Clearing Internet Explorer Cookies and Temporary Internet Files

With current web technologies and companies like Facebook being caught looking into your cookies and how you surf the Internet. An important step to take for both device performance and protection of your privacy is to clear away your cookies and temporary Internet Files.

One way to prevent companies from researching where you go on the Internet and what you look at is to run your browser its unique privacy mode. For Internet Explorer, they call it In Private Browsing. You can go into this mode by selecting the Safety pull-down menu and choosing InPrivate Browsing.

Additionally, you can cut back on the amount of Internet Temporary Files and Cookies that live on your system by choosing to clear these associated files living on your machine / mobile device. To do this in Windows Internet Explorer:

Internet Explorer 9

Select Tools > Safety > Delete browsing history…/.
Make sure to uncheck Preserve Favorites website data and check both Temporary Internet Files and Cookies then click Delete.
You will get a confirmation at the bottom of the window once it has successfully cleared your cache and cookies.
Close ALL applications and reboot your system to make sure you do not have any instances of Internet Explorer running.



Internet Explorer 8

If you’re having trouble with a website, sometimes clearing your Internet Explorer temporary Internet files can help:
Select Tools & Internet Options.
Click on the General tab and then the Delete… button.
Make sure to uncheck Preserve Favorites website data and check both Temporary Internet Files and Cookies then click Delete.
Close ALL open applications and reboot your computer to insure you do not have any instances of Internet Explorer running.

Short Video on How to Tell if an Email is Fake

New trends in malware and security breaches include using personal email address books and sending email from your account, to someone you know. Typically the email may only include one sentence, if anything, an attached link to a website, sometimes with a leading sentences like:
"Check out our recent vacation pictures..."
"The funniest video I have seen in a long time..."
"I captured a picture of you naked"
"Sign up to get a free iPad"
"Your account has been deducted"
"UPS delivery"
"Important Intuit account information"
"IRS fraud notice"


It is the best policy to simply DELETE the suspicious email and NEVER click on the link.


Here is a video that can help you determine if you are seeing a fake email:

Use Google to Find Flights!

Common there are many web sites for good and great flight ticket prices, they are in competition with the direct airlines themselves. It is important that getting a good deal will require you to actually immediately buy what you see, or else the flight will be taken or go away in minutes.
Some of the more well known and reliable sites that post excellent deals include travelocity.com, yapta.com, expedia.com, and kayak.com - Google has now added an entirely new level of shopping around for flights; Google Flights.
Check it out the next time you plan on buying a ticket.

How to Create A Strong Password

Years ago when the Internet was still 'wet behind the ears', using a simple password seemed like a good idea.

Today things have changed and it is critical to update this policy for every individual. There are too many ways for bad people to figure out your password, to leave it as a simple work or word and number. 
Here is a great and quick primer video from Google to help understand how to create a great password.

ALWAYS make a unique strong password for your email so other people cannot verify your password changes.

An excellent blog post "The Top 10 countries with the most malicious networks" over at CountryIPBlocks has re-analyzed this list of data with interesting statistics. This original list claims the US is the biggest offender of malicious networks. This list was sorted by order of the countries with the largest NUMBER OF SPAM EMAILS.

1. United States
2. China
3. Russia
4. United Kingdom
5. Germany
6. Japan
7. Brazil
8. Romania
9. Ukraine
10. Turkey

Unfortunately, these results are skewed by not explaining that there is a greater per capita incidence of Intnet connected individuals. The brilliant people at CountryIPBlocks.net discovered that the ratio of NUMBER OF INFECTED NETWORKS to THE AMOUNT OF SPAM is probably the more accurate consideration. That re-adjusted Top 10 list looks like this:

Here are the results based on percentage of infected networks:

1. Brazil 89%
2. Turkey 54%
3. Romania 39%
4. China 32%
5. Russia 11%
6. United Kingdom 11%
7. Japan 10%
8. Ukraine 9%
9. Germany 6%
10. United States 6%

Password Checker Sites - Use these!

A recent popular Trojan that took account passwords from a famous technical blog site, Gawker.com has been a focus of geek attention.
The UK paper called The Telegraph also wrote about the 25 weakest passwords in use today. These accounts at Gawker were broken into because of weak passwords.
Hackers have been showing more and more interest in breaking into web accounts like Gmail, Hotmail.com, Comcast.net, Live.com, Twitter.com, Ffacebook.com, etc.

While Gmail has released something called 2 step verification as an EXCELLENT option for your Google Account, most other sites are still not doing this.

For a sanity check there are some reliable and trustworthy web sites you can use to test your existing passwords; to see how strong they are.  These great sites let you know if your password is strong enough for today's web:

Microsoft Password Strength Checker
How Secure Is My Password?
The Password Meter
WolframAlpha
our favorite Steve Gibson Password Haystack Webpage 

For creating a very complicated password, consider using Steve Gibson’s  Password Generator Webpage

This is so importnat that we have now published this on both blogs.
- credits to lifehacker.com and grc.com !

Massachusetts Health Services breach

A recent health care breach has been documented. Massachusetts has recently passed a state law forcing health care facilities to report personal information breaches. While this may not be a preventative step it can help others realize when security measures inside bigger establishments are not working. It will force security vendors to be more careful about installations and audits of their technologies in the business.

Unfortunately as of the writing of this post, Massachusetts is a leader in the country for this law, but writing your congress person can help establish the value of this in other states.

The reason for this particular breach was based around losing track of a physical hard drive. This means a device inside of a laptop was not removed, or the hard drive was removed and not locked up or where the hard drive / computer storage facility was not properly secure with physical key monitoring and tracking.

As much as it is a concern about what 'virtual doors' hackers are using, it is possibly more important to have a detailed physical security measures for all hard drive storage and old computer destruction. Probably the most assured way to avoid stolen data from old hard drives is to destroy the hard drive data, or the device completely.   
For more ideas and considerations for enterprise hard drive handling, contact Menlo Technical Consulting today for an upgrade to secure corporate data.

Rules to Protect your Kids and Family (from Eset's Newsletter)

Here is a great general list of eight rules from eset.com - as part of their Cyber Security Awareness month. They have a tremendous news blog at eset.com discussing all kinds of recent Internet and personal privacy issues.
This list is important as a general rules list for families and individuals,  to help protect identity and online scams.

CyberTips: How to protect your kids onlineUse of social media in all age groups almost seems ubiquitous.  Advising children and teens in both the cyber world and the real world is  a difficult issue to navigate. Here are some tips you should consider to keep your children safer on social media sites (and some of them might help you as well): Let your kids know that you trust them, but that you (and they) can’t always trust others online. Be sure they understand that the reason Facebook is free is because Facebook sells their data to others. Remind them to review their Facebook and other social media accounts' privacy settings, at least monthly. Get a Facebook account yourself and ask your children to “friend” you. Get them to change the settings in their smartphone to remove location data from pictures. Be sure they know that pictures taken by friends and posted on social media are out of their control and can be embarrassing, if not worse. Encourage them to keep their whereabouts private (don’t “check in” to a location). Remind them that “online is forever.” What seems cool today can ruin a relationship or a job opportunity in the future.

The only addition that Menlo Technology encourages is to design two different identities for social websites. Each identity should have an incorrect spelling of a last name like Smiith or possibly SmithFB and completely different birthday and year of birth. To not forget these profile changes, using the same incorrect spelling and date of birth will make it easy to use on a regular basis. 
For more news of current topics and news about the Internet, check out our other blog as well at http://menlotechnical.wordpress.com

National Cyber Security Awareness Month

Not necessarily the most interesting topic, it is worth mentioning ~ this is
National Cyber Security Awareness Month

While many people are concerned about their family noticing what they write and do over the Internet, it is more important to figure out how to avoid hackers and unsavory characters from stealing your identity.
The StaySafeOnline.org website has offed up quick reference sheets to help explain what kids and parents can do to be safe while using the Internet.
Here are SOME of the quick links directly to their PDF files for the general public:
1) Online gaming tips for kids
2) Online gaming tips for parents
3) Internet safety and security for college students
4) Mobile safety tips
5) Social Media safety tips

Also posted on the Wordpress blog (Menlo Technical Blog I)

Symantec SPAM Guessing

According to the Symantec security blog, there s a new tactic of harvesting / guessing email addresses from every domain name. They have programs that run through all possible first names against public domains (basically almost all domains), and check to see if they get a refusal or if they are accepted and delivered. More importantly Symantec is claiming Small Businesses are being specifically targeted for private information, since they are more careless about their information and security protection practices.
Here is what the blog says:

In fact, cybercriminal see SMBs as a prime target. Back in July, we talked about how some types of attacks more frequently target SMBs.  We keep finding examples of why SMBs can’t let down their guard when it comes to security.  Recently, we’ve seen targeted spam attacks become a problem for small businesses.
For example, spammers are increasingly using a traditional technique called a ‘dictionary attacks’ against SMBs.  This trick uses dictionaries of first names and last names combined with a target domain. Spammers generate millions of potentially valid email addresses for a single domain. Spammers might try the following name and/or word variations:

john@companyname.com
jsmith@companyname.com
johnsmith@companyname.com
sales@companyname.com
info@companyname.com

An attack like this can be a problem for a large enterprise – even those with anti-spam technology in place – because the servers are still forced to accept the email connection, even if they are going to reject it because the user doesn’t exist.  But imagine how this can impact an SMB with a server designed for 250 or fewer users.

The entire article can be viewed here.

GMail, Google Calendar and Google Docs Offline

As more clients find purpose and use in Google Apps, we are often asked about functionality while away from Internet access. Google recently announced Google Offline, which gives that exact feature to some of their products.

Simply install Google Chrome on your Mac or Windows machine and download the Offline App from the Chrome store for free.

Then, while on a plane without Internet access or even before turning on a battery draining WiFi card in a laptop or mobile tablet, prepare emails in Google Offline and access your calendar and documents (documents have not been made editable offline, but they are working on this to get make it available ASAP).
When completed with your emails, reattach to an Internet WiFi hotspot (that is WPA/WPA2 protected!!) and send your emails.
According to the GMail team's recent announcement:

Google Calendar and Google Docs let you seamlessly transition between on- and offline modes. When you’re offline in Google Calendar, you can view events from your calendars and RSVP to appointments. With Google Docs you can view documents and spreadsheets when you don’t have a connection. Offline editing isn’t ready yet, but we know it’s important to many of you, and we’re working hard to make it a reality. To get started using Google Calendar or Google Docs offline, just click the gear icon at the top right corner of the web app and select the option for offline access. 

 This again shows how forward thinking Google is with their cloud technologies. For those mobile professionals looking for this technology built into their mobile devices, consider the laptop replacement called the chromebook. It comes in both wi-fi and 3G releases. 

Waitress Steals Credit Cards of Bad Tippers

A recent case in New Port Richey, FL where a waitress had a portable magnetic card scanner and passed customer credit cards through it for people who didn't tip her enough, or made her work too hard - in her own opinion.  Once the card was scanned on the device, it was processed and the card was recreated and used in local stores.
According to the linked article written by Marcie Geffner:

...That's a cautionary tale for restaurant diners and a good reminder to practice safe credit card habits:

• Try to use credit and debit cards only at reputable merchants.
• If in doubt, pay cash.
• Watch out for red flags, such as a credit card that's taken out of your sight for a too-long period of time.
• Monitor your credit card statement for fraudulent transactions.
• Report any unauthorized use of a credit card to the card issuer as soon as possible.

Follow her on Twitter: @marciegeff

The waitress didn't create the credit cards directly, but was a link in the process of passing on  the cards through the syndicate. If this is happening in one location, you can be sure it is happening in others around the country.

Employee Purchasing in the Enterprise - survey results

Companies that have grown too quickly and lack IT device purchasing policies, or reduced workforce within in the IT divisions have been prone to allowing employees make their own purchasing decisions, or worse yet (for security reasons) use their own home devices to access corporate servers and email. This directly impacts the Intellectual Property security within that organization.
Recent article "Tablets Gain Ground"by Lauren Brousell in CIO magazine discussed survey results the statistics based around these issues. 

CIO Magazine has recently taken surveys and compiled data from about 260 CIO level respondents for current purchasing and corporate access trends within businesses:
1) 36 percent allow employees to access corporate email on personal devices
2) 23 percent allow access to corporate applications
3) 6 percent  allow workers to buy their own devices (it is not clear if they were requiring their employees to stay within purchasing guidelines.)

The conclusion is employees who purchase their own devices (laptops, mobile phones and tablets) are given limited access to corporate networks, if any. Mostly the employees are given access to the Internet from within the buildings, but also forced to sign employee policy riders that put responsibility and liability on the individuals - that could lead to termination.

Microsoft Security Essentials Uninstalls Google Chrome

According to a recent Wired article, Microsoft Security Essentials  recently identifying Google Chrome Browser as a Trojan.  This issue has been identified by both Microsoft and Google, and they are working on an update.

Microsoft’s Security Essentials anti-malware tool has mistakenly identified Google Chrome as a password-pilfering Trojan — and actually removed the browser from many users’ machines — but a fix for this rather amusing false positive is now available.

Here is the Wired article...

UPDATE 3/15/2012: This has since been repaired. Typically events like this are not uncommon; security software removing real software from other vendors. 

Firefox 7 Update - How to restore the address bar to show the full address
From Lifehacker:

... reader David has a simple solution.
1. In Firefox's URL bar, type in: about:config and agree to the pop-up message.
2. Search for: browser.urlbar.trimURLs.
3. Double-click or right-click and select "toggle" to change the value to false.
Now you'll get the full HTTPS or HTTP in the URL so you won't be confused on whether you're viewing a secure site.

How Sophisticated is a 2008 Computer Trojan?

On December 17, 2007 a Symantec security researcher Liam O Murchu discovered a Trojan that is called  Silent Banker. While McAfee names the same Trojan Spy-Agent.cm, it is the same beast. According to the Symantec website, the Trojan horse program was identified perform the following functions:

...records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.

Since this discovery it was reviewed again in October 2008 and had grown very sophisticated since it was discovered. According to this review, the software digs deeper into the affected computers, by using rootkit technologies which once installed, sits under the Windows operating system - which means it is even harder to detect by anti-virus software. This Trojan horse has regular communication with its authors, and maintains the website pages for over 400 financial institutions around the world, including the major US firms. When an infected machine his directed to a bank like Chase, the user is immediately redirected to a fake version of the Chase site, with a replica version of the bank's webpage. From there, it skims the user name and password (even for the highly acclaimed two factor authentication bank sites). This infection continues to update itself and send user name and password information back to the Trojan authors and can exist on computers until the machine is completely reformatted and reinstalled.