Concerned about online privacy? So is Microsoft’s Peter Cullen. Actually, it’s his job.

There’s a new article and interview up on Microsoft PressPass with my friend and fellow Canuck Peter Cullen from Microsoft on Data Privacy Day & online privacy. (Also available at  The kids are in school today… did I miss a bank holiday somewhere?

When asked about some of the recent research on the concept of online privacy and the threats to online consumer safety, Peter had this to say…

"One big thing was that, while many consumers are very concerned about protecting online privacy, they typically have only a surface understanding of the threats they face. People take basic steps such as using spam filters, deleting cookies and installing anti-virus software, but they’re not necessarily aware of what these technologies do.

"People also have a perception that once their information is online, there isn’t much they can do to protect it. Many people aren’t aware of the controls they have, such as the ability to opt out of behaviorally targeted advertising or new tools in Internet browsers.

"In addition, specific concerns and risks change depending on how people use the Internet. For example, threats to privacy stemming from social networking sites are a large concern for young people and, increasingly, middle-aged professionals. Online finance issues, meanwhile, may affect older people more.

"What these findings tell us is that we must do more to educate consumers. People are making privacy decisions all the time and may not even know it. They must have the right resources from industry, government and nongovernmental organizations (NGOs), so they can better educate themselves about privacy, threats to personal information and ways to safely navigate online. Much like a medical condition: consumers need to understand how the illness occurs, instead of just what medicine to take."

Back in 2007, Microsoft commissioned a survey to find out more about consumers’ awareness of online fraud and how to avoid being scammed and found that…

  • Nearly one out of five surveyed has been a victim of at least one Internet scam.
  • Of those people, 81 percent admitted they did something that led to the crime, such as opening an e-mail that appeared to be from a legitimate person or company.
  • Over half of respondents (58 percent) admitted they had little to no knowledge of current online threats and scams.

Pretty amazing results.

As noted in my post on Cybersafety and staying safe online, I recall from this article in the Seattle Times on cybersafety which included six tips for staying safe online:

  1. Protect your privacy and personal information
  2. Be alert online
  3. Delete junk e-mail
  4. Use strong passwords
  5. Use antivirus software and a firewall
  6. Be smart about downloading

Additional information:

As noted in the article, "Microsoft commissioned focus group research to determine which privacy issues are most important to consumers. The findings were captured in a short documentary that will be screened prior to the panel to inform the discussion. The video is available on Microsoft’s Data Privacy Day Web Site ("

[Added 3:37PM] To answer my friend, Charles’, question…

"The 43% increase [cited in the article] in malware removed in the first 1/2 CY 08 – is that number collected from MSFT apps like Defender & services like OneCare or an industry number?"

This is from the Microsoft Security Intelligence Report volume 5 (covering the first half of calendar2008) and is available here for download from

Delicious Bookmark this on Delicious Bookmark and Share Tags: ,,,,


The new year rings in another bonus: a rise in bogus electronic greeting cards

It’s that time of year again when fake online greeting cards increase in the daily Outlook mailbox and in web based mail as well).

A common give away? The sender is often listed only by first name – no last name – and includes links to various e-card sites: this was from Michelle offering "Happy Wishes!"

Michelle has created the ecard.

Here’s your greeting card: [this one from included a URL from]

Thank you, team.

As I noted in a post last year on the subject, Brian Krebs of the Washington Post highlighted this problem in his post on Not-So-Friendly Greeting Cards.  Krebs noted that the rise of fake online greeting cards that can install keystroke loggers on to your computer, rather than delivering what you thought to be an innocent e-card from a long lost aunt.

"You might want to think twice before opening that e-greeting card sent to you via e-mail. Cyber crooks have recently been blasting out millions of fake online greeting cards in the hope that recipients will click on the included links and infect their computers with password-stealing viruses.

"Previous e-greeting card scams harbored their viral payload in an infected e-mail attachment, but fraudsters now are simply embedding links in the fake card messages. Anyone who clicks on such a link without the benefit of the most recent security updates for their Web browser is likely to have their PC silently whacked with an invasive keystroke-logging program.

"… It is sad that the state of e-mail security has come to this, but Microsoft Windows users would be well-advised to simply delete any e-greeting cards that land in their inboxes."

For more info, see the Wiki link on the Storm Worm, and here on Symantec’s site.

Also, here’s the link if the embedded links above don’t work:

And see my past note on how there’s no immunity from security vulnerabilities.

More info:

Tags: Microsoft, security, antivirus, antispyware, Windows Defender.

Bookmark and Share


FYI: new scams featuring the IRS logo to get your PII

That e-mail from the IRS? It’s not from the IRS… so says local reporter Herb Weisbaum, an MSNBC contributor, on MSNBC (and the IRS warns taxpayers of the scams in a press release here)….

“The Internal Revenue Service is trying to be more customer-friendly, but it’s not going to pay you for your feedback. The latest phishing scam starts with an e-mail masquerading as a request from the IRS to take an online customer satisfaction survey.

“Like all phishing schemes, this one is designed to steal your personal information. In this case, the bad guys are after your credit card number.

“Click the link embedded in the e-mail and you’ll wind up at a bogus website that asks you to rate the IRS — on everything from courtesy and friendliness to speed of service — and supply your contact information.

“Hit the submit button and you’ll land on a page that asks for your credit card information. The $80 “reward” for taking the survey will supposedly be credited to your account within the next 3 business days.”

As they say, just because the logo looks right doesn’t mean the site is all it reports to be.

Protect yourself: there’s good information out there on how to recognize legitimate websites, particularly the site on the Microsoft Secutity Site page on Recognizing Spoofed Websites & Phishing Scams, with this tidbit on how to verify a site certificate…

Always verify the security certificate issued to a site before submitting any personal information. Before you submit any personal information, ensure that you are indeed on the website you intend to be on.

In Internet Explorer, you can do this by checking the yellow lock icon on the status bar.

This symbol signifies that the website uses encryption to help protect any sensitive personal information—credit card number, Social Security number, payment details—that you enter.

Screen shot of yellow lock icon in Internet Explorer

Secure site lock icon. If the lock is closed, then the site uses encryption. Double-click the lock icon to display the security certificate for the site. This certificate is proof of the identity for the site.

More info…


Bookmark this on Delicious Bookmark and Share

Also available via


Of interest: 10 Events That Impacted The IT Landscape

Informationweek has an article this week that gives “a quick scan of recent events, which have roiled the privacy waters at AOL, at the FBI, and in Europe. Here’s a quick collection of some recent reportage on data breaches, customer-data concerns, and privacy surveys you should know about.”

  1. Study: Data Breaches Becoming More Expensive
    The 2006 average was $182 per compromised record, including the cost of detection, escalation, notification, and follow-up help to victims. The Ponemon Institute’s 2005 study cited a figure of $132 per record.

  2. Customer Data + Carelessness = Pink Slips At AOL And Elsewhere
    AOL IT managers are the latest to join the unemployment line after breaches to customer data. They join IT managers at the Veterans Administration and Ohio University, who lost their jobs after data breaches.

  3. Privacy Worries Spur New Search Engine Tool
    The “Lost in the Crowd” tool was built in response to recent furor over AOL spilling search data on the Internet.

  4. Privacy Group Seeks Federal Probe Of AOL
    The Electronic Frontier Foundation says AOL violated its own privacy policy and FTC regulations and should be ordered to notify the people affected and to stop logging search data “except where absolutely necessary.”

  5. FBI Director, Police Chiefs Support Record Retention For Internet
    FBI Director Robert Mueller claims that requiring ISPs to hang on to data records will help strike a “balance between the legitimate need for privacy and law enforcement’s clear need for access.”

  6. Microsoft Offers Privacy Guidelines For Developers
    The company said it would like to see the industry build a common set of privacy best practices to increase customer trust.

  7. EU Seeks Tougher RFID Privacy Rules
    Some Europeans are concerned RFID tags can broadcast an individual’s personal information without their knowledge.

  8. Survey: Corporate Boards Value Info Over Privacy
    Fifty-three percent of those surveyed say it’s OK to follow people outside of the company and to obtain and review phone records if pretexting is legal.

  9. IT Confidential: The Government Giveth And Taketh Away In Terms Of Privacy
    The courts are finally overruling Internet access and getting practical about the obscurity of personal data contained in legal documents.

  10. Six Tips To Protect Online Search Privacy
    Concerns over privacy and the use of online search are at an all-time high. Here’s how to create a strong shield for privacy.


Lifehacker’s Thanksgiving download: a dozen PC fix-it tools

Of interest is this item on, just in time for the holidays, “Geek to Live: A meaty Thanksgiving download.” In a 17MB download, it promises that they will “save you the trouble of chasing down half a dozen PC fix-it tools in the midst of your post-turkey coma. Instead we’ve put together everything you’ll need to right your famliy’s borked computer into one meaty Thanksgiving download…”

Lifehacker’s Thanksgiving PC Rescue Kit – (zip file, 17MB)

“This zip file contains half a dozen free tools we recommend to scan and clean and protect a malware-laden PC. Either download right now and save to your thumb drive, or bookmark this page for next week’s tech support session. The entire file is less than 17 megabytes, which will leave room on your USB drive for those Neil Diamond tracks Mom asked you to download for her.”

Additional resources:

Also check out my past posts on computer security, here on protecting your pc and here on screen scraping, trojan horses and stronger passwords.

Tags: , , .