Saturday, February 19, 2005

Web Browsers

A Web Browser is a computer application that allows you to read web pages. The Internet Explorer (IE) is Microsoft's web browser.

Microsoft has embedded IE into their Windows operating system. An operating system (OS) is the core system that lets you interact with the computer. Windows XP is an operating system, as is Linux, Apple Mac OS X, and others. Microsoft decided that the internet was so important that it linked the IE web browser into Windows. This was a controversial move when it happened, but that is what happened. The result is that many web site designers designed their web sites to work well with the Microsoft IE browser. Some (but thankfully not all) will only work with IE.

Therefore, you need to have IE installed and regularly updated if you plan to use the web. The current version is version 6.0 with a large number of security patches added to it.

IE is the de facto standard for browsers because Windows is the de facto standard for operating systems -- almost everyone has IE, and no one can get rid of it. However, it is good software. You could go on your merry way and use IE and be happy, as long as you update it diligently.

But, you are not limited to using IE.

A few months ago, the Mozilla project released Firefox 1.0. Since I tried it, I use it for all my web browsing except where I must use Internet Explorer.

Why?

It is fast.

It is written with security in mind -- no "pop-up" ads unless you want them. Easy to manage security settings.

It allows "tabs" for browsing, in which you can open several web sites and easily move from one to the other by clicking on its tab.

It allows for better organized bookmarks of your favorite sites, and "smart bookmarks" for bookmarking and automatically updating your news feeds.

It has a clean design. It is easy to use.

It does not have the vulnerabilities IE has to viruses, if only because an army of hackers are more focused on IE.

Check it out. Highly recommended.

Google

If you need to find out anything, "Google" it.

Internet search engines are amazing in general. A "search engine" is a system that opens as many web pages as it can, and logs and indexes what it finds, allowing people to find web sites. And then, they do it again, and again, because web pages come and go, and get updated, or go away.

Of the search engines out there, Google (www.google.com) is, to my mind, the best. They provide an index of what is out there, and they also "rank" the importance each page they search by seeing if other sites refer to it. It is called "PageRank" and is explained at their site.

The bottom line is that while it does not cover the total vastness of the internet, Google will find you information on anything you would ever want to know.

You can also "Google" people -- try yourself! You can look for old friends, colleagues, school mates, future bosses. It is interesting what you can find -- sometimes scary.

Google has this so taped that it is now bordering on a generic term -- like Xerox or Kleenex.

Highly recommended.

Tuesday, February 15, 2005

E-mail Hoaxes Redux

Just a note on how long some of these e-mail hoaxes stay alive. A close aquaintance forwarded an alarming e-mail that turns out was a hoax. The hoax started in 1995 -- ten years ago. Some things never die!

Wednesday, February 09, 2005

Scams and Hoaxes

I really don't want this blog to be about internet security, it's just that right now, it is a big issue. There are a lot of criminals out there trolling for the technically unwary. They have no shame.

I received this e-mail last week:
===============================
Subject: I AM A VICTIM.

DEAR PATTERSON,

I write you this mail with sorrow and tears in my eyes. I do not mean to bother you with my problems but I am most disturbed and I have no other choice than to look for help from some one who is compassionate and have the milk of human kindness. I am not also writing to demand for any thing materialistic in whatever form from you, but I am writing to present to you a business proposition, which you shall profit from only if you decide to help me. I am wife to Mr.Samuel Ashaun,a Ghanian and a very successful international businessman, philanthropic, politician and a community deveoper. My late husband was an importer of certain commodities of which he alone has the sole patent right to bring into Ghana. He has traveled far and wide all his life while doing his business. He was also into business collaboration with so many friends all over the world and whatever he lays his hands turns out to be Gold. We (me and my daughters) were quite comfortable when he was alive and we never lacked anything. I am writing you to solicit your assistance because I lost my husband to the Tsunami Disaster that just happened some times back. He was on one of his business trips to Myanmar, in South East Asia when the disaster occurred. Me and the family members were worried when he did not come back as at when due, we sent messages to his business associates abroad but no one answered, we virtually sold everything he owned in an attempt to locate him, we even had to result to borrowing because I do not do anything here, I am just a permanent house wife. When we were not getting any news, we gave up until later when we realized he died in the disaster. Life has not been same for my daughters and me since then. In Africa where I come from, the Male child is regarded as very important while the female is regarded as nothing and less a human being to the male. Since I did not have a male issue for my late husband, his family relatives, kiths and kin has taken over and inherited his things that are left and even driven me and my daughters onto the street with nothing. We are starving and there is no one to help, no shelter and no money or food for us. My daughters has quite school because I cannot pay their school fees. I am now a poor widow. It is so painful to know that the funds being raised to help the victims of the disaster is mainly for the countries affected and not for people with my kind of plight and bad luck. It's so painful to know that no body remembers women from other part of the continent that are made widows by the disaster. I am writing you to help me. Last week, my late husband lawyer came back from abroad with vital information relating to the fact that my husband deposited a sum of Eight million,seven hundres thousand U.S. dollars in a foreign account which will pass onto me and my daughters in the events of his death, I was not aware of this. The lawyer told me he instructed him to let me and my daughters know this only in the events of his death. He did this because of the nature of his business, which involves a lot of traveling. The problem now is that i do not want his family members to know about this development in order to prevent them from bouncing on the money again as they did his properties here. This can be prevented only if the money does not come here. I do not want the money to come here. I am looking for who will help me receive this funds into his/her account overseas so that I can come over there after the money is transferred. The lawyer says we need a foreign account where the money will be received and I do not have any and cannot afford to open one from here. As the money overseas has not been legally made mine, I do not have access to the money yet. The lawyer has documents that will make the transfer of the money to you very easy. I am writing you to please help me receive this money. I promise to give you a negotiable percentage of the money and this percentage that you will get will be discussed when you have received this money from the fiduciary agent abroad. This was why I said I am making you a business proposition. I just hope you will not abscond with the money when you get it. Please help my daughters and me for this is our only lifeline in life.~ You are to reach me with this E-mail address if you want to help me <[deleted]@yahoo.co.uk> I will reveal to you further details when i hear from you. I expect to hear from you soonest.

Thank you.

Yours truly,

Mrs.Grace Ashaun.

=====================

Heart-wrenching, no? The Tsunami barely has a chance to dry, and we get this. This is a scam. This letter is akin to those letters from "barristers" in Nigeria trying to locate "next of kin" to people who died in a car accident leaving millions to be split with -- well, you.

I am posting this as an example of these things -- they are all over the place. Do not take the hook. Any time you get an e-mailed plea for help, usually because of some truly horrific and sad thing, and which promises you a cut of millions of dollars, realize it is a fraud.

Similarly, any time you get alarming messages from your bank via e-mail, realize that it is not your bank, really, but someone trying to scam you. I mentioned this before, but these are truly alarming, and the warning bears repeating.

Other types of bogus e-mails include hoaxes -- someone sends an alarming message saying, for example, that there is this truly horrific e-mail virus that is being spread that can't be detected by anti-virus software, and that you should delete such-and-such files, and forward the alarming message to all of your friends and family.

Another hoax is an alarming e-mail about some social injustice and that we need to bombard someone's e-mail address with protests about how rotten this injustice is. Usually, the injustice is not real, or is disrelated to the person being emailed. The person being bombed by e-mail is probably the ex-girlfriend who dumped the loser that started the hoax.

The common denominator to these is "alarming e-mails." When you get an alarming e-mail, one that seems odd or hard to imagine or improbably profitable, it is virtually always a fraud or scam.

Caveat surfer - Let the web surfer (and e-mailer) beware!

Tuesday, February 08, 2005

Google Maps Beta

Google has a new web map system, rivaling Mapquest, etc. Very, very cool stuff. Rather than listen to me talk about it, give it a try.

Monday, February 07, 2005

Phishing and a New Risk

You need to be careful when using the internet. There is yet another problem that has reared its ugly head, because we are "not there yet."

Slashdot.org is a highly, highly technical website. Their motto is "News for Nerds. Stuff that Matters." That should be a clue that unless you are truly a nerd or have nerdish tendencies, you need to stay away. However, in an article today on slashdot.org, yet another exploit has been unearthed. Hackers can now create fake web addresses using an alternate code. This code looks like a normal address, but is actually referring to something else. The article uses Paypal as an example. The code "p&amp; #1072;ypal.com" in this "Punycode" International Domain Name format is not the same as "paypal.com" in the normal code (UTF 8, or Unicode Transformation Format). This code "Punycode" form is shown on the screen normally, i.e., as "paypal.com", but goes to an entirely different place.

Blah, blah, blah, you say? Well, yes, except that if a hacker can create a normal-looking web link to a fake Citicorp or Bank of America web site, then you are at serious risk. It enables "phishing", the practice by hackers of trying to fool you into giving them your passwords and other private information. They can make the fake site look just like the original, except that they are stealing from you.

What can you do? Basically, phishing is really a risk for dealing with financial web sites, or internet provider web sites. So, when you are going to your bank or ISP (Internet Service Provider) websites, type the address directly into your browser. Don't go there via a link in an email message, or a link on a web site.

And, as always, treat the internet with respect. Realize that the moment you connect to the 'net, you are strolling on the wrong side of the tracks.

Resources -- Gibson Research

Steve Gibson of Gibson Research's web site is a fount of information. He is technical, but thorough. "Shields Up" is his firewall tester -- he probes your computer (with your permission, of course), and then scares the heck out of you with what he finds. You will "get religion" when you use this.

This is a good reference.



Tuesday, February 01, 2005

E-mail Spoofing

E-Mail is a very untrustworthy medium for communications. There is no real security on it -- anyone can send a message and have it say it is from anyone else, like "gwbush@whitehouse.gov", for example. This is called "E-Mail Address Spoofing."

In your email program, you can say what your name is, what your e-mail address is, and the e-mail address that the reply to the e-mail goes to ("Reply-to" address). You can put there whatever you want.

I used one of my email accounts to show you how it works. I set up the e-mail account to say that I am "Sam Spade," and my e-mail address is "spade@privateeye.com", and the organization I represented is "Sam Spade, Private Eye." Then, I sent an e-mail to the "AskUncleMark" e-mail address at gmail.com. Here is what I got:

=======================

From: Sam Spade
To: AskUncleMark@gmail.com
Date: Tue, 01 Feb 2005 22:26:11 -0800
Subject: Test of spoofed email address

=======================
Hey, will you look at that! Sam Spade sent me an e-mail! Easy as that. Anyone can do it.

Each e-mail has "e-mail headers" that contain information about the e-mail. There is nothing in the e-mail headers that indicate my real e-mail address. Who I say I am is totally disconnected with my real e-mail address. Everything says I am Sam Spade from "Sam Spade, Private Eye." The only clue there is that all is not as it seems is that the message was received from "earthlink.net" instead of "privateeye.com" and you can see my internet address. You have to look hard to see it.

In real-world terms, it is like putting the wrong return address on a letter. You have no idea who really sent it.

Scammers and virus-writers take advantage of this weakness.

Scammers say that they are e-mailing you from your bank, and ask you to "fix a problem with your accounts," and redirect you to an official looking, but fake, web site that captures your login ID and password. They then have access to your real account. This is call "phishing" and is rampant.

Virus writers use email to spread their virus via email, by sending the virus to people in your address book, with spoofed from-lines taken from other people in your address book. So, if you have "Joe" and "Mary" in your address book, the virus will send the virus, using your account, to "Mary" with "Joe" in the from line, and vice-versa. This makes it virtually impossible to trace where the virus really came from, and jeopardizes the relationship between Mary and Joe.

Because of this, here are some guidelines when working with e-mail:

1. Never assume that the e-mail is really from who it says it is from. Be skeptical.

2. If a strange message is apparently from one of your friends, realize that they probably didn't send it. It is probably a virus-sent message.

3. Always, always, always assume that an e-mail asking for any login IDs, passwords, account PINs, or personal information is fake. If a bank has a problem with your accounts, they will either call you, or send you a real letter, or both. They will not e-mail you. Even if they do e-mail you, don't e-mail them back, call them, if you think there might be a problem.