Saturday, December 31, 2005

Stats

Finally, an easy-to-use and friendly stats engine for my blog... Thanks to http://www.sitemeter.com/. See my stats here.

Monday, December 12, 2005

Gift Idea!


I really need this shower notepad! No kiddin'.

;-)

Friday, December 09, 2005

Hoax?

What is a hoax? The sound you make when you sneeze? Nah... It is a false rumor. You probaly receive e-mails saying, for example, that a little boy in a foreign country will earn 5 c ents every time you forward this e-mail... Or that a new virus has been announced by Microsoft? Those are not true, but forwarded by people who just don't know how to check.

There is nothing good with these e-mail messages and their only consequences are losses of time for a lot of people. Please don't forward these e-mails before checking if the information they contain is real and true.

But how to do that? I'll give you the means today.
  • You need to know if a message is real or a hoax? Go see HoaxBuster (french) this other site. Anti-virus vendors also have such sections on their website (Mcafee and Symantec)
  • You want to be aware of virus trends? Every anti-virus vendor has a database of viruses (Mcafee, Symantec, Kaspersky). Microsoft is not (as of today) an anti-virus vendor.
Ok, now you've got the tools, so... Please do not forward anything that looks like a hoax without before verifying its veracity. Thanks.

Basic tips for free security

Computer security is important for everyone. People often underestimate the cost of computer labour and think that when they buy a computer, there will be no other costs other than the purchase cost. Wrong!


But you can easily reduce the risk of needing computer specialists' services with a few tips (there is no cost associated with those).

Short version: get AVG anti-virus, free edition, and MS Anti-Spyware.

Long version:
  • Get a free anti-virus. I recommend AVG, Free Edition. Not really because it is the best... I haven't tested them all. However, it is the one I've been using at home for a long while and I'm pretty satisfied with it. It is also easier for me to help anyone who's using the same software as I use. Note: AVG Free Edition can not be used in a business context. It is only allowed for personal use at home. Please respect licences. WinClam is an open-source virus-scanner
  • Get a free anti-malware program. If you have a legal copy of Windows installed on your compuer, get Microsoft Anti-Spyware Beta. It is free, but subject to change. Its beta status means that they're still testing it. It is quite stable, though. There are also a few anti-malware programs around (Lavasoft Ad-Aware and others...). If you'd like to go with an open-source solution instead, you can get Winpooch with ClamWin. I'm still not too familiar with with Winpooch yet, but I'll keep you informed.
  • Keep all your components up-to-date
    • Operating system (Windows, Mac OSX, Linux, etc)
    • Office suites
    • Anti-virus
    • Anti-malware
  • Make backup frequently
If you need help with any of this, you can contact me... but I don't work for free ;).

Phishing

You don't know what phishing is? Well, it is basically a fraud attempt using e-mail messages. It is usually a malicious person who impersonates a big corporation, usually banks, or online services like eBay or Paypal, and ask you to go to some site and enter your credentials (username/password/card #) for whatever reason.

What people usually don't know is that it is easy to make a link that leads somewhere else than what it says. For example, it is easy for me to make a link to one website, and make it look like another. For example: www.patatebleue.com links to google.

So here are the rules...
  • Banks never communicate with their clients by e-mail.
  • Watch out for typos. Phising are usually full of mistakes.
  • You should never be prompted by e-mail to "refresh" your password.
  • Businesses don't deactivate their client's account just for the fun of it. Think about it: Customers are of value for a business, why close accounts? Also, most business gather information about their customers (age, gender, occupation, etc) that they use for statistics later. And, after all, why would risk losing a customer by deactivating an account? It costs basically to keep a stale account open.
  • If you have any doubts, don't do anything and ask someone who has a clue (yes, I should fit in this definition)

Firefox 1.5 is here, with cool extensions!

Good news, the new Firefox is out!

I tried it out and it has been reviewed many times already. I suggest you upgrade, unless you really need one extension that is not 1.5-ready yet. It has a few improvements over 1.0.x, such as:
  • Automatic updates
  • Faster browsing
  • Drag-n-drop re-ordering of tabs
  • Better pop-up blocking
  • You can report sites that are not Firefox-friendly directly in Firefox
  • Many others
I also found many cool extensions thanks to this article. Go there and get cool extensions!

What about security? Well, Firefox 1.5 just got its first security alert. Critical? Nah... far from that. However, that doesn't mean Firefox is 100% secure. But the automatic update feature, it is getting close. It is a lot better than Internet Explorer, since Internet Explorer has roots in the Windows operating system, and Firefox doesn't. This means that a vulnerability in Internet Explorer can typically be more critical than a similar one in Firefox.

But, I really believe that using Firefox for most of your browsing can greatly reduce the risks of getting malware (adware, spyware, virus) on your computer. Since malware activity is increasing quickly, this is a relatively easy way to keep your computer clean, your privacy private, and your money for your dearest activities. Ah, and it is also free! It is definitely worth the try.

msncheck.41m dot com

Hi,

I reported suspicious activities on this website recently msncheck dot 41m dot com to the SANS institute. They were offering to let people know who blocked them on MSN. But that required that you enter your MSN credentials (e-mail address/password). Do you remember you should never give your password to anyone?


I must admit they looked fair and honest since they were recommending you to change your password before and after, so that they don't know your real password. But the thing is: do you have an idea of how much e-mail addresses they can harvest this way? That is an easy way to build a list of addresses to send spam or phishing...

Now the site is down, but I don't know if my report has anything to do with it... I'll ask.

Greylisting

Hi,

Just begun playing around with GreyListing. It is another anti-spam technique. Simply said, what it does is:
  • It is based on tuplets (sender, recipient, originating IP). The first time a server receives a message of one specific tuplet, it says to the originating server : I don't accept your message now, please come back a bit later.
  • Real e-mail servers usually respect this and retry a few (typically 15) minutes later. When the server retries, the delays don't apply and the message is accepted. Then, the tuplet is added to a database (held in memory, dumped once in a while on disk), so that this tuplet is not subject to greylisting (delays) for a given period
  • Spambots, zombie infected computers don't retry, so a lot of spam is denied just there, no more processing is needed.
The benefits are two-fold
  • There is less spam in the users' mailboxes
  • There is less load on mail servers. Effectively, most servers use anti-spam software that uses a lot of resources (network/disk I/O, CPU, memory). When Greylisting is used, the message is stopped at the SMTP (e-mail language) transaction. Therefore, the message don't even reache the resource-expensive anti-spam software.
I'd like to give you more complete stats, but for the tests I've done, I've reduced the quantity of spam received from ~50/day to zero.

I'm implementing this technique for a spam-filtering services business, but we're doing it smoothly and selectively. I'll keep you informed.

If you want more informations, please see:

http://www.greylisting.org/
http://projects.puremagic.com/greylisting/
http://en.wikipedia.org/wiki/Greylisting