Tuesday, June 21, 2005

Ten Ways to stop identity theft

Common sense is always worth repeating...FYI
1. Destroy private records and statements. Tear up -- or, if you prefer, shred -- credit card statements, solicitations and other documents that contain private financial information.

2. Secure your mail. Empty your mailbox quickly, lock it or get a P.O. box so criminals don’t have a chance to snatch credit card pitches. Never mail outgoing bill payments and checks from home. They can be stolen from your mailbox and the payee's name erased with solvents. Mail them from the post office or another secure location.

3. Safeguard your Social Security number. Never carry your card with you, or any other card that may have your number, like a health insurance card. And don’t put your number on your checks. It's the primary target for identity thieves because it gives them access to your credit report and bank accounts. (For more on protecting your Social Security number, see "Safeguard your Social Security number.")

4. Don't leave a paper trail. Never leave ATM, credit card or gas station receipts behind.

5. Never let your credit card out of your sight. Worried about credit card skimming? Always keep an eye on your card or, when that's not possible, pay with cash.

6. Know who you're dealing with. Whenever anyone contacts you asking for private identity or financial information, make no response other than to find out who they are, what company they represent and the reason for the call. If you think the request is legitimate, contact the company yourself and confirm what you were told before revealing any of your personal data.

7. Take your name off marketers' hit lists. In addition to the national Do-Not-Call registry (1-888-382-1222), you can also cut down on junk mail and opt out of credit card solicitations. For details, see Liz Weston's article, "Free at last from telemarketing invasions."

8. Be more defensive with personal information. Ask salespeople and others if information such as a Social Security or driver’s license number is absolutely necessary. Ask anyone who does require your Social Security number -- for instance, your insurance company -- what their privacy policy is and whether you can arrange for the organization not to share your information with anyone else.

9. Monitor your credit report. Obtain and thoroughly review your credit report (now available for free at Annualcreditreport.com or by calling 877-322-8228) at least once a year to look for suspicious activity. If you spot something, alert your card company or the creditor immediately. You may also want to subscribe to a credit protection service, like Experian's CreditCheck, which alerts you any time a change takes place with your credit report.

10. Review your credit card statements carefully. Make sure you recognize the merchants, locations and purchases listed before paying the bill. If you don't need or use department-store or bank-issued credit cards, consider closing the accounts. For more on when and how to close credit card accounts, see "Cancel a credit card -- the right way. "

Monday, June 20, 2005

June 2005 Meeting Notes

June 2005 Meeting Notes

Security
Three "Critical" updates were released June 14, 2005:
1.. MS05-025: Internet Explorer Update - fixes two problems:
a.. A remote code execution vulnerability exists in Internet Explorer because of the way that it handles PNG images. An attacker could exploit the vulnerability by constructing a malicious PNG image that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
b.. An information disclosure vulnerability exists in Internet Explorer because of the way that it handles certain requests to display XML content. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially lead to information disclosure if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could read XML data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.
2.. MS05-026: HTML help Update -- Microsoft HTML Help is the standard help system for the Windows platform. Authors can use HTML Help to create online Help files for a software application or to create content for a multimedia title or for a Web site. This is a remote code execution vulnerability. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Even though Windows 98, 98 SE, and ME are affected, no patch is available for those systems yet.
3.. MS05-027: Vulnerability in Server Message Block Could Allow Remote Code Execution -- Server Message Block (SMB), and its follow-on, Common Internet File System (CIFS), is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and also to communicate between computers. To do this, SMB uses named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients.
Clients make SMB requests for resources. Servers make SMB responses. This is described as a client server, request-response protocol. There are several different ways that an attacker could try to exploit this vulnerability. An attacker could try to exploit the vulnerability directly over a network by creating a series of specially crafted messages and sending them to an affected system. The messages could then cause the affected system to execute code. Windows 98, 98 SE, and ME are not affected.

Other Security Updates (non-critical):
a.. MS05-028: A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system.
b.. MS05-029: A cross-site scripting vulnerability exists in Outlook Web Access for Microsoft Exchange that could allow an attacker to run a malicious script in Outlook Web Access.
c.. MS05-030: A vulnerability exists in Outlook Express that could allow an attacker to take complete control of an affected system. User interaction is required to exploit this vulnerability and an attacker would need to persuade a user to connect to their News (NNTP) server.
d.. MS05-031: A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. Microsoft Windows Interactive Training is not installed by default.
e.. MS05-032: A vulnerability exists in Microsoft Agent that could enable an attacker to spoof trusted Internet content.
f.. MS05-033: A vulnerability exists in the Windows Telnet Client that could enable an attacker to retrieve unpredictable information from a system.



For more information check out
http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx.



To get just the security updates your computer needs:
a.. Just go to Windows Update. Use MS Internet Explorer to go to
http://windowsupdate.microsoft.com/
b.. The Windows Update program knows which updates are for your version of
windows.



A recent study shows that 30%-40% of all email is infected with a virus.
a.. This means that people are still opening attachments to make the virus
spread.
b.. Do not open any unexpected attachments, even from people you know.
c.. Agree beforehand that you will be expecting a specific attachment if
you need to send someone a file.



A Do-It-Yourself Reminder System (no extra software needed)
a.. Use notepad to create a list of tasks, dates, etc.
b.. Use the Scheduled Tasks program to schedule your file to open when you
log in (or at other times).
c.. In Windows 98, open My Computer, then double-click "Scheduled Tasks".
d.. In Windows XP, choose Start -> Control Panel -> Performance and
Maintenance -> Scheduled Tasks
e.. Double-click "Add Scheduled Task" to start the Scheduled Task Wizard.
f.. Click Next.
g.. Don't choose a program from the list, but click Browse.
h.. Navigate to where you saved your list of tasks and dates, click the
file, and click Open.
i.. Choose "Run When I log In" to have the file shown when you start up
Windows. Click Next.
j.. Click Finish.
k.. To adjust the schedule afterwards, open up the Scheduled Tasks list
and double-click an item. Choose the Schedule tab to change the schedule.
Unfortunately, Yearly is not an option.
l.. Another thing to try: record a message using Sound Recorder, and
schedule it to play using Scheduled Taks to have an audio reminder.



If you want a more polished reminder system (yet still free)
a.. Download a reminder/calendar program (there are many).
b.. I tried Birthdays and Anniversaries Reminder 1.0 from http://download.com.
Birthdays and Anniversaries Reminder (BAR) is a simple program that reminds
you of the birthdays of your friends & relatives (or even yours). All you
have to do is keep on adding the dates you know, set BAR to run at startup,
and rest assured that you will be notified of them as they approach. BAR has
a very easy-to-use interface and has several options like sorting,
formatting dates according to your locale and numbers of days in advance
should BAR check for approaching birthdays. Use it for some time, and you'll
start liking (and needing) it more.



If you want to build your own program:
a.. Free download: Visual Studio 2005 Express Editions (Beta 2 versions)
b.. Send me an email if you are interested.

Tuesday, June 14, 2005

Next Meeting: June 21

More details to follow.