Browser SSL

THREE PARAGRAHs – (Pasted below from url – http://www.darkreading.com/security/ ~ blah-etc)

Reguly’s survey found that while 83 percent of users check they’re using an SSL-secured session before entering their credit card information on a Website, only 41 percent do so when typing in their passwords. “It’s scary that people care so little about their passwords than they do about their credit card numbers,” he says. “You see surveys saying that anywhere from 30 to 60 percent of users are using the same password everywhere, so they’re probably using it for online banking, too.

Meanwhile, 51 percent of the survey respondents said they rely on browser error messages to alert them of flaws in Website security. And that’s not what browsers technically do, Reguly says. “That actually shocked me that over 50 percent said this,” he says. “This speaks to the misunderstanding people have about browsers [and SSL],” he says.

The challenge is that there’s no simple way to deploy SSL. “It’s not one click. It’s a multistep process that involves configuration, time, and effort, and most don’t want to invest that energy” to do it properly, he says.

The good oil

Normal traffic

There is a huge amount of background traffic on the internet. The majority of the alerts your personal firewall shows are normal background traffic. Nothing to worry about, nothing to notify anyone else of, nothing worth investigating.

Sam Spade Frequently Asked Questions http://samspade.org/d/faq/

fund transfer scam

Scamdex :: The Internet Scam Resource since 2003

The perpetrators of Advance Fee Fraud (AFF), known internationally as “419″ fraud after the section of the Nigerian penal code which addresses fraud schemes, ..

NEVER USE WESTERN UNION
If you need to send money to someone out of the country, think long and hard before you use Western Union. Especially if the person wants the money quickly, says he can’t accept PayPal or other online payment methods, and especially if it’s for a big ticket item. It’s not such a great deal if the laptop never turns up and your money is gone!

ZDNET – Guide to scareware

WHAT is scareware? – ZDNET article explains it well (small snips pasted below)

Basically, scareware, also known as rogueware or put in simple terms, fake security software, is a legitimately looking application that is delivered to the end user

This end user-friendly guide aims to educate the Internet user on what scareware is, the risks posed by installing it, how it looks like, its delivery channels, and most importantly, how to recognize, avoid and report it to the security community taking into consideration the fact that 99% of the current releases rely on social engineering tactics.

THE WIKIPEDIA DEFINITION: (Provides another perspective)

Scareware comprises several classes of scam software, often with limited or no benefit, sold to consumers via certain unethical marketing practices. The selling approach is designed[by whom?] to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware[who?] also use scareware tactics.

[My-Comment] – The Wikipedia goes on to say the following (Which is all true, and it makes me laugh – as I realise that I actually use some of this SORT of software – and in the begining – it would have been one of my favourite tools to gather info as an Internet newbie) WIKI PARAGRAH pasted below.

Some commentators[who?] also use the term “scareware” to describe software products that — while serving some desired purpose — also produce a lot of frivolous and alarming warnings or threat notices, most typically commercial firewall and registry cleaner software. This class of program tries to increase its perceived value by bombarding the user with constant warning messages that do not increase its effectiveness in any way.

Limited User Accounts (LUA)

READ – On the Micro$oft site – Full article about LUA;
Limited User accounts can protect your Windows XP computer when you browse the Web – Why use a Limited User Account? – ANSWER – Help reduce your vulnerability to malicious code.

GOOGLE: Limited User Account

Aaron Margosis’ “Non-Admin” and App-Compat WebLog – THIS resource provides useful information about running ‘elevated-priviledges’, without having to logout of the LUA – (This is an on-going topic of interest to me)

THIS COMMENT; Also very relevant here – QUESTION; Is Limited User Account enough? Not really… At the end, be careful: a standard LUA is really useful to avoid pc infections, but it is not enough by itself.

Circumventing Group Policy Settings

THIS; Post below is copied from Mark Russinovich’s technical blog

Group policy settings are an integral part of any Windows-based IT environment. If you’re a network administrator you use them to enforce corporate security and desktop management policy, and if you’re a user you’ve almost certainly been frustrated by the limitations imposed by those policies. Regardless of which you are, you should be aware that if the users in your network belong to the local administrator’s group they can get around policies any time they want.

Fravia – searchlores

Fravia passed away on Sunday, 3rd May 2009

Deeply saddened to learn today (Sunday 4th October 2009) the author of ‘searchlores‘ has passed away, many months ago now – and am surprised to be affected so much by this.

http://fravia.com/swansong.htm

Found out while reading / searching / sniffing around various technical – security based info – and came across http://blog.dkbza.org/ and this little post on his blog />>> post-permalink (<<< More links here)

http://www.searchlores.org/main.htm

Three Easy Rules to Beat Scam Artists

Another useful information resource in the same category http://www.hoax-slayer.com/

QUOTE – Taken from  the Russian-Brides.com.au website – You will have to follow the link below to read HOW the ‘Three-Easy-Rules’ work in full.

The wide spread of Internet dating in the last 10 years has created a new kind of scam artists – people who make Internet dating scams their profession. If you are new to the world of Internet Introduction it is easy to fall for the scams.

However, it is equally easy to avoid them if you know about typical ways these scams are usually performed.

RUSSIAN BRIDES has a very clear and simple policy on scammers. We run compulsory verification security checks on all women who apply to be included in our Photo Catalogue. We consequently publish only about 15% of all applications we receive.

Logical Fallacies

Logical Fallacies – (Defined well at atheism.about.com)

Fallacies are defects in an argument that cause it to be invalid, unsound, or weak. In a deductive argument, the existence of a fallacy means that the argument is not valid – even if the premises are true, the conclusion might still be false.

What version of Java is installed?

VISIT: http://www.javatester.org/version.html

Multiple copies of Java can be installed on a single computer, and, if you have more than one web browser, each one can use a different version of Java, or none at all, so be sure to test them all. Below are nine ways to determine the version of Java a web browser is using.

Note: The portion of Java that runs programs is referred to as the Java Virtual Machine (JVM) or Java Run-time Environment (JRE).

DOWNLOAD: Recommended Version 6 Update 16 – Java allows you to play online games, chat with people around the world, calculate your mortgage interest, and view images in 3D, just to name a few. It’s also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing.

AND; HERE is another url to TEST what version of Java is Installed; [TEST - Sytstem-X] Verifying Java Version *-THE-URL-* = http://www.java.com/en/download/installed.jsp

Oops! You don’t have the recommended Java installed.
Your Java version is Version 6 Update 11 – [AND; They insist on me having verion 16]

Never mind that it has been HAPPILY working since XMAS, without any problem. GRUMBLE – GRUMBLE – Ok, gues Id better update to the latest version of Java-16