Certainly it’s a pity when adult is trapped in one of such scams and his or her financial stability is either at risk or completely destroyed. At least adults should know better, scam artists often play on people’s emotions and desires. If adult became a victim of a scam thanks to his or her own greed or lust, well it’s his/her fault. Read the Bible or the holy book of any other major religion and you’ll see that almost all of them describe the sins in similar ways. So if somebody tries to collect the lottery million dollar “winning” or is too lazy to use the basic rules for safe online banking, that’s his/her problem.   

But when we’re talking about children, it’s a whole different story. When adults are looking at the scam offers, they know on the subconscious level that something is not right. The voice of their experience warns them about possible trouble. Whether they listen to this inner sense or not, it’s their choice.

Children don’t have any substantial experience yet in dealing with real life situations. Hence it’s our responsibility as adults to make sure kids know about possible traps that they can encounter online.  

Not even close, my friend. It will be about something you’re very well familiar with yet you never thought about it as a drug (though you really should).

Introducing: Virtual Drug

By the way, marijuana and LSD are not as dangerous as they sound. There are some legal substances that are more dangerous. According to the study published this year in “The Lancet”, alcohol and tobacco are much more dangerous than marijuana or LSD and are included in the list of the 10 most dangerous drugs in the world. As you know both alcohol and tobacco are legal, and marijuana is forbidden in most countries. Just a food for thought. You can clearly see from this example that if something is legal it doesn’t necessarily mean it’s harmless and vice verse.

Why did I decide to emphasize this fact? Because today we’ll be talking about something that is as legal as it gets yet at the same time it has high level of risk based on all the risk factors that are usually considered during the analysis of the risk level for potentially dangerous substances.

There are many risk factors that could be considered for such analysis, and the factors could vary. But here are the 3 major factors that are considered in one form or another in all such analysis.

· What is the level of physical harm the drug could potentially cause to the user?
· What is the level of addiction? (In other words, how easy and safe would it be to withdraw from further usage if the user would decide to stop?)
· What is the overall drug impact on society at large?

Soon you will find out what I consider the worst drug on the planet. But first let’s establish a few statements.

Statement 1. Most drugs could be useful in a small dosage.

In order to agree on this it’s enough to remember that many drugs are used as a pain-killers. And some have unique healing qualities that are hard to find in other medications. For example, according to several researches, THC can help to prevent cancer. Let’s not forget that it’s the main active ingredient of marijuana.

Statement 2. The over-dose can seriously harm the individual or cause the lethal outcome.

I don’t feel that for this statement we need to search for any proof – just look at thousands of people dying every year from drugs.

If you think about it, any substance or influence that has high impact on individuals based on those major risk factors and 2 statements mentioned above, should be considered a drug.

So why do we usually limit our comprehension of drugs to physical substances only?

For example, what about all those ads that you see on your TV each and every day that are brainwashing you? (Yes, I know, you can order TiVo or similar services and fast-forward all this trash, but it’s rather expensive and is not used by a large percentage of general public).

Now let’s look at another service that is used by the majority of people on the planet. I’m talking about Internet. Yes, the Internet, this information super-highway. Is it good or evil? It certainly has over-grown its initial purpose of providing the easy ways of worldwide communications a long time ago and now can be not only extremely useful but extremely dangerous as well.

Remember, many drugs can be useful in small dosage, but they are deadly in big portions. The same is true about the Internet.

Paradox, but its danger lies in its extreme usefulness and self-sufficiency. Internet resembles the snake biting its own tail. In a small dosage it’s very helpful - you can get virtually anything on the Internet - from information on any subject to any product.

However, the strongest side of the Internet is at the same time it’s weakest spot.
Since people can find whatever they want on the Internet nowadays, a rare person can restrict himself/herself from not using it for more than a few hours per day.

Let’s scrutinize the Internet through a prism of the 3 major risk factors we listed earlier.

  1) Physical harm or influence on a health of the individual.

There is a whole range of direct and indirect health problems that can be caused by the Internet. Direct health problems derivate from the fact that Internet is most frequently accessed through computers. And sitting in front of the computer screen for long hours without often breaks will lead to diminishing eyesight, headaches, neck and shoulder pain.
But at least direct physical problems are not lethal. Now let’s look at indirect ones. On the Internet, you can get both legal and illegal products with almost the same ease.

Hacking manuals? Drugs? Illegal weapons? Money laundry? Pornography? People can get anything, and it’s much more difficult for authorities to track the source of delivery than if the trade would take place in a physical world.

And people get a sense of pseudo-safety since they do not physically participate in the trades, and they don’t see criminals with guns and all other usual attributes of such “meetings”. In reality if they are buying/selling “stuff” from their homes it doesn’t mean they can’t get in trouble or seriously hurt/killed participating in such “deals”.

There are numerous other ways that Internet can be used to trick people into different scams (through phishing, spamming, etc). And people can be seriously hurt.

Not to mentioning online predators who use popular social networking sites and chats to find new victims. Of course there are filters that could be used to limit children exposure to sites with sexual content and to potentially dangerous chats and forums. But they are not 100% effective – child can simply go to the computer without filter.

Sure, you can say that these examples have nothing to do with the Internet, all those crimes could happen in the offline world too. And my answer to you would be: Internet made all those things much easier, more accessible, lightening fast and available worldwide. At the same time it provides the false sense of pseudo-safety. All things combined, it increased crime ten-fold.

I hope now you can see that based on the “physical harm” risk factor this virtual drug deserves to be placed on the highest position.

  2) Now let’s look at another risk factor – addiction.

How many times per day do you check your email? How many hours per day do you spend online? Come on, be honest. And if you would be unable to check news or chats, see your favorite sites or check emails every day would you feel uncomfortable? Wouldn’t you try to find wireless access asap to login your laptop? Even when you’re on vacation? I rest my case. For many people it’s almost impossible today to live without the Internet.

Which brings us to the last risk factor:

  3) Drug impact on society at large.

None of the currently existing physical substances has even remote impact on society as Internet does.

And I am not talking here about the positive influence of the Internet, far from it. Millions of people around the globe have buried themselves in the virtual world trying to avoid a harsh reality of the physical one.

Millions and millions have been scammed out of their last pennies through different MLM schemes, Forex/stocks super-returns schemes, spending tens of thousands of dollars buying “how to become filthy rich in 1day” type of “manuals”, etc.

Countless millions of Internet users spend all their “free” time and sleepless nights online trying to build their online businesses. While there is nothing wrong with this approach, it doesn’t hurt to remember that only 5% of such businesses succeed and you need a substantial set of skills to become successful online or a budget to hire people with those skills. And the rest 95% lose all their money, hope and in many cases – their families too. Not many spouses are willing to put up with their better halves spending all the time on the computers…

Here you have it - brief introduction to the Virtual Drug – the most dangerous drug of the 21st century….

So we’d better learn all possible ways to protect our bank accounts…

In the previous article about anti-identity theft measures I mentioned that you can employ the credit card monitoring services that will alert you when fraudster will try to steal money from your credit card.

Today let’s explore 2 more methods that can help you to protect your money from identity thieves.

Those measures are specific for the USA, but I’m sure there are similar services in other
countries too.

Method 1: Opt-Out from Pre-Approved Credit Card Offers

Ok, so what can you do to sleep better at night? Well, you can get rid of all those
pre-approved credit card offers that pile up in your mailbox. If you need new credit card,
it’s better to apply to a specific credit card, and not the random one you found in your
mailbox. Keep in mind that the credit cards that are sent to you have the advertisement and mailing cost included in the rate they are offering, so you might be better of making your own research first, and to apply to a card with good APR (don’t pay too much attention to initial offer, look at the real rate. When initial offer is over, you’ll still have to live with that credit card.)

If you want a new credit card with low rates, etc, here is a good place to start your credit card research:
http://www.1ezhost.biz/creditcards.html

If you doesn’t plan to apply for a new credit card in the nearest future then the mounts of pre-approved offers in your mailbox are not only unnecessary, they could be quite
dangerous. Substantial percentage of identity theft frauds is possible because of the
stolen paper mail.

You can stop vendors from sending you all those offers by calling
888-5OPTOUT (in the USA). I’m sure there are similar services in other countries too, just look on the Internet for the “opt-out option for pre-approved credit cards” (or similar) and add the name of your country to a search string.

Method 2: Freeze Your Credit

When identity theft became a massive phenomenon, banks and government tried to work out the solution that would help people whose identity was already stolen.

One of the worst things with identity theft is not when somebody got access to victim’s credit card number and made several purchases through this card. After all, credit card
balances are usually rather limited.

The worst thing is when fraudsters gather enough information about the victim to be able to apply for new credit cards on this person’s name, and provide different mailing address. So it could be a long period until the victim realizes that he has many more open credit cards that he actually applied for. Quite often it’s happens when person tries to apply for a loan, and bank declines his request, states that victim’s credit score is way below the acceptable minimum and shows him and outstanding balances for all the credit cards he “used”.

To help victims, credit agencies suggested to implement credit freez. Basically, this means that no one with the credentials of identity theft victim would be able to apply for any credit card or loan until credit freeze is raised.

Of course, the worst case scenario wouldn’t happen if a person use credit monitoring
services I mentioned earlier, many people still don’t use it.

Credit freeze is convenient, it could be raised for a small fee for a limited time, and
then applied again. The only problem is, in most states it was unavailable to a general
public, this law was only applied to identity theft victims.

Kudos to California. It was the first state that implemented credit freeze (in 2003).And
double Kudos to California for allowing general public also use this law to their advantage.

Other states agreed to apply this law for identity theft victims, but were not so quick to
apply it to the rest of consumers. Many states implemented this law in 2007.

At the beginning of 2008, several more states (Arkansas, Massachusetts, Maryland,
Tennessee and Utah) will join the group. The latest will be Washington, it will allow
credit freeze at September 1, 2008. Overall, by 2008 credit freeze will be implemented in
40 states.

Here is the how you can find information whether credit freeze is available in your state
or not, and if it’s available, how to apply.

Go to http://consumersunion.org/securityfreeze.htm

I’m not sure whether credit freeze is available in other countries or not. If it’s not
available, then contact your politicians. It’s one of the most efficient measures to
prevent identity theft. Hackers will always be several steps ahead of any online security
system that could be invented. So it’s better to pay a few bucks to lift a credit freeze
when you actually need a credit card or loan, and then apply it again than leave your
credit unprotected.

There are 3 main purposes for such attacks:

1) steal products/ services offered on a website,

2) steal information stored in the databases (both personal information and credit card details)

3) proceed further and use initial vulnerability to gain additional privileges on a server and ultimately, to obtain root access to the server.

Let’s talk today about second purpose of website hacking - obtaining both physical mailing
address, and credit card records that could be used for Identity Theft or simply re-sold on
the Internet.

When hacker tests different methods to get unauthorized access to the website or web application, he most likely use slave computers for this purpose (also called slave bots) or proxy servers or the combination of two.

Granted, it might be difficult for investigators to establish the real source of attack, such as ip that was used for the attack execution, but still it could be potentially risky for hackers.

So the easiest way to get their foot in the door of the target system would be for hackers to obtain the login details of a legitimate user, and use those details to perform their further operations.

And it looks like this approach, combined with advanced fishing scams, became very popular lately. In addition to malware, spyware, viruses and worms we now have rather new phenomenon called ransomware.

Ransomware is what the name implies it is - a type of malware that could be used to take hostages and demand a ransom for a victim.

Only in this case “a hostage” is not a person, it’s a computer. Ransomware encrypts all the files on a victim’s machine, so average computer user is not able to decrypt them, and have to pay a ransom to get access to his/her own files again.

Of course if a person performs regular backups of his machine, this scheme won’t work.

Computer user would be able to easily restore all the files from a backup. But this scheme is very successful, so it’s just gives to show you that only a few people regularly backup computer files.

This exact scheme was used in a Monster.com ransom scam that became well-known lately.

Intruders first obtained access to the employer accounts on Monster. How they did it, is not important now - may be they tricked the account holders to open emails with malicious
attachments and installed Trojans on their computers, and then sniffed all the information

that was exchanged between that machine and the other ones. May be they sniffed out the
packets (note that Monster uses http for login screens, not https, hence login data are
past as a plain text) or they might use any other of the numerous hacking methods. The point is, they obtained unauthorized access to the employers’ accounts.

And people who contacted those employers were looking for the job, so they readily provided all their contact details to those employers including phone numbers, mailing addresses, etc.

After collecting approximately 1.6 million records of job applicants, attackers crafted very well written personalized emails to those applicants and tricked victims to open those emails. When email was open, a Trojan was installed on the victim’s machine. Financial information was stolen or files were encrypted and ransom demanded to “free up” the files.

And there is an evidence that similar scheme is now used at another website for job seekers – CareerBuilder.com.

What is the point of this story? It looks like pure hacking has been slowly replaced by the wholesale approach that doesn’t require too much skills – it’s enough to find the way to get millions of records, trick the recipients, install malware or ransomware, steal credit cards or bank accounts data or just encrypt the files on the victims computer– and voila – attackers got some serious cash in their bank accounts.

Be aware of this new wave of data stealing – I would call it “web hacking without hacking”,
and be extremely careful while opening emails from “employer” or any email from un-known
recipient, for that matter.

And it’s not just government video surveillance, take a look at such relatively new features as Google’s “StreetView” and other video programs where your house (and all its PRIVATE land) can be photographed from the space and the photo can be seen by anybody curious enough to peak in your private life. Note that you didn’t give anyone permission to take pictures of your private property. And if your property is behind the fence, then without the space video-invasion it would be difficult to look inside your property without your direct permission (or breaking the law).

But that’s only part of the problem. Don’t you love airport security checks where you have to take off your shoes (be thankful that not your pants)? Sure, it’s explained by the greater good, and it might be necessary, but what I’m worried about is that people are losing the very sense of privacy. If you think about it, any security measures can be explained by a greater good. But where is the border between the security requirements and the total violation of human rights?

Though the line about taking of your pants is a joke, X-ray naked scans can become a reality for the nearest future. It was already tested in UK and US. It looks like everything has been done so people forget even the idea of privacy. I mean how people can maintain self-respect if they can be virtually stripped for no reason at all?

And don’t kid yourself that your naked photo will be stored separately from the file with
your name, address, etc. It’s just doesn’t matter, because all this information can be easily analyzed and records can be matched. In other words, your naked picture can be easily matched to your name.

Do you still have illusion of privacy? May be you think something like this, “I might be scanned, but at least my thoughts remain private”? Don’t kid yourself. Look at government wiretapping that is often done without a warrant. Can it really help to find potential terrorists or it’s just a great substantiation for the eavesdropping on all your calls? May be both, but my guess is that terrorist are capable to encrypt their calls much more effectively than average citizen who has no idea about wiretapping and eavesdropping.

And even that’s not all! Some advocates of “privacy compromise” suggest that all end users should have a second layer of authentication including our biometrics.
Biometrics is just another set of parameters that can be added to the huge data banks that are already used to make a decision about every aspect of your life. It might be and extra security layer for the commerce security. (Though who said that the biometrics can’t be stolen the same way as any other data from the hacked databanks?) But if used for the access to the public services it certainly one further step to the elimination of privacy.

Another suggestion is that we should completely give up our anonymity and authenticate everything, from computers and applications to every ingress and egress connection, in order for the authorities to be able to track down the source of hacker’s attack.
That might help to track down hackers, but combined with space video surveillance, and wiretaps it puts us under almost total 24/7 control.

I’m saying “almost” because now you at least don’t have a computer chip built in your passport. But it’s going to change very soon. Bush administration suggested to implant radio frequency ID (RFID) chips (that can be read remotely) into each passport issued after October 2006. And other governments (including UK and Britain) have similar plans. This means that your name, nationality, sex, date of birth, place of birth,
photograph (and in the nearest future biometrics) will be readily available anytime for anyone with a badge.

What is worse, this information can be stolen by identity thieves by aiming powerful antennas at the person. The encryption keys used to somehow protect the privacy, are not sufficiently secure…

So for those who think that authentication for every network packet is necessary, I say it’s better be done using other measures such as IP v6. It’s not perfect, but at least it allows us to preserve some privacy. Otherwise we totally give up all our rights and let government track virtually all our steps. And it doesn’t mean that we have something to hide, we just want to preserve human dignity that separates us from the animals.

Where is the borderline between security measures and giving up all our rights, and when will be the end of this madness? Here’s something we need to remember: there couldn’t be any freedom or democracy or human dignity in any country if there is no privacy left in it and if its people are under total surveillance.

The reason for popularity of wireless attacks (in addition to tons of inherent insecurities in wireless models) lies in the serious improvement of modern hacking wireless equipment. Modern antennas allow hackers to reach access points even if they are 10 or 20 miles away from those points. That means that hacker can now easily avoid the most significant limitation he faced not long ago. He doesn’t have to sit anymore on the same parking lot (figuratively speaking) used by the company that was chosen as a target for wireless attack. Instead, he can now safely conduct his intrusion without the danger of being physically noticed and identified by the security staff of that company.

Of course the fact that most users have difficulties with initializing security features available in most current Wi-Fi gadgets (or even sometimes don’t know where to find those features) is also very helpful for hackers.

Another possible reason of popularity for wireless hacking is that people are less used to wireless spaming (and hacking) yet, and are more likely to open the message or attachment sent from the un-known recipient.

Aside from the habitual reasoning there is another possible cause for the higher possibility of opening un-known attachments in the wireless devices compared to the wired ones (and thus getting the former infected).

According to the research published by Cisco and the National Cyber Security Alliance, the feedback from 700 businessmen from all over the world indicated that the root of this problem can be a small size of screen used in wireless handheld devices.

And one more interesting fact from the same research. 81 percent of all business executives around the world are already using some sort of wireless device. From 700 businessmen participated in the research (as a representatives of executive group), chilling 76% had trouble distinguishing between legal messages and those that can compromise their wireless devices!

You can read the whole story here: Mobile workers still struggling with security

Now just think about it! If the same proportion will be true for the rest of executives, then over 60% of all executives in the world not only use wireless devices, but also don’t care too much about wireless security!

And if the wireless device of such person is compromised, then the whole corporation can be at risk…

This is definitely something that hackers would want to explore. And this is a serious topic to think about for all business executives. They should educate themselves at least in basics of wireless security, or it might be too late…

We will talk about firewalls and intrusion detection systems in future articles, as well as the ways to further secure your hosts with live response toolkits and forensic image toolkits that can help you to define possible kernel rootkits, etc.

The network reconaissance is helpful if hacker plans to attack particular network. But in
reality this approach is used less often today.

The main trend of [tag]internet security[/tag] attacks for 2006-2007 is to use “wholesale approach”.

That means no network, organization or individual serves as a specific target. Instead the
target is every machine that is exposed to certain vulnerabilities.

Another trend that is clearly seen is the combination of different techniques. If in
2004-2005 intruder would (mostly) use either email with embedded virus or worm, or use the exploit that would give him a direct access to the system, now the intermediate hacks are more popular.

They are used to get initial access to the system and as a platform for backdoor downloads.

To facilitate the distribution of the malicious code, the combination of several techniques and methods is used. Quite often large spam networks are utilized for the initial distribution of the spam emails. In order to avoid current malware filters, no virus is usually embedded in the email. Instead, the reader is sent to the malicious url. The web-based url is used for automatic download of the exploit.

Such spam email campaigns can target over billion email addresses thus ensure the large amount of opened and clicked-trough emails. Huge targeted audience ensures a large  base for the of users infected with a new virus through such spam attack.

So what applications are currently targeted more often for the attacks?
According to Symantec Internet Security Threat Report for the second half of 2006 (Volume 11), mostly targeted group for attack were web browsers and third party web applications.

Among web browsers, IE holds the crown and accounts for 77% of web-broser-targeting attacks.

Another confirmation that direct attacks are more often replaced by “wholesale” approach  is derived from the fact that home users are the targets in 93% cases of latest attacks!

Which is logical, since the home users is the least educated group of computer users (as far as internet security is concerned) and can be rather easily tricked by the combination of spam and web-based located urls hosting payloads with middle-level of security threat security threat.

In other words, they can be easily tricked to open spam emails, download the malicious code and thus get their computers infected.

Before I can answer this question, let’s take a brief look at the current OSI model (and
it’s simplified most often used TCP/IP version) that is the base for the overall data
transfer between systems on the Internet. The internet security is tightly bound to the security (or rather, insecurity) of those protocols.

TCP/IP protocol was originally created to suit the needs of ARPANET, closed network which was essentially what we call today intranet. Since it was not a public network, but rather peer-to-peer communication between several US universities, not everybody had access to it, so there was not much thought given initially to the security of this protocol. The main task of the protocol was to efficiently deliver data between the remote locations.

Later this network grew up and became Internet, but TCP/IP protocol still was used as a main way of communication. However, it was not a closed network anymore. So because of the initial “friendly” architecture, now we have ip spoofing to deal with. This technique allows hackers to effectively conduct ping sweeps and port scans, and gives them ability to effectively hide the ip of the host that originated the attack.

Smurf attacks and arp-redirects also probably wouldn’t be possible if this model would be originally created with a security in mind (or rather, the enhanced version of this
protocol would be created for the public network).

The trace of the “friendliness” of the TCP/IP model could be better seen on layers 2-4 of the model.

The insecure nature of Ethernet still amazes me. Broadcasts allow anyone on the network to easily access the information passed between any other machines on the same bridge. The logic is that everyone will behave ethically and not eavesdrop on conversations that are not meant to them. Well, it could would work for closed networks, but it certainly doesn’t work for the Internet where you in effect trust all your private communications to the complete stranger.

And the relative ease of arp redirects where any machine can claim to have any MAC address it wants, is nothing more than just more advanced version of misuse of the same trust…

Same goes for DHCP servers and DNS servers…

Though many security experts believe that actual hacking happens on the application layer, it would be much more difficult to accomplish without the preliminary reconnaissance of the target subnet. Besides, all the sniffing also happens on the network layer. And if username/passwords are sniffed, then no hacking is really needed – you already have everything you need.

So if we want to achieve more secure Internet, the first logical conclusion would be to somehow boost the security of TCP/IP protocol.

IP version 4 is completely insecure, so big hopes were cherished for the introduction of IP version 6. At least it will allow to positively identify the source of attack.
Plus, ping sweeps won’t work anymore simply because of the size of subnets that would have to be scanned. And broadcast will be changed to multicast, thus reducing the number of hosts that will be able to intercept communication. Plus it would be more difficult for worms to spread.  Of course the mandatory inclusion of IPSec in the IPv6 could theoretically be helpful too.

(Though on practice, the deployment of this protocol will take at least a few years, and most likely no encryption will be initially implemented.)

Unfortunately, this protocol has its own weaknesses too. One thing I hate is that now you can’t filter all ICMPs, because it’s neighbor discovery totally depends on it. And ICMPs are well known as one of the most popular sources for DDOS.

In total, IPv6 should have more positives then negatives as far as Internet security is concerned.

But we also need to see what could be done to increase the security on the application layer.
We’ll talk about it next time.

It’s worth to share it with your children, because it can help you to explain to them once and for all why it’s not a good idea to talk in the virtual world about the details of their personal lives that could be used to identify them in real world.

The virtual reality provides the false feeling of safety and anonimity, where many memebrs of social networking sites share tons of personal information in their profiles, and of course they like to chat and give away even more information during those conversations.

In this particular example, girl thought that her online friend was a teenager, and he lived far away from her, so she was rather relaxed and shared with him such details as the name of her softball team, her place in this team, etc. After all, the “boy” doesn’t know her real name and he doesn’t live in her town… And why did she thought that he was a teenage boy and lived in another state? Because he said so…
 
This story is probably not real (I’ve yet to hear about the special police officers that are hunting [tag]online predators[/tag]), but it could happen in real life. It’s absolutely realistic for online predator to find the girl based on all the information that police officer was able to collect in a short period of time. And it would be great if such police department would be organized in real life.

Ok, here is the story as I received it. Unfortunately there was no name so I don’t know whom to credit for this great educational piece that could save your children:
————————————————
“EVERYONE NEEDS TO READ ALL OF THIS and HAVE CHILDREN READ IT TOO!

After tossing her books on the sofa, she decided to grab a snack and get on-line. She logged on under her screen name ByAngel213. She checked her Buddy List and saw GoTo123 was on. She sent him an instant message:

ByAngel213:
Hi. I’m glad you are on! I thought someone was following me home today. It was really weird!

GoTo123:
LOL You watch too much TV. Why would someone be following you?
Don’t you live in a safe neighborhood?

ByAngel213:
Of course I do. LOL I guess it was my imagination cuz’ I didn’t see anybody when I looked out.

GoTo123:
Unless you gave your name out on-line. You haven’t done that have you?

ByAngel213:
Of course not. I’m not stupid you know.

GoTo123:
Did you have a softball game after school today?

ByAngel213:
Yes and we won!!

GoTo123:
That’s great! Who did you play?

ByAngel213:
We played the Hornets. LOL. Their uniforms are so gross! They look like bees. LOL

GoTo123:
What is your team called?

ByAngel213:
We are the Canton Cats. We have tiger paws on our uniforms. They are really cool.

GoTo1 23:
Did you pitch?

ByAngel213:
No I play second base. I got to go. My homework has to be done before my parents get home. I don’t want them mad at me. Bye!

GoTo123:
Catch you later. Bye

Meanwhile…….GoTo123 went to the member menu and began to search for her profile. When it came up, he highlighted it and printed it out. He took out a pen and began to write down what he knew about Angel so far.

Her name: Shannon
Birthday: Jan. 3, 1985
Age: 13
State where she lived: North Carolina

Hobbies: softball, chorus, skating and going to the mall. Besides this information, he knew she lived in Canton because she had just told him. He knew she stayed by herself until 6:30 p.m. every afternoon until her parents came home from work.

He knew she played softball on Thursday afternoons on the school team, and the team was named the Canton Cats. Her favorite number 7 was printed on her jersey. He knew she was in the eighth grade at the Canton Junior High School . She had told him all this in the conversations they had on- line. He had enough information to find her now.

Shannon didn’t tell her parents about the incident on the way home from the ballpark that day. She didn’t want them to make a scene and stop her from walking home from the softball games. Parents were always overreacting and hers were the worst. It made her wish she was not an only child. Maybe if she had brothers and sisters, her parents wouldn’t be so overprotective.

By Thursday, Shannon had forgotten about the footsteps following her.

Her game was in full swing when suddenly she felt someone staring at her. It was then that the memory came back. She glanced up from her second base position to see a man watching her closely.

He was leaning against the fence behind first base and he smiled when she looked at him. He didn’t look scary and she quickly dismissed the sudden fear she had felt.

After the game, he sat on a bleacher while she talked to the coach. She noticed his smile once again as she walked past him. He nodded and she smiled back. He noticed her name on the back of her shirt. He knew he had found her.

Quietly, he walked a safe distance behind her. It was only a few blocks to Shannon ’s home, and once he saw where she lived he quickly returned to the park to get his car.

Now he had to wait. He decided to get a bite to eat until the time came to go to Shannon ’s house. He drove to a fast food restaurant and sat there until time to make his move.

Shannon was in her room later that evening when she heard voices in the living room.

‘ Shannon , come here,’ her father called. He sounded upset and she couldn’t imagine why.

She went into the room to see the man from the ballpark sitting on the sofa.

‘Sit down,’ her father began, ‘this man has just told us a most interesting story about you.’

Shannon sat back. How could he tell her parents anything? She had never seen him before today!

‘Do you know who I am, Shannon ?’ the man asked.

‘No,’ Shannon answered.

‘I am a police officer and your online friend, GoTo123.’

Shannon was stunned. ‘That’s impossible! GoTo is a kid my age! He’s 14. And he lives in Michigan !’

The man smiled. ‘I know I told you all that, but it wasn’t true. You see, Shannon , there are people on-line who pretend to be kids; I was one of them. But while others do it to injure kids and hurt them, I belong to a group of parents who do it to protect kids from predators. I came here to find you to teach you how dangerous it is to talk to people on-line. You told me enough about yourself to make it easy for me to find you. You named the school you went to, the name of your ball team and the position you played. The number and name on your jersey just made finding you a breeze.’

Shannon was stunned. ‘You mean you don’t live in Michigan ?’

He laughed. ‘No, I live in Raleigh . It made you feel safe to think I was so far away, didn’t it?’

She nodded.

‘I had a friend whose daughter was like you. Only she wasn’t as lucky. The guy found her and murdered her while she was home alone. Kids are taught not to tell anyone when they are alone, yet they do it all the time on-line. The wrong people trick you into giving out information a little here and there on-line. Before you know it, you have told them enough for them to find you without even realizing you have done it. I hope you’ve learned a lesson from this and won’t do it again. Tell others about this so they will be safe too?’

‘It’s a promise!’

That night Shannon and her Dad and Mom all knelt down together and thanked God for protecting Shannon from what could have been a tragic situation.”
—————————————-
As you can see, girl could be in serious danger. In addition to telling the stranger all that identifiable information she also told him that she’s home alone until particular time (6:30 pm in this example).

Internet is a powerful tool that brought a lot of convinience in our lives. But it also generated new types of danger that were not existing before. And it’s your responsibility as a parent to protect your child from them.

So if you still don’t know what your children are doing online, you better check it out.

At the same time don’t forget about offline predators who can meet with your child face to face. If your child is educated and knows what to do and how to react in dangerous situation, s/he is more prepared, and has better chance to avoid trouble.

To help you with this task, I’m glad to give you “17 Proven Time Tested Safety Secrets To Protect Your Child From Sexual Predators“, the report written by Preston Jones and Joyce Jackson. Just right click the link above with a name of the report in it, and you will be able to download it to your computer.

One of the most well-known internet security programs is a security line of Symantec products known as “Norton family”: Norton AntiVirus, Norton Internet Security, Norton Anti-Spyware Edition, etc.

Of course, Symantec claims that your computer will be totally secure and protected if you use their security products. The sad truth however, that Norton security products are known in the hackers world as theone of the most easiest to hack into.

The most sought after type of vulnerabilities are the ones that can grant remote access to user’s computer, and if this access can be obtained without authentication, it’s even better.

And Norton security products are so popular among average computer users that it make them almost as wide-spread as computers with some kind of Windows OS installed, and thus even more desirable targets for hackers.

A few days ago Symantec had to release a security warning about security vulnerability found in 2 ActiveX controls. The vulnerability belonged to the class of input validation errors.

This means that data received by user computer was not properly validated which could allow a malicious attacker to remotely execute arbitrary code with the rights of logged in user (which means no additional authentication is required). The only other thing that attacker would need to successfully complete the attack is to trick the user to go to the website where this code would run.

This vulnerability affected Norton AntiVirus, Norton Internet Security, and Norton System Works, version 2006 and Norton Internet Security, Anti Spyware Edition, version 2005. Symantec Corporate Edition and Symantec for Linux were not affected.

Symantec Security Response team realesed Bloodhound.Exploit.148 that patches this vulnerability.

If you’re using Norton security products and you regularly update virus definitions and signatures through LiveUpdate then you should be OK.

Otherwise click on your LiveUpdate Right Now!

You can learn more about this vulnerability from the Symantec website: “Symantec ActiveX Control Input Validation Error”

Symantec credits Secunia Research for reporting this issue. Funny thing that this exploit is announced as a new one.

But it was known to hackers community for over 3 months! Yes, the remote access computer vulnerability through the execution of arbitrary code within those Norton ActiveX was annonunced by one of the hackers group on their blog more than 3 months ago, and they even released proof of concept code proving their point.

That just gives to show you that Symantec is not very quick in pinpointing and liquidating newest threats. Plus their support department is notoriously slow in support responses.

So in the next post I’ll talk about other computer and internet security programs that offer better support, and have quicker response.