Personal electronics websites too good to be true

Posted on December 12, 2008 by wjimenez275

12/2/2008

Calgary, Alberta – The Better Business Bureau is warning consumers of a number of websites purportedly selling personal electronics, but failing to deliver product after receiving payment by wire transfer.

The outfit, most recently operating as Qbelam.com and Circuitown.com, advertises a variety of personal electronics including PS3s and laptop computers at discounted rates, and the website gives a number of options available for payment.  However, when interested parties try to check out, they are sent a message stating that the only available method of payment is wire transfer.

“Anytime you’re being asked to pay for something by a wire transfer service, that should be a huge red flag,” said BBB Serving Southern Alberta and East Kootenays spokesperson Daniel MacDonald.  “Once money has been sent, there’s no way to get it back – using a credit card to pay for items online provides a great deal more security.”

According to verbal complaints to BBB, which have all been lodged from the United States, the products ordered may never be delivered.  Further, the organization seems to change its name and URL frequently: in recent weeks it has appeared as Bargain Town, Qbelam, Circuitown, and now Cesa Room with a Calgary address.

A BBB staff member posed as a customer and contacted the organization under the guise of buying a laptop – she indicated she wished to pay using a credit card, and received a message back indicating that “due to high rate of fraudulent activity” they would only accept a wire transfer from consumers outside of Canada.  As the BBB operative had indicated she was a Canadian resident, it appears that the return message was automatically generated, intending to dupe citizens of other countries.

BBB recommends consumers research companies they intend to solicit online, and to never send money to an unknown recipient.  And, of course, if an offer sounds too good to be true, it probably is. (http://calgary.bbb.org/WWWRoot/SitePage.aspx?site=154&id=83aca452-4703-433a-a1d4-db2dfc0e5bef&art=8073)

Filed under: PC Security, Uncategorized | Leave a comment »

XP Service Pack 3 blocks .NET security patches

Posted on December 6, 2008 by wjimenez275

One more reason not to install XP Service Pack 3, or if you’ve already installed it to remove it…

XP Service Pack 3 blocks .NET security patches
By Susan Bradley

Installing SP3 on Windows XP eliminates the operating system’s ability to install important security patches for Microsoft’s .NET technology and possibly other software.

This problem forces XP SP3 users to apply patches manually to complete vital updates.

The new error is the latest in a long series of glitches relating to XP’s SP3, which Scott Dunn described in his Sept. 11 Top Story. The issues include spontaneous rebooting of systems based on AMD chipsets, as documented by Jesper Johansson in a blog post from last May.

To determine whether your XP SP3 system has a version — or multiple versions — of the .NET Framework installed, open Control Panel’s Add or Remove Programs applet and look for it among the list of currently installed programs. If you don’t see any .NET entries, you don’t have the framework installed on your system and needn’t be concerned about the update problem.

If you do see a listing for Microsoft .NET Framework, you need to use a third-party update service such as Secunia’s Software Inspector (described below) to patch the program.

To read the entire article, click here – http://windowssecrets.com/2008/12/04/03-XP-Service-Pack-3-blocks-.NET-security-patches/?n=story1

Filed under: Instructional, PC Security, PC Tips and Tools | Leave a comment »

Keep Your Laptop From Being Stolen

Posted on December 2, 2008 by wjimenez275

With laptops being such an important part of our lives, and many times businesses, it’s important to know how to protect them from being stolen, or if they are stolen how to get them back quickly. The following are a few ways to do so.

Laptop Alarm for PC’s. Laptop Alarm will emit a loud alarm whenever someone tries to steal your laptop. It sounds when your power cable or external peripherals are disconnected or when the mouse is moved.

Security Cables. Most laptops have built-in slots that accommodate a security cable. These cables come as key based locks or as combination based locks and allow you to physically lock your laptop to a table or desk, so if you need to leave it for a few minutes it’s actually locked in place.

Lojack For Laptops. Computrace® LoJack® for Laptops is a software-based computer theft recovery service that tracks and recovers lost or stolen computers. If your computer is stolen, their recovery team uses the software to track the stolen computer and provides local police with information they need to get it back and apprehend thieves. There is a small subscription cost for this program but it starts at just $39.95 per year.

Laptops are easy to steal. It’s important that you keep your important data backed up on an external drive so if your computer is stolen, you have a good copy of it’s data. Additionally, these options will help in either keeping it from being stolen, or if it is taken, in getting it back.

Filed under: Instructional, PC Security, Uncategorized | Leave a comment »

Christmas Lures Being Distributed Via Spam

Posted on November 29, 2008 by wjimenez275

Websense® Security Labs™ ThreatSeeker™ Network has discovered that malware authors are already using Christmas themes this year as a social engineering tactic, in an effort to gain control over compromised machines. This campaign uses email messages in the form of e-greetings, leading to supposed animated postcards. These actually lead to a Trojan backdoor that has been distributed in previous malicious spam campaigns.

The email messages, spoofed to appear as though they have been sent from postcards.org, display an animated Christmas scene. A URL link within the email leads to a malicious file called postcard.exe hosted on various servers.

Once executed, a backdoor is created by the malware author enabling access and control over the resources of the compromised machine. During the install process an image called xmas.jpg is displayed to the user as a distraction technique.

Example of malicious email:

Filed under: Instructional, PC Security, Uncategorized | Leave a comment »

Avoid Online Scams When You’re Shopping for the Holidays

Posted on November 21, 2008 by wjimenez275

From Trend Micro TrendSetter

Every year we see staggering new statistics about how many people are buying gifts online instead of braving traffic, long lines, and parking nightmares at brick-and-mortar stores. During the holidays, many online retailers will also offer breaks on shipping costs—so the advantages of less physical hassle, no sales tax, and potentially free or cheap shipping make online shopping pretty appealing. However, the risks involved in online shopping are persistent as ever. Here are a few key ways you can protect yourself.

1. Use a virtual account number. This is a service that most credit cards now offer. Here’s how it works: Log onto your credit card account and with one click you can generate a random credit card number that makes it virtually impossible for anyone to steal your account number while shopping online. When your virtual number is generated, simply enter it into the merchant’s form and complete your purchase without revealing your actual card number. This virtual credit card number is only valid for a short period of time-long enough for the retailer to process your transaction, which will be charged to your real credit card account. But if a retailer stores that number and a hacker later breaks into their system, the number will be useless. Please note: Virtual account numbers cannot be used for purchases that require you to show your credit card at time of pick-up (e.g., movie tickets, etc.), because the account numbers will not match.

2. Make sure you’re shopping on a secure site. Look for the padlock icon or a URL that starts with https://. That means your transaction is encrypted.

3. Don’t trust emails from “retailers” claiming you need to verify your credit card information. This is almost certainly a scam. Every year millions of emails go out from hackers pretending to be eBay or PayPal customer service and asking consumers to provide information that the actual service already possesses. If you’re worried that a retailer really has failed to process your order, go to the site and look up your account or contact their customer service center—don’t click on a link in email that could redirect to a dummy site.

Filed under: Instructional, PC Security, Uncategorized | Leave a comment »

A Little On Software Firewalls

Posted on November 6, 2008 by wjimenez275

As part of your online security you need to have a software firewall. I recommended a couple in an earlier post about Internet Security. First, what exactly is a firewall? Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic.  In a nutshell, a firewall examines the traffic/data coming into and going out of a computer, and then makes a decision to permit or deny this traffic, based on pre-set rules or rules that users have set.

If you’ve been using a software firewall, even one that’s built into your antivirus program, you’ve probably noticed that at times it pops up and asks to allow or deny a program that wants to do something at that time. If you see an access request from the firewall when you first run a program that you know is okay, it’s probably safe to grant access. However, if you get an unexpected access request — one that pops up when you didn’t just start a program — then it’s safer to deny access.

To see if your computer is an open door to the bad guys, or to see if your firewall is doing what it’s supposed to do, check your ports at GRC (https://www.grc.com/x/ne.dll?bh0bkyd2). Make sure to check the Windows File Sharing and the Common Ports to see if you’re vulnerable to attack.

Filed under: Internet Items, PC Security, PC Tips and Tools, Uncategorized | 2 Comments »

Windows Updates – How can I choose what to install?

Posted on November 4, 2008 by wjimenez275

Microsoft introduced the concept of Patch Tuesday a few years ago. The idea is that security patches are accumulated over a period of one month, and then dispatched all at once on the second Tuesday of the month. Windows Update is a service that provides updates for the operating system and its installed components. Microsoft Update is an optional feature that can be enabled to provide updates for other Microsoft software installed on a Windows computer, such as Office. These updates can come anytime throughout the month.

If your computer is setup to automatically download and install updates, you will get any and all updates and patches, both good and bad. By default, the automatic settings will check for updates at 3:00 in the morning, every morning. If you turn your computer off at night, it never has a chance to check for updates so if you want to keep the automatic settings, you should change the settings to a time when you know the computer will be on. To change the settings, open the Control Panel and double click on Security Center. At the bottom, you can choose to manage settings for Automatic Updates.

My recommendation is to change the setting to the second option, which is to download the updates but let me choose when to install them. What happens then is that the updates will download and there will be a yellow shield down on the right by the clock. When I double click on it, I will have the option for an “Express Install” or a “Custom Install”. I always choose the custom install. That choice lets me pick which updates and patches to install.

I will always install security patches and program patches, but I never install new service packs when they’re first available. I’ll uncheck those and install the rest. I’ll continue to uncheck them until I know they are safe to install.

Just to be clear, when I see that shield, I will always check what’s downloaded and install what’s appropriate. The bad guys out there wait for the patches to come out also so they can create programs that hit all computers that aren’t patched. Lately, that attack will come the day after the patches are released so it is very important to install them.

Every so often, you will get a notice from another program, such as Adobe, that it has an update available. Should you install those as well? I’d say yes, since virus writers look for holes in most of the popular programs that people will have on their computers and will attack those programs as well.

I know it’s a hassle to do these updates, but do them since it’s more of a hassle cleaning an infected computer.

NOTE: One other important matter; create a system restore point before doing any updates. That way, if an update messes up the computer, you’ll be able to restore it to the point just before you did the updates. For instructions on creating a restore point in Vista, click here, For XP, click here. You can download a great document from Microsoft for securing your Vista computer here.

Filed under: Instructional, PC Maintenance, PC Security, PC Tips and Tools, Uncategorized | 1 Comment »

AVG Antivirus Update Issue & Notebook Battery Recall

Posted on October 30, 2008 by wjimenez275

An FYI if you use the free AVG antivirus software: a recent update of AVG’s antivirus software caused some user’s Internet connections to be blocked. AVG’s support page indicates that after upgrading to AVG version 8.0.196, your network link may fail.

If rebooting your PC doesn’t fix the problem, follow the instructions on AVG’s support page to download the fixfiles.zip file to your computer. Double-click the .zip file to open it, and then double-click fixfiles.exe in the resulting folder to run the utility.

If the problem remains, the company recommends that you run a repair installation of your AVG app. If reinstalling your antivirus software doesn’t get you back online, AVG advises that you contact the company’s support desk for further instructions.

PC Notebook Computer Batteries Recalled Due to Fire and Burn Hazard – Lithium-Ion Batteries used in Hewlett-Packard, Toshiba and Dell Notebook Computers. To find out if your laptop battery is one that is being recalled, see the list here: http://www.cpsc.gov/cpscpub/prerel/prhtml09/09035.html

From the U.S. Consumer Product Safety Commission

WASHINGTON, D. C. – Change your clocks. Replace your smoke alarm batteries. Both are important this weekend as Daylight Saving Time ends on Sunday, November 2.

While changing your clock can keep you on time for work on Monday, the U.S. Consumer Product Safety Commission (CPSC) advises consumers that putting fresh batteries in your smoke alarms can save your life. In recent years, an estimated annual average of 378,700 fires, 2,740 deaths, 13,090 injuries and $5.6 billion in property losses associated with residential fires have been reported by fire departments.

“Smoke alarms save lives. That’s a fact,” said CPSC Acting Chairman Nancy Nord. “Working smoke alarms buy you valuable time to get out of your home when there’s a fire.”

To read the entire article, click here

Filed under: PC Maintenance, PC Security, Uncategorized | Leave a comment »

Microsoft posts emergency defense for new attack

Posted on October 24, 2008 by wjimenez275
By Susan Bradley in Windows Secrets Newsletter

A remote-code exploit that could spread rapidly like the 2003 MSBlaster worm is putting all versions of Windows at risk.

I recommend that you immediately install a patch that Microsoft has just issued to protect your system from a vulnerability in the Server service.


MS08-067 (958644)
 Rare out-of-cycle patch emphasizes the risk

With little warning, Microsoft released yesterday an unscheduled or “out-of-cycle” patch for a highly critical vulnerability that affects all versions of Windows. Security bulletin MS08-067 (patch 958644) was posted to warn of a remote-code attack that could spread wildly across the Internet.

Microsoft says it found evidence two weeks ago of an RPC (remote procedure call) attack that can potentially infect Windows machines across the Net with no user action required.

Windows Server 2003, 2000, and XP (even with Service Pack 2 or 3 installed) are particularly vulnerable. Vista and Server 2008 gain some protection via User Account Control, data-execution protection, and other safeguards, as explained in an article by Dan Goodin in the Register.

While firewalls are a first line of defense against this attack, don’t think you’re secure just because you have a firewall. Malware and viruses use many different techniques to wiggle their way into our systems.

For example, my office’s networks are protected by firewalls on the outside, but inside the network, PCs have file and printer sharing enabled. If a worm got loose inside the office network (and the patch hadn’t been installed), the attack would spread like wildfire.

Many antivirus vendors have already issued definition updates that protect against this attack. Your antivirus program, however, may not protect you completely even if your AV definitions are up-to-date. Early reports indicate that there are already nine different strains of viruses trying to take advantage of this vulnerability. We can expect more to come, so even the best AV application may not be able to update fast enough.

I’ve tested this patch and have had no problems applying it. I strongly urge you to download and install this patch manually. Restart your PC before installing any patch to verify that your machine is bootable. Then be sure to reboot again after installing the patch, so the patched binaries completely replace the vulnerable components.

Microsoft has posted several versions of the patch that apply to different operating systems:

• Windows 2000 with Service Pack 4 patch download
• Windows XP with Service Pack 2 or 3 patch download
• Windows XP 64-bit Edition patch download
• Windows Server 2003 with Service Pack 1 or 2 patch download
• Windows Server 2003 64-bit Edition patch download
• Windows Vista with or without Service Pack 1 patch download
• Windows Vista 64-bit Edition with or without Service Pack 1 patch download
• Windows Server 2008 32-bit Edition patch download
• Windows Server 2008 64-bit Edition patch download

More information: Please read security bulletin MS08-067. For an excellent technical explanation of the vulnerability and possible mitigations, read TechNet’s Oct. 23 description. (TechNet incorrectly refers to MS08-067 as “out-of-band,” but the patch is simply out-of-cycle, because it wasn’t released on Microsoft’s usual Patch Tuesday monthly cycle.)

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.

Filed under: PC Security, PC Tips and Tools, Uncategorized | 1 Comment »

Anyone up for a little phishing?

Posted on October 3, 2008 by wjimenez275

Yes, I spelled that right. Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity-theft. The e-mail directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. Phishing mail often includes official-looking logos and other identifying information taken directly from legitimate Web sites, and it may include convincing details about your personal information that scammers found on your social networking pages.

The following is a sample e-mail. As you can see, it’s not obvious at first that this is a fake. It has the bank’s logo at the top and looks legitimate but what gives this one away is the link at the bottom. The posted link (1) shows the real site but if you click on that link you’ll be taken to the site of the 2nd link (2), which is the scam site.

Fake E-mail

Fake E-mail

How can you be sure about the accuracy of a link? In just about every e-mail that has a link, when you hover your mouse arrow over the link without clicking, a pop-up window will show you the actual site that you will be taken to if you click on the link. If it doesn’t match the link shown, be wary.

So what do you do if you get an email that looks legitimate but is asking for you to click on a link to enter personal information or verify your personal information? Don’t click on the links within emails that ask for your personal information. Fraudsters use these links to lure people to phony Web sites that look just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call the company directly or go to its web site by typing the real address in your browsers address bar, but never click on the link.

Filed under: Instructional, PC Security, PC Tips and Tools, Uncategorized | 1 Comment »

« Previous PageNext Page »