Tech: From CNN – don't Click on that! Story about online privacy (Recommended Reading)
This is a little late of a post but I just saw it. CNN has a story on its technology page that talks about how cyber Criminals can get your identity. The story which can be found at Will your privacy be compromised online? (http://www NULL.cnn NULL.com/2009/TECH/09/28/online NULL.security NULL.tactics/index NULL.html) talks about how
“The 2010 Census is nearly under way, but don’t expect an e-mail from the U.S. Census Bureau asking you personal questions in its head count of America.”
“The Census Bureau stresses that it will not request personal information from you via e-mail, such as PIN codes, passwords, Social Security numbers, credit-card numbers or other financial account information.”
“To protect their privacy online, computer users need to stay informed about the criminals’ methods and to learn basic principles of caution.”
The full story is at http://www.cnn.com/2009/TECH/09/28/online.security.tactics/index.html (http://www NULL.cnn NULL.com/2009/TECH/09/28/online NULL.security NULL.tactics/index NULL.html)
Software: Microsoft “My Phone” software
With the release on Windows 6.5, Microsoft has also taken the My Phone service out of beta. The following email from Microsoft talks about some of the features of the My Phone service.
*************************************************************
Microsoft® My Phone Launches! 
Dear My Phone User,
We appreciate your participation in the Microsoft My Phone beta. Your feedback has been invaluable in improving the service.
Today, with the launch of Windows® phones, the My Phone service is exiting beta and launching commercially. We’ve added a number of new features to the service:
Share photos on popular social networks
With just a few clicks, you can post photos to Windows Live, Facebook, MySpace and Flickr from the My Phone online portal or directly from your phone.
Find your missing phone
My Phone can show you the last known location of your phone on a map. To activate this feature, select "Send phone location" in your phone’s My Phone settings. Not available in all markets.
Premium features
My Phone can help you secure a lost phone using new Premium features. You can lock or post a message on your phone from the web. Or, if you know the phone is gone for good, you can use My Phone to erase all your personal information so it doesn’t fall into the wrong hands. For a limited time, you can try these features for free, so be sure to check them out. Premium features are not available in all markets.
The next time you sync, you will receive a notification on your mobile phone to update the My Phone software. The content you have already synced remains available and can be managed online.
Visit http://myphone.microsoft.com (http://myphone NULL.microsoft NULL.com/) to learn more and try out our new features!
Thanks,
The My Phone Team
How To: Removing people from Facebook wall
I haven’t focused much on social media sites (Facebook, My Space, etc) because that is not a side of technology that I find all that much interest in (I guess I’m showing my age). Don’t get me wrong, I can do Skype or hold a long conversation on Instant Messenger, but leaving sticky notes for someone (plus everyone on that page) just isn’t that appealing to me.
However, by request (of multiple people), I keep getting asked if I know how to remove someone from a Facebook wall. If there is someone who you just rather not see any posts from or messages from, this is most likely the case if someone is on based on being a friend or a friend type of thing. So for all those who requested this how to……here is the how to -
1) From the top bar in Facebook, go to settings –> Privacy settings
2) In the box that opens you will see Block list with a choice of Person or Email.
*You can choose either option
3) once you fill in one of the to ways to block and click on the Block button you will see a window that will show you the picture of the person you are attempting to block (If there is more than one person with same name you will see more than one choice)
4) Just select the person you wish to block and hit ok.
From that point on just click on the refresh button (F5 on Internet Explorer / Ctrl-R on Firefox) and the person you blocked will no longer be seen on your page.
UPDATE: Windows Live Credentials exposed – Microsoft Investigating.
Microsoft has a post concerning the Windows Live ID’s that were exposed in the past few days.
From the Windows Live Blog http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528.entry?wa=wsignin1.0&sa=363915619 (http://windowslivewire NULL.spaces NULL.live NULL.com/blog/cns!2F7EB29B42641D59!41528 NULL.entry?wa=wsignin1 NULL.0&sa=363915619)
*******************************************************
10/5/2009
Update: Phishing scheme affecting some Hotmail customers
As of 3pm PT: We want to provide a quick update, that as a result of our investigation we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.
If you believe your information was documented on the illegal list, please fill out the following form (https://support NULL.live NULL.com/eform NULL.aspx?productKey=wlidvalidation&ct=eformcs&scrx=1) to reclaim access to your account.
—
Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.
Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.” If you believe you’ve been a victim of a phishing scheme, it’s very important that you update your account information and change your password as soon as possible. More information on what to do is available on this page (http://windowslivehelp NULL.com/solutions/accounts/archive/2008/10/25/what-to-do-if-you-think-your-accounts-been-stolen NULL.aspx) at our support community.
Microsoft recommends customers use the following protective security measures:
- Renew their passwords for Windows Live IDs every 90 days
- For administrators, make sure you approve and authenticate only users that you know and can verify credentials
- As phishing sites can also pose additional threats, please install and keep anti-virus software up to date
Answers to a few general questions about phishing scams
Q: What should you do if you fall victim to a phishing scam? How should you respond? What steps should you take?
A: If you think that you may have responded to a phishing scam with personal or financial information or entered this information into a fake website, you should take four key steps: (1) report the incident to the proper authorities, (2) change the passwords on all your online accounts, (3) review your credit reports and your bank and credit card statements, and (4) make sure you are using the latest technologies to help protect yourself from future scams.
- For the first step:
- If you have given out your credit card information, contact your credit company right away. The sooner a company knows your account may have been compromised, the easier it will be for them to help protect you.
- Next, contact the company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received. Or call the organization’s toll-free number and speak to a customer service representative. For Microsoft, call the PC Safety hotline at:
1-866-PCSAFETY. - Then, report the incident to the proper authorities. Send an e-mail to spam@uce.gov (spam null@null uce NULL.gov) to report it to the Federal Trade Commission and to reportphishing@antiphishing.org (reportphishing null@null antiphishing NULL.org) to report it to the Anti-Phishing Working Group.
- The second step is to change the passwords on all your online accounts. The reason for this is that a lot of people use the same password for multiple accounts. Start with passwords that are related to financial institutions or personal information. If you think someone has accessed your e-mail account, change your password immediately. If you’re using Hotmail, go to: http://account.live.com (http://account NULL.live NULL.com).
- The third step is to review your bank and credit card statements and your credit report monthly for unexplained charges, inquiries or activity that you didn’t initiate.
- Finally, make sure you use the latest products, such as anti-spam and anti-phishing capabilities in e-mail services, phishing filters in Web browsers and other services to help warn and protect you from online scams.
Q: How can I recognize an e-mail scam?
A: There are several signs you should look for to identify a phishing e-mail: (1) Does it ask you to send your personal information? (2) Is it poorly worded or does it have typos? (3) Does it contain convincing details about your personal information? (4) Does it use phrases like “verify your account” or “you’ve won the lottery?”
- Any e-mail asking for your name, birth date, social security number, e-mail username, e-mail password, or any other type of personal information, no matter who the e-mail appears to be from, is almost certainly a scam. Microsoft and most other businesses do not send unsolicited e-mail requesting personal or financial information.
- E-mails that are poorly worded, have typos, or have phrases such as "this is not a joke" or "forward this message to your friends" are generally scam e-mails.
- Phishing mail often includes official-looking logos and other identifying information taken directly from legitimate Web sites, and it may include convincing details about your personal information that scammers found on your social networking pages.
- A few phrases to look for if you think an e-mail message is a phishing scam are:
- "Verify your account."
- "If you don’t respond within 48 hours, your account will be closed."
- "You have won the lottery.”
Q: What should people do if they think they have received a phishing e-mail?
A: If you think you may have received a phishing e-mail, you should take three steps: (1) take some time to check up on it and do not click on a link or give out your personal information, (2) make sure you have created a strong password for your account and (3) report the phishing scam.
- The most important thing to remember is do not click on the link or give out your personal information. It is possible for your computer to become infected with malicious software simply by visiting a phishing site – without you even realizing it. If you receive a questionable e-mail, take some time and check up on the information. Often sites like snopes.com list common e-mail scams. Go to that website of the company you r
eceived the e-mail from and contact their customer service reps via phone or online to verify the validity of the e-mail. - Another thing you should do is create a strong password for your e-mail account by using more than 7 characters and having a combination of upper and lower case characters, numbers, and special characters, like the @ or # symbols. It’s also a good idea to change your password on a regular basis. The next time you change your Hotmail password, you can check “make my password expire every 72 days” to remind you to change it.
- Finally, help us identify new scams. If you use Hotmail and received a phishing e-mail, you can select the dropdown next to "Junk,” and select "Report phishing scam.” Whatever you do, do not reply back to the sender. You should also report phishing scams to the Anti-Phishing Working Group by e-mailing them at reportphishing@antiphishing.org (reportphishing null@null antiphishing NULL.org).
Q: How common is this scam?
A: The most recent version of Microsoft’s Security Intelligence Report (Volume 6) shows that more than 97 percent of e-mail messages sent over the Internet are unwanted: They have malicious attachments, are phishing attacks, or are spam.
Q: Is Microsoft taking any proactive steps to prevent this from happening?
A: To help protect people from phishing attacks, Microsoft is providing education and guidance to customers, collaborating with other technology leaders, businesses and governments and supporting law enforcement actions against phishers.
- We provide guidance and information to customers about how to stay safe online at www.microsoft.com/protect (http://www NULL.microsoft NULL.com/protect) and work with others in the industry and governments to educate people on online threats and safety tips.
- From a technology perspective, because so much phishing comes from spammers, our Hotmail spam filter, called SmartScreen, blocks over 4.5 billion unwanted e-mails per day by distinguishing between legitimate e-mail and spam.
- The Microsoft Phishing Filter, which is free as part of Internet Explorer 7, Internet Explorer 8, Windows Vista and as an add-on for the Windows Live Search Toolbar, also helps protect people from phishing attacks by identifying suspicious or confirmed phishing sites and warning customers before they reach them.
- Law enforcement also plays a big role here. Microsoft has supported 191 enforcement actions against phishers worldwide. These include civil lawsuits filed by Microsoft, as well as civil and criminal actions by international government and law enforcement agencies for which Microsoft made referrals and subsequently provided support.
- Microsoft is a founding member of the Anti-Phishing Working Group, a cross-industry association focused on preventing phishing. Microsoft also actively participates in DigitalPhishNet, an alliance between law enforcement and industry leaders in a variety of sectors, including technology, banking, financial services, and online auctioneering. The group is focused on assisting law enforcement in apprehending and prosecuting those responsible for committing crimes against consumers through phishing.
Alert: “See Who Blocked You on MSN” Phishing Attacks
This specific story came out a couple of weeks ago on the TrendMicro blog. This involves an email that says “(Name of someone you know) has invited you to check who has deleted you or blocked from their contact list on MSN Messenger.
In the past couple of days I’ve actually had 2 customers who have received this email and fortunately for them, they asked me about it before clicking on the email. With that said, here is the post from the TrendMicro website concerning this current Phishing Attack.
******************************************************
From http://blog.trendmicro.com/see-who-blocked-you-on-msn-phishing-attacks/ (http://blog NULL.trendmicro NULL.com/see-who-blocked-you-on-msn-phishing-attacks/)
11:22 am (UTC-7) | by Merianne Polintan (Anti-spam Research Engineer)
We have received samples of a new phishing mail targeting users of MSN Messenger inviting them to see who deleted or blocked them from their contact list. Users would be interested to know who among their friends have deleted them from their lists.
Figure 1. Phishing email
Clicking on the link displays the following fake login page asking the user to input his or her password:
Figure 2. Phishing website
It is obvious that the intention of the cybercriminals is to harvest the user’s MSN Messenger login credentials. Afterwards, they can then continuously sends spam messages to the account or, worse, they can use the account for their malicious intent.
Getting in touch with friends is now much easier than before. Because of the growth of social networking sites, we can stay connected with our old friends, or even find new ones. This may include reading the profile pages of other members, sending and receiving invitations to fun games, videos and other applications. However, users must be on guard when interacting within online social networks. Spammers are now abusing these in their phishing attacks.
Always be mindful in accepting “invitations”, especially when it concerns your personal information. This particular spam message, and the associated website, are already blocked by Trend Micro products via the Smart Protection Network.
*********************************************************
Now lets go over what the Trendmicro blog said – By Phishing – The bad guys try and get your information so that they can then get access to your account. Once on your account they can use your “legit” account to help spread the malware in addition to possibly get account information to banking or other financial information, considering these days its very common for people to keep emails or other notes that may have account information.
In a related note, another news story posted today (10/5) by Neowin.net concerning the fact that over 10,000 Windows Live User Names/Passwords were posted online in the past few days most likely means that the bad guys got that information via a phishing scheme like the one explained by Trendmicro. The compromised accounts affect Hotmail, Windows Live Messenger, Zune, Xbox accounts to name a few as most people share the same sign in throughout the various Microsoft online sites and offerings. the complete store on the password posting can be seen at http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online (http://www NULL.neowin NULL.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online)
Some of the most important things to keep in mind when using email or instant messaging or twitter or any social networking site or basically anything on the internet.
1) Regularly change your passwords. I know this one drives most people nuts, but changing your passwords can prevent someone else who knows your password access to your account. (If you currently use any Microsoft online passwords like Hotmail, Messenger, Xbox, Zune, etc it is highly recommended that you change your password and your secret access code immediately due to that breach)
2) Do not use the word “password” or admin or bank or “your name” or anything that anyone over the age of 5 can guess. Passwords should be what is called alpha-numeric including caps and symbols which means that it should look something like this Pa55w0rd@ (which is the word password with a capital P followed by the number 5 twice instead of the letter s and a zero instead of the letter o and the @ symbol at the end).
3) If you receive an email from “a friend or relative or your bank or the IRS or anyone at all” asking you to click on a link or enter any private information, before doing it, check with them and ask if they sent it and confirm why they are asking. Those few minutes lost verifying if this is legit will say you a ton of head-aches and save you from paying me a ton of money (Not that I don’t want you to pay me a ton of money but I’m here to help you so this is your warning – No matter how much you really really want to don’t do it, or at least verify that your bank account has enough money to pay me when i have to go out and clean up your mess).
Alert: Microsoft My Phone Backup Service will be down for 2 days starting 10/5/09
On a previous post http://techgeekandmore.wordpress.com/category/cell-phone/ (http://techgeekandmore NULL.com/category/cell-phone/) (From May 2009), I talked about the Microsoft My Phone service.
With My phone you can
Well it seems that Microsoft is adding new features as the My phone service will be down for 2 days starting tomorrow October 5th. I just received the following email -
***********************************************************
My Phone Service Upgrade 
Dear My Phone User,
From Monday, October 5th through 3pm (GMT) on Tuesday, October 6th, the My Phone service will be unavailable while we’re upgrading the system.
During this time:
- You will not be able to access the My Phone online portal or synchronize changes on your phone.
- Be assured, data that you have already synched will not be impacted.
When the service resumes, there will be a number of exciting new features, so be sure to check them out by visiting http://myphone.microsoft.com (http://myphone NULL.microsoft NULL.com/).
Thanks,
The My Phone Team
***********************************************************
Unfortunately I cant find what these new features are, but I will update once I can get more information.
How To: Activating a Corporate, Business, Enterprise edition of Windows
**UPDATED: October 4th.
One of the versions that Microsoft sells of Windows is known as the Corporate Edition (XP), Business Edition (Vista), Enterprise Edition (W7). In a nutshell, all there of these versions are same version level with just a name change depending on the flavor of Windows that you speaking about. These versions are not sold in the store and activate slightly differently (Called Volume License) than what users of other flavors of Windows are used to.
Normally Volume License versions can activate against a KMS-enabled machine in your corporate environment or against Microsoft online servers using a MAK. MAKs are special keys that are installed after your Vista installation is complete.
I have had a couple of customers with Volume License versions that have had issues activating the installed version of Windows because of error 0X8007232B / DNS Name does not exist and clicking on Activate now or change product key did nothing.
I did a lot of searching online for a solution and most solutions pointed to a Microsoft Document about “How to Activate Volume License” which did not actually had a solution for the issue. I finally discovered a solution that worked for me:
***You need to go to Control Panel –> User Accounts –> Change User account control settings –> and move the level to Never notify….security will block the steps below unless you drop the UAC control. **NOTE: If you change this to Never notify you will not receive the security prompts built into Windows. Advance user will probably like that but non-experienced user will want to put the setting back once you complete the activation process.
Once you change the User Account Control setting do the following
1) At a command prompt (Start –> Run –> CMD), type slmgr.vbs –ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (With a space between vbs and –ipk and Where the XXXXX is your assigned Volume License number). You will need to show a little patients as it will take a little bit (1 to 2 minutes usually) but you will get the response that “The product key was successfully changed”.
2) Now at the same command prompt, type slmgr.vbs –ato (a space between .vbs and –ato) and after a few seconds (This one will be much faster)a message that “The product had been activated” will appear.
That’s all there is to resolving this issue.
NUEVA funcionalidad: Para TechGeekandMore
Estoy orgulloso de anunciar una nueva característica para TechGeekandMore, traducción de sitios. Ahora el sitio estará disponible en los siguientes idiomas
|
Árabe
Chino simplificado
Chino tradicional
Checa
Dinamarca
Holandés
Francés
Alemán
|
Griego
Hebreo
Italiano
Japonés
Coreano
Polonia
Portugués
Ruso
Español
Sueco
Tailandés
|
Todo lo que necesita hacer es hacer clic en 
icono y le llevará a la página de traducción en la que puede seleccionar el idioma que desee
y TechGeekandMore se va a traducir automáticamente para usted. Como siempre usted esta invitado enviar preguntas o comentarios, incluso en su idioma nativo, y Haré todo lo posible para ayudar a mostrarle más acerca de la tecnología.
NEW FEATURE: For TechGeekandMore
I’m proud to announce a new feature for TechGeekandMore, site translation. Now the site will be available in the following languages
|
Arabic
Chinese Simplified
Chinese Traditional
Czech
Danish
Dutch
French
German
Greek
Hebrew
Italian
|
Japanese
Korean
Polish
Portuguese
Russian
Spanish
Swedish
Thai
|
All you will need to do is click on 
icon and that will take you to the translation page where you can select the language that you want
and TechGeekandMore will be automatically translated for you. As always you are more then welcome to post questions or comments, even in your native language, and I will do my best to help show you more about technology.