Phishing

On the Internet people lie to you all the time. Back in April, I wrote that the most important aspect of Defensive Computing may very well be skepticism.

For the second time in the last few days, I received a phony e-mail message purporting to be from the package delivery company UPS. A skeptical person would have deleted the message, and good thing too, because odds are that anti-malware software on a Windows* computer would not have protected the trusting or inexperienced user that believed the scam.

The first thing to be skeptical of is the From address. Never trust … Read more

In response to the recent DNS problems on the Internet I had earlier suggested changing some network configuration parameters to use the free OpenDNS service.

As I did this myself for a number of machines that I maintain, the question arose of verifying the change. That is, how can someone, particularly a non-technical computer user, ensure that their computer is configured to use OpenDNS?

This is, it turns out, remarkably easy.

Go to www.opendns.com. At the top of the home page, just under the tabs, there will be a message whose content depends on whether the computer is … Read more

All companies have computer problems, how they deal with them separates the men from the boys.

Netflix

When I was away from home recently for an extended period of time, I tried to change the shipping address on my Netflix account. What should have been trivial became a problem because the Netflix web site made assumptions about the format of the address that didn't apply in my case. Every time I entered the address, their system reformatted it. I could not, for the life of me, figure out how to enter the correct address, so I contacted someone at … Read more

The front page of the New York Times today had a story by John Markoff, With Security at Risk, a Push to Patch the Web, about the recent bug in DNS. Being a newspaper, the focus of the story was on news rather than practical advice. In contrast, this Defensive Computing blog focuses on practical advice.

For another introduction to the problem see What you need to know about the latest DNS flaw.

For an online test that tells you if your computer is vulnerable to the DNS flaw see The best test for vulnerability to the DNS flaw. The … Read more

Recently I wrote about Flagfox, a simple Firefox extension that puts a flag in the corner of the browser window indicating the country where the website being viewed resides. Hovering the mouse over the flag displays the IP address (explanation below) of the website and clicking the flag brings up more details, including the city where the site is located.

This can be important because there are many ways to be tricked into thinking you are at, for example, a bank website, when you are really viewing a well-crafted, scam copy designed to steal personal information. Flagfox can go a … Read more

A big part of phishing scams and identity theft is fooling people into thinking they are on one website when they are actually somewhere else. The technical tricks to accomplish this include lookalike and phony domain names, zapping the hosts file, tricks with URLs and assorted attacks on DNS servers. What's a normal person to do?

Flagfox is an unobtrusive extension for the Firefox web browser that offers some assistance by placing a flag in the bottom right corner of the Firefox window. The flag (shown below) indicates the country where the website physically resides.

If you don't … Read more

A group including Equifax, Google, Microsoft, Novell, Oracle, and PayPal, plus nine leaders in the technology community announced on Monday the creation of the Information Card Foundation (ICF) with the goal of increasing awareness of the use of electronic ID cards on the Internet, and encouraging interoperability in business around new standards.

"We need to come together in a neutral body to continue to promote the adoption of this technology," said Paul Trevithick, CEO of Parity and chairman of the ICF.

Information cards are online equivalents of physical ID cards, such as a driver's license. The basic … Read more

We've seen banks, even eBay and PayPal, all targeted by phishers. Now they've turned their attention to iTunes, creating a bogus site that reportedly looks like an iTunes billing page asking for current credit card information.

"We've never seen Apple as the target," Proofpoint's Andrew Lochart told Computerworld on Tuesday. "It's probably indicative that the bad guys see Apple's online presence as large enough to be a target."

In addition to asking for credit card information, the phony iTunes page also asks for one's social security number and mother'… Read more

I recently found myself in an airport terminal with a laptop and time to kill. Not knowing what the Wi-Fi options were, I let Windows XP search for available wireless networks. As you can see below, one of the networks was called "Free Public WiFi". If this happens to you, don't connect to a network like this.

The first two networks are each labeled "Unsecured wireless network". Fine. But the Free Public WiFi network is described by Windows as an "Unsecured computer-to-computer network". As the name implies, this network connects to a computer … Read more