I just got a email from a friend that had not replied to several of my recent emails. I had titled the last one “??”.
He replied to this email saying that he hadn’t opened my others because they came in different than normal and he was afraid it might be phishing or contain a virus. I can’t fault him for being cautious.
That was enough to make me think it is time to post another of my PC security advisories. In the day of the Internet, everyone is vulnerable. Here goes.
Mass distribution Emails – first let me talk about emails I receive that are addressed to multiple addresses. I usually get these as a forwarded email usually containing humorous stories or photos or both. I normally reply to the sender and request that they not send me any more emails where my email address is combined with many others on their list.
I try to educate the writer in the use of Bcc (blind carbon copy). Using this method, all email addresses remain private.
Why do I care. I’ll tell you. First, there is the issue of privacy. Just because I give out an email to a person, doesn’t mean I want them to broadcast it to the world.
Second, and more important, is that this is one of the ways that email addresses become available to spammers or distributors of viruses. If one person on the distribution list has a PC that has become infected, this email may be the means for that virus finding other targets.
I only use cc when I am sending something to multiple people and I want them to be able to “reply all”.
Emails that contain URLs – I trash many email without reading. If I get an email and it contains a URL (a web address) I am very cautious. I no longer go to any web address contained in an email which uses one of the address shortening methods, such at Tiny URL. http://tinyurl.com/
These sites became popular because places like Yahoo groups had a problem of breaking up a long URL and making it no longer valid. Now Yahoo groups allow rich text format and the URL can be as long as you want.
These tiny URLs are dangerous because they can direct you to any malware site and you never know where you are being sent until you get there and are already possibly infected. Many malware sites are using this method to hide the site you are being directed to.
Dangerous URLs – I also never go to a URL in an email that ends in.exe or.php. .exe is an extension that runs a program in Windows systems. .php is another extension that executes a program on a server somewhere on the Internet.
Free WiFi areas – these are convenient, but not completely safe. I have noticed that many of the restaurants in David have changed their policy and have eliminated the need for a password to use their WiFi Internet connection. I consider this a poor decision by management. I personally will not connect to a router that does not have a secure connection.
Here is why. When a WiFi is completely open, i.e. – no password requested, all information is broadcast between your PC and their router in the open. With the right equipment, easy to get, you can see everything that is sent in that WiFi area.
Also, it is becoming a practice of some thieves to sit in a WiFi area and put up their own service, masquerading as a legitimate provider. Again, all of your transmissions are compromised.
A router requesting a password greatly improves your security. A restaurant such as SubWay, could use SubWay as the password. McDonald’s could use mcd. Easy to tell a client and easy to remember. I don’t consider it an imposition and if you understand the security implications, you will appreciate it.
Here is the difference in security. All of the communications between the PC and the restaurant router is now encrypted. Anyone sitting in the area with sniffer software will not be able to see anything.
Home WiFi routers – today it is extremely convenient to use a home WiFi router to allow a person to be anywhere in the house and connect to the Internet. The same precautions for commercial locations apply to you in your home, but you should also take extra precautions.
Next, turn off broadcast mode. Broadcast mode is what is used at a restaurant so you can find an available connection to the Internet. If you have it turned on, then you are inviting another person to try to figure out your password. When you turn it off, then for a person to use your router, he must know your network name and your password.
Passwords – this is a difficult subject because most people tend to be lazy and use a simple password they can remember, such as their favorite pets name or birthday or eye color. If it is simple to remember, it is simple to break.
Also, don’t use the same password for multiple sites. For example, do not use the same password for your Facebook page, your twitter account, your email, your visa account, your bank account, your Amazon account, your PayPal account, your eBay account, etc. Each one of these should have a unique password.
You do have to remember the password to get into LastPass, but remembering one password is easier than 30.
The last item I will cover is iPad, iPhones and other tablets and smart phone security. If you are like me, then you have a lot of personal information on a device like this. My contact list is something I don’t want available to a person that might steal my device.
I don’t know about the android devices or Blackberrys, but Apple allows you to install a lock code that prevents a device (in my case, my iPad or iPhone) from being used unless the unlock code is entered. Not only that, but I configured mine to erase all information on these devices if the unlock code is not correct within four tries.
Well, if that hasn’t put you to sleep then I hope you can say, “I have considered all of those items and I am secure”.