How to Solution Here

Website Security Rules of the Road

More and more people are attracted to the ease of online shopping and are spending higher

amounts. Unfortunately, the chances of becoming a victim of Internet fraud are also increasing.

While many e-commerce Websites are reputable and have taken the necessary safety precautions

to protect you, it never hurts to always proceed cautiously. If you are making an online purchase

consider these easy steps:

1. Use only one credit card, preferably with a low credit limit, when making online

purchases. Avoid using an ATM or debit card.

2. Be wary of unsolicited offers by sellers. While the offer may be legitimate, spammers

like to use this tactic to side-step reputable sites that provide consumer protection for online

purchases.

3. Use only reputable e-commerce websites that list a street address and telephone number

in case you need to contact them directly.

4. Read the website’s privacy policy. Some websites may reserve the right to sell/give your

information to a third party. Check the document to see if they allow an opportunity to “opt-out”

of receiving special offers from third-party vendors or for permission to share your personal

information.

5. Check for a lock symbol in the status bar at the bottom of your Web browser window.

Also, do not provide your personal information if the website address doesn’t start with “https” (a sign that the site is using a secure server).

6. Choose only verified sellers. Check to see if the vendor is a verified member of a

reputable third party such as the Better Business Bureau, VeriSign, or Guardian eCommerce.

These third-party sites help to ensure online consumers will be protected when shopping or

conducting e-commerce transactions.

7. Check that the delivery date posted is reasonable. If you have not dealt with the vendor

on a regular basis, be wary of any Website that states the shipment will be delayed 20 or more

days. Delivery dates of 7-10 days are more common.

8. Keep a paper trail of all online transactions. Print out a hard copy of the transaction and

keep it in a file for future reference.

9. Be wary of website offers that just sound too good to be true. The Internet is littered

with get rich quick scams and false advertising claims. Investigate all claims thoroughly before

proceeding.

10. If you do not receive what you paid for, and the vendor will not return your emails or

calls, contact your state’s Department of Consumer Affairs for further assistance.

Contibutor http://www.vrelinks.com

Securing Your Computer System

Today, more and more people are using their computers for everything from communication to

online banking and investing to shopping. As we do these things on a more regular basis, we

open ourselves up to potential hackers, attackers and crackers. While some may be looking to

phish your personal information and identity for resale, others simply just want to use your

computer as a platform from which to attack other unknowing targets. Below are a few easy,

cost-effective steps you can take to make your computer more secure.

1. Always make backups of important information and store in a safe place separate from

your computer.

2. Update and patch your operating system, web browser and software frequently. If you have a Windows operating system, start by going to www.windowsupdate.microsoft.com and running the update wizard. This program will help you find the latest patches for your Windows computer. Also go to www.officeupdate.microsoft.com to locate possible

patches for your Office programs.

3. Install a firewall. Without a good firewall, viruses, worms, Trojans, malware and adware can all easily access your computer from the Internet.

Consideration should be given to the benefits and differences between hardware and software

based firewall programs.

4. Review your browser and email settings for optimum security. Why should you do this?

Active-X and JavaScript are often used by hackers to plant malicious programs into your

computers. While cookies are relatively harmless in terms of security concerns, they do still

track your movements on the Internet to build a profile of you. At a minimum set your security

setting for the “internet zone” to High, and your “trusted sites zone” to Medium Low.

5. Install antivirus software and set for automatic updates so that you receive the most

current versions.

6. Do not open unknown email attachments. It is simply not enough that you may recognize the address from which it originates because many viruses can spread from a familiar address.

7. Do not run programs from unknown origins. Also, do not send these types of programs

to friends and coworkers because they contain funny or amusing stories or jokes. They may

contain a Trojans horse waiting to infect a computer.

8. Disable hidden filename extensions. By default, the Windows operating system is set to

“hide file extensions for known file types”. Disable this option so that file extensions display in Windows. Some file extensions will, by default, continue to remain hidden, but you are more

likely to see any unusual file extensions that do not belong.

9. Turn off your computer and disconnect from the network when not using the computer.

A hacker can not attack your computer when you are disconnected from the network or the

computer is off.

10. Consider making a boot disk on a floppy disk in case your computer is damaged or

compromised by a malicious program. Obviously, you need to take this step before you

experience a hostile breach of your system.

Contibutor http://www.vrelinks.com

What the Heck are Botnets?

“A botnet is comparable to compulsory military service for windows boxes” – Stromberg  (http://project.honeynet.org/papers/bots/)

Botnets are networks of computers that hackers have infected and grouped together under their control to propagate viruses, send illegal spam, and carry out attacks that cause web sites to crash.

What makes botnets exceedingly bad is the difficulty in tracing them back to their creators as well as the ever-increasing use of them in extortion schemes.  How are they used in extortion schemes?  Imagine someone sending you messages to either pay up or see your web site crash. This scenario is starting to replay itself over and over again.

Botnets can consist of thousands of compromised machines. With such a large network, botnets can use Distributed denial-of-service (DDoS) as a method to cause mayhem and chaos. For example a small botnet with only 500 bots can bring corporate web sites to there knees by using the combined bandwidth of all the computers to overwhelm corporate systems and thereby cause the web site to appear offline.

Jeremy Kirk, IDG News Service on January 19, 2006, quotes Kevin Hogan, senior manager for Symantec Security Response, in his article “Botnets shrinking in size, harder to trace”, Hogan says  “extortion schemes have emerged backed by the muscle of botnets, and hackers are also renting the use of armadas of computers for illegal purposes through advertisements on the Web.”

One well-known technique to combat botnets is a honeypot. Honeypots help discover how attackers infiltrate systems. A Honeypot is essentially a set of resources that one intends to be compromised in order to study how the hackers break the system. Unpatched Windows 2000 or XP machines make great honeypots given the ease with which one can take over such systems.

A great site to read up on this topic more is The Honeynet Project (http://project.honeynet.org) which describes its own site’s objective as “To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.”
Contibutor http://www.vrelinks.com