Email Security Blog

I was asked to verify my email address when I signed on to some groups. When I went to do that and got ready to send I was told that my response was not going to a secure site. Therefore I cancelled sending the verification. Why is Yahoo not using a secure site for verification notices?

ok in my opinon sounds like forged webpages trying to stealyour password, check the validation on there cetificates
but i still say stay away from it
good luck

When the Super Highway became commercialized, its use was intended for the free and legitimate exchange of information and instantaneous communication. It was a fairly innocent medium, awkward to some, but still innocent and safe. However, nowadays, staying safe online has become a never-ending battle â?? for children as well as adults. Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to our personal security and our privacy. Our money, our computer, our family, and our business are all at risk.

For example, researchers have found that most web browsers handle pop-up windows in a manner that makes them vulnerable to a simple phishing technique that allows fake content to look genuine. Even fully patched, standard versions of globally used browsers including Internet Explorer, Firefox, Opera, Konqueror, and Safariâ??used by trusted sites such as banksâ??allow malicious sites to insert their own content into any pop-up window, as long as the target name of the window is known.

Over the past year, experts warned of new attacks that not only circumvent DomainKeys but, adding insult to injury, even exploit the fledgling e-mail signing technology for their nefarious ends.

As eWEEK’s Dennis Fisher reported, the technology once regarded by many in the security community as one of the best hopes for preventing e-mail address forgery is now being used to make bogus messages appear legitimate, thus undercutting confidence in the system. “It proves that people will get to the point where they can’t trust e-mail from anywhere,” one security expert, who requested anonymity, told Mr. Fisher.

But things seemed darker yet before a ring of cybercriminals was recently broken up by Russian authorities. These cybercriminals used keylogging software that they had planted in email messages and had hidden in websites to draw over $1.1 million from personal bank accounts in France.

Their goal was to infect the inner workings of computers in much the same way that mischief-making virus writers do. The twist here is that the keylogging programs exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer. This is a more invasive approach than phishing, which relies on deception rather than infection, tricking people into giving their information to a fake website.

The keylogging programs are often hidden inside ordinary software downloads, email attachments, or files shared over peer-to-peer networks. Because they can be embedded in webpages, they take advantage of browser features that allow programs to run automatically.

The hidden keylogging programs infect the computers of unsuspecting users. This puts the keylogging programs in the category of malicious programs known as Trojan horses, or just Trojans. These Trojans are very selective because they monitor the web access the victims make, and start recording information only when the user enters the sites of interest to the fraudster.

The growing threat of spyware. Beyond the phishing epidemic, spyware was on track to replace mass-mailing worms as the biggest security threat in the coming year. This technology, which uses covert techniques to install itself on computers and track user activity, is dangerous because malicious code can be executed on infected systems.

As eWEEK.com’s Ryan Naraine reported, spyware, also known as adware, has become the preferred way to deliver malicious Trojans, which can relay information to other computers or Web locations, thus putting user passwords, log-in details, credit card numbers and other personal information at risk.

Notwithstanding financial chief security officers’ complaints, the Feds spent a good deal of the past year studying cyber-crime, pondering and passing legislation to thwart it, and even handing down the first-ever felony conviction of a spammer. The spammer, Jeremy Jaynes, received a sentence of nine years in prison when a jury in AOL’s home county convicted him and his sister.

What Lies Ahead: In the coming years, internet users will not only have to be more vigilant, but will also have to demand more from vendors vis-à-vis secure products, as well as will have to go through legislative wording with a fine-toothed comb.

To protect ourselves, our approach to internet use will have to change to stay ahead of the cybercriminals. But we cannot do it alone, as exemplified by Mr. Greg Garcia, the Assistant Secretary for cyber-security and telecommunications at the U.S. Department of Homeland Security, when he said that he and his team are already hard at work creating policies that aim to better protect critical infrastructure.

Although the United States government is better suited than ever to defend the nation’s computing and communications networks, federal watchdogs will need private industry to lend a hand to keep attackers at bay, according to the first-ever federal cyber-security czar.

The cyber-security chief went on to say that his initial priorities revolve around work to breed cooperation between federal agencies to develop common security policies for defending networks and to help the private sector strengthen national preparedness and incident-response plans. Garcia said his most important role will be to serve as a focal point in the U.S. government to drive national security policies across both the public and private sectors.

On a personal level, there is more that we as individuals will have to do in order to keep the internet and the personal computers in their homes and businesses safe. We need to change our thinking and actions when it comes to computer security, especially when going online. But we cannot do it alone; we need an internet security team of experts making sure that we, our family, and your computers at home and place of business remain safe and secure.

The best protection we can have in today’s rapidly changing world of cyber-attacks is to have expert support for all our internet security needs that will provide technical support without any hassles and without charging you extra fees. It will become even more critical than it is today as time goes on. We will need to find our own personal team of experts to rely on. If we ever have a security problem, we will want to have a trusted expert we can call for professional help, without any hassles and extra costs!

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Our money, your computer, your family, and your business are all at risk.

These cybercriminals leave you with three choices:

1. Do nothing and hope their attacks, risks, and threats donâ??t occur on your computer.

2. Do research and get training to protect yourself, your family, and your business.

3. Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say “No!” to hackers and spyware, everyone wins! When you don’t, we all lose!

© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator

Scott Merrill of TechCrunch.com says that when it comes to web email, you sacrifice security for convenience. 09.23.08. Interview by TalkingHeadTV.com Distributed by Tubemogul.

Duration : 0:3:53

more… »

Technorati Tags: email, gmailcom, merrill, palin, passwords, safe, sarah, scott, talkingheadtvcom, techcrunchcom, yahoocom

Microsoft Office Outlook 2007 Tip - Anti-Spam - In the past year, spam has gone from a minor annoyance to a great danger. With an increase in the number of unwanted messages along with the likelihood of viruses and Trojan horses: email security has never been more important. Microsoft® Office Outlook® 2007 has several new security features that help keep your email safe.

Duration : 0:1:1

more… »

Technorati Tags: 2007, anti-spam, Connected, email, Get, Horse, junk, Microsoft, Office, outlook, PC, Tip, tips, Trojan, Virus, Viruses

After having difficulties with a download, I contact the website to purchase the DVD and was asked to email payment and address details. I'm not very keen on it but is there a secure way of doing this?

No. Email is not a secure way of sending information. You should NEVER send anything personal through email.

Write back to the company and tell them and you cannot send any of that nature through email due to security reasons; mention that they should know better.

There should be an alternate way of contacting them. How about picking up the telephone? Don't they have a phone number? That would be my recommendation.

I have a friend who wants to send an email to another individual, but she does not want that email to be forwarded on to other email addresses. Is there a way to secure an email message in this way? Can Yahoo mail do that? Any other free email service (gmail, hotmail, etc)?

No.

Anything that the recipient could read, they could copy and paste, or do a screen shot of it, and then send it wherever they want.

If you don’t want it spread around, don’t send it in the first place.

Internett banking has rapidly grown over the last 3-5 years. You find advertisements for it everywhere. And why not? Internett banking makes doing your normal banking activity so much more convenient than ever before. You can find Internett banking at all major banks online.

It’s now possible to not only do your normal banking, but you can also invest money in an online savings account, take out a loan, pay for insurance premiums and even pay your bills through your Internett banking account. This can be done from anywhere in the world. But, that brings up an important question. Just how secure is Internett banking? How safe is your money?

When you talk with any bank they will all tell you the same basic things, internett banking is extremely safe and secure. They will tell you that they have installed firewalls that are the newest in technology and the best available. They will tell you that their login systems are the most secure systems in place and protect you from would be thieves who may try to gain access to your account. And that sounds great doesn’t it? But, keep in mind that while this is top level security and you may never experience a problem, hackers can tap into just about any system they want. This is proven virtually every week when you hear stories on the news about hackers gaining access to millions of credit card accounts, or social security numbers. Nothing can ever be 100% secure.

When you open up any new Internett banking account, you’ll be given a login name and password. Make sure you never give out your information to anyone else. Keep it safe and secure, and don’t store it on your computer.

Another important security point to mention is email. I’m sure you have heard about the email scams over the years in which scammers will send you an email telling you that you need to update your account information and to send in your personal info, etc. It’s a hoax. These people will take that information and clean out your account in no time flat! You would be shocked at how many people do send in their info. If you get such an email, call your bank and ask them about it. No bank will send you an email like that.

You may want to change your password each and every month in order to further reduce the risk of potential hackers gaining access to your account.

When using Internett banking services on your computer, log out each time you are online. Don’t just walk away. And never do this on a public terminal or a non-secure connection. For instance, if you’re online at the library, log out when you’re finished. Why is this so important? If you don’t log off a public terminal the next person to use it can easily get access to your account information. It’s a sure recipe for disaster.

Online banking is here to stay. It is so convenient to do your banking online when you want to do it. And by using a little common sense and being careful with your information, Internett banking is a very safe way of doing your daily banking.

Are you sure? Believe it or not, cell phones are a security risk. Not that you can possibly live without talking to your friends and playing Tetris while listening to MP3s. But yes, cell phones are a risk. Consider 5 worst case scenarios and better yet, the alternative to panicking over the situation.

1. Stolen Sidekick
So your cell phone has been stolen! Or lost, more likely. Most people simply take lost cell phones they find rather than pickpocketing them. If you have a special model, such as a Palm Treo, Razr Killer or T-Mobile Sidekick then obviously unscrupulous individuals will want to take your phone and listen to their own MP3s. The first step is to call your provider and let them know the phone has been lost. Ask them to disable any outgoing calls. Also ask about a replacement phone. Some service providers offer a replacement phone depending on the selected service plans. (Be sure that, if you have replacement phone coverage, that they are replacing your phone with a brand new one, not a refurbished one.)

2. Cell Phones In School
Misbehaving in school is a national pastime. Naturally children or teenagers with cell phones are bound to abuse their privileges sooner or later. One risk is that they get caught playing during the assignment and their luxury Sony/Ericsson or Motorola phone gets confiscated. There are also concerns for cell phone theft and robbery on school grounds. Many cell phones come with security devices or protective accessories to help people of ages keep their phones functioning and prevent loss or damage.

3. Cell Phones and Driving
Did you know that some politicians want to ban cell phone use while driving? While it’s debatable if this should take place, it is true that talking on a cell phone will hinder your ability to drive. Face it, checking your email and browsing the web on an LG Fusic or Nokia N91 can be an involved task and one second later, you could be in a car accident. For your own protection, be very careful when speaking on a cell phone in traffic, use a hands-free set, and try to limit the time as much as possible. Better yet, stop the car, then make your calls.

4. Diseased Cell Phones For Sale
Some people claim that cell phones could contribute to bad health. Some scientists even speculate that rare types of cancerous tumors could develop from heavy cellular use. However, no conclusive evidence has ever been produced that links ill health effects with cellular phones. If sure evidence of mutation or disease comes to light, surely cell phones would be done away with, much the same way American has turned its back on tobacco products.

5. Cell Phones Without Plans
Worst case scenario! A cell phone that doesn’t work for you! Don’t panic. There are several big wireless providers from Verizon to Motorola Razr and they are generously willing to accept your money. Seriously, whether you want low monthly payments with just emergency chat time, or anytime anywhere minutes at a set monthly price, there’s a plan for you. If there are cell phones for soldiers stationed halfway across the globe, then there’s a plan for you. Most service providers feature cell phone reviews on their website detailing plans as well as phone features.

Don’t panic! There’s a solution to your worries so as long as you have your Smart Phone around. Between you and the super electronic device you hold, you’re bound to figure it all out.

How to spoof an email with correct header information using telnet. For more videos visit http://screencastr.com

Duration : 3 min 31 sec

more… »

Technorati Tags: spoof

May 23, 2007 lecture by Ian Goldberg for the Stanford University Computer Systems Colloquium (EE 380). In this talk, Ian discusses “Off-the-Record Messaging” (OTR), a widely used software tool for secure and private instant messaging; he outlines the properties of Useful Security and Privacy Technologies that motivated OTR’s design, compares it to other IM security mechanisms, and talks about its ongoing development directions.

EE 380 | Computer Systems Colloquium:
http://www.stanford.edu/class/ee380/

Stanford Computer Systems Laboratory:
http://csl.stanford.edu/

Stanford Center for Professional Development:
http://scpd.stanford.edu/

Stanford University Channel on YouTube:
http://www.youtube.com/stanforduniversity/

Duration : 1:20:42

more… »

Technorati Tags: application, Computer, design, engineering, Goldberg, Ian, im, privacy, programming, science, Security, software