Offsite Backups Provide Digital Peace of Mind

Offsite Backups Provide Digital Peace of Mind

by: Harald Anderson

In today’s fast paced datacentric world of personal computers and consumer/business electronics (such as PDAs and digital media players) we have, as a society, developed a reliance on digital data. We have particularly developed a dependence on data stored on various magnetic media such as hard drives, removable disks, and magnetic tape. While some computer users may never have had a problem with loss of data due to viruses, Internet worms or file corruption, most of us have at some time experienced the frustration and loss of productivity that comes with the loss of computer data.

Perhaps someone in your office deleted files off the network that your entire team had been working on for months. Or maybe the corporate firewall didn’t stop the latest Internetborne virus that has a penchant for overwriting ข.docข files with junk data. Like it or not, if you connect your computer to the Internet (and in some cases, even if you don’t), your mission critical data is at risk. The question is: What can you do about it?

An excellent solution is to employ offsite backups. Offsite backup solutions allow you to store critical data that is crucial to your business or personal computing experience. Offsite backup providers make it quick and easy for you to back up your most important files to a secure, offsite facility that offers redundant storage, and round the clock accessibility to your files in the event of a critical ขsystem meltdownข. When you use an online offsite backup provider, you can be secure in knowing that your files and important information will be available to you no matter what happens to the machines you work on every day.

Even if your computer needs to be completely formatted or your laptop is stolen you can have the peace of mind that the most important part of your computing experience — the data you generate on a day to day basis — is safe and secure and always available to you.

Your DATA is your Life. Protect it.

Copyright 2005 Harald Anderson

About The Author

Harald Anderson is a freelance writer and webmaster for http://www.SafeHarborData.com an online backup service. Download your free thirty day trial and experience the Digital Peace of Mind that accompanies a secure disaster recovery routine for your business. http://www.SafeHarborData.com

This article was posted on February 01

by Harald Anderson

Instant Messaging – Expressway for Identity Theft,

Instant Messaging – Expressway for Identity Theft, Trojan Horses, Viruses, and Worms

by: Dee Scrip

Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.

John Sakoda of IMlogic CTO and Vice President of Products stated that,

กIM viruses and worms are growing exponentially….Virus writers are now shifting the focus of their attack to instant messaging, which is seen as a largely unprotected channel into the enterprise.ก

Because Instant Messaging operates on peertopeer (P2P) networks, it spawns an irresistible temptation for malicious computer hackers. P2P networks share files and operate on industry standard codec (encyrption codes) and industry standard protocols, which are publicly open and interpretable. Anti virus software does not incorporate protection for Instant Messaging services.

Like sharks in a feeding frenzy, these hacker mercenaries view Instant Messaging clients as their personal ขCash Cowข because of the ease by which they can access your computer via the publicly open and interpretable standards, unleash a Trojan horse, virus, or worm, as well as gather your personal and confidential information, and sell it to other depraved reprobates.

Please, don’t be naïve enough to think it won’t or couldn’t happen to you!

Want to see how easy it is for hackers to access your Instant Messaging chat and what can happen to you as a result?

Did you know that some hackerfriendly providers offer processor chips that can be bought on the Internet? (I guess it would be pretty hard to walk into a store and ask the clerk to help them find a processor chip that could be used to illegally hack into a victim’s computer for the sole purpose of spreading malicious code or stealing someone’s identity!)

Did you know that hackerfriendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their Trojan horses, viruses, and worms?

Hacker manuals are also conveniently accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the ขcommand promptข on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.

ขSniffข is a tool (originally intended to help telecommunication professionals detect and solve problems) that reprobate hackers use to tamper with the protocol and ขsniff outข data. When hackers sniff out your IM data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on conversations, gather information, and sell it to other depraved criminal entities.

Don’t set yourself up to be the next Identity Theft Victim because you like to chat using Instant Messaging.

Identity theft is one of the most sinister of vulnerabilities you can inadvertently be subjected to. Identity theft is defined by the Department of Justice as

ข…the wrongful obtaining and using of someone else’s personal data in some way that involves fraud or deception, typically for economic gain.ข

Identity theft is the byproduct of hacker mercenaries obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc., from the Internet. You become a virtual ขCash Cowข for hackers as your information is then sold to other felons for financial gain. Using your information, these criminals then:

access your bank account funds

create new bank accounts with your information

create driver’s licenses

create passports

Attorney General Ashcroft stated that,

กIdentity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to Americaกs businesses.ข

A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.

According to a Press Release issued by the Department of Justice on February 28, a hacker was convicted of several counts of fraud, one in which

ข…he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts.ข

Trojan Horses, Viruses, and Worms – The Toxic Trio

According to Dictionary.com, a Trojan horse is ข…a subversive group that supports the enemy and engages in espionage or sabotagean enemy in your midst.ข The toxic cargo of Trojan horses can include viruses or worms.

A Trojan horse is a program that Internet criminals use to interrupt and interfere with your security software and produce the following results

Terminates processes

Removes registry entries

Stops services

Deletes files

Hackers, who have gained access to your computer, because of the easily accessible programs and software as mentioned above, are enthusiastically incorporating this venomous little program into their arsenal of weapons.

As recently as March 4, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.

On January 28, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by ข…creating and unleashing a variant of the MS Blaster computer worm.ข Christopher Wray, Attorney General – Criminal Division stated that,

‘this … malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world.ข

By the way, ขmaliciousข is defined by Webster as ข…intentionally mischievous or harmfulข.

On February 11, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm,

ข…directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoftกs main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours.ข

March 7, Symantec.com posted discovery of a worm named ขW32.Serflog.Bข that spread through filesharing networks and MSN Messenger – networks that operate on publicly open and interpretable industry standards administered by P2P systems that host Instant Messaging clients—none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.

SOLUTION

Avoid at all costs, P2P file sharing networks as they operate on publicly open and interpretable industry standards. (Instant Messaging services run on P2P file sharing networks.)

If you like the convenience of text chatting via Instant Messaging, then why not consider an optimally secure VoIP (voice over internet protocol), also known as a Computer Phone, that incorporates the Instant Messaging feature. Make sure the VoIP internet service provider does not operate on P2P file sharing networks that use industry standard codec or industry standard protocols that are publicly open and accessible. (Don’t forget, these standards create the vulnerability which hackers are capitalizing on because of their easy accessibility.)

Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology which is hosted in a professional facility. Simply put, when a VoIP internet service provider is optimally secure, the Instant Messaging feature on the VoIP softphone is also incorporated in their optimally secure technology.

Here’s the bottom line.

If you are currently using Instant Messaging of any sort, you need to make a decision:

Continue enticing hacker mercenaries and remain as a user of an Instant Messaging service, or

Take immediate corrective action.

If you decide to take immediate corrective action:

Find an optimally secure VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology.

Find an optimally secure VoIP internet solution provider that has their own proprietary high end encryption codec.

Find an optimally secure VoIP internet solution provider that has their own proprietary patented technology.

Find an optimally secure VoIP internet solution provider that hosts their proprietary patented technology in a professional facility.

Here’s a place you can look over to see what an optimally secure VoIP internet solution provider looks likeone that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND one that incorporates the Instant Messaging feature.

http://www.freepcphone.com

By Dee Scrip © All rights reserved

**Attn Ezine editors / Site owners **

Feel free to reprint this article in its entirety in your ezine or on your site so long as you leave all links in place, do not modify the content and include the resource box as listed above.

About The Author

Dee Scrip is a well known and respected published author of numerous articles on VoIP, VoIP Security, and other related VoIP issues. Other articles can be found at http://www.freepcphone.com

[email protected]

This article was posted on March 20

by Dee Scrip

Online Security – Your Responsibilities as a Consu

Online Security – Your Responsibilities as a Consumer

by: Julie Martin

As a consumer, there are certain responsibilities that are inherent to online security. While some may find this hard to believe, there are actual steps you must take while shopping online to insure and protect your personal information.

Is the site secure? Most ebusinesses offer secure areas for payment processing. However, there are still some holdouts out there who haven’t implemented that feature on their website. If your browser doesn’t display a locked padlock icon at the bottom of your screen, then the site isn’t secure. You can set your browser to notify you before entering a secure area, to make sure that the information you are about to send is encrypted and secure.

Does the site’s privacy policy protect your information? On the other hand, does the site even have a privacy policy? If you want to make sure that your information is not sold to the highest bidder, you need to read a website’s privacy policy before making a purchase. You will need to make sure that it is clear and informs you of exactly what the site plans to do with your information. If you don’t feel comfortable with their policy, find another store. Keep in mind that even reputable companies will share your information, unless they specifically state or ask you if you prefer to keep your information private.

Email is not for credit card numbers. One of the biggest mistakes consumers make is trusting that their email containing valuable credit card information is secure. Unless you are using an encryption key, and the person receiving your email is as well, anyone with the proper knowledge could hack into that email and steal your information. Only submit credit card information or passwords through a secure site.

Be on the lookout for copycats. A common problem right now is the copycatting of popular sites, such as Paypal, Earthlink, and other Internet providers. You might receive an official looking email asking you to update your password, or your billing information. Just because it looks official doesn’t mean that it is. Check with the provider in question before changing anything. Emailed links can appear to be the real thing, but the actual web address that you are sent to will be anything but. Most providers clearly state that they will not ask you for your password or billing information via email. It is much better to be safe than sorry by falling for a carefully laid out copycat trick.

Is it really SPAM? Nearly everyone on the Internet has had at least one complaint about the amount of SPAM they receive. In fact, odds are that every day you grumble about it. Before you hit delete, or report an email as SPAM, double check to make sure that it is not an honest company, or a company you’ve done business with in the past. Many reputable retailers are being lumped in with the bad guys by overzealous SPAM haters. If you have visited the site or ordered from them before, and they previously mentioned sending emails to you in the past, think twice before reporting them as SPAM.

Ok, it is SPAM and I’m sick of it! If you zealously guard your email address and you are still getting abundant SPAM, there are steps you can take to prevent this in the future. Before giving personal information to a company, make sure they clearly state how they plan to use your information. If you belong to a message board, or similar service, your email address may be being ขpluckedข by a SPAM’ers software. If you do need to input an email address and you not 100% sure, it is a good idea to set up an email account with a free provider to make sure that your main email account isn’t getting drowned with SPAM.

It is possible to have a safe time shopping on the Internet. You will just need to be aware of your responsibilities and take an active role in guarding your information.

About The Author

Julie Martin is the publisher of ขThe Iscaweb eZineข a weekly eZine dedicated to increasing your online profits, no matter what you are selling. Julie also uses the ขPlugInProfitข system to GREAT effect!

To subscribe to the eZine, or to learn more about the PlugInProfit system visit: http://www.iscaweb.com

This article was posted on August 16

by Julie Martin

The Day My Laptop was Stolen Almost Killed My Busi

The Day My Laptop was Stolen Almost Killed My Business…..

by: Harald Anderson

One of the worst feelings I have ever had was the day my laptop was stolen. The laptop can be replaced. However the loss of critical DATA was the biggest risk my business has ever faced.

When I recovered from the experience I asked myself the question….ขwhat can I learn from this disaster?ข The lesson is simple, loss of data is the largest threat to business survival.

There is nothing that can prepare you for the feeling of loss and the dread that comes with knowing that your personal data is gone forever. While it is very inconvenient and can be very expensive to replace the laptop itself, NOTHING can replace the hours of hard work that is represented by the data stored on a modern computers hard disk drive.

Whether you own a laptop for personal use, or have one for business reasons, there are many, many, items that are sitting there on your hard drive that are simply priceless. We don’t often think about the little bits of ones and zeros etched into a spinning magnetic plate as being critical elements in our lives, but no matter what you use a computer for, you most likely have literally megabytes (at least) or even gigabytes of data that you can not afford to lose.

For personal computer users there are mp3 play lists, emails, personal photo albums, and other important files that we all save on our hard disks. For the professional computer user, the stakes are higher…perhaps it’s the accounting data for your company’s 3rd quarter earnings, the PowerPoint presentation you will be giving to the CEO on Thursday afternoon, or the proposal that needs to be sent to the European office A.S.A.P. These ขintangibleข bits of data play a critical role in our professional and personal lives, whether we like it or not.

Even the most experienced of computer users can take for granted their personal data stockpiles. This is where data backup storage comes into play. No matter how careful you are with your hardware there is always the potential for disaster to strike and rob you of your critical information, and the best way to ensure the integrity of your data and the hard work it represents is a well thought out online secure data backup solution.

By securing your data using an online secure data backup provider you are ensuring that your data is safe not only from circumstances beyond your control, such as laptop theft or natural disasters, but also safe from user error and prying eyes. An online secure data backup solution keeps your data safe and sound in a secure, offline location and is as simple to set up as the applications you are used to installing on your machines.

If the safety of your critical files is important to you, you should consider using an online secure data backup for your important mission critical files.

Don’t let a disaster strike before you start thinking about remote data backup…

Your DATA is your LIFE. Protect it!

Copyright 2004 Harald Anderson

About The Author

Harald Anderson is a freelance writer and webmaster for http://www.SafeHarbordata.com an online backup service. Download your free thirty day trial and experience the Digital Peace of Mind that accompanies a secure disaster recovery routine for your business. http://www.safeharbordata.com.

This article was posted on December 08, 2004

by Harald Anderson

Internet Security Threats: Who Can Read Your Email

Internet Security Threats: Who Can Read Your Email?

by: Mark Brooks

Before being able to choose a secure Internet communication system, you need to understand the threats to your security.

Since the beginning of the Internet there has been a naive assumption on the part of most email users that the only people who are reading their email are the people they are sending it to. After all, with billions of emails and gigabytes of data moving over the Internet every day, who would be able to find their single email in such a flood of data?

Wakeup and smell the coffee! Our entire economy is now information based, and the majority of that mission critical information is now flowing through the Internet in some form, from emails and email attachments, to corporate FTP transmissions and instant messages.

Human beings, especially those strange creatures with a criminal mind, look for every possible advantage in a dog eat dog world, even if that advantage includes prying into other peoplesก mail or even assuming your identity. The privacy of your Internet communications has now become the front line in a struggle for the soul of the Internet.

The New Generation Packet Sniffers:

At the beginning of 2001, most computer security professionals began to become aware of an alarming new threat to Internet security, the proliferation of cheap, easy to use packet sniffer software. Anyone with this new software, a high school education, and network access can easily eavesdrop on email messages and FTP transmissions.

Software packages such as Caspa 3.0 or PassDetect Ace Password Sniffer automate the task of eavesdropping to the point were if you send an email messages over the Internet with the phrase กCredit Cardก, itกs almost a certainty that someone, somewhere will capture it, attachments and all.

(Caspa 3.0 from ColaSoft Corporation, located in Chengdu, China http://www.colasoft.com ,PassDetect a product whose advertised purpose is to sniff passwords sent in email, over HTTP, or over FTP from EffeTech Corporation, http://www.effetech.com )

A good example of this new class of software is called MSN Sniffer, also from Effetech, and it highlights the กparty lineก openness of todayกs LAN and Internet environments. Just like old telephone party lines, MSN sniffer lets you listenin on other peopleกs conversations, just like picking up another phone on a party line.

On their web site, Effetech advertises MSN Sniffer as:

กa handy network utility to capture MSN chat on a network. It records MSN conversations automatically. All intercepted messages can be saved as HTML files for later processing and analyzing. It is very easy to make it to work. Just run the MSN Sniffer on any computer on your network, and start to capture. It will record any conversation from any PC on the network.ก

Just as the Internet has been flooded by a deluge of spam messages after the introduction of cheap, easytouse spam generation software, the same effect is now taking place with sniffer software. The major difference is that, unlike spam, Internet eavesdropping is totally invisible, and ten times as deadly. How much of the identity theft being reported today is a direct result of Internet eavesdropping? Its hard to tell, but with the every growing dependency by individuals and corporations on Internet communications, opportunities to กcaptureก your sensitive data abound.

Most FTP transmission are unencrypted!

As of November 2003, the majority of corporate FTP transmissions are still unencrypted (unencrypted is geek speak for กin the clearก ) and almost all email communications take place กin the clearก. Many email and FTP transmissions travel over 30 or more กhopsก to make its way from the sender and receiver. Each one of these hops is a separate network, often owned by a different Internet Service Provider (ISP).

Any Idiot in the Middle

Even a well run corporation must still primarily rely on trusting its employees, contractors and suppliers to respect the privacy of the data flowing over its networks. With the new sniffer technology, all it takes is one กidiot in the middleก, and your security is compromised. It could be the admin assistant sitting in the cubical next to you, or a network assistant working for one of the many ISPs your data will travel over, but somewhere, someone is listening. Maybe all he is looking for is his next stock trading idea, or maybe he wants to take over your eBay account so he can sell a nonexistent laptop to some unsuspecting กsuckerก using your good name. its all happening right now, at some of the most respected companies in the world.

Access to your network doesn’t have to come from a malicious or curious employeemany Internet worms, Trojans and viruses are designed to open up security holes on a PC so that other software can be installed. Once a hacker has access to one computer in your network, or one computer on your ISPกs network, he can then use a sniffer to analyze all the traffic on the network.

So Iกll passwordprotect my files, right?

You’re getting warmer, but this still isn’t going to do the trick. Itกs a good way to stop packet sniffers from searching for key words in a file, but unfortunately it is not as secure as you might think. If you ever forget a Zip, Word or Excel password, don’t worry, just download the password tool from Last Bit Software www.PasswordTools.com, it works very well. There are many other packages out on the Internet but Last Bitกs tool is the most robust and easy to use, if a bit slower that some others.

So what can I do about it?

OK, so now that you understand the threat, what can you do about it?

Stop using the Internet? More than a few professionals are returning to phone calls and faxes for all their important communications.

Complain to your IT department? If you have an IT department in your company this is a good place to start. But did the spam mail stop when you complained about it to your LAN administrator? Unfortunately he is almost as helpless as you are.

Encrypt your communications with PKI, etc. For email this is a bit drastic, and can be very expensive, especially since you will need to install a key on each PC and coordinate this with the receivers of your email messages, your IT organization, etc.

Use FileCourier This is by far the easiest and most cost effective way to protect your email attachments, or replace FTP transmissions. It takes out the กidiot in the middleก with a very clever solution.

The FileCourier approach to Security

I believe that FileCourier is the easiest outofthe box secure communication system available.

FileCourier approaches Internet data transfer security in a unique way. Until FileCourier was first released in December of 2002, all secure email and file transmission systems relied on encrypting the data during the tried and true method of กupload, store, and forwardก. When you send an email, it and any documents attached to it are first transmitted to one or more intermediate servers. These mail server store the documents and then attempt to forward it to the receivers email server. To secure the transmission of the email requires either the servers to use extra encryption software technology, or forces the individual sender and receivers to install encryption software and their associated keys, or both. Not only is this a costly and time consuming exercise but it also often fails to protect the data over the complete path of the transmission. What do you do if the receiver is in another company and doesn’t have any encryption software installed? What if his company is using a difference encryption standard? Ignoring the complexity of existing secure email and FTP systems their biggest failings continue to be the กidiot in the middleก. From a nosey email or FTP server administrator, to a hungry coworker, to an incompetent who lets a hacker have free reign of their server, if your sensitive documents are stored on a server maintained by someone else then that person, or his company, can view your documents.

The FileCourier approach is creative, yet simple. FileCourier utilizes existing email and instant messaging systems in the same way you use an envelope to send a letter thru the US postal service, as a wrapper for the real content. We assume that EVERYONE can read what is in the email, so we don’t send your documents in the email at all. In fact your documents never leave your PC, until the receiver of the email requests it.

How it works:

FileCourier lets you ticket the file you want to email, and then instead of sending the file in the email, sends a กFileTicketก instead. The file is only transmitted to the receiver of the email when he opens the FileTicket and is กauthenticatedก. After the receiver is authenticated the file is transmitted through an SSL (secure socket layer) tunnel directly from the senderกs PC to the receiverกs PC through our secure relay servers. SSL is the same security used by banks and is impossible for packet sniffers to penetrate. With FileCourier each packet is encrypted using a 1024 bit key and is delivered to your receiver through his browser. FileCourier lets your communications go undetected by any sniffer, and removes the กidiot in the middleก threat by never storing the data on an intermediate server. More over, FileCourier is the easiest way to secure your sensitive data transmission in both an Internet and corporate LAN environment.

Take Action Now!

Internet communications security is one of the most important privacy issues we face today. It might feel a bit paranoid for a lawabiding citizen to encrypt his email communications and computer document transmissions, but would you send a customers contract thru normal mail without an envelope? How would you feel if your employer sent your next pay stub to you on the back of a postcard? Use FileCourier, just like you would use a envelope for regular mail. Download the no obligation free trial today at www.filecourier.com and send 50MB of data securely for free!

About The Author

Mark Brooks is a software architect, internet entrepreneur and founder of CanDo Networks Corporation. CanDo Networks Corporation makes easytouse software for communicating large amounts of data securely and privately over the Internet. Its flagship product, FileCourier (www.filecourier.com), is used by thousands of legal, medical, and computer professionals to securely deliver files over the internet, to anyone, anywhere

[email protected]

This article was posted on November 25, 2003

by Mark Brooks

Guide to Safe Online Shopping

Guide to Safe Online Shopping

by: Zoink

Despite the many benefits of shopping online, many people still have some reluctance towards parting with their cash on the net, therefore weกve compiled a general checklist and answers to the most common questions to help put your mind at rest.

Vendor Checklist

If the answer is no to any of these question then do not purchase from the retailer in question.

Do they have a secure server?

Are their contact details clearly visible on the site?

Are their contact details authentic?

Do you trust them?

How Do I Know Iกm in a Secure Server?

Whilst in a secure server a closed padlock symbol should be visible somewhere along the bottom of your browser, you should also notice that the beginning of the site address will have changed from http:// to https:// again signifying that you are on a secure server.

It should be noted that a large majority of sites only make use of their secure server during the payment procedure.

Note about Actinic Sites

Please note: shopping sites powered by the Actinic software use a 128bit encryption Java applet to encrypt credit card information this method is approved for merchants account holders at Barclays Bank, HSBC and the Royal Bank of Scotland. Always email the retailer in question if you have any doubts.

Helpful Hints

Always keep a copy of the order confirmation .

Always read the small print.

Contact the retailer if you have any questions or doubts.

Never shop with a retailer you don’t trust, no matter how good their prices.

Useful sites:

Office of Fair Trading

www.oft.gov.uk

Includes helpful online shopping advice.

Trust UK

www.trustuk.org.uk

Nonprofit organisation endorsed by the Government to enable consumers to buy online with confidence

Trading Standards

www.tradingstandards.gov.uk

Offers consumer protection information in the UK.

The Consumer Gateway

www.consumer.gov.uk

Offers sound advice for consumers.

© 2003 Zoink UK Shopping Directory

You may freely distribute this article in electronic form providing this copyright notice and hyperlink is also retained.

About The Author

Zoink is a brand new shopping directory aiming to index only the best online retailers in the UK.

[email protected]

This article was posted on November 23, 2003

by Zoink

10 Tips to Stay Safe and Secure Online

10 Tips to Stay Safe and Secure Online

by: Steve Robson

The Internet can be a dangerous place.
While you’re enjoying the convenience of online shopping, Internet banking and subscription websites, nasty people lurk around every corner.
Hackers, fraudsters, identity thieves and many others would love to get hold of your personal details.
And what stands between you and a security disaster?
Your password.
Just 8 little characters long, itกs your last line of defense online. Here are 10 tips for choosing and using bulletproof passwords that will protect you from harm:
Tip 1 Avoid the obvious
Passwords based on personal details are too easy to guess. Avoid using names, places, favorite sports teams, or กpasswordก.
Tip 2 Make it nondictionary
One option a thief might try to crack your password is a bruteforce dictionary attack. Choose something that you won’t find in any dictionary.
Tip 3 Use the full 8 characters
The more characters a password contains the more secure it becomes, so fill that password field to the max.
Tip 4 Mix the case
Deter thieves further by using a combination of upper and lowercase letters. A mIXeD cAsE password adds another layer of protection and is ever harder to guess.
Tip 5 Include nonalphabetic characters
Adding numbers and nonalphabetic characters (like a hyphen) to your password makes it less likely to be cracked than something purely alphabetic.
Tip 6 Don’t write it down
This should be obvious but itกs amazing how many scraps of paper surround the worldกs PCs.
Tip 7 Assign a different password to each login id
If thieves get hold of your password, theyกll try it in every online system available. Use a separate password at each website and you won’t have all your eggs in one basket.
Tip 8 Employ a password manager
Remembering multiple secure passwords can be challenging. Specialist software like http://www.roboform.com manages your passwords securely and automates the login process.
Tip 9 Logout when you’re done
Always hit the logout button when youกve finished using a secure site like online banking.
Tip 10 Close that browser
Web pages and passwords can be cached in the browser, so close down your browser window for added security.
Follow these simple commonsense tips and youกll enjoy greater online security while benefiting from the many advantages the Internet has brought.

About The Author

Steve Robson is a successful technical author and contributor to กHow To Buy A Laptop.comก the definitive online guide for buying a laptop computer. Check out: http://HowToBuyALaptop.com

This article was posted on May 13, 2004

by Steve Robson

How Secure Are Online Data Backups?

How Secure Are Online Data Backups?

by: Harald Anderson

Processing DATA is what all businesses do. Protecting data is what SMART businesses do. Smart businesses understand that if you lose your data you have lost your business.

If you are considering taking steps to ensure the integrity and safety of your important computer data you may be concerned about the security involved when dealing with such a task. When considering a third party such as an online secure data backup solution there are a few things to consider:

For starters, it is critical that your data be secure not only while in the possession of a third party but also while in transit to them. Most modern online secure data backup providers make there services available via the Internet and will provide you with the necessary software to back up a predefined set of your critical data, which is then encrypted (typically up to 448 bit), before it is transferred over a high speed connection to a secure data storage facility. By securing your data before transferring it over the Internet, you can be assured that your sensitive data (such as financial reports, company memos, and client databases) are safe from prying eyes. For ultracritical, or highly sensitive applications, the data may be transferred over a completely encrypted channel (also known as an encrypted ขtunnelข or virtual private network). If you will be backing up sensitive data that demands the utmost of privacy be sure to inquire about the level of encryption offered by the online secure data backup you are considering.

When considering a remote data backup vendor you should also take into consideration the facilities in which your sensitive data will be physically stored. In addition to encryption technology other things to be on the lookout for are fully secure facilities, biometric security systems, facility lockout policies, and human security. Depending on the level of security you need there are many levels of protection for your data that can be provided by remote data backup companies.

Be sure to do your research and investigate the track record and reputation of the online data backup company you are considering doing business with and never hesitate to ask questions when it comes to ensuring the security of your mission critical confidential data.

Your DATA is your LIFE. Protect it!

Copyright 2004 Harald Anderson

About The Author

Harald Anderson is a freelance writer and webmaster for http://www.SafeHarbordata.com an online backup service. Download your free thirty day trial and experience the Digital Peace of Mind that accompanies a secure disaster recovery routine for your business. http://www.safeharbordata.com.

This article was posted on December 02, 2004

by Harald Anderson

Password Protection with PHP, MySQL, and Session V

Password Protection with PHP, MySQL, and Session Variables

by: Dan McConkey

One of the great promises that actually came true when our Internetenabled world reached the twentyfirst century is efficient customertobusiness interaction. Each day, I find a new way to go through lifeกs errands without ever waiting on hold for a bank teller, a pharmacist, or an insurance agent. I do it all online.

Internet savvy consumers are coming to expect such web empowerment. And while these information transactions usually require some sort of private data traveling the ether, you, as the webmaster, bear the burden of keeping that data away from those who have no right to it.

Since retina scans and brain wave signatures are still properties of James Bond flicks, we’re stuck using plain old boring passwords.

Is this really secure?

Letกs get this out of the way first. The only truly secure computer is one thatกs unplugged. Kind of like ‘the only safe car is the one that sits in your garage.ก Life is a risk/reward proposition and, letกs face it, this (probably) isn’t Fort Knox, we’re securing.

The security measures listed here are suitable for gardenvariety data. Iกve used these schemes to write backend website administration pages for online shopping carts. Iกve used them to write กpartnerก pages where retailers can download ads and sales data from wholesalers. I wouldn’t use them to secure credit card numbers, social security numbers, or nuclear launch codes.

So what are PHP, MySQL, and session variables?

PHP is a programming language used (in this case) to write HTML. MySQL is a database. Session variable are used by web servers to track information from one page on a domain to another. This article isn’t a howto for either technology. If you aren’t very comfortable with them, you could just copy and paste the code samples in this article and build yourself a basic password protected website. You could also just read the Cliffกs notes for Pride and Prejudice and get a C+ in literature class. Your choice.

Letกs get started with sessions

Itกs often been said that the web is กstatelessก, meaning that each web page is entirely independent, needing no other page to exist, and taking no information from the previous page. This is great for anonymous surfing from one site to the next, but it stinks for password protection. Consumers want password protected information, but they don’t want to enter their password on every page. So we turn to our web server to keep track of a user while heกs on our site.

Ex. 1.

<?php

session_start();

?>

<!DOCTYPE html PUBLIC ก//W3C//DTD XHTML 1.0 Strict//ENก กhttp:// www.w3.org/ TR/ xhtml1/ DTD/ xhtml1strict.dtdก>

<html re just going to put peoplesก passwords out for display?

กpostก is much more secure, forcing the server to keep track of form data, rather that the URL. Any time you can keep information out of the URL, you’re one step closer to a secure web page.

2. Next you want to look at the action attribute to the <form> tag. Leaving it blank tells the server that you plan to process these form results with this same page.

Checking the login values

Now letกs flesh out our framework a little more.

Ex. 4

<?php

// start session if not already started

session_start();

// check to see if user just logged out

if ( $log_out )

{

}

function write_log_in( $text )

{

} // end write_log_in function

function verify()

{

// check to see if they’re already logged in

// if yes, return true

// check to see if visitor has just tried to log on

$user_name = $_POST[กuser_nameก];

$password = $_POST[กpasswordก];

if ( $user_name && $password )

{

// verify password and log in to database

$db = mysql_pconnect( กlocalhostก, ก$user_nameก, ก$passwordก );

if ( $db )

{

// register session variable and exit the verify function

$valid_user = $user_name;

$_SESSION[กvalid_userก] = $valid_user;

return true;

}

else

{

// bad user and password

$text = กUser Name and Password did not matchก;

write_log_in( $text );

}

}

else

{

// if the user didn’t just login, (s)he needs to

}

} // end verify function

?>

<!DOCTYPE html PUBLIC ก//W3C//DTD XHTML 1.0 Strict//ENก กhttp:// www.w3.org/ TR/ xhtml1/ DTD/ xhtml1strict.dtdก>

<html re already logged in

if ( session_is_registered( กvalid_userก ) ) return true;

// check to see if visitor has just tried to log on

$user_name = $_POST[กuser_nameก];

$password = $_POST[กpasswordก];

if ( $user_name && $password )

{

// verify password and log in to database

$db = mysql_pconnect( กlocalhostก, ก$user_nameก, ก$passwordก );

if ( $db )

{

// register session variable and exit the verify function

$valid_user = $user_name;

$_SESSION[กvalid_userก] = $valid_user;

return true;

}

else

{

// bad user and password

$text = กUser Name and Password did not matchก;

write_log_in( $text );

}

}

else

{

// user must log in

$text = ‘this is a secure server. Please log in.ก;

write_log_in( $text );

}

} // end verify function

?>

<!DOCTYPE html PUBLIC ก//W3C//DTD XHTML 1.0 Strict//ENก กhttp:// www.w3.org/ TR/ xhtml1/ DTD/ xhtml1strict.dtdก>

<html xmlns=กhttp://www.w3.org/1999/xhtmlกก xml_lang=กenก lang=กenก>

<head><title>Dan McConkeyกs Free Web Marketing Guide</title></head>

<body>

<p>Dan McConkeyกs Free Web Marketing Guide</p>

<?php

// check for valid user

if ( verify() )

{

echo ก<p><a href=ก?log_out=1ก>Log out</a></p>ก;

// begin secure content

echo ก<p>Clatu, verata, nicto</p>ก;

// end secure content

} // end if ( verify() )

?>

</body>

</html>

End Ex. 7

Thatกs a pretty hefty code block to put at the head of every web page. Typically, I would put my verify() and write_log_in()functions into a seperate file and reference them with an include() function. That provides the added benifit of updating your entire website by editing one file only.

Hope that helps.

Copyright (C) 2005 Dan McConkey

About The Author

Dan McConkey is a freelance web marketing professional, working in and around Charlotte, NC. In the web, Dan has found an amazing potential for lead generation for businesses. Using traditional advertising theories, appropriate technologies, and a little common sense, your electronic marketing campaigns can easily be your most effective.

Dan maintains Dan McConkeyกs Free Web Marketing Guide at http://www.dmcconkey.com

[email protected]

This article was posted on February 11, 2005

by Dan McConkey

Data Loss… Can Your Company Survive. (Most Do Not)

Data Loss… Can Your Company Survive. (Most Do Not)

by: Harald Anderson

Data. Most people think it is a term relegated to the kingdom of geeks.

However, in todays world your data is your life. Chances are every piece of data you might ever rely upon to make an important decision has been reduced to a digital format and resides somewhere on your computerกs hard drive. Improved functionality and productivity are the benefits. However, on the flipside one wrong click, one nasty virus, one untimely power surge or unhappy employee and that data is gone forever!

Data loss can cost your company uncountable hours in lost productivity and revenue. In addition to the direct loss of a potentially unlimited amount of data (and the payroll hours that it took to generate that data) your company’s business and potential to generate revenue can also be crippled by even the most minimal of datadestroying meltdowns.

Imagine the loss of productivity that would occur if your accounting department suffered the loss of all of their files. In fact, 20 megabytes of accounting data takes 21 days and costs $19,000 to reproduce. Among companies who lose data in a disaster, 50% never reopen and 90% are out of business within two years!

Payroll files, tax data, and budgetary datasheets are just a handful of the hundreds of types of data that are generated by a modern day accounting department. Most companies employ entire departments of professionals just to take care of this fundamental chore that is so integral to the success of any company no matter what the size or earnings bracket. Now imagine one months work for this department vanishing in the blink of an eye. Now imagine six months work pulling the same vanishing act. It’s enough to make even the most thickskinned CFO cringe at the thought of it.

Now imagine there is a way to minimize or even eradicate this potentially enterprise threatening series of unfortunate events. Actually, you don’t have to imagine it, because it already exists right now. It’s called an online backup solution and it’s the key to the success of any company that relies even moderately on information technology.

If your company generates even the most modest amount of computer data on a regular basis your IT department should certainly consider employing the use of an online backup partner. Having access to your data at all times can mean the difference between an absolute failure and a resounding success in the business world. Your company is only as secure as the data it generates, so if your company depends on access to its information under any circumstances, an online backup solution will play a key role in ensuring that access.

There is no substitute for the protection secure backup storage can provide every business, from tiny startups to the multinational enterprise, secure online backups are making sure today’s business is prepared for anything that happens tomorrow and beyond.

Your DATA is your LIFE! Protect it!

Copyright 2004 Harald Anderson

About The Author

Harald Anderson is a freelance writer and webmaster for http://www.safeharbordata.com an online backup service. Download your free thirty day trial and experience the Digital Peace of Mind that safe, secure, encrypted online data backups can offer. Online Backups.

This article was posted on December 12, 2004

by Harald Anderson

Securing Your Accounts With WellCrafted Passwords

Securing Your Accounts With WellCrafted Passwords

by: Daniel Punch

In the past I’ve never really paid much attention to security issues when it comes to user names and passwords. Frankly I figured it was all a lot of overblown hype. This led to an unfortunate incident that involved my website being attacked, apparently by a skillful youth with a propensity for mischief.

The main security flaw with my website was probably the simple fact that the username and password were exactly the same. Granted I did realize that this wasn’t highly intelligent but I didn’t have the power to change it myself, and I didn’t think it really mattered enough to bother about it. Having an identical username and password is a massive ขnonoข in computer security. Your username and password should not even be related along the same line of thought. A username of ขDragonข and a password of ขFireข is not a secure combination.

For maximum security, passwords should not be cohesive words or phrases and should not be too obviously related to something like your birthday or the birthday of someone close to you. Personal information is one of the first things used when people attempt to break passwords. Having a password of ขPasswordข is indeed humorous and ironic but it is not in the least bit secure.

A ขbrute forceข password hacking technique involves using certain rules and guidelines to take a guess at possible passwords and generally works through a dictionary of sorts, trying combinations of possible words and common characters. Your best bet at creating a secure password is to pick a random collection of letters, numbers, and symbols, including varying case changes (in a password the letter ขaข is not the same as the letter ขAข, so alternating at random between upper and lower case will increase the difficulty encountered in cracking your password). Selecting a sequence of characters on the keyboard (such as ขasdfข or, worse, ข1234ข) definitely does not create a secure, random password.

Having symbols in your password is an easy way to greatly increase security. These are the special characters accessed by holding the ขShiftข key and pressing one of the numbers at the top of the keyboard. If you want to truly expand your arsenal of special characters, try holding down the ขaltข key and pressing a combination of numbers on the num pad (the rectangular collection of numbers on the right hand side of most keyboards) then release ขaltข. For example, holding ขaltข and pressing numbers, 1 then 6 then 8 and releasing ขaltข will give the character ข¿ข. Most combinations of 3 numbers will enter a different symbol into your password. This may make it a little harder to enter your password but it makes it a lot harder for anyone else to crack it.

To make passwords easier to remember you can use something original, like the name of your favorite character in a book (personal information that other people won’t know). Then add some numbers to it, perhaps use the ขLeet speakข (check http://en.wikipedia.org/wiki/Leet for exact definition) method of changing letters to numbers and generally mix things up so that to you it seems coherent and memorable but to an automated pattern recognizer it seems random. For example, ขjAm35_5m1Th¿ข (ขJames Smithข) is actually surprisingly secure. In this case the password’s meaning is obvious to a human reader but it will take a lot of work for them to divine the password without prior knowledge.

For additional security you should not use the one user name and password for every account that you have. If you do and someone manages to get hold of your details for one site they pretty much have the run of your digital life. It is not particularly vital to have perfect passwords for less important accounts (e.g. web based email from Hotmail, forums you visit etc.). These sites can quite happily be accessed using the same password. However, bank accounts, work email etc. should be made as secure as possible.

Hopefully a few of these tips will assist you in making your online activities more secure. Keep these guidelines in mind, change your password on a semi regular basis, and with any luck you’ll be able to avoid the hacking menace that befell me.

About The Author

Daniel Punch

M6.Net Web Helpers

http://www.m6.net

This article was posted on August 29

by Daniel Punch