Computer Security

[FLYTYER]

Some of you may recall that back in May I had that horrible experience with my email account being highjacked. Ever since I have been very paranoid and suspicious of every email with an attachment or Fowarded content.

Well I found a great program that protects your sign-on username and password on those web sites or programs requiring a sign -in.

The program is called Key Scrambler 2.8.1. It is free and can be downloaded from CNET Downloads. It works on your web browser to encrypt your key strokes as you type the sign-in username and password. No one can decipher the stuff or see the real info. To make it fully effective you should not have the web site remember you or keep you signed in...why have your sign-on user name and password stored on their servers or in a cookie in your browsing history?...To me that is dangerous!!

If you do any banking, eBay/PayPal, credit card or catalog purchases or use any web site requiring a log on......think about someone spying and watching your keystrokes !!!

I now sign in every time using Key Scrambler !!

[Wayne M]

Well, I don't think there can be "to much security."

However, if you have a reputable provider they should be using Secure Socket Layer encryption which requires them to have a "certificate." Secure communications are usually identified with https: as the beginning of the web site. Also, some web browsers indicate a secure site with a "lock icon" somewhere on the page.

Once https:// is displayed on the URL line, they session is encrypted. The computer and certificate agree on an algorithm and scramble the text being sent.

Most email providers use SSL. In the cases where there has been a hijack it is usually bad security on the web server and has nothing to do with transmitting between computer and server.

You are correct in that you should not store passwords in an unprotected manner. Cookies do not store the passwords. If you click on the "remember me" box, cookies are used to provide the same SSL connectivity to identify you. The server remembers the password, not your cookie file. And you are correct in that you should not click the "remember me" box for important sites. It is more in relation to your computer being stolen, or penetrated by hackers.

There are several manufacturers of Internet security programs. The well known ones are all go. Any Internet security program is better than non. I personally use one of the major know programs.

[FLYTYER]

Wayne I understand overall what you are stating, but I cannot agree with it all. SSL and https:// is in no way a guarantee you are protected.

In my incident there was a clear attack in my PC that came via a so-called secure website and associated server. There were 17 key stroke counters found. They came from somewhere. What I cannot figure is how they got by the AVG anti-virus and Firewall.

All I can say at this point I am staying with what I have done.

[texnet]

My experience with computers goes back to my first computer which was a TRS-80 Model I which I purchased the first week of August 1978. That purchase changed the path of my life and job. I soon joined the computer workforce and started my on computer company in 1982. I owned and ran an ISP business from 1995 to 2009 when we sold and retired. We had customers running all kinds of security programs and had problems. Over the years I have tried several security programs and have one that stands out above all. The program that I use is Zone Alarm. While it is not free it's price is reasonable. They have several versions, but the one I use has anti-virus, anti-spyware, anti-phishing and now even has credit monitoring. At less than $40 for a year of service with 3 computers protected I think that is a deal. I have used lots of freeware programs over the years and some of them are great but I have not found anything as good as Zone Alarm. I do not make any money from what I have just said, only expressing my opionion.

BTW, cookies are part of the "remember password and username".. yes they are stored on your computer. Don't believe it, just delete all cookies and you will find they next time you go to a website that you checked the box it will ask you for your username and password!

As for https:// I put my trust in those sites as that is what is required to do banking. No one has yet broken the encryption that is used on those sites. You can access them from a public computer and as long as you don't tell the computer to remember your username/password AND you don't have someone watching your keystrokes you will be fine.

The way I suspect that Flytyer's email was hacked is that he was using a web browser through a public access point to access his email. I don't know of many email providers that use a secure site to access email via a web browser. This same thing happened to a friend of mine while we were in Moldova (a previous member country of the USSR). The Internet connection at the place we were staying was down one evening so he used a open wireless connect he found. He logged into his email account and within hours his account was being used to spam. An "open" wireless connection could very well be a connection that is setup just for the purpose of obtaining account info!

The problem of open wireless connections are true of campground connections also. You have NO idea who in the campground, or who in the area, might have a network scanning program running to capture your information!!!!!

[FLYTYER]

Quote:

Originally Posted by texnet .........BTW, cookies are part of the "remember password and username".. yes they are stored on your computer. Don't believe it, just delete all cookies and you will find they next time you go to a website that you checked the box it will ask you for your username and password......... The way I suspect that Flytyer's email was hacked is that he was using a web browser through a public access point to access his email. I don't know of many email providers that use a secure site to access email via a web browser. ........

Thanks for the clarification on cookies.

Actually I believe the problem happened this way....I was using a iPad and the Safari browser on an open campground WIFI to review a document posted on a Amateur Radio site. I did not check email with the iPad either. When I got home I connected the iPad to the PC and it immediately went to iTunes as it should, it updated and I disconnected. One week later all h*** broke loose

Since I use Gmail for my email would it be better to use a client like Thunderbird to interface with Gmail? Is the security better that way or not?

[Billieg]

I own a software company so security is real important for me. Key Scrambler 2.8.1 is a great program because if you get a tracking program on your computer it can read your key strokes no matter what so to encrypt the passwords is a good thing. I use Avast anti virus for my computers because it is small, stays in the background and does a fantastic job and updates itself everyday. You should also NOT use Internet explorer for a browser since every hacker writes for it. Every time I do a Windows update and have to use it my Avast goes nuts blocking viruses and Trojans. One last thing, install Ghostery to block the tracking programs. It's free and blocking 8 different tracking programs right now on this sight.

[texnet]

Quote:

Originally Posted by Billieg You should also NOT use Internet explorer for a browser since every hacker writes for it. Every time I do a Windows update and have to use it my Avast goes nuts blocking viruses and Trojans.

Again, it is just my opinion, but I disagree. I have used IE ever since IE 1.0 and I do NOT have problems as I run programs such as Zone Alarm and I am careful about what sites I visit :-) I do not have a problem with viruses or trojans as Zone Alarm blocks them from the start. I venture to say that I don't see more than one or two times a year that my quarantine has anything in it.

I do have my own e-mail server and it has anti-virus, anti-phishing and etc scanning built in.

If I went along with the theory to not use IE because there were more viruses and trojans written for it then I guess I would have to convert to a MAC since there are even fewer written for them

It is now what you use, it is HOW you use it and what measures you have taken to protect what you do use

[texnet]

Quote:

Originally Posted by FLYTYER I connected the iPad to the PC and it immediately went to iTunes as it should, it updated and I disconnected. One week later all h*** broke loose Since I use Gmail for my email would it be better to use a client like Thunderbird to interface with Gmail? Is the security better that way or not?

I don't see that as the link to the hack of your email account, unless your PC had already been compromised.

Sorry, can't comment on Thunderbird as I don't use it.

I use Outlook to access my e-mail 99% of the time. If I do use webmail, which is on my own server, I don't use it on a public network. I have used webmail via my AT&T connection and I know it is not 100% secure but not many folks will wire up the necessary equipment to monitor cell towers and decode all the info going past them to get an email account They could spend there time better breaking into Fort Knox!

[Wayne M]

My comment included the fact that an attack on a PC can reveal information. However, when I use a web browser for mail.yahho.com, it comes up HTTPS. At that point you are encrypted to the server. If you have to access your email through a web browser look to see that it has https://. If not, don't go that way.

Thunderbird is what I use. it's free, and not full of hype as some email clients. If your email provider uses SSL it will be configured in Thunderbird, or you will not access your email. It should be configures in any email client you use, Thunderbird, Outlook, Outlook Express, etc., (Those are clients) and to verify just look at your configuration. There should be a checkbox that says something like "Use SSL."

Zone Alarm is one of the Major Security programs I was talking about. I didn't want to get into "names" of programs, because it opens a can of worms as to which is best. Personnaly I use Norton's Internet Security/Antivirus. It has done a superb job for several years. At one time on a PC Desktop I had Zone Alarm. Working in IT Security at JSC, all that was supported was Nortons. I started using it in 1994 and continue to this day. As I stated, there are several major security
programs that are good.

The "cookies" do not store the passwords. Cookies are only a means of identifing you, and if you have checked the "remember password" box, then you identifying information will trigger the correct password on the server. I have also used password cracking programs, in the line of work and authorized, to break password encryption schemes. Nothing cannot be broken, given time. That is why it is imperatie the passwords consist of at least of the 3 follwoing: upper case, numbers, special characters, lower case. The best is one of the "cases" along with the other two. Takes longer to crack.

If you are on open WiFi, and SSL access to your accounts, with strong passwords, the hacker will let you fly by. They are more interested in passwords that are not secure, other wise they consider it a waste of time. The biggest threat is from "script kiddies." They just are trying to make a name for themselves, modify viruses, and do damage in the process. The true hacker is just interested in being able to report to hise peers that he broke into something, and leave proof that he has done it. A much more sophisticated hacker just looking for peer notoriety.

Key scramblers will not hurt your system, and, as stated, if a hacker does get into your system - without it you are fried. It is better to prevent, than to fix. As stated, a good security program will prevent about 99% of the time. No one individual security program can protect you 100% of the time, even with heuristic techniques.

[FLYTYER]

Textnet you said you have you own email server with those security things. How does your server get the email. And from whom?

Do you feel Outlook adds any protection ?

To everyone else, THANKS for contributing to the discussion

[MSHappyCampers]

Quote:

Originally Posted by Billieg I own a software company so security is real important for me. Key Scrambler 2.8.1 is a great program because if you get a tracking program on your computer it can read your key strokes no matter what so to encrypt the passwords is a good thing. I use Avast anti virus for my computers because it is small, stays in the background and does a fantastic job and updates itself everyday. You should also NOT use Internet explorer for a browser since every hacker writes for it. Every time I do a Windows update and have to use it my Avast goes nuts blocking viruses and Trojans. One last thing, install Ghostery to block the tracking programs. It's free and blocking 8 different tracking programs right now on this sight.

I clicked on the link and downloaded/installed the program. How can I tell if the program is there and working ? I went to "Start" and "All Programs" and did not see it on the list ? Did I screw up some way ?

[texnet]

Quote:

Originally Posted by FLYTYER Texnet you said you have you own email server with those security things. How does your server get the email. And from whom? Do you feel Outlook adds any protection ? To everyone else, THANKS for contributing to the discussion

My e-mail server receives email from every place in the world, just like all the big boys. When I sold my ISP business I kept several servers and have two 7 foot racks of equipment sitting about 12 feet from where I am typing this message. These are real servers, not desktops being used as servers.

I feel Outlook adds protection but you need to use many methods to protect yourself, your computer and your data.

[Billieg]

Quote:

Originally Posted by jminyard I clicked on the link and downloaded/installed the program. How can I tell if the program is there and working ? I went to "Start" and "All Programs" and did not see it on the list ? Did I screw up some way ?

Once you install it Firefox will ask to re-start. When it does the ghost program will ask you to set it up. You need to do that to get it working.

[MSHappyCampers]

Quote:

Originally Posted by Billieg Once you install it Firefox will ask to re-start. When it does the ghost program will ask you to set it up. You need to do that to get it working.

I don't use FireFox. I use IE. I finally found it by going to "control panel" and "add/delete programs", but that's the only place I can find it.