Dangerous Email that’s Hard to Ignore

It may be tempting but you should take the time to question your Email before you open.
A common way computers are infected or compromised has always been a simple yet well thought out deception. It can happen to anyone and the use of social trickery is nothing new. Understanding the victim is all that’s needed to receive their cooperation. 

If you’re thinking it could never happen to me this refreshed couldn’t hurt. You might want to share the examples here with your friends, family and especially your employees. Social engineering has come a long way since the possibility of seeing Anna Kournikova naked.

---

Here’s a common example that has been used to infect computers with the crippling Cryptolocker extortion attack.

This one and variations are going to get more popular as Santa starts shipping his presents. In this example the “From” email isn’t even disguised which means these guys were really lazy. Don’t bother replying because the Email address belongs to someone who has already been hacked and was probably shut down by the time you receive your Email.

Any Email “bait” like this will appear to be a legitimate message. The attacker linked to text and a graphic located at FedEx. The simple line of code below is all that’s needed to display the FedEx logo

<img src= “https:// catalog.fedex.com/images/external/gsi/hdr_fedex.jpg">

This Email from fake UPS is also tempting because you certainly wouldn’t want to miss anything. We all love packages.

---

Human Resources Needs You
Here’s one directed at employees designed to be a standard employment request. In this case, it’s to use the company car. It’s very common to see attachments that appear to come from Human Resources.

The “From” address and even filename has been doctored to make it appear to be from within the company. If the company is large or you’re a new employee downloading and filling in this form may not seem suspicious. It’s not unusual for an attack to be targeted since information on officers and HR managers is easy to find.

---

You’ve Been Reported
I’ve received a few claiming to be from Dun & Bradstreet trying to scare companies into thinking they need to clear their good name.

It’s also common to see fake Emails from the Better Business Bureau. In the U.K. there’s Companies House which registers and keeps track of companies for the Department for Business, Innovation and Skills.

Question Every Email

These phishing expeditions are common and effective in all countries. I generally question every Email even when it comes from someone I know. How many times have you received Email from friends saying they’ve been hacked? If you have any doubts just contact the sender or an official with the company sending the message. My bank has always thanked me for calling. They love to impress customers with their knowledge of security trends.

---

Curiosity Killed Your Job
It’s not unusual to receive messages which appear to be meant for someone else. More than a few attacks succeed because of human curiosity.

 

---

Speaking of curiosity, I’ll end with a newer version of a classic bait and steal scheme.

I’ve worked for companies where discussion of salaries could be cause for immediate termination. An ancient method for infiltrating a company involved dropping an infected floppy disks labeled something like “Employee Salaries” in public places. This “Baiting” is still used but relies on DVD’s, USB Flash drive or SD cards labeled as personal or secure data. Visitors often have access to rest rooms in secure areas. What they leave on top of a towel rack could be more dangerous than high explosives.

I’m sure what I’ve discussed isn’t anything new but you may know someone who would benefit from this lesson. Share these examples along with  a healthy dose of paranoia.  The data you save may be your own.

In the News:
The Windows Club shares how you monitor changes to ANY registry value in Real-time.

WinPatrol PLUS For Everyone Just $2

About once a year I go crazy and try to introduce WinPatrol PLUS to the folks who have never heard of WinPatrol or have never experienced this small powerful app. For over 15 years WinPatrol has been recommended by friends and family but I never invested in any kind of expensive PR campaign.

USA Today put it best when it said, “WinPatrol may be one of the best kept secrets in computer protection.”

This recommendation came from Pulitzer Prize author Byron Acohido author of Zero Day Threat:...

No More Secrets 
The best kept secret will now be available at such a low price everyone will get the word out and we’re sure to see a world wide increase in the use of WinPatrol PLUS. History has shown once someone understands what Scotty can do WinPatrol becomes the first program they install and one they never do without. You'll never find an offer like this and it comes without any check boxes trying to trick you into installing unwanted toolbars or download managers.

Even if you're using a pirated version of WinPatrol PLUS you can afford $2.00 USD to support its future. Over 30,000 have downloaded our newest  version and the more users we have the more effective our new Community Shield data will be to protect you.

For a limited time upgrading to WinPatrol PLUS can be as low as $2.00 USD.  In countries where the US dollar isn’t valuable this will be an even better bargain.  Due to the extremely low price a 50 cent surcharge will be included on bank credit card orders. This charge will not be applied to PayPal orders or other purchase options. This sale will end August 10th.

WinPatrol helps you understand what's running in your computer and allows you to prevent unwanted changes. It's small, works with other programs and won't slow you down.  WinPatrol was the first program to use a  behavioral approach to detect new infiltrations and Zero-Day attacks.
WinPatrol continues to add unique features that aren’t found in Anti-Virus programs yet works and plays well with others.  It remains the smallest, fastest system monitor of its kind and complements your favorite security suite. Our future really depends on your appreciation of toolbar free software that helps your computer run the way it should.

Click Image for normal size

 
Startup Programs – Beyond MSConfig

Active Tasks – Multiple Selection Allows Mass Killing

WinPatrol Monitors Any Registry Location You Want
Let WinPatrol warn you or tell it to keep your value safe.

Upgrade your computer now for just $2

Honor Those Who Served Before It’s Too Late

Reposted from BitsFromBill.com

This weekend I won’t be cooking hamburgers or driving to the beach. Instead, I’ll be spending time reflecting on the true meaning of Memorial Day and encouraging your contribution to a special 501(c)3 called the Honor Flight Network.

 
Vietnam Veterans Memorial - National Park Service

In honor of those who have served, past and present, I've drastically reduced the cost of a WinPatrol PLUS license. My wish is that any extra funds you might have spent upgrading will be donated to my favorite service for veterans. In 2008 WinPatrol's Memorial Day promotion raised over $1000 that was donated to a local chapter of the Honor Flight Network. 

“Honor Flight recognizes American veterans for your sacrifices and achievements by flying you to Washington, DC to see YOUR memorial at no cost. Top priority is given to WW II and terminally ill veterans from all wars. Honor Flights have been expanded in some locations to include Korean and Vietnam veterans. In order for Honor Flight to achieve its goal, guardians fly with the veterans on every flight providing assistance and helping veterans have a safe, memorable and rewarding experience. For further information, please contact us a (937) 521-2400 or visit us at www.honorflight.org”

I will also be thinking of the families who have sacrificed more than anyone knows. While I personally honor all our friends around the world who served their country, my focus this weekend is on our World War II vets who are leaving us at a rate of 800 a day.

To bring more attention to this cause I am reducing the $29.95 upgrade price to WinPatrol PLUS to as little as $5.00. While you have your credit card is handy I ask you give to the Honor Flight Network making someone's dream come true.  Family Pack licenses are available for $9.99.

Even if you already have PLUS or have no interest in WinPatrol you'll find a donation to Honor Flight Network very rewarding. Your small gift can bring real pleasure and honor to some one with limited time and opportunity.


Even though I lived outside D.C. for many years it was before the National World War II Memorial was built. After the donation to our local chapter I had planned to accompany my father who served on the island of Saipan. Like many, my dad lied about his age to enlist at 15 but passed away before he was able to visit this tribute to his generation.

The trip to our nations capital is a special day thanks to Southwest Airline discounts and local motorcycle groups who serve as an honor guard escorting our veterans to and from the airport. Men and women who experience this tribute have told me it’s like having a personal ticker tape parade down 5th Avenue. 

If you to think about how much you spend on Christmas, Passover, birthdays, Valentine’s Day, Weddings, Mother’s Day it’s not unreasonable to make a meaningful donation on Memorial Day. I promise you’ll feel much better than putting a ribbon decal on your car.

OLPC: My Lack of Activity May Change

I’d like to apologize to all my early readers and supporters. As you can see from this blog content I haven’t been involved with OLPC in many years.

I still have one of my two XO laptops on display in my office to remind me how important innovation is.  Occasionally, someone will ask me about the laptop and I’m proud to show it off.

So why did I drop out of the OLPC community? Well, I found a flaw in the initial premise of providing inexpensive laptops with Sugar running as the operating system.  While Sugar is awesome, it’s not Windows.

Sugar

I decided that kids in poor countries were smarter than we thought.  They didn’t want a computer that seemed like a toy. They wanted a real computer which in even the farthest parts of the world meant, “Windows”.  The youngest users, in the most deprived communities knew about Windows and that’s what they expected.

As it turns out many innovations are ahead of their time. We’re currently witnessing a dramatic change in what we consider a smart device. The “personal computer” is no longer the only device that is available to meet our digital wants and needs.

It still may be to early to predict what OS products will survive the next decade but change is coming. I agree with many who think it’s ok for http://one.laptop.org/ to change as well.

The most popular idea at this time would be a Droid based OLPC. According to news reports XO 3.0 running Droid will soon be available at the original $100 price. This may not be an instant hit but it’s certainly heading in the right direction. A Droid system shouldn’t be the only consideration.

As a fairly new Droid developer any paid apps from BillP Studios will run for free when we detect a XO machine. I hope we can convince other companies to do the same.

So, I am looking forward to a non-Sugar based XO and hope to see a resurgence in the OLPC program.

Favorite Tips for Online Shopping

While I wrote this article originally for my tech blog it seemed important enough to share on other blogs I maintain.

It’s been five years since media coined the term Cyber-Monday but the truth is everyday is a  great shopping day online.  I planned on writing an article about the safety of online shopping but noticed everyone was already doing it.  Many sites provide the same duplicate tips. So I thought I might include some of the best tips and post them along with my favorites.

Eric Griffith wrote a good article for PC Magazine called
11 Tips for Safe Online Shopping. 
One unique tip from Eric was
Don't Tell All
”No online shopping store is going to need your social security number or your birthday to do business. But if a bad-guy gets them, combined with your credit card number for purchases, they can do a lot of damage. When you can, default to giving up the least amount of information.”

It amazes me how many free Email and other password reset schemes still use easy to find information like your high school, pet’s name and birthday. This kind of information is something that you should keep private.  When you do answer these questions make up answers that you’ll remember but aren’t accurate.

---

Corrine at Security Garden wrote her
Online Shopping Safety Tips including,
HTTPS://
”At checkout, the site web address should be https: and there should be a closed padlock there or in the lower right corner of your browser.  If not, forget about it.  You will be giving away your credit card information!” 


Using PayPal with Internet Explorer notice the “https”


Yahoo Online Store using Google Chrome

For years I’ve heard people say they’re afraid to use their credit card online. As long as you see the https your credit card is safer than it is when you give it to the waiter at your favorite restaurant.

---

Webroot's safety tips for holiday online shopping included a tip that doesn’t just apply to shopping.
"Go straight to the site.
Rather than browse to online retailers through a search engine where you may encounter malicious links, type the store's URL directly in your browser.”

The bad guys are experts at search engine optimization and frequently “poison” search results with web sites you really don’t want to visit. Just because a web site is the first or second listed on Google doesn’t mean it’s safe. In many cases, the opposite it true.

---

I have some of my own best tips and the following tip was mentioned in all the articles I’ve mentioned so far.

Don’t use Public WiFi
It used to be only a real hacker with proper tools could capture your data when you used a public WiFi connection. Now the tools are available to anyone so shopping or any use of public WiFi comes with a real security danger. One of benefits of smart phone tethering is you can connect your laptop to your phone for a connection instead of using a public WiFi even if it’s free.

---

Special Check Out Offers
When you order is complete don’t be surprised if you’re offered a survey, free shipping or other offer that promises to take $5.00 or more off your last purchase. If you read the fine print you’ll find this check out offer may actually a membership. By accepting the offer you may be agreeing to being billed regularly for a membership you don’t want or need.

---

Take your time!

Don’t rush. Be sure to check into the shipping policy of the store and/or item you’re going to purchase.

Shipping Costs
There are some nice comparative shopping sites and even apps for your smart phone so you can find the lowest price available. Price isn’t everything.  You’ll want to be sure what the shipping costs are. Some times cost is based on price and not weight. Even if they ship in the same box, ordering multiples of the same item stores will multiply the shipping cost.

Shipping Date
Pay attention and make sure the item is in stock.   Be sure your ship date is well before you the date you need to have it wrapped and under the tree.

Return Policies
Lots to consider here but the one to watch out is the dreaded restocking fee.

---

Three years ago I wrote an article called.
Top Ten Online Shopping Mistakes

Most of those mistakes are still possible including…
False Credentials
”Just because a vendor displays images from the Better Business Bureau or eTrust doesn’t mean they really have been approved.  If buying from an unfamiliar store verify they really do have the credentials they claim.”

---

If you’re looking for a very unique gift to keep you family and friends safe I also recommend the Gift of WinPatrol PLUS. :)

Little Kids on Facebook

The first time I saw my 12 year old grand daughter on Facebook I wasn’t really concerned until I saw that her birthday implied that she was 18 years old.  Thankfully, she wasn’t trying to misrepresent herself. She just knew that Facebook users under 18 have a different experience. It turns out correcting her birth year back to 1996 was a safer experience.

I was actually surprised to see that Facebook took any steps to protect the privacy of 13 to 17 year old kids. Do you think it’s enough? You can guess my answer would be NO! My grand daughter is now legitimately a Facebook member at 13 years old but was still encouraged to access the applications like “Lover of the Day”.

I can’t deny kids and many adults think sharing their private information is the closest thing to becoming a reality TV star. It’s like we’re raising the  Share-It-All Generation. Unfortunately, Facebook shares most of this information with companies who have no physical address or stated privacy policy.

Kids need all the help and direction possible. When it comes to your kids I’m all in favor of  “My Mom is on Facebook”

While this fun video will make you LYAO, if you’re a parent and you let you young kids on Facebook there are few things you should know. Yes, I know many of you are giving in and allowing kids even under 13 to be online so listen up.

First, not only should be a friend of your child, you should have complete access to their account so you can see who they’re friends with and what they post.  Trust me compared to what they might give away on Facebook, you’re not invading their privacy. If they see a screen that says “Allow Access” they should click the little “Leave Application” text and not the big YES button.

If you want to know what happens when they allow an application see my previous post “Who gets your personal information on Facebook”.

Like the video, Facebook is fun and appealing.   Full disclosure:  when my kids were pre-teens they were running Trivia games in online chat rooms. Our computer was in a common area and they weren’t giving away personal information or sharing photos with strangers.  So I can’t tell you what choice to make as a parent but I hope you won’t be afraid to keep your eyes open and teach you kids about what choices they have.

Especially teach your kids to “Think Before You Post” and check out the videos like Everyone.

 

Thanks to Abby, whose son is a Facebook developer, for the link to the “My Mom is on Facebook” video. :)

Spreadsheet for your G1G1 Laptop

The OLPC project has received support from a variety of professionals who have been in the industry for years.  One such elder is Dan Bricklin who is still best known for bringing the spreadsheet to personal computers.

One of the Activities initially missing from the OLPC project was a spreadsheet so Dan has gone to work porting his online Wiki spreadsheet to run on under Sugar on the XO laptop.  Built mostly on Javascript a very early test version is available at http://www.peapodcast.com/sgi/olpc/socialcalc/

 

Click for More Info

I had heard that Google was also working on making their online spreadsheet available but last I heard it wasn’t able to meet the quality and performance requirements.  Meanwhile, others are looking at creating a Python based spreadsheet like the one being tested at http://olivier.friard.free.fr/software/ppss/index.php