Archive for February, 2010

Security and Email

Tuesday, February 16th, 2010

Email attachments were the number one way that viruses spread. ¬†The simple way to solve this problem is to not open email attachments. ¬†Most people, however, are not willing to do this. ¬†So, what I recommend is that you only open certain types of attachments. ¬†Usually, Word docs, xcel files, powerpoint files, jpeg, bitmaps, audio files and movies are safe. ¬†I say usually because they have all had vulnerabilities but these vulnerabilities are fixed fairly quickly. ¬†You do have to double check when downloading any file because often times malicious files are disguised as a different kind of file. ¬†For example, a file may be named “mypicture.jpg.exe” so it will look like it is a jpeg image if you are not viewing extensions.

So that brings me to another good practice if you are going to download attachments. ¬†If you are using windows it is a good idea to turn off file extension hiding. ¬†In a file browser window (any window where you are looking at files on your computer, for example, my computer or my documents), go to tools, Folder Options, View, and uncheck “Hide extensions for known file types”. ¬†In Windows 7 go to Control Panel, ¬†Appearance and Personalization, Click Folder Options, select View, and uncheck “Hide extension for known file types”.

But I have an antivirus, that will protect me right? Yes, and no.  An antivirus will try to protect you against known viruses and can sometimes detect unknown viruses.  But, it is not a guarantee that all viruses will be caught.  Also, virus scanners do not usually scan files downloaded in your web browser.  So, it is still a good idea to follow these practices whenever you download files on the Internet.

Second, clicking on links in emails can be just as dangerous as downloading attachments.  Links in emails can be disguised to make you think you are going somewhere that you are not.  For example, a link could say www.paypal.com and actually link to paypal.mymalicioussite.com.  Once you go to the fake site and try to login the attacker now has your login information and then can login to the real site using your information.

These kind of emails are called phishing.  It sounds like fishing, because that is exactly what the attacker is doing.  They put the bait out (the fake email), and wait for you to bite (you go to the fake site and enter info).  Often phishing emails state that your account has expired and in order for you to keep your account you need to reply to the email with your credit card number or login information or they give you a link to click that goes to a malicious site that could look exactly like the real site.

So what should you do?  Well, first never reply to an email with any kind of personal information (including username, password, credit card number, bank account numbers, etc), legitimate companies will not ask for this kind of information via email because email is not secure.  Second, when possible always type the URL of the site manually instead of clicking a link.  If, however, you do click the link, check the URL in your browser to make sure it matches the site you want to go to before entering any information.

Finally, you should know that email is NOT secure.  Anyone who has access to the equipment that your email passes through has access to the entire message.  It is not wise to send anything confidential via email.

-Zach

I Finally Did It!

Tuesday, February 16th, 2010

I finally purchased some hosting!  Hopefully this will give me the opportunity to further enhance my website.  I will keep you posted on updates as I make them.

-Zach