I've been sending versions of this email out for years and years (I had to update it when the term "phishing" came along), so I thought I'd put it up here as well.
Don't let the bad guys get you: How to Prevent Email Worms, Viruses, and Trojans
We have the best anti-spam and Anti-virus software. We have great firewalls, encrypted VPNs, secure servers... but it's not enough to save us from every "Day 0 Attack"*. An email worm*/virus*/trojan* can go worldwide in just minutes or even seconds, but it can take hours for antivirus vendors to analyze, create, and upload signature updates. It takes a bit longer for us to download and deploy them to our servers and PCs. Happily, there are some easy things we can all do to help limit that window of vulnerability and help keep the bad guys out of our systems.
#1: Understand - Knowing what an attachment really is and what it can do is the first step. Any executable* file attached to an email has the potential to be infected, and to infect your PC in turn. This covers a wide range of file types - basically it means any file that can be attached to an email.
#1b: Understand - Know what kind of emails to expect from what senders. For example - UPS, LinkedIn, Amazon.com, and the Better Business Bureau do not send unsolicited emails with ZIP files attached (or any attachments for that matter). If you receive an email from an entity with an attachment you were not expecting - be very suspicious of it.
#2: Purpose - We shouldn't open ANY attachment unless they were specifically requested or expected. Email viruses/worms are sent to email addresses found on infected users' PCs, so just knowing the sender does not protect you - they may be infected. Actually, the most likely person to send you an infected email is someone you know, and they most likely won't even know they are infected and that emails are going out in their name. To make things more complicated, viri & worms today falsify (spoof) the FROM email address, so the message may not even be from it appears to be from. If if you have any question or doubt, see #3.
#3: Is it REQUIRED? - Probably the simplest, but most ignored idea: You don't need to click that greeting card link or open that "kardashian_pics.zip" at work. So, DON'T.
#4: Get Secure - Most viri/worms are written to take advantage of problems with in Microsoft Outlook and Outlook Express. Since we use Lotus Notes, we are somewhat protected in that area. However, take the time daily to make sure your antivirus client is up-to-date. Symantec issues new signatures pretty much daily, so check your antivirus and make sure it shows a date from the last few days.
#5: Patch your PC - Microsoft releases updates frequently and we push them out to our PCs. However, in order to not interfere with your work, we allow you to choose when to install them. When you are notified of new updates, please take the time to install them on the day you're notified of new one
* Wikipeida says:
Day 0 Attack: A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.
The term derives from the age of the exploit. When a developer becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software. (http://en.wikipedia.org/wiki/Zero-day_attack)
Worm: A computer worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. (http://en.wikipedia.org/wiki/Computer_worm)
Phishing: The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. (http://en.wikipedia.org/wiki/Phishing)
Computer Virus: A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. (http://en.wikipedia.org/wiki/Computer_virus)
Trojan Horse: A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. "It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems", as Cisco describes. The term is derived from the Trojan Horse story in Greek mythology. (http://en.wikipedia.org/wiki/Trojan_horse_virus)
Executable: In computing, an executable file causes a computer "to perform indicated tasks according to encoded instructions,"as opposed to a data file that must be parsed by a program to be meaningful. These instructions are traditionally machine code instructions for a physical CPU. However, in a more general sense, a file containing instructions (such as bytecode) for a software interpreter may also be considered executable; even a scripting language source file may therefore be considered executable in this sense. (http://en.wikipedia.org/wiki/Executable)
Craig Wiseman November 28th, 2012 09:28:43 AM
Why I never use the vendor "chat now" feature:
|Please wait for a chat agent to respond. Your current wait time is ‘0’ minutes. |
You are now chatting with 'Royco B.'
[Note: two minutes pass....]
Royco B.: Welcome to AT&T Premier Support. I am reviewing your pre-chat questionnaire and will be right with you.
Craig Wiseman: ok.
[Note: one minute passes....]
Royco B.: I have read your concern. You want to purchase the iPhone 5, is this correct?
Craig Wiseman: we want to upgrade XXX-XXX-XXXX to an iPhone 5.
Royco B.: Thank you for the clarification.
Royco B.: I'll be more than happy to assist you with this.
Royco B.: Although you may have provided this information, may I please confirm your full name and the wireless number you’d like to discuss today?
Craig Wiseman: Craig Wiseman
Craig Wiseman: XXX-XXX-XXXX
Craig Wiseman: and yes, I've already provided this information to you.
Royco B.: Thank you for the information Craig.
Royco B.: iPhone 5 will be available for preorder on September 14, 2012, and for purchase on September 21, 2012. Until then, refer to www.apple.com for information on iPhone 5.
Craig Wiseman: AS I SAID, Apple says we can't preorder via Apple.
Craig Wiseman: Apple says to upgrade phone number (XXX-XXX-XXXX), I need to contact AT&T
Craig Wiseman: YOU ARE AT&T
Royco B.: I apologize for the inconvenience.
Craig Wiseman: You did say you were "... reviewing your pre-chat questionnaire and will be right with you."
Craig Wiseman: where I've already stated this.
Royco B.: I really apologize for the inconvenience Craig.
Royco B.: You can upgrade your device through your online account but we don't have an information yet on how to do the process but you can do the preordering of the device tomorrow online and through the store.
Craig Wiseman: where online do I do this?
Craig Wiseman: The 14th is tomorrow... seems like you might be able to find out some information like where I can perform this transaction?
Royco B.: You can do the preorder through your online account and through the AT&T store but I really do apologize because we haven't received an update yet on how to do the process of upgrading your device to the new iPhone 5.
Craig Wiseman: *sigh*
Royco B.: I understand how you must be feeling and I do really apologize for this.
Royco B.: Do you have any questions regarding the information we discussed today?
Craig Wiseman: Yes. Why can't you answer my questions?
Craig Wiseman September 13th, 2012 08:18:46 AM
If you're mad at Carrier IQ, then you are doing exactly what the carriers want you to.
The surprising thing is that the ire has been directed at Carrier IQ themselves. Why? If someone runs you over in their car, you don't write a stern letter to Ford. Carrier IQ made and sold an invasive piece of software, certainly. But they didn't install it on your phone. Sprint [and AT&T] did. Full Story
Craig Wiseman December 4th, 2011 09:17:05 AM
So, we've waited for years for IBM to update Domino's SSL/TLS implementation. There have been other ideas on this expressed.
Now, it seems that the implementation is vulnerable... and since we don't have current TLS options, we have no native Domino solution. It realllly looks like neglect, but perhaps there's a better expression.
Update: John James has something useful to say about the SSL/TLS vulnerability here.
Craig Wiseman September 21st, 2011 11:46:25 AM
For you folks in Irene's path, I certainly "feel your pain". Yep, that lil red dot was me in 2008 when Gustav hit. In the northeastern quadrant of the storm (always the worst part of the storm).
I was a bit further away from Ike (2008), Katrina, and Rita( 2005), so all we got then was heavy rain & moderate winds.
The best thing to do in a hurricane is NOT be in its path. You can always rebuild a building, but people ... not so much. That's one reason I like hurricanes better than earthquakes, tornados, etc. You can see them and get the $*$)# away. I urge you to do so. Follow Monty Python's advice and run away.
Hurricane Gustav, 2008
Craig Wiseman August 26th, 2011 11:33:46 AM
A video walkthrough of the unholy marriage of BlackBerry and Android
BlackBerry fans everywhere were astonished Thursday when an early version of the Android Player for the PlayBook leaked out and their little tablets suddenly became usable. Usable as in once you've got Android running on the PlayBook, you suddenly have an e-mail app. Craziness!
Pretty cool stuff, especially since it's running Android 2.3.3, and there's a good chance your phone doesn't even that yet. Glad we could help you out there, RIM.
Craig Wiseman July 22nd, 2011 04:56:07 PM
This is a simple little tip, but since it's a new(erish) thing, I thought I'd post on it.
Problem: I have two emails I want to have open at the same time so I can compare or work with them.
|Find the first email in whatever folder it might be, and right click on it. |
Choose "Open in New Window"
|Find the second email in whatever folder it might be, and right click on it. |
Choose "Open in New Window"
You now have each email opened in it's own window. Feel free to arrange them any way you choose:
Craig Wiseman May 6th, 2011 01:49:15 PM
What? You thought "insane" only applied to the greatness of their products?
(Reuters) -...In line with its infamous philosophy of maintaining absolute control over its products, sources said U.S. Apple stores are replacing screws on iPhone 4s brought for servicing with tamper-proof screws to prevent anyone else from opening the device.
Kyle Wiens, chief executive of iFixit, a prominent Apple repair and parts supplier, said the purpose of the new screws is to keep people out of the iPhone and prevent them from replacing the battery. He said he noticed in November that screws were being switched.
The rest of the story
Craig Wiseman January 22nd, 2011 08:14:34 AM
It's kinda always fun to see who gets it right(erish).
Detailing the expected hardware changes for the iPad and iPhoneComments (0)
The latest batch of rumors about the hardware architecture of Apple's next-generation devices is coming fast and furious. So far, they suggest that Apple is moving to Qualcomm baseband radios, beefing up the GPU with the latest designs from Imagination Technologies, doubling the CPU cores, and giving the iPad the higher-resolution display it so richly deserves.
There's a lot to take in, so we decided to take a look at these rumors with an eye on what we expect to see announced this year.
The Rest of the Story
Craig Wiseman January 17th, 2011 03:34:12 PM
I've been thinking (and praying) a lot lately about (and for) the folks in Tuscon. And then the blame game that ensued, well, that's made me almost as sick as the actual event. Beyond Tuscon, there's been a lot of other violence and tragedy and more tragedy happening.
Take a couple of minutes and watch this NASA video. It's worth it. What we say about each other, and how we treat each other one-on-one, on the interwebs, and everywhere is important. What we say has impact. What we do has impact. I'll steal a quote: Treat each day as if it were on purpose.
Craig Wiseman January 15th, 2011 08:11:22 PM
Ever been pouring creamer into your coffee and think to yourself, "Wonder if this would burn?". Perhaps not. But here's what happens when you take 500 pounds of coffee creamer + oxygen + flame and see what happens. I saw the whole episode the other day and just laughed. Mythbusters just plays on that part of me that never grew up.
Craig Wiseman January 15th, 2011 03:00:53 PM
You, know, I can't even think of a pithy (printable) comment for this.
"The combination of Sports Illustrated Swimsuit brand with the amazing 3D capabilities of Sony's network-enabled devices makes for a great consumer entertainment experience," Tim Schaaff, Sony Network Entertainment President
Please feel free to frame the joke most appropriate for your mood. Here's the whole article, and a link to it:
Sony, Sports Illustrated Bring Swimsuit Issue to 3D TVs
By: Leslie Horn | 01.07.2011
While 3D TVs haven't exactly gone mainstream, fans of Sports Illustrated's annual swimsuit edition might want to think about investing in one. Sony has signed a deal with the magazine to bring the 2011 Sports Illustrated Swimsuit issue to the PlayStation Network in February, the companies announced Wednesday..
"Just when you think the bar couldn't get any higher for the Swimsuit franchise, we've raised it once again with our partners at Sony," Mark Ford, president of the Sports Illustrated group, said in a statement. "Swimsuit in 3D has extraordinary potential and we're thrilled to deliver its millions of fans a new perspective through the exciting world of 3D video.
"When the magazine hits newsstands on Feb. 15, both 3D and 2D video content will be available to rent or buy via the PlayStation Network video-delivery service on PS3 consoles. It will also be accessible via Sony's Qriocity streaming-video service and on 3D-enabled Bravia HDTVs and Blu-ray players.
"The combination of Sports Illustrated Swimsuit brand with the amazing 3D capabilities of Sony's network-enabled devices makes for a great consumer entertainment experience," Tim Schaaff, Sony Network Entertainment President, said. "We strive to deliver unique content to our users, and are delighted to offer this first-of-its-kind high definition 3D Swimsuit video."
Will this energize 3D TV sales for Sony? According to Nielsen's State of the Media 2010 report, the future of the 3D looks dismal. The study said only two percent of consumers own a 3D set and only three percent "definitely" plan to buy one in the next 12 months.
Craig Wiseman January 8th, 2011 02:26:36 PM