Conf-User Interface: Barracuda Anti-spam
Our mail server at work goes through a Barracuda spam firewall. We’ve had this setup for years and it’s always been fascinating to see what ends up in the spam filter and what gets through. Despite whitelisting valid emails from the same senders numerous times, they continue to go to the spam inbox instead of being delivered as they should.
This morning I was processing the spam inbox and noticed that in addition to a Whitelist button, there is another button that reads “Whitelist + Not Spam”. I had to take a second look at that one to be sure I was reading it correctly.
My eyes were not deceiving me, which brings up the question of the day:
Why would I whitelist spam?
Seems to me that if I whitelist something then it’s not spam by definition. Apparently, Barracuda disagrees.
I really wish the people who design user interfaces would send along some of whatever they’re smoking so that it makes sense to the rest of us, too!
Protect Your PC Before April 1
Posted in: Anti-malware, Computer Security, Tech Tips, Windows Tags: conficker, prevent conficker, remove conficker, windows secrets conficker article
As some of you may already know, the Conficker worm is due to begin contacting its “home base” for instructions on April 1, 2009. It is estimated that this worm has infected millions of PCs worldwide.
Windows Secrets has published an in-depth article on how to secure your PC from the Conficker worm and what to do if you already have it. I strongly suggest reading this article and taking the recommended steps to avoid having your PC contribute to the problem:
http://windowssecrets.com/2009/03/30/01-Run-a-Conficker-removal-tool-before-April-1
Using WordPress? Update Now!
Posted in: Anti-malware, Computer Security, Freeware, Software, Tech Tips, WordPress Tags: WordPress, wordpress 2.7.1, wordpress automatic upgrade, wordpress security
If you’re a blogger using WordPress, be sure you’re at the latest version 2.7.1. Earlier versions of WordPress are vulnerable to a security loophole that allows the bad guys access to your server via a “back door”. Needless to say, you don’t want this to happen!
I was recently hacked through an old version of Joomla I’d left laying around on my web host. Fortunately, no real damage was done, but it brought home the folly of running old versions of popular software. The fact is: the more popular the software, the larger target it is for those who get their jollies finding ways to exploit it.
WordPress is the most popular blogging software on the Web, so it stands to reason that vulnerabilities will be found and exploited. For that reason alone it is important to keep it updated to the latest version.
If you need help updating your WordPress installation, get my free guide to upgrading WordPress quickly, easily and safely:
Facebook Virus Turns Your Computer into a Zombie
PC World reports Facebook users are being targeted with a virus that takes over their PCs turning them into “zombies”. The virus is spread by means of messages sent through Facebook with titles intended to get the recipient to click on a link to a suggestive video. Clicking the link downloads a “Flash player update” which is actually the virus.
Facebook has posted instructions on how to get rid of the virus and change your Facebook password. As with most such “social engineering” virus scams, these are fairly easy to spot. I remember a series of emails with similar titles and links going around a couple of months ago.
Here’s the link to the PC World article for all the details:
http://www.pcworld.com/article/155017/facebook_virus_turns_your_computer_into_a_zombie.html
Be careful out there!
Secunia Personal Security Inspector (PSI) Released
Posted in: Anti-malware, Computer Security, Freeware, Recommended, Reviews, Software, Tech Tips Tags: secunia personal security inspector, secunia psi, secure PC, security threat, software security
Secunia’s Personal Security Inspector (PSI) is now out of beta. I’ve been using this handy application for quite a while and have found it to be extremely valuable for keeping my applications updated.
Secunia PSI scans the applications installed on your PC and warns you if any are outdated and contain known security flaws. It also flags applications that are no longer being supported by their vendors.
Windows users typically keep their machines updated with Windows Update or Microsoft Update, however, Microsoft Update only scans Windows and Microsoft applications. Secunia PSI scans not only Windows and Microsoft applications, but a long list of other applications from other software vendors such as Apple, Adobe, Sun and many others.
This latest version of Secunia PSI adds a “Simple” mode for non-technical users. The Advanced mode gives the user extensive control over the patching process while Simple mode makes the process, well, simple for the average PC user.
Secunia PSI runs in the background and constantly monitors your PC, scanning periodically to determine if the status of any known applications has changed and warning you if it does. The program is unobtrusive and doesn’t seem to consume noticeable quantities of resources.
This is not an anti-virus scanner. You still need AVG or another good anti-virus application. Secunia PSI compares the versions of known applications on your machine with its list of the latest secure versions. If there’s a mismatch, i.e. you have an older version of an application installed, PSI will warn you and tell you how severe the threat is.
The user interface is clean and straightforward, showing you graphically which programs are insecure or at end-of-life (no longer supported), how severe the threat is, whether there’s a direct download for the update, and very importantly, where the application is located on your machine. The latter information is very helpful when PSI shows that you have two instances of the Java runtime, for example.
I highly recommend installing Secunia PSI on your PC and keeping your applications updated with the latest security fixes. You can download the latest version here:
Critical Windows Patch Released – MS08-067 (patch 958644)
Posted in: Anti-malware, Computer Security, Tech Tips Tags: critical windows patch, emergency windows patch, security patch, windows security
Most Windows users are familiar with “Patch Tuesday”, the Microsoft monthly release of security updates for Windows and other Microsoft products. In a rare move, Microsoft has released an emergency security patch outside its normal Patch Tuesday cycle.
Security bulletin MS08-067 (patch 958644) addresses a new threat that is obviously pretty severe for Microsoft to release a patch deemed an “emergency” fix. When your Windows machine prompts you to update, assuming you’re like me and don’t let it do them automagically, the recommendation is to apply this patch immediately. This patch affects all versions of Windows.
I’m normally not in any rush to apply security patches as there have been enough cases of them causing more problems than they solve when first released. I usually wait a while until my newletter and industry sources indicate they’re safe. In this case, the word is to apply this patch now, so I made sure all my machines are patched.
Protect Your Email Address
Posted in: Anti-malware, Computer Security Tags: antispam, email address, how to prevent spam, my contact station, protect email address, protect my email address
Protecting your email address from spammers is something about which everyone should be fairly proactive. Most people don’t protect their email address, either because they don’t understand how to protect their email address or they’re too lazy to bother protecting their email address.
I learned the hard way that having my email address posted on my web sites simply invited spammers to come along and add it to their lists. I’ve had to discontinue using at least four different email addresses because the ratio of spam to useful content got too great.
It’s not difficult to “hide” your email address from the bad guys as long as you’re not aiming for 100% protection. Let’s face it, like locking your car, taking the basic precautions will only keep the amateurs and spambots honest. If somebody really wants to rip off your email address they’re going to and there’s nothing you can do about it short of not using the email address at all!
Many people believe that only using an email address for friends and family is sufficient to keep it private. That might work if you’re an only child and fairly unpopular. The larger your circle of friends and/or family, the greater the odds that one of them is going to have malware on their computer that swipes their entire address book.
Okay, so here are a few rules for protecting your email address:
Rule #1: don’t post it on public sites! This should be pretty obvious, but non-technical people often don’t know that the spambots that collect email addresses from public pages on the web can read email addresses posted in plain text. Yes, Virginia, they can read HTML text and grab anything that looks like a legitimate email address, e.g. webgenius@mywebsite.com. If you have to put your address out there in front of God and everybody, at least obfuscate it a little, as in the following example:
webgenius @ mywebsite dot com
Human beings can read that and figure out how to piece it back together correctly, but spambots aren’t typically that smart.
Rule #2: don’t use mailto: tags. If your link looks like this:
<a href=”mailto:webgenius@mywebsite.com”>My Email Address</a>
you may think you’ve cleverly hidden your email address under the displayed link text. Unfortunately, you’d be wrong. Spambots can read HTML, remember? One of the first things they’ll look for is the “mailto:” tag attribute. When they find one, they grab whatever text follows it. The odds are pretty good that it will be a legitimate and working email address, eh?
So, how do you protect your email address from the bad guys? There are a number of ways, some fairly simple, and some fairly complex. To a large degree it depends on how serious you are about it, and what the purpose of your web site is. I’ve tried a number of different things over the years, including writing my own Javascript utility that I had to include in every page I ever wrote that wanted to send email. It worked, but as it turned out, was overkill for the purpose for which I was using it.
The absolute simplest way to protect your email address is to simply display it in a non-standard way as mentioned above without using any sort of link tag with it. This is easy, but inconvenient for your web site visitors who have to not only translate your email address, but then type the correct version manually into their email client (hopefully, correctly!).
This next method involves some actual Javascript code, but despite the looks of it can be simply pasted into your web page wherever you want your email address to appear:
<script language=”JavaScript” />
<!– Begin
user = “webgenius”;
site = “mywebsite.com”;
document.write(‘<a href=\”mailto:’ + user + ‘@’ + site + ‘\” />’);
document.write(user + ‘@’ + site + ”);
// End –>
This will actually display your email address in standard format AND create a hyperlink so that people only need to click on it to send you an email. If you put this code into a page everyplace you want your email address to appear, when the page is displayed if you right-click and click View Source… you won’t see the mailto: tag attribute or the email address.
The advantage to this method is that your email address can be displayed correctly and linked for the convenience of your visitors. The disadvantage is that it’s a lot of code to have to paste in where your email address should be displayed. With that much code, it’s way too easy to goof something up that causes it not to work correctly. In fact, the person who sent me this code did exactly that and I had to find and fix the bug before I could get it to work!
If you have a business or professional site, the best way to handle this whole email address issue is to use a contact form. You’ve seen these on many web sites, I’m sure. There will typically be a Contact Us link that takes you to a page where there is a form you fill out with your question or problem, your name and email address, and submit to the customer service people for processing. This can be done fairly simply or with lots of bells and whistles. Either way requires some knowledge of HTML and a programming or scripting language such as Javascript or PHP.
If you’re not a programmer, but can install PHP scripts on your web site and add small amounts of Javascript code to your web pages, a really fine solution is My Contact Station. This is the script I use for the Contact Us on all my sites including this blog. My Contact Station is the script behind the Contact links at the top right of the sidebar. Go ahead and click on one of the links under Contact Us to see how My Contact Station works.
My Contact Station comes with complete installation instructions. If followed precisely, these instructions make installing My Contact Station easy for almost anyone. IMO, it’s the most elegant solution for a professional web site short of custom programming.
Like this post? Publish It On Your Own Blog
-
-
-
Dilbert
-
Categories
-
Recommended!
-
-
