Wednesday, September 1, 2010

Website Security. You are not safe!

Today someone mentioned casually that her daughter was spending a lot more time on facebook than Stardoll. As if that were a good thing. My opinion differs. Many websites have major security problems, but they are not going to tell you about them. Here are my thoughts, in no particular order:

Facebook has a new feature. And you automatically get it unless you know how to turn it off. Now, anytime you update your wall or post anything at facebook, your location information is revealed! Great. Now someone can track you and find out if your home is empty all day. And it can save a stalker lots of time figuring out where you are. You may want to find out how to turn this off and do it ASAP.

I got an email from a friend about an ad on craigslist. It was some make money at home scheme and it not only looked like a scam, but it had a link to a website that trigged a warning in my browser. Maybe I am too cynical, but I have learned that when something seems to be too good to be true, it is not true. And I have seen similar things before. I have encountered hackers and scammers on facebook and on stardoll. I didn't think about Craigslist, but I am not surprised that those scum have a presence there as well.

Most people are buying computers and jumping on the internet without learning that they can get into some serious trouble. Hackers set traps for the naive. Their purpose may be to install malware or spyware in an unsuspecting person's computer or to steal cookies. Malware can lead to problems with your computer and can damage your hard drive as well as your software and existing files. Spyware gathers information (like your keystrokes for everything you type, including passwords) and then secretly sends it to the hacker. Cookies contain your online login information for your bank and other websites you use a password to use and may carry other sensitive information.

I have good protection (love my mac) so I cleared my cookies, closed all my other programs and clicked the link. I was not surprised that there was no information at the website, just a bank page. I noticed that the URL in my address bar indicated that the site address ended in .tk which is not good. I know of a few phishing sites with the same .tk address, including several fake stardoll sites.

Even my loved ones violate my privacy and send me things that may harm my computer. I cannot get my aunt to use BCC instead of TO when forwarding me an important email. So she sends my email address to hundreds of strangers all the time.

While I am at it, let me digress and mention I do not need to see that the Phenylalanine chain letter hoax is making the rounds again. The amount of misinformation being circulated by email is an embarrassment. I thought people had some sense. I wish everyone would take a minute to look up the latest rumor at and then make an intelligent choice before forwarding it to everyone in the address book. I do not consider getting chain mail any kind of thoughtful communication. I will rave about this more in another post.

Here is another polite message I sent to my aunt about attachments:

"I deleted the last message you sent to me without opening the attachment. It looked suspicious. There are so many things that can come as attachments that can harm a computer, that it is not wise to open them, or to send them on to others. Opening the wrong attachment can cause a lot of trouble. It can trigger a download of spyware or malware that you will not be aware of. It can slow down your computer, violate your privacy and steal sensitive information, such as accounts and passwords. If you are interested in sharing information, the best way to do this is to send it in as plain text in the body of email. Sending images is safe. I prefer jpgs, pdfs and pngs."

It is also wise to keep in mind that a link that someone sends you by email may cause the same problems as one you encounter on the net.

One of my friends had her computer hacked by clicking on an ad in Facebook. Her bank account and credit cards were all compromised. She had to change all her credit cards and freeze her bank account until things could get straightened out. Her company decided to replace her computer because spyware and malware were installed at the same time she had her cookies stolen and the hard drive was seriously compromised. It took her weeks to clean up the mess.

Facebook says they have banned the advertiser who put in the fake ads. I wrote a long letter to them about this, and they blamed the developers of PetPupz, because she was playing that game. Of course PetPupz blamed facebook. I am not pleased with them. I have kept my facebook account, but I barely use it. And I never play the games they offer.

The New York Times website was hit by this kind of hacker attack the last weekend of September 2009. The ads seemed legit, but as soon as the Times offices closed on friday, the hackers somehow switched out the code and thousands of users were hacked. The Times had to post detailed instructions on what to do and posted an apology as well to all the users. You can look it up. It was a big deal.

To protect yourself, never to allow a download of virus scanning software that you may encounter while surfing the internet. Most likely it is a trick and will compromise your computer's security. If something starts downloading that you did not request, immediately pull the plug or shut down however you can. Disconnect from the internet and then reboot your computer. I usually then search my computer by date and delete any file that was created in the last few minutes. I am a bit paranoid. It is always a good idea to not have unsaved documents open when you are on the web, so you can shut down without losing any of your work.

You must use cookies for many activities on the web. Cookies identify you when you log on to your bank and other sites, such as facebook. The use of cookies makes everyone vulnerable to getting your accounts hijacked by real hackers. You can google "cookie stealing" and find out how to set up this simple hack yourself and what you need to do to hijack a user's session. To be safe, clear your cookies and close all your other windows before you log into a website that requires you to log in. Stay on only that website until you log out and then clear your cookies again.

There are more things you should do if you are using a public computer, wi-fi at a public place or a computer at work where other people may have access. But this is a good start.

Some sites have more security than others and you can see it by looking at the address bar in your browser. If it says http:// it is not as secure as a site that says https:// so be careful. 

Looking at your address bar can help you identify if you are at a genuine site or at a fake website designed to trick you. I was sent a link to a fake stardoll site and the only clue I had was in the address bar. Instead of I was at and my computer had automatically filled in my login information in the boxes provided. If I had not been more observant, the hacker would have gotten my login information and would have been able to steal my account. This is what they call a phishing website. These copycat websites are designed to trick users. 

Here is an example of phishing. Let's say a victim gets an email that says it is from Bank of America and it says to log in to take care of a problem. If the victim clicks the link provided, he may be taken to a fake website that looks just like the Bank of America site. But when he logs in, he sees a blank page or the same login page again. The hacker now has the victim's login information. But what if the victim does not have a Bank of America account? No problem. The email was sent to every address the hacker could get his hands on. Some of the people are going to have Bank of America accounts. Those are his targets. That is why it is called phishing. 

I have a log on my firewall. I get an attack on my computer about every 8 seconds. These attacks are probably not all from the same source. But the internet is a ugly place now. Everyone should update their firewall, virus protection and check for malware and spyware.

I am assuming that you are using a PC. I use a Mac. If you have an Apple computer, you do not need to buy a lot of extra software, (my firewall is part of my Belkin wireless home network and came with the router) but you should make sure you keep up the security updates that are provided by Apple. Whatever computer you are using, if it is running a lot slower that you think it should, you may have a problem. Purchasing a reputable security program and running it will probably take care of it.

It is best if you have someone you trust who is handy with computers to help you out, but being aware can be helpful.

Try to be safe. It's a jungle.