Goggle has developed a new web browser called Chrome. We advise anyone who values their privacy to stay away from this browser. A look at the licensing agreement tells it all:

“[Y]ou give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display,”

Say what?

That’s right “Your browsing are belong to us”

Unfortunately, someday, somehow, someway, somebody may get a hold of your browsing history and your search history, possibly including “unique identifier” and IP address and exact time of the search.  Not good.

And Google is not alone in this,  as most search engines do the same. 

We recommend ixquick.com. The web search engine that respects YOUR privacy.

(awarded the European Privacy Seal)

Extra added bonus!  ixquick also provides access via secure server, so mot only do they not store your search queries, you can encrypt the connection with SSL.

http://ixquick.com  or

https://ixquick.com (SSL encrypted link)

And hey, it also works very well.  Quality seach results.

By now, lots of folks have become wary of Phishing.  But what about “Vishing”?

Vishing is the practice of using an email or text message to bait a person to call a certain phone number.

The inducement is usually in the form of some dire warning about a problem with your bank or credit card account, and the email instructs you to call the phone number listed in the email.

At the other end, you will find someone, or an automated system, who impersonates your bank or credit card company.  They will request all your account details, and will those details to rip you off.

If you get one of these, DO NOT CALL THE PHONE NUMBER LISTED IN THE EMAIL.

If you do have any concerns about your bank account, call a listed phone number.   Find it on your statement or in the phone book.  Or, if it is about a credit card, call the number listed on the back of your credit card.

 And report the “vishing” attack.  (Just be prepared to explain what a “vishing” attack is.  They may not be familiar with the term.)

Microsoft is working furiously to fix a deep vulnerability in Windows. This vulnerability has affected lots of third party software vendors, and has hit Adobe Reader particularly hard. 

This vulnerability is being very actively exploited in the wild, both through infected email and through infected web sites.  It is propagated via infected .pdf files.   Therefore it is very important to download and install the latest patch to Adobe reader.  We advise all readers to check to see if they have Reader version 8.1.1, and if they don’t, to install it immediately.

Also, look for a patch from Microsoft in the near future.    We predict Microsoft will issue a patch ASAP, and not wait for their normal second Tuesday update cycle because this vulnerability is so important to get plugged.

For more information:

http://www.theregister.co.uk/2007/10/26/microsoft_scrambles_to_fix_windows/

TOR, AKA “The Onion Router”, is described on their web site as follows:

Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

But several security issues have been raised recently with the TOR, and a number of security professionals believe TOR should not be relied upon to provide secure communications or anonymous web browsing.

In fact, TOR provides this warning on their download page:

Warning: Want Tor to really work?
…then please don’t just install it and go on. You need to change some of your habits, and reconfigure your software! Tor by itself is NOT all you need to maintain your anonymity. There are several major pitfalls to watch out for.

Tor only protects Internet applications that are configured to send their traffic through Tor — it doesn’t magically anonymize all your traffic just because you install it. We recommend you use Firefox with the Torbutton extension.

Browser plugins such as Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe’s PDF plugin, and others can be manipulated into revealing your IP address. You should probably uninstall your plugins (go to “about:plugins” to see what is installed), or investigate QuickJava, FlashBlock, and NoScript if you really need them. Consider removing extensions that look up more information about the websites you type in (like Google toolbar), as they may bypass Tor and/or broadcast sensitive information. Some people prefer using two browsers (one for Tor, one for unsafe browsing).

Beware of cookies: if you ever browse without Tor and Privoxy and a site gives you a cookie, that cookie could identify you even when you start using Tor again. You should clear your cookies frequently. CookieCuller can help protect any cookies you do not want to lose.

Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can’t encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use SSL or other end-to-end encryption and authentication.

While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or mis-configured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.

Also, the ‘exit servers’ on the TOR network can easily be compromised, and all traffic through an exit router can be misused, as evidenced in the following article:
http://www.securityfocus.com/news/11486?ref=rss

In other words, even if you use TOR, secure communications requires careful configuration and the use of encryption and a secure pipe, such as SSL or VPN. And, as evident in the above article, you may indeed be less secure using the TOR network than when using other means of secure communications because TOR may give users a false sense of anonymity or security.

For secure email, we recommend using an email service that allows full SSL encryption for the entire session, not just the login page. And if you use email through a hosted web site, we recommend that you contact the host and ask if their email is secure or can be made secure. Many cannot.

We recommend any of the following options:

• HushMail, is one of the best.
• Alternatively, Gmail can be made secure if you log in using SSL, as in “https://gmail.google.com”.
• Or set up an Exchange Server account. We recommend Mailstreet, and use it locally or online.
• Or use a secure email installation on your computer. We recommend Ciphire Mail. (for maximum protection, both sender and reciever must be using Ciphire.) Ciphire can secure email using most any email client, such as Outlook.

Computers that have been compromised and turned into remote control attack machines, otherwise known as Zombies, are becoming a significant problem.

These compromised computers are being used to attack a variety of Internet servers in a number of countries. These attacks can shut down web sites by overloading their servers with traffic.

For more information:

CypherTrust.com is a good source of information about Zombies and other security threats.

Your Mama always told you, “Don’t accept candy from strangers”.

Well, don’t accept e-cards from strangers, either.

And your Mama would tell you the same about e-cards, if she knew what was in them.

You see, they are likely to make your computer sick.

Sick as in virus infection. Way bad.

Many email inboxes are being flooded with announcements that you have won a lottery. They usually that say something to the effect: your email address was picked at random, and has won a ton of money.

Well, that does not happen. Every last one of these emails is a scam. Period.

To be more exact, many of these are what is called an “advanced fee scam”. If you contact them, they will try to get enough personal information to steal you identity several times over, and secondly, you will be required to advance money in order to “process your winnings” or some such phony excuse.

One of the most certain things in life: You will never see that money again, and you will never get any winnings whatsoever. Period.

Unfortunately, thousands of gullible people fall for these scams ever year, and they loose millions of dollars. Don’t be one of them.

And please also ensure that none of your frends and relatives fall for this scam. Talk about it.

Users of the RealPlayer or Helix Player are very strongly advised to upgrade to the latest version immediately. Older versions may be vulnerable to ‘buffer overflow’ attacks that may allow an attacker to gain control of the users computer.

Source: infopackets

An new round of malicious e-greeting card spam is landing in in-boxes. It usually has the subject line “You’ve received a postcard from a family member!”

Whatever you do, do not open these spam emails, and do not click on the links.

If you do, you will be taken to a malicious web site that will attempt to install a variant of the Storm Trojan horse.

“Today’s greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed “the Hail Mary” by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.”

Source: ComputerWorld

This demonstrates the importance of updating all software to the latest versions. In this case, QuickTime WinZip and Windows are the targets. Users who have updated to the latest versions are protected.

And of course, it demonstrates the importance of being suspicious of all email that lands in your inbox.

The Finely Tailored Suit, er Email.

Spammers have learned to tailor their scam emails to specific groups of users. These spammers use clever social engineering to ensnare their victims. These emails can be successful in disarming caution in even the most cautions email recipient.

Our advice: