After Zappos hack, how to protect yourself online

Another week, another computer security breach. Hackers broke into a Zappos server in Kentucky Sunday night, giving them access to personal records of 24 million Zappos customers -- which means if you've ever used the site, you're probably a victim too.
Actually, if you've ever been online, the chances are pretty good that some malevolent person has captured personal information about you and tried to break into your personal computer or credit card account.malware security.malware 
Although the criminals were after more than your shoe size, they apparently did not get full credit card numbers, but an investigation is underway. More disturbing, Zappos is owned by Amazon, which demonstrates that even the biggest online players are vulnerable to attack.malware .malware 
So what can you do to protect yourself? Here are some important reminders:
Use a Tough Password: Yes, we're always being reminded not to use the name of our pet snake or favorite fast food as a password, but who can remember 50 different passwords for all those Web sites that require registration? The best advice is to rotate through a series of passwords, changing them on a regular basis. But most important of all is to create one really difficult password and use it only for your e-mail account. malware .malware 
The reason is that many sites check password changes or send account access confirmations to e-mail accounts. If a hacker has access to your e-mail, he'll basically have access to everything from your bank account to your Amazon shopping cart. To make your e-mail password tough to crack use a mix of letters and numbers that's at least 8 characters long. And, no, combining Fluffy's name with your birthday does not count.malware .malware 
Get a Credit Report: You're entitled to get at least one free credit report a year, which will tell you if someone has opened a spurious credit card or loan in your name.[security]. You can also get a free report in many states if you've recently been turned down for a job (and who hasn't been rejected in this economy?[security].).[security]. These reports are absolutely free, so don't fall for that ad campaign that offers "free" reports but actually makes you pay. Just contact one of the three reporting companies--Equifax, Experian, or TransUnion -- yourself and get a truly free report. Better yet, put an annual reminder in your calendar so you don't forget next year.malware 
Update Your Software: Several recent online security studies report that over 90 percent of successful malware and hacking attacks are the result of consumers using old software. You don't have to buy new software to stem the threat. All you have to do is install the free updates. The reason is that most of these updates include security patches for known holes that hackers use to access systems. Patching all your programs can be about as much fun as white-knuckling it through a snow storm. Fortunately, hackers mainly target four popular programs, which you should update regularly: Java, Adobe Acrobat, Adobe Flash, and Microsoft's Internet Explorer.malware [security].
Get An Anti-virus Shot: It's true that if you're really careful, never use a social networking site, and never open a video or e-mail online, you can avoid viruses. The rest of us should use some sort of anti-virus software. There are free programs from reputable firms such as Avast and Bitdefender. Use one of their offerings.[security].
Don't Click That E-mail: Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such "official" e-mails are from hackers (for example, "We've had a security problem. Please change your password.[security]."). These fraudulent e-mails can be virtually indistinguishable from legitimate missives, including identical graphics, logos, and authentic looking return e-mail addresses.[security]. I recommend never clicking on links in such e-mails. Instead, open a separate browser window and go directly to, say, your bank's official site. If there's a important notice, you'll find it there.malware security.[security].
shttp://www.foxnews.com/scitech/2012/01/16/zappos-zapped-hackers-steal-info-from-24-millionusers/?intcmp=related

Read More

Denial Of Service (DoS) Attacks

A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-

1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it's commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.

2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)
When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.

3) SYN - Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems' memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.

4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.

5) Smurf Attack :- There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.
Smurf Attack Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services.

6) UDP - Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

Read More

How to remove a computer virus and spyware.

Symptoms that may be the result of ordinary Windows functions
A computer virus infection may cause the following problems:

    * Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
    * Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files.
    * The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.
    * The computer runs very slowly. Additionally, the computer takes longer than expected to start.
    * You receive out-of-memory error messages even though the computer has sufficient RAM.
    * New programs are installed incorrectly.
    * Windows spontaneously restarts unexpectedly.
    * Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur.
    * A disk utility such as Scandisk reports multiple serious disk errors.
    * A partition disappears.
    * The computer always stops responding when you try to use Microsoft Office products.
    * You cannot start Windows Task Manager.
    * Antivirus software indicates that a computer virus is present.

Symptoms of a computer virus

If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected:

    * The computer runs slower than usual.
    * The computer stops responding, or it locks up frequently.
    * The computer crashes, and then it restarts every few minutes.
    * The computer restarts on its own. Additionally, the computer does not run as usual.
    * Applications on the computer do not work correctly.
    * Disks or disk drives are inaccessible.
    * You cannot print items correctly.
    * You see unusual error messages.
    * You see distorted menus and dialog boxes.
    * There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
    * An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
    * An antivirus program cannot be installed on the computer, or the antivirus program will not run.
    * New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
    * Strange sounds or music plays from the speakers unexpectedly.
    * A program disappears from the computer even though you did not intentionally remove the program.

Note These are common signs of infection. However, these signs may also be caused by hardware or software problems that have nothing to do with a computer virus. Unless you run the Microsoft Malicious Software Removal Tool, and then you install industry-standard, up-to-date antivirus software on your computer, you cannot be certain whether a computer is infected with a computer virus or not.

Symptoms of worms and trojan horse viruses in e-mail messages
When a computer virus infects e-mail messages or infects other files on a computer, you may notice the following symptoms:

    * The infected file may make copies of itself. This behavior may use up all the free space on the hard disk.
    * A copy of the infected file may be sent to all the addresses in an e-mail address list.
    * The computer virus may reformat the hard disk. This behavior will delete files and programs.
    * The computer virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from the computer.
    * The computer virus may reduce security. This could enable intruders to remotely access the computer or the network.
    * You receive an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs.
    * Someone tells you that they have recently received e-mail messages from you that contained attached files that you did not send. The files that are attached to the e-mail messages have extensions such as .exe, .bat, .scr, and .vbs extensions.

What is Spyware?
Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track internet searching habits and possibly redirect web site activity. 
Symptoms of Spyware
When a computer becomes affected by Spyware, the following may result:

    * Slow internet connection.
    * Changing your web browser’s home page.
    * Loss of internet connectivity.
    * Failure to open some programs, including security software.
    * Unable to visit specific websites, which may include redirecting you to another one.
How to remove a computer virus and spyware.
Even for an expert, removing a computer virus or spyware can be a difficult task without the help of computer malicious software removal tools. Some computer viruses and other unwanted softwarereinstall themselves after the viruses and spyware have been detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.

To remove a computer virus and other malicious software, follow these steps:

Install the latest updates from Microsoft Update:

   1. For Windows Vista and Windows 7:
         1. Click the Pearl (Start) button, then type Windows Update in the search box.
         2. In the results area, click Windows Update.
         3. Click Check for Updates.
         4. Follow the instructions to download and install the latest Windows Updates.
   2. For Windows XP:
         1. Click Start, then click Run.
         2. Click the Automatic Updates tab and hoose the Automatic (recommended) option.
         3. Click OK.

Read More

Cross site scripting

Cross site script is most common web attack.it basically attacks on application layer of web.
.its basically hits html and javascipt.
  cross site scripting arises when web application take data from form of site and include in it
web page without properly validating the data.XSS vulnerabilities allow an attackers to execute arbitrary commands and display arbitrary content in a victim users browsers. when XSS attacks became a successful attack it take control of victim browser or victim web application.  the potency of an XSS attack lies in the fact that thr malicious code executes in the context of the victim's session,allowing the attackers to bypass normal security restriction

Types of Cross Site Scripting Attacks :-

Reflective Cross Site  Scripting :-
 
In this XSS attacks attacker send the victim a misleading mail with the link containing malicious
javascript,if the victim click the link ,the http request is intiated  from the victim browsers
 and sent to the vulnerable web application.Thw malicious javascript is then reflected back to the victim's browsers,where it is executed int the
context of  of victim users session
 
Persistent Xss

Consider a Web application that allows users to enter a user name which is displayed on each user’s profile page. The application stores each user name in a local database. A malicious user notices that the Web application fails to sanitize the user name field and inputs malicious JavaScript code as part of their user name. When other users view the attacker’s profile page, the malicious code automatically executes in the context of their session.

 

Read More

Cyber Security

As we know we are leaving in cyber world where technology and internet provide lot of benefits with huge dangers aspect.cyber world serves equally to both hackers and crackers.
It also provide lot of way of security hence we need to take precautions to protect(secure) yourself online.

 What are some warnings to remember or some security tips to use?

    Don't trust candy from strangers - Finding something on the internet does not guarantee that it is true.or secure or it will full fill all security criteria 

Anyone can publish information online without checking it is secure(security) or not , so before accepting a statement as fact or taking action, verify that the source is reliable.or secure 

It is also easy for attackers to "spoof" email addresses, so verify that an email is legitimate before opening an unexpected email attachment or responding to a request for personal information 
If it sounds too good to be true, it probably is - You have probably seen many emails promising fantastic rewards or monetary gifts. However, regardless of what the email claims, there are not any wealthy strangers desperate to send you money. Beware of grand promises—they are most likely spam, hoaxes, or phishing schemes . Also be wary of pop-up windows and advertisements for free downloadable software—they may be disguising spyware.    
Don't advertise that you are away from home - Some email accounts, especially within an organization, offer a feature (called an autoresponder)
that allows you to create an "away" message if you are going to be away from your email for an extended period of time. The message is automatically
sent to anyone who emails you while the autoresponder is enabled. While this is a helpful feature for letting your contacts know that you will not be
able to respond right away, be careful how you phrase your message. You do not want to let potential attackers know that you are not home, or, worse, give specific details about your location and itinerary. Safer options include phrases such as "I will not have access to email between [date] and [date].
" If possible, also restrict the recipients of the message to people within your organization or in your address book. If your away message replies to spam, it only confirms that your email account is active. This may increase the amount of spam you receive  Lock up your valuables - If an attacker is able to access or breaches your cesurity, your personal data, he or she may be able to compromise or steal the information.
Take steps to secure this information by following good security practices
 Some of the most basic precautions or security include locking your computer when you step away; using firewalls, anti-virus software, and strong passwords security ; installing appropriate software security updates; and taking precautions or security when browsing or using email.
 Have a backup plan - Since your information could be lost or compromised (due to an equipment malfunction, an error, or an attack),
 make regular backups of your information so that you still have clean, complete copies
Backups also help you identify what has been changed or lost.

Read More

Cyber law or It act of India

Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable .Today sintuhack will explian some fact about cyber case (sintuhack). The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities.(sintuhack)


The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Let’s have an overview of the law where it takes a firm stand and has got successful in the reason for which it was framed.(sintuhack)

1. The E-commerce industry carries out its business via transactions and communications done through electronic records . It thus becomes essential that such transactions be made legal . Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature.(sintuhack)

2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India . This implies that e-mails can be duly produced and approved in a court of law , thus can be a regarded as substantial document to carry out legal proceedings.(sintuhack)

3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates.

4. The Act now allows Government to issue notification on the web thus heralding e-governance.(sintuhack)

5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates.(sintuhack)

6. The act also provides statutory remedy to the coporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000).(sintuhack)

7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal.(sintuhack)

8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis.(sintuhack)

The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like:(sintuhack)

1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesn’t talk of the rights and liabilities of domain name holders , the first step of entering into the e-commerce.(sintuhack)
2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commerce in India . It leads to make the banking and financial sectors irresolute in their stands .(sintuhack)(sintuhack)
3. The act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potential harassment at the hands of the DSP.(sintuhack)
4. Internet is a borderless medium ; it spreads to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secured once this law is enforced in the nation??(sintuhack)

The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all over the world at the same time???(sintuhack)

* The IT Act is silent on filming anyone’s personal actions in public and then distributing it electronically. It holds ISPs (Internet Service Providers) responsible for third party data and information, unless contravention is committed without their knowledge or unless the ISP has undertaken due diligence to prevent the contravention .(sintuhack)
* For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the ‘therapeutic masseurs’ hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rackets but then it is not sure of the action it can take…should it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP to monitor what information their subscribers are sending out, all 24 hours a day.(sintuhack)

Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan .(sintuhack)

But can the cyber laws of the country be regarded as sufficient and secure enough to provide a strong platform to the country’s e-commerce industry for which they were meant?? India has failed to keep in pace with the world in this respect, and the consequence is not far enough from our sight; most of the big customers of India ’s outsourcing company have started to re-think of carrying out their business in India .Bajaj’s case has given the strongest blow in this respect and have broken India ’s share in outsourcing market as a leader.(sintuhack)

If India doesn’t want to loose its position and wishes to stay as the world’s leader forever in outsourcing market, it needs to take fast but intelligent steps to cover the glaring loopholes of the Act, or else the day is not far when the scenario of India ruling the world’s outsourcing market will stay alive in the dreams only as it will be overtaken by its competitors.sintuhack,sintuhack,sintuhack,sintuhack,sintuhack,sintuhack,sintuhack,sintuhack

Read More

Pharming Security

PHARMING-- BY request of one my reader,i am trying to explain what is Pharming.Due to short of time i cant explain all about pharming.
Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.


If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates.


For example, in January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name.


Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage.

Read More

Computer Hackers and Predators

How computer hackers and predators are threat for your computer security?

People with bad mind, not the computers, create computer threats. Computer predators victimize unaware people for their gain.  A predator having access to the Internet is exponentially bigger threat to your PC than the others. Computer hackers and predators are unauthorized users who break into others computer systems to steal, change or destroy valuable information, often by installing dangerous and harmful malware without your knowledge. The use of clever tactics and detailed technical knowledge help them to access the information you really don’t want to let them know.
What computer hackers and predators do to find you?
Everyone who uses a computer with a Internet connection is susceptible by the threats of computer hackers and predators. These online demons mainly use spam emails or instant messages, phishing scams, and bogus Web sites (fake or duplicate webpage which almost look like the original) to deliver dangerous and harmful malware to the computer and disable your computer security. They will also try to access your computer and thus your private information directly if you had not taken protection by configuring your firewall. They can also peruse your personal Web page or monitor your chat room conversations. Generally by using a fake identity, predators can fool you and make you into revealing sensitive personal and financial information.
Be aware: computer hackers and predators can do the following things to you.
With the help of malware transmitted by the hacker, he can get your personal as well as financial information without your knowledge. Then he can use this information for his benefit and it will harm you in the aspect of loss of money as well as private information and data. In either case, they may:
•    Know your usernames and passwords and will change it or use it according to him.
•    Using your info they can open credit card and bank accounts in your name
•    Steal your money and Ruin your credit
•    additional credit cards  or Request new account Personal Identification Numbers (PINs) o
•    Make purchases form offline stores.
•    Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
•    Obtain cash advances from your credit card
•     Abuse your Social Security number
•    Sell your information to such person who will use it for illegal purposes
Especially predators can pose a serious physical threat. Be extremely cautious when agreeing to meet an online “friend” or acquaintance in person.
Ways to know that are you in the net or not?
Regularly check the accuracy of your personal accounts, credit cards bills and other documents. Are there any unexplained transactions?
Questionable or unauthorized changes?
 If so, the dangerous and harmful malware is already installed by predators or hackers in your computer.
What can I do about computer hackers and predators?
Read as much as possible about the articles on computer security threats on this blog and increase our knowledge about this. Although Hackers and predators pose equally serious and but very different threats you will wiser enough to avoid their tricks.
To protect your computer from hackers and predators:
•    Regularly check the accuracy of your personal accounts and deal with any discrepancies instantly.
•    Use extreme caution when entering any chat rooms or posting on personal Web pages
•    Put a limit on the personal information you post on a personal Web pages
•    Carefully monitor requests  on social networking sites by online “friends” or acquaintances for predatory behavior
•    Keep personal and financial information out of any type of online conversations
Take these steps to protect your computer from hackers right away:
•    Switch to 2 way firewall.
•    Update your operating system on regular basis.
•    Increase your browser security settings.
•    Only download software from trusted sites you trust.
•    First carefully evaluate free software then use and do same in the case of file-sharing applications before downloading them.
•    Practice safe email protocol.
•    Don't respond messages from unknown senders, even don’t open it.
•    Immediately delete messages you suspect to be spam.
•    Make sure that you have the best internet security products installed on your computer.
•    Always use antivirus protection
•    Also Get antispyware software protection
An unprotected computer is a like a free gift for computer hackers and predators. To protect your computer from hackers and predators also use a spam filter or gateway to scan inbound email or IM messages. While free anti-spyware and antivirus downloads are widely available, they just can’t keep up with the continuous onslaught of new malware strains due to their limited functionality. Previously undetected forms of malware can often do the most damage, so it’s necessary to have up-to-the-minute updated and guaranteed protection.

Read More

computer security

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).
   Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.

Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

Read More

Document Viruses

Document or “macro” viruses take advantage of macros – commands that are embedded in fi les and run automatically.

Many applications, such as word processing and spreadsheet programs, use macros.
A macro virus is a macro program that can copy itself and spread from one file to
another. If you open a file that contains a macro virus, the virus copies itself into the
application’s startup files. The computer is now infected.

When you next open a file using the same application, the virus infects that file. If your
computer is on a network, the infection can spread rapidly: when you send an infected
file to someone else, they can become infected too. A malicious macro can also make
changes to your documents or settings.

Macro viruses infect files used in most offices and some can infect several file types,
such as Word and Excel files. They can also spread to any platform on which their host
application runs.

Macro viruses first appeared in the mid-1990s and rapidly became the most serious
virus threat of that time. Few viruses of this type are seen now

Read More

Computer Security Threats

We are living in a digital world, were computers are not just an ordinary thing anymore but a “necessity” to our everyday lives. Most of us only knew a little about computer security threats, the most common were “virus” and “worm”. But did you know that there are 34 different types of Computer Security Threats? A lot huh? You’ll know more about them below, so keep reading and i hope that you’ll be more cautious and knowledgeable in using your computer.

1. Adware

Adware is software that displays advertisements on your computer.

Adware, or advertising-supported software, displays advertising banners or pop-ups on
your computer when you use the application. This is not necessarily a bad thing. Such
advertising can fund the development of useful software, which is then distributed free
(for example, the Opera web browser).

However, adware becomes a problem if it:

• installs itself on your computer without your consent
• installs itself in applications other than the one it came with and displays advertising
  when you use those applications
• hijacks your web browser in order to display more ads (see Browser hijackers)
• gathers data on your web browsing without your consent and sends it to others via
  the internet (see Spyware)
• is designed to be difficult to uninstall.

Adware can slow down your PC. It can also slow down your internet connection by
downloading advertisements. Sometimes programming flaws in the adware can make
your computer unstable.

Advertising pop-ups can also distract you and waste your time if they have to be closed
before you can continue using your PC.

Some anti-virus programs detect adware and report it as “potentially unwanted
applications”. You can then either authorize the adware program or remove it from the
computer. There are also dedicated programs for detecting adware.

THIS IS FIRST COMUTER SECURITY THREAT,I WILL POST ALL 34 COMUTER SECURITY THREAT ONE BY ONE,DUE TO CRISIS OF TIME I CANT POST ALL AT ONCE SO KEEP TOUCH WITH THIS BLOG,THIS IS MY PROMISE TO ALL OF YOU,I WILL COLLECT ALL RELEVANT INFORMATION ABOUT COMPUTER SECURITY THREAT FOR YOU.

UP COMING POST ON--- Backdoor Trojans.SECURITY THREAT.WITH BEST WAY TO SAVE YOUR COMPUTER

Read More

Hardware Security

Security should be intertwined with every part of system; the hardware is no exception. The interaction between hardware and software must be carefully planned. In doing so, the security of the entire system is strengthened.

Trusted Computing

Systems rely on Operating Systems and hardware. This collection of components comprises the core of the Trusted Computing Base (TCB). Systems fundamentally trust all actions that take place within the TCB. As Operating Systems become increasingly more complex, they are prone to faults and vulnerabilities. Hence, researchers seek to shrink the TCB.
Recently, a consortium gathered to create an open trusted framework. The Trusted Computing Group'sTrusted Platform Module (TPM) has received much attention. While vendors such as Dell have announced the deployment of TPMs, privacy concerns remain. Such concerns must be addressed before wide-spread acceptance occurs. (TCG)
Our current research efforts aim to discover novel uses for the TPM while maintaining the privacy of users.

Securing Non-Volatile Main Memory

We propose a Memory Encryption Control Unit (MECU) to address the vulnerabilities introduced by non-volatile memories. The MECU encrypts all memory transfers between the level 2 cache and main memory. The keys used to encrypt memory blocks are derived from secret information present on removable authentication tokens, e.g., smart card, or other similar secure storage devices. This provides protection against physical attacks in absence of the token.
We evaluated a MECU-enhanced architecture using the SimpleScalar hardware simulation framework on several hardware benchmarks. The performance analysis shows that we can secure non-volatile memories with minimal overhead---the majority of memory accesses are delayed by less than 1 ns, with limited degradation subsiding within 67 us of a system resume. In effect, we provide zero-cost steady state confidentiality for main memory

Read More

Internet Security

                        Tips for browsing internet safely
The concern for internet safety is a global phenomenon, mostly for those who are new-fangled to internet. While the prevalence of social networking websites, online communities and internet-enabled processes should be great news for individual, corporate and government users, the concern for safety remains a major source of concern. The 21st century is the age of computers and World Wide Web. Everyone starting from child to old is accustomed with web browsing. But the question arises how much we are safe on the internet? Hackers and malicious software is a great threat to our individual online privacy. So we need to protect our self from these dangerous aspects of internet. Following are some steps that can ensure a safe browsing practice. 
 1–Use Common Sense 
 To browse the internet safely, it’s best if you do so by using common sense. Do not click on advertisements that may harm your computer, and stay away from sites that promise “free” items, cash or other services simply by entering your personal information. Just because a website looks official, this does not mean that it can’t harm your computer.
2 – Use a Firewall 
 To improve the safety of your internet browsing, it’s highly recommended that you install some high-quality firewall software. Having a firewall can help prevent programs from infiltrating your computer, and may also protect against some hackers or internet criminals.
3- Use Strong Passwords
 Ensure data security by using strong passwords for your online accounts and your system files. Do not use your name or birth date as a password since they are easy to crack. Instead, use a password that contains alphanumeric characters and is at least eight characters long. Also, do not store passwords on your system. If remembering all your passwords is difficult, use a password manager program to organize and manage your passwords.
 4- Install Antivirus and Antispyware Tools 
 Use an antivirus and an antispyware tool to keep your system protected from malicious programs, such as viruses, worms, adware, and spyware. Configure these tools to perform regular full system scans on your computer.
5 – Be Aware 
When other people are using your computer, it’s best if you supervise their activities. Even if a friend asks to check their email, its best if you have them login under a other account that you have created for others to use. Having a Guest account on your computer enables you to allow others to use your computer without having to worry about them installing potentially malicious software. When creating a Guest account, disable sharing of important files on your computer. In addition to this, you should always make sure that any sensitive files are password-protected. Don’t load non-essential programs off the Internet, especially things like toolbars, screensavers, or video programs. These programs normally install extra, malicious software that causes problems and often requires a repair to remove effectively. Don’t click on anything in a pop-up and unsolicited links received in email, instant messages, or chat rooms, as it might install malware.
6- Do Not Open Attachments from Unsolicited Emails
Attachments that come with unwanted emails can contain malicious programs, such as viruses and worms. These malicious programs often cause severe damage to your system. Therefore, it is best that you straight away delete any unwanted emails you receive. You must also scan the attachments that you obtain from known sources before opening them.
7- Lock icon in the browser doesn’t means it’s secure
When the lock icon appears in the browser, many of us believe we are opening a secure site. This is because the lock icon indicates there is an SSL encrypted connection between the browser and the server to protect the personal sensitive information. However, it does not present any security from malware. In fact, it’s the reverse because most Web security products are totally blind to encrypted connections: it’s the perfect vehicle for malware to penetrate a machine. There have been many cases where hackers emulate bank, credit card sites complete with spoofed SSL certificates that are difficult for a user to identify as deceptive. So keep away from the unknown site which shows lock icon.
8- Keep your Operating System, Software, and Drivers Up-To-Date     

Read More

Email Security...some Basic point

In today’s electronic world, email is critical to any business being competitive. In most cases it now forms the backbone of most organisations’ day-to-day activities, and its use will continue to grow. According to the The Radicati Group’s study, “Microsoft Exchange and Outlook Analysis, 2005-2009,” the worldwide email market will grow from 1.2 billion mailboxes in 2005 to 1.8 billion mailboxes in 2009.[sintuhack]
As email becomes more prevalent in the market, the importance of email security becomes more significant. In particular, the security implications associated with the management of email storage, policy enforcement, auditing, archiving and data recovery. Managing large, active stores of information takes time and effort in order to avoid failures – failures that will impact the users and therefore the business, undoubtedly leading to lost productivity. For secure and effective storage management, organisations must take a proactive approach and invest wisely in a comprehensive solution.When considering a secure email storage management solution, a layered approach, combining both business processes and applications makes sense. By considering the service email provides to the business, email management can be broken down into a number of components: mail flow, storage, and user access – both at the server and user levels. Whilst each one of these components should be addressed separately, they must be viewed as part of a total security agenda.[sintuhack]
Mail flow can encompass many aspects of an email system. However, the security of mail flow is for the large part focused around the auditing and tracking of mails into and out of the organisation. Monitoring the content and ensuring that any email that has been sent and received complies with business policy is fundamental.[sintuhack].Proving who has sent or received email is a lawful requirement for many industries and email can often be used as evidence in fraud and human resource court cases.[sintuhack],Another key aspect of the management of mail flow security is the protection of the business from malicious or unlawful attacks. It is at the gateway into the mail system where a business must protect itself via a variety of methods including hardware and software protection systems, such as spam filters and virus scanner[sintuhack].

Read More

Bluesnarfing:Mobile Security Breach

Bluesnarfing refers to a the method in which one has gained access to data, which is stored on a Bluetooth enabled phone of other people. Literally Bluesnarfing can be described as unauthorized access of information from a wireless device through a Bluetooth connection. The level of access depends from case to case, but, in general, it involves pretty much anything that's stored on the user's mobile device. Bluesnarfing allows the using person to make phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet. he can also download the material in his mobile from the victim mobile. The good news is, bluesnarfing requires advanced equipment and much advanace expertise In this field. As bluejacking can be done at the range of 10 meters, in bluesnarfing the intruder must be present within a 30 ft. range. If the phone is in non-discoverable mode, then its not true that you cant be a victim of this. Its adds only some problem and makes it little bit more difficult for intruders to bluesnarf your phone. It can be possible from phone and laptop both to bluesnarf a mobile. By just using some bluesnarfing tools (Bluesnarfer, Blooover) on mobile phone or laptop, anyone can detect and access those vulnerable mobile phones to view and download entire phonebook, calendar, real time clock, business card and other important private data without alerting the phone owner(you).

There's little info on whether Bluesnarfing is possible without the targeted phone being paired with the computer running the aforementioned software application, but anyone cannot completely rule out this possibility, either.

So that’s all about bluesnarfing. Wait till next post to know about other mobile security breach methods………….

Read More

HOW YOU CAN IMPROVE A SECURITY OF INTERNET EXPLORER

There is no question that Internet Explorer is the most popular web browser in the world, but with great popularity comes great responsibility. Since one program is used by approximately 75 percent of the world to browse the web, you are forced to deal with the majority of the world’s hackers who are all trying to break down your defenses. Luckily, there are certain things you can do to improve the security of Internet Explorer so you don’t fall victim to the same problems that have already infected millions of computers already.

These days, most Windows Vista systems are set to automatically download updates from the Microsoft website, but for those that aren’t and for those folks still running Windows XP, you need to make a weekly pilgrimage to the Microsoft website via the “Windows Update” feature to download the latest updates that can keep you and your computer safe. As quickly as hackers can discover and exploit a new vulnerability in Internet Explorer, there are teams of Microsoft technicians working hard to close that loophole. It is only with regular updates that you are able to put those fixes to good use. Good Internet Explorer security means staying on top of security updates at all costs.

Next, you can help improve Internet Explorer security by watching where you surf. Part of the fun of the Internet is exploring new websites, but some websites are like traps that wait for Internet Explorer browsers to visit them so that they can try to infiltrate your machine. Your virus protection software should alert you if a website attempts to access your computer or change any of your settings. Your machine may lock up or freeze so that you can’t close the browser window. Once you regain control, run an immediate virus scan and never revisit that website. Many adult websites and hacker/peer-to-peer sharing websites feature these types of traps.

One of the most popular features in web browsers is the ability to add on toolbars and extra features that run along side the stand alone browser. As useful as these programs can be, they are often doorways for other programs to install themselves on your machine. You can download one toolbar and before you know it, you have a dozen different bars installed and you can’t see a thing. If you want to install a toolbar to give Internet Explorer extra functionality, make sure you do some research first to find out which toolbars live up to the hype and which ones are simply gateways to viruses and Trojans. You would be surprised how much you can improve Internet Explorer security by simply watching what add ons you use.

Finally, you can improve Internet Explorer security by simply getting to know the usual behavior of your browser. If you suddenly notice that web pages are taking significantly longer to load than they did a little bit ago, something might be wrong. Get to know what the usual pop up windows that come with your browser look like, so when a website attempts to get you to click on a box, you’ll know if you should or not. When it comes to Internet Explorer security, a good portion of the battle is common sense and not falling for traps set by hackers.

Read More

The 25 Most Common Mistakes in Email Security

25 tips to bring newbie Internet users up to speed so they stop comprimising your network security.
I still remember receiving my first phishing email in my AOL account. I had won the AOL lottery! As good as it sounded, I was skeptical at best. So without much thought, I opened the email and clicked on the link inside to check if I truly was a millionaire after all. Almost instantly, my computer crashed, and with each subsequent restart would crash again.
Countless computer crashes and thousands of spam emails later, I had learned the lesson that just opening spam email can bring harm to my computer. Unfortunately there are a whole host of traps and errors that catch new email users just because "they didn't know any better".
In this article we focus on 25 of the most common and easy to fix mistakes that people make when it comes to email security. We've designed this article with the new internet user in mind, so if you're an email expert, you may want to pass this along to your novice friends.
HERE I AM GOING TO EXPLAIN SOME POINT WHERE COMMON USER IS USEDT TO TRAPPED BY HACKERS/PHISHERS------

1. Properly managing your email accounts
2. Emailing the right people
3. Making backups and keeping records
4. Avoiding fraudulent email
5. Avoiding malware
6. Keeping hackers at bay

Properly managing your email accounts

1. Using just one email account.

Individuals new to email often think about their email account like they do their home address, you only have one home address, so you should only have one email. Instead, you should think about your email address like you do your keys; while it may be OK to use the same key for your front and your back door, having a single key open everything is both impractical and unsafe.

A good rule of thumb for the average email user is to keep a minimum of three email accounts. Your work account should be used exclusively for work-related conversations. Your second email account should be used for personal conversations and contacts, and your third email account should be used as a general catch-all for all hazardous behavior. That means that you should always sign up for newsletters and contests only through your third email account. Similarly, if you have to post your email account online, such as for your personal blog, you should only use your third email account (and post a web friendly form of it at that).

While your first and second email accounts can be paid or freebie, your third 'catch-all' account should always be a freebie account such as those offered by Gmail or Yahoo!. You should plan on having to dump and change out this account every six months, as the catch-all account will eventually become spammed when a newsletter manager decides to sell your name or a spammer steals your email address off a Web site.

2. Holding onto spammed-out accounts too long.

It is simply a fact of life that email accounts will accumulate spam over time. This is especially true of the account you use to sign up for newsletters and that you post online (which as stated above should not be your main email account). When this happens, it is best to simply dump the email account and start afresh. Unfortunately, however, many new email users get very attached to their email accounts and instead just wade through dozens of pieces of spam every day. To avoid the problem, prepare yourself mentally ahead of time for the idea that you will have to dump your 'catch all' account every six months.

3. Not closing the browser after logging out.

When you are checking your email at a library or cybercafé you not only need to log out of your email when you are done, but you also need to make sure to close the browser window completely. Some email services display your username (but not your password) even after you have logged out. While the service does this for your convenience, it compromises your email security.

4. Forgetting to delete browser cache, history and passwords.

After using a public terminal, it is important that you remember to delete the browser cache, history, and passwords. Most browsers automatically keep track of all the web pages that you have visited, and some keep track of any passwords and personal information that you enter in order to help you fill out similar forms in the future.

If this information falls into the wrong hands, it can lead to identity theft and stolen bank and email information. Because the stakes are so high, it is important that new internet users be aware of how to clear a public computers browser cache so that they can delete private information before lurking hackers can get a hold of it.

For those of you using Mozilla's Firefox, simply press Ctrl+Shift+Del. Opera users need go to Tools>>Delete Private Data. And users of Microsoft's Internet Explorer need to go to Tools>>Internet Options then click the 'Clear History', 'Delete Cookies', and 'Delete Files' buttons.



5. Using unsecure email accounts to send and receive sensitive corporate information.

Large corporations invest huge amounts of money to ensure that their computer networks and email remain secure. Despite their efforts, careless employees using personal email accounts to conduct company business and pass along sensitive data can undermine the security measures in place. So make sure that you don't risk your company's security, and your job, by transmitting sensitive company data via your own personal computer or email address.

6. Forgetting the telephone option

One of the most important lessons about email security is that no matter how many steps you take to secure your email, it will never be foolproof. This is never truer than when using a public computer. So unless you need a written record of something or are communicating across the globe, consider whether a simple phone call rather than an email is a better option. While a phone conversation may require a few extra minutes, when compared with accessing email through a public computer, a phone call is a far more secure option and it does not leave a paper trail.

Emailing the right people

7. Not using the Blind Carbon Copy (BCC) option.

When you put a person's email addresses in the BCC: rather than the CC: window, none of the recipients can see the addresses of the other email recipients.

New email users often rely too much on the TO: because it is the default way of sending emails. That is fine as long as you are writing to just one person or a few family members. But if you are sending mail out to a diverse group of people, confusing BCC: and CC: raises some serious privacy and security concerns. It takes just one spammer to get a hold of the email and immediately everyone on your email list gets spammed.

Even if the honesty of the group isn't in question, many email programs are setup to automatically add to the address books any incoming email addresses. That means that some people in the group will inadvertently have added the entire list to their address book, and as a result, if one of their computers is infected with "Zombie" malware and silently sends out spam emails, you will have just caused the entire list to get spammed.

8. Being trigger happy with the "Reply All" button.

Sometimes the mistake isn't in deciding between CC: and BCC: but between hitting Reply All instead of Reply. When you hit Reply All, your email message is sent to everyone included on the original email, and if you didn't intend to include them, the information can be disastrous from both a security and personal humiliation perspective:

Example 1: "A very successful salesman at our networking company had a large email address book filled with his best customers, including some very important and conservative government contacts. With a single click, he accidentally sent a file chock-full of his favorite pornographic cartoons and jokes to everyone on his special customer list. His subject line: 'Special deals for my best customers!' Needless to say, he's cutting deals for another company these days."

Example 2: "A woman was in torment over a busted romance. She wrote a lengthy, detailed message to a girlfriend, adding that her ex-boyfriend preferred men to women. But instead of hitting Reply to a previous message from her girlfriend, she hit Reply All. Her secret was sent to dozens of people she didn't even know (including me), plus the aforementioned ex and his new boyfriend. As if that weren't bad enough, she did this two more times in quick succession!

9. Spamming as a result of forwarding email.

Forwarding emails can be a great way to quickly bring someone up to speed on a subject without having to write up a summary email, but if you aren't careful, forwarding emails can create a significant security threat for yourself and the earlier recipients of the email. As an email is forwarded, the recipients of the mail (until that point in time) are automatically listed in the body of the email. As the chain keeps moving forward, more and more recipient ids are placed on the list.

Unfortunately, if a spammer or someone just looking to make a quick buck gets a hold of the email, they can then sell the entire list of email ids and then everyone will start to get spammed. It only takes a few seconds to delete all the previous recipient ids before forwarding a piece of mail, and it can avoid the terrible situation of you being the cause of all your friends or coworkers getting spammed.

Making backups and keeping records

10. Failing to back up emails.

Emails are not just for idle chatting, but can also be used to make legally binding contracts, major financial decisions, and conduct professional meetings. Just as you would keep a hard copy of other important business and personal documents, it is important that you regularly back up your email to preserve a record if your email client crashes and loses data (It happened to Gmail as recently as December 2006).

Thankfully, most email providers make it rather simple to back up your email by allowing you to export emails to a particular folder and then just creating a copy of the folder and storing it onto a writeable CD, DVD, removable disk, or any other type of media. If that simple exporting process sounds too complicated, you can just buy automated backup software that will take care of the whole thing for you. Whether you purchase the software or decide to back up manually, it is important that you make and follow a regular backup schedule, as this is the sort of thing that new email users tend to just put off. The frequency of backups necessary for you will of course depend on your email usage, but under no circumstances should it be done less frequently than every 3 months.

11. Mobile access: Presuming a backup exists.

Mobile email access, such as through BlackBerry, has revolutionized the way we think about email; no longer is it tied to a PC, but rather it can be checked on-the-go anywhere. Most new BlackBerry users simply assume that a copy of the emails they check and delete off the BlackBerry will still be available on their home or office computer.

It is important to keep in mind, however, that some email servers and client software download emails to the Blackberry device and then delete them from the server. Thus, for some mobile email access devices, if you delete it from the device, you have deleted it from your Inbox.

Just be aware of the default settings of your email client and make sure that if you want a copy of the email retained, you have adjusted the email client's settings to make it happen. And preferably make sure of this before you decide to delete that important email.

12. Thinking that an erased email is gone forever.

We've all sent an embarrassing or unfortunate email and sighed relief when it was finally deleted, thinking the whole episode was behind us. Think again. Just because you delete an email message from your inbox and the sender deletes it from their 'Sent' inbox, does not mean that the email is lost forever. In fact, messages that are deleted often still exist in backup folders on remote servers for years, and can be retrieved by skilled professionals.

So start to think of what you write in an email as a permanent document. Be careful about what you put into writing, because it can come back to haunt you many years after you assumed it was gone forever.

Avoiding fraudulent email

13. Believing you won the lottery … and other scam titles.

Spammers use a wide variety of clever titles to get you to open emails which they fill with all sorts of bad things. New email users often make the mistake of opening these emails. So in an effort to bring you up to speed, let me tell you quickly:

* You have not won the Irish Lotto, the Yahoo Lottery, or any other big cash prize.
* There is no actual Nigerian King or Prince trying to send you $10 million.
* Your Bank Account Details do not need to be reconfirmed immediately.
* You do not have an unclaimed inheritance.
* You never actually sent that "Returned Mail".
* The News Headline email is not just someone informing you about the daily news.
* You have not won an iPod Nano.

14. Not recognizing phishing attacks in email content.

While never opening a phishing email is the best way to secure your computer, even the most experienced email user will occasionally accidentally open up a phishing email. At this point, the key to limiting your damage is recognizing the phishing email for what it is.

Phishing is a type of online fraud wherein the sender of the email tries to trick you into giving out personal passwords or banking information. The sender will typically steal the logo from a well-known bank or PayPal and try to format the email to look like it comes from the bank. Usually the phishing email asks for you to click on a link in order to confirm your banking information or password, but it may just ask you to reply to the email with your personal information.

Whatever form the phishing attempt takes, the goal is to fool you into entering your information into something which appears to be safe and secure, but in fact is just a dummy site set up by the scammer. If you provide the phisher with personal information, he will use that information to try to steal your identity and your money.

Signs of phishing include:

* A logo that looks distorted or stretched.
* Email that refers to you as "Dear Customer" or "Dear User" rather than including your actual name.
* Email that warns you that an account of yours will be shut down unless you reconfirm your billing information immediately.
* An email threatening legal action.
* Email which comes from an account similar, but different from, the one the company usually uses.
* An email that claims 'Security Compromises' or 'Security Threats' and requires immediate action.

If you suspect that an email is a phishing attempt, the best defense is to never open the email in the first place. But assuming you have already opened it, do not reply or click on the link in the email. If you want to verify the message, manually type in the URL of the company into your browser instead of clicking on the embedded link.

15. Sending personal and financial information via email.

Banks and online stores provide, almost without exception, a secured section on their website where you can input your personal and financial information. They do this precisely because email, no matter how well protected, is more easily hacked than well secured sites. Consequently, you should avoid writing to your bank via email and consider any online store that requests that you send them private information via email suspect.

This same rule of avoiding placing financial information in emails to online businesses also holds true for personal emails. If, for example, you need to give your credit card information to your college student child, it is far more secure to do so over the phone than via email.

16. Unsubscribing to newsletters you never subscribed to.

A common technique used by spammers is to send out thousands of fake newsletters from organizations with an "unsubscribe" link on the bottom of the newsletter. Email users who then enter their email into the supposed "unsubscribe" list are then sent loads of spam. So if you don't specifically remember subscribing to the newsletter, you are better off just blacklisting the email address, rather than following the link and possibly picking up a Trojan horse or unknowingly signing yourself up for yet more spam.

Avoiding malware

17. Trusting your friends email.

Most new internet users are very careful when it comes to emails from senders they don't recognize. But when a friend sends an email, all caution goes out the window as they just assume it is safe because they know that the sender wouldn't intend to hurt them. The truth is, an email from a friend's ID is just as likely to contain a virus or malware as a stranger's. The reason is that most malware is circulated by people who have no idea they are sending it, because hackers are using their computer as a zombie.

It is important to maintain and keep updated email scanning and Anti-virus software, and to use it to scan ALL incoming emails.

18. Deleting spam instead of blacklisting it.

An email blacklist is a user created list of email accounts that are labeled as spammers. When you 'blacklist' an email sender, you tell your email client to stop trusting emails from this particular sender and to start assuming that they are spam.

Unfortunately, new internet users are often timid to use the blacklist feature on their email client, and instead just delete spam emails. While not every piece of spam is from repeat senders, a surprising amount of it is. So by training yourself to hit the blacklist button instead of the delete button when confronted with spam, you can, in the course of a few months, drastically limit the amount of spam that reaches your Inbox.

19. Disabling the email spam filter.

New email users typically do not start out with a lot of spam in their email account and thus do not value the help that an email spam filter can provide at the beginning of their email usage. Because no spam filter is perfect, initially the hassle of having to look through one's spam box looking for wrongly blocked emails leads many new email users to instead just disable their email spam filter altogether.

However, as an email account gets older it tends to pick up more spam, and without the spam filter an email account can quickly become unwieldy. So instead of disabling their filter early on, new internet users should take the time to whitelist emails from friends that get caught up in the spam filter. Then, when the levels of spam start to pick up, the email account will remain useful and fewer and fewer friends will get caught up in the filter.
20. Failing to scan all email attachments.

Nine out of every ten viruses that infect a computer reach it through an email attachment. Yet despite this ratio, many people still do not scan all incoming email attachments. Maybe it is our experience with snail mail, but often when we see an email with an attachment from someone we know, we just assume that the mail and its attachment are safe. Of course that assumption is wrong, as most email viruses are sent by 'Zombies' which have infected a computer and caused it to send out viruses without the owner even knowing.

What makes this oversight even more scandalous is the fact that a number of free email clients provide an email attachment scanner built-in. For example, if you use Gmail or Yahoo! for your email, every email and attachment you send or receive is automatically scanned. So if you do not want to invest in a third-party scanner and your email provider does not provide attachment scanning built-in, you should access your attachments through an email provider that offers free virus scanning by first forwarding your attachments to that account before opening them.

Keeping hackers at bay

21. Sharing your account information with others.

We've all done it – we need an urgent mail checked, and we call up our spouse or friend and request them to check our email on our behalf. Of course, we trust these people, but once the password is known to anybody other than you, your account is no longer as secure as it was.

The real problem is that your friend might not use the same security measures that you do. Your friend might be accessing his email through an unsecured wireless account, he may not keep his anti-virus software up to date, or he might be infected with a keylogger virus that automatically steals your password once he enters it. So ensure that you are the only person that knows your personal access information, and if you write it down, make sure to do so in a way that outsiders won't be able to understand easily what they are looking at if they happen to find your records.

22. Using simple and easy-to-guess passwords.

Hackers use computer programs that scroll through common names to compile possible user names, and then send spam emails to those usernames. When you open that spam email, a little hidden piece of code in the email sends a message back to the hacker letting him know that the account is valid, at which point they turn to the task of trying to guess your password.

Hackers often create programs which cycle through common English words and number combinations in order to try to guess a password. As a consequence, passwords that consist of a single word, a name, or a date are frequently "guessed" by hackers. So when creating a password use uncommon number and letter combinations which do not form a word found in a dictionary. A strong password should have a minimum of eight characters, be as meaningless as possible, as well as use both upper and lowercase letters. Creating a tough password means that the hacker's computer program will have to scroll through tens of thousands of options before guessing your password, and in that time most hackers simply give up.

23. Failing to encrypt your important emails.

No matter how many steps you take to minimize the chance that your email is being monitored by hackers, you should always assume that someone else is watching whatever comes in and out of your computer. Given this assumption, it is important to encrypt your emails to make sure that if someone is monitoring your account, at least they can't understand what you're saying.

While there are some top-of-the-line email encryption services for those with a big budget, if you are new to email and just want a simple and cheap but effective solution, you can follow these step-by-step 20 minute instructions to install PGP, the most common email encryption standard. Encrypting all your email may be unrealistic, but some mail is too sensitive to send in the clear, and for those emails, PGP is an important email security step.
24. Not encrypting your wireless connection.

While encrypting your important emails makes it hard for hackers who have access to your email to understand what they say, it is even better to keep hackers from getting access to your emails in the first place.
One of the most vulnerable points in an emails trip from you to the email recipient is the point between your laptop and the wireless router that you use to connect to the internet. Consequently, it is important that you encrypt your wifi network with the WPA2 encryption standard. The upgrade process is relatively simple and straightforward, even for the newest internet user, and the fifteen minutes it takes are well worth the step up in email security.


25. Failing to use digital signatures.

The law now recognizes email as an important form of communication for major undertakings such as signing a contract or entering into a financial agreement. While the ability to enter into these contracts online has made all of our lives easier, it has also created the added concern of someone forging your emails and entering into agreements on your behalf without your consent.

One way to combat email forgery is to use a digital signature whenever you sign an important email. A digital signature will help prove who and from what computer an email comes from, and that the email has not been altered in transit. By establishing the habit of using an email signature whenever you sign important emails, you will not only make it harder for the other party to those agreements to try to modify the email when they want to get out of it, but it will also give you extra credibility when someone tries to claim that you have agreed to a contract via email that you never did.

Read More