IT Security Blog

Some E-mail Security Tips

By

On-line Communication

How often do you use your personal e-mail? How about your work e-mail? I am willing to bet a huge sum that you can’t even answer those questions because you know that you spend a HUGE amount of time on e-mails. You spend so much time that you can’t even track it – but that’s how it is with most people today. E-mail has become part of everyone’s lives that it is not even given a second thought.

When it comes to security, however, we should give e-mail more than a second thought. Do you know just how many security pitfalls there are when it comes to e-mails? LOTS.

Here, take a look at some of these tips and you’ll realize that you haven’t really been paying attention to e-mail security.

When sending to a mailing list or to many people, use BCC.
B-what, you may ask. You know the two other fields below the TO field? One is CC (carbon copy) and the other is BCC (blind carbon copy). Using BCC means the recipients in the list will not see the e-mail addresses of the other recipients. This is particularly important in the eyes of the recipients who may not want unknown people finding out their e-mail addresses. Perfect situation to use this: when sending forwarded whatnots through e-mail.

Don’t be trigger happy.
That is, when you receive e-mails with links in them, asking you to immediately click on the link for one reason or another, DON’T. Even if you are worried to death that PayPal might close your account for no reason, DO NOT CLICK ON THAT LINK. The chances are that it’s not PayPal. If you really want to make sure, open another window and type the URL manually. Whatever you do, don’t click that link.

Women Better Than Men When It Comes To Online Security (From the Archives)

By

manatcomputerYou’d think that men, who are supposed to be better at maths and similar subjects, would be better at online security as well. According to an online survey, though, the opposite is true. Carrie Anne Skinner reports:

When it comes to online security, men are less savvy than women, according to PC Tools.

Research by the security firm revealed that 47 percent of men use the same passwords when signing up to online banking and shopping facilities, compared to just 26 percent of women.

I can think of several reasons for this. One, men are notorious for forgetting details, and passwords are one of them. If you think about it, it is only understandable that the men would tend to use one password for most of their accounts. Two, men tend to have this feeling of invincibility. It’s that machismo factor that gets them into fights. They think that they’re not going to get hurt. Yes, it happens to others, but not to them. The same article confirms this:

Men have a more cavalier attitude to email attachments, with 60 percent admitting to opening them immediately without checking to see if they are legitimate, but only 48 percent of women do the same thing.

This is not to say that they are not AWARE of the potential threats. In fact, the same study showed that men knew more about the threats than women did. It really is just the attitude that makes a big difference. Well, maybe that’s why men have more viruses and other malware in their toys.

One Out Of Six: Yes To Spam

By

spamLast week, I found myself craving for Spam – the kind that you put in between two slices of nice white bread. The moment I checked my Inbox, though, my feeling towards spam – in general; food or e-mail related – changed drastically. For some reason, I keep getting these e-mails about Viagra and winning the lotto. And I am talking about my WORK e-mail here, not my personal e-mail! Seriously, I don’t understand why these people keep sending out these e-mails when everyone knows they’re SPAM and that they amount to NOTHING! No one pays attention to these e-mails, right?

Well, apparently, some people do! According to a survey conducted by Messaging Anti-Abuse Working Group, 1 out of 6 people in the United States and Canada respond to spam e-mails. I know, this is simply unbelievable, isn’t it?

In this day and age, why would anyone still fall for these scams? Haven’t we learned anything at all? No wonder that these scammers continue to send out their e-mails! I mean, just one or two people who respond to their bait might give them the profit that they are out for.

To be fair, the scammers are getting more and more creative. They also take advantage of the hottest things happening. For example, around the time of Michael Jackson’s death, there was an astronomical increase in e-mails about him – a lot of these were spam. Even those who are normally careful were lured into opening these e-mails and clicking away.

Bottom line: spam might be here for a while. Make sure you are careful and don’t be cocky (like me) – you never know what might hit you!

46 Security Flaws Fixed By iPhone 3.0

By

iphone-appsYup, 46! That is one heck of a lot of security flaws, don’t you think? Considering that the iPhone is being used by a lot of people to go online, it seems quite irresponsible of Apple to release a product that has so many flaws. Still, that has not stopped people from buying the iPhone. Indeed, the major reason people do not get one is the price and not the existence of security flaws. In any case, the recent iPhone 3.0 update has fixed those flaws.

Of the 46, six of the security flaws involve CoreGraphics. Without the update, if a user views a maliciously coded image, the application he is using may terminate suddenly. Alternatively, it can lead to arbitrary code execution. What that can lead to, who knows? Another flaw involves opening and viewing PDF files. Apple provides the same result: either application termination or arbitrary code execution.

There is also a flaw with regard to the mail client. Without the update, remote images in HTML messages are automatically fetched and loaded. There is no option to turn off this feature. With the update, this potential security flaw has been fixed.

Meanwhile, Safari can now be totally wiped clean – history of visited web pages and searches together – by accessing the option in the Setting menu. Previously, only the history of web sites was removed, and the searches remained. Now, iPhone users can rest easy knowing that they’ve left no traces behind.

Of course, there are other features to the updates, many of them not solely related to security.

Beware Of A McDonald’s Survey

By

mcdonaldsPhishing scams have been around for the longest time now, and it still surprises me how creative and imaginative the people behind these scams can be. It used to be that they relied solely on scams revolving around lotteries and stuff. A lot of people have wised up to that tactic, however, and I do not know if there are still those who fall prey to such scams.

This new scam is quite interesting, however, as it is not the usual scheme that phishers employ. They actually have pulled McDonald’s into it – at least by name. What has been reported so far is that an e-mail has been going around, and it contains information about a survey for McDonald’s. Here is the sample e-mail, courtesy of Hoax-Slayer:

Subject: Receive $50 Bonus To Participate In Our Customer Satisfaction Survey Dear McDonald’s Customer,
We are planning big changes for 2009 at McDonalds AU chain of restaurants and because your oppinion is very important to us, we invite you to take a short Customer Satisfaction Survey that will help us improve the quality of our food and services.
We know your time is valuable, so we will give you a $50 bonus just for taking our quick 7 question survey. The entire process will take no more than 5 minutes.

Take the survey (link to bogus website removed)

You can participate in this survey only once.

According to the same web site, the e-mail circulated in Australia. Again, it is FALSE; a scheme to steal financial information from you. Even if you are not in Australia, you might do well to look out for this kind of e-mail.

Cellphone Deals Here…and there…. What’s the catch?

By

phishingSeems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!