Sneak a Peek at Email

I get a good amount of spam. You probably do, too. UGHHH! I hate it. I HATE the stuff and I HATE hashing through it. It’s also not safe to open it unless you know exactly who has sent it. But sometimes it’s really hard to tell. How do I know for sure that the email labeled “Your Order Has Been Shipped” is the real discount furniture I ordered, or is it a scam? And is that “PayPal Receipt” is really from PayPal and not a phisher?? Well, here’s a little tip for you:

Right click on the suspicious email and choose “Properties.” A new window will pop up. You can see the sender’s email here. Now see that tab that says “Details”? Click it and you will see all the techincal information about the sender, his IP, his email, your email, and other tidbits of information. Look for the “Received from” and you can see the sender’s email source and his IP. If you take that IP and search for it using Whois or a tracing site, it will give you a general idea of where the email is coming from. So that email may LOOK like it’s from Uncle Bob in Kansas, but the IP is showing an address in Russia. Hm.

Now this is not 100% fail-proof. Emails go ’round and ’round various servers. And if Uncle Bob uses Hotmail or Gmail, hgis location is going to show the location of the Hotmail or Gmail server. So sometimes knowing the IP address is unhelpful. You can view the message without opening the email. In the Properties window, where you clicked the Details tab, you can see a button that says “Message Source.” If you click that, a new window will appear, with the message content in text form. All html source coding (and any pixel spies and also all images) will not show. You can scan the message. You’ll also see alot of html code in there for images or special font characters.

The “Properties” element in menus is one of my favorite features. I use it all the time to see what’s underlying!

How Are Your Passwords?

I’ve been hearing about more hacking attempts these days. The most notable was the attack on Sarah Palin and her Yahoo email account. That was disgusting, but it goes to show you how quickly and easily some things can be hacked.

I try to make my passwords with a combination of numbers, letters, and symbols. Nothing annoys me more than a banking website that only allows you numbers and letters. Are they idiots? Numbers and letters can be hacked in a flash. Hackers use special software that runs combinations at a very high speed. If your password has only numbers and letters, you’re making it easier for your account to be hacked.

Microsoft has a great page that will check the strength of your password for you. It’s here. They’ve also got a page of tips on creating strong passwords, here. I suggest you read it! Don’t give those hackers any more ammunition!

Beware the Antivirus XP

Be very careful what you download. And be very careful with the websites you visit. Before reading this article, I’d never heard of Antivirus XP 2008. It’s not an antivirus, even though it looks, feels, and acts like one. Someone very crafty made this piece of spyware!

Antivirus XP 2008 is malware– malicious software. It is downloadable into your computer, where it gives you popups, pretends to scan, opens up Internet Explorer, and “Google” tells you that it has detected a threat. And you have to pay to remove the threat. Yikes. Symantec has a good and brief decription of this program, and the C|Net Forum has a simple tutorial on how to remove it if your computer is infected.

Be very careful about the sites you visit, keep your security software updated, and never download anything unless you are sure what it is. It’s disgusting, all the junk out there. You’d think people would have better things to do than create malware and wreck people’s computers?!

Hide Your Plugins Files

It’s becoming more common so perhaps you’ve heard of it happening: someone’s Wordpress blog was hacked. Usually it is by a spammer, who inserts malicious images and coding. There are weaknesses in Wordpress, because it’s open source software, and because users often don’t know all the security holes.

Here’s one quick and easy tip to help secure your Wordpress site: hide your plugins files. Plugins are so convenient but they can be a security risk. I recommend using only plugins you really, really need, and hiding what you have.

If you were to type in an unprotected blog’s address, like this:

http://BLOGNAME.com/wp-content/plugins

you’d see something like this:

This is basically an open invitation to a hacker, advertising what plugins you have and what possible versions (non-updated). The hacker can exploit any open doors that the plugins may have, and therefore he can gain access to your blog/site through them. You want to block anyone from seeing your list of plugins. Here’s what you do.

Open up Notepad. Save the document as index.html. You can leave it blank if you want. You can type in “Hello” or “Don’t hack me” or your blog address, whatever. I use a blank file.

Open up your FTP program and upload this index.html file in your plugins folder. So after it is uploaded, you’ll see all the folders for your plugins and this little file named “index.html.”

That’s it! Your plugins folders will not be seen.

How does this work? Wordpress is programmed to access index.html files first thing. So when your Wordpress plugins are accessed, it will go to this blank index.html file and move on to your plugins afterward. The index.html file is like a blanket, covering all your plugin goodies. Your plugins will still work just fine, they will just be concealed to everyone.

I hope this helps protect you. Happy blogging!

Did Your Blog Get Hacked?

Very, very rarely do any Blogger blogs get hacked. I love Blogger for this reason. However, the hacking of Wordpress blogs is well known. The coding and all the different security methods and details can be extremely confusing. Both platforms have strengths and weaknesses, so it’s hard to tell what is the best buy. But Wordpress has more security issues, just because it’s open source by nature.

I stumbled across a great blog post that tells you how to know if your Wordpress blog has been hacked, and what to do about it: Holy Shmoly!. GREAT POST! Bookmark it!

Using a Secret Key for WordPress 2.6

Here’s a GREAT article I found from the support team at WordPress. It’s how to make a Secret Key with the new WordPress 2.6 software.

WordPress 2.6 includes a new set of security features for passwords and password hashing and cookie security. This feature works without doing anything, but it’s not particularly powerful without some extra steps.

If you want to greatly increase the security of your site, you should set up secret keys.

You can read the article for information. A Secret Key adds greater security to your login cookies, so they are not as easily read by sniffers. If you need more information about it, there’s another good WordPress article here.

The information can be a little confusing to folks not used to all this techno-blabber. I think that if WordPress put some effort into making security a quick, simple process, or if someone created a plugin or coding fix, that person would make a killing in the market. I’d even be willing to pay for it. For now, you’re on your own. Good luck!

Secret Key for Wordpress Blogs

I’ve been hearing that some blogs are getting “hacked.” I’m still in the process os understanding how a blog can be hacked (there are numerous ways). I think it is a heinous thing to do, but the perpetrators always get away with it. As I dig deeper into the Wordpress forums (about as exciting as perusing a life insurance quote), I’ll be sure to let you know what I discover.

I did find this handy little tip: set up a Secret Key for your Wordpress blog. If you are computer-challeneged, this might be something you’d want to skip or get help with. You DO NOT want to go tinkering around with your php files if you don’t know what you’re doing!! But for those of you who are experienced, this may prove a worthy exercise.

Like I said, I’ll be posting more about all these things in days to come. Until then– blog safely and BACK UP YOUR BLOG on a regular basis!

Security Programs For Safer Computing

I am frequently questioned about security issues here at Mrs. Mecomber’s Scrapbook. I haven’t been addressing them very regularly, so I aim to change that. I plan to be posting about security programs, security tutorials, and security news. My hope is that these things will help you in your own computer usage, and make your information and computer all the more secure. Eventually I will have a separate page with a list of things to do to secure your computer. For now, I’ll address these things periodically.

I’ve posted before about some good, free firewalls. And I’ve blogged about a good, free anti-virus program that I use. Next in line are some good, free spyware, malware, and junk cleaners.

No matter how effective your firewall and anti-virus programs are, you are probably going to get some junk on your computer. Simple Internet surfing picks up the junkiest clutter– cookies, adware, tracking bunnies, etc etc.

Spyware removers are a little different than anti-virus and firewall programs. It is recommended that you only use one anti-virus program and one forewall program, but it’s different with spyware removers. You want as many of these as you can. Not all spyware programs get everything. With more than one, you are ensuring that you cover most (and perhaps all, if possible) of your bases. Here are my favorites. These are oldies but goodies, and I have found them to be extremely effective.

AdAware
This program has really made great strides. I downloaded it years ago, when it was first released. It was buggy for me back then (on a Windows ME), so I had to uninstall it. I downloaded it again a year ago, and love it! I think it works a little better than my other spyware programs. It certainly is easier to use.

NoScript for Firefox
Built as a plugin for the Firefox browser, this little baby will block any and all actions in your browser until you give it permission to unblock. The plugin download at the Mozilla site is here. I think of NoScript as a firewall for your browser. You see, your computer must communicate with other computers in order to show you the data. Your web browser is the portal, like a window. It translates the information from one computer (a server on the Internet) to your computer. Most browsers automatically allow all its communication in and out. NoScript blocks all the interactive communication. It asks you if you want to show such-and-such, and remembers your answer. i have found it extremely effective. Be aware, however, that it takes a little time to learn how to use the plugin, that you will be asked a lot of “allow” or “disallow” questions in the beginning, and does make Internet browsing a little more laborious. But as far as security goes, this is aan excellent program.

Spybot: Search and Destroy
I have been a faithful user of this program for many years. I used it when I became dissatisfied with buggy AdAware (although I love AdAware now, and use it). I have found Spybot to be buggier now, lol! Sometimes the updates don’t download, and sometimes the program freezes up. You might be wondering why I am even mentioning it… I do like Spybot; I think it is very effective. I think it was updated recently to get rid of those bugs, because it is running smoother now. It has caught some gunk that AdAware had not detected. Spybot is a crucial component in my security set-up. If you download it, be sure to get the most recent version.

CrapCleaner
Don’t be repelled by the vulgar name! This program is my favorite computer cleaner. If you visit the link, CNet has a video on it. CrapCleaner, or CC, searches for all that junk that collects from your surfing– cookies, temporary files, history, data, and the like. It wipes all that data out. It cleans out the temp files and temp data in Firefox, Internet Explorer, Paint, WinZip,Open Office, Word, etc. It will also backup your registry in case it removes something important. And there are plenty of “Are you sure” windows so you don’t wipe out everything by accident.

Windows Defender
I hesitated to use this program when it first came out, but it came pre-installed on a computer I’d gotten. I am impressed with it, for a Microsoft program. It works well, and is updated with the regular MS Windows updating service. I’ve used it and it has proven efficient. The scans were fast, too. I probably wouldn’t use this program as my only spyware program, but it’s an important part of a beefy security system.

Be wary of downloading any old spyware remover software. Some are imposters and will actually infect your computer. It’s best to stick with the tried and true for this stuff. Do a little searching, and check out pros like Kim Komando or CNet for second opinions before you hit that “download” button.

Another thing I will mention is that it is best to avoid seedy or negligible websites. No-brainer, huh? But you’d be surprised if you saw the statistics (like I have) about how many people visit the most sordid sites and then act so surprised that their computers are infected. Like, duh! Porn sites, sports sites, and music sites are filled with spyware, malware, and trojans just waiting for you to click that link or image. Don’t do it! You’ll infect your computer and threaten all the other computers on your network, not to mention people whose names are in your address books, and etc. These seedy websites prey on perverts and dumkopfs. Avoid these sites. Use the internet wisely, and use the Internet safely.

Finally, other programs, such as Ad Blockers and Pop Up Stoppers, are an important part of securing your computer. These programs will prevent help scripts and cookies from being dumped into your computer as you surf. Here’s a list of a few good ones that I use.

I hope this helps! It is unfortunate that we have to take such measures to beat off the bad guys, but it’s a cruel world. Be safe with your surfing.