US-CERT Cyber Security Tip ST05-009 -- Benefits and Risks of Free Email Services

Cyber Security Tip ST05-009 archive
Benefits and Risks of Free Email Services

Although free email services are convenient for sending personal
correspondence, you should not use them to send messages containing
sensitive information.

What is the appeal of free email services?

Many service providers offer free email accounts (e.g., Yahoo!,
Hotmail, Gmail). These email services typically provide you with a
browser interface to access your mail. In addition to the monetary
savings, these services often offer other benefits:
* accessibility - Because you can access your account(s) from any
computer, these services are useful if you cannot be near your
computer or are in the process of relocating and do not have an
ISP. Even if you are able to access your ISP-based email account
remotely, being able to rely on a free email account is ideal if
you are using a public computer or shared wireless hot spot and
are concerned about exposing the details of your primary account.
* competitive features - With so many of these service providers
competing for users, they now offer additional features such as
large amounts of storage, spam filtering, virus protection, and
enhanced fonts and graphics.
* additional capabilities - It is becoming more common for service
providers to package additional software or services (e.g.,
instant messaging) with their free email accounts to attract
customers.

Free email accounts are also effective tools for reducing the amount
of spam you receive at your primary email address. Instead of
submitting your primary address when shopping online, requesting
services, or participating in online forums, you can set up a free
secondary address to use (see Reducing Spam for more information).

What risks are associated with free email services?

Although free email services have many benefits, you should not use
them to send sensitive information. Because you are not paying for the
account, the organization may not have a strong commitment to
protecting you from various threats or offering you the best service.
Some of the elements you risk are
* security - If your login, password, or messages are sent in plain
text, they may easily be intercepted. If a service provider offers
SSL encryption, you should use it. You can find out whether this
is available by looking for a "secure mode" or by replacing the
"http:" in the URL with "https:" (see Protecting Your Privacy for
more information).
* privacy - You aren't paying for your email account, but the
service provider has to find some way to recover the costs of
providing the service. One way of generating revenue is to sell
advertising space, but another is to sell or trade information.
Make sure to read the service provider's privacy policy or terms
of use to see if your name, your email address, the email
addresses in your address book, or any of the information in your
profile has the potential of being given to other organizations
(see Protecting Your Privacy for more information). If you are
considering forwarding your work email to a free email account,
check with your employer first. You do not want to violate any
established security policies.
* reliability - Although you may be able to access your account from
any computer, you need to make sure that the account is going to
be available when you want to access it. Familiarize yourself with
the service provider's terms of service so that you know exactly
what they have committed to providing you. For example, if the
service ends or your account disappears, can you retrieve your
messages? Does the service provider give you the ability to
download messages that you want to archive onto your machine?
Also, if you happen to be in a different time zone than the
provider, you may find that their server maintenance interferes
with your normal email routine.
_________________________________________________________________

Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
This document can also be found at

Copyright 2005 Carnegie Mellon University

Terms of use

For instructions on subscribing to or unsubscribing from this
mailing list, visit .

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 4/27/2005

Flaw found in Firefox | CNET News.com

Flaw found in Firefox | CNET News.com:

"A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

"Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said. "

The pressure is now on isolated Chen -- PLEASE PRAY!

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.3 - Release Date: 4/25/2005

Deliver Us from Wal-Mart? - Christianity Today Magazine

Be sure to read this article carefully from beginning to end before leaping to any conclusions. It's the first even-handed journalism I've seen about Wal-Mart's new "bad boy" image.
-- Chuck


Deliver Us from Wal-Mart? - Christianity Today Magazine:

"Some Christians may be thankful for the values behind the Wal-Mart phenomenon, but others are voicing some of the unprecedented hostility toward the company. A biblical look at the retailer's labor issues may help Christians, among the one-third of Americans who visit Wal-Mart at least once a week, to discern whether they honor God in purchases and investments in the company."

. . .

"Discerning Christians with varying social/theological priorities will differ on whether to open their wallets to Wal-Mart. Its impact on local communities and on the environment, as well its treatment of minorities and women, also must be examined. But even with this initial look at labor issues, what conclusions can we draw?"

Yeah...don't try this at home...or anywhere else! 

Thanks to my #3 son-in-law, Jim Clay for happening upon this site...enjoy! 

The 46 Best-ever Freeware Utilities

The 46 Best-ever Freeware Utilities:

"There are a lot of great freeware products out there. Many are as good or even better than their commercial alternatives. This list features my personal pick of the 'best of the best.'

"All these utilities in this list have been featured in past issues of of my free monthly newsletter 'Support Alert' More freebies are featured in every new issue. If you are interested in great utilities and freeware you really should consider subscribing.

"Last updated March 1, 2005, 12 items updated, 2 additions, 2 deletions. Currently there are actually 60 utilities listed but this report will still be called now and forever 'The Best-ever 46 Freeware Utilities.'"

Surftp is the perfect solution for using your ftp server when you can't install a full ftp client. It is also the ideal way for web hosting providers to introduce their less knowledgable clients to FTP. Surftp is based off an opensource project and is secure and private.  

PC Tools, creator of the award-winning anti-spyware software, Spyware Doctor, has released a free ground-breaking product, Hijack Guard, to protect PC users from the next generation of Web hijacker infections.
 

Hans Christian Andersen's life and works
- research, texts and information. 

Welcome to Project Gutenberg

Pretty COOL, hey what?
-- Chuck


Welcome to Project Gutenberg - Project Gutenberg:

Welcome to Project Gutenberg

"Project Gutenberg is the oldest producer of free electronic books (eBooks or etexts) on the Internet. Our collection of more than 15.000 eBooks was produced by hundreds of volunteers. Most of the Project Gutenberg eBooks are older literary works that are in the public domain in the United States. All may be freely downloaded and read, and redistributed for non-commercial use (for complete details, see the license page). "

Mozilla flaws could allow attacks, data access | Tech News on ZDNet

Sure, Internet Explorer has it's weaknesses, but it's becoming evident (now that the hype has died down) that Mozilla/Firefox also has security vulnerabilities—and so does Unix/Linix.

The only way to use the internet with any degree of security is to practice safe computing by employing multiple security filters—such as an real time antivirus program, an anti spyware/malware program and a software or hardware firewall. Ultimately, we users must take responsibility for making our computers and the internet secure.

Go to http://www.johnstonz.net/wwwplaces.htm for a list of some free and effective security applications. Also check out http://www.microsoft.com/athome/security/spyware/software/default.mspx

-- Chuck


Mozilla flaws could allow attacks, data access Tech News on ZDNet:

"Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.
Details of the nine flaws were published on Mozilla's security Web site over the weekend.

"Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said most of the vulnerabilities are based on the way the applications handle JavaScript.

"'There are some permission issues related to running JavaScript at an escalated privilege level. They remove some of the security measures used to keep JavaScript sandboxed and allow it to potentially do malicious things to your computer,' Latter said. "

Click on the link above to read on...

Losing My Identity - Today's Christian

Here's a page on identity theft that you might like to check out:

Losing My Identity - Today's Christian
http://www.christianitytoday.com/tc/2005/002/12.46.html

PowerPoint gone wrong...some things are just better without it! -- Chuck 

FireFox Pros And Cons

I subscribe to "The LangaList," a free and spamproof email newsletter from the computer author and columnist Fred Langa.

The current issue contains an item I thought would be of particular use or interest to you, so I'm using a form on Fred's website to send you a link to that issue.

The specific item(s) I wanted to tell you about are:

1) FireFox Pros And Cons

and you can find the full issue (with the above item) here:
http://www.langa.com/newsletters/2005/2005-04-18.htm

Check it out!

The newsletter is FREE and SPAM-PROOF, and often has information you just can't get elsewhere. To subscribe, click here:http://langa.com/join_langalist.htm#new

Sincerely,
Chuck

Preventing Epidemics. Protecting People. "Trust for America’s Health (TFAH) is a non-profit, non-partisan organization dedicated to saving lives by protecting the health of every community and working to make disease prevention a national priority." 

"Real Fathers Writing About Real Fatherhood"
 

Do you remember the sugar cubes (of vaccine)?

Today's HighlightsTuesday, April 12, 2005

Spotlight: Fifty years ago today the Salk vaccine was released for general use in the U.S. Developed by Dr. Jonas Salk, the vaccine was used to immunize against polio. Franklin Delano Roosevelt, who died of a cerebral hemorrhage on this date in 1945, became a victim of polio at the age of 39. Though he was partially paralyzed from the waist down, FDR did regain some use of his legs. When he died, he had just begun a record fourth term as US president.
Quote: "Intuition will tell the thinking mind where to look next." -- Jonas Salk Word: inoculable: vulnerable to a disease transmitted by inoculation

FW: Bloglines - Best Buy Has Man Arrested for Using $2 Bills

Slashdot: News for nerds, stuff that matters

Best Buy Has Man Arrested for Using $2 Bills By Zonk on buyer-beware An anonymous reader writes "Mike Bolesta of Baltimore thought he would protest Best Buy's not-so-great customer service and pay his bill with 57 $2 bills. For his trouble he got to spend some time in the county lock-up." From the article: "..Bolesta was contacted by the store, and was threated with police action if he did not pay the [installation] fee he was told before did not exist. As a sign of protest, Bolesta decided to pay using only $2 bills, which he has an abundance of because he asks his bank for them specifically. Unfortunately for him, the cashier did not seem to understand that the $2 bill is indeed legal US tender, since the bill itself is not often used. After rudely refusing to take the money, the cashier accepted the bills, only to mark them as though they were conterfeit."

"Safe surfing" is a family affair. As a parent, it's all about being informed, Internet savvy, and open to the possibilities of the online world for you and your child."
 

Bloglines - Fake Microsoft Email Urges Windows Update, Installs Trojan

Bloglines user ChuckzBlog (chuckzmail@johnstonz.net) has sent this item to you.

Fake Microsoft Email Urges Windows Update, Installs Trojan

By rss_feedback@lockergnome.com (Aunty Spam's Net Patrol) on Aunty Spam's Net Patrol
A fake Microsoft email urges users to install the latest Windows update, and even links and takes them to a site which sure seems to be a real Microsoft website. But it isn’t. And the email actually leads to the installation of a trojan horse file. The payload file is named “Wupdate-20050401.exe”, and it will turn your Windows PC into a dedicated spamming machine, at the remote beck and call of the spammer who stands…

Let Taipei govern 'one China'

 

Yahoo! News - THE PURPOSE-DRIVEN LEFT

Yahoo! News - THE PURPOSE-DRIVEN LEFT: "

By Ann Coulter

"It's been a tough year for the secularist crowd. There was Mel Gibson's 'The Passion of the Christ,' the moral values election, the Christian hostage subduing her kidnapper by reading from 'The Purpose Driven Life,' and the Christian effort to save Terri Schiavo. Not only that, but earlier this year Dr. James Dobson insulted the Democrats' mascot, SpongeBob SquarePants, with impunity. "

Moore's Law turns 40

Moore's Law turns 40:

"Intel co-founder Gordon Moore recently gave his annual talk to the press, and the subject was the upcoming 40th birthday of 'Moore's Law.' Forty years ago this coming April 19, Moore published a prescient paper in Electronics, detailing the progress and likely future impact of integrated circuit technology. Later, the by now familiar summary of Moore's paper (i.e. 'transistor densities double every 18 months') surfaced and, for better or for worse, acquired the name 'Moore's Law.' You can read a recent interview with Moore here, and you can read this salvation-historical piece, in which Moore plays the role of Moses as prophet, lawgiver, and father of a great nation.

"I should note about that interview that, every time I read an interview with Gordon Moore, I'm reminded of what a really cool guy he is. "

Steer clear of Noadware - IMHO

I was very disappointed to see Noadware recommended on Familyfirst.com for two reasons:

#1 - It is NOT a very effective adware/spyware tool prevention tool (See the review at http://www.adwarereport.com/mt/archives/000023.html)

#2 - The download from the Noadware site is "free to try" (a dead giveaway). NOWHERE on the site does it mention that you have to pay to keep it. ($29.95) Why would I trust a company that hides it's true intentions behind misleading a misleading offer to do a good job of guarding my computer!

Much, MUCH better to rely on Microsoft's AntiSpyware ( http://www.microsoft.com/athome/security/spyware/software/default.mspx) and be REALLY secure!

Chuck

Bloglines - Firefox JavaScript Engine Flaw Flagged

Firefox JavaScript Engine Flaw Flagged

By rss_feedback@lockergnome.com (Jeff Partridge) on Security

A moderately critical security flaw in the Mozilla Foundation’s Firefox Web browser could put users at risk of information disclosure attacks, according to an advisory from security research outfit Secunia. ADVERTISEMENT The vulnerability has been confirmed in Firefox 1.0.1 and 1.0.2, the two latest browser releases from the open-source foundation. It also affects the Mozilla suite, Secunia warned. Read more……

Direct and Related Links for 'Firefox JavaScript Engine Flaw Flagged'

Clayblog

Clayblog



Check it out! This Jim & Jenette's 7th child (4th daughter), and our 20th grandchild.
WE'RE pleased!

ALSO check out Jim's lesson on godly parenting.

--Chuck

"If you work with kids, and you need to implement character education tomorrow, and you want some immediate help, this is where to start.

"But if your character education program is cruising, and you just want some additional ideas and materials, this is also where to start. " 

Milstein Child Safety Center (Mcgruff.org)

Yet another good site for children & parents to be aware of. Check it out!

I'm baaaack!

Greetings, faithful blog browzers!



I just made a change to a new hosting service for my domains and web sites and, though the change went smoothly enough, moving ChuckzBlog to the new server and getting it to work proved a bit more challenging. In the end, though, I prevailed! :-)

Bottom line: ChuckzBlog is back up and running on my new host's server at a new, though strangely familiar, location: http://johnstonz.net/chuckzblog.

Click on over and take a look at what's new (or just plain weird) on ChuckzBlog! You'll be glad you did! ;-)

Chuck

Speaks for itself! 

Ready for a new fashion statement? Discover a great new use for the "handyman's friend!"  

Gates proves real resolve in bringing spammers to justice | Between the Lines | ZDNet.com

� Gates proves real resolve in bringing spammers to justice | Between the Lines | ZDNet.com: "Gates proves real resolve in bringing spammers to justice
-Posted by David Berlind @ 2:53 pm

Home Personal Technology Security
Being somewhat of a tech-weenie -- one who's gone on endless tirades about spam -- I've always favored technical approaches over legal approaches to that which ails us when it comes to e-mail. Before most people knew what phishing was (which was only last year), I tried to sound the alarm, and, true to form, focused exclusively on technical and educational countermeasures. I've never given much credence to legal approaches for two reasons. First, the Internet's international nature creates a forbidding legal environment when it comes to passing laws and bringing transgressors to justice. Second, it didn't seem to me like any single company had the stomach to keep after the scum that are ruining the Net for the rest of us.
Unless that company is Microsoft.
Today, according to a report by News.com's Matt Hines, 'Microsoft has filed 117 lawsuits against people who it charges created phishing Web sites designed to look like pages hosted by the software giant.' 117. That's not a small number of lawsuits for one day. "

US-CERT Cyber Security Tip ST05-007 -- Risks of File-Sharing Technology

Cyber Security Tip ST05-007
Risks of File-Sharing Technology

File-sharing technology is a popular way for users to exchange, or
"share," files. However, using this technology makes you susceptible
to risks such as infection, attack, or exposure of personal
information.

What is file sharing?

File sharing involves using technology that allows internet users to
share files that are housed on their individual computers.
Peer-to-peer (P2P) applications, such as those used to share music
files, are some of the most common forms of file-sharing technology.
However, P2P applications introduce security risks that may put your
information or your computer in jeopardy.

What risks does file-sharing technology introduce?

* Installation of malicious code - When you use P2P applications, it
is difficult, if not impossible, to verify that the source of the
files is trustworthy. These applications are often used by
attackers to transmit malicious code. Attackers may incorporate
spyware, viruses, Trojan horses, or worms into the files. When you
download the files, your computer becomes infected (see
Recognizing and Avoiding Spyware and Recovering from Viruses,
Worms, and Trojan Horses for more information).
* Exposure of sensitive or personal information - By using P2P
applications, you may be giving other users access to personal
information. Whether it's because certain directories are
accessible or because you provide personal information to what you
believe to be a trusted person or organization, unauthorized
people may be able to access your financial or medical data,
personal documents, sensitive corporate information, or other
personal information. Once information has been exposed to
unauthorized people, it's difficult to know how many people have
accessed it. The availability of this information may increase
your risk of identity theft (see Protecting Your Privacy and
Avoiding Social Engineering and Phishing Attacks for more
information).
* Susceptibility to attack - Some P2P applications may ask you to
open certain ports on your firewall to transmit the files.
However, opening some of these ports may give attackers access to
your computer or enable them to attack your computer by taking
advantage of any vulnerabilities that may exist in the P2P
application.
* Denial of service - Downloading files causes a significant amount
of traffic over the network and relies on certain processes on
your computer. This activity may reduce the availability of
certain programs on your computer or may limit your access to the
internet.
* Prosecution - Files shared through P2P applications may include
pirated software, copyrighted material, or pornography. If you
download these, even unknowingly, you may be faced with fines or
other legal action. If your computer is on a company network and
exposes customer information, both you and your company may be
liable.

How can you minimize these risks?

The best way to eliminate these risks is to avoid using P2P
applications. However, if you choose to use this technology, you can
follow some good security practices to minimize your risk:
* use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses.
However, attackers are continually writing new viruses, so it is
important to keep your anti-virus software current (see
Understanding Anti-Virus Software for more information).
* install or enable a firewall - Firewalls may be able to prevent
some types of infection by blocking malicious traffic before it
can enter your computer (see Understanding Firewalls for more
information). Some operating systems actually include a firewall,
but you need to make sure it is enabled.
_________________________________________________________________

Author: Mindi McDowell. Some content contributed by Brent Wrisley
and Will Dormann.
_________________________________________________________________

This document can also be found at

Copyright 2005 Carnegie Mellon University

Terms of use