Tel: 0113 2170419
www.littlefishwebdesign.com
Stop Yahoo! tracking your every move
Wednesday, November 14, 2007
If you have a Yahoo! account, whether to be a member of a Yahoo! group or to use their webmail, you may be surprised to hear that you are now being tracked via 'web beacons'.
If you go to the Yahoo! privacy page and scroll down to the 'cookies' section, you'll see 'web beacons' mentioned.
Now, when you are logged in to Google accounts, you know that Google is tracking your search history, and you can safely assume the same with Yahoo! However outside of Yahoo! services;
"Yahoo! uses web beacons to conduct research on behalf of certain partners on their web sites and also for auditing purposes."
Hmmm...sounds like they're logging more than search history...
"Information recorded through these web beacons is used to report anonymous individual and/or aggregate information about Yahoo! users to our partners."
Ahh...so patterns of our web use can be sold to enable advertisers to use ever increasing ways to get our attention...They do say no personally identifiable information isn't used. What's to stop them saying 'a female aged 23* living in Leeds is most likely to use these sites at this time of day'? It's anonymised data, but still quite frightening when you think about it.
There is an opt-out available - just click the opt-out option on the web beacons page and it's done. Don't press the big 'cancel opt-out' button that appears on the next page - it's not a confirmation button!
* it's just an example!
Labels: searchengines, security
Hacked websites taking over your computer
Saturday, September 08, 2007
For a period of half a day to a day, a major bank website was hacked and serving up exploits, and installing malware. A video on YouTube shows just how scary this can be - if your computer isn't up to date with the latest anti-virus and firewall software (and Window's updates if you are running Windows), you could easily be inviting a hacker to take full control of your system. See more at Compromised Bank Website.
Labels: security
Speed up, stablise and secure your PC
Tuesday, August 28, 2007
It's not often that I buy reports on the Internet, especially not related to improving my PC - I do think that I'm pretty computer savvy (and so do all my friends and relatives that ring me for advice on their PC).
However, one report did catch my eye - it's by a former hacker and despite a little bit of hype in the sales letter, it did seem impressive. And at only $9.95 (less than £5), wasn't too expensive even if I only got one or two ideas from it.
NOW, I wish that I'd seen it before forking out $140 (£70) on 2GB RAM for my PC recently - it was running slowly even with all the pretty graphics scaled back...and try as I might, I could not work out how to improve its speed. I virus and spyware checked...search Internet forums...and in the end, paid for the RAM upgrade.
It's taken me approximately 30 minutes to go through the entire PDF manual (26 pages long) and I have been selective about one or two parts. However, my computer now flies!
Go and see for youself...I give it 5 out of 5!
Turn off ZoneAlarm mailsafe in Outlook
Friday, March 30, 2007
If like me, you use ZoneAlarm as a personal firewall to protect your PC, you'll want to have the latest updates.
After upgrading to the latest version today, I noticed a new function - 'MailSafe', which is a great idea as it allows for sorting spam from genuine e-mails, warns on viruses etc...
However if like me, you already have spam-filtering in place, you might not want to use MailSafe.
I tried to turn it off in the obvious way - start ZoneAlarm, go to the 'Email Protection' tab and click on the 'off' radio button. Next time I started Outlook? MailSafe still started - not good!
This is how I turned it off:
- In Outlook, click 'Tools'
- Click 'Options'
- Click the 'Other' tab
- Click 'Advanced Options'
- At the bottom you'll see a few buttons - click the one called 'Com Add-Ins'
- Click on the 'Buddy Toolbar' entry
- Click the 'Remove' button or just uncheck the Buddy Toolbar option to disable
How not to buy antivirus software
Wednesday, January 24, 2007
If your PC hasn't got anti-virus and firewall software, you may notice some flashing icons in your system tray (next to the clock). These will look official and tell you that you have viruses on your computer and to get rid of them to follow their instructions. These will lead to a website where you can pay for antivirus software. DON'T DO IT!!!
These messages are on your system in the first place due to your lack of anti-virus software and come from unscrupulous programmers trying to either take your credit card details or from unethical anti-virus software sellers. There are plenty of places to buy reputable anti-virus software which doesn't put your credit card at risk.
www.antivirusdownload.com shows reviews of some of the different Symantec anti-virus programs and lists the latest virus threats.
For how to protect yourself with a firewall and anti-spyware software see our previous post "get safe online"
Internet Search Engine Safety
Tuesday, December 19, 2006
McAfee - famous for their antivirus software - compared the safety of five leading search engines earlier this year using their SiteAdvisor to generate website ratings:
"We again find that most leading search engines are similar in the safety of the sites they link to, though AOL replaces MSN as the safest engine and Yahoo! replaces Ask as the engine with the most risky results. Across search engines, we find sponsored results significantly less safe than search engines' organic results. Unsavory e-mail conduct is the dominant security risk although search engine users are also heavily exposed to risky downloads, browser exploits, and scams."They recently revisited these results to see what had changed - the updated report states that search results from Google, AOL, and Ask.com are less likely to lead to dangerous sites than they did six months ago whilst MSN's and Yahoo's results however, send users to more risky sites than in May.
So should we worry? I don't think so, it's more about being aware - overall less than 5% of sites were considered unsafe and most of these were from sponsored results. It also depends on how well protected your computer is as to how much notice you feel you can take of the results.
See the report summary for more details.
Labels: browsers, searchengines, security
Free faster safer surfing
Saturday, December 09, 2006
OpenDNS is a free service with no software to download or install that can vastly improve your surfing experience.
As well as blocking phishing sites and speeding up your surfing, it can intelligently correct typos in your address bar e.g. if you type 'og' rather than 'org' it will still take you to the 'org' site.
It works by you changing your DNS settings. If that sounds scary, don't worry, full illustrated instructions are provided, whether you do this by changing your broadband router settings or on your desktop or mobile phones.
See OpenDNS for more details.
Help I lost my password!
Friday, October 13, 2006
If you've ever had that sinking feeling when you've realised you've forgotten your login, don't worry, help could be at hand. If your password is MD5 encrypted and is stored in a MySQL database to which you have acccess, this post will help.
If you are unsure about the MD5 encryption, follow the instructions below through to step 10 - if the password consists of 32 letters and numbers, then carry on, if not, find another plan! If you are very lucky (and the program isn't as secure as it should be), the passwords won't be encrypted at all and you can see what your password is.
Here are instructions for doing this in cPanel using phpMyAdmin:
- Login to cPanel and click on the MySQL icon.
- Scroll to the bottom of this page and click on 'phpMyAdmin'.
- Select the correct database from the dropdown box on the left hand side.
- In the left hand side list that appears, click on the name of the table that holds your password. NB - unsure of which table? First look for tables called 'user' or 'admin', then start browsing through each table (see step 5) until you find the correct location.
- Click on the tab at the top of page that says 'browse'
- Further down the page that appears there is a small table that shows users and their corresponding passwords.
- Click on the checkbox next to the correct user
- Click on the pencil icon.
- On the page that appears, you'll see a table that you can edit.
- Highlight and copy the 32-digit sequence from the password box and paste it into a new text document. SAVE THIS as a backup.
- Back in the password box, delete the existing contents and type the following in instead: e5f0f20b92f7022779015774e90ce917
- You are now able to login to your admin panel using the password temppass
- Now change your password to something else and don't forget it!!!
Labels: programming, security
Phishing - what web designers can learn
Monday, October 02, 2006
According to Wikipedia "phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures."
A useful summary of a Harvard and Berkeley report into phishing attacks can be found on SEO Chat and it makes for interesting reading. Despite being academic research, the report has real-world implications as people will only buy from, or give their details to, websites they trust.
Phishing attacks are so common place and successful because the criminals behind such sites are one step ahead of many of us psychologically. Read the article and see how vulnerable you are.
20 privacy tips
Sunday, August 27, 2006
Some of these tricks are US-oriented, rather than related to UK practice, but you can definitely learn something from the advice, unless you already practice safe-privacy of course!
1. You can teach a screen saver new tricks.
If you're concerned about others accessing your computer files when you're not around, but don't have time to keep turning the computer on and off, you can password protect your PC screen saver so that only you can deactivate it. To do so, go to the Control Panel (click Start, then select Settings, Control Panel) and double-click on Display. Select the Screen Saver tab and check the Password Protect box.
2. You can find out a lot by reading privacy policies.
Many stores now offer club discount cards that provide price discounts on certain items. Some also allow you to build up points similar to frequent flyer programs. In exchange for these and other benefits, you will be asked to share some personal information. So be sure to read the membership agreement fully, or speak to a member of the store's customer service team if you have questions about their privacy policies.
3. You can get more out of your mail by reading it.
Getting more mail lately? A new law requires financial institutions to clearly communicate their privacy policies to their customers. This means your banks, credit card companies and other financial institutions are sending you their policies on privacy and information sharing. PLEASE READ THEM! Most will allow you to opt-out of their information sharing programs if you so choose.
4. You can give identity thieves the slip by holding on to your receipts.
Many merchants are taking extra precautions to protect their customers from having credit card information stolen from discarded sales receipts. They do this through a process call truncating / replacing the last several digits with asterisks (e.g., 1234 5678 9101 ****). However, not all merchants choose to truncate the number, so when you pay with a credit card, make sure you either keep your sales slip or properly destroy it.
5. Identity theft is as close as your mailbox, so pay a visit to the Post Office instead.
Each payment envelope you send from your mailbox, inbox or outbox is a sitting duck for an identity thief. We often forget how much sensitive information is contained in just one statement stub, whether it is your electricity, water or credit card bill. Don't let it sit there for the taking. By dropping your mail in a USPS collection box, you can dramatically reduce your risk of identity theft.
6. You can increase your security by making it a monthly ritual.
Each month you receive a credit card statement with a list of charges. Each month you should carefully check each statement for charges you didn't make. Call your credit card company immediately to report any suspicious charges. For those who infrequently pay with credit, this may be the first sign that your credit card has been stolen.
7. Fido is a good name for a dog, but a bad password for you.
Hackers know common names people use. Always use a combination of numbers and words you can't find in the dictionary. It's also a good idea to change your password on a regular basis and avoid storing it near your computer.
LittleFish Comment - most hackers use brute force techniques, such as throwing every single word in the dictionary plus names, petnames and anything else they can think of, at your login. To choose a better password, take a simple, memorable sentence such as "LittleFish Web Design has a really useful blog", then write out the first letters of the sentence, including capitalisation - LWDharub - voila - instant password!
8. There's a reducing plan -- for your mailbox.
If you want to receive only certain catalogs, contact the organizations sending you the ones you don't want and ask to be taken off their mailing lists. Alternatively, you can remove your name from most national mailing lists by contacting the Direct Marketing Association at www.dmaconsumers.org/offmailinglist.html#how and click on Preference Services. If you're not online, you can also call the DMA at 212.790.1488. They will put you in a "delete" file that is sent to subscribing organizations several times a year.
LittleFish Comment - In the UK, try the Mailing Preference service. They won't take you off existing lists, but will prevent further unsolicited mail. Try sending mail back with "unknown at this address" printed on the envelope in big letters. It doesn't always work, but hey, it's worth a try!
9. You can give your Social Security number more security by not writing it on the back of a check.
Don't give it over the phone, either. Where possible, try not to use your SSN as your sole identification number. Make it difficult for thieves to steal it by crossing out the parts that contain your SSN or other identifying information when discarding pay stubs, credit card receipts and other such documents.
10. Chat rooms are for chatting, not for dating.
When possible, avoid using your actual name or primary e-mail account and instead use a second alternate online account or screen name as an "alias" when taking part in online discussions.
LittleFish Comment - when setting up an e-mail account for chatrooms etc...make sure that you look through all the settings to ensure that your real name isn't displayed.
11. To read is to protect yourself.
Read the privacy policy of all the sites with which you do business, including your Internet service provider and other individual Web sites. You can to learn the type of identifying information, if any, they collect, how they use it, and with whom it is shared. Look for an e-mail address or phone number to contact in case you have questions about security procedures. Any site that asks for information about you should have a privacy policy statement.
12. There's no place like home for your sensitive information.
Increasing numbers of employers are monitoring employees' e-mail and Web usage in the workplace. To ensure the privacy of any sensitive information, keep it at home. And if you must discuss sensitive issues by e-mail, develop the habit of double-checking the header to make sure your message is going only to the intended recipient and not to a wider "reply to all" distribution list.
13. Strangers can be strange until you get to know them.
The age-old adage, "don't talk to strangers," has been updated in this age of online communications to "don't talk to strangers who ask for information they don't need to know." Unless it's with a trusted company or you feel comfortable with why your information is needed, it's almost never a good idea to release your personal information to someone you have never met. Increase your trust level by reading their online privacy policy statement.
14. You can keep your information private - even in public.
Ever use public computers, such as in the library or cafe? Or do you share your computer with others? As you browse, your cache stores Web sites you have visited so that your browser can store them locally instead of going to the Web site. This helps to speed up your browsing on a private computer, but can also allow your habits to be tracked on a public one. To prevent this from happening, go to the "Preferences" folder in your browser and click on "Empty Cache." Also, be sure to close the browser before leaving.
LittleFish Comment - And ALWAYS ALWAYS ALWAYS logout before closing the browser.
15. ***** is a good name when shopping on the Internet.
When giving your credit card information online, be sure to ask whether they use encryption to scramble your data against third-party viewing and how they safeguard your stored data from online hackers. One of the easiest ways to ensure that you have a secure, encrypted connection while doing business online is to check whether the URL (Web address) begins with "https://" rather than simply "http://" before you transmit credit card information. To be certain, you may wish to install encryption software on your own computer to protect your e-mail and files from others who may disregard your personal privacy.
LittleFish Comment - And look for the padlock icon, either in the address bar, or in the bottom right of your screen. Double-clicking on this will tell you who owns the security on that site - if you are logging into PayPal, then PayPal should own the security certificate. If in doubt, don't.
16. Just because someone offers you a cookie doesn't mean you have to take it.
Browser users often have the option to be notified before accepting a cookie and to accept only cookies that connect with the originating server hosting the Web site that placed the cookie - rather than third-party servers for advertisers, for example. Reputable sites should clearly inform you how they plan to use the cookies deposited on your browser. Various types of software and services are available to help you manage cookies, including those that serve as a proxy or shield between you and the sites you visit. You can opt-out from online advertising cookies by visiting the Web site of the Network Advertising Initiative.
LittleFish Comment - You can always delete cookies - just check your browser's settings and look for 'clear cookies'. You might want to keep some (after all, it does help when the site knows you have visited before and fills in some of your login details), in which case just delete the ones you don't recognise, and believe me, there'll be a few!
17. You can choose your callers instead of them choosing you.
If you'd like to be on the "don't call" list, send your name, address and phone number to the Telephone Preference Service, c/o Direct Marketing Association, P.O. Box 9014, Farmingdale, NY 11735-9014. Major nationwide telemarketers participate in this service. Your local phone company may also offer some "custom calling services" like Caller ID and Call Block which can be used to limit unsolicited calls.
LittleFish Comment - In the UK, try the Telephone Preference service.
18. Records are for remembering more than just memories.
Most e-commerce sites present you with a summary of your transaction before you click a send or buy button. Print this out or save it as a file to refer to later if necessary.
19. Most credit cards companies give you credit when something goes wrong.
If someone steals or uses your credit card number, most credit card companies cover fraudulent charges or limit your liability resulting from unauthorized use of your card. Keep the phone numbers of the credit card companies you deal with in a safe place so you can contact them immediately if something goes wrong.
20. You can stop the e-mail before it becomes mail.
Getting mail is fun but if you'd like to cut down on the amount of unsolicited commercial e-mail, you can contact the e-Mail Preference Service (e-MPS) offered by the Direct Marketing Association. You can register with the service by logging on to http://www.e-mps.org/. All DMA members who wish to send unsolicited commercial e-mail must purge their e-mail prospecting lists of the individuals who have registered their e-mail address with e-MPS. The service is also available to non-DMA members.
Labels: security
Preventing online ID theft
Thursday, February 16, 2006
Press Release from http://www.btplc.com/news/articles/:
BT today published a ten-point guide to help prevent internet users becoming victims of the growing threat of online identity theft.
The guide appears in an internet security report published today, written in conjunction with CPP, Get Safe Online, Lloyds TSB, Metropolitan Police and Yahoo! The report highlights the growth of online threats, the current situation and what the future holds.
For instance, 8% of UK PC users fall victim to online fraud and 15% know someone who has been targeted by an internet criminal. However, the report shows that customers are not taking appropriate, available steps to protect themselves - one in ten people questioned, for example, indicated that they would have no qualms about giving their credit card details to an unidentified third party.
"Online identity fraud is a growing and, until now, a silent part of fraud in the UK, which accounted for £1.7 billion last year - £35 per adult per year," explained Ray Stanton, head of security at BT Global Services. "We want to make sure that people are aware of the threat and are protecting themselves online, so they can enjoy the benefits of the internet."
"Criminals are always looking for new and easy ways to make money," explained DCI Stuart Dark at the Metropolitan Police. "Online identity theft and fraud are the latest techniques. By protecting themselves against the growing threat, users are also protecting others, so we urge everyone who uses the internet to follow the ten point guide."
Follow this link for more information on the ID Security report
http://www.btplc.com/onlineidtheft/onlineidtheft.pdf
Labels: security
Get Safe Online
Sunday, October 30, 2005
Get Safe Online in its own words "...will help you protect yourself against internet threats. The site is sponsored by government and leading businesses working together to provide a free, public service."
It's split into 3 sections - Protect Your PC, Protect Yourself and Protect Your Business to be relevant to everybody from home users to small business owners.
It's sponsored by the UK Government, BT, Dell, eBay, HSBC, Lloyds TSB, Message Labs, Microsoft, the National Hi-Tech Crime Unit, Secure Trading and Yell.com so you know that the site knows what it is talking about!
Take a look, and also consider these free* software packages to protect your PC:
- Adaware - Removes spyware
- AVG Antivirus - Removes viruses, worms, trojan horses and other nasties
- Spybot Search & Destroy - Removes spyware
- ZoneAlarm - Free Download- Firewall software
Labels: email, resources, security, spam
Links
- Website Tips
- Resources
- Domain Names
- Turnkey Websites
- Blog Disclosure
- Online Marketing
- Online Marketing
- Programming Howtos
- FREE web hosting
Previous Posts
- free link building tool comment kahuna
- What's happened to LittleFish Web Design
- How linkable is your blog?
- Stop Yahoo! tracking your every move
- Grab your free copy of Lucid SEO
- Wordtracker coupon code - 15% discount
- Free Wordpress theme generator
- Comprehensive list of CSS techniques
- Web 2.0 online generators
- Tracking your e-mail marketing campaigns