Computer Internet network security News

You’ve got mail!!!

For far too many people this little canned voice is nothing but a harbinger of bad things to come. If your system has been targeted by one of the hundreds of email scammers proliferating the Internet, your headaches have just begun.

Should a hacker invade your inbox with a virulent email, you will have to take immediate and aggressive action. Often this results in ultimate frustration, not to mention time gobbling effort.

The wisest thing one can do to protect their email from malicious attack is to install email filters that work tirelessly in the background to protect your system and its content.

In addition to installing email filters, you can give yourself a modicum of security by adhering to the following:

Spammers like to send innocent looking emails with “Remove” in the subject line. Unless you are confident of whom the email is from, you should NEVER reply to its sender by clicking on the “remove” link. Even though the body of this mail may contain detailed instructions outlining the procedure to remove your address from their mailing list, don’t be fooled. Spammers like to include these links so users will think the offer is legitimate. Most of the time, they are nothing more than a fishing expedition to see if your email is working and legitimate. Once they get this information, look out – life as you know it will not be the same. Word to the wise: Delete, delete, delete!!!

Turn the tables on spammer spiders by altering your email address on line. Spiders harvest email addresses by crawling the net, surreptitiously capturing email address from guest books, registration services and white page directories. Instead of posting your address as: “person@thisplace.com”, type in: “person at http://thisplace.com”. Spiders will skim their sneaky little legs right on past and you will never feel their sting.

You should guard your email as diligently as you do your personal address and home phone number. Use a primary email address for contact with friends, family and business connections, and set up a secondary email address for all online forms. Free email accounts are available on the web from providers such as yahoo and hotmail – these companies spend astounding amounts to protect their servers from malicious content, so most spamming attacks are blocked at the outset.

Installing and maintaining email filters can effectively snatch the welcome mat out from under the feet of spammers lurking in the doorway of your operating system. You can program them to automatically delete any unauthorized email before it can be opened, but most users like to retain the option of either white listing or black listing senders. Email filters allow all white listed (wanted) email to reach your inbox, while blacklisted addresses (those you have not authorized) will be spiraled into the refuse bin.

This can sometimes lead to a catch-22 situation. Your email filtering program must be set up so it does not inadvertently block legitimate email. In these days of world wide commerce, even one mistakenly blocked email can have a detrimental impact on our business. So, when installing an email filtering program, make sure it is equipped with the technology that can combine variables including specific criteria, real time research and intelligence data in order to ensure you are not throwing the baby out with the bath water.

Distrbuted by
One Week Marketing Review
One Week Marketing Scam

Access valuable hints about diablo 3 cheats – welcome to your personal knowledge pack.

Email security Email security, spam mail, spamming

 Do not ever reply to any e-mail that asks you for any personal or financial information no matter how official it looks. Banks, credit card companies, brokers, the government and any other legitimate entity will never ask you to click on a link and supply any kind of personal or financial information. If they include a telephone number for you to call, don’t! If you feel that the message is legitimate then look up the actual web site address, or telephone number, from a statement or invoice and use it. Even if the link in the email looks real, it isn’t. It’s easy to make a link look like it goes to one web site but really have it go to another.

Never give any sensitive personal information out to anyone who calls you and asks for it. Simply ask for their name, telephone number and extension and tell them you’ll call them back. Then, check that telephone number against a number that you find on a statement or receipt. If it doesn’t match, call the number that you found and tell someone what’s going on. If it’s a real message they’ll figure it all out for you. If it’s a fraud, they’ll tell you. If all of this advice comes too late for you because you already fell for the phishing trick hook, line and sinker, then you have to take immediate action for damage control. Immediately contact the actual company, bank or other agency, explain what happened and then let them close your account and issue you a new one. You should also contact the authorities and file a report. this will protect you later if creditors come after you for bills that the thieves ran up in your name. If you live in the U.S. you can learn more about phishing by visiting the Federal Trade Commission Web site at www.ftc.gov or calling toll-free 877-382-4357. Canadian residents should visit the RECOL (Reporting Economic Crime Online) web site at www.recol.ca. U.K. residents can go to www.met.police.uk/fraudalert/identity_theft.htm for more information. Computer security is a serious and ongoing issues which requires your constant vigilance. Don’t let your guard down or you could end up being a victim.

Phishing Email security, financial, information computer

The original motivation for identity-based encryption is to help the deployment of a public key infrastructure. More generally, IBE can simplify systems that manage a large number of public keys. Rather than storing a big database of public keys the system can either derive these public keys from usernames, or simply use the integers {1, … ,n} as distinct public keys. We discuss several specific applications below.

Revocation of Public Keys

Public key certificates contain a preset expiration date. In an IBE system key expiration can be done by having Alice encrypt e-mail sent to Bob using the public key: bob@hotmail.com || current-year . In doing so Bob can use his private key during the current year only. Once a year Bob needs to obtain a new private key from the PKG. Hence, we get the effect of annual private key expiration. Note that unlike the existing PKI, Alice does not need to obtain a new certificate from Bob every time Bob refreshes his certificate.One could potentially make this approach more granular by encrypting e-mail for Bob using bob@hotmail.com || current-date . This forces Bob to obtain a new private key every day. This might be feasible in a corporate PKI where the PKG is maintained by the corporation. With this approach key revocation is quite simple: when Bob leaves the company and his key needs to be revoked, the corporate PKG is instructed to stop issuing private keys for Bob’s e-mail address. The interesting property is that Alice does not need to communicate with any third party to obtain Bob’s daily public key. This approach enables Alice to send messages into the future: Bob will only be able to decrypt the e-mail on the date specified by Alice.

More at http://crypto.stanford.edu/ibe/

Encryption Email security, Encryption, identity-based, public-keys

Stands for “Blind Carbon Copy.” When you send an e-mail to only one person, you type the recipient’s address in the “To:” field. When you send a message to more than one person, you have the option to enter addresses in the “Cc:” and “Bcc:” fields. “Cc” stands for “Carbon Copy,” while “Bcc” stands for “Blind Carbon Copy.”

A carbon copy, or “Cc’d” message is an e-mail that is copied to one or more recipients. Both the main recipient (whose address is in the “To:” field) and the Cc’d recipients can see all the addresses the message was sent to. When a message is blind carbon copied, neither the main recipient nor the Bcc’d recipients can see the addresses in the “Bcc:” field.

Blind carbon copying is a useful way to let others see an e-mail you sent without the main recipient knowing. It is faster than sending the original message and then forwarding the sent message to the other recipients. It is also good netiquette to use Bcc when copying a message to many people. This prevents the e-mail addresses from being captured by someone in the list who might use them for spamming purposes. However, if it is important that each recipient knows who your message was sent to, use carbon copy (Cc) instead.

B, Glossary of computer security B, bcc, Email security, Glossary-of-computer-security

Holiday shopping is at the peak and on the other hand the phishers have also prepared their rods. Many of the shoppers will be victimized. Holidays are the easiest time for phishers to strike, because online sites are sending millions of legitimate e-mails to consumers, making it even harder than normal to tell the difference between real e-mail and a fake ones.With legitimate e-mails confirming purchases or letting shoppers know that their items have shipped flooding inboxes, it’s easy for criminals to mimic them and trick recipients into offering up personal information. The following tips can be use to avoid phishing attacks.

• Do not respond to emails asking for any personal or financial information.
• Legitimate companies will never ask you to verify or provide any confidential information in an unsolicited email
• Be cautious when clicking on links within a suspicious email.
• Most phishing emails contain a link that leads to an official-looking web page which requires the recipient to log in or enter some personal information. Though the web page may contain official logos and look exactly the same as the legitimate company’s web site, any information submitted via these spoofed web page(s) will be sent to the perpetrators of the scam.
• If you have any doubt regarding the authenticity of a web site you have been directed to in an email, we strongly recommend that you open a new browser and type the known URL of the company in the browser yourself, or call the company directly via telephone.
• Never log in or enter private information in a pop-up window.
• Be alert for suspicious emails
• Urgent account notifications that are not addressed to you personally but which require action on your part relating to your account(s).
• Customer notifications that contain incorrect spelling or poor grammar.
• .Account/billing email notifications from credit card firms or other financial institutions that do not reference the last few digits of your account number, or that contain no specific details pertaining to your account/billing information or activity
• Account notifications that are delivered to your Bulk Mail folder.

By taking into consideration up tips one can be safe from phishing attacks.

Phishing baiting, Email security, Phishing, phishing-tips

There is no silver bullet or single solution to stop or combat spam, phishing and online deception — it takes a combination of innovative technologies, user education, effective and strong enforcement, and collaboration with industry, business, and governments. The Sender ID Framework is an example of a simple yet innovative, cost effective and easy-todeploy solution, developed in collaboration with organizations throughout the world. SIDF has two parts: a DNS record that identifies SMTP servers authorized to send e-mail,
and an authentication mechanism that uses that DNS record to verify that inbound e-mai is from an authorized server. Together with reputation data, SIDF plays an important role in the fight against spam by authenticating the sender and applying reputation data. This enables valid messages that might otherwise be identified as bad to be delivered to the
Inbox, and conversely keeps messages that are spoofed and do not pass authentication out
of the Inbox. In doing so, SIDF helps protect users from unwanted e-mail, delivers the email
that users want, and helps keep company brands protected from bad messages that
may hurt their reputation and expose their customers to risk.
Sophisticated spammers recognize that domains that have implemented SIDF are highly
resistant to spoofing and phishing attacks and are not worth their time. As adoption of SIDF
has increased, we have witnessed spammers moving to softer targets, providing early
adopters of SIDF a competitive advantage. Large international banks, online retailers such
as eBay and PayPal, and online service providers such as GoDaddy.com and Windows Live
Hotmail have all implemented Sender-ID and have benefited from the protection it
provides their brand and their customers.

Download the full review at Microsoft 

Phishing, spamming combat_spam, Email security, hotmail, Phishing, send_e_mail, spaming, spammers, spamming

Google’s GMail has one of the most robust spam filtering processes in the world. By using Gmail one can put a very strong spam filter check on receiving email.

How to configure 

You must have two email accounts to start with. If you dont have two email accounts then ask your ISP or arrange one more to start.

Suppose you have email name@domain.com. Now, set up gMail , if you don’t have , You’ll need an invitiation to join GMail – to get one, ask a friend who is using GMail to send you an invite. If you dont have friend too then browse around on the web to get one through other website. Once you have it then login to your account and Click on the Settings link, then the Forwarding and POP section.

Check the option for Forward a copy of incoming mail to and type in the second email address.

. Click Save Changes, and logout of GMail.Above is a magic how to get free services from gmail to protect your non gmail email accounts. a very simple trick to save bucks for getting separate antispam software.  I hope you like the trick.

Email security antispam, Email security, email-security, gmail, spam-filter

Since the recipient doesn’t already Know you, you need to send them an introductory email. It must not contain an attachment. Basically, you’re introducing yourself and asking their permission to send email with an attachment that they may otherwise be suspicious of. Tell them who you are, what you’d like to do, and ask for permission to continue.

This introductory email qualifies as the mail Received from you.

Hopefully, they’ll respond; and if they do, honor their wishes. If they choose not to receive email with an attachment from you, don’t send one. If you never hear from them, try your introductory email one more time.

If they accept your offer to receive email with an attachment, send it off. They will Know you and will have Received email from you before. They will also Expect this email with an attachment, so you’ve satisfied the first three requirements of the KRESV tests.

Whatever you send should make Sense to them. Don’t use a provocative Subject line or any other social engineering practice to encourage them to read your email.

Check the attachments for Viruses. This is again based on having virus-checking programs, and we’ll discuss that later.

Email security Email security, email_check, Mail, received_email, recipient, subject_line, viruses, virus_checking

An organization’s email system is a corporate knowledge repository. It can contain vast quantities of useful email information which is often vital to a business and allowing access to this corporate asset can make users more productive.

An email archiving system can provide appropriate knowledge management tools (for example, email records sorting, advanced search and retrieval functions) that enable IT and end users to better manage the knowledge base contained in the company’s email archive.

Email security Email security

There are two main methods for deploying and managing email archive solutions: • A completely in-house solution • A hosted solution in which the archive is maintained at a third party’s data center.  

An in-house email archiving solution involves having your email repository on a server within the corporate building. Perhaps the main advantage of in-house archiving is that the organization’s sensitive information is stored behind the corporate firewall and is handled by its own internal staff. This ensures better control over data integrity and confidentiality. The organization relies entirely and independently on its own resources and can therefore assess its compliance status at any time. The main disadvantage is the upfront costs involved and the sudden impact which the system might have on the company’s IT department. In order to deploy an internal email archive, the company must purchase an adequate email archiving program as well as the hardware (server) which will host the archive.

Hosted solutions require lower up-front cost than in-house solutions. Customers can get up and running pretty quickly without the investment in hardware and IT staff. Running costs are also low since new capabilities and software/hardware upgrades are generally implemented by the provider. In hosted solutions, a software application located on the corporate email server, captures email and migrates it offsite via the Internet to a third party data warehouse for archiving. Authorized users can subsequently access the data stored offsite using a Web browser or compatible email client.

Email security Email security

Minimal user intervention/automation – Company emails have to be archived automatically and with the minimal human intervention possible. • Indexing of records and search capabilities – Archived emails should be indexed, especially the text content, so that search facilities will enable the quick extraction of records to support regulatory audit requests and legal discovery. • Data retention policy control – The system must include configuration features through which the company can define its archiving criteria. These features should at least allow archiving of specific mailboxes and messages from specific domains or email addresses. In such a way, unnecessary contents such as spam and other informal correspondence is automatically excluded from the archive. • Security/tamper-proofing – An email archiving system must be capable of protecting records from loss, damage or misuse. Record authenticity (i.e. preservation of a record in its original state) is one of the key requirements in many of the content regulations imposed by the laws. In addition, archiving programs must include access restriction features. • End-user and management access to archives – This feature allows a company to use its email archive as a central knowledge repository from where authorized users can extract information required during productivity. One further benefit is that it enables authorized users such as compliance officers to access the information contained in the archive themselves without the need for support by IT staff. • Support for multiple messaging platforms – The archiving system should support all major messaging platforms to ensure standards compatibility.

Email security Email security

The new regulatory environment is one of the major drivers behind the increase in demand for email archiving solutions. It is estimated that over 10,000 compliance regulations have been enacted around the world. More stringent controls and severe penalties are forcing organizations to address regulatory compliance more seriously. In March 2004, Bank of America was fined $10 million by the Securities and Exchange Commission (SEC) for failing to retain email records for the time stipulated by the regulation and for failing to submit the information requested by SEC in a timely manner.

Although the data subject to regulatory statutes varies by industry, all records that pertain to the organization’s business activity are subject to compliance regulations. These include employee and client records, correspondence between organizations and financial documentation. For example, the Sarbanes-Oxley Act (SOX), affects all industries and imposes severe penalties on anyone who deliberately alters or deletes documents with the intent to defraud third parties. This act necessitates auditors to retain audit papers for a minimum of five years from the end of the fiscal year. Even though it is a US law, SOX act is also applicable to European companies with US listings as well as to companies which do business with the US. For more information on Sarbanes-Oxley please visit http://www.s-ox.com/

Email security Email security