Home > Technobuddy > Archives > 2007 > July > 20 > Entry
DEL.ICIO.USGo ahead - feel insecure
The Atlanta Journal-Constitution
I used to kid Laura about her obsession with computer security. She was constantly trying new firewall programs and could flawlessly rattle off settings to make a wireless router safe.
She earned an A in the technical part. But on a visit to her house, I saw something that changed her grade. There was a big yellow Post-it note on the front of her computer. In nice legible red ink, passwords were listed for various Web sites and online accounts.
Since you read this column, I’m sure you would never do something crazy like leaving your passwords out for all to see. After all, you realize such a list is fair game for everyone from repairmen to carpet cleaners to casual friends.
We won’t dwell on passwords today. But there is a way to test the one you use, to make sure it is secure. Go to the site linked here and enter a password. You’ll be told just how secure that password is. If the bar turns red, the password is bad. If it’s yellow, the password is weak. If it’s in the green, you’re in the green too. You’ll also get some advice on creating a good password at the same site.
Risky business
I used Laura’s letdown in security as a good example of the most important risk points in being secure online. While a good firewall and techical awareness helps, the most common cause of a computer breach isn’t some high tech hacker. The greatest risk comes from what you do.
Lets look at some ways you can go wrong.
I’ve known several smart people who have been fooled by phisher attacks. The e-mail seems to be from your bank or some trusted online company such as eBay or Amazon. You are given various good reasons in the e-mail to log on to the site and change your password or enter credit card information. But it’s a fake Web site - even though it looks like the real thing. That site records your personal data and uses it to swindle you.
You may be thinking that only an idiot would fall for this. But I know of a wife of a federal law enforcement agent and a physician who did just that.
Since these attacks - called social engineering by the security gurus - take several forms, the best thing to do is this: If you are asked for any information, decline. If you worry that the request is real, call the business or independently (not using the address given in the e-mail) go to the Web site and use the contact e-mail address to ask if the request is real.
Another frightening scam that’s becoming very popular relies on the fact that everyone loves a bargain. Here’s how it works.
You want to schedule a long weekend for yourself but need to find a bargain. As you search the Web, you find a site with such a good deal to Taos, N.M., that you’ll almost make money after buying the airline tickets and reserving a room. There’s no number to call but there’s a way to make the reservations online.
Too good to be true
Unfortunately, the ad was a fake. Web sites that offer prices too good to be true - whether it is a ticket, or a new summer sports coat - sometimes are simply efforts to get your credit card information. You don’t receive the products but the crooks get your personal information.
If something sounds too good to be true, listen to your brain instead of your heart. A really ugly scam involves so-called free anti-spyware and anti-virus programs. Here’s where it makes sense to stay with brand name products such as Windows Defender, Ada-ware and, for viruses Grisoft’s AVG or Avast.
There are programs that pretend to check for spyware but are actually spies themselves. To make things more complicated, there are malicious programs that use names similar to a legitimate one. That’s especially true with one of my favorite anti-spyware programs, SpyBot Search and Destroy.
The solution? Do a Google search for articles from sources such as Cnet, PC Magazine or PC World. These articles will either have direct links to the download site, or will at least list the address.
Today’s message is a simple one: Your common sense is the world’s best firewall. Just make sure you turn it on.
Permalink | Comments (2) | Post your comment | Categories: Columns
Services »
Comments
By PatrckB
July 23, 2007 9:20 AM | Link to this
I knew I was in trouble when, one evening, my wife calls down from the computer “Honey, what’s our checking account number?” :-) P
By Bill
July 23, 2007 12:07 PM | Link to this
Something close to that actually happened to me. I overhead a guy in the newsroom calling his wife asking about account information so he could respond to what he thought was a legit e-mail from a bank. He ended up being delighted that I was eavesdropping.