IntSecure - Internet Security for Newbies

Staying away from Phishing

2006-02-05T13:27:00.000-05:00

Today I'll be talking about one of the biggest things to hit Email, phishing. And no, I'm not spelling it wrong, when we talk about the Internet term, it's spelled with a "ph". Phishing is when people (or a company) send out Emails (works a lot like spam) asking for the user to update personal information such as passwords or credit cards, but the link they provide you in the email is a fake.

It's likely that the links provided in the Email are fake also. They may bring you to a "mock-up" version of some companies website. I remember sometime this year they made a fake Yahoo! website. It'll trick you into submitted personal information such as your name, address, and even your credit card number. One way is looking at the address. It is common sense to know that if a website is trying to mimik another company, it's fake. For example, Yaho.com is not the same as Yahoo.com (although Yahoo! owns Yaho.com). Sometimes it's easy to know that this Email is phishing. Look at this screenshot from my Gmail:

I don't even have a PayPal account. Luckily, Gmail has a built-in AntiPhishing protection system is it will remove any links in the Email to protect you. Since Gmail has such a great spam filter, this Email didn't even reach my Inbox. But you want to know how to protect yourselve? Here's how:

Look for a personal greeting of some sort. Most companies will only address you by your full name and not just as "User" or "Member".
Never, and I mean NEVER give out your personal information over Email. Sometimes you don't know who might read it. If the Email looks like it is really from the company, visit the companies website and look for some form of contact. If you need to, call them or Email them with the Email address they provide. Companies shouldn't even be asking for personal information over Email anyways!
Do NOT download any of the attachments in the Email unless you are 120% sure it's safe and you know it's from someone you know (like close friends or family). Trust no one.

If you think you are a victim of a phishing attack, change your password on the official company website and report the phishing scam to the official company. Should you have been fooled into giving away your credit card, contact your credit card company and have it locked out.

If you need a AntiPhishing tool, I suggest the Netcraft Toolbar (works with both Firefox and Internet Explorer. Microsoft also has an AntiPhishing toolbar for Internet Explorer and there's a built-in AntiPhishing program in Internet Explorer 7.

It's Alive!

2006-01-28T18:35:00.000-05:00

Greetings everyone, my name is Alex Morganis and I run the AMCP Tech Blog. I was invited by Kent to start posting here again. I know that IntSecure hasn't been touched in months, but I'm head over heels excited to be working on this blog. Expect some really great posts focused on, you guessed it! Computer Security.

Until next time,

Alex

Back for Now

2005-06-22T17:26:00.000-04:00

Hello visitors just wanted to post again in some of my spare time to explain to why we are not posting as much. We've decided to open up a main site and are currently working hard on the design and content.

The main site will have such features as

Security Software Reviews
Help Forums
More Quality Content
Dictionary of Comptuer Terms
User Polls

and much more....

You can visit the new site here: http://www.intsecure.com
(But you will have to be patient and give the DNS's some time to propegate the site across the net.)

We are looking forward to posting again and hearing from you all!

The IntSecure Team

Covering Your Tracks

2005-06-16T23:53:00.000-04:00

Whenever you browse the internet no matter what browser you use, you leave tracks on your computer which can tell anyone looking in the right spots, exactly where you have been and in some cases, what you have been doing there. This is why you need to clean up after yourself if you are using a public computer and also if you think someone might be spying on what websites you visit.

The remnants of websites you visit include the temporary internet files, cookies, and just a simple list of all the websites you visited. Temporary Internet Files consist of files downloaded from sites including images and actual content pages. For example when you visit any website, while the page is loading all the images and text that you see, is downloaded onto your computer so that you can view it. You can find out exactly what cookies are here.

Its easy to clear up this trail left behind by simply activating the browsers cleanup function or by disabling it entirely. This differs from browser to browser so you will just have to explore to find out where to go exactly. But doing this does not always remove everything you would like it to, as some cookies and files can be left over. Which is why I would recommend using a 3rd party application like Webroot Window Washer.

This program will assist you in cleaning up all the recent activities, and not only those which are associated with browsing the internet. This program does all of the following:

Safely and easily deletes extraneous files and folders that clog your computer's hard drive. This frees up space to increase PC performance.
Cleans up free space so fragments of previously deleted files are removed.
Allows you to choose the cookies you want to keep to optimize your Internet experience.
Instantly detects and cleans hundreds of popular programs.
Includes "bleach" as an added security measure that completely overwrites files, making recovery impossible.
Safely and effectively erases the contents of your hard drive so that you can donate or sell your computer with the knowledge that your private data is protected.

There are also many other programs out there that can do similar things, so Google it and have a look around. Let me know if you find any programs you think are worthy.

"Routing" for Dial-up Security

2005-06-13T14:14:00.000-04:00

We had an email recently regarding the "Routing" for Security post, and the question was if you could use a router on a dial-up connection. The response was large enough that it warranted its own post. The original question was:

Concerning your blog on June 6 "Routing" for Security
Is it possible and or advisable to use a router on a
dial-up connection?
Thank you for your response.

Yes it is possible and advisable if you can get your hands on the hardware. While it isn't possible to use today's broadband or Cable/DSL routers for a dial-up connection as they do not have the required hookups, there are products out there that support what you are looking for. The market these days is obviously not geared towards dial-up internet access and therefore little support to no support exists and it could be tricky to get your hands on some decent hardware.

Webramp is a company which used to manufacture just what you were looking for until they were bought out by Nokia. Located here (http://www.webramp.com/support/index.html) click on any of the products under the analog heading. These are dial-up routers. You can no longer purchase these unfortunately, but if you have a search on eBay you can usually come across one of these products or other similar ones made by other manufacturers like 3Com.

One thing to watch for though, is that some of these products require you to have an external modem with a serial DB-9 or a serial DB-25 connection in order for it to work. Mainly the Webramp products have this requirement while 3Com normally has a modem built directly into
the router itself.

I found this product by SMC (Amazon.com) which is actually a broadband router with a dial-up backup. I'm sure this could just be used as a router for dial-up but it does also require an external modem. This product is still being sold on Amazon but I would only recommend using this if more appropriate hardware cannot be found.

My best recommendation though, is that you have a look on eBay for a "dial-up router" and a "dialup router". I have included both those quotations to use as a search query on eBay as they bring up different results depending on how the seller spells dial-up. You may also try modifying those searches more too. I saw a 3Com dial-up router with 2 built in dial-up modems which might be the best option, however I have not actually used these products myself so I
cannot guarantee any success. I just hope this gives you a little more information and a place to start if you are seriously considering this.

There is also one other option, but it would require some advanced knowledge concerning networks. It would be to use an older PC that you may have kicking around somewhere and installing some proxy software on it that would act as the router. You would connect your modem and all the required hardware for your dial-up internet access and also you would connect your personal computer to it through a regular RJ-45 network connection. This option as I said though, would require a lot of knowledge in order to get the proxy software setup and working properly.

It was a good question because you would normally think that getting a router for a dial-up connection is pointless because the main feature of a router is to share one internet connection between multiple computers. I would image that if you did attempt to share a dial-up connection between 2 or more computers that it would become really slow, but if you look at the security features of a router, and depending on its price it could be a very beneficial purchase.

Cookie Security Internet Explorer

2005-06-09T18:06:00.000-04:00

This post is a follow up to Learning and Understanding Cookies where I explained how the internet uses cookies to store personal data of websites. Today I will explain how you can partake in safe cookie exchanging among websites. We will look through privacy settings of our web browsers and learn how they will help keep us safe.

Settings in Internet Explorer

Navigate to Internet Options by either opening Internet Explorer>Tools in the top menu bar>click Internet Options

or

My Computer>Control Panel>Switch to Classic Mode button on sidebar>Internet Options

In internet options we want to click on the privacy tab to locate our cookie settings. You screen will look something like this :

From here we see a slider bar that lets us navigate to 6 settings but before you understand how these settings work you must be educated on first and third party cookies.

First Party Cookies: These cookies are left on your machine by the host website you are visiting at the moment. So for example if you visit http://www.internetwebsite.com and you get a cookie from them called internetwebsites.txt

Third Party Cookies: These cookies are left on your machine by another website one that you are not visiting at the time. For example you are visiting http://www.internetwebsite.com and you get a cookie from http://www.anotherwebsite.com called anotherwebsite.txt this is a third party cookie. This cookies are usually present through advertising on the site from another website.

Compact Cookie Privacy Policy: Part of website code that contains privacy statement stating how the cookie is to be used.

So your goal is to pick a setting in the privacy tab that best matches your security needs while browsing the internet. Basically you want to make sure third party cookies have compact cookie privacy policies and you want to make sure this cookie isn't trying to get access to personal information stored on your computer. You also want to make sure first party cookies ask for consent before trying to use personal identifiable information. I believe medium or medium high are good settings to pick providing you have a spyware scanner to protect you from such bad cookies as the Atlas cookie, Bluestreak cookie, and Passport cookie.

I am currently testing out some software for better cookie protection and will share it with you once I am concluded the testing.

If you want more information check out this link

Source:
Cookie FAQ

Blogging About Blogs

2005-06-07T18:37:00.000-04:00

We are listed at Blogging About Blogs a great site that identifies great blogs on the internet. I suggest you check it out and view all the great work and effort people put into their blogs. Thanks to Ken the webmaster of the site please visit through this link:
http://www.incredibleblogs.com/

"Routing" for Security

2005-06-06T21:13:00.000-04:00

There is no way around it, you need security. In your home, your car, sometimes on your person, and in this day and age, on your computer. But you have to take so many steps just to ensure your safety. Install the anti-virus, install the anti-spyware, install the firewall, monitor startup and process lists for unusual entries, filter your email and your web browsing; ridiculous no? Well I have a complete solution for at least one of those and a semi-solution for the remainder. Its called a Router.

A Router is roughly defined as a hardware device which forwards packets of data between two networks. For example the Routers that home users would purchase would become the first and only device that is directly connected to the internet. This means that your computer is no longer the device people would be seeing if they attempted to connect or scan you. And because routers come with a built in firewall, you get your complete solution to having a software firewall installed on your computer, eating up resources.

The other semi-solutions you get with a router are that some viruses and spyware will attempt to call home or allow a hacker to connect directly to your computer through a normally innocuous port. With the firewall in the router, these malicious programs cannot communicate to or from your computer.

It doesn't cover you from all internet risks but nothing can. A router will simply save you from some of the most common and possibly damaging ones. But if you do have the need to allow access to and/or from a certain port or ports, you can easily enter the Router configuration and allow whatever ones you wish. Even if you have just one computer, buying a router can still be very beneficial. Besides, routers these days can be very inexpensive and you certainly don't need a top of the line model.

Tune Up Mozilla Firefox

2005-06-05T15:08:00.000-04:00

So were going to step away from internet security so I can promote a new piece of software my partner in crime has run across that greatly increases the browsing speed of your Mozilla Firefox. The Program is called FireTune and is available free for download to users. To learn more about FireTune and test its speed out read below.

What FireTune Does?

- Optimizes Mozilla Firefox by applying well known configurations that have been tested by experts to improve the speed of Firefox. You can do this by yourself by following a guide at Tweakfactor.com that you can find Here. FireTune just makes it easier for the user and applies these settings for you.

Problems?

- FireTune has only been tested on Windows XP so your are installing at your own risk on any other operating system. It is also recommended that you update the version of Mozilla Firefox before applying the changes. The latest version is 1.04 and can be found at http://www.mozilla.org

Test it Out

- To test if it has improved your speed you may want to run a speed test on your browser before and after here's how you can do that

Clear your browser cache by going to Tools in top menu/options/privacy tab
Go to http://www.numion.com/stopwatch/ and enter www.mozilla.org/products/firefox/ as the URL to do a speedtest on
Write down the speed
Apply FireTune to Mozilla (be sure to backup original configuration)
Clear you browser cache again and repeat steps 2 to 3
Compare times

Before the FireTune I received a time of 4.390 and after 3.250

Download FireTune here

Sources:
http://www.numion.com/stopwatch/
FireTune
Tweakfactor.com

The Windows Registry

2005-06-03T23:43:00.000-04:00

So you want to know about the registry? Well I am going to give the bare basics of what it is, what can be found and few tips to help you out. But before I go any further I must, like all registry tutorials, warn you about the damage you can cause to your system. If you don't know what you are doing or are unsure about something I would advise you not to fool around with the registry as you can render your computer system completely useless and unbootable. I'll give you the basics, but I will not be held responsible for any damage you may inflict.

* EDIT THE REGISTRY AT YOUR OWN RISK *

With that being said, lets get right into it. Under Win95/98/ME, the registry is stored in 2 data files called USER.DAT and SYSTEM.DAT which are hidden on your system (for good reason) and in 2000/XP it is stored in the directories \Documents and Settings\{username} and Windows\System32\config. To edit the registry, click Start, Run and type in "regedit" which will bring up a window like this:

Here you see some funny looking directories but the ones we will be going over are HKEY_CURRENT_USER (HKCU) and HKEY_LOCAL_MACHINE (HKLM). I am sure you can decipher as to what each contains; HKCU has the individual settings for the currently logged on user and HKLM has settings which are required for all users of the local machine like hardware and software configurations.

The main reason I am going over the registry with you, is to show where some spyware and viruses hide themselves so that they automatically start when the OS boots. In order to find these places we need to do a little browsing of the registry. But before we go any further, and if you plan on making some changes, we should backup the registry. Better safe than sorry I always say. There are many different ways to do this and the method you use also depends on what version of Windows you have. Follow this link to find different methods of backing the registry up.

Now, if you are following along then I need you to pick either HKCU or HKLM and find this address within (this will be the same address for both):

\Software\Microsoft\Windows\CurrentVersion\Run

Once you have successfully navigated to this location and clicked on the Run folder, you should see some familiar items in the right hand pane. These are all the programs starting when you boot into Windows. If you should notice something that is unfamiliar then I would advise, before modifying or deleting anything that you check the filename online to see exactly what it is and what it does. The easiest way is to just type the full filename into any search engine. If you think something doesn't belong, just delete it. AFTER THE BACKUP of course. Now these entries will be different for each of HKCU and HKLM, so I would go back to the one you didn't choose and just check that one too.

Some of you might already know this is exactly what MSCONFIG does for you, except in a nice GUI (Graphical User Interface). Yeah, you can use that tool but I prefer using the registry or sometimes even a nice 3rd party tool like this one. Its up to you, but for you more beginner computer users, stick to the GUI tools for now until you have a better understanding of the registry. It can be a very dangerous place.

Sources:
Mlin.net
Back Up Registry

Learning and Understanding Cookies

2005-06-02T14:00:00.000-04:00

So you see this term in your browser setting but you are still unsure what a cookie really is. Well don't worry your not the only one. So today I decided to talk and inform you about cookies and how they enhance your browsing experience and how they can also be a security risk.

About Cookies:

Cookies store important information from webpages you visit and store that information on your computer in the form of a text document. Of course you are unaware of this transaction of cookies from the webpages you visit but you monitor your cookies from your web browser settings. Lets say you enter a website and it requires you to enter information to personalize your browsing experience. Once you have entered the information this information is now saved to a cookie on your computer so when you revisit that website that information you previously entered will still be present. So if you shop online and order a product but don't officially check out yet the next time you go to that website the item will still be waiting at the checkout portion of the website for you. Cookies can also save passwords when you browse and elect for your browser to remember your passwords. This can be a big security risk and I always advise away from allowing the browser to save a password.

Types of Cookies:

Session Cookies - These cookies are only present during the time you are on the website and immediately delete themselves once you've left the website. These cookies are more suited for the website to remember statistics of the users visit
Persistent Cookies - These cookies store themselves on your computer for a given amount of time. These are the cookies that are used to store those personal settings and reloaded everytime you visit that particular site. The advantage of these cookies is it reduces load time of websites.

Problems with Cookies:

The downside to cookies is that websites can store cookies on your computer without you knowing and use these cookies to track your internet activity. It will monitor stats like what websites you visit and website purchases. These cookies are installed by spyware websites and programs and can be rid of by SpySweeper. Cookies that also remember passwords must be protected because if they are intercepted they can be used to gain access to your password protected websites. In a later post I will also talk about how you can adjust your browser to ensure your not vulnerable to getting bad cookies. Here are some other sites that explain cookies check them out: Cookie Guidelines 2/7 , Cookie Definition

Netcraft Toolbar

2005-06-01T15:50:00.000-04:00

I was shown this link the other day to an IE and FireFox toolbar called Netcraft. At first glance I will admit I was a little skeptical as these toolbars are a dime a dozen these days and half the time probably come chalk full of spyware. But after reading through the site for a bit, it seemed like a legitimate toolbar to use against insecure websites and things like Phishing. So I worked up the courage and installed it. The install went fine with no mention of sponsor software and no warning from the virus/spyware protection so things were good thus far. I opted for the IE version as I rarely use it and don't care much if it gets a little messed up.

After the install, everything came up as it should have looking like the image above. So I proceeded to run it through its paces and threw real websites such as eBay and Bank logins, and also a couple links from Phishing emails I had received. It did exactly what it was built to do, in that it displays higher green risk ratings for well known, trusted sites and will display higher red risk ratings for sites not as well known or that show signs of being fraudulent. Other tactics this toolbar employs to show the user pseudo sites, is the date the site was established and where the site is being hosted. So you will know that when you are on a supposed eBay login site where the date shows April 2005 and that it is hosted in the former Soviet Union, it is most likely a scam.

I haven't really had the chance to give it a full look over, but it also provides ways to report phishing scams and a whole slew of services. So give it try if you want, and let me know your opinions by commenting and/or emailing IntSecure.

Source: Netcraft Toolbar

System File Checker

2005-05-31T13:54:00.000-04:00

System File Checker (SFC) is a program included with Windows XP to scan important system files. These systems files are important because they aid in the functional operation of Windows XP. SFC can be a valuable tool to use in your internet security arsenal because viruses and trojans today are known to modify or remove system files causing them to act according to the viruses symptoms. SFC scans these system files to make sure they are original and if they detect a problem like the file has been changed or removed (ie. Corrupted) they will replace the file. Microsoft does this by digitally signing the system file of importance. This is similar to how we have a signature on our credit card to verify our identity and so no one else can duplicate it.

How To Run System File Checker (SFC)

To run SFC go to Start > Run > Type 'sfc /scannow'

This Window should appear and begin scanning your computer:

Problems running SFC:

There are some problems with SFC and during the scan you could be prompted to insert your Microsoft Windows XP disk. The reason this happens is because Windows is searching for a hidden folder named DLLCache. This is a very important folder and Windows has hidden it to avoid users deleting or removing files accidently.

To get around this you can simply insert your Windows XP disk or you will have to copy a folder from Windows XP cd to your computer and change a registry setting which can become more complicated.

Steps to complete this (Do These Steps at your own risk):

Explore your Windows XP cd and copy the I386 folder to the C:/ drive
Go to Start > Run > Type 'regedit' *WARNING Do not change anything else in regedit it contains very important data that is required to run your computer*
Go to HKLM\SOFTWARE\Microsoft\WindowsCurrentVersion\Setup
On the right hand side of the screen select Source Path and check what the Value Data is
I also found more things that can go wrong on this site: www.updatexp.com

Sources:
www.updatexp.com

Virus and Spyware Protection All In One

2005-05-30T17:19:00.000-04:00

With so many new forms of viruses and spyware turning up everyday, its almost becoming a full time job just to make sure you are protected from it all. First you run the update for each program just to make sure all your definitions are up to date. Then you run the virus scanner for about an hour and then the spyware detector for about the same. And maybe if you are still worried, run a few online tests for viruses or spyware. By this time you are about ready for a nap, I know that I usually am. But does protecting yourself have to be this annoying and seem so much like a chore?

I know people that don't believe in running a virus or spyware protection program on their computer because "it takes up WAY too many resources." Yes maybe they are right, these programs do require a lot of your computer, especially during startup. But I am, even more so lately, a firm believer in the use of anti-virus and anti-spyware programs as they are starting to play HUGE roles in internet surfing and email usage. And I have had my share of different programs from Norton and McAfee to SpySweeper and AdAware. Although each of these programs have their own pros and cons about them, I have recently found that none of these programs, whether used alone or together, can rival the protection that Panda Titanium Antivirus provides.

Don't let the name fool you though, as it isn't just an anti-virus program. It's more like an anti-virus and anti-spyware suite. After installing it for the first time, it automatically updated itself no questions asked and then recommended I run a full sweep. (And yes I know some people don't like programs automatically updating themselves so of course, you can disable that feature.) It seem to find a plethora of new and old spyware that had been sitting in my registry and in files on the hard drive which none of the other programs had picked up. I couldn't believe that I, someone obviously concerned with viruses and spyware on my computer, could have so much just sitting there. But its not just through the manually initiated scans that this program picks them up. I am finding that while surfing around the internet, windows will pop-up very much the same as an MSN Toast, letting me know that it has just eliminated a tracking cookie or piece of spyware from the system.

It constantly monitors your system and scans your email during download, but with the TruPrevent Technology it offers, new viruses which have not even been discovered can be blocked. They believe so firmly in this technology that they offer it as a separate product which you can purchase and add on to your current anti-virus software such as Norton or McAfee. Call it cocky, but I think they have reason to be. So if you are looking for some virus and spyware protection all in one, give Panda Titanium Antivirus a try as they even offer their software as a try before you buy.

Online Email Security Features

2005-05-29T20:37:00.000-04:00

I decided to make this post based on a question I received about a month back on how online email services like Hotmail, Yahoo, and Gmail keep you safe. As we all know emails can be a great source of internet threats and can compromise our internet security. In an earlier post Check Email Online First I explained the benefits of using online email services to increase security measures on your computer because your email is located on the hosts server. (Ex. When you use hotmail and someone sends you an email that email is not on your computer it is on Hotmails server). This post is a follow up to that post to explain the security features on these online email services.

Email Filters: Yes
Anti-Virus: No (unless you have Norton or McAfee anti-virus on your computer)
Secure Login: Yes

Pros: Gmail offers a 2 gig email service this is more then enough room to store massive amounts of emails. The filtering system is half decent, after using it for several months now it has blocked a lot of junk mail but a few Phishing Emails have gotten through. You do have the ability to create your own filters but this can be time consuming if your email address is on several spammers email lists and you receive massive amounts of spam.

Cons: Gmail doesn't have an online virus detector which is a big disapoinment considering it is only compatible if you have McAfee or Norton Anti-Virus on your computer. This means if you don't have these anti-virus programs download attachments at your own risk!

Email Filters: Yes
Anti-Virus: Yes Trend Micro
Secure Login: Yes

Pros: MSN Hotmail uses Trend Micros online virus scan to scan through attachments before you download them onto your computer. This is a great feature considering email attachments are such a great cause of internet viruses. They also provide an easy system to report spam emails to Hotmail to further develop there email filters.

Cons: I suppose 250mb of space to store emails is a con considering other competing companies offer a lot more space. In my opinion though 250mb is more then enough space for emails and the online anti-virus service more then makes up for the smaller space. Although some people may say Hotmails email filters aren't that good I have had many accounts on Hotmail that have been compromised by spam and the Hotmail filters have done a good job sorting the good from the bad.

Email Filters:Yes
Anti-Virus: Yes Norton Anti-Virus
Secure Login:Yes

Pros: Similar to Hotmail this has an online virus detector that is very helpful when dealing with file attachments. Yahoo provides 1gig of space similar to Gmail which is a massive amount of space for emails. Another great feature is that Yahoo mail will clear your browser cache periodically. If your unfamiliar with browser cache I will be touching on the subject in a later post.

Cons: Recently a serious flaw in Yahoo online security was discovered you can read about it here. It was discovered and has now been fixed by Yahoo.

Conclusions

Knowing the security features of your online email services can greatly put you at ease when sending and receiving emails. As I pointed out before checking your email online can greatly increase you safety from viruses. I myself prefer Hotmail services because of there online virus scanner and great email filter system. If you are using Gmail remember to have either Norton or McAfee Anti-Virus on your computer. And check out Check Email Online First to have a better understanding on this topic.

Sources:
MSN Hotmail
Gmail
Yahoo Mail

Wireless Network Security; Part II

2005-05-28T20:04:00.000-04:00

To further my last post on Wireless Network Security, I think that users of a wireless network whether commercial or not, need to make it as secure as possible. Setting up WEP and disabling SSID (refer to the first Wireless Network Security post for definitions) are a good step to ensure a secure network, but more can be done.

A MAC address or Media Access Control address, is a number assigned to every single piece of network hardware whether wireless or not, and is completely unique from any other MAC address. We can use this to our advantage, in a way so that you can specify which MAC addresses are allowed to connect to your network, using MAC Filtering. Most routers will come with this option available but it will be off by default as it takes some setting up to ensure that all your network devices can access the network. Also, some routers will allow you to filter both wired and wireless MAC addresses while others will only allow you to filter wireless. Most of the time filtering wired MAC addresses is unnecessary as it requires a direct connection anyway.

All that needs to be done is for you to acquire all the MAC addresses for your wireless devices and enter them into your routers configuration. To find out what your MAC address is, just open up an MS-DOS prompt and type in "ipconfig /all" which will display all the information for every single piece of networking hardware you may have. The MAC address is referred to here as the "Physical Address" and consists of 12 characters separated by dashes into 6 equal parts. For example:

0A-1B-2C-3D-4E-5F

Now that you have all the MAC addresses for your devices, just find the MAC address filter page in your routers config, and enter them into the appropriate box. Save those settings and voila, your network is that much more secure.

More on MAC addresses; they are burned permanently into every network card/device, therefore they are not modifiable. But they can be cloned or "spoofed" with certain pieces of software. So, it would be possible for a hacker to use a different MAC address, for example one of the ones that has been allowed by your router. But this would mean that they would have to have physical access to the device in order to find the MAC address. While it isn't bulletproof, activating MAC Filtering along with WEP Security and SSID Disable will make it very difficult for any hacker to access your network. They would essentially have to have one of the authorized MAC addresses from the router settings, the Service Set Identifier (SSID) and the WEP encryption key. And the likely hood of any hacker getting all 3 pieces of information is very small.

Common Passwords

2005-05-26T23:31:00.000-04:00

So I've decided to go over common passwords that people use to further the issue that
passwords and password protection is crucial to internet security. Computers with these passwords have many security vulnerabilities and are easily hacked. Hackers are well familiarized with these common passwords and there are even worms out that are programmed to scan and attempt to break into computers using common passwords. If your password is on this list or the list of the included website it is advised to change right away using these guides:
Protect Your Password and Password Generator and Tester

Common Passwords:

god
sex
money
love
administrator
admin
adminpw
secret
persons name or family name
digits of persons phone number
dogs name
street name
qwerty

Here is a longer list at another site but those listed are most common: More common passwords

Due to these passwords being so exploited it isn't wise to use one especially for your windows accounts, eBay account, or Paypal account.

A common program used for password recovery and identifying security and password weaknesses is LC5 you can find LC5 at @stake LC 5. This program attempts to crack your Windows password and gives you a summary on it's strengths and weaknesses. This is a great security product but can also be used by hackers to infiltrate your computer. I will discuss LC5 in more detail in a later post.

SO PROTECT YOUR PASSWORD!!!

Sources:
@stake LC 5
GeodSoft Password List

Phishing and Pharming

2005-05-26T14:55:00.000-04:00

Phishing? Huh? I know, I had the same reaction the first time I saw that word. Believe it or not, Phishing is a variation on the word "fishing" where as the bait is thrown out in hopes that somebody will take it. While most people will ignore the bait, there is always somebody to go for it and then they are caught.

But what is phishing? Well, it is when an individual or group of individuals (phishers) send out an email asking for the user to update personal information such as passwords or credit cards. But the link they provide you in the email is a fake. Most of the time its directed to a clone of whatever companies website they are claiming to be, where you can input the information requested and submit it for updating. But the dead give away for these website is the address, as it will not be the actual address of the company, so be watchful. All the site really does though, is save the information you input into a file where it can be accessed and used by the individuals who originally sent the email. Its fraud; a scam; I know. So how can you protect yourself?

The best way for you to protect yourself, is to be VERY watchful concerning emails from companies stating they need your information updated. Here are a few points to be considering while you are reading a suspected fraudulent email:

Look for a personal greeting. Most companies will only address you by your name and not just as User or Member.
DO NOT send any personal information via email. If the email looks to be an official email from the company, I would recommend visiting their website by directly inputting the URL into your browser and looking for some way to contact them either by phone or email, and confirm whether or not this email is valid. But companies should not be asking for this kind of information to be sent through an email because it is unsafe anyway.
DO NOT download attachments from emails unless you are 110% sure it is from someone you know or it is something you are expecting.

If you think you have become a victim of a phishing scam, immediately visit the official website of the company from the scam and change your password to something completely different from the old. The next step would be to report the phishing scam to the company who had been falsely portrayed in the scam. Most will have an email address you can forward the scam email to, so just visit their website and locate one. If the information you gave to the phishing scam was something concerning credit cards or banking information, you must immediately contact your Bank and/or credit card companies to have the accounts locked out.

Now, what is pharming you ask? Well, pharming is very similar in the respect that it falsely identifies itself as some company requesting your information. But, it incorporates a program that may be installed on you computer which directs you to the same false website as mentioned above, but it also makes the address look identical to that of the REAL companies website. This is achieved through methods called DNS Hijacking and DNS poisoning.

To protect yourself against pharming you can employ the same tactics I mentioned above, and also ensure you have anti-virus software installed and that the virus definitions are up to date. Also, run regular checks with some type of spyware/adware detector. Now, some email filters will pickup these malicious emails being sent to you but I believe that not all of these emails will be discovered. Also, official emails from such companies can be misconstrued by email filters as fraudulent so make sure you are still sorting through your junk email.

Here are some other posts relating to phishing and pharming which I recommend you read:

Using MSConfig - Protect Your Passwords - Email Filters

Here is a website I found very informative and it also includes a list of current phishing scams, among other things.

Anti-Phishing Working Group (http://www.antiphishing.org/)

Web Filters

2005-05-25T00:03:00.000-04:00

Have you ever been surfing the internet for a certain topic and then been bombarded by pornographic material. A web filter acts as an anti-spam agent that blocks out content on the internet. It does this by blocking out keywords that are associated with certain topics like drugs, pornography, and violence. Web Filters are a great addition to homes with younger children who surf the internet on a regular basis.

The other benefit of a web filter is you block out a large amount of spyware that can commonly be associated with adult websites. The last thing a user wants is unwanted spyware generated from a site they were forced to visit by carelessly surfing the internet. When searching for a web filter you must ensure it is compatible with your browser. A lot of web filters out there are made for Internet Explorer and can greatly improve it's browsing experience (If you've read the blog you understand I support Mozilla Firefox though)

To test out how a webfilter works check out the test at Surf Control by clicking this: Web Filter Test
To run the test type in a website that may be under a category that you do not wish to view. The results will show the category that site is in therefore proving that a site of this nature will be blocked by using this filter.

Currently I suggest using the filter include in Zone Alarm Pro because I have had the most success with it but you can also check out Surf Pro Web Filter

It is also wise to have email filtering to learn more about this topic check out this previous post: Email Fitlers

*If you have tested other filters with success please comment*

Sources:
Zone Alarm Pro
Surf Pro Web Filter

Site Map

2005-05-24T18:27:00.000-04:00

Browsers
- IE vs. Firefox
- Beware Of ActiveX
- Speed up Mozilla Firefox
- Updated Firefox?
- Web Filters

Email
- 2 E-mail addresses better than 1
- Spam
- Check Email Online First
- Email Filters

Network/Internet
- Understanding The Internet
- Safely Downloading Programs
- Protect your Passwords
- Password Generator and Tester
- Learning and Understanding Ports
- Firewalls
- Monitor Network Activity
- Changing Router Password
- Vulnerable Ports
- Zone Alarm Firewall
- Wireless Network Security

Safety Measures
- Using MSConfig...
- Advantages of Scheduled Tasks

Security Tests
- Popup Blocker Test
- Test Your Internet Security
- Another Internet Security Test
- Using Speed Tests

Spyware
- Adware and Spyware
- Check out Spysweeper
- Spyware Information
- Keyloggers
- Has your Browser been Hijacked?
- Misspelled Website...
- Free Online Spyware Scanners

Viruses
- Viruses
- Virus Removal Tools
- Free Online Virus Scanners
- Virus Information/Latest Viruses
- Virus definitions expired?

Wireless Network Security

2005-05-23T19:33:00.000-04:00

For many of us, the need for greater mobility with computers is increasing. We want to take our laptop out on the deck and enjoy the summer breeze while creating entries in our blogs, or we need an internet connection in the garage to assist us with car maintenance. But would you really want to run an extremely long network cable to every room or area of the house you want to connect? Seems a little absurd, and in some cases nearly impossible. Which is why many of us are now using Routers with Wi-Fi LAN (Local Area Network) or WLAN support. This allows WLAN equipped computers to connect wirelessly with your router and use all LAN services just the same as if you were hard wired. But with the wireless convenience comes great risk. Anyone in the range of your routers wireless signal and have WLAN equipped computers, can easily gain access if you have not taken the proper precautions to secure your network.

Check this earlier post, to breifly learn about WEP or Wired Equivalent Privacy. It basicly means exactly what it says, that your wireless computers can have the same security or privacy as that of your wired computers. But a little work must be done to ensure a good level of security. First things first is to discover where the WEP settings are located on your router. Search around on your router manufacturers website for specific tutorials. Here are a few well known companies:

Linksys Homepage (http://www.linksys.com/)
Linksys (Linksys Tutorial)
D-Link Homepage (http://www.dlink.com/)
D-Link (D-Link Tutorial)
NetGear Homepage (http://www.netgear.com/)

The way you can access you routers settings is by typing its IP address into your web browser and logging in with the username and password (which I hope you changed - click here if you didnt). The most common IP addresses are 192.168.0.1 and 192.168.1.1 but if you arent sure you can check the websites listed above or just open up an MS-DOS window and type "ipconfig" and find the Gateway Address. This address will be that of your router.

Once you have located the WEP settings page for your router, you must ensure you are using the highest level of security that you can. In other words, select the highest bit encryption level. The most common are 64Bit, 128Bit and 256Bit. Once you have selected the highest that your router supports, you can continue on to selecting the actual key used to allow access. Some routers, Linksys ones for example come with a WEP Key Generator built-in and some do not. In either case you can use an online wep key generator.

http://www.andrewscompanies.com/tools/wep.asp

Depending upon which level of encryption you have, the key itself must be a certain length. 5/13/29 characters for 64Bit/128Bit/256Bit respectively. Enter the WEP key in the appropriate textbox or the Key1 box if multiple exist and Click the Apply/OK/Save button. WEP should now be active and any such device that wishes to connect to your router here on, will require the user to input that same WEP key you copied into the router settings, so make sure you write it down to save you from running back and forth.

Enabling WEP on your router is taking a good sized step in the direction of wireless network security. Although this method is not entirely bulletproof as a skilled hacker can, in time, discover what your WEP key is and use it to access the network. But this is better than nothing, believe me.

P.S. Disabling the SSID (Service Set IDentifier) Broadcast option on your router can also greatly increase the level of security because the hacker would then have to know the the SSID and the WEP key. This will disable the ability for a wireless device to automatically discover your network, hence you will have to manually input this into your wireless network setup on the device, along with your WEP key.

P.S.S. You should also protect your WEP key and SSID much the same as you would Protect Your Passwords.

Free Online Spyware Scanners

2005-05-23T18:19:00.000-04:00

I've gathered a small list of free online spyware scanners to help remove dialers, data mines, hijacks, adware, malware, and tracking components. There are many free spyware scanners on the internet but some cannot be trusted and contain viruses themselves when opened. I have tested these three online spyware scanners and deemed them safe but you should always use at your own risk. If anyone else has problems with them feel free to email me.

I found these scanners run best on Internet Explorer because they use Active X but can also run on other browsers like Mozilla Firefox by simply saving and manually running the .exe program.

Here are the Online Scanners:

X-Cleaner (There is also a free download of the program available on this page)
Web-Roots Spysweeper Scan (Doesn't remove spyware only notifies you of spyware present on your computer)
Zone Labs Spyware Scanner

To learn most about spyware you can check out these previous posts:
Spyware Information
Check out Spysweeper
Has Your Browser been Hijacked

Link To Us

2005-05-23T00:42:00.000-04:00

To exchange links contact us at Intsecure@gmail.com
Feel free to link back to our site by choosing one of these options:

Option 1: Small IntSecure Logo

To place this link on your site copy and paste the code below:

Option 2: Text link IntSecure

Zone Alarm Firewall

2005-05-22T13:24:00.000-04:00

If you don't understand firewalls check out my previous posts: Firewalls, and Learning and Understanding Ports

This will be my first review of a firewall that I have used in the past to help my computer and clients stay safe. The great features of zone alarm firewall is its ease of use and user friendly environment. Zone alarm has two versions of their firewall a free version with minimal security features and the pro version which has to be purchased.

Some features on the pro version include:

Stop intruders from accessing your computer
Approve safe programs for internet access
Pop up and internet content blocker (usually this only works in Internet Explorer)
Protects personal data from leaving computer
Email protection from incoming and outgoing threats

Zone Alarm is a great firewall if properly configured for your network needs. Before downloading zone alarm they suggest you use there free scan for spyware in order to remove and have a fresh install of Zone Alarm.

To download the free version of Zone Alarm click Here
For more information on Zone Alarm Pro click Here

Sources:
Zone Labs

Using Speed Tests

2005-05-20T20:17:00.000-04:00

So after you have monitored your network activity and are suspicious of some of the activities running while you are on the internet you may want to run a speed test to check how your speed ranks with what it actually should be. This can give us a better idea if some of those network activities are hackers using your internet connection at their disposal.

I spoke more about how a hacker can use your internet connection on the topic Changing Router Passwords
hackers commonly break into other computers to:

Steal passwords and valuable information
Run programs called bots that they use to attack other computers
Store files
Practical Joke

You'd be surprised on how easily a computer can be compromised and is used as a bot to send mass amounts of traffic to other computers. This causes your computer and the computer the hacker is attacking to run very slowly. So check out this speed test at DSL reports.com and Bandwidthplace.com. Read these steps before beginning

1. Before running the speed test close down all network activities you have running at the present time.

2. After you run the speed test compare your results with your actual connection in the graph.

3. If your speed is slow and you have read Monitor your network activity you will know how to use the program X-Netstat to end the process you think is a threat.

!Do not delete processes!

This can be done by using the Kill button on the top toolbar of X-Netstat to end suspicious process. This will end the network activity for the time being but when you restart the computer it should return. Once the suspicious network activity is terminated run the test again and see if the results are the same.

4. Research the processes using Google and run Virus Scans on your computer.

*Warning* Slow speeds are not always caused by hackers and can be the results of:

Many network activities open on your computer (ie. downloads)
Internet busy with a lot of traffic
Problems with internet connection
On a home network (router with other computers connected)
Problems with speed test servers

Some of these cases require you to get in contact with your Internet Service Provider to resolve the issue.

Sources:
DSL reports.com
Bandwidthplace.com