Diagnostics and Security

Microsoft out-of-band security update for Internet Explorer. Microsoft released an urgent security update for Internet Explorer on all currently supported versions of Windows.

Compare Bargains on Hardware Diagnostics

Identity Pro Identity theft is on the rise. Your own computer may be one of the easiest ways for thieves to access your information! Search and secure your private information, including social security numbers, credit cards, drivers license, and even passwords. Find and secure your personal information (PI) before others get the chance! Identity Pro goes beyond current protection offered by anti-virus, anti-spyware, anti-spam, or anti-phishing, etc, to protect you where these programs don't. Automatically seek out and protect your important data. You'll be surprised at how much of your information is kept on your PC, from web forms to emails. Once you know what's there, you can delete or encrypt with ease.

CIS Center for Internet Security. A non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.

Nessus is a popular vulnerability scanner used in over 75,000 organizations world-wide. Use Nessus to audit business-critical enterprise devices and applications. Check your networks, servers and applications for potential security vulnerabilities.

Bank Fraud Detection

ITsafe provides a free Warning Service to help protect home and small business users of computers and other devices from attack. IT Security Awareness For Everyone. UK Government's ITsafe Service.

How To Break Web Software - A look at security vulnerabilities in web software. Video- (Large, but worth, (a must), watching video).

Sysinternals File and Disk Utilities  Harddrive links

Microsoft Security Updates

Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.

Microsoft Baseline Security Analyzer  More Microsoft links

Google Launches Encrypted Search Option. Are your Web searches safe from snoops? It's an issue that may not have been on many people's radar.  Traditionally, the higher-profile issue for search engines like Google and Yahoo is that they maintain a record of users' search sessions for several months as part of a massive data collection the companies say is needed to help improve search results.  Now Google is tackling a different slice of the privacy issue by launching a beta of its standard Google search that's encrypted with the same Secure Sockets Layer (SSL) technology used by many Web services including e-commerce sites and Google's own Gmail service. Web addresses that begin with the letters "https" are SSL-protected.    More Search engines. Online Dictionary, Thesaurus. Acronym or abbreviation finder, etc..   More Google Knowledge. Google Information More Yahoo Knowledge. Yahoo Information

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go ? there's no need to rely on a single third party. What's more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop. Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner's laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information. Using Adeona only requires downloading and installing a small software client. Adeona is free to use.

Security Pro News An article portal for Internet and Technology professionals. SecurityProNews is the most popular newsletter for IT managers in the World :-

Internet Security News

Breaking news and updates in Internet security

Internet Explorer 8 Vulnerability Exposed

A new vulnerability has been discovered in Internet Explorer that takes advantage of Cascading Style Sheets (CSS), in order to steal data from the browser.

Internet Explorer 8 Vulnerability Exposed

This past Friday, Google security researcher Chris Evans posted on the Full Disclosure mailing list (see that post here) describing a CSS vulnerability he discovered. He also posted a harmless example of what that vulnerability could do. In the example, you go to a site in IE and click a button (which supposedly could be automated) and your twitter account will automatically send out a tweet. Barely two hours later, Microsoft tweeted that they were aware of a problem and would "investigate" the issue.

This CSS vulnerability is not exclusive to Internet Explorer. The other four major browsers are also affected: FireFox, Safari, Opera, and Chrome. The only difference is the vendors of those browsers have issued patches and plugged the holes that created the problem. As of yet, Internet Explorer is the only major browser that has yet to be fixed. Not that there hasn't been enough time to work on a patch. According to Evans in the posting mentioned above, "[t]here's evidence to suggest that Microsoft has been aware of this since at least 2008." Whether or not they have known about the vulnerability that long is irrelevant, considering that it has been fixed by everyone else.

This vulnerability takes advantage of CSS standards to steal browser data. According to those standards, cookies are sent from the browser when CSS is called, even if it is a cross-domain call. Combining this with a CSS injection attack using background-image:url(), the browser's cookies will be sent to the given url. These cookies can contain the keys needed to break into web applications such as Twitter accounts and webmail sites. Even worse, this happens even when javascript is disabled, making this a threat even to those who think they are relatively safe.

Dell Collaborates with Trend Micro

Small and medium businesses are constantly at risk of being targeted by cybercriminals, simply because they are smaller than large corporations. The bigger a company is, the more money they have to invest in higher-tech security systems and larger, more involved IT departments. For smaller companies, it is easy to focus on trying to expand business and let security sit on the back-burner. This is where the partnership between Dell and Trend Micro comes in. They have come up with an easy way for small and medium sized businesses to manage their security needs without breaking the bank.

Dell Collaborates with Trend Micro

Trend Micro's Business Security Services include several desirable features to make the security portion of running a business much easier. First and foremost, is a set of web-based tools which make administration extremely easy. There is no need for a dedicated in-office server (or any company owned server at all), and the administration panel can be accessed from anywhere with an internet connection. There is also a remarkably low system performance impact, thanks to the fact that once a scan is complete, the results are processed in the "Smart Protection Network" run by Trend Micro. For companies with little or no IT staff on hand, the system comes pre-configured security parameters and runs automatically, so there is less worry about having something set up improperly. Both desktops and laptops are secured with this software, even if they are used outside the office. Anytime the computer is connected to the internet, it is being actively protected. This has the biggest impact on users who travel with their work, as many do.

This is a big step forward for one of the top PC suppliers in the world. The fact that this software can come pre-installed on systems shipped to its commercial clients means that they can offer security and piece of mind to a large group of people.

Apple and Adobe Both Roll Out Large Security Updates

Both Apple and Adobe have shipped out relatively large collections of security patches this past week, Apple fixing up OSX and Adobe locking down it's Shockwave player. Both sets of patches have been given a security rating of 'critical,' which means that there is the possibility of malicious code execution on an unprotected system.

Apple And Adobe Both Roll Out Large Security Updates

Apple's update this week fixes code execution attacks when viewing maliciously crafted PDF or PNG files, or even just viewing a document with a maliciously crafted font installed. There is also the possibility for network administrators to abuse their positions by intercepting sensitive data through the use of an anonymous TLS/SSL connection, or to use a similarly named web address to impersonate a legitimate site and steal information that way. For instance, if they are in possession of the domain name www.example.com, they are able to impersonate www.example.com due to the lack of checking the final letter in the certificates. There are also updates for the newest versions of PHP and ClamAV which both claim to include necessary security updates. These updates can be applied via the "Software Update" option in OSX or downloaded from Apple's support site.

Adobe has updated their Shockwave Player to fix several security holes, including 16 memory corruption vulnerabilities which could lead to code execution. These vulnerabilities affect version 11.5.7.609 and earlier, and it is recommended that anyone running these versions immediately upgrade to the most recent version (11.5.8.612) of the software found on Adobe's website. The memory corruption vulnerabilities and four more issues are all labeled as 'critical' in the Severity Rating System. The other issues include two denial of service attacks, one of which could potentially lead to code execution. Also there is a pointer offset vulnerability and an integer overflow vulnerability which can grant one with malicious intent access to plant code in a user's memory.

HP to Acquire Fortify

Earlier this week, HP announced that it will soon be adding Fortify to its list of recently acquired companies. This will be a huge advantage for HP in the security market.

HP to Acquire Fortify

Fortify Software is a company that specializes in software security. Founded in 2003, it has continued to grow and supply Software Security Assurance (SSA) to government agencies and fortune 500 companies in many different industries. Their best known software suite, Fortify 360, is a tool that can root out security issues in software, as well as fix those issues and prevent future vulnerabilities. In February of this year, HP and Fortify released their most recent collaboration, "Hybrid 2.0" which goes to show that there has been no problems between these companies working together in the past.

Once the deal is finalized, Fortify will continue to run as a stand-alone company. Eventually though, they will be slowly integrated into HP's Software and Solutions business. This will allow HP to put a much larger focus on software security in every aspect of the application life cycle. "Businesses operate in a world of increasing security and compliance challenges, and the applications and services that they rely on are core to the problem and the solution," said Bill Veghte, the executive VP of the Software and Solutions branch, in the official HP statement on the acquisition. "With Fortify's leadership in static application security analysis combined with HP's expertise in dynamic application security analysis, organizations will have a best-in-class solution to improve the security of their applications and services."

This is not the only company HP has had its eye on. Just last month, HP finalized its purchase of Palm, Inc. This was meant to increase their connection to the rapidly growing mobile device market. This past April, HP bought 3Com for its computer network hardware capabilities. These companies were purchased for $1.2 billion and $2.7 billion dollars respectively. The details of the deal between HP and Fortify have not yet been disclosed.

Microsoft Issues Record Breaking Security Update

Patch Tuesday has come and gone, and with it came the biggest Microsoft Update ever seen since they began their monthly update cycle in 2003. The Windows Operating System as well as Internet Explorer, MS Office, MS Office for Mac, MS Works, Silverlight 2 and 3, the .NET Framework and Movie Maker are all affected.

Microsoft Issues Record Breaking Security Update

There are 14 new security bulletins released this week, 8 of which are labeled as "critical" and the remaining 6 are labeled "important". These numbers do not include the link vulnerability patch that was released last week, although the Security Bulletin Summary does include that patch with the others. Microsoft is assuring people that of these new vulnerabilities, none have been seen exploited in the wild as of yet.

Of the 8 "critical" bulletins, 4 are listed as high-priority, meaning that they should receive immediate attention.

MS10-052 - This bulletin addresses a vulnerability in Microsoft's MPEG Layer-3 audio codecs. Remote code can be executed through specially crafted media files or streaming content from a website or web application.

MS10-055 - This bulletin addresses a vulnerability in the Cinepak Codec. Remote code can be executed through specially crafted media files or streaming content from a website or web application.

MS10-056 - This bulletin addresses 4 different vulnerabilities in MS Office. An attacker can gain privileges equal to that of the user if that user opens or previews a specially crafted RTF email message.

MS10-060 - This bulletin addresses 2 different vulnerabilities in the .NET Framework and Silverlight. Remote code can be executed when viewing a specially crafted web page in a browser which can run XAML Browser Applications or Silverlight Applications, or if the user runs a specially crafted .NET application.

More information on these 4 bulletins, as well as the other bulletins, can be found via the Microsoft Security Bulletin Summary for August 2010.

Microsoft Fixes Most Recent Vulnerability

Microsoft has released a non-standard update to the Windows Operating System. This unusual move was prompted by a slew of highly critical viruses taking advantage of a vulnerability in shortcut links.

Microsoft Fixes Most Recent Vulnerability

On July 16, Microsoft Security Advisory (2286198) was published to Microsoft's website. It explains a problem with the way Windows handles .LNK and .PIF files, which are symbolic links to legitimate programs on a computer. Basically, when the link image was rendered, it allowed the malware embedded in the file access equal to that of the current user and executed malicious code with those abilities. Obviously, users who insist on running with administrative permissions were at a higher risk than those who log on with a regular account.

There are several viruses that have been exploiting this security hole. The first known use of this vulnerability was the Stuxnet worm, which spread via USB drives and stole information from computers running software from Siemens. Since then, there have been other viruses to exploit this same problem. Microsoft blogged about these viruses, including one particularly nasty one known as Sality.AT. Microsoft stated that Sality is "highly virulent," and works by infecting other files, copying itself to removable media, disabling security and finally downloading other malware onto the infected system.

Earlier this week, Microsoft released Microsoft Security Bulletin MS10-046, which is the patch to fix this particular vulnerability. This "out of band" patch came a full week before the regularly scheduled update, due to concern for customers' security. Everyone who has Automatic Updates turned on will already have the patch installed and their system is secured against this particular threat. The only people who need be concerned are those who check for updates manually and those who are still running Windows 2000 or XP Service Pack 2 or earlier, as they are no longer supported by Microsoft.

Google Pushing to Redefine 'Responsible Disclosure'

After all the debate about disclosing security vulnerabilities within software, Google is trying to reshape the process for fixing bugs. There has always been discussion on whether or not responsible disclosure was actually responsible or not, but it came to a head (at least from a media standpoint) last month with the Microsoft/Tavis Ormandy occurance.

Google Pushing To Redefine 'Responsible Disclosure'

This post from the Google Online Security Blog discusses what Google would like to see changed in the current "responsible disclosure" model. Currently, when a security researcher finds a vulnerability in a piece of software, that researcher is supposed to inform the software vendor privately of the risk. The bug is not supposed to be released to the public until a fix is released.

According to Google's blog post, "The emotionally loaded name suggests that it is the most responsible way to conduct vulnerability research - but if we define being responsible as doing whatever it best takes to make end users safer, we will find a disconnect. We've seen an increase in vendors invoking the principles of "responsible" disclosure to delay fixing vulnerabilities indefinitely, sometimes for years; in that time frame, these flaws are often rediscovered and used by rogue parties using the same tools and methodologies used by ethical researchers. The important implication of referring to this process as "responsible" is that researchers who do not comply are seen as behaving improperly. However, the inverse situation is often true: it can be irresponsible to permit a flaw to remain live for such an extended period of time."

This does not seem like the best system to have in place for protection of the end user. Basically, this is saying that because security researchers are not allowed to release details of a bug to the public until there is a fix, there is no reason for the vendor to take action. It also takes notice of the fact that by using the term 'responsible' disclosure, it is barring anyone from breaking with the mold by labeling them as irresponsible.

Despite what it may seem like, Google is not trying to plunge us into a state of anarchy by proposing a full-disclosure method of dealing with bugs. They want to find a balance, where end users receive security updates in a timely manner, and software vendors have enough time to provide those fixes to the users. Their suggestion? A 60 day window between being informed of the vulnerability and having a fix available to to the public. In this situation, everybody wins.

Mozilla Rolls Out Security Update for Firefox

This week, Mozilla released a security update for their popular Firefox web browser. Firefox 3.6.7 fixes several security issues that were found in the 3.6.6 version. Over half of the vulnerabilities fixed were listed as "Critical," which is the highest danger level that Mozilla associates with security issues.

Mozilla Rolls Out Security Update For Firefox

Of the 14 vulnerabilities listed on the Firefox update site, eight are listed as critical. Mozilla defines a critical issue as a "vulnerability [that] can be used to run attacker code and install software, requiring no user interaction beyond normal browsing." Basically, a hacker can run their code on your computer to access your information and install malware on your system. For instance, they list an issue with PNG issues. If you browse a site with a maliciously crafted image on it without clicking on anything, you can get a computer virus.

The way that most of these vulnerabilities are able to execute code on your machine are to take advantage of pointers to unallocated memory. These pointers are caused by array overflows or de-allocating objects with multiple pointers pointing to it. By using these dangling pointers, they are able to put their code into sections of memory that your computer doesn't realize are being used, and therefore doesn't know to protect. Once the malicious code is in memory, it is easy to execute.

The best way to protect yourself is to make sure that your browser is always up to date with the most current software. In Firefox, this is as easy as clicking the "Check for updates..." link in the Help menu, or by going to mozilla.com and clicking the big green button in the middle of the screen. This will update your browser to ensure that you have the best protection for your web browsing pleasure.

Windows XP Security Patch

This week, Microsoft released a new security patch for issues affecting the XP and Server 2003 operating systems. The vulnerabilities were all related to remote code execution, though only the XP patches were listed as critical by the Microsoft Security Bulletin.

Windows XP Security Patch

On June 5, Tavis Ormandy, a Google security researcher discovered a zero-day vulnerability in Windows Help that he reported to Microsoft. When Microsoft and Ormandy could not agree on the terms of creating a fix, he published the vulnerability four days later, creating a huge media storm. There were people on both sides, some arguing that Ormandy acted irresponsibly by spoon feeding a security exploit to hackers who would use it to cause harm. Others argued that without full disclosure, Microsoft would not have taken this threat seriously and wouldn't act towards fixing the issue.

Whether or not Ormandy was right in his actions, the outcome speaks in his favor. This past Tuesday, Microsoft released Microsoft Security Bulletin MS10-042, which addresses these vulnerabilities. This is an amazingly quick turnaround. The normal time frame for "responsible disclosure" is to allow the software manufacturer a 60 day window to fix the problem before public release. To have a fix only five weeks after the bug was brought to Microsoft's attention makes a strong argument for the proponents of full disclosure.

On the other hand, since the release of this particular bug, Microsoft has reported over 10,000 computers have been affected by hackers using this security hole. This is a significant amount of people being affected by a previously unpublished issue. The fact that it was unpublished does not necessarily mean that it was unknown to the people who could exploit it. It is unlikely that Ormandy was the only person that would ever discover this problem. Thanks to his actions, we now have a solution to what could have become a serious problem for more than just the 10,000 people who were unfortunately targeted.

iTunes Store to Receive Security Makeover

Apple is in the news this week about the new security measures it will be implementing in the wildly popular iTunes store. Granted, this is not a major security upgrade, but it does help to prevent the kind of security holes that have been recently exposed.

iTunes Store To Receive Security Makeover

This all began when a Vietnamese app developer named Thuat Nguyen's apps covered 42 of the top 50 apps in the app store. This raised a few red flags, especially after people commented on the apps that they never purchased them. After some investigating, Apple determined that Nguyen had obtained account information from 400 accounts with stored credit card information and had used them to purchase his apps from the App Store. He then used these accounts to purchase his apps, driving up sales and his revenue.

In order to combat this type of security breach, iTunes will now require an extra step be taken by its customers. On accounts with saved credit card information, customers will need to enter their CCV code from the back of their card more frequently. That's it. Admittedly, this is not a full security overhaul, but the truth is that that would be unnecessary. The "hacked" accounts are more than likely victims of fishing attacks, as Apple has stated that their servers were unaffected by any kind of security breach.

Overall, the damage caused by this problem was minimal (assuming you are not one of the 400 accounts that were targeted). 400 accounts out of 150 million comes to roughly 0.0003% of accounts worldwide. This coupled with the fact that Nguyen and his apps have been banned from the App Store makes this a fairly open and shut case. For anyone who was affected by this fraud, Apple recommends that you contact your credit issuing agency about canceling your card and issuing a charge back for unauthorized transactions.

Seecrets Delivery Services (SDS) will be free for personal users.  An e-security suite of crypto e-mail, secure password manager, zip manager & For-Your-Eyes-Only content viewer. The unique e-mail security caters for the privacy of all web mail and POP3 users. SDS uses RSA 8192-bits public key cryptography and AES 256-bits. All symmetric encryption uses our Secrets Signature-Free technology. Keeping Your Secrets Secret, Encryption, For-Your-Eyes-Only Protection, Watermarking, Secure Delivery.

Common Weakness Enumeration (CWE) Now Available. CWE is a community-developed formal list of common software weaknesses. The intention of CWE is to serve as a common language for describing design, or code; as a standard measuring stick for software security tools targeting these weaknesses; and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts. Broad community adoption of CWE will help shape and mature the code security assessment industry and also dramatically accelerate the use and utility of software assurance capabilities for organizations in reviewing the software systems they acquire or develop.

Encryption with DeGPG Protect your files. DeGPG runs in the background on your server to provide access to GPG encrypted data to your web scripts. It will also work with GPG to encrypt and store data submitted via web forms. To give your web scripts access to encrypted data, you log in and enter the passphrase to decrypt the data. The data is decrypted and stored in memory till a web script needs to access it. In cases where your web script only needs, for example, and MD5 hash of the data, rather than the decrypted data itself, DeGPG can be instructed only to reveal the MD5 hash, and not the raw data. Additional data may be prepended or appended to the decrypted data before computing the hash.

Androsa FileProtector is a professional and freeware file encryption software that protects any type of file encrypting completely the content with the most advanced systems of cryptography.

SecuritySpace is proudly brought to you by E-Soft Inc., a privately owned Canadian consulting firm, with proven expertise in internet security and on-line services. We specialize in the following areas:

• on-line network security auditing services
• network monitoring services
• Internet Research reporting,
• integrated web solutions and application development for secure data transactions.

The Windows Memory Diagnostic Tests the Random Access Memory (RAM) on your computer for errors. The diagnostic includes a comprehensive set of memory tests. If you are experiencing problems while running Windows, you can use the diagnostic to determine whether the problems are caused by failing hardware, such as RAM or the memory system of your motherboard. Windows Memory Diagnostic is designed to be easy and fast. On most configurations, you can download thediagnostic, read the documentation, run the test and complete the first test pass in less than 30 minutes.

The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. Have a look at the list of P3P software. PSP is a W3C standard for creating machine-readable privacy policies. The standard allows a website to create an XML version of its privacy policy so that it can be evaluated automatically against an individual's privacy preferences.

P3P Toolbox is a one-stop resource developed by the Internet Education Foundation in cooperation with the World Wide Web Consortium and a coalition of Internet industry leaders and public interest organizations to provide privacy officers and Webmasters with the information they need to make their Web sites P3P compliant. The site is no longer active and is being hosted here by Internet Education Foundation for archival purposes.

Infographic by WordStream Internet Marketing Software

Iconix eMail ID software download  Iconix is committed to making it easy to identify legitimate emails. We are working closely with companies like Google and Iconix to give our users the best protection against fraudulent, phishing and suspect emails.  If you are a Gmail user, it's easy to identify legitimate emails. You can simply enable an icon which will only show up when an email is from PayPal (or from our sister company, eBay). So when you receive an email from us, or our partners at eBay , you will see a key icon next to the message in your Inbox. Only legitimate PayPal emails have this icon so if you get an email claiming to come from PayPal and you don't see the icon, it's not from us. So please don't open it.  To enable this feature in Gmail, go to 'Settings', 'Labs', then tick the Enable box next to the 'Authentication icon for verified senders' option and click on 'Save Changes'.  This software download from Iconix can help reduce phishing by confirming whether you received a legitimate PayPal email. After Iconix eMail ID has been installed, you'll see an Iconix eMail ID icon (a gold lock with a tick) whenever you receive authentic emails from PayPal. It's free and it works with most of the major email services like Gmail, (Google Mail), MSN Hotmail, Yahoo Mail, Outlook Express, and many more.  If your preferred email program, web mail provider or operating system. is not listed, click here and we will notify you when support is available. For more information, go to the Iconix website,  How does the Iconix solution work? The Iconix solution couples our advanced technologies with authentication techniques such as Yahoo!'s Domain Keys and Microsoft's Sender ID to confirm the source of an email, and will support Domain Keys Identified Mail (DKIM), which is a joint effort between Cisco and Yahoo!, as it is adopted in the industry. This combined solution makes it very difficult for bad guys to spoof the identity of emails with an Iconix Truemark icon.   Also see PayPal Support Club. Review and helpful links, coding examples, warnings, other shopping cart links, etc. PayPal is a on-link banking system that allows website owners to integrate shopping cart technology into their site.  Find out more, includes links to helpful site about PayPal shopping cart technology.

PrivacyFinder is a privacy-enhanced search engine. Once you state your privacy preferences (low, medium, high, or custom), the search results are ordered based on how their computer-readable privacy policies comply with your preferences. A red bird indicates that the site has conflicts with your preferences while a green bird indicates compliance. The absence of any bird means that a valid computer-readable privacy policy, known as a The Platform for Privacy Preferences Project (P3P) policy, could not be located.

No Right Click Disable the right click on your pages to prevent users from "borrowing" images from your site and viewing your page source! . (BACK UP ALL FILES FIRST) Do a temporary copy upload and check the site works first, (as this does some more complex code changing onload), if the site functions OK then replace the normal site with the temp upload and retest... May only work with LINUX host) This can be a bit time consuming as if I remember correctly each image has to be Hot-Link prevented individually, and then if you add a new image this also has to be Hot-link protected. (I believe Hot-Link protection on the Host uses .htaccess) and this may be worth checking out as well.

CopyWipe is a utility for copying or securely overwriting (wiping/erasing) entire hard drives. CopyWipe can ease and expedite the transition to a new hard drive by copying the entire contents of one drive to another. CopyWipe can also help prevent confidential or private data from being recovered, by securely wiping the contents of a drive. A number of options are provided for wiping, most of which exceed governmental standards (such as DoD 5220.22-M, NAVSO P-5239-26, etc.); this allows the user to choose an optimal balance between security and duration of the wiping operation.

Stop Badwear. The "Badware" problem. We've all seen it happen: you or someone you know has downloaded something from the internet that seemed harmless enough at the time. Next thing you know, the computer has slowed to a crawl. Pop-up advertising starts to appear out of nowhere. Private information gets sent to some company you've never heard of. And the worst part? Trying to uninstall the software sometimes makes the problem worse. Find out more...

Sender Policy Framework. Sender Address Forgery. Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse, or waste their time sorting out misdirected bounce messages. You probably have experienced one kind of abuse or another of your e-mail address yourself in the past, e.g. when you received an error message saying that a message allegedly sent by you could not be delivered to the recipient, although you never sent a message to that address. Sender address forgery is a threat to users and companies alike, and it even undermines the e-mail medium as a whole because it erodes people's confidence in its reliability. That is why your bank NEVER sends you information about your account by e-mail and keeps making a point of that fact.

Auslogics System Information provides you with detailed information about your computer operating system and hardware, including installed devices, running processes and services, memory and CPU usage, drive properties as well as other technical details. The information can be viewed from the categorized interface or exported to HTML, XML or text format.

Help Net Security

Falcon21 Home PC Security website!

Security Focus

Security Team Blog ( Security Team ) more Blog links

Internet Eraser - Freeware

Free Internet Eraser is an Internet privacy software that protects your Internet privacy by permanently erase internet history and past computer activities. Even though, many of the tasks can be performed manually,

Advanced Windows Care - Freeware Advanced Windows Care v2 Personal is a comprehensive PC care utility that takes an one-click approach to help protect, repair and optimize your computer. It provides an all-in-one and super convenient solution for PC maintenance and protection. This fantastic program is available free of charge for private use. More Microsoft Windows Windows Vista. Windows XP, etc.

Google Responsible Disclosure: Focus on protecting end users. Vulnerability disclosure policies have become a hot topic in recent years. Security researchers generally practice ?responsible disclosure?, which involves privately notifying affected software vendors of vulnerabilities. The vendors then typically address the vulnerability at some later date, and the researcher reveals full details publicly at or after this time. A competing philosophy, "full disclosure", involves the researcher making full details of a vulnerability available to everybody simultaneously, giving no preferential treatment to any single party. The argument for responsible disclosure goes briefly thus: by giving the vendor the chance to patch the vulnerability before details are public, end users of the affected software are not put at undue risk, and are safer. Conversely, the argument for full disclosure proceeds: because a given bug may be under active exploitation, full disclosure enables immediate preventative action, and pressures vendors for fast fixes. Speedy fixes, in turn, make users safer by reducing the number of vulnerabilities available to attackers at any given time. More Google information links

Skipfish (from Google) is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. SkipFish Documentation. A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. Support the open source community by providing a scalable, reliable, and fast collaborative development environment for open source software, docs, and standards that promotes best practices in open source software engineering."		SkipFish Security Report example :-

Anti-Phishing Toolbar

SpoofStick is a simple browser, (Internet Explorer or Firefox), extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places, hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as phishing".

Identity theft. (Home Office Identity Theft website),  Your identity and personal information are valuable. Criminals can find out your personal details and use them to open bank accounts and get credit cards, loans, state benefits and documents such as passports and driving licenses in your name.

The Identity and Passport Service was established as an Executive Agency of the Home Office on 1 April 2006.  The Agency builds on the strong foundations of the UK Passport Service (UKPS) to provide passport services and in the future, as part of the National Identity Scheme, ID cards for British and Irish nationals resident in the UK.  Foreign nationals resident in the UK will also be included by linking the scheme to biometric immigration documents.

National Identity Fraud occurs when a person's personal information is used by someone else without their knowledge to obtain credit, goods or other services fraudulently. It can even extend to securing a passport in their name.

Federal Trade Commission (Identity Theft)

Visit the UK Passport website issue UK passports to British nationals living in the UK.  Our website is here to help you with your passport application.

Preventing Virtual Blight: my presentation from Web 2.0 Summit

Belarc Advisor builds a detailed profile of your installed software and hardware, missing a href="http://www.acomputerportal.com/microsoft_windows.html">Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.

OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.

Free Internet Window Washer is a free internet tracks eraser and privacy cleaner software. As you work on your computer and browse the Internet, you leave behind traces of your activity. The Windows built-in functions will not protect you, most of the tracks can not be erased with them. Therefore, anyone else can see what you have been doing on your computer. Furthermore, much of your activity information takes up valuable disk space, and recovering this space can be very beneficial.

Process Library resource is for anyone who immediately wants to know the exact nature and purpose of any and every single process that is - or should not be - running on your PC.

Security Config, your security portal. Here you can find all of the tools you need to secure your website, business, data, and everything else digital. Downloads ranging from: Anti Virus Software, Cookie Tools, Desktop Security, Email Security, Encryption , Enterprise Monitoring , Firewalls, Network Security, Password Software, SSH Tools and more.

Google Hacks 2.0 - video powered by Metacafe  Also see Google Knowledge. Google Information

Microsoft Baseline Security Analyzer

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Provides Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting, as well as many more security methods.  See more Trackers, Website statistics, Hit Counters. Page Load Speed Tests

Maps and Travelling Links

Fraudwatch International

The ISO 17799 Information Security Portal. ISO17799, ISO 27000 and Computer Security News.

Consumer Direct, a telephone and online consumer advice service supported by the Department of Trade and Industry.

APACS - Association for Payment Clearing Services

National Lottery, (United Kingdom), scam (fraudulent) emails are increasing at an alarming rate.

Business Software Alliance. Help businesses avoid software licensing problems. We've designed the Anti-Piracy Information section to help users prevent software theft. BSA® one of the World's leading anti-software piracy groups is committed to providing support every step of the way. In 2003, across the EMEA region, the BSA handled 57,625 calls, followed up 7,929 end user leads and took legal action against 9142 companies. Learn about the types of software piracy, its penalties and find all the tools you need to make a difference: Asset Management Resources, Guide to Software Management, Reasons to Fight Software Piracy, Online Shopping Tips and much more. If you've already thought through the issues and now wish to report a company that uses illegal software, you can do so anonymously through our Online Reporting Tool. (Don't forget, when an organization is prosecuted, it is the company directors who face legal action.) Report Piracy Now

Red Flag Rule, (Federal Trade Commission), require financial institutions and "creditors" with "covered accounts" to establish identity theft prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate a customer-account holder has been victimized by -- or is engaged in -- identity theft.

The Windows Security Center, (Microsoft Windows®), which is already installed on your computer, monitors and enables you to manage important security settings on your computer, including a firewall, automatic updates, and the status of your antivirus software.

Microsoft Windows® Service Pack 2 A free software update pack for Windows XP, which is the operating system of many home PCs. Microsoft Windows® Service Pack 2 is commonly known as SP2 is designed to fix several bugs and vulnerabilities in Windows XP simultaneously, and give your PC better protection from viruses and hackers. How to get SP2 Also view Microsoft Windows®

BitLocker Drive Encryption is the final feature release name for the project previously referred to as "Secure Startup Full Volume Encryption." Some preliminary releases of Windows Vista®, still use the old project name in text strings and Windows® titles. This step-by-step guide uses the old project name where appropriate, such as referring to the user interface where it appears. Otherwise, the feature release name is used.

WinErrs Did you ever get an Illegal Operation 'or' Page Fault' error message when using Microsoft Windows® and wonder what it meant?  WinErrs is a database of 1.554 (Microsoft Windows®), error codes and their definitions.  These codes are extracted directly from (Microsoft Windows®), and are their descriptions.

Apple Product Security    Mac OS X Security        Apple Security Updates page      More Apple Links

Hoax-Slayer is dedicated to debunking email hoaxes, thwarting Internet scammers, combating spam, and educating web users about email and Internet security issues. Hoax-Slayer allows Internet users to check the veracity of common email hoaxes and aims to counteract criminal activity by publishing information about common types of Internet scams. Hoax-Slayer also includes anti-spam tips, computer and email security information, articles about true email forwards, and much more. New articles are added to the Hoax-Slayer website every week.

Secunia PSI (Personal Software Inspector) scans your computer for seriously outdated software products that have been discontinued or require critical security updates from the vendor.

CAPTCHA™ is a program that can generate and grade tests that most humans can pass, but current computer programs can't pass. For example, humans can read distorted text, but current computer programs usually can't read such  distorted text. This may be useful to confirm emails are genuine and other basic Diagnostics and Security checking.

WebScarab is a Web Application Review tool. It sprang from the designs of the people inhabiting the WebAppSec list run from SourceForge, for a powerful, free, open tool for reviewing web applications for security vulnerabilities. Not much of the original design has actually been implemented as envisioned. WebScarab started as a spider that could download all the pages on a site. It stayed that way for almost a year, before I decided to take lessons learned during the development of Exodus and implement them as part of WebScarab.

OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.

Security config Software to Protect your system.

Identity Finder - Freeware. Let us prove to you the power of our search capabilities for free. Simply download, install, and run the search. It will detect unprotected credit cards and passwords on your computer that are vulnerable to identity theft or fraud. Once found, you can permanently shred or encrypt the information with a password so identity thieves cannot steal them. Take the first step towards protecting your family, your employees, and your business; try Identity Finder today. Installation and removal are easy.

PC Pitstop! Is your PC acting sluggish? Are strange windows inexplicably popping up on your screen? Do you have to reboot your computer because of errors and lockups? Our free computer checkup and diagnostics can help you detect and fix many common computer problems!

GetNetWise. Accessing the Internet through a broadband or high speed Internet connection at home really enhances the online experience. However, broadband users should take extra precautions to secure their computer and their computer files. The speed at which information can be transferred to and from your computer and the fact that it stays connected to the Internet for long periods of time makes your it a more likely target for hackers than dial-up Internet users. By taking some basic precautions and using a few simple tools, you can do your part to protect cyberspace from hackers. At the same time, you'll also protect your computer and your information from theft, misuse and destruction. GetNetWise Main page

Information Virtual Private Network (or VPN). (Wikipedia), is a secure network connection that is layered on top of the Internet. This type of connection is used to move secure data to and from corporate networks safely, minimising the chance of these systems being "hacked or abused".

Secondary DNS , (SECDNS), provides redundant name service for a domain that you own, DNS is managed on your own nameserver(s). The servers providing Secondary DNS are located on separated networks to prevent any downtime. With Secondary DNS even if yours goes down, it will continue to resolve your queries. In the event of an attack the restoring of the secured DNS network will take place to keep websites on-line and useable.

Domain Name System Security Extensions (DNSSEC). (Wikipedia), is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality..

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

DNS How To DNS is the Domain Name System. DNS converts machine names to the IP addresses that all machines on the net have. It translates (or "maps" as the jargon would have it) from name to address and from address to name, and some other things. This HOWTO documents how to define such mappings using Unix system, with a few things specific to Linux.

SpoofStick is a simple browser add-on for Internet Explorer, that may help novice users to spot phishing scams that are linked from emails or web sites.

PhishFighting. Fight back and take down the Phishers. Enter phishers URL to Report it.

PhishGuard is a simple, FREE software service for computers running Microsoft operating systems (Windows 98 through XP) and any version of Microsoft Internet Explorer 4.0 or greater. PhishGuard harnesses the collective observations of Internet users to detect and rapidly disable Internet Phishing or Spoofing attacks designed to steal critical financial data.

Reporting Spam SpamCop parses reported email, sending warning information to the internet service provider responsible for hosting the services used by the spammer (web sites and email sending sites). SpamCop also uses the information to generate SpamCop's free blocking list. Unfortunately, this is an ongoing battle. Spammers adapt quickly and persistently. Report spam and help SpamCop turn the tide. SpamCop makes this otherwise slow and technical task quick and easy. The SpamCop reporting service is free.   More...

What is "mole" reporting? SpamCop Mole reporting was an experiment that presented many problems in the operations and integrity of SpamCop, so is mostly being disabled. Reports from users who choose to be mole reporters will count only in the statistics and aggregate counts. Reports are not sent and can only be viewed by SpamCop administrators. Mole reports do not count in the stats used to determine listing and delisting of IP addresses in the SpamCop Blocking List. As spam defenses and spammers become more sophisticated, many smart spammers have developed very sophisticated defenses against being detected. One of the spammer's strategies is to quickly and effectively remove anyone from their mailing lists who files a spam complaint (until they want to get revenge, and then the use these "remove lists" differently). This is generally (although not always) good for the person filing the complaint, but it is bad for spam defense in general, since these activists are the only ones identifying the problem. By removing the "trouble makers", spammers too often slip "under the radar" and appear to be legitimate senders, even though the majority (or entirety) of the victims don't want the mail (they are just the ones who don't bother to make waves). More...

Flash, aaaaagh! Is your school website flashy but safe? Most educational websites in the U.S. are using Flash applications that fail to adequately secure these pages. This is a growing problem for the Internet as vulnerable sites can be hijacked for malicious and criminal activity, according to a paper published in the International Journal of Electronic Security and Digital Forensics this month.   More links about Flash

PayPal Support Club. Review and helpful links, coding examples, warnings, other shopping cart links, etc. PayPal is a on-link banking system that allows website owners to integrate shopping cart technology into their site.  Find out more, includes links to helpful site about PayPal shopping cart technology. Report eBay spoof emails to spoof@ebay.com  Report spoof PayPal emails to spoof@paypal.com

Hacktivism is the writing of code, or otherwise manipulating bits, to promote political ideology. Taking Lessig's message to heart, hacktivism believes that proper use of code will have leveraged effects similar to regular activism (or civil disobedience). Fewer people can write code, but code affects more people. myWiseOwl

Security Protector Free security utility enables you to protect your PC by disabling some features like: use of the MS-DOS command prompt in Windows and real mode DOS applications from within the Windows shell.

PC WIZARD is a powerful utility designed especially for detection of hardware, but also some more analysis. It's able to identify a large scale of system components and supports the latest technologies and standards. This tool is periodically updated (usually once per month) in order to provide most accurate results.

CPU-Z is a freeware that gathers information on some of the main devices of your system. Name and number. Core stepping and process. Package. Core voltage. Internal and external clocks, clock multiplier. Supported instructions sets. All cache levels (location, size, speed, technology).

System Monitor. This software lets you keep your eye on system resource usages of your PC. It currently supports 27 kinds of information including CPU, Memory, Network, and detailed HDD usages.

My Lockbox is a security software enabling you to password protect folders on your computer. The protected folder is hidden and locked from any user and application of your system and also from the net. To access the protected folder you have to provide a valid password.

Diag Plus Diagnose registry problems from DOS. From WindizUpdate (62NDS Solutions Ltd.) More Hardware links

AIM Encryption Certificate Generator You can use this tool to generate a security certificate file that you can import into AIM. You can then have encrypted conversations with any other member who also has imported a security certificate. The certificates produced by this tool are generated on demand, and no two certificates will share the same private key. This means that the certificates produced here are much more secure than the one certificate being mass distributed at AIM Encrypt - Free Security Certificate for AIM

AIM Encrypt - Free Security Certificate for AIM! Encryption certificate. Why do I want AIM Security? AIM is known to not have the best security, or any for that matter. If someone on your network is using a "packet sniffer" or other type of traffic analyzing tool they can see your AIM conversations and read them word for word. AIM Security using SSL Certificates makes your conversation appear much like trash to anyone analyzing what you type much like "Sw43jg73js7HSkg8Skeq3k65" instead of "Hello Friend". This certificate encodes the message so only the sender and the receiver can read the message. But still please use common sense and don't send credit card numbers, etc. over IM, this should only make you about "this" much safer on the internet, and make you feel cool having a padlock next to your name

SSL, Secure Socket Layer. This is a system used to protect secure information, for example credit card, bank account details, etc. Most sites that use this system will have URL's that start with https:// ,( note the "s" ), instead of the normal unprotected http:// 

The sites that use SSL, Secure Socket Layer may also display a small padlock image in the Task Bar. You should not send private or sensitive information of any type without using the SSL, Secure Socket Layer method.

The Secure Sockets Layer protects data transferred by using encryption enabled by a server's SSL Certificate. Uses a public key and a private key. A public key is used to encrypt, (note that some systems may have different levels of encryption but this should not be any less than 128 bit encryption), information and a private key is used to decipher it. When a browser points to a secured domain https://, a SSL handshake authenticates the server and the client and establishes an encryption method and a unique session key.

The GNU Privacy Guard. GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. OpenPGP is the most widely used email encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440. The OpenPGP standard was originally derived from PGP (Pretty Good Privacy), first created by Phil Zimmermann in 1991. PGPdump Interface OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Apache-SSL SSL 3.0 specification, Netscape. RSA security

Get Safe Online will help you protect yourself against internet threats. The site is sponsored by government and leading businesses working together to provide a free, public service.

Bank Safe Online sets out simple steps you can take to help keep safe online. We also provide you with updates on the latest scams, and enable you to report any suspicious emails or websites to us direct.

Advanced WindowsCare Repair and fix windows with 1-click. Slow down, freeze and blue-screen crash are over. Advanced WindowsCare thoroughly examines the Windows system, accurately detects the bottlenecks for slowing down and crashing, fixes these problems and repairs Windows. All work will be done with 30 seconds and 1 click. The intuitive interface makes Advanced WindowsCare the perfect tool for Non-IT professionals

Free Internet Window Washer is a free privacy cleaner to remove internet tracks and computer activities. It can erase Window®:s temp folders, run history, search history, recent documents, browser's cache, cookies, history, typed URLs, autocomplete memory, index.dat files, and more. You can also easily erase the tracks of up to 100 popular applications. It also provides you option to clean the data more securely so that they could not be recovered.

Home Office Identity Fraud Steering Committee What is Identity theft? Your identity and personal information are valuable. Criminals can find out your personal details and use them to open bank accounts and get credit cards, loans, state benefits and documents such as passports and driving licenses in your name.

CIFAS, (Credit Industry Fraud Avoidance Scheme), the UK's Fraud Prevention Service. CIFAS is a not for profit membership association solely dedicated to the prevention of financial crime. CIFAS provides a range of fraud prevention services to its members, including a fraud avoidance system used by the majority of the UK's financial services companies.

Card Watch raises awareness about all types of plastic card fraud in the UK, and provides information to prevent fraudulent use of credit cards, debit cards, cheque guarantee cards and charge cards.

The Council of Better Business Bureaus and BBB OnLine Complaint System. The BBB does not take sides in a dispute. The BBB works to facilitate communication between the company and the consumer, to help both sides come to a satisfactory resolution to the complaint. In many cases, dispute resolution, including mediation and arbitration, may be available to help resolve the dispute.

The European Telecommunications Resilience and Recovery Association (ETRA) is a European forum for discussion, debate and information. Based in the UK it aims to extend understanding of the relationship between telecommunications, information assurance, security, disaster management and corporate governance.

WARPs (Warning Advice and Reporting Points). WARPs are part of the Centre for the Protection of National Infrastructure Security information sharing strategy to help combat the increasing risk of electronic attack on our information systems.

Center for the Protection of National Infrastructure. Information sharing strategy to help combat the increasing risk of electronic attack on our information systems.

Iirongeek. Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy). Articles and tutorials.  

CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

The National High Tech Crime Unit:- National unit formed in April 2001 comprising personnel from the National Crime Squad, the NCIS, and from HM Customs & Excise. It works in conjunction with computer crime units in UK police forces.

National crimes quad police UK The National Crime Squad works at the heart of tackling serious and organised crime.

Computer Crime and Internet-Related Crime The Metropolitan Police Service.

National Crime Prevention Council's (NCPC) mission is to prevent crime and build safer, more caring communities.

Terrorist Activity Report Them Here (FBI) Federal Bureau of Investigation.  Stop and report terrorists United States of America

CRIMESTOPPERS United Kingdom. Call anonymously with information about crime. 

MI5 the official website of the UK Security Service (MI5) are responsible for protecting against threats to United Kingdom National Security, such as terrorism and international terrorism.  If you know something about a threat to National Security.  STOP and report terrorists.

Blocking Unwanted Parasites with a Hosts File and other security tips.

Fraud:- Attention Footie fans! Following discussions with the European Commission FIFA has agreed to accept more ticket payment methods in the next stages of ticket allocation for the 2006 World Cup in Germany. Watch out for the latest scam - an e-mail that pretends to come from FIFA, telling you that you've got a ticket to the World Cup. It carries a mass-mailing worm. The advice, as always, is not to open attachments in such e-mails, (use anti-spam software), and to ensure that your Anti-Virus Software Tools & Utilities protection is up to date.

SPIM & SPIT (SPIM, SPam using Instant Messaging), is another new spamming technique, the difference in this case being that the spam is delivered through Instant Messaging rather than email. It's not as common as email spam. According to a report from Ferris Research, 500 million IM spam were sent in 2003, twice the level of 2002. As it becomes more common, spim could affect businesses in the same way that email spam does now, creating security problems and costing time and money. SPIM stands for Spam over Internet Telephony. It's essentially like spam email, only rather than getting unwanted messages in your inbox, they're left on your voicemail. It can happen if you're using a phone connected to the Internet, something more and more people are choosing to do. VoIP, ( Voice over Internet Protocol ), addresses or may hack into a computer used to route VoIP calls. And, because calls routed over IP are much more difficult to trace, there's a far greater potential for fraud.

Yahoo Security information and advice

Yahoo Hacking.  Social Engineering, Phishing information (Faux is a French work used to describe something made to resemble something else. The original French word means false, fake, imitation or artificial.)

Yahoo Reporting Password Scams

• Email: If you receive an email impersonating Yahoo!, please forward the email to mail-spoof@cc.yahoo-inc.com. Include the full headers and the HTML source code of the email you received.
• Web page: If you see a web page asking for your Yahoo! ID and password and you feel it is a scam, please report it to Yahoo!. Include the full URL of the web page collecting passwords.

Free PC Scan Windows Registry Repair

PC Security Software PCSecurityShield. Protection Range. Anti-virus, Firewall, Privacy Defender, Spam Shield, Popup Blocker, Delete files PERMANENTLY, etc... 

Department of Trade and Industry Notes

SiteAdvisor. We test the Web to help keep you safe from spyware, spam, viruses and online scams.

APNIC Spammers & hackers : Using the APNIC Whois Database to find their network | Spam | Hacking

!exploitable, (pronounced "bang exploitable") Crash Analyzer, (!exploitable Crash Analyzer - MSEC Debugger Extensions). A plugin for the Windows Debugger that parses your crash logs and gives you two important pieces of information. First, it will collate all of your crashes and determine exactly how many there actually are. So for example, out of 60 crash reports, there may only be 2 or 3 actual problems. The second thing it does is look at the type of crash and try to determine if the error is something that could be exploited by a malicious hacker. This means that more junior employees can work these bug issues without taking the time of more senior examiners.   More Microsoft Windows Links.

Web Master Tools and Utilities

Security wonks.net

Scurity wonks.org Forum

Alliance of Security Analysis Professionals (ASAP).

Keylogger Hunter - Detects Keyboard Monitoring Programs

Help maximize your security with the Internet Explorer High Encryption Pack.

World privacy forum

5 Steps for Preventing Employee Fraud
More WebProNews Videos		What you can do to avoid it. By Abby Johnson Did you realize that a typical organization loses up to 5 percent of its annual income to fraud? This information is one result of an annual survey of Certified Fraud Examiners conducted by the Association of Certified Fraud Examiners. As reported in the video these losses could be very harmful to small businesses.

UBCD4Win Bootable CD Repair/Restore/Diagnose etc for Windows®.

DomainKeys: Proving and Protecting Email Sender Identity (Information by Yahoo) Email spoofing, (and Phishing) - the forging of another person's or company's email address to get users to trust and open a message - is one of the biggest challenges facing both the Internet community and anti-spam technologists today. Without sender authentication, verification, and traceability, email providers can never know for certain if a message is legitimate or forged and will therefore have to continually make educated guesses on behalf of their users on what to deliver, what to block, and what to quarantine, in the pursuit of the best possible user experience.

DNSSEC, (DNS Security ExtensionSecuring the Domain Name System).

Brit holds the 'key to the Internet. (Reboot the web if it Goes down) From Yahoo News. The CommunityDNS is made up of a team of specialists that created a security system, known as DNSSEC, (DNS Security ExtensionSecuring the Domain Name System).

Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields.

Phishing.  A lot of Major banks, Credit Card operators, e-Commerce Sites, Visa, PayPal, (PayPal Support Club), and eBay, (also many other websites), have suffer from Phishing. This is where people were directed to a fraudulent website that is identical to the companies' sites in the hope that they will supply details so they can be used illegally.

Anti-Phishing Working Group - Committed to wiping out Internet scams and fraud.

Phishing Report The Phish Report Network (PRN) was established to address the growing problem of phishing. As the industry's first anti-phishing aggregation service, PRN enables companies to better protect consumers against online fraud.

Know your Enemy: Phishing Behind the Scenes of Phishing Attacks. The Honeynet Project & Research Alliance.

RSA Data Security, Inc.,

FireFox Browser A Mozilla project, empowers you to browse faster, more safely and more efficiently than with any other browser.

Internet Watch Foundation Site Index (Legal issues. Reports illegal and offensive Internet Issues.)

SafeSurf Creating a Safe Internet Without Censorship Help Us Accomplish This Goal.

EFF is a nonprofit group of passionate people & lawyers, volunteers, and visionaries working to protect your digital rights.

Copyscape Search for copies of your page on the Web. Defend your site a against plagiarism.

Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") (As Approved by ICANN on October 24, 1999)
http://www.icann.org/udrp/udrp-rules-24oct99.htm   or   http://www.icann.org/udrp/udrp-rules-24oct99.htm

Domain Name Transfer's ICANN Inter-Registrar Transfer Policy.

UKReg Domain Name Dispute Policy

Nominet Disputes account all registrations in the .uk Top Level Domains.

Domain Name law (Sedo)

eSecurity4Britain Inform, educate and provide protective measures to ensure small businesses can use the internet to operate their businesses - with security.

7Safe is an Information Security services firm offering a diverse portfolio of services including security training & certification, penetration testing, computer forensics and risk management (including BS 7799).

Police United Kingdom UK Police Service portal.

Ofcom is the independent regulator and competition authority for the UK communications industries, with responsibilities across television, radio, telecommunications and wireless communications services.

Association of Certified Fraud Examiners The ACFE is an anti-fraud organization and provider of anti-fraud training and education. Tthe ACFE is reducing business fraud world-wide and inspiring public confidence in the integrity and objectivity within the profession.

Check premium rate numbers ICSTIS, Independent Committee for the Supervision of Standards of the Telephone Information Services- the premium rate services regulator.

Computer Hope

Also view our Scams and hoaxes. Fraud warnings. Virus Attacks.

SquareTrade eBay User Support. Trouble with a transaction? SquareTrade can help you resolve issues independently or through professional mediation.

Federal Trade Commission - As part of an international group of consumer protection agencies, the FTC monitors an online complaint site called econsumers.gov. Although they do not resolve individual consumer problems, complaints are used to help investigate fraud, and can lead to law enforcement action.

National Fraud Information Center - The NFIC helps consumers distinguish between legitimate and fraudulent promotions in cyberspace and route reports of suspected fraud to the appropriate law enforcement agencies.

Mobile Industry Crime Action Forum. An organisation set up by the United Kingdom mobile telecommunications industry, including mobile handset manufacturers, to address the issues of mobile phone theft.

ScamSafe Archives

Fraud Watch International

Anti-Phishing Working Group

Anti-Phishing Act of 2004

Security Focus Magazine (Phishing Forensics)

Federal Trade Commission (Anti-Phishing)

Better Business Bureau (Anti-Phishing)

Patents: Commission proposes rules for inventions using software

Wireless Security Issues from our page WAP, WML, Wireless Markup Language, Wireless links, Wi_-Fi, BlueTooth, PixeCode, PDF414, Semacode, Datamatrix, radio links.

Safe Options Safe Options is the UK's leading online security store. Buy Safes, Lockers, Convex Mirrors and Key Cabinets online from our UK security store. We supply fire safes and security safes to both Business and Home Safe Users Buy Safes on 30 Day terms - available for recognised UK institutions FREE DELIVERY OF SAFES and LOCKERS ON THE UK MAINLAND* (*Ground Floor with easy access except N.Ireland and Islands)

Homeland Security Threat Monitor  (United States of America). A small Windows application that runs in your system tray, showing the current terrorism threat level. It periodically checks to make sure the information is up to date by contacting the Department of Homeland Security web server. Establish an emergency preparedness kit and emergency plan for themselves and their family, and stay informed about what to do during an emergency.

The Open Web Application Security Project released a helpful document that lists what they think are the top ten security vulnerabilities in web applications.

Host Files. You can begin blocking ads and help keep yourself from being tracked by using the Hosts file with Windows and other operating systems.

Microsoft Diagnostics and Recovery Toolset. 30 day evaluation of the Microsoft Diagnostics and Recovery Toolset. This product provides powerful, intuitive tools that help administrators recover PCs that have become unusable, and easily identify root causes of system issues. This toolset is part of the Microsoft Desktop Optimization Pack.

eBay Help about how to spot a Spoof emails

Reporting eBay Account Theft, If you feel your account has been compromised, please report it.

eBay Safe Trading Tips

eBay Security Center

PayPal Security Center

New PayPal phishing scam uncovered   The email, which purports to come PayPal, claims that the recipient's account has been the subject of fraudulent activity. However, unlike normal Phishing emails, there is no internet link or response address. Instead, the email directs the recipient to call a phone number and verify their details. When dialled, users are greeted by an automated voice saying: "Welcome to account verification. Please type your 16 digit card number." Once the credit card details are entered, the scammer is free to steal the credit information for their own use. Spyware analysts SophosLabs are warning users not to respond to the email. Graham Cluley, senior technology consultant at Sophos said "Though it's an American telephone number, the fact that PayPal is used globally means that anyone could potentially be tricked into making the call." More SpyWare Removal Links.

PayPal Support Club. Review and helpful links, coding examples, warnings, other shopping cart links, etc. PayPal is a on-link banking system that allows website owners to integrate shopping cart technology into their site.  Find out more, includes links to helpful site about PayPal shopping cart technology.

Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject, client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by site owner.

Video Scams, etc 

Also read Methods of Internet adverting

Click Fraud Protection and Click Fraud Security

Scams and hoaxes. Fraud warnings. Virus Attacks

Check for rubbish service

FireWall's

SpyWare Removal

Backup/File Compression Data Recovery

Protect your Usernames and passwords. Protect your system 

Disaster Recovery Planning. (Also Undelete Files) So how good is your Disaster Recovery Planning?

Anti-Virus Software Tools & Utilities

Spam Filters

Web Master Tools and Utilities

Forums. Computing Forums. Webmaster Forums, Programming Forums

Terrorist Activity Report Them Here (FBI) Federal Bureau of Investigation.  Stop and report terrorists United States of America

CRIMESTOPPERS United Kingdom. Call anonymously with information about crime. 

MI5 the official website of the UK Security Service (MI5) are responsible for protecting against threats to United Kingdom National Security, such as terrorism and international terrorism.  If you know something about a threat to National Security, STOP and report terrorists.

Police United Kingdom UK Police Service portal.

Web Masters. Click Here Now to start making money. A Great opportunity to make some money. Receive 50% by offering your users Ton's of Keywords on A Great Portal websites. Our Affiliate Program Pays you 50% on Level 1 of Every Sale of our Text Link both searchable and static Text Link!