Your Daily Computer Security Tips

by Syd Tash © 2009 All Rights Reserved

Over the years, I have often mentioned online or Web banking, usually in relation to another security issue. It has grown rapidly over the last 10 years, and now is quite widespread. Almost half of American Internet users do some online banking. Most think it is safe, and it certainly is convenient. You do not have to actually go to the bank and stand in line, so it saves a lot of time.

But whether or not it is secure is another matter. Hundreds of thousands of bank accounts are compromised each year, and billions of dollars lost, to various types of online attack. It is hard to get a good handle on the losses, because banks are reluctant to publicize the problem, of course.

Banking sites use 128-bit SSL encryption, which cannot be broken (for now). So the crooks and hackers have devised several methods of getting around this encryption. The favorite seems to be phishing attacks. Never respond to an email supposedly from your bank. Do not click on any links within. You could be taken to a site that looks just like your banking site, but is not. It is designed to capture your login credentials, send them to a hacker, and empty your bank account, all within seconds.

Another popular attack is by way of a Trojan Horse keylogger program that has found its way onto your computer. It waits patiently for you to go to your banking site, then captures your ID and password as you type them. Or it adds a few new fields to your banking site. Any information you type in to them goes straight to the hacker, and your account is promptly emptied as before.

There are thousands of these Trojans and viruses circulating on the Web, specifically designed to target Web banking. Their danger and sophistication are rising rapidly, because they are so profitable. Protect yourself from these viruses and keyloggers by keeping your firewall, antivirus and antispyware programs up to date, as well as your Windows or other operating system. Next time you visit your banking site, examine it closely, so you will recognize any unauthorized changes to it.

Phishing attacks are hard to defend against, in that your security programs cannot protect you from ill-advised actions. These social engineering tricks depend on your inexperience, inattention or gullibility to grab sensitive information. Always follow safe surfing practices without exception, whether you do your banking online or not.

Take the time to learn about the security features your banking site offers, and what to do if you are defrauded. Does your bank guarantee secure transactions? How long do you have, to report a loss? Will you get all your money back?

Now here are a few more common – sense precautions. Change your password every month or two. Never use your Social Security/Insurance Number as a password (don’t laugh; it’s happened). When you arrive at your banking site, look for the https://… address, and small gold padlock, indicating a secure transaction has begun. Do not do your banking from a public computer. Do not do your banking with your laptop, over an unknown Wi-Fi network, no matter what security measures you think you have taken.

If your PC is running slowly or acting strangely, do not do any online banking. Update your security programs and run them all. Deal only with large, reputable banks. Use a different ID and password for each account, or each institution. A successful attack could give the hacker some personal information about you, and so contribute to identity theft. Check all your credit/debit card statements promptly and carefully, as well as your banking statements of course.

Whether to use online banking is ultimately up to you. Know the risks and procedures, and how to protect yourself. Here is a final thought: do not keep too much money in your online – accessible account, just in case something bad happens. Keep most of your cash in another account or bank, which is not accessible online.

Syd Tash is a longtime computer security consultant, author, and founder of
The SaferSurfing Project. He has been keeping Web surfers like you safe and secure since the last century. Find out how to keep yourself safe online and do your part for a more secure Internet. Join the SaferSurfing Project here
=> http://SaferSurfingProject.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

© 2009 All Rights Reserved

It is said that there is nothing we can do about the first two, death and taxes. But now, for the first time in history, many of us have to think about what happens to our Internet activities and digital legacy after we are gone. For example, most of us have joined a variety of Web sites, and have several email accounts. Are the IDs and passwords written down somewhere? Would your spouse know where to find this list?

If you are like many people, you probably have dozens, or even hundreds of old emails parked in your inboxes. Have you specified in your will how they are to be handled? I have not, and I bet you did not either. Same goes for Instant Messaging. Some IM providers save all your messages, and make them searchable. But just who will search and dispose of them after you are no longer available?

If your email resides on your computer, anyone may be able to view it, without so much as a by your leave, let alone an ID or password. Anything private in there that you would prefer others not see? I thought so. Now what about all the images you have stored on your PC, or at an online photo-sharing or storage service? What happens to them? Some of your photos may be worth money. Does anyone except you know they exist?

To begin with, you should delete your accounts at any Web sites or email clients that you are not using, if possible. Some email providers will delete or deactivate your account after as little as 30 – 60 days of inactivity. Other programs and Web sites make it difficult or impossible to close your account. Give it a try anyway. Next, do you have a PayPal account? A blog? A Web site that is producing income?

These will have to be sold or terminated by someone who is fairly computer literate, without making a lot of customers mad. Do not forget the domain names themselves. These could be worth a tidy sum, especially if they were attracting a lot of traffic. This needs to be done promptly after your demise, before your ISP cancels them for non-payment of the hosting and domain registration fees.

Here is another sticky area, MP3 players. Your iPod may now hold thousands of songs. If you acquired all this music (or most of it) legally, that is a very significant investment. Perhaps you should mention in your will, who should get your music player. But hold on a minute. You paid cold, hard cash for this music; however, it is licensed only to you. Can you transfer it to another? You should be able to. Legally acquired music should be yours to do with as you please. But the law may not agree. Talk to your lawyer about these issues when you make your will.

Bottom line? We all need to bring some order and planning to our digital lives. This will save our survivors a lot of surprises, headaches and expense. Make a list of all your services, programs and Web sites, and add it to your will. Identify who you would like to wrap up your digital life, and who should get any money resulting from the windup. In the future, only join Web sites you need and will use. Unsubscribe immediately from all others.

Syd Tash is a longtime computer security consultant, author, and founder of
The SaferSurfing Project. He has been keeping Web surfers like you safe and secure since the last century. Find out how to keep yourself safe online and do your part for a more secure Internet. Join the SaferSurfing Project here => http://SaferSurfingProject.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

by Syd Tash © 2009 All Rights Reserved

I regularly caution Web surfers to minimize the information about themselves that they give out on the Internet. Web 2.0 social sites such as MySpace, Facebook and others have millions of users who love to share stuff. And that doesn’t include blogs, RSS syndication of content and other sites that gather and accumulate your information. Each of these may have a profile on you. Like mushrooms, these sites and the data they contain just grows and grows.

Data on the products you use, sites you visit, TV programs you watch, your friends, their friends, etc. are constantly accumulating. Meanwhile the marketers (and crooks) are grinning from megabyte to gigabyte, thinking of all this information just lying there.

You have probably heard of the term data mining. Marketers constantly sift through mountains of data and information to create a profile on you, which can be sold to anyone who wants it. Still, as the saying goes, if you haven’t done anything illegal, you needn’t be concerned, right? Well, I don’t buy this argument, and neither should you. We all have a right to our privacy and security. We have a right to assume that our info will not be sold and distributed without our knowledge and consent.

This is becoming more serious because there are moves afoot to link, compare and collate those huge databases where your information resides. Your buying habits, work history, driving record, medical, criminal and credit records and marital and family status may have all been stored separately. But what if they were all pulled together into one comprehensive profile? Would that make you uncomfortable? I thought so. Remember, a computer never forgets. Google has a long reach and longer memory.

If you are reading this in a modern, Western democratic country, do not think you are safe. The less governments know about you, the better, as long as you fulfill all legal requirements, of course. In fact, if you are preparing to search for a new job, get a mortgage or credit card or even just get a cellphone, you would be wise to invest a few hours on the Web, to see what is out there about you.

But you say you have a stack of credit cards and an excellent credit history? That credit reporting agency could still turn up any black or even questionable mark against you from years ago.

There are several ways to reduce the amount of data you give out as you conduct your daily activities on the Web. You can use a proxy server. This hides your IP address. You can think of a proxy as a computer that sits between you and the Internet. Web sites you visit through the proxy will see the proxy’s IP address, not yours. Check this one out: http://www.privoxy.org It also has filters to block cookies and ads, but these can be complex to set up. Start with the proxy.

Today, Web sites can identify your location. Then they serve up (or deny) various offers. To hide this info, look into http://www.torproject.org But what about that all-important email? Glad you asked. Go to http://mailinator.com to send and receive email without leaving a trace. Their slogan, appropriately enough, is “let them eat spam”.

Syd Tash is a longtime computer security consultant, author, and founder of
The SaferSurfing Project. He has been keeping Web surfers like you safe and secure since the last century. Find out how to keep yourself safe online and do your part for a more secure Internet. Join the SaferSurfing Project here
=> http://SaferSurfingProject.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Today we are going to look at a few ideas to help keep your passwords secure, and help you remember and keep track of them. This is especially important for those of you who use public computers, meaning any PC that you do not control. Public computers include those at the office, school or library, as well as at the Internet café.

Most of us have many different passwords, and we pretty much have to write them down somewhere in case we forget them or in case something happens to us. The usual advice is never to do this, for obvious reasons. But a simple trick will allow you to write down all your passwords on a piece of paper, in a secure manner. Here for example, is how I might write down my Hotmail email account password: Hotmail: *!STbdSN?

This 9 – character string appears to be a strong password. Someone looking at it would conclude it is in fact the password to my account. Wrong. It is a mnemonic, or memory device. To get the actual password, I discard the special symbols *!? and any others I may use, and just keep the letters STbdSN. So is that the password? Wrong again. ST stands for me, Syd Tash, bd stands for birthday, and SN means my son.

So the whole thing reminds me that the real password is in fact my son’s birthday, written in numbers only. If his birthday is Aug. 10, 1980, then the password is 08101980.

Here is another example, with an added layer of security. Say you were born in New York in 1980. Your mnemonic is *?bn!Yr. Again, discard the special characters. bn reminds you of born, so replace it with NewYork, but notice the uppercase Y and lowercase r.

This prompts you to enter 1980 as alternating upper- and lowercase characters. So *?bn!Yr becomes NewYork!9*0, a strong 11 – character password. Pretty simple and neat, right? Now you can leave your “passwords” lying around for anyone to see, and no one will be able to use them!

But this still leaves us with the problem of public computers. You are basically at the mercy of the owner of the network. Keyloggers are a big threat here. These are cheap, readily available programs that are easily installed on a PC, and record your every keystroke. Then the data is sent to a hacker over the Internet connection. Here are two ways to defeat them. First, say I need to enter that password 08101980.

In the password field, I type 08. Then I click elsewhere on the page, and type *?. The characters may not appear, but no matter. Next, back in the password field, I type 10. I click somewhere else and type 99. Finally, back in the password field I finish up with 1980.

At this point, the keylogger thinks my password is 08*?10991980. I have successfully concealed my password even as I entered it. If this seems inconvenient, it is nothing to the troubles you could have if the hacker gets your real password!

Second, use a password manager such as Roboform, which has a basic free version for personal use. It will manage your passwords, fill forms for you and more. Check out the version called Roboform2Go. It installs on a USB drive, fills your login info, and leaves no trace when removed. So you can sign in to your account without a single keystroke, again defeating the keylogger. Go to http://www.roboform.com/ and click Download on the left.

Syd Tash is a longtime computer security consultant, author, and founder of
The SaferSurfing Project. He has been keeping Web surfers like you safe and secure since the last century. Find out how to keep yourself safe online and do your part for a more secure Internet. Join the SaferSurfing Project here => http://SaferSurfingProject.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Most of us assume that since computers solve a lot of our problems they are capable of taking care of their own problems as well. This statement is illustrated by the fact that 76% of computers are inadequately protected against potential computer problems.

Unfortunately, nothing could be further from the truth. A computer requires a lot of care, protection, and preventive maintenance. Contrary to the popular belief, it does not take a lot of time to provide basic care and protection to your computer. And you need not be a computer expert in order to achieve this goal.

The first step to solve computer errors is to understand what causes these errors. This article attempts to provide an insight into what causes some of the common computer application errors and simple solutions to these problems.

Efficacy of a computer is dependent on the type of applications installed on it. Each application is supposed to help us perform a particular job in an efficient manner, thus making us more productive. Most of the computer applications use EXE or executable files to achieve these tasks. An example of an EXE file accomplishing a task is the iexplore.exe file that is used to launch the popular Web browser Internet Explorer.

1. Application errors may occur when a specified process required for running that application fails to meet one or more conditions. For example, you may face the ikernel.exe application error due to a fault in memory chips that have been installed on your machine. So, the first step to resolve application errors requires you to make sure that all pre-requisite conditions are being met.

2. Many application errors take place due to incorrect file versions. For example, consider the ipssvc.exe file that helps Maintenance Manager on Lenovo notebooks in creating private connections within a public network. You may face an ipssvcexe error if the version of Maintenance Manager software is not correct. Incorrect version files tend to cause conflicts with the existing files on the computer and interfere with the normal functioning of the PC.

3. A large number of computer errors, such as EXE errors, are a result of an attack by virus or a spyware. Since EXE files are mainly responsible for ensuring normal functioning of various applications and processes, viruses tend to attack these files with the intention of causing damage. They may attempt to corrupt these files, make undesired changes in them or replace them with dangerous files. Some viruses are also known to make changes in your Windows registry and make it difficult for you to remove them without the help of a reliable registry cleaner. It is critical that all computers must be well equipped with protection tools like anti-virus software and anti-spyware.

4. Application errors are often caused due to our ignorance. For instance, the error may occur when we fail to update our software and operating system on a regular basis. While most of this software can be set to be updated automatically, some may require a little time to update manually. These updates provided by manufacturers of software are intended to make applications more robust and less prone to errors or security holes. It is therefore recommended that you always keep these applications updated in order to minimize vulnerability.