In Internet Explorer 6 or 7, how do I remove a stored password or other stored information?
Internet Explorer 7
To remove a stored password or other stored information in Internet Explorer 7:
1. From the Tools menu, select Internet Options.
2. On the General tab, under Browsing history, click the Delete... button. You now have several options:
- To delete temporary Internet files (copies of web pages, images, and media that are saved for faster viewing), click the Delete files... button.
- To delete cookies, click the Delete cookies... button.
- To delete the history (the lists of web sites you have visited), click the Delete history... button.
- To delete form data (saved information that you have typed into forms), click the Delete forms... button.
- To delete passwords, click the Delete passwords... button.
- To delete all of the above, click the Delete all... button.
3. Click OK twice.
Internet Explorer 6
To remove a stored password or stored form data in Internet Explorer 6:
1. From the Tools menu, select Internet Options... .
2. Click the Content tab, and then click the AutoComplete... button.
3. To remove stored passwords, click Clear Passwords.
To clear stored data that you have entered into forms, click Clear Forms.
4. Click OK.
Article Source: By http://www.iu.edu/
Saturday, June 28, 2008
Protect Yourself From Spyware
Protect Yourself From Spyware
5 Easy Steps To Help You
If its not one thing, its another. That is one of those ridiculous phrases that pretty much goes without saying. Like "wherever you go, there you are." But, in this case it seems appropriate.
Allow me to elaborate. Computers on the Internet are almost constantly bombarded with viruses and other malware- so users employ antivirus software to protect themselves. Email inboxes are constantly flooded with pathetically useless spam- so users employ anti-spam programs and techniques to protect themselves. As soon as you think you have things under control you find out your system has a myriad of spyware and adware programs silently running in the background monitoring and reporting on your computer activity. Hence, "if its not one thing, its another."
The more benign spyware and adware simply monitors and tracks your the sites you visit on the web so that companies can determine the web-surfing habits of their users and try to pinpoint their marketing efforts. However, many forms of spyware go beyond simple tracking and actually monitor keystrokes and capture passwords and other functions which cross the line and pose a definite security risk.
How can you protect yourself from these insidious little programs? Ironically, many users unwittingly agree to install these programs. In fact, removing some spyware and adware might render some freeware or shareware programs useless. Below are 5 easy steps you can follow to try to avoid and, if not avoid, at least detect and remove these programs from your computer system:
1. Be Careful Where You Download: Unscrupulous programs often come from unscrupulous sites. If you are looking for a freeware or shareware program for a specific purpose try searching reputable sites like tucows.com or download.com.
2. Read the EULA: What is an EULA you ask? End User License Agreement. It's all of the technical and legal gibberish in that box above the radio buttons that say "No, I do not accept" or "Yes, I have read and accept these terms". Most people consider this a nuisance and click on "yes" without having read a word. The EULA is a legal agreement you are making with the software vendor. Without reading it you may be unwittingly agreeing to install spyware or a variety of other questionable actions that may not be worth it to you. Sometimes the better answer is "No, I do not accept."
3. Read Before You Click: Sometimes when you visit a web site a text box might pop up. Like the EULA, many users simply consider these a nuisance and will just click away to make the box disappear. Users will click "yes" or "ok" without stopping to see that the box said "would you like to install our spyware program?" Ok, admittedly they don't generally come out and say it that directly, but that is all the more reason you should stop to read those messages before you click "ok".
4. Protect Your System: Antivirus software is somewhat misnamed these days. Viruses are but a small part of the malicious code these programs protect you from. Antivirus has expanded to include worms, trojans, vulnerability exploits, jokes and hoaxes and even spyware and adware. If your antivirus product doesn't detect and block spyware you can try a product like AdAware Pro which will protect your system from spyware or adware in real time.
5. Scan Your System: Even with antivirus software, firewalls and other protective measures some spyware or adware may eventually make it through to your system. While a product like AdAware Pro mentioned in step #4 will monitor your system in real time to protect it, AdAware Pro costs money. The makers of AdAware Pro, Lavasoft, also have a version available for free for personal use. AdAware will not monitor in real time, but you can manually scan your system periodically to detect and remove any spyware. Another excellent choice is Spybot Search & Destroy which is also available for free.
Article Source: By Tony Bradley, CISSP-ISSAP, About.com
Creating Secure Passwords
Creating Secure Passwords
Tips and Tools To Help You Keep Track of Passwords Without Yellow Sticky Notes
One of the problems with passwords is that users forget them. In an effort to not forget them, they use simple things like their dog’s name, their son’s first name and birthdate, the name of the current month- anything that will give them a clue to remember what their password is.
For the curious hacker who has somehow gained access to your computer system this is the equivalent of locking your door and leaving the key under the doormat. Without even resorting to any specialized tools a hacker can discover your basic personal information- name, children’s names, birthdates, pets names, etc. and try all of those out as potential passwords.
To create a secure password that is easy for you to remember, follow these simple steps:
1. Do not use personal information. You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet's name, child's birth date and other similar details.
2. Do not use real words. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.
3. Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'.
4. Use a passphrase. Rather than trying to remember a password created using various character types which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word.
For example, rather than just having a password like 'yr$1Hes', you could take a sentence such as "I like to read the About.com Internet / Network Security web site" and convert it to a password like 'il2rtA!nsws". By substituting the number '2' for the word 'to' and using an exclamation point in place of the 'i' for 'Internet', you can use a variety of character types and create a secure password that is hard to crack, but much easier for you to remember.
5. Use a password management tool. Another way to store and remember passwords securely is to use some sort of password management tool. These tools maintain a list of usernames and passwords in encrypted form. Some will even automatically fill in the username and password information on sites and applications.
Using the tips above will help you create passwords that are more secure, but you should still also follow the following tips:
Use different passwords. You should usea different username and password for each login or application you are trying to protect. That way if one gets compromised the others are still safe. Another approach which is less secure, but provides a fair tradeoff between security and convenience, is to use one username and password for sites and applications that don't need the extra security, but use unique usernames and more secure passwords on sites such as your bank or credit card companies.
Change your passwords. You should change your password at least every 30 to 60 days. You should also not re-use a password for at least a year.
Enforce stronger passwords: Rather than relying on every user of the computer to understand and follow the instructions above, you can configure Microsot Windows password policies so that Windows will not accept passwords that don't meet the minimum requirements.
Article Source: By Tony Bradley, CISSP-ISSAP, About.com
Tips and Tools To Help You Keep Track of Passwords Without Yellow Sticky Notes
One of the problems with passwords is that users forget them. In an effort to not forget them, they use simple things like their dog’s name, their son’s first name and birthdate, the name of the current month- anything that will give them a clue to remember what their password is.
For the curious hacker who has somehow gained access to your computer system this is the equivalent of locking your door and leaving the key under the doormat. Without even resorting to any specialized tools a hacker can discover your basic personal information- name, children’s names, birthdates, pets names, etc. and try all of those out as potential passwords.
To create a secure password that is easy for you to remember, follow these simple steps:
1. Do not use personal information. You should never use personal information as a part of your password. It is very easy for someone to guess things like your last name, pet's name, child's birth date and other similar details.
2. Do not use real words. There are tools available to help attackers guess your password. With today's computing power, it doesn't take long to try every word in the dictionary and find your password, so it is best if you do not use real words for your password.
3. Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'.
4. Use a passphrase. Rather than trying to remember a password created using various character types which is also not a word from the dictionary, you can use a passphrase. Think up a sentence or a line from a song or poem that you like and create a password using the first letter from each word.
For example, rather than just having a password like 'yr$1Hes', you could take a sentence such as "I like to read the About.com Internet / Network Security web site" and convert it to a password like 'il2rtA!nsws". By substituting the number '2' for the word 'to' and using an exclamation point in place of the 'i' for 'Internet', you can use a variety of character types and create a secure password that is hard to crack, but much easier for you to remember.
5. Use a password management tool. Another way to store and remember passwords securely is to use some sort of password management tool. These tools maintain a list of usernames and passwords in encrypted form. Some will even automatically fill in the username and password information on sites and applications.
Using the tips above will help you create passwords that are more secure, but you should still also follow the following tips:
Use different passwords. You should usea different username and password for each login or application you are trying to protect. That way if one gets compromised the others are still safe. Another approach which is less secure, but provides a fair tradeoff between security and convenience, is to use one username and password for sites and applications that don't need the extra security, but use unique usernames and more secure passwords on sites such as your bank or credit card companies.
Change your passwords. You should change your password at least every 30 to 60 days. You should also not re-use a password for at least a year.
Enforce stronger passwords: Rather than relying on every user of the computer to understand and follow the instructions above, you can configure Microsot Windows password policies so that Windows will not accept passwords that don't meet the minimum requirements.
Article Source: By Tony Bradley, CISSP-ISSAP, About.com
Friday, June 27, 2008
Protect Yourself From Phishing Scams
Protect Yourself From Phishing Scams
5 Simple Steps For Users To Avoid Being Phishing Victims
Phishing attacks have become more sophisticated and users need simple steps they can use to protect themselves from becoming victims of phishing scams. Follow these 5 steps to avoid being a victim and protect yourself from phishing scams.
1. Be Skeptical: It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. You should never supply your username, password, account number or any other personal or confidential information via email and you should not reply directly to the email in question. Ed Skoudis says “If the user really suspects that an e-mail is legit, they should: 1) close their e-mail client, 2) close ALL browser windows, 3) open a brand new browser, 4) surf to the e-commerce company's site as they normally would. If there's anything wrong with their account, there will be a message at the site when they log in. We need people to close their mail readers and browsers first, just in case an attacker sent a malicious script or pulled another fast one to direct the user to a different site.”
2. Use The Old-Fashioned Way: An even safer means of verifying if an email regarding your account is legitimate or not is to simply delete the email and pick up the phone. Rather than risking that you may somehow be emailing the attacker or mis-directed to the attacker’s replica web site, just call customer service and explain what the email stated to verify if there is truly a problem with your account or if this is simply a phishing scam.
3. Do Your Homework: When your bank statements or account details arrive, whether in print or through electronic means, analyze them closely. Make sure there are no transactions that you can’t account for and that all of the decimals are in the right spots. If you find any problems contact the company or financial institution in question immediately to notify them.
4. Let Your Web Browser Warn You: The latest generation web browsers, such as Internet Explorer 7 and Firefox 2.0 come with built in phishing protection. These browsers will analyze web sites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.
5. Report Suspicious Activity: If you receive emails that are part of a phishing scam or even seem suspicious you should report them. Douglas Schweitzer says "Report suspicious e-mails to your ISP and be sure to also report them to the Federal Trade Commission (FTC) at http://www.ftc.gov/".
Article Source: By Tony Bradley, CISSP-ISSAP, About.com
5 Simple Steps For Users To Avoid Being Phishing Victims
Phishing attacks have become more sophisticated and users need simple steps they can use to protect themselves from becoming victims of phishing scams. Follow these 5 steps to avoid being a victim and protect yourself from phishing scams.
1. Be Skeptical: It is better to err on the side of caution. Unless you are 100% sure that a particular message is legitimate, assume it is not. You should never supply your username, password, account number or any other personal or confidential information via email and you should not reply directly to the email in question. Ed Skoudis says “If the user really suspects that an e-mail is legit, they should: 1) close their e-mail client, 2) close ALL browser windows, 3) open a brand new browser, 4) surf to the e-commerce company's site as they normally would. If there's anything wrong with their account, there will be a message at the site when they log in. We need people to close their mail readers and browsers first, just in case an attacker sent a malicious script or pulled another fast one to direct the user to a different site.”
2. Use The Old-Fashioned Way: An even safer means of verifying if an email regarding your account is legitimate or not is to simply delete the email and pick up the phone. Rather than risking that you may somehow be emailing the attacker or mis-directed to the attacker’s replica web site, just call customer service and explain what the email stated to verify if there is truly a problem with your account or if this is simply a phishing scam.
3. Do Your Homework: When your bank statements or account details arrive, whether in print or through electronic means, analyze them closely. Make sure there are no transactions that you can’t account for and that all of the decimals are in the right spots. If you find any problems contact the company or financial institution in question immediately to notify them.
4. Let Your Web Browser Warn You: The latest generation web browsers, such as Internet Explorer 7 and Firefox 2.0 come with built in phishing protection. These browsers will analyze web sites and compare them against known or suspected phishing sites and warn you if the site you are visiting may be malicious or illegitimate.
5. Report Suspicious Activity: If you receive emails that are part of a phishing scam or even seem suspicious you should report them. Douglas Schweitzer says "Report suspicious e-mails to your ISP and be sure to also report them to the Federal Trade Commission (FTC) at http://www.ftc.gov/".
Article Source: By Tony Bradley, CISSP-ISSAP, About.com
Monday, June 2, 2008
How to ensure that my Internet session is secure?
How to ensure that my Internet session is secure?
When you're on a site or visit your bank, always make sure that your Internet session is secure. This involves checking the following five points:
- https appears in the URL of the site
- Checking the validity of the safety certificate
- Presence of a padlock at the bottom right of your screen
- Information contained in the Certificate
- Closing the windows of your browser
Presence of https in the URL of the site
Validity of the safety certificate
ATTENTION, if the security certificate is invalid, this is the message that appears on the screen:
When this window appears, do not click especially on "Yes". This means that the site's certificate is not valid.
There are three possible causes of invalidity:
1. the certification authority is not recognized (especially in case of phishing or pharming);
2. the certificate is no longer valid because its validity date has expired;
3. the site name does not match the certificate (especially in case of phishing or pharming).
Presence of a padlock at the bottom right of your screen
A small padlock appears at the bottom right of your screen (see below).
Information contained in the Security Certificate
Check the certificate by double clicking on the padlock. Below is what you would see on the General tab.
Then click the Details tab and then click in the Subject column Champs, here is what you see:
Closing the windows of your browser
No other window of my browser (Explorer, Netscape, ...) is open. The idea is to prevent access to my online account via another site.
When you're on a site or visit your bank, always make sure that your Internet session is secure. This involves checking the following five points:
- https appears in the URL of the site
- Checking the validity of the safety certificate
- Presence of a padlock at the bottom right of your screen
- Information contained in the Certificate
- Closing the windows of your browser
Presence of https in the URL of the site
Validity of the safety certificate
ATTENTION, if the security certificate is invalid, this is the message that appears on the screen:
When this window appears, do not click especially on "Yes". This means that the site's certificate is not valid.
There are three possible causes of invalidity:
1. the certification authority is not recognized (especially in case of phishing or pharming);
2. the certificate is no longer valid because its validity date has expired;
3. the site name does not match the certificate (especially in case of phishing or pharming).
Presence of a padlock at the bottom right of your screen
A small padlock appears at the bottom right of your screen (see below).
Information contained in the Security Certificate
Check the certificate by double clicking on the padlock. Below is what you would see on the General tab.
Then click the Details tab and then click in the Subject column Champs, here is what you see:
Closing the windows of your browser
No other window of my browser (Explorer, Netscape, ...) is open. The idea is to prevent access to my online account via another site.
Subscribe to:
Comments (Atom)