Your Daily Computer Security Tips

Do you have one of those newer iPhone 3G cellphones? It comes with a USB power adapter, and that is a problem. Apple says the prongs could snap off, giving you a nasty electric shock.

Apple goes on to advise that you should not use the adapter. Replacements will be available on Oct. 10. You will be able to get one at an Apple store, or order one on the Web.

Countries where the defective adapters were distributed include the United States, Canada, Mexico, Japan and several others in South America.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Back on Sept. 11, I told you about that iTunes and QuickTime (QT) update from Apple. Then last week I mentioned that Apple had to re-release the iTunes update because of a faulty driver that crashed Vista computers. QT is installed on most PCs and Macs.

That QT upgrade repaired nine serious flaws in the media player. Now, barely a week later, a hacker has published the code to exploit another vulnerability in QT.

At the moment, the bug appears to make QT crash. But researchers think it could in theory allow remote code execution, ie hijacking of your computer.

We are up to iTunes version 8.0 and QuickTime version 7.5.5 right now. So far this year, Apple has patched the media player five times, fixing over 30 vulnerabilities.

Until we know more about the latest flaw, be careful where you surf. You can uninstall QT by going to Add or Remove Programs. Or just use another player until Apple fixes this latest problem.

For the last little while, emails have been circulating with a Subject Line that reads something like “Your Internet access is about to be suspended” or similar.

If you open it, the email accuses you of downloading copyrighted stuff illegally. It says your ISP is aware of your activities, and has a record of them. To see it, you are asked to click a link or open the attachment. You are strongly warned to cease these activities or else.

This is spam. If you click on the link within or try to open the attachment, your computer may be infected with malware. This is one more reason, if you needed it, why you should never open or read unsolicited emails. Or at the very least, do not click on any links inside it. Never try to open an attachment in such an email.

Why is this scam popping up now? Perhaps it is because some ISPs have agreed to warn their customers in cases of possible illegal downloads of copyrighted material.

So the spammers, of course, jumped right in to try and trick you. Don’t fall for it.

You’ve heard me say for years not to open spam emails, right? Well, here is one more reason why I give that advice. An email is circulating promising to show you a Barack Obama sex tape.

The Subject Line reads something like “Barack Obama sex story with girls”. If you click the link, you will indeed see a short porno video, not starring Obama. But you will also download a boatload of viruses to your computer, direct from our friends in Eastern Europe.

These include a Trojan that collects your personal information and sends it to a travel site in Finland.

The poor English and a reference to the Ukraine should tip you off that this is dangerous stuff.

Don’t open it. And always practice safe surfing. If you are not sure what that is, go here http://SaferSurfingProject.com and read about my latest book on this very subject.

The American Federal Bureau of Investigation (FBI) is warning that hitman scam is back in a big way. The hacker behind it is sending out a flood of emails threatening to kill the recipient if he does not receive several thousand dollars.

This scam first popped up in December, 2006, then again this last February. Some personal info is included in the emails, to make it look like the crook knows all about you.

The FBI advises that you just ignore the email. Report it to the Internet Crime Complaint Center.

Has Verizon Wireless offered to pay you $750,000 lately? Maybe they have, but as you can easily guess, it’s a scam. You may receive a letter from a company called Verizon Financial telling you that you have won a sweepstakes, and your payment is approved. A worthless check for $4,500 is even enclosed.

All you have to do to collect your cash is cough up a processing fee of $3,200. The letter goes on to tell you to contact a claims agent, who tries to get your sensitive financial information such as your credit card number.

This is not the first time Verizon has been targeted by the scammers. Earlier this year, the crooks were calling consumers in the U.S., promising them a free cell phone in exchange for their Social Security Number.

Yes, these types of scams are old hat, but sadly, some people still fall for them. Don’t be one of them. Verizon has no connection to these criminal operations. If you get a letter or call like this, call the police.

Verizon operates in the U.S., and parts of Canada and Mexico. People in all three countries should be on guard.

A clever attack has been found, that puts URLs to rogue Web sites into your Clipboard. The Clipboard is a temporary area of memory which holds stuff that you copy and paste. This attack works with both Windows and Mac machines. The source appears to be legitimate Web sites that have been compromised. A researcher with security company Sophos thinks Flash technology is being used, because there is a setClipboard command in the Flash software.

Flash is a program used to put video, animation and interactivity on a Web page. It is currently supported and distributed by Adobe Systems.

Once the bad URL has been stuffed into your Clipboard, it is up to you to paste it into your browser address bar. This seems to occur readily enough; many people have been taken to malicious sites selling fake software.

The bad URLs actually take over your Clipboard. If you copy something else and try to paste it, you will still paste the first bad URL. One of the Web sites infecting visitors with this attack was said to be the MSNBC news site. About the only way to clear your Clipboard is to close the browser tab, or close the browser completely.

The two surprising things here are why it took so long to turn up this attack method, and why it exists in the first place. Perhaps Adobe should remove that Flash command asap. I certainly do not want anything put on my Clipboard without my knowledge or consent.

What do you think? Leave a comment if you like. And be careful where you surf. When you copy and paste, examine the result carefully, to be sure it is what you intended.

It has always been possible for a hacker to see the contents of your Clipboard, which is why I always advise you not to copy passwords, credit card numbers or other sensitive information. Want proof? Copy the previous sentence, then go to http://www.friendlycanadian.com/applications/clipboard.htm

Please be patient. This site is sometimes down. If it isn’t, you will see the current contents of your Clipboard.

To at least prevent the bad guys from peeking into your Clipboard, do this in Internet Explorer: Click Tools, Internet Options, Security tab, Internet section. Go down to the Security level box, and click the Custom Level button. Scroll down to Scripting, and find the entry, “Allow Programmatic clipboard access” or “Allow paste operations via script”.

Click Disable or Prompt. Click OK, OK.

Yep, spam just rolls on, in a never-ending wave (sigh). Doesn’t look like I’ll be out of work any time soon…

OK, here it is. Someone is sending out millions of emails looking like they are from CNN or MSNBC. The messages have headlines of current news, and look authentic. They are not. It should be obvious that these news organizations are not going to spam you. Neither are they in the business of spreading news by email.

If you get such an email, do not open it. Just delete it quick. Above all, do not click on any links within, even if you are prompted to do so to install a Flash player or update, so you can see the video. Doing so will install a virus on your computer, and probably enlist it into a botnet to send out more spam.

CNN and MSNBC are aware of the problem, and are trying to get the spammers shut down. When was the last time you ran a full antivirus or antispyware scan? Or an antirootkit scan?

If you cannot remember, update all your security programs and run them. Now.

The hackers and scammers are getting more and more brazen. Recently in Northern Ireland, crooks posing as bank service personnel actually walked into stores and replaced the credit card readers with their own models. These new machines, of course, captured the customers’ debit or credit card number and PIN.

Some 10,000 card numbers were stolen in this manner, before the authorities became aware of the scam. Some numbers may have already been used to empty their owners’ bank accounts. A few banks reacted by shutting down certain cards or limiting overseas withdrawals to 100 euros, or about $146 US.

Why the limit on overseas transactions? Because European cards have a microchip embedded in them. A PIN is also required at the time of the transaction. If a card does not have the chip, the transaction is refused. So the crooks find it easier to drain bank accounts from abroad. They can also make purchases online from anywhere.

How do you protect yourself from this scam? That’s tough. About all you can do is inspect the card reader, and make sure it looks like the usual model you normally use. If not, be suspicious, or refuse the transaction. In any case, your bank should refund you any money lost to fraud.

Someone somewhere has their identity stolen every two seconds. Now that’s scary. Go here to learn more about ID theft:
http://www.identitytheftfixes.com/how_much_do_you_really_know_about_identity_theft.html

You do not have to sign up for a paid service to protect yourself. You do need to follow good, safe practices, both online and off, to safeguard your sensitive information and your bank account.

Read my recent article here:
http://mypcsecurityblog.com/featured/id-theft-checklist-%e2%80%93-please-print-keep

It is a 10 – point checklist you can print out and keep handy.

While we are on the subject of ID theft, here are the three critical pieces of your information that you should never reveal to anyone except your employer, bank, government agency or the like. They are your Social Insurance/Security Number, your date of birth and your mother’s maiden name.

This key information is used to organize and collate information about you. Guard it well.