For more on the story check out TG Daily, Fox News, and The Smoking Gun. Read the Houston Chronicle’s report on the Etiquette on texting. Got an opinion? Post it as a comment below.




    Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

    News Stories I Passed On This Week


    How’s that for a headline?  There were a few stories that popped up the past few days that I could have written about, but, ultimately, I decided not to write about them …. until now.

    Two stories were Apple related:

    Mac Sales Slow (Tuesday, Dec. 16)

    macThe Wall Street Journal and various other news sources reported a drop in sales of Mac computers in November 2008.  According to the NPD Group, computer sales overall increased by 2 to 7% over the previous year, but Mac sales dropped by 1%. Though they did note that it desktop Mac sales dropped by 35% its sales of laptops compensated for it.
    Other companies such as Dell and Hewlett-Packard saw a growth in sales due to the rising popularity of the ultra-portable, ultra-mobile netbooks. Mac, on the other hand, did not have a comparable product on the market.

    Apple Announces Its Last Year at Macworld (Tuesday, Dec. 16)

    Steve Jobs, "not to be", at MacWorld

    Steve Jobs, "not to be", at MacWorld

    macworld-logoApple announced that 2009 is the last year the company will exhibit at the Macworld Expo, and it will be Apple’s last keynote at the show. In the past the big speaker has been Steve Jobs, but he has cancelled his appearance at the Jan. 5-9, 2009 event. Philip Schiller, Apple’s senior vice president of Worldwide Product Marketing, will deliver the opening keynote instead.
    Apple is scaling back appearances at trade shows overall, but they plan on hosting their own events instead. This isn’t so surprising as other Apple products have greater popularity these days than their computers. Most notable are the iPhone and the iPod.

    One was about a favorite monkey…

    Monkey Tales Plagiarism Exposed

    Monkey Fables and Tales

    Monkey Fables and Tales

    Charlie Hatton

    Charlie Hatton

    Well, this isn’t really news, but you may recall I reviewed a blog entitled Monkey Fables and Tales back in Sept. 2008. I hadn’t looked at this blog in a few weeks recently, and when I went to read it earlier this week, I found it was gone without a trace. It turns out that the blog had been copied almost word for word from Bosten stand-up comic Charlie Hatton’s web site “Where the Hell Was I?” Charlie’s little known site had been idle for some time as he was involved in other projects. Meanwhile, Monkey Tales had become a favorite of the Entrecard link circuit which was the site of a conversation on just what became of the monkey.  Charlie Hatton was a participant in the conversation.
    I often wondered about Monkey Tales silence amidst so much commentary from fans. The charade may explain it all.  Bloggers are now wondering if Charlie Hatton will write again. For now, you can read Charlie’s retelling of how he found out about Monkey Tales. Other stories can be found at My Dear Hard Drive, and at Lainy’s Musings and there are others. Bad, monkey, bad!

    Internet Explorer Emergency Patch Released (Wed., Dec. 17)

    Okay, I did write about this one. If you didn’t read it, here’s your chance to read about the Internet explorer patch and why you should get it now. And check up on your antivirus software while you’re at it.


    Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.