Archive for April, 2011

April 2011 – Security Technology

Filed under: Newsletters,Security,This & That — Candy Zemon on April 28, 2011

Security – When Technology Isn’t Enough

Protecting Yourself from Theft

It’s about as newsworthy to note that the sky is blue as it is to say that spam and phishing attempts plague everyone who has an email account. These are the technologically enhanced offspring of the nuisances that plagued the pre-online world – confidence men, flimflam artists, social engineering and outright theft. Both then and now, the goal of those shady actions is to obtain valuable information (personal or corporate) and money.

No threat exists for long without folks inventing ways to combat it. Firewalls, spam filters, Faraday cages and captcha forms are some of the technological tools arrayed in defense of our email boxes, our businesses and our privacy. They are modern replacements for employee training, locked desks, personal assistants and local in-person banking.

These technological devices ward off a large proportion of the unwanted attempts, but some individual messages will get through. At some point you, the human, will need to weigh the risks of your action and decide whether or not you want to open that email, follow that link, send funds to that organization, or answer that question. Take the time to be aware of the situation and to think for a moment – particularly if something seems unusual about the message arriving from that source. If you ask yourself why did they send me this, pay attention and think before acting.
(more…)

New Web Sites Mean New Ideas

Filed under: Web Development — Art Zemon on April 25, 2011

Congratulations to the St. Peters Chamber of Commerce on launching its new web site. In particular, welcome to the blogosphere! I am pleased to see the Chamber branching out into additional media beyond email blasts.

Browsing any new web site gives you a golden opportunity to look for new ideas to implement in your own site. In what ways does the Chamber serve it’s community and readership through this site? What visual elements do you like? With which aspects are you less than thrilled? Now take those thoughts and turn to the web sites of your business, your congregation, and the other organizations of which you are a member. How can those sites be enhanced to work better?

The web empowers us to make incremental changes, unlike almost all other media. When you print a brochure or put up a billboard, the results are static — never to be revised — but when you publish a web site, you can continue to refine it ad infinitum. Each change can be as big or little as your imagination and budget allow. You can even try several things at the same time, and run A-B tests to determine which works best.

Don’t Talk to Strangers, 21st Century Version

Filed under: Community News,Security — Art Zemon on April 14, 2011

Be careful! If you shop or spend money and you use email, you probably received several messages in the last couple of weeks advising you that your email address and name may have been obtained by unauthorized persons. The notes further advised you to be careful to protect your credit card and social security numbers, that no legitimate email message will ask you for this information. Over 100 companies sent such notices, including Walgreens, Target, US Bank, Sears, Red Roof Inn, Ritz Carlton, and Citigroup. Those notices downplay the risk, which is not surprising since they were sent by the companies which (indirectly) leaked your information.

When you were growing up, your mother taught you not to talk to strangers. Even more so today, when heaven only knows what bad guy may have your name and email address, be sure that you are really talking to the company or person that you think you are talking to. Here is a dangerous “spear phishing” scenario, one which a criminal might use to gain access to your credit card or bank accounts: You might receive an email message, ostensibly from a company which you trust, asking you to log into their web site to read an important message or to update an innocuous piece of information. Perhaps the request is simply that you log in to verify that your email address is still correct, very low key, very innocent. For your convenience, of course, the message would contain a link that you can click to get to the web site. You click the link, arrive at a web site which looks legitimate (but is in fact criminal), and enter your username and password to log in. You have just been “spear phished” into revealing your username and password to a crook. Since many people use the same usernames and passwords on multiple web sites, the crook can try your same username and password on a credit card web site and, in many cases, successfully log in and gain access to your credit card.

You can defend yourself from such attacks by remembering your mother’s advice against talking to strangers.

When you see a link to a web site in an email message, be wary because you do not know who sent the message. It is very easy to forge the sender of an email message. Just because the message says that it is from Aunt Jane does not mean that it actually is from Aunt Jane. Read the text of the message and use your intelligence and judgement. For instance, if Aunt Jane always signs her email “Love, Jainy” then check to assure that the message you are reading ends with “Love, Jainy.”
Instead of clicking on the link, open your web browser (Internet Explorer, Firefox, Safari, etc.) and type the URL into the address bar. For instance, if you want to visit the web site of the local Community News newspaper, type www.mycnews.com into the address bar. Doing so will assure that you get to the web site that you intend to visit.
Once you arrive at the site, check that the address bar displays a padlock symbol, indicating that the site is “SSL secured.” You can click on the padlock to learn the identity of the web site owner. Check that it is the right company. (Not all sites use SSL security but most businesses use it to protect your privacy.)
Use a different password on every web site. Do not use you Facebook password for your on-line banking account. Do not use the same password for your gift registry at Target and your Walgreens prescription refills. This will assure that, even if you are successfully spear phished into revealing one password, the damage will be limited.

I use LastPass to keep track of all my passwords, and I have a lot of them. LassPass plugs into your web browser and costs nothing. It automatically recognizes each web site that you visit and fills in the right password. Best of all, LastPass magically gets your passwords to all of the places where you need them: your work computer, your home computer(s), your Android phone, your iPad, etc.

Mom was right: don’t talk to strangers. Our internet connected 21st century has made it all the more challenging to truly differentiate friends from strangers. Peter Steiner got it exactly right way back in 1993 when he penned, “On the internet, nobody knows you’re a dog.”

On the internet, nobody knows you're a dog