Special Speech

This is the bitter tale and painful lesson of loyalty undeserved and unrequited. I originally signed up for a free Yahoo email account over 9 years ago. It was the hot ticket in town. The dotcom bubble had not burst and Yahoo was the darling of the tech world. They were the epitome of fashion forward with voice chat and instant messaging for the common man. I jumped on the bandwagon for a ride.

For years, I maintained my free email account and enjoyed the pleasure of chat with my friends and family. I started a free private group for my family to keep in touch across the miles. And after year after year of enjoying the free services of Yahoo, I joined the ranks of the paying customers at Yahoo to fulfill my version of the American Dream. I started my own Internet business and despite the admonition of other tech savvy friends, I stuck with my old standby Yahoo and purchased 5 domains and their Merchant Solutions package.

A year later my business, Fresh From the Farm, has made reasonable headway in the shoulder-to-shoulder jungle of SEO, traffic and conversion. I have no market presence other than my Internet store and as we closed the books on our fiscal year my son and I saw our combined efforts paying off. We were proudly looking forward to our company’s one-year anniversary having achieved above average page rank and most search engines knowing who we were. Aunt Ann’s Garden Soap became an official sponsor for breastcancer.org and was exceptionally ranked by the Environmental Work Groups Skin Deep database. Things were going well. That’s when it happened.

Yahoo’s Merchant Solutions requires that it be linked to a free email account. There is no independent access available. When I signed up with them for web hosting they told me I had to use my personal account. So, I did. I have had on going trouble attempting to synchronize my business account with my own mail client. It was bothersome but I was confident enough in Yahoo to work without a net. (I know second mistake. My first mistake was going with Yahoo despite what I had heard. This is what happens when a good nerd goes bad.) There was even a harbinger of my fate. A friend of mine had his free email account hijacked and Yahoo told him all he could do was abandon his existing account and open another. In my naivety, I was sure that wouldn’t happen to me because Merchant Solutions would protect me.

Two days ago, I discovered that my email account had been hijacked and some of the verification information had been changed. Not all of it but some of it; my date of birth, my dog’s name and my zip code. There was no one I could talk to. I was told to open another email account and email the security team. I did. I emailed an explanation of what happened and how it happened. This is what they told me repeatedly in five emails:

“Account privacy and security is an important concern of Yahoo!. One of the ways we protect accounts from unauthorized access is by denying account assistance to individuals who contact us but are unable to match the information that was entered during the registration process…We need to be able to verify *all* the information currently registered on your account in order to assist with access to it. We apologize for any inconvenience this causes, but we adhere to these guidelines in order to protect the privacy and security of all our user’s accounts. If you are unable to provide this information, you do have the option of opening a new account.”

After a year of payments to Yahoo Merchant Solutions and a myriad of verifiable information exchanged via banking transactions, phone numbers, etc. Yahoo left me, my son, our company and clients out in the cold to protect the pirates who hijacked my account and is currently holding my domains hostage.

In short, (I know it’s a little late for that) to my customers and business partners I can only offer my profuse apologies for being foolish. To other would be Internet entrepreneurs I offer myself as an object lesson. Good Customer Service is the life and death of a business; giving and receiving. Go Daddy.com, save some rack space for me.

Dawn Worthy, owner of Fresh From the Farm, offers a complete line of biodegradable, vegan friendly, organic botanical soap. What is in the soap is good. What isn’t in the soap is better. There are no artificial ingredients. There are no manufacturing, coloring or fragrance additives. It’s simple, Aunt Ann’s Garden Soap is naturally good. We invite you to see for yourself when we re-open in February 10th.

I Lost My Baby, My Pickup, and My Guitar on the Information Highway

There are a variety of ways to track keystrokes and log instant messaging sessions, but let me offer a word of caution before we go there. If your friend believes that her husband’s affections may be wandering, the best tool to address the problem really isn’t a computer. Spying on someone you love, with or without the aid of technology, is ugly. Consider that you may learn things that are very painful, or that you may anger the other party when the subterfuge is revealed. A good old-fashioned OFFLINE chat or a counseling session (with or without the spouse) may be the most direct, and most effective way to get to the bottom of it all.

That said, most instant messaging programs either have session logging built in, or you can install a third-party plugin to enable logging. A quick web search will show you where to find those plugins. Also, the Google Toolbar will archive and allow you to search email from Gmail, Outlook, Outlook Express, Netscape Mail and Thunderbird; Web pages you have visited; files on your computer, including text, Word, Excel, Powerpoint, image, audio, and video files; and yes… chats from AOL, AOL Instant Messenger, and MSN Messenger.

There are also general purpose loggers that can track every keystroke that is sent or received. I won’t provide any links to those, because I’ve never used them, recommend against them for ethical reasons, and wouldn’t trust them on my computer. The problem with all of these logging utilities is that they are detectable, either in the Windows system tray, Task Manager or by anti-virus and anti-spyware software.

So what happens if the suspected infidel finds out that he or she is being spied upon? Chances are it will either shatter whatever trust remains in the relationship, or they’ll just find another venue to communicate. The chances of ending up in a win-win situation are very slim.

NEWS FLASH! After publishing this article, the following info from the Internet Patrol came to my attention. A Florida court has ruled that it is not ok to install spyware on your spouse’s computer to monitor what they do, and that, indeed, to do so rises to the level of a punishable criminal offense. For the full story, see Spouse Spanked for Spying.

Is There Such a Thing as a Semi Sequitur?

By the way, “I Lost My Baby, My Pickup, and My Guitar on the Information Highway” is the title of a humorous book written back in 1995 by Judy Heim. You can still find it on Amazon.com. I credit Judy with getting me started on the path to writing several books of my own, since she recommend me to No Starch Press after reading my “Accessing the Internet by Email” guide.

Reprinted from: http://www.askbobrankin.com/keystroke_logging.html

BOB RANKIN… is a tech writer and computer programmer who enjoys exploring the Internet and sharing the fruit of his experience with others. His work has appeared in ComputerWorld, NetGuide, and NY Newsday. Bob is publisher of the Internet TOURBUS newsletter, author of several computer books, and creator of the http://LowfatLinux.com website. Visit Bob Rankin’s website for more helpful articles and free tech support.

There has not been a time in the history of the personal computer that firewalls and anti-virus programs have been more necessary and in-demand. Today, personal computer security is not only threatened by viruses and worms, but also by spyware - those severely annoying programs that are illegally loaded onto your computer from the internet. Spyware programs can seriously undermine the operating structure of your computer, as well as make you vulnerable to identity theft and other criminal activities. Firewalls, long since a staple in the corporate world for defending large, expensive internal intranets or other networks, has now come into its own as a tool for personal computer owners as well. Your home computer is just as susceptible - if not more so - to online attacks, so why should it not be protected?

What is a firewall, anyway?

For those of you who may not be as versed in the pc security lingual as some, we offer here a fairly simple definition. A firewall is a collection of security programs that act to block unauthorized users from gaining access to a particular computer network (or single computer). Most firewalls also comprehensively monitor and report the data transfers between the network and the outside internet environment. Thus, they are quite effective in keeping your computer or network safe, allowing you to access the internet without taking a high security risk.

Sygate Personal Firewalls

There are few highly reputable firewall providers out there, and Sygate is certainly one of them. Here we go over some of the features of the Sygate line firewalls, so that you may choose the best one for your pc or server.

Sygate currently offers two main personal firewalls: the Sygate Personal Firewall (SPF) and the Sygate Personal Firewall Plus (SPFP). The major differences between the two are the advanced features you will only find on the SPFP. With the Plus version you will get VPN support, intrusion detection system (IDS), active reponse, and anti-mac, anti-ip spoofing. Both versions of the software come with the material that any pc user should really make sure they have: the main “application” firewall, intrusion alarm system, attacker tracing system, and security policy customization. These features are what are really necessary for a firewall to protect your home computer. The firewall needs to be able to block outsiders from gaining access to your computer, and they need to alert you when an attack has been attempted (or is in progress). Considering that the SPF is essentially free to download, and contains the elements you really need, this is the application we recommend for home pc users. For small business networks, the more advanced features offered by the Sygate Personal Firewall Plus is certainly worth the $40.00 pricetag. Both options are solid firewall applications and can be highly trusted to perform well on nearly any system.

Norton Personal Firewalls

Sygates closest competition in the area of personal firewall is Norton. Norton anti-virus programs are very well known, and have largely carried the brand over the last decade. Although less well known, Norton offers a powerful and comprehensive firewall program for home pc owners. Norton Personal Firewall 2005 is similar to the Sygate Personal Firewall program mentioned above. Some of the neat features of this application include the Norton Privacy Control (which keeps information from being sent without your knowledge in email, instant messages, MS Office attachments, and various forms on the web, such as those you enter your credit card number in), and intrusion prevention system that automatically blocks suspicious incoming traffic (from hackers, etc.). If this product is anywhere near as well designed and engineered as the anti-virus programs from Norton, then it is definately worth a look. The software can be downloaded or ordered online for $49.

Bradley James is a senior editor at SciNet.cc, a website containing many helpful consumer electronics review articles. For more information on personal firewalls, please visit our personal firewall webpage.

Making a home safe is not a venture that should be undertaken halfheartedly. Home security requires a multi-pronged approach and when handled correctly, the end results can be not only a safer home, but also a more attractive one, too. Outdoor lights are a great example of a security feature that can also enhance the appearance of a home. The trick is to find the right combination of lights that also offer fixtures that make a home look more attractive.

As you look for outdoor lighting, consider a combination of different types of lights in different areas to make sure security bases are covered. Find the functions you need and then look through the styles. Lights come in all shapes, sizes and colors, so finding what’s perfect for an individual home shouldn’t be a big chore.

Outdoor light add protection to a home by enabling the homeowner to light up the outside of the home , taking away dark spots and shadows. This helps get rid of any hiding places bad guys might have and can help keep you, your family and your home safer.

There are several options for outdoor lighting that can both enhance your home and add to its security.

These include:

Motion detectors: These lights come in all kinds of shapes and sizes for outdoor use. They use an infrared system to automatically turn on lights when motion takes place in the light’s area of coverage. They generally are not sensitive enough to activate when an animal goes by, but they will go off when a person passes within a set area. These lights not only surprise the bad guys; they come in handy when you need a sector of your yard lighted for your use at night, too. They tend to be ideal for covering a more broad area.

Auto timed lights: These operate on a timer to help, automatically illuminating the outside of the house at a set time. They are great for everyday use and are wonderful when a homeowner is away, too. There’s no need to remember to turn the lights on - these do it for you.

Floodlights: These offer a lot of light, a whole lot of it. They are best used in large areas or in combination with mini spotlights for use near entryways.

Used in the right combination, lighting can really add to the appearance of a home while also providing security. Find lighting fixtures that serve the security purpose and also match or enhance the motif of your home and you’ll see the double purpose they serve. Remember, down lighting is great for lighting pathways, driveways and more. Up lighting can make trees and landscapes look fantastic and backlighting, as it is in photography, is fantastic for making a feature stand out.

Outdoor lighting is an important addition to any home. When used correctly it cannot only add to a home’s appearance, but also its level of security. Remember to make sure all vulnerable areas of a home are well lit at night, especially the entryways.

Copyright (c) 2006

In part 3 of this occasional series on home security we are going to look at the main points of entry to your home the doors.

It makes no sense to have flimsy weak doors on your house, what you really need is something that a House Breaker will bounce off when they try to force it. In the next article in the series I will deal with the locks and hinges fitted to your doors but for now I would like to concentrate on the physical construction of the actual doors themselves.

The back and front doors to your home should be built of solid hard wood at least 1 3/4″ thick or be of metal wrapped construction. The door should fit tightly into the frame with no more than 1/8″ clearance between the door and the frame to prevent attempts to jemmy the door open. Not only will this give you a secure door but it will also help to prevent drafts and cut down on the heating bill.

Some doors have a decorative glass panel this can make it very easy to break into, it’s only a few seconds work to break the glass and unlock the door. If you decide to keep this type of door why not fit a break-resistant plastic panel, or decorative grille over the glass installed with non-removable screws, on the inside of the door of course

The very best protection is achieved by fitting a strong wrought iron security door in front of the house doors. This has the advantage of not only providing an extra level of security against intruders, but it will also protect you by letting you vet callers before deciding to open your front door.

The next area to consider is the soft under belly of your home, your garage door. This should be kept securely locked at all times, even when you are home, particularly if the garage is attached to your home. Once a burglar has got inside your garage they are out of sight and can work uninterrupted to break into your home.

Remember home security statistics show that approximately 40% of non-forced entry residential crime is through via garage doors.

Finally if you have installed a dog or cat flap make sure it is not a way in for burglars as well as your pet. It is surprising how a small pet flap can be vulnerable, burglars come in all sizes! I would recommend that you do away with any pet flap that you may have fitted, the small inconvenience this will course will be more than made up for by the added security you will achieve.

In the next article in this home security series we will be looking at the locks and hinges fitted to your doors, see you then.

Roger Overanout

For more vital home security tips and information about how to protect your home and family please visit http://www.homesecuritynews.info.

You may reproduce this article provided you maintain an active link back to
http://www.homesecuritynews.info.

On the face of it, the IT community is blessed with a competitive, customer focused and responsive anti-malware industry offering 24 hour operations centres, updates and patches to quickly block any new viruses or attacks. And even accepting that handling these patches in-house can be a bit of a nightmare for customers you can nonetheless say that this works reasonably well - can’t you?

There is a problem with this view, and it stems from the tendency to put security protection into neat little compartments. Anti-virus updated - check - spyware protection in place - check - and when all the boxes are ticked you can relax and feel protected.

Except that threats don’t always fit so neatly into well-defined packages. Blended threats are increasingly common, and need a holistic approach to block effectively. Blended threats use numerous ways of spreading, whether it’s email, SQL, Netbios or whatever, and it requires a blended defence to stop them.

One of the more uncomfortable facts that we, as an industry, need to face is that the revenues being generated from ‘compartmentalised’ anti-malware applications can amount to a powerful vested interest- Vendors are frequently providing protection solutions against single threats or multiple solutions against multiple threats, and implying that customers are safe, when the real story is more complex.

In particular, the difference between viruses and spam grows ever smaller. Should phishing be classified as spam or as a virus? Is an email with links to offensive porn just spam, or should it be handled by your content filtering protection before it even gets to the user?

We’ve also seen virus writers using spamming techniques to speed the delivery of their viruses, and viruses used to create “zombie” PCs to help in spam distribution. The crux of the matter is that we don’t want spam or viruses. If anti-virus and anti-spam protection is separated, some viruses and spam will fall between the two.

A well-configured firewall and up-to-date anti-virus protection can deal with many threats. However, if you have a service that you need to have open, such as HTTP, SQL or VoIP, then the firewall cannot work effectively, as this traffic must be let through.

In this case, the firewall and anti-virus are not enough. You now need to tie in intrusion detection/prevention (IDP) to prevent exploits like SQHell.

If you are running virtual private networks (VPNs), they need to be restricted and scanned in the same way that a physical port should be scanned and restricted. This means that VPNs should be integrated with a firewall, IDP, anti-spam and anti-virus.

As well as coping with these blended threats, by linking together different aspects of security, the overall performance can be improved. For example, anti-spam protection works better if it has access to a database of suspect URLs that it can filter for. By tying the anti-spam engine to a content filtering database like SurfControl, its effectiveness can be enhanced.

Another headache for security firms has been the port hopping capability of peer-to-peer applications like Kazaa. If you block the port that Kazaa is using, it can simply move to use another port. In practice, this makes it very difficult to stop by simply blocking ports.

On more sophisticated appliances, intrusion detection capabilities can specifically block peer-to-peer applications. But even without this capability, an intelligent use of a quality of service (QoS) capability as part of your network defences can provide an answer to the port-hopping problem. Instead of blocking Kazaa all together, which it would recognise and port hop to bypass, the QoS can reduce the throughput to such a low level that the user no longer wants to use the peer-to-peer application - without triggering port hopping.

Finally, it’s important not to overlook the fact that someone has to work out which anti-malware tools are best placed to counter the latest blended threat and to manage all of your security protection. By bringing together all the logging facilities of your firewall, IDP, email, content filtering and so on, reporting is clearer and fault finding is easier and quicker. It is also quicker and easier for signatures and defences to be updated and monitored.

So, if a unified approach to protection is the answer, how can this be implemented? It almost goes without saying that the best place to put this protection is at the network gateway - blocking threats before they get onto the network provides the most reliable solution. That’s not to say there is not an on-going role for protection at the desktop and sever level, but it is to say that, for most networks, protection at this level should be the secondary and not primarily layer of defence.

Several vendors are now offering threat protection appliances that can provide the essentials of anti-virus, anti-spam, content filtering, IDP and VPN. The market has now matured to the point where such appliances can provide the same level of protection as stand-alone security components, without compromising on any particular aspect.