Categories
Uncategorized

Get an ecard today? Watch out for malware, viruses and poor spelling

Be alert as you read your mail today: fake ecards with loaded exe’s are once again making the rounds…

Oooh, look at the mail that’s piling up:

“You’ve received a greeting ecard”

How exciting. Not.

Today, several mails on my email accounts at home reportedly from greetingcard.org (which Outlook displayed as from alien@got.net).

Good day.
You have received an eCard

To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):

http://somerandomurl.com/e-card.exe

Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!

We hope you enjoy you eCard.

Thank You!

http://www.greetingcard.org

Nope, not gonna do it.

First of all, I’m sure that legitimate ecard companies are better at spelling (‘aviailable’ as you know is spelled available).

Last year, In his post on Not-So-Friendly Greeting Cards, Brian Krebs of the Washington Post calls out the rise of fake online greeting cards that can install keystroke loggers on to your computer, rather than delivering what you thought to be an innocent e-card from a long lost aunt.

Here’s a couple of things to watch for:

  • If a link drives you to an exe file (an executable or application) then think twice. 
  • If the link isn’t from someone you know, think again. 
  • you've been had!If it looks like the mail comes from and directs you to a legitimate ecard site — such as American Greetings.com — be sure that it’s really http://www.americangreetings.com/ by hovering over the URL and verifying the link (see the lower left corner of your browser windows)
  • And when in doubt, copy and paste the URL directly into your browser.

For more about what to do when you see these types of emails, see my post on More greeting ecard spam and what to do about it.  And see my past note on how there’s no immunity from security vulnerabilities.

(Also, here’s the link if the embedded links above don’t work: http://blog.washingtonpost.com/securityfix/2007/07/notsofriendly_greeting_cards_1.html).  You can copy the link as text and paste it into your browser to ensure that I haven’t duped you with a loaded exe. 😉

More info:

Tags: Microsoft, security, antivirus, antispyware, Windows Defender.

Bookmark and Share 

http://tinyurl.com/55hjma

Categories
Uncategorized

New on the Download Center: Microsoft Office Outlook Connector 12.1 Beta

Now available on the Microsoft Download Centre… the free Office Outlook Connector, to access and manage your Hotmail and Office Live Mail accounts with Outlook 2003 and Outlook 2007…

“…including e-mail messages, contacts and calendars for free!

“Outlook Connector enables you to use your Live Hotmail accounts within Outlook:

  • Read and send your Office Live Mail/Windows Live Hotmail e-mail messages.
  • Manage your contacts in Windows Live Hotmail.
  • Use advanced options for blocking junk e-mail messages.
  • Manage multiple e-mail accounts in one place.
  • Manage, and synchronize multiple calendars, including shared calendars to Windows Live Calendar from Outlook.

“Note to Premium Subscribers: The Outlook Connector will automatically upgrade your MSN Calendar to the new Windows Live Calendar beta. Once upgraded to Windows Live Calendar, you will be able to synchronize multiple calendars, including shared calendars to Outlook! You will no longer be able to access MSN Calendar.”

Download details: Microsoft Office Outlook Connector 12.1 Beta

Tags: Microsoft, Office, Outlook.

Categories
Uncategorized

Creating strong passwords (and passphrases) in six easy steps

There’s a good article that was recently posted on on the Microsoft Security At Home web site that outlines how to create strong passwords.

Why should you care? Because last year InformationWeek reported that simple passwords created using short, simple key sequences can be easily cracked:

“For example, a lowly P3 PC running a widely available cracking tool at just 500 MHz was able to guess the password “ChEcK12” in only 26 seconds; and today’s top-of-the-line PCs could perform the same crack almost instantly. (For more examples of just how quickly simple password techniques like this can be bypassed, see this page from McMaster University). It’s scary stuff.”

The article from the Security At Home web site recommends six steps to creating a strong, memorable password:

1. Think of a sentence that you can remember. (see more on “passphrases” below)
 
2. Check if the computer or online system supports the passphrase directly.
 
3. If the computer or online system does not support passphrases, convert it to a password.
 
4. Add complexity by mixing uppercase and lowercase letters and numbers.
 
5. Finally, substitute some special characters and symbols for common letters.

And last: Step 6. When you’re done, you can test your new password with Password Checker, a non-recording feature the Microsoft.Com site that tests the strength of your as you type.

I like the suggestion of using a passphrase which when used as a password is as long as the phrase is in number of characters. As the Wiki notes, passphrases are usually longer than a password, with 20 to 30 characters typical of many passphrases, “making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary.”

So, passphrase of “MydogSpotisblackandwhite” may be better than “mydogspot.” Again, InformationWeek suggests that passphrases can be more secure “because they’re made of a series of words rather than totally random characters, they’re much easier to remember than conventional passwords of similar length.”

More information:

Tags: , , , , .

Share this post: Bookmark and Share

Also available via http://bit.ly/d5xJxE