InCredits

No, we’re not talking about the wildfires in the western part of the U.S., or not even something that can harm your computer.

Some times you will get an E-mail with a virus warning like the one that recently circulated on the web about the “A Card for You” virus.

Without checking to see if the virus is real, many people immediately forwarded the note to everyone they know, and urged them to do the same. Many of them did so, and false information spread like wildfire around the web. This particular virus was exposed as a HOAX. If anyone had bothered to take the time and do a search on “A Card for You”, they would have found the web page at Symantec which clearly reports it as a HOAX.

The only thing you are accomplishing is to frighten people and cause unnecessary concern. In point of fact, you could unwittingly cause problems for the people you send them to, like the SULFNBK.EXE Warning did. This hoax urged people to search for the “sulfnbk.exe” file on their computer, and if it was found to delete it. Sulfnbk.exe, is a valid Microsoft Windows 95/98/Me utility that is used to restore long file names, and if you use any of these Windows systems, you will find it. This caused a lot of people to delete it, and then they had to scramble to restore it.

I recently received an E-mail outlining a persons experiences with viruses, and he urged everyone not to accept any E-mails with an attachment. He has set his mail reading program to automatically delete any message with an attachment. This is an over reaction. One of the advantages of the web is the wealth of information available on the net.

Much of the information available includes files that are too large to read as E-mail, and are automatically converted to a file. These are text files and cannot hurt you, and neither can an image file.

I will not accept an .exe file, a .doc file or a .zip file and neither should you… UNLESS it is from a reputable, known source and you have specifically requested this information.

We, for example, have the Eudora software available at our Web Site and are authorized distributors. I personally have used this program without problem for quite some time, and the same software I use is available there. Does this mean you should accept unsolicited files from friends – NO! They could unwittingly be infected and could pass the virus along to you.

Blocking all attachments is not realistic. The maxim you should follow is simple – don’t download files unless you have requested them – but let’s face it, if you receive an unsolicited attachment, be wary but don’t panic. It can’t hurt you unless you open it.

Rather than simply rejecting any e-mail with an attachment, you would probably be better served by first getting a good virus protection program, and then examine each one on a case by case basis.

You should automatically delete anything that ends with vbs, .bat, .zip, .exe, .pif , and .scr files. Regardless of how they may look, don’t be fooled with an attachment that looks like something else. The “Love-Letter-For-You” virus looked like a text file when it arrived and it could have been thought to be one. The attachment however ended in .vbs. and arrived with the attachment name Love-Letter-For-You.TXT.vbs.

If you take reasonable care, you should be safe from real viruses. Don’t spread false rumors about viruses that are actually hoaxes, as they will spread like wildfire, and cause a lot of people undue concern.

SSL (secure sockets layer) is the security technology everyone uses to ensure that their web connections are secure. An SSL connection is symbolized by a padlock icon in the right-hand side of the taskbar and a URL that starts with ‘https’, the ’s’ standing for a secure http connection. What trust, however, should users associate with SSL?

Confidentiality

SSL uses a method known as public key authentication in order to provide the confidential link between the server and the client computer. This can be a very strong and effective method. It allows you to establish a strong confidential link between a server and a client without either knowing about the other beforehand. And that’s where the problems really begin.

Public key authentication works where each end of a connection can independently check that the other end is real. It’s the same idea as getting a cheque from someone you don’t know and calling their bank to see if it’s OK. That’s why it doesn’t really work. If it was going to work, the server would have to be able to find out if the client key really belonged to them or not – and it can’t. In our bank example, it’s like having a cheque without the bank name on it or the customer name the bank knows you by so that you can’t even ask the question. In fact if that happened you probably wouldn’t accept the cheque!

As a result, the server can’t tell if a hacker has diverted you via their own site and is playing a ‘man-in-the-middle’ attack where the hacker gets to see all the data going both ways. Usually the server uses an identification that has been approved by one of the companies whose information is stored inside your browser. That’s why at the client end it all seems fine. There is just the minor problem that you can’t actually tell if the identity is still valid because there’s no way in the current system to do that. Not surprisingly, there is nothing happening that allows the server to link the information arriving at it with the actual user of the client PC. It is always assumed that the information comes from there but you can’t prove it.

Is the padlock real?

Although the SSL padlock has been on the bottom of the screen for a while now, only the most adventurous have tried doing things like clicking on it. If you did you might be in for a surprise.

The first thing is that you can’t tell if the padlock is genuine. After all, anyone can write a padlock to that point on the screen, it’s not a special protected area of some kind. So seeing the padlock appear needn’t mean a secure connection is actually in place. If you do click on it you should see the web site address for the site of the server that purchased the certificate being used. You should compare this with the web site address shown in your browser tool bar. It is important to read it carefully since you are the one doing the checking, there is nothing automated about the comparison.

What needs to change?

Several things need to change before you should feel comfortable using SSL.

1) Getting enough functionality onto the client system to be able to sign and encrypt actual data instead of trying to make secure connections to places you don’t know.

2) Providing clients with the ability to check that certificates sent from servers are still genuine (check to see if they have been revoked) automatically. Then users can be sure that no man-in-the-middle can read the information they send, and that the server they are dealing with is for real.

3) The client needs an identity that can be authenticated by the server (this does not have to mean that users need to go out and buy a certificate, the server site may provide them with a suitable certificate as a separate process).

4) Automating this whole process so that the user does not have to click on the padlock icon to find out if the security is real.

Do you suffer over the person your little girl is dating? Do you need to be certain that your business partner is trustworthy and won’t hornswoggle your investment? Do you have doubts about your renter or that potential employee that your company is hiring? If you are flustered by such doubts, maybe it is time to get a criminal check just to ease your mind.

If you want to analyze a person’s record, you no longer have to worry about expensive detective bills or time restraints. Now it’s simply a matter of sitting down at your PC, access your web browser and find an online criminal record check service.

If you embark on a search, you will discover quite a bit of info – included in this is address particulars, employment history, wedding details, court and criminal records and other info on the individual. You’ll be impressed with how much information can be discovered. Plainly these businesses will charge for their services, all the same it isn’t overpriced.

All the records mentioned can be accessed from many another government agencies but getting them all together in a user friendly format is decidedly a bother. Fortunately, there are actual databases that provide one-stop service so that you acquire instant feedback on the subject. If you are looking for instant results, it is a good idea to do a online background checks.

Using free spyware scan and removal programs you are able to detect spyware infections currently running on your computer. Once you have successfully found and removed the malicious spyware infections you best defense against future spyware invasions is to purchase anti-spyware software that will actively protect your computer from new spyware intrusions.

Finding one or more spyware programs that can detect and rid of harmful and invasive spyware is an important part of the maintenance on your computer. Spyware has become a prevalent threat to all computers, especially PCs and any others using Internet Explorer. The likelihood that your computer will not be infected with spyware is slim to none due to the multitude of methods spyware is capable of using to latch onto your system.

Originally used solely for advertising purposes spyware was designed to record your internet usage and online shopping habits so that companies could solicit you with ads they thought would interest you based on the information gathered from spyware being placed in your computer. Spyware continues to run silently on your computer most of the time but the information it records and sends back to intruders is much more private.

Passwords, credit card numbers, social security numbers and other personal information can easily be found on your computer by spyware. Computer users often find spyware on their system as a result of them downloading game, music or other freeware programs. Spyware threats are so widespread now users can easily pick them up simply by visiting certain web sites, even if they have been designated secure.

Using one or more of the many free spyware removal programs is the initial step in guarding your computer and private information from spyware. After downloading the scanning tool check online for updates so your will be using the latest spyware definitions. Once you computer has been cleaned of current spyware infections it is best to purchase spyware software to provide your computer with maximum protection. These types of anti-spyware software can scan similar to anti-virus programs and they also provide “real-time” protection while your surf the internet.

Mitch Johnson is a successful freelance author that writes regularly for http://www.spyware-removal-made-easy.com/, a site that focuses exclusively on spyware removal software, as well as tips on how to prevent spyware from popping up on your computer. This site articles on has spyware guard, http://www.spyware-removal-made-easy.com/spyware_guard.htm as well as spyware scanner, http://www.spyware-removal-made-easy.com/spyware_scanner.htm

What is the Privacy Protection Act of 2006?

A person’s telephone records contain valuable personal information like his billing or home address and credit card information. Unfortunately, this information can be sold or used without the knowledge of its rightful owner. To stop these illegal acts from spreading into wider territories, the United States government came up with H.R. 4709, also known as the Telephone Records and Privacy Protection Act of 2006, which protects citizens and law enforcement officials by criminalizing the act of pretexting in order to solicit or sell confidential phone records.

The timing of this law couldn’t be more perfect. Everyday, more and more people’s lives are destroyed by this terrible privacy bug. Hundreds, probably even millions, have lost many of their personal belongings and dignity because of people who have nothing but personal glory in their minds.

A positive response to the government’s new privacy law is the Federal Communications Commission’s (FCC) new set of policies that require telephone companies to execute extra caution in dealing with customers’ personal information. These policies, together with the Privacy Protection Act of 2006, will give more telephone consumers enough reason to relax and believe that they are now safe from fraudulent intruders.

The harsh penalties of the Privacy Protection Act of 2006 shall serve as a relentless warning to identity and information thieves. A person caught pretending to be someone else in order to persuade telephone companies to release confidential customer information, and the act of acquiring customer account information by the use of the Internet, or through any other fraudulent computer-related activity, will be subject to 10 years in prison and may be asked to pay a fine of $500,000.00. Only those duly authorized by federal or state laws are exempted from this law.

Trilegiant’s Privacy Guard can protect you from identity theft.

Trilegiant’s The National Card Registry can protect you from credit card fraud.