Someone recently told me, "You would have to be a stupid to lose your personal information." While I respectfully responded to this person in the moment, the comment has stuck with me. I present on Identity Theft all over the Western United States, and thought I would respond to this particular individual in writing.

There are multitudes of ways to lose your personal information. You have undoubtedly heard of many of them. Fake web sites, data theft, stealing people’s trash, stealing people’s outgoing mail, check fraud, etc., are just a few of the possibilities for loss of information. Job ads are also being used for Identity Theft. Monster.com ranks fake companies posing as real companies on their web site among their biggest problems.

So, to you who think that it could never happen to you, you might want to read this next sentence twice. No matter how good you are, no matter how vigilant, no matter how much you shred or tear, no matter how many times you go to the post office so that you don’t put outgoing mail in your home mailbox, regardless of how well you can hide in your home, there is no 100% effective defense against Identity Theft. Let me say that again, in case you don’t read it twice. There is NO 100% effective method to defend yourself against identity theft.

Here’s an example of why. Let’s say you want to get health insurance, or auto insurance, or finance a car, etc. etc. etc. Let’s say for purposes of this example that you are trying to get health insurance through your company. This is a relatively simple process, right? Fill out the form, and wait to get the insurance cards in the mail.

What you may not realize is that the insurance agent has taken the form you filled out and submitted it for group health. It is submitted to three different companies for underwriting. So now, the insurance agent and the insurance company has the information from you, the three companies supplying the insurance coverage have the information on you, AND all of the employees at all four points have access to the information. Think about how many employees that might be.

That information is often then passed on to a data warehouse like ChoicePoint, and anyone who has access to ChoicePoint now has access to that information. Who has access to ChoicePoint? I think with the recent news articles, the more appropriate question is, who doesn’t have access to ChoicePoint?

The information is also submitted to your MIB (Medical Information Bureau) file. Anyone who has access to the MIB files, now has access to all of that information. Who has access to the Medical Information Bureau records? Anyone, at any hospital around the United States, who has even a small amount of clearance, has access to the Medical Information Bureau records.

According to John Gardner, co-author or Chicken Soup for the Entrepreneurial Soul, "This makes the Identity Theft Shield, along with a Pre-Paid Legal Services Membership, an absolute must for anyone that’s breathing.”

So to you, sir, who more or less said to me, “You’d have to be stupid to become a victim of Identity Theft!” I wish you my best. If you want to continue thinking that shredding your information is going to protect you, then for you I respectfully choose a phrase used by my friend Larry Smith. “Sometimes, you just can’t fix stupid.”

Jonathan Kraft is Colorado’s foremost expert on computer-related Identity Theft. He has been helping employers and employees to protect themselves from the issues surrounding Identity Theft since long before identity theft reached today’s epidemic proportions. To learn how Mr. Kraft can protect you or your company against the effects of Identity Theft, please call 877 825-7119, or email mailto:jkraft@strive4impact.com. You can also find out more online at http://www.strive4impact.com/idt

The Message Must Get Through
—————————–
The year is 300A.D., and you’re part of a war machine unlike anything the world has ever seen. You are a field General for the Roman Empire and charged with assimilating yet another non-Roman culture. Your current mission; get tactical information you’ve collected in the field to an outpost one hundred miles away. The land between you and the outpost is treacherous and filled with enemy. The information you’ve collected is critical to the success of the current campaign and must reach the remote outpost intact. This will call for ingenious deception.

You send for a messenger, who is in reality a Roman slave. The messenger’s head is shaved clean, and the message for the outpost is tattooed on his head. Several weeks later, the messengers hair has grown in and completely concealed the secret information. The messenger departs and one week later reaches the outpost. A quick head shave and the outpost has the information needed to ensure yet another victory for Rome.

This is one of the earliest forms of Steganography on record. The art of hiding messages within another medium and avoiding detection.

The Ancient Technology Of Deception
A Modern Day Threat
———————————–
Take a look at the following two images at http://www.defendingthenet.com/stgpic.htm. The first picture is quite normal. The second picture looks exactly like the first. However, the second picture is not a normal picture at all. It contains a portion of the article you are currently reading in the form of a Microsoft Word document. It has been embedded in the image using a Steganography program and is nearly undetectable. Not only can you not see a visual difference in the picture, the file size of the original and the Stego Medium (image with the hidden text) is exactly the same.

There are several programs on the Internet that may be able to detect a small anomaly in the picture, like "stegdetect", but the method used to embed the secret document is protected by a key, or password, as well.

The technology behind effective Steganography is quite complex and involves serious mathematical computations. Computers and technology make this a trivial task and make this art of deception a serious threat to the security of information. Company’s that regard their information proprietary, and rely on the security and integrity of their intellectual property, could be at significant risk.

A Real World Example Of Steganography
————————————-
Many organizations protect their internal network resources and information by using sophisticated security measures, such as firewalls. Many firewalls can block e-mail attachments such as executables, spreadsheets, and documents, and do so by looking for file extensions. Some security measures, or content filters, can actually determine if the particular file or attachment is actually the type to be blocked, a spreadsheet for instance, by analyzing the contents of the file. This helps prevent the transmission of file attachments that have had their extensions altered or removed.

But how many organizations block the sending of image files like, .jpg or .bmp images.

Imagine having someone on the inside of a company who secures a proprietary document. This person then embeds the document into a picture and sends it to an e-mail address on the Internet. The company’s defense systems block many types of file attachments, but image files are not considered a risk, so they are allowed through. The sender and receiver previously agreed on the method and type of deception. Using a Steganography package freely available on the Internet the task was easily and securely executed. The company was completely unaware of the fact that important information was leaked.

Conclusion
———-
There are so many components to this form of deception, I could write ten pages on the subject alone. The purpose for this article is to make people aware of this form of deception and the threat it poses to digital security.

Steganography also has an impact on non-digital information as well. And, pictures are not the only medium that can be used. Sound files are another favorite host for embedding secret information. If you would like to see Steganography in action you can download "The Third Eye" from the following link http://www.defendingthenet.com/downloads/steg.zip. It is a freely distributable Steganography program and was used to create the two image examples referenced above. This download contains the two images above and you will be able to open the image with the hidden text and extract it. The zip file contains a README.TXT file that will give you full instructions on how to extract the hidden text in the image.

But first, you will need the password! Can you guess it? I’ll give you a clue: What form of deception did the Roman General use to send his message?**

*The story "The message must get through" although based on documented information about a Roman General performing such an act of deception, is fictional and was written as illustration of such an event strictly for use in this article.

**You should be able to easily guess the password however I must point out that the password should be entered all "lower-case".

About The Author
—————-
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at darren.miller@paralogic.net or defendthenet@paralogic.net. If you would like to know more about computer security please visit our website. If someone you know has sent you this article, please take a moment to visit our site and register for the free newsletter at http://www.defendingthenet.com/subscribe.htm

Original URL
————
http://www.defendingthenet.com/Newsletters/Steganography.htm

I got a virus the other day, Thursday I believe and since then I have been making FRANTIC efforts to save all my info.

The most important thing for me to save are my Outlook Express emails and my Roboform passwords. That way I can at least access all the places I need, to download and re-install all the software I use.

Thankfully I was able to still access my Laptop and very, very slowly(the system was painfully slow because of the damge done by the virus) start a process of trying to save my system without having to reformat the whole disk. I say thankfully because after a virus attack not everyone is able to even access the system.

I tried anti-virus software, I attempted to fix things using the various "malicious advertising" expulsion applications(Ad-aware, Spybot etc.). All to no avail. After almost three days I resigned myself to the fact that it would have to be a re-format which means restoring my Laptop to factory settings. What a nightmare!

First of all I made a backup of my Outlook express email software, emails, account settings etc. For this I downloaded a great little free trial software application called Outlook Express Back Up Wizard, a free trial can be downloaded here: http://www.outlook-express-backup.com/ This software met by needs better than others I tried.

If you don’t use Outlook Express then you can download others by searching here: http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=RNWE,RNWE:2004-35,RNWE:en&q=email+backup+free+downloads

The I did a search for some backup software to back up the files that I could and also to use for future occasions. After trying a few that either wouldn’t work on my system, or didn’t back up to the medium that I wanted(CD Rom Discs) I found a great tool that just did the trick and in fact I plan to buy as soon as the free trial is up. The software is called "NTI Backup Now 4 Deluxe Suite" and it is so straightforward that even a tech dummy like me found it simple.

Again you can use the full version for 30 days free: http://www.ntius.com/

I added my Roboform(www.roboform.com) passwords, my Internet Explorer favourites, my Outlook Express backup, my Microsoft Money backup files(For accounting purposes), as many software installation files as I had and most of the files and folders that I have used recently.

Of course what I also ralised is that I have not kept the Install files of loads of the software that I have on my Laptop. Bad mistake! This means that I will have to go search for these again to download to my reformatted system.

What I will do in future is save every Install file in it’s own folder with passwords, serial numbers and any other useful info in a notepad file alongside them.

The hard lesson I have learned is to make sure in future I do frequent backups of my system. I have been online since 1998 and never had any major problems. This is the first and I foolishly underestimated the damage a virus could do.

My next step is to get an external drive to use as a backup and as I mentioned to use it frequently.

I hope this has given you some food for thought. As I sign off here I am going to insert my Toshiba Product Recovery CD-Rom.

If I had taken the necessary precautions I wouldn’t have just lost three days of my time. Three days I could have been putting to better use.

Ah well, there is positive in every bad situation. Or at least that’s what I keep telling myself:-).

Mal Keenan is editor and publisher of Home Business Tips Newsletter: http://www.home-business-tips-newsletter.com/ For more help and support from Mal Keenan visit his online training site: http://www.pluginprofitstraining.com

First I would like to stress I am condoning the art of hacking. Nor am I condoning the control and manipulation of the human race by way of frequencies interacting with the biological systems, which run the human body. We all know that the brain runs on chemicals and waves. We know from medicines, vitamins, alcohol, drugs and food intake that we can alter those chemicals. And most of us understand that brain waves are about allow for the process of cognition. The computers we use also run on frequencies which are use to hearing about for instance Pentium Chips running 1.2 GigaHertz. Cell phones run 800 MHz approximately. Also the power supply in a computer runs on a certain cycle creating another set of waves.

The brain waves run at 5Hz to 50Hz range generally depending on the content of things like caffeine. And the nerves and body signals also have ranges, here is some interesting information on that:

http://www.ncbi.nlm.nih.gov/entrez/query.f…2&dopt=Abstract

Now then if we take quartz crystals and put them in PDA devices, we could communicate to the bodies own system through the 8.0 KHz range:

http://www.cmac.com/mt/databook/crystals/smd/cx1_2.html

You can also put a thought into someone’s mind through the waves and frequencies at this level with a little fine-tuning. Meaning you could communicate without speech. And this has uses in Space travel, Under Water Exploration and even in special teams, which need quietness to fulfill mission.

http://www.phoneinbuddy.com/TB_compression.htm

Now when someone is carrying a personal electronic device there are ways to get to these frequencies. One way is to find the difference between the two components of the device, for instance the motherboard and the CPU, and get that device to one of the numbers near or around 5-50 Hz or 8 KHz. This can be done by sending information or energy to the device from somewhere else. This can be done by first pinpointing the device by GPS or other line of sight means and then sending pulses to the device, which will boost or lower the devices output or by sending a signal to the device under normal conditions that the device uses to operate. Microwave, Terabeam, Sound, laser, etc. may all be used for such. Now then once you spike one of the components of the device close to the other components range and get the difference within the range of the human bodily functions frequencies you can then introduce the desired result. For instance put the person to sleep slowly by lowering the difference between the waves of the device. You could increase it causing anxiety and possible even introduce information into the brain. For instance, you could contact the brain and auditory function and say “Run” or “This is Allah, killing Americans is wrong, put down your weapon and return to your family and be a good father and knock it off.”

We already know that wireless devices can be easily hacked into as we have been reading. For instance the new WiFi freedom also has associated flaws and potential risks. You might want to Google these companies also on the subject: Airdefense, Atheros, LXE, and Airmagnet.

HIPPA issues medical data could be at risk without scrutiny since Hospitals and First Responders must rely on mobile devices to help save lives and remain efficient in those times of critical need. The medical industry is certainly discussing the HIPPA issues with wireless mobility. How can they have the information rapidly available and also maintain complete privacy when the information goes over the airwaves?

As speed increases and add ons occur security issues need to be continually reviewed and upgraded procedures. Blackberry is concerned and diligently working on the problems. Other Wireless Security Issues Include some below and this is just the beginning really, after all we cannot even get rid of SPAM.

While tapping information from normal citizens you can see the problems. Then the people in the know will export the hacking technology and then the same companies working in defense will have these people employed there, then those people will teach others who are our potential enemies and then we are in trouble.

As this technology becomes more advanced it is quite possible to read people’s minds, enter thoughts into their heads, put them to sleep, increase heart rates to non-possible levels, cause anxiety or disrupt nerve impulses and mobility. All by using their on board PDA, Cell Phone or other electronic device. It is even possible now to send information this way using the skull and jawbone as an antenna and the vibrations are picked up by the inner ear.

The PDA wireless device or cell phone is merely an amplifier and since it has it’s own power source maybe used in such a way as these companies are discovering and consumers seem to be happy to use. By reducing the amount of energy in the device itself batteries will last longer since lower volumes will be needed. The energy could come from the sender entirely, therefore batteries draining are no longer an issue. If people have RFID implants they could hook themselves up to a machine at night running on 8Hz which could super charge their immune system along with a once per week tablet of super vitamin C with is said to be 100 times more potent than the Vitamin C Fred Flintstone Chewables our kids take. Having a pace making device to steady one’s system while performing extraordinary tasks could be good for adrenaline burn on nerves, NASCAR drivers, Apache Attack Helicopter Pilots, Astronauts, etc. by stabilizing the body and allowing the mind to focus on the event in a clear headed way.

If an enemy set of troops has implanted RFID tags we could stimulate the bodily functions by way of external impulse waves and help them change their minds to fight. Therefore Blue and Red Force tracking issues would be in our favor even if they had identical systems which were bought by pirated software from the DOD by a rogue nation. We could disable and over power implanted devices and therefore they would show up as another color, the enemy would see it’s “Blue-friendly” turn to “Red Bad-guy” and thus not know who is who and kill their own men or be so confused that they stopped giving orders of what to shoot at and in the confusion and hesitation you have the time on your side and all options meaning, a decisive victory is in sort order of said battle.

It may appear to be rather a difficult task to take control of a body, but really it is not since the body is merely an organic robot and it works on a set of principles. You only have to change those few things. When we recently discussed the use of Long-range wireless tasers for crowd control we could see what we are technologically advancing in this regard. We know that we can stop human armies by way of bullets, explosion, harmonics, microwaves. We can blind them, nuke them, sterilize them and even make them fall down and cry.

But using this methodology of using portable devices on that person, we could essentially control them by phone lines half way around the world. Once access is giving or even overwhelmed by electronic power you would have control of that person’s thoughts, central nervous system and heart rate. An interesting concept in that a doctor could have a patient on the phone and stabilize their blood pressure, heart rate or even put in settings for super healing while they sleep. Or in the case of conflict you could bring an army to it’s knees and completely immobilize it, put the rank and file into deep sleep, end the natural lives of those participating trying to kill you or make them think twice about what they were doing. This is not science fiction we are nearly here, we need to stay "Heads UP" on these issues.

"Lance Winslow" - Online Think Tank forum board. If you have innovative thoughts and unique perspectives, come think with Lance; www.WorldThinkTank.net/wttbbs/

Today’s Internet or World Wide Web is being over regulated.

But, are you being taken for a ride, are you lead to believe that Governments World Wide are creating new legislation for your benefit or are there underlying factors that these laws are more beneficial to Governments and big business?

First we had the Can-Spam and other laws passed regulating the sending of unsolicited commercial e-mail, that contains false or deceptive subject information, or that is sent from invalid e-mail addresses, but for me, my inbox still seems to always be full of junk mail. How many people have actually been fined or imprisoned.

The same can be said of downloading of music files from the Internet avoiding the music Industry copy rights and Musicians fees. There seems to have been more individuals caught than the sites that illegally provided the music downloads.

Search engines have the ability to track anyone who does a search and is also registered for a service at that search engine. If you use the AOL search engine and also use an AOL email account, the tracking cookie could track your surfing online and that information could be sold for commercial gain and be accessed by law enforcement agencies in theory.

In Pennsylvania last week there were two separate lawsuits accusing a Florida travel promoter and its telemarketer of ignoring prior warnings and illegally contacting nearly 200 Pennsylvania consumers who had officially registered on the state’s "no call" list. The complaints came from consumers located in 13 Pennsylvania counties.

The firm of Telemarketers when asked by individuals who had registered their name and phone number on the "No Call" list said:

1. They did not see the consumers name on the "no call" list.

2. They were following up on a package that they had mailed to the consumer when in reality they did not send the consumer a package.

3. They must have dialed the consumer in error, sorry.

The "No Call" list must be checked by telemarketers and in theory if a registered individuals name or phone number came up on the computer list that the telemarketer was about to call, it should be easy enough to skip on to the next person.

You can learn more and register your cell phone or home phone number with the "Do Not Call" registry for a period of 5 years. There is no fee to register.

https://www.donotcall.gov

As of January 1, 2005, telemarketers and sellers are required to search the registry at least once every 31 days and drop from their call lists the phone numbers of consumers who have registered. https://telemarketing.donotcall.gov Telemarketers pay a fee to obtain the list of local, State wide or U.S. Do Not Call lists.

The list for up to five area codes is free. The annual fee is forty dollars per area code of list data (after five), with a maximum annual fee of eleven thousand dollars for the entire U.S. database.

For a telemarketer to phone a person listed on the no call list it is the same as sending unsolicited email. Both are illegal.

Registering and purchasing the do not call list is much cheaper and safer than not doing so.

If you intend to phone everyone in your local area code to promote your amazing new widget. Don’t do it until you have registered as a telemarketer and obtained the list of not to call people in your calling area.

If you have purchased Leads which legally have to include time and date stamp, IP address etc to comply with Government email Laws and Acts, you are able to phone them. But do introduce yourself, your company and the product or service in a clear and honest way or you could fall fowl of the many Consumer Acts that are also in place.

Since the 911 terrorism incidence, your privacy on the Internet, phone and other forms of communication is being monitored or at least the FBI and other law enforcement agencies can legally tap your phone and intercept your email.

One piece of legislation that is being debated both in the Senate and the House of Representatives is "The Patriot Act" as a good part of this Act is due for renewal at the end of this year.

Portions up for renewal include those sections regarding computer hackers, sharing information gained through Wire Taping, Internet Service providers to hand over customer information and records in times of possible emergencies and for the Police to listen in on communications as thought necessary and court orders if there is a possibility case of terrorism suspected.

The Patriot Act, (great choice of name) was created to give authorities more powers in times of terrorism but goes way further than that!

I believe this act is necessary in this day and age when it comes to threats to National Security but, where does this leave your privacy?

As consumers, citizens and business owners we all have rights, its just a pity that there are a small number of fanatics and idiots out there that spoil it for the rest of us.

May you have a safe and secure week.

Peter Green
Editor of ~ The INDEX ~ ezine.
Editor@Internet-income-index.com
http://www.Internet-Income-Index.com

Your Free Weekly Internet Marketing News, Ideas, Resources and Sources Ezine.

Viruses are, however, not the only malicious software programs out there. The newest addition to the evil software family is the so called Spywares and a good anti-virus program or firewall is not enough to safeguard against these clever programs.

Spywares are known by many names such as adware, trojans, malware, browser hijackers etc. The thing they all have in common is that they will transmit your personal information to companies and individuals who have an interest in knowing about your surfing habits, online purchases, credit worthiness, interests, web searchs, chats, birth date and even your credit card number. The list goes on and on, since Spywares are constructed by promotional companies who need to know as much as possible about the online consumers to target them effectively. By ewes dropping on you online, these companies hope to be more successful when sending out promotional materials.

Spyware usually enter your PC by piggybacking on other software downloads. Every time you use downloaded or otherwise shared files, including Freeware, Shareware or p2p sharing programs, you stand the risk of unknowingly infecting your computer with Spyware. Even confirmed virus free music files, films and computer programs can have Spyware stowaways. Once inside your computer, they will hide, monitor all your actions and promptly start telling your secrets to anyone willing to listen.

Contrary to most viruses the Spywares actually make an effort not to be observed. Since they won’t cause obvious harm such as deleting important files or shutting down your computer, they can thrive in your PC for years without you noticing, sending out massive amounts of information about all your online habits.

At a first glance, you might find this annoying but essentially harmless. Why not let the companies send me promotional material about things I am actually interested in? Spyware is however far from harmless, since the infiltration by Spyware not only let the companies know about your latest online search, but also much more private matters such as credit card details, online purchases of medicine and your private e-mail correspondence with family, friends and business partners. There are even examples of how this massive gathering of personal information has led to an overall loss of privacy and stolen identities. In the computerized world of today it is not hard to imagine the amount of damage and personal suffering the fraudulent use of a persons’ identity can cause.

It is obvious to anyone that we must start combating the Spyware programs, but the best way of doing this is not to panic and pull the plug on your PC, never go online again and keep five feet away from all Freeware. There is a much better solution: http://www.supportcave.com

http://Supportcave.com offers new and enhanced free Spyware Remover Software. Not only will these programs effectively check and clean your computer from Spyware, once installed they will also shield your computer from future Spyware intrusions and browser hijacks - before the malevolent software even have a chance to enter you PC! Spyware Remover Software is an important function all computer users should rely on to ensure their computer is free from nosey software and their privacy protected.

A crowded marketplace can lead to unethical webmasters using underhand techniques to get ahead of their competitors and online plagiarism is one of the easiest.

I had worked hard on the copy for my sales page at Watch Live Football (http://www.watchlivefootball.com), ensuring the copy was relevant to potential customers and contained keyword rich phrases to assist with search engine ranking.

Understandably, I was incensed when I found not one, but two websites selling a similar service had not just pinched a few key phrases here and there from my website, but had reproduced the entire text verbatim!

I found these offending websites by using Copyscape (http://www.copyscape.com) which is an invaluable, free tool, in the battle against online plagiarism.

It highlighted that my competitors had stolen 254 words from my sales copy despite there being a clear copyright logo at the foot of each page of my website. However, this alone does not prevent an unscrupulous webmaster and CTRL & C command in full flow.

Fortunately, dealing with plagiarism on the internet can be a straightforward process and incidents resolved quickly and amicably before any real ‘action’ needs to be taken.

This is how I ensured my sales copy was removed from the two offending websites in less than 24 hours of discovery.

Write a polite, but firm email to the webmaster of the offending website and explain that you have found your copyrighted work has been illegally reproduced on it. If you have used Copyscape to detect plagiarism you could even include the link that highlights the illegally used copy and states an actual word count.

Inform the webmaster your material should be removed from their website within a certain time frame, I chose 48 hours, or you will take the following action:

1. Contact their web hosting company and inform them of the webmaster’s abuse. A WHOIS search (e.g. http://www.whois.sc) can reveal plenty of information about a particular website, including hosting information and also contact details of the individual or company that registered the website.

A personal introduction, for example, ‘Dear Mr Smith’, is very effective when making the first contact to combat plagiarism, especially if this information is not readily available on the ‘Contact’ section of the offending website!

2. In case the offending webmaster does not take the prospect of the above action seriously then you should also clearly state you intend to file a notice of Digital Millenium Copyright Act (DCMA) infringement with search engines such as Google and Yahoo.

This action can potentially ruin a web business as the search engines take a dim view of plagiarism and can remove an offending site from their search results should an infringement claim be justified.

You can also point out that you can prove your website is the originator of the copy by using the Internet Archive (http://web.archive.org/).

These simple procedures should be enough to persuade an offending webmaster to remove your material without the need for legal action which can be a long, drawn out and expensive process.

© 2005 David Walker

David Walker is the Managing Director of Magic Hat Ltd (http://www.magichatltd.co.uk), a company which provides webmasters with a range of brand new sports, gambling and entertainment affiliate programmes to promote.

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to 34. Capable of creating chaos worldwide."

The above description is the profile of the average computer-virus writer, according to Jan Hruska, the chief executive of British-based Sophos PLC, the world’s fourth-largest anti-virus solutions provider.

"They have a chronic lack of girlfriends, are usually socially inadequate and are drawn compulsively to write self- replicating codes. It’s a form of digital graffiti to them," Hruska added.

To create and spread cyber infections, virus writers explore known bugs in existing software, or look for vulnerabilities in new versions.

With more and more new OS (operating system) versions, there will be more new forms of viruses, as every single software or OS will carry new features, and new executables that can be carriers of the infection.

Executables are files that launch applications in a computer’s operating system, and feature more prominently in new platforms like Microsoft’s Windows 2000 and Windows XP than they did in the older DOS or Windows 3.1.

Virus writers also share information to create variants of the same infection, such as the Klez worm, which has been among the world’s most prolific viruses.

The Klez, a mass-mailing worm that originated in November 2001, propagates via e-mail using a wide variety of messages and destroys files on local and network drives.

But the news gets worse. Recent events have uncovered what may be a new trend: spammers paying virus writers to create worms that plant an open proxy, which the spammer then can use to forward spam automatically. Many suspect this occurred with the SoBig virus.

The Sobig worms, began spreading in the early part of 2003. The unusual thing about them was they contained an expiration date and were given a short life cycle to see how features worked in the wild.

Having an expiration date also makes the virus more dangerous, because most people would have been alerted to the new worm within a few weeks and anti-virus definitions would have been updated.

A variant of Sobig, Sobig-F was so efficient that just a few infected machines could send thousands of messages. Sobig-F created a denial-of-service effect on some networks, as e- mail servers became clogged with copies of the worm.

According to Mikko Hypponen, manager of anti-virus research for Finland-based F-Secure Corp, Sobig-F sent an estimated 300 million copies of itself.

Computer Economics, Inc. states, "Nearly 63,000 viruses have rolled through the Internet, causing an estimated $65 billion in damage." However criminal prosecutions have been few, penalties light and just a handful of people have gone to prison for spreading the destructive bugs.

Why is so little being done? Antiquated laws and, for many years, as crazy as it sounds, a "wink, wink" or even admiring attitude toward virus creators.

One person has been sent to prison in the United States and just two in Britain, authorities say. But the low numbers are "not reflective of how seriously we take these cases, but more reflective of the fact that these are very hard cases to prosecute," said Chris Painter, the deputy chief of computer crimes at the U.S. Department of Justice.

So what can you do to protect yourself against computer viruses?

Well, first and foremost, make sure you have proven anti-virus protection like like Symantec’s Norton Anti-Virus or McAfee’s ViruScan.

In addition, If you haven’t already done so, I highly recommend installing Microsoft’s Service Pack 2. SP2 tightens your PC’s security with a new Windows Firewall, an improved Automatic Updates feature, and a pop-up ad blocker for Internet Explorer. Plus, the newly minted Security Center gives you one easy-to-use interface for keeping tabs on your PC’s security apps.

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to 34. Capable of creating chaos worldwide."

Now, I’m no psychiatrist, but to me, the above description sounds more like someone with a few "bats in the belfry!"

About The Author

Dean Phillips is an Internet marketing expert, writer, publisher and entrepreneur. Questions? Comments? Dean can be reached at mailto: dean@lets-make-money.net

Visit his website at: http://www.lets-make-money.net

What is a Firewall?

The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network.

The primary goal of a firewall is to implement a desired security policy; controlling access in both directions through the firewall, and to protect the firewall itself from compromise. It wards off intrusion attempts, Trojans and other malicious attacks.

Personal Firewalls:

They are meant for the home user in a networked environment. They aim to block simple attacks, unlike the enterprise level firewalls that the corporate world uses at the server or router end. There are many ways to implement a firewall, each with specific advantages and disadvantages.

Are they really needed?

Nowadays organizations and professionals use Internet technology to establish their online presence and showcase their products and services globally. Their endeavor is to leverage digital technology to make their business work for them.

All the organizations and professionals are shifting from Dialup to broadband and getting a fixed IP. It has led to an increase in security attacks, bugs in everyday working. This does not mean that Dialup being anonymous dynamic link or the firewall of the ISP network make you pretty safe.

Now if your machine was under attack, you must have wondered what went wrong making your system crash suddenly. So I would rather like to say, it’s not necessary for anyone to actually know about you or your IP address to gain access to your system.

If you system is infected or prone to intrusions, then beyond the anonymity of your Dialup connection or a dynamic IP, your system can be hacked.

Types of Attacks

Intrusion:

There are many ways to gain unauthorized access to a system. Operating system vulnerabilities, cracked or guessed passwords are some of the more common. Once access is attained, the intruder can send email, tamper with data, or use the system privileges to attack another system.

Information Theft and Tampering:

Data theft and tampering do not always require that the system be compromised. There have been many bugs with FTP servers that allow attackers to download password files or upload Trojan horses.

Service Attacks:

Any attack that keeps the intended user from being able to use the services provided by their servers is considered a denial of service attack. There are many types of denial of service attacks, and unfortunately are very difficult to defend against. "Mail bombs" are one example in which an attacker repeatedly sends large mail files in the attempt at filling the server’s disk filesystem thus preventing legitimate mail from being received.

Types of Attackers

Joyrider:

Not all attacks on computer systems are malicious. Joyriders are just looking for fun. Your system may be broken into just because it was easy, or to use the machine as a platform to attack others. It may be difficult to detect intrusion on a system that is used for this purpose. If the log files are modified, and if everything appears to be working, you may never know.

Vandals:

A vandal is malicious. They break in to delete files or crash computer systems either because they don’t like you, or because they enjoy destroying things. If a vandal breaks into your computer, you will know about it right away. Vandals may also steal secrets and target your privacy.

“In an incident a Trojan was being used to operate the web cam. All the activities being done in the house were being telecasted on the websites.”

Spies:

Spies are out to get secret information. It may be difficult to detect break-ins by spies since they will probably leave no trace if they get what they are looking for.

A personal firewall, therefore, is one of the methods you can use to deny such intrusions.

How Firewalls work?

Firewalls basically work as a filter between your application and network connection. They act as gatekeepers and as per your settings, show a port as open or closed for communication. You can grant rights for different applications to gain access to the internet and also in a reverse manner by blocking outside applications trying to use ports and protocols and preventing attacks. Hence you can block ports that you don’t use or even block common ports used by Trojans.

Using Firewalls you can also block protocols, so restricting access to NetBIOS will prevent computers on the network from accessing your data. Firewalls often use a combination of ports, protocols, and application level security to give you the desired security.

Firewalls are configured to discard packets with particular attributes such as:

Choosing a firewall:

Choose the firewalls which have the ability to ward of all intrusion attempts, control applications that can access the internet, preventing the malicious scripts or controls from stealing information or uploading files and prevent Trojans and other backdoor agents from running as servers.

The purpose of having a firewall cannot be diminished in order to gain speed. However, secure, high-performance firewalls are required to remove the bottleneck when using high speed Internet connections. The World-Wide-Web makes possible the generation of enormous amounts of traffic at the click of a mouse.

Some of the good firewall performers available in the market are below:

Most of these firewalls are free for personal use or offer a free trial period. All the personal firewalls available can’t ensure 100% security for your machine. Regular maintenance of the machine is needed for ensuring safety.

Some of the tasks advised for maintaining system not prone to intrusions:

About The Author

Pawan Bangar,
Technical Director,
Birbals,India
ebirbals@gmail.com

This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.

Reason #1: the Basic Model

Anti-virus software vendors still rely on yesterday’s methods for solving today’s problems: they wait for the next virus to wreak havoc and then produce a solution. That worked for a long time when a virus would take years to traverse the world. But in this fast-paced Interet-crazed world we live in today, this type of solution is no longer applicable. Now a virus can traverse the world and infect millions of computers in minutes.

In the good old days a virus traveled by floppy disk. Put a floppy in your computer and save some data to it and the virus would infect the floppy. Then unwittingly put the infected floppy in another computer and presto the new computer would become infected. (I’m skimming over a lot of detail here to make a point). So the virus’ progress was slow and steady. Anti-virus vendors had time on their side. They had the time to get a copy of the virus, dissect it, run it through a series of tests to come up with a signature string (see below for definition), put the string into a database of strings to search for when scanning your hard drive (and floppies) and release the new database to the public. Ten years ago this system worked very well.

But now everyone is connected via the Internet. Now, using email as a transport point, it doesn’t take years to gather momentum, instead it takes a matter of minutes. And here is where the model breaks. Step back and ask yourself the following question: if vendors can catch “known and unknown viruses” as their literature states, how then is it that we continue to have virus problems?

The answer lies in the fact that virus authors have been more creative in coming up with new ways to infect and wreak havoc and the software industry has not responded in kind, preferring to stay embedded in its old fashioned methodologies.

Why don’t the old ways work any more, you might ask? It’s relatively simple. Let’s go through the steps.

A virus author unleashes NewVirus via email. He mass mails his virus to thousands of people. Some, not all, unwittingly open the attachment thinking it’s from a friend or the subject is so enticing that they are fooled into opening it without thinking it’s a problem (cf. nude pictures of Anna Kournikova). The email attachment immediately starts emailing everyone in his contact list and embeds itself into his operating system so that it’s activated every time he turns on his computer.

The folks he emails in turn get fooled into thinking the email is valid and they open the attachment. Very quickly all hell breaks loose. Agencies which monitor Internet traffic see problems arising with the sudden spikes in email traffic and they begin to get calls or emails alerting them to the fact that there’s a new problem. Samples are obtained and sent off to anti-virus vendors. They pass the emails through a series of tests to analyze what exactly the virus does and how it does it. Additionally analysis is performed to extract a unique string of 1’s and 0’s to identify this attachment as none other than NewVirus. This is called the signature string. It’s important that whatever string is arrived at does not exist in any other program or piece of software; otherwise, you will get what is commonly called a false positive.

Quick digression on “false positives”: if a vendor arrives at a unique string that just happens to be embedded in Microsoft Word, then every time a user runs a scan of their hard drive, Microsoft Word will be identified as being infected with NewVirus. Users will uninstall Word and re-install only to learn that they are still infected. There will be complaints; the vendor will be forced to re-assess the signature string and re-release his list of strings and admit the error.

Typically signature strings are matched against a whole boatload of commonplace software just to protect against this occurrence, but it still happens and vendors learn to add new software to their test beds.

OK, so the vendor has arrived at a signature string. Next? Implement the string into their string database so that when their scanners are scanning they will match what’s on your hard drive to what’s in the database. After the database has been updated they release the database to their customers in what’s commonly called a “push” where they send the updates to their primary users.

If you did not buy into this service, you must know enough to log into your anti-virus vendor and update your software so that you stay current.

So where are we? The bad guy –or problem teenager- has unleashed NewVirus. NewVirus has infected thousands of computers; vendors have been alerted; NewVirus continues to infect; solutions are achieved and “pushed” to corporate clients; NewVirus continues to infect hundreds and thousands of computers; corporate clients breathe a sigh of relief and alert their users as to the new threat.

Thousands, if not millions, of computers become infected and need to be cleaned because the best way to solve the virus problem is to wait for each new virus to come along and solve on a case by case basis.

But if you sat back and said: what if? What if you categorized all the things a virus can do (or could do), built a series of computers to allow any email attachment or program to have full rein of a computer (much like it would have on your own computer – such a computer is called “honeypot”) and then analyze that computer for unwelcome behavior?

That would be a true pre-emptive strike against all malicious software. This is the behavior-based model. Such a model would actually protect you unknown viruses, along with all the known 70,000 viruses.

In part 2 we’ll discuss the risks and security failures of having distributed vendor software on your desktop.

About The Author

Tim Klemmer
CEO, OnceRed LLC
http://www.checkinmyemail.com

Tim Klemmer has spent the better part of 12 years designing and perfecting the first true patented behavior-based solution to malicious software.

timklemmer@checkinmyemail.com