Tuesday, September 01, 2009

Facebook Phishing - Watch Out!

With the consistent surge in popularity ofFacebook, it's no wonder that hackers, thieves and other na'er-do-wells are looking to exploit as many users as possible! From my limited experience, I've already seen two friends be hacked by malicious links or applications they were introduced to on Facebook. Unfortunately, while there are some tools that are very helpful in preventing such attacks, the best offense is to use the time-tested technique we've all been using all of our lives...be aware of our surroundings. Would you walk around a city without knowing where you were going? You should treat the internet with the same level of care!

The sad part is that while Facebook is a safe-haven of sorts, it's first and foremost a social community where all types of things are shared between friends, family and acquaintances, files, pictures, links. To help you decide what's safe, and what may not be safe, I created this primer for you and everyone else on the web be a little more informed and aware of their digital surroundings!

The Threat

Where's the danger? Sometimes the threat can be as unthreatening as a link posted by one of our friends...but be wary, not every link can be trusted, even a link from a friend! The safest thing to do before you click on any link to is to consider where it is you WANT to go and where you may ACTUALLY be going...

The First Warning:

As an advocate and user ofOpenDNS, I was afforded an early warning about the dangerous position I might be putting myself in...If you don't useOpenDNS(you really should!) you wouldn't see a warning like this...

The Second Warning:

The first link really just redirects users to another suspicious web site. The new site, however, is no less of a danger than the first!

The Danger:

Being intentionally foolish, I chose to proceed without regard for my own safety or the safety of my computer and all the information stored on it...As a result, I wound up a the carefully crafted and dangerous site that our would-be hackers created to do as much damage as possible in the short time I'd be visiting the site.

But how do you know this site is really dangerous? At first glance it appears to be the same site we started at, our beloved Facebook. But upon closer inspection, you should be able to notice some differences that should start the alarm bells sounding...

First, almost instantly upon our arrival at the site, a file begins downloading. Did you want to download the file? Did you do anything that would make you think you would download a file? If you didn't, the odds are pretty good that it isn't a file you WANT to download!

Looking at the address for this site, you should also notice that it's composed of all numbers...you're not in Facebook.com anymore! What you're actually looking at the IP address for the web site - every web site has one, in fact, every computer has one. Your computer has one right now (assuming you're viewing this online and haven't downloaded a copy of it...). Without going to the domain name facebook.com, you have no idea whether this site is authentic or not...so despite the fact it LOOKS like Facebook, you should immediately question whether or not it really is.

As a side note, weren't we headed to youtube.com? Why are we even back in Facebook-land?

If you still not certain whether you should be downloading this file, stop and think for a second. Look at the page...what might you be downloading? An update for Flash?

If you've been surfing or playing games on Facebook, you've already been using Flash. Flash Player is an application created by Adobe that allows all of those nifty graphics and video to play on your computer. If you don't know whether or not you need an update, trusting a site like this for guidance is probably not a smart idea. A safer bet is to visit Adobe directly athttp://www.adobe.comand check.

Danger! Danger!

Let's assume that we all agree this site is now suspicious at the very least. At the most, it's downright threatening...so what next? Once you've decided that site isn't what it appears to be, don't trust ANYTHING on that site. Every link or pop-up dialog box could be a potential threat. You wear gloves when you take brownies out of the over, right? Treat this web site no differently!

Hackers will create innocent-looking pop-up dialog boxes that are designed to look like something we'd click without even thinking about it. Most of the time, these are not actually pop-up dialogue boxes from your browser, but from the site itself! As the second wave of attack, their goal is to get you to click them and inflict damage on yourself! (Note: depending on the browser you're using, it may look slightly different - I used Google Chrome for all of these screen captures.)

The Remedy:

So if you can't trust anything on this page...even that friendly-looking pop-up window, what can you trust? Your computer. The safest thing for you to do at this point is to close your browser completely. This can be tricky...depending on the browser or browser version your using, it may be okay to simply click on the "X" and close it...but not always!

If you're running Windows Vista or XP, your best bet is to use the Task Manager to close the browser. To access the Task Manager, just right click next to the Start button (not ON it, just next to it!).

Long ago, I replaced the standard Task Manager in Windows with a more advanced and informative version from Microsoft calledProcess Explorer. Its free and incredibly useful in situations like this one!

To use Process Explore (or Task Manager) to close your browser, just scroll down until you find the name of the application and the right click on it. As I'm using Google Chrome, the application is chrome.exe. If you're using Internet Explorer, you'd look for the program iexplore.exe, Firefox is firefox.exe and Safari is probably something like safari.exe. Once you've right-clicked on the application you want to close, just select "Kill Process Tree" and the browser will close completely and cleanly!

The End.

I hope you found this helpful, and I'm sure there is a wealth of additional information on the net about how you can protect yourself from phishing attacks both within Facebook and everywhere else on the web!

Stay safe!

Tuesday, August 25, 2009

Web Hosting..My Top 3

Strugging to find the right web hosting provider for your online presence? In today's market, there are plenty of options to choose from...hosted or dedicated, Windows or Linux, free, cheap or expensive, just to name a few. Having spent years developing and hosting websites, I've come across a few gems that really make developing and hosting your very own website easy and fun...not to mention cheap!

Here are my top three pics for web hosting providers:
  1. GoDaddy.com
    Wordpress Hosting at GoDaddy.com
    I've been hosting monkshack.com with GoDaddy for years. In addition to their afforable and integrated domain name purchase options, they have great reliablity and exceptional customer service. Every issue I've encountered (either of my own doing or due to some unseen gremlin) has been resolved quickly and efficiently...that is actually rare in this day and age!
  2. FatCow.com
    A newer find for me, but their limitless web hosting really offers some incredible opportunities for individuals or small companies that are looking to break their web silence and begin harnessing the power of the internet to enhance communication, marketing and the services they offer!
  3. 1and1.com

    I've been experimenting with 1and1.com for almost a year now and find the wide range of services an incredibly valuable asset. The only reason I can't rank them higher is that the customer service is slow and novice users are really going to be challenged to take advantage of all they have to offer.
Coming soon...the best web applications to use for your own web site - be it personal or professional! Trust me, I've used them all and I'll help you avoid the pitfall that I've encountered along the way!

Friday, July 24, 2009

Inspiron 1501 + Ubuntu 9.04 = SUCCESS!

Thanks be to the folks over at http://www.ubuntu1501.com!

I'd attempted installing Ubuntu on the Insipiron last year, but, being an admitted Ubuntu-newbie, I couldn't figure out the convoluted method to get Unbuntu to recognize the wifi card in the laptop. After a week of trying, I finally gave up and went back to WinXP - it is my wife's laptop after all and, while she was doing well to control her annoyance at my pursuit, I didn't want to push my luck.

Well, when XP finally was zapped by some annoying script in an ad, we finally decided to wipe it and start anew. I reinstalled Vista that came with it and then decided to try Unbuntu 9.04 on a second partition. After a rough start getting the LiveCD for Ubuntu burned (apparently burning from a Windows machine corrupts the .iso image - I wound up having to burn the CD from a desktop already running Ubuntu...weird), I installed Ubuntu with not a single problem!

Enabling the proprietary hardware drivers released by Broadcomm for Linux brought the wifi up immediately! I all can say is thanks! I love having Ubuntu as an option! I really do believe that for the casual user, Ubuntu is an excellent option to consider - fast, lightweight and relatively easy to maintain. The only nagging drawback is that Ubuntu still does require some command line skill to really maximize its potential - a fact which would undoubtedly scare some people away. But if haven't tried it yet, you really should!

Wednesday, July 15, 2009

Facebook: Rough Transition?

As a seasoned Facebook veteran, I have to admit that it's been interesting to see the transition that Facebook (http://facebook.com) has been taking as it moves from a closed-network community to one that has a much broader appeal. One of the funny things I've noticed is that much of the site still bear remants of its college-network roots. You'll find forms for room number in your contacts (last time I checked, we hadn't numbered each of the rooms of our house...) and there's still very limited cross-network connectivity.

One of the the things that strikes me as most egregiously forgotten is offering users a ways to provide selective permissions (or restrictions) to groups of friends. Facebook seems to be moving in that direction by allowing you to group your friends, but I have yet to find how I'm able to translate that into and effective data privacy filter. I'm not saying it isn't a difficult undertaking, but I also feel that without implement more options for users, they're going to lose their ability to keep people who have multiple networks of friends, co-workers and acquaintances - all of who don't really have a need to know EVERYTHING about them...

The New MonkShack

It's been a long time coming...I've finally redesigned the MonkShack homepage (http://www.monkshack.com). Over the years, the site started as static HTML and gradually evolved in a database-driven, dynamic site that provided the front door to all of the sub-domains that maintain, including this one! My primary goal in this redesign to simplify the site followed closely by goals to improve navigation and increase the ability for monkshack.com to be a central linkage point for all of our web2.0 activities. The site is now table-free with the vast majority of the structure and formatting being done using CSS. I think I've met my goals, but I'm always interested in what other users think, so if you want to share your opinion, I'm all ears!

I continue to use GoDaddy as my hosting provider, despite their transparent attempts to use their adverstising to stir up controversy (thereby increasing discussion about GoDaddy). They've always been responsive in their customer service and I couldn't be happier with the suite of tools they provide to host and maintain my domains. I had what could only be described as an ancient installation of DotNetNuke (no, I won't say what version - its just too embarrassing!) that over many years and server changes was now residing on a separate server and was outside of my permissions. I don't even know how that happened...but it did. In my redesign process, I wanted to start from as clean a slate as possible, so that meant removing my old DNN installation (formerly housed at http://www.monkshack.com/community) and the associated databases. GoDaddy's technical support couldn't have been better about helping resolve the issue - even going so far as to contact me with a follow-up phone call before the directory was deleted to see if I needed a backup of all of the data that was housed on that site. (I'd backed up the entire already to a local server, but it was darn nice of them to ask!)

Even after the redesign, I felt that I wanted a web-enabled CMS for at least a part of the site, so I installed Joomla in place of the old DNN. Now I'm facing the difficult challenge of determine how much of the old site I want to put back - and how much is simply going to stay in the archives...