Tip of the Day

National Cyber Alert System

                        Cyber Security Tip ST04-014

Avoiding Social Engineering and Phishing Attacks

   Do not give sensitive information to anyone unless you are sure that

   they are indeed who they claim to be and that they should have access

   to the information.

What is a social engineering attack?

   To  launch  a  social  engineering  attack,  an  attacker  uses  human

   interaction  (social skills) to obtain or compromise information about

   an  organization  or  its  computer  systems.  An  attacker  may  seem

   unassuming  and  respectable,  possibly claiming to be a new employee,

   repair  person, or researcher and even offering credentials to support

   that  identity. However, by asking questions, he or she may be able to

   piece  together  enough  information  to  infiltrate an organization's

   network.  If an attacker is not able to gather enough information from

   one  source,  he  or  she  may  contact another source within the same

   organization  and rely on the information from the first source to add

   to his or her credibility.

What is a phishing attack?

   Phishing  is  a form of social engineering. Phishing attacks use email

   or   malicious   web  sites  to  solicit  personal,  often  financial,

   information.  Attackers  may  send  email  seemingly  from a reputable

   credit  card  company  or  financial institution that requests account

   information,  often  suggesting  that  there  is a problem. When users

   respond  with  the requested information, attackers can use it to gain

   access to the accounts.

How do you avoid being a victim?

     * Be  suspicious  of  unsolicited  phone  calls,  visits,  or  email

       messages from individuals asking about employees or other internal

       information.  If  an  unknown  individual  claims  to  be  from  a

       legitimate  organization,  try  to  verify  his  or  her  identity

       directly with the company.

     * Do  not  provide  personal  information  or information about your

       organization,  including its structure or networks, unless you are

       certain of a person's authority to have the information.

     * Do  not  reveal personal or financial information in email, and do

       not  respond  to  email  solicitations  for this information. This

       includes following links sent in email.

     * Don't send sensitive information over the Internet before checking

       a  web  site's  security  policy  or looking for evidence that the

       information  is  being  encrypted (see Protecting Your Privacy and

       Understanding Web Site Certificates for more information).

     * Pay  attention  to  the URL of a web site. Malicious web sites may

       look  identical  to  a  legitimate  site,  but  the  URL may use a

       variation in spelling or a different domain (e.g., .com vs. .net).

     * If  you  are unsure whether an email request is legitimate, try to

       verify  it  by contacting the company directly. Do not use contact

       information  provided  on  a  web  site  connected to the request;

       instead,   check  previous  statements  for  contact  information.

       Information  about known phishing attacks is also available online

       from    groups   such   as   the   Anti-Phishing   Working   Group

       (http://www.antiphishing.org/phishing_archive.html).

     * Install  and  maintain  anti-virus  software, firewalls, and email

       filters   to  reduce  some  of  this  traffic  (see  Understanding

       Firewalls,  Understanding  Anti-Virus  Software, and Reducing Spam

       for more information).

What do you do if you think you are a victim?

     * If you believe you might have revealed sensitive information about

       your  organization, report it to the appropriate people within the

       organization,  including network administrators. They can be alert

       for any suspicious or unusual activity.

     * If you believe your financial accounts may be compromised, contact

       your financial institution immediately and close any accounts that

       may  have been compromised. Watch for any unexplainable charges to

       your  account (see Preventing and Responding to Identity Theft for

       more information).

     * Consider  reporting  the  attack  to the police, and file a report

       with the Federal Trade Commission (http://www.ftc.gov/).

     _________________________________________________________________

   Author: Mindi McDowell

     _________________________________________________________________

Produced 2007 by US-CERT, a government organization.

    Note: This tip was previously published and is being re-distributed

    to increase awareness.

    Terms of use

    <http://www.us-cert.gov/legal.html>

    This document can also be found at

    <http://www.us-cert.gov/cas/tips/ST04-014.html>

    For instructions on subscribing to or unsubscribing from this

    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

Preston Gralla

(PC World) From the moment you switch on your PC, your system faces countless Internet-borne dangers, including spyware attacks, viruses, Trojan horses, home-page hijackers, and hackers trying to weasel their way into your system. And the Internet isn’t the only source of trouble. Anyone with access to your PC can invade your privacy by prying into which Web sites you visit — and learning a great deal more as well.

But fighting back is easy. We’ve found 15 great pieces of software — firewalls, spyware busters, antivirus software, rootkit killers, and general Internet security tools — designed to protect you against any dangers that come your way. They’re free, they’re powerful and they’re easy to use. So what are you waiting for? Start downloading.

Preventing and Eliminating Malware

From firewalls to antivirus software to tools for combatting rootkits and spyware, here are some great downloads to protect your system against malicious attacks.

ZoneAlarm
Check Point Software’s ZoneAlarm may well be the most popular free firewall on the planet, and the most recent release (finally) protects Vista machines. Arguably, ZoneAlarm is the product that made everyone conscious of the need for firewall protection. It’s extremely easy to use, and its method of configuring outbound protection is particularly useful. Whenever a program tries to make an outbound Internet connection, ZoneAlarm announces it with a pop-up alert. You can then permit or disallow the connection, on a one-time basis or permanently. Configuring your level of protection is a simple matter of moving a few sliders. Though the free version of the software is exclusively a firewall, Check Point also offers for-pay security suites. But if all you’re looking for is a firewall, stick with the free version.

Comodo Firewall Pro
ZoneAlarm is extremely popular, but that doesn’t automatically make it the best free firewall you can find. One formidable contender is Comodo Firewall Pro, which independent testing site Matousec rated as the top firewall. Matousec found that Comodo offered the highest level of antileak protection, one measure of a firewall’s effectiveness. Comodo offers true two-way firewall protection, is highly configurable, and (unlike most other firewalls) provides a great view of your system and your Internet connection.

Avast
Tired of dealing with bloated, overpriced security suites that bog down your system and cost an arm and a leg, when all you want is antivirus software? Then get Avast, a superb antivirus program that’s free for home and personal use. Because it’s a lean piece of software, it imposes a relatively light burden on system resources and RAM. Despite this, it kills viruses in their tracks and has plenty of extras, including live scanning to prevent viruses from infecting your PC in the first place. Avast can scan regular and Web-based e-mail for viruses, too, and it protects against instant messaging viruses, peer-to-peer dangers and more.

AVG Anti-Rootkit
One of the most feared types of malware is the rootkit — malicious software that many types of antimalware can’t detect. Not uncommonly, bad guys use rootkits to hide Trojan horses, which can then be used to take over your PC without your knowledge. AVG Anti-Rootkit’s sole purpose is to find and kill rootkits. Run it and it scans your PC, sniffing rootkits out and removing any it finds. (Note that this utility doesn’t work with Windows Vista.)

Spyware Blaster
Some of the nastiest kinds of spyware — autodialers, home page hijackers, and others—install themselves as ActiveX controls. Spyware Blaster protects you against them, blocking the installation of ActiveX-based malware and other types of spyware, and eradicating tracking cookies that might otherwise invade your privacy. The program works with Firefox, Opera or Internet Explorer, and it prevents your browser from being diverted to dangerous sites. One particularly nice touch is the utility’s System Snapshot, which (as you’d expect) takes a snapshot of your PC; if your computer gets infected later on, you can revert to the clean version.

Assessing risks to your system

Is it safe or isn’t it? Whether you’re asking this question about your own system, a site you’d like to visit, or a link you’re tempted to click, you need the right tools to help you understand the level of risk involved. These utilities appraise the situation and deliver an informed assessment of where you stand.

AOL Active Security Monitor
Not being a big fan of AOL in general, I was initially leary about downloading and using this free tool. But this simple, straightforward application looks at the security of your PC, reports on what it finds, and makes recommendations. It checks to see if you have antivirus software installed and, if so, whether the definitions are up to date. Then it does the same for antispyware, tests whether you have a firewall enabled, and checks for peer-to-peer software that could pose a danger. The monitor doesn’t have any protective capabilities itself, but it warns you if you need some. Be aware, however, that the software doesn’t work with Windows Vista. And take its recommendations with a grain of salt: It touts for-pay AOL software such as the AOL Privacy Wall over free software that may be better. Still, if you’re looking for some quick security recommendations, it’s worth the download.

McAfee SiteAdvisor
On the Web, unlike in the real world, it can be hard to recognize a bad neighborhood when you’re wandering around in it. There are no boarded-up windows, no empty storefronts, no hard-looking men lounging on corners or in doorways. In fact, the prettiest and most inviting Web site may harbor all kinds of malware. That’s where the McAfee SiteAdvisor comes in. It warns you when a Web site that you’re about to visit — or are already visiting — may be dangerous. You install it as an Internet Explorer toolbar or as a Firefox plug-in. Then when you search with Google or some other search engine, it displays color-coded icons next to each search result, indicating whether the site in question is safe (green), questionable (yellow), or clearly unsafe (red). It checks sites for downloads that may be dangerous, and for evidence that they will send you spam if you give them your e-mail address. The toolbar offers similar reports about the sites you’re currently visiting.

LinkScanner Lite
This is another good tool for determining whether a Web site harbors dangerous content. Open LinkScanner Lite and type in a site URL, and the utility checks the site for dangerous scripts, bad downloads, and other hazardous content. It also warns you about phishing sites and other potentially fraudulent online operations, and it integrates with search sites in much the same way that McAfee Site Advisor does, putting icons next to search results to indicate whether they are dangerous or not. Unlike Site Advisor, though, it doesn’t check whether sites harbor adware or spyware.

Internet Threat Meter
Every day, it seems, new threats hit the Internet. Symantec’s Internet Threat Meter keeps you informed about the latest arrivals and includes a link to a Symantec site where you can get more information and find fixes. The program runs as a nifty little widget in Windows XP, or as a Sidebar Gadget in Windows Vista, gathering data about the latest threats and reporting the results to you.

Trend Micro HijackThis
Like it or not, no single antispyware program can detect and eradicate all spyware. Consequently your favorite antimalware utility doesn’t fully protect you. If you suspect that you’ve been victimized by spyware, but you haven’t been able to track down the source of the trouble using your usual diagnostic software, give HijackThis a try. It thoroughly analyzes your Registry and file settings, and creates a log file reporting its results. If your system is infected with spyware, that file will contain clues about the particular type you’re dealing with. Though an expert can analyze the log to try to track down the problem, you shouldn’t try to do any advanced analysis yourself unless you possess relevant expertise. Instead, simply upload the log file to a HijackThis Web site, and ask the community there to analyze it for you.

Covering your tracks and cleaning up

Encrypting private information, disabling potentially harmful scripts, and cleaning up accumulated detritus are all ways to strengthen your security. These downloads help you keep things safe and orderly.

Kruptos 2
Worried that someone may gain access to your most private files? Kruptos 2 uses powerful, 128-bit encryption to scramble files and folders so that only you can read them. It’s particularly useful for USB flash drives and portable storage devices, which you can encrypt in the entirety. Kruptos 2 also lets you create self-extracting, encrypted archives; shred deleted files so that all traces of them vanish from your hard disk; and even disguise the filename when you encrypt a file.

Transaction Guard
This freebie from commercial security vendor Trend Micro is actually two pieces of security software in one. First, it’s a spyware detector and eradicator that monitors your system in real-time for spyware and kills any it finds. Second, it introduces a “secret keyboard” to ensure that passwords and other sensitive information aren’t stolen over the Internet. When you visit a site that asks for a password, instead of typing in the password, you enter it on the secret keyboard, which copies the password to the clipboard, from which it gets pasted directly into a Web form. The software runs as an ActiveX control in the System

CCleaner
When you surf the Web, you pick up many traces of your Internet activity. Your PC swells up with temporary Internet files, a history list, cookies, autocomplete entries, and lots more. In addition, programs create temporary files, file lists, and other bits of effluvia. Windows itself constantly monitors what you do, and records information about it in logs. In fact, a snoop could easily gather a great deal of information about you from stuff that’s junking up your PC. CCleaner rids your system of all such traces. Not only does it enhance your privacy, but you’ll regain hard disk space as well. When I used this utility for the first time, it deleted a whopping 835MB of files.

NoScript
Among the biggest dangers you face when surfing the Web are boobytrapped Java and JavaScript scripts and applets. Evil doers can disguise these harmful pieces of code as useful tools, or can hide them completely while they perform their nasty routines. Unfortunately, there’s no practical way for you to separate the good ones from the bad ones. But NoScript, a free Firefox extension, prevents all JavaScript and Java applets from running, except on sites that you designate as safe. The extension presents you with a list of safe sites, which you can add to. NoScript tells you when it has blocked Java or JavaScript on a site. For added protection, this remarkably powerful and flexible tool also blocks Java, Flash, and other plug-ins on sites you don’t trust.

File Shredder 2
Delete a file and it’s gone from your PC, right? Wrong. Even after you delete a file and flush it from your Recycle Bin, special software can re-create it. Of course, in general, you’d like files to stay deleted when you throw them away. File Shredder 2 overwrites any file or folder with a random string of binary data—multiple times. You have a choice of five different shredding algorithms, and using the program is a breeze: Just choose your files, tell the program to shred them, and they’ll be gone forever.

15 free security programs that work

How to recover a deleted Word document?

The first step for deleted Word document recovery is to look in the Recycle Bin! If the document is not in the Recycle Bin, and you are sure it must have been deleted recently, then use Data Recovery Wizard to recover the deleted Word document.

How to recover a lost Word document?

Microsoft Word will “lose” documents in certain situations. For example, it may lose a document if Word is forced to quit unexpectedly, if your computer has a power interruption while you’re writing, or if you close the document without saving changes.

If you don’t know how the Word document was lost, if it may have been deleted a long time ago, or if it has been overwritten or corrupted, then it is best to use Data Recovery Wizard. This product is often able to recover Word documents even when parts of the original file have been overwritten, by searching for previously saved copies made while the document was being created and edited.

Searching for the Original Document.

1. In Windows, click Start, Search, and then For Files or Folders.
2. In the Search for files or folders named box, type the file name.
3. In the Look in box, click “My Computer”. (This searches your entire computer - if you know that the file is in a specific area, for example, “My Documents”, then change this accordingly.)
4. Click “Search Now”. If the Search Results box does not show the file, continue with the following steps to search for all Word Documents.
5. In the Search for files or folders named box, type *.doc. Tip: In computer terminology, the asterisk * is used to select all options. By entering *.doc you’re telling the computer to search for all files with the .doc extension.
6. Click “Search Now”.

If you still cannot find the file, open the Recycle Bin and follow these steps.

1. Open the Recycle Bin.
2. On the View menu, click Details.
3. Click Arrange Icons and click by Delete Date. This allows you to filter this list according to the date when the files were deleted. If you know that your files went missing yesterday, you can look at this date.
4. When you find the document that you are looking for, right-click on it, and click Restore.

This returns the document to its original location. Open the file and examine its contents.

Search for Word Backup Files.

Many users rely on the Always create backup copy setting (see Tools > Options > Save tab) to automatically create a backup copy of their files.

While the obvious advantage is that it always creates a backup file, the downside is that it makes Word work very hard. As it has to continually save backup copies, it will reduce your computer’s performance. Quite often, Word will freeze when it backs up a large file.

To find the backup file, follow these steps:

1. Open the folder where you last saved the missing file.
2. Search for files with the .wbk extension. (Word BacKup)

When you find a file that has the name “Backup of” followed by the name of the missing file:

1. In Word, click File > Open.
2. In the File of type box, click All Files *.*, select the file, and then click Open.

If the .wbk file is not located in the original folder, search the computer as follows:

1. In Windows, click Start, point to Search, and then click For Files or Folders.
2. In the Search for files or folders named box, type *.WBK.
3. In the Look in box, point to the arrow, and then click My Computer.
4. Click Search Now.

Search for AutoRecover Files.

Word creates AutoRecover files of the documents that you were working on whenever it crashes. When you re-open Word, it displays these AutoRecover files in the Document Recovery task pane.

If Word finds the AutoRecover file, the Document Recovery task pane opens on the left side of the screen, and the missing document is listed as “document name [Original]” or as “document name [Recovered]”.

1. Double-click the file in the Document Recovery pane.
2. Click Save As.
3. Save the document as a .doc file.

Using Task Manager to close Word after a Crash.

When Word crashes, the Winword.exe file may still remain open. You need to close this before you re-open Word as otherwise system conflicts may arise, i.e. you may not be able to open Word, as the system sees that Winword.exe is currently running.

To close Winword.exe using the Task Manager, follow these steps:

1. Press CTRL+ALT+DEL. In the Windows Security dialog box, click Task Manager.
2. On the Processes tab, click any instance of Winword.exe, and then click End Process.
3. Close the Windows Task Manager, and then re-start Word.

Search Manually.

You can also manually search for AutoRecover files:

1. On the Tools menu, click Options.
2. Click the File Locations tab, double-click AutoRecover files, and write down the path. Click Cancel and Close.
3. Close Word.
4. Open the AutoRecover file location (based on the path you wrote down).
5. Search for files that end with .asd.

Search for Temporary Files.

If these methods do not find the file, you can search for temporary files:

1. Click Start, click Search, and then click For Files or Folders.
2. In the Search for files or folders named box, type *.TMP.
3. In the Look in box, point to the arrow, and then click My Computer.
4. If the Search Options are not visible, click Search Options.
5. Click to select the Date check box, click in the last “n” days, and then change “n” to the number of days since you last opened the file.
6. Click Search Now.
7. On the View menu, click Details, point to Arrange Icons, and click by Date.
8. Scroll down searching for files that match the last few dates and times that you edited the document.

Search for “~” Files.

Some temporary file names start with the tilde (~) symbol. To find these files, follow these steps:

1. In Windows, click Start, click Search, and then click For Files or Folders.
2. In the Search for files or folders named box, type ~*.*.
3. Click Search Now.
4. On the View menu, click Details and then sort by Date.
5. Scroll through the files for documents that match the last date that you edited the document.

If the recovered Word document is still damaged.

Microsoft Word tries to automatically recover a damaged document if it detects a problem with the file. You can also “force” Word to try to recover a document when you open it.

1. On the File menu, click Open.
2. In the File of type list, click All Files *.*.
3. In the Open dialog box, select your document.
4. Point to the arrow on the Open button, and then click Open and Repair.

Or try using some Microsoft Word document fix tool. These products are often able to repair corrupt Word documents using text found in previously saved copies of the file. Our product will have the word fix function. You can send the files to us repair. Please see: File Repair.

Word Recovery - Recover, Repair and Fix lost, deleted, corrupt, damaged MS Word Document Files.

Sunscreen Summary — What Works and What’s Safe

In a new investigation of 783 name-brand sunscreens, the Environmental Working Group (EWG) found widespread evidence that many products on the market are not safe and effective, including one of every eight high-SPF sunscreens that does not protect from UVA radiation. We have also identified 128 products that offer very good sun protection with ingredients that present minimal health risks to users. Find out which in our best and worst lists.

New Web Site Rates Hundreds Of Sunscreens

(CBS News) NEW YORK

A Web site that assesses the effectiveness and safety of almost 800 sunscreens was unveiled Tuesday morning.
The sunscreen screening site, put together by the Environmental Working Group, gives detailed information about the products and groups them by the types of harmful rays they’re meant to protect against.
The EWG has cautioned the public in the past about health concerns involving certain cosmetics and seafood.
It unveiled the sunscreens site on The Early Show on Tuesday.
Jane Houlihan, the EWG’s vice president of research, supervised the site’s construction.
She explained to co-anchor Julie Chen that there are two things people need from sunscreens more than anything else. One is broad spectrum coverage, from both UVA and UVB rays. The other is stability in sunlight.
It’s important to note, she said, that SPF numbers on sunscreen packages only cover UVB, the type of ray most responsible for burns.
UVA is far less responsible for burning, but still can raise skin cancer risk, and only one sunscreen in five has effective UVA protection, Houlihan pointed out. There is no number that quantifies UVA protection, which depends on several factors. There are ingredients that protect well against UVA, but sunlight can break them down and make them ineffective if they’re not formulated well.
Also, when sunscreen ingredients break down, they can penetrate the skin and trigger allergies. The ingredients are actually designed to break down; that’s part of the function of absorbing energy and keeping it out of the skin. But some break down more quickly and easily than others.
The two ingredients Houlihan likes most are zinc and titanium, which don’t break down in sunlight as others do, and offer longer lasting protection as a result. They also work by reflecting sunlight, rather than absorbing it.
Consumers should look for both SPF numbers and zinc and titanium when buying suncreens, Houlihan observed. High SPF protects best against UVB. Zinc and titanium offer maximum UVA protection.
Several ingredients are far less desirable although, depending on how they’re blended and what else the products contain, are not automatically undesirable. They are avobenzone, oxybenzone and padimate, a relative of PABA, which has come into disrepute in recent years.
The Web site’s rankings show that a sunscreen being popular doesn’t necessarily mean it’s among the best. Coppertone, for instance, has some items in higher categories, but also makes a number whose stability could be better.
One problem with sunscreens is that this country is behind the curve, Houlihan notes. European regulators have approved several effective products that the Food and Drug Administration hasn’t gotten around to testing. So, Americans are limited in our choices.
Even if your sunscreen is good, Houlihan stressed that you still need to take all the standard precautions against the sun, such as staying out of the sun during peak hours, wearing protective clothing and hats, and reapplying sunscreen often.

(© MMVII, CBS Broadcasting Inc. All Rights Reserved.)

Skin Deep: Cosmetic Safety Database - Special Report

$10-Per-Month DSL From AT&T

It seems Uncle Sam is looking out for those of you in AT&T’s 22-state landline service area. If you have never been a customer of AT&T or BellSouth broadband, you are entitled to an unadvertised $10-per-month DSL service.

The deal is part of a concession with the FCC—AT&T had to agree to offer it for two and a half years when it bought BellSouth. The bandwidth isn’t super sweet, at 768Kbps downstream and just 128Kbps upstream, so not a whole lot of juice for gaming, but the price is equal to dial-up and can blow that away.

I will warn you, the link on AT&T’s website is hard to find. As best as I can tell, you have to go through this availability checker, and even then you have to wade past other nice-but-not-as-nice offers. You can also try to swing it by calling AT&T directly. To lock down $10-a-month DSL, it might be worth the annoyance. – Wilson Rothman

AT&T quietly introduces $10 DSL plan, part of BellSouth merger concessions

Dealzmodo: $10-Per-Month DSL From AT&T - Gizmodo