Gmail, Google’s email service, has some vulnerabilities that could allow unauthorized access to your email. To beef up security, make sure you are using a secure HTTPS connection to Gmail by checking your browser’s address bar. The address should begin with “https://” if you are using a secure connection. While HTTPS is not without its own vulnerabilities, it’s better than naked surfing.
You can configure Gmail to always use HTTP by clicking Settings from the main Gmail window. In the General tab under Browser Connection (at the bottom), select “Always use https.”
Other email services like Yahoo and Hotmail don’t allow this option. Your most secure option is to download your email using a program like Mozilla Thunderbird instead of viewing it on the Web. (In my opinion Outlook and Outlook Express won’t do anything to enhance your security because they have their own problems.)
Pardon me, but you’ve left an orphan out there. Orphaned accounts are email or web usernames that are no longer used but haven’t been deleted from the server. Small businesses and consumers alike would do well to clear their electronic trails of such wayward offspring.
For small businesses, orphaned server accounts can be an unseen hazard. Imagine you’ve let an employee go but haven’t deleted their account. They could log in and grab sensitive data or rig the system to self-destruct; these days you don’t need to be a computer whiz to do it. It’s wise to make deleting accounts part of your standard personnel procedures. Avoid sharing accounts and passwords; set up individual IDs with specific access instead, and don’t be tempted to leave post-its with passwords in your office. That deliveryperson could be a hacker in disguise.
Consumers should be aware of the orphans they may leave while visiting online sites. If you set up an email or web account somewhere but aren’t using it, contact the site and ask them to delete it. Ironically, you may find some sites don’t have a procedure for doing so. Talk to their tech people and request written confirmation that your account has been deleted. Otherwise you never know what someone else might be doing in your name.
Next month we’ll talk about Alternate Web Browsers. Don’t forget to subscribe to the email version of Tech Tips for the latest computer news.
The next time your computer gives you an error message, take a second look.
Because it may be a phony web pop-up, trying to convince you that your computer has an error. These pop-ups look remarkably like regular system alerts, but they’re really Web ads trying to get you to click and infect your computer. The notorious WinAntiVirus scam (aka Winifixer or the Smitfraud trojan) uses this ploy to convince you that your computer is at risk unless you install their purported product.
Other Web pop-ups may try to get you to click on seemingly legitimate ads or offers. It can be extremely difficult to tell the difference between a real ad and a fake one, or even between a real Web site and a malicious clone. You can test your Web savvy through the McAfee SiteAdvisor spam and spyware quizzes, which will show you just how deceptive these phony pop-ups can be. (I also recommend you install the SiteAdvisor plug-in for your browser.)
Worse, there’s the practice of clickjacking, which allows a malicious program to force your browser to click any link. This means you could get infected without any interaction on your part.
How can you protect yourself? Be sure to run the latest version of your antivirus software (see the Windows Help and Mac Help sidebars for suggestions). Windows users, don’t use Internet Explorer, try Mozilla Firefox instead. Using IE can increase your risk of infection. I also strongly recommend that you not click on web pop-ups, ever. Use Firefox’s pop-up blocker or a similar tool to keep the pop-ups away, and ignore the ones that do slip through.
Next month we’ll go over my Holiday Computer Gift Guide. If you have any computer questions, click Comments below this article, and be sure to sign up for the email version of Tech Tips for bonus tips and product reviews.
If you run any kind of web server, you are probably familiar with the recent attacks on SQL databases. Help is on the way in the form of a new tool from Microsoft and HP, which you can use to test your Web site for vulnerabilities.
Common SQL attacks involve directing unsuspecting PCs (often owned by home users) at malicious Web sites. These sites infect the PCs with code that infects other web servers, and the vicious cycle repeats.
If you host your web services and are unsure if this affects you, contact your Internet provider. Consumers can help by keeping their web browsers up to date, and being aware of the prevalence of phony sites.
Recent Comments