Monday, April 27, 2009

Swine Flu Phishing Attacks and Email Scams

Original release date: April 27, 2009 at 3:04 pm
Last revised: April 27, 2009 at 3:04 pm


US-CERT is aware of public reports of email scams circulating related
to the Swine Flu. The attacks arrive via an unsolicited email message
typically containing a subject line related to the Swine Flu. These
email messages may contain a link or an attachment. If users click on
this link or open the attachment, they may be directed to a phishing
website or exposed to malicious code.

US-CERT encourages users to take the following measures to protect
themselves:
* Do not follow unsolicited web links or attachments in email
messages.
* Maintain up-to-date antivirus software.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

US-CERT will provide additional details as they become available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.avertlabs.com/research/blog/index.php/2009/04/27/swine-flue-spam/>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

====
This entry is available at
http://www.us-cert.gov/current/index.html#swine_flu_phishing_attacks_and

Sunday, April 26, 2009

Staying Safe on Social Network Sites

Re-Published from United States Computer Emergency Readiness Team
______________________________
Cyber Security Tip ST06-003

The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so you should take certain precautions.

What are social networking sites?

Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.

Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest.

What security implications do these sites present?

Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because

* the internet provides a sense of anonymity
* the lack of physical interaction provides a false sense of security
* they tailor the information for their friends to read, forgetting that
others may see it
* they want to offer insights to impress potential friends or associates

While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack (see Avoiding Social Engineering and Phishing Attacks for more information). Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.

Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer without your knowledge.

How can you protect yourself?

* Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.
* Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines (see Guidelines for Publishing Information Online for more information).
* Be wary of strangers - The internet makes it easy for people to
misrepresent their identities and motives (see Using Instant Messaging and Chat Rooms Safely for more information). Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
* Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.
* Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile. You can customize your settings to restrict access to only certain people. However, there is a risk that even this private information could be exposed, so don't post anything that you wouldn't want the public to see. Also, be cautious when deciding which applications to enable, and check your settings to see what information the applications will be able to access.
* Use strong passwords - Protect your account with passwords that cannot easily be guessed (see Choosing and Protecting Passwords for more information). If your password is compromised, someone else may be able to access your account and pretend to be you.
* Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam (see Reducing Spam for more information). Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
* Use and maintain anti-virus software - Anti-virus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Children are especially susceptible to the threats that social networking sites present. Although many of these sites have age restrictions, children may misrepresent their ages so that they can join. By teaching children about internet safety, being aware of their online habits, and guiding them
to appropriate sites, parents can make sure that the children become safe and responsible users (see Keeping Children Safe Online for more information).
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed to increase awareness.
____________________________________

While this article is from a US government agency, I believe that the tips here are practical and necessary for everyone's peace of mind when using social networking sites.

Friday, April 17, 2009

To save or not to save: Passwords and your laptop

Should you save your passwords in your browser if you log in to websites using your laptop?

I would recommend that you use the password saving option of your browser if you:
  • are careful of websites where you go to
  • are careful of software that you download or install
  • are the only one using your laptop or you are mindful of people who use your laptop
  • clear your browsing history appropriately.
I do not recommend saving your password in a browser if you:
  • are not careful of websites where you go to (i.e., you go to websites which are prone to malicious software, such as porn sites)
  • are not careful of software that you download and install (you might actually be downloading a virus, a Trojan, or a worm).
  • too many people use your laptop and you do not consider how they use your laptop (security-wise)
  • do not clear your browsing history at all.
Security is everybody's concern. The first level of security should start with the user. And forget about hackers. When you consider security, consider virus, rogue virus, spyware, and data loss.

Thursday, April 16, 2009

Free SMS Pre-Event Reminder?

You probably have a cellular phone. It probably has a reminder/calendar/memo function--the one which alarms when the time and date you set it to remind you of something, like to give a speech, prepare a lesson plan, or buy a mouse. That's good.

However, usually, we want a reminder before the event. Most of the phones I had will only remind me that the event is happening now, which is practically useless, because I would have been in no position to make adjustments. Some cellular phones do have one--pre-event reminders--but it has limited capability to have multiple reminder (What for? How about preparing for a speech, when you have to be reminded to write a speech two days before the event, to print it night before the event, and to consider the travel time two hours before the event, and to practice it an hour before the event?).

In any case, another option that you have is to use Google Calendar's SMS reminder. This is a free service.

In order to be reminded prior to the event, you need to do things: 1) Register your mobile phone number; and, 2) Set up the reminder for every event that you are going to enter in your Google Calendar.

Setting up your mobile phone service to receive SMS reminders
  1. To set up your mobile phone service to receive free SMS reminders, log in to your Google (or @post.upm.edu.ph) email. Then click "Calendar" at the top of the page.
  2. Or you can go to Google Calendar's URL, http://www.google.com/calendar. If you have an @post.upm.edu.ph, the URL for the Calendar is http://www.google.com/calendar/hosted/post.upm.edu.ph
  3. Then go to "Settings." The link is found both at the upper-right hand of the page and at the left side of the page.
  4. Click "Mobile Setup" (obviously!).
  5. Enter your mobile number inthe field that says (surprise!) "Phone Number." (as of the moment of this post, Globe and Smart (and their sub-networks, TM and TNT, respectively) are recognized carriers. (Sun and Red subscribers, sorry...)
  6. Select your carrier from the drop-down menu, if applicable. However, if you see the link See Help Center for supported providers, please check if your provider is supported before requesting your verification code.
  7. If your carrier is supported, click the Send Verification Code button, and you'll get a text message on your phone.
  8. Once you receive this message, enter the code you received into the 'Verification code' box and click the Finish setup button.
That's it. Your mobile phone is now set up to receive SMS reminders.

Setting up a reminder
  1. If you have used Google Calendar, this should be easy. If not, just log in to your Google Calendar, select the schedules where the event is supposed to happen. You can do this by clicking and dragging your mouse on the schedules/periods when the event is supposed to happen. This will open a balloon. You can enter there the name of the event.
  2. After entering the event, click "Edit Event Details." This will open the details of that particular event.
  3. When the new page comes up, look at the lower part of the page, where you should see the available types of reminders. Make the appropriate adjustments, and remember to click "Save" at the top of the page.

For more information about Google Calendar and other options, such as setting up the default notification for new reminders and changing reminders, you can go here.

Source:
Google Calendar Help.

Friday, April 3, 2009

Switching to Ubuntu

You have been using a computer and your definition of a computer is a PC. If you are old (and I mean old in computer use context), you started probably with Wordstar 4.0 (like me) or WordPerfect (don't know what version). The last version of Windows you have used maybe Windows 2000, XP or Vista.

You saw ads and reviews of Windows 7. You recently used Microsoft Office 2007. But you also heard of this "free" software called Linux, and you saw the seemingly impressive and Windows-like interface in particular of Ubuntu. You became interested.

You contemplate on switching to Ubuntu. I don't want to talk about the pros and cons, but I guess it can't be helped. I'll just probably discuss basics, then give you some things to contemplate on regarding switching operating systems.

Pros:
  1. Ubuntu is free--like FREEDOM. Read.
  2. Ubuntu is stable.
  3. Technical support is available via paid (Commercial) or via Ubuntu Forums.
  4. Ubuntu is secure. Your computer will not do anything without your knowledge or permission.
  5. Impressive effects (right on the desktop!).
Cons:
  1. Requires learning (but not so much, because the interface is very similar to combined Windows and Mac). Unlike previous Ubuntu versions, Ubuntu 8.10 Intrepid Ibex (that's the codename) has GUI (graphic user interface, meaning menus you click) for everything. You don't have to remember command lines like you may have done with MS-DOS 6.11.
  2. May have compatibility issues (if you were using specialized software, such as non-linear editing software for videos or high-end publishing application like Adobe Pagemaker), but these will soon be resolved as the open source community is working on bridging the compatibility gap fast.
  3. Compatibility issue with people whom you are dealing with.
  4. Takes some effort in finding the application that deals exactly with your issue. This is because of the open source nature of applications in a Linux/Ubuntu operating system.
There are many things to really consider if you have specialized needs, but if you are a typical user of computer--that is, you use a computer to type documents, paste pictures, calculate using a spreadsheet, create presentations, maybe make a few songs or videos, Windows XP and Ubuntu 8.10 are pretty much the same.

Switching?
Now comes the answer to your question. Should you switch? By all means, because I am an open source enthusiast! However, I do not recommend doing so without due consideration. I would suggest rather that you try it without throwing your current system all away.

And with Ubuntu Linux, you can. I did this by running the Ubuntu installation CD inside the Windows operating system.

Doing this is running Ubuntu Linux. You would forget about Windows running on the background because it will run everything that you can do as if it were running solely in your hardware.

While trying it, try to do the following:
  1. Try to do the things that you normally do with your previous operating system.
  2. Think of the worst thing that you would have to do with your previous operating system. For example, running ten applications at once (!).
  3. Try to do the most complicated thing that you have done with your previous system.
  4. In the end, try to do a cost-benefit analysis. Cost would be the learning curve and the effort to learn, and probably compatibility issues. Benefit would be continuous free update, secure system, and learning something new!
Read also the system requirements of ubuntu. As of this writing, Ubuntu 8.10 is the latest stable version, while 9.4 is in Alpha 3 stage.

Bare Minimum Requirements:
  • 300 MHz x86 processor
  • 64 MB of system memory (RAM)
  • At least 4 GB of disk space (for full installation and swap space)
  • VGA graphics card capable of 640x480 resolution
  • CD-ROM drive or network card
Recommended System:
  • 700 MHz x86 processor
  • 384 MB of system memory (RAM)
  • 8 GB of disk space
  • Graphics card capable of 1024x768 resolution
  • Sound card
  • A network or Internet connection (for your updates) (from www.ubuntu.com, accessed April 4, 2009).
I have tried installing the Ubuntu 8.10 on a 4-gigabyte storage, 512-megabyte memory Asus eeePC. It works. However, it has to use a memory card for storage of files.

Happy experimenting! If something fails, you should know where to find me.

Wednesday, April 1, 2009

Converting your files to PDF for free

One of the frequently asked how-to is how to convert an editable file into a non-editable file so that they can be distributed without fear of the file being changed and credited to another person. To me, the simplest way of doing this is to convert it to PDF (Portable Document Format).

The popular software associated with PDF is Adoba Acrobat Reader, and this is free. If you have Ubuntu or similar operating systems, most probably, it would have a PDF reader installed. Simply put, the software to read non-editable files is available and most often free.

However, the software needed to create a non-editable file or a PDF file is not always free. Since we know the software needed to read it in Windows (which is the popular operating system), we might be tempted that the software needed to create it is the same. This way of thinking leads us to the idea that only one company can provide that possibility, and if we continue in that way, we end up with the idea that we have to pay for the PDF creator software of Adobe.

Such is not the case, however. If you just know where to find the appropriate software, there are numerous ways of accomplishing the same objective: converting your file to PDF.

There are two general ways of doing this: Use OpenOffice.Org or download a free PDF-converting software.

Using OpenOffice.Org 3.0 is pretty straightforward. Just click File - Export as PDF. This will ask you to go through some security-related options, but basically it is like any exporting or save-as process. If you have a file created in MS Word or Excel, for example, you can open it with OpenOffice.Org and do File - Export As.

Unfortunately, you might not be able to export it as perfectly as you want, simply because of adjustments or changes in the importing process. For example, some fonts might change a bit, or the placement of an image may shift. This option is really best if you have created a file from OpenOffice.Org.

Another limitation with this option is for file types which cannot be imported by OpenOffice.Org. I had this challenge when I wanted to convert to PDF a Publisher file which I wrote for a printable version of an online newsletter. Clearly, there was no option for OpenOffice.Org to import a .pub file and export it into a .pdf.

That is when I tried to search for another option: To download a PDF conversion application. There are many out there, but I caution you to take note of the limitations or price (not in terms of money always).

I have used CutePDF, a free software which functions like an additional printer in your computer, but instead of printing it on paper, creates a PDF file in your computer. I personally like it because it is easy to use and it has no advertising attached to it--that is, it pastes no watermark (which I experienced with BCL PDF Printer Driver's free trial version) on your work. Just make sure to download and install the GPL Ghostscript 8.15, available at the same site (or click here to download). All in all, you download and install two applications, then open the file, print using CutePDF, and voila! You now have a PDF format from your previous file.

This option can be used with any file type that can be printed, be it a FreeMind file, JPG, Publisher, or others.

Most of the free PDF converters are like CutePDF in function, such as PDFConverter, an open source project. Just take note of the system requirements, although most of these PDF Converters have minimal requirements.

If you are using a Macintosh computer, unfortunately, I have no idea. If you have one, please feel free to share your ideas.

___________________________________________________________________________________
Please feel free to ask your tech questions!