Contact Us | Updates

Understanding Your Computer: Web Browsers

Web browsers allow you to navigate the internet. There are a variety of options available, so you can choose the one that best suits your needs.

How do web browsers work?
A web browser is an application that finds and displays web pages. It coordinates communication between your computer and the web server where a particular website “lives.”

When you open your browser and type in a web address (URL) for a website, the browser submits a request to the server, or servers, that provide the content for that page. The browser then processes the code from the server (written in a language such as HTML, JavaScript, or XML) and loads any other elements (such as Flash, Java, or ActiveX) that are necessary to generate content for the page. After the browser has gathered and processed all of the components, it displays the complete, formatted web page. Every time you perform an action on the page, such as clicking buttons and following links, the browser continues the process of requesting, processing, and presenting content.

How many browsers are there?
There are many different browsers. Most users are familiar with graphical browsers, which display both text and graphics and may also display multimedia elements such as sound or video clips. However, there are also text-based browsers. The following are some well-known browsers:

•Internet Explorer
•Firefox
•AOL
•Opera
•Safari – a browser specifically designed for Macintosh computers
•Lynx – a text-based browser desirable for vision-impaired users because of the availability of special devices that read the text

How do you choose a browser?
A browser is usually included with the installation of your operating system, but you are not restricted to that choice. Some of the factors to consider when deciding which browser best suits your needs include

•compatibility – Does the browser work with your operating system?

•security – Do you feel that your browser offers you the level of security you want?

•ease of use – Are the menus and options easy to understand and use?

•functionality – Does the browser interpret web content correctly? If you need to install other plug-ins or devices to translate certain types of content, do they work?

•appeal – Do you find the interface and way the browser interprets web content visually appealing?

Can you have more than one browser installed at the same time?
If you decide to change your browser or add another one, you don’t have to uninstall the browser that’s currently on your computer—you can have more than one browser on your computer at once. However, you will be prompted to choose one as your default browser. Anytime you follow a link in an email message or document, or you double-click a shortcut to a web page on your desktop, the page will open using your default browser. You can manually open the page in another browser.

Most vendors give you the option to download their browsers directly from their websites. Make sure to verify the authenticity of the site before downloading any files. To further minimize risk, follow other good security practices, like using a firewall and keeping anti-virus software up to date (see Understanding Firewalls, Understanding Anti-Virus Software, and other US-CERT Cyber Security Tips for more information).

School Sued for Spying on Students with Webcams

The Lower Merion School District has been accused of spying on students through webcams on their laptops.

“While certain rules for laptop use were spelled out … there was no explicit notification that the laptop contained the security software,” said Superintendent Christopher W. McGinley. “This notice should have been given, and we regret that was not done.”

“Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled,” said McGinley.

Security Note: Beware of webcams and microphones on your computer. If they are connected, it is possible for someone to remotely control these devices. They can see you. They can hear you.

$59 Computer Scam

There is a “pump and dump” circulating about “The $59 Computer”. A pump and dump scam usually happens with penny stock trades. A stock that sells for pennies is purchased and hyped by a “research” firm. When the price goes up from the fraudulent hyping, the originator of the scam sells their stock. When they dump, the stock price takes a dive and the scammed investors lose their money.

The research firm hyping the “secret” stock is Stansberry & Associates Investment Research. The name of the company use to be Porter Stansberry, Agora Inc. Porter Stansberry was fined by the SEC for fraud.

“An investment newsletter’s publisher and its editor have been hit with $1.5 million in financial penalties after a U. S. federal judge determined they defrauded their own subscribers in a securities scam.”

They changed their name a couple times. On October 24, 2005 they changed to its current name of Stansberry & Associates Investment Research, LLC.

Beware of a newsletter that starts like this:
“The Biggest Revolution since the Internet?”
~MIT’s Technology Review New “$59 Computer”
Hitting Chinese Markets It’s not a laptop, PC, or any computer you’ve ever seen or used. But it’s now being used by more than 100 of the world’s largest corporations, the Canadian Government, and more than 10,000 small businesses. Its next stop could unleash billions of dollars – and transform one tiny U.S. company into a juggernaut.”

Understanding How Your Computer Operates

National Cyber Alert System:

The operating system is the most fundamental program that runs on your computer. It serves as the basis for how everything else works.

What is an operating system?
An operating system (OS) is the main program on a computer. It performs a variety of functions, including

•determining what types of software you can install
•coordinating the applications running on the computer at any given time
•making sure that individual pieces of hardware, such as printers, keyboards, and disk drives, all communicate properly
•allowing applications such as word processors, email clients, and web browsers to perform tasks on the system (e.g., drawing windows on the screen, opening files, communicating on a network) and use other system resources (e.g., printers, disk drives)
•reporting error messages

The OS also determines how you see information and perform tasks. Most operating systems use a graphical user interface (GUI), which presents information through pictures (icons, buttons, dialog boxes, etc.) as well as words. Some operating systems can rely more heavily on textual interfaces than others.

How do you choose an operating system?
In very simplistic terms, when you choose to buy a computer, you are usually also choosing an operating system. Although you may change it, vendors typically ship computers with a particular operating system. There are multiple operating systems, each with different features and benefits, but the following three are the most common:

•Windows – Windows, with versions including Windows XP, Windows Vista, and Windows 7, is the most common operating system for home users. It is produced by Microsoft and is typically included on machines purchased in electronics stores or from vendors such as Dell or Gateway. The Windows OS uses a GUI, which many users find more appealing and easier to use than text-based interfaces.

•Mac OS X – Produced by Apple, Mac OS X is the operating system used on Macintosh computers. Although it uses a different GUI, it is conceptually similar to the Windows interface in the way it operates.

•Linux and other UNIX-derived operating systems – Linux and other systems derived from the UNIX operating system are frequently used for specialized workstations and servers, such as web and email servers. Because they are often more difficult for general users or require specialized knowledge and skills to operate, they are less popular with home users than the other options. However, as they continue to develop and become easier to use, they may become more popular on typical home user systems.

Editor’s Note: The Linux operating system is often the most secure and inexpensive. It is almost impossible to securely connect a Microsoft computer to the Internet.

Teach Your Kids How to Stay Safe on Social Networks

Better Business Bureau — The popularity of social networking continues to grow among kids. Social networking sites can provide a secure way for kids to connect with each other, but they can also be exploited for any number of nefarious purposes. Better Business Bureau recommends parents take specific steps to keep their kids safe online.

Kids of all ages are getting into social networking. According to iStrategy Labs the number of users on Facebook that are between the ages of 13 and 18 grew by 88 percent in 2009 to 10.7 million. While Facebook and MySpace require all users to be at least 13 years old, some sites are geared for children even younger.

“For some parents, their kids know more about computers and the Internet than they do, however, it’s important to remember that kids aren’t old enough to understand all of the various threats that lurk online,” said Alison Southwick, BBB spokesperson. “Even if they’re intimidated by technology, parents need to supervise their child’s computer use in the house as well as educate their kids on how to play it safe online.”

BBB offers the following tips for parents who want to help keep their kids safe online:

Explain the Difference Between Sharing and Oversharing – While social networking is about sharing photos, thoughts and experiences, explain to your kids that they should never share personal information such as phone numbers, address, bank account numbers, passwords or their Social Security numbers. Also talk about what constitutes inappropriate photos or language and stress the fact that—while you may be able to delete them—you can never fully take them back.

“Never talk to strangers” applies online too – One of the first rules we teach our kids is to never talk to strangers; remind them that the rule holds true when online. Even though chatting with a stranger online can seem harmless, the relationship can evolve and grow until the stranger has earned your child’s trust—and can then exploit it.

Set strict privacy settings – Social networking sites let users determine who they want to share information with. Talk to your child about restricting access to his or her profile to only friends or users in safe networks such as their school, clubs or church groups.

Keep the channels of communication open – Let your kids know that you are always ready to talk if they are ever threatened, bullied or feel uncomfortable about an experience they had online.

Join them online – If you haven’t already, set up your own account in the same social networks. This will help you better understand what social networking is all about. You can also then “Friend” your child and keep an unobtrusive eye on what they are doing.

Federal law requires sites collecting identifying information from children under 13 to get a parent’s consent first. Report concerns about data collection from children under 13 to the Children’s Advertising Review Unit of the Council of Better Business Bureaus at www.caru.org/complaint.

You can learn more about how to keep your kids safe online at http://www.onguardonline.gov/topics/net-cetera.aspx.

250 Arrests By Child Predator Unit

HARRISBURG, PA – Agents from the Attorney General’s Child Predator Unit have recently arrested three suspected Internet predators, including a plumber from New York state who traveled to Lawrence County to have sex with what he believed was a 13-year old girl; a computer technician from Lackawanna County who used online chat rooms to sexually proposition what he believed was a young girl; and a chef from Wayne County accused of sending 14 nude webcam videos to an undercover agent using the online profile of a young teen.

“Predators have come from every corner of our state, and as far away as Florida, Texas and Massachusetts, all trying to use the Internet to have some form of sexual contact with children,” Attorney General Tom Corbett said. “They use popular social networking sites and online chat rooms to search for young victims, looking for kids who are lonely, curious, trusting or otherwise vulnerable.”

Corbett identified the defendants as:

*
Jeffery A. Kimmel, 43, 618 Persons St., East Aurora, NY.
*
Michael Latona, 34, 311 Elizabeth St., Dunmore, Lackawanna County.
*
Joseph Thomas Ursich, 41, 159 Swamp Brook Road, Hawley, Wayne County.

Jeffery A. Kimmel
Corbett said that Kimmel allegedly used an Internet chat room to contact an undercover agent from the Child Predator Unit on January 13, 2010. At the time, the agent was using the online profile of a 13 year old girl from New Castle, Lawrence County.

According to the criminal complaint, Kimmel used his cell phone camera to send a nude photo of himself during their first online chat and expressed a desire to engage in sexual activity with the girl. Kimmel also allegedly offered to bring the girl gifts, promising to bring her a sexual device in her favorite color (pink) and wine coolers if she agreed to meet – telling her that he would teach her about sex and “show her everything.”

Corbett said that Kimmel allegedly asked for the girl’s address so he could use an Internet mapping program to plan his trip, telling her that they could have sex in his truck – commenting, “back seat is big,” and, “we are gonna have fun in my truck.”

Kimmel was arrested on January 22nd, when he arrived at a predetermined meeting location in Lawrence County, driving a vehicle that matched a description provided during online chats.

Corbett said that agents executed a search warrant on Kimmel’s vehicle, seizing a pink sexual device and wine coolers.

Kimmel is charged with three counts of unlawful contact with a minor (related to sexual offenses), a first-degree felony punishable by up to 20 years in prison and $25,000 fines.

Additionally, Kimmel is charged with three counts of unlawful contact with a minor (related to sexual offenses), a second degree felony punishable by up to ten years in prison and $25,000 fines.

Kimmel is also charged with three counts of unlawful contact with a minor (related to sexual offenses), three counts of unlawful contact (related to explicit sexual materials) and three counts of criminal use of a computer, all third-degree felonies which are each punishable by up to seven years in prison and $15,000 fines.

Kimmel was lodged in the Lawrence County prison in lieu of $250,000 cash bail, awaiting a preliminary hearing on February 9th, at 9:30 a.m., before New Castle Magisterial District Judge Melissa A. Amodie.

Corbett thanked the New Castle Police Department, the Erie County New York Sheriff’s Department, the New York Department of Motor Vehicle and the New York State Information Center for their cooperation and assistance with this investigation.

Kimmel will be prosecuted in Lawrence County by Deputy Attorney General William F. Caye II of the Attorney General’s Child Predator Unit.

Michael Latona
Latona, an Information Technology technician, allegedly used an Internet chat room to contact what he believed was a 13-year old girl. The “girl” was actually an undercover agent using the online profile of a fictitious child from the Harrisburg area.

Corbett said that during a series of online chats, Latona allegedly discussed meeting the girl for sex and sent the girl numerous pornographic photos and videos. He is also accused of using a computer webcam to send nude or sexually explicit webcam videos of himself to the girl.

Latona is charged with four counts of unlawful contact with a minor (related to sexual materials or performances), along with one count of criminal use of a computer, all third-degree felonies which are each punishable by up to seven years in prison and $15,000 fines.

Latona was preliminarily arraigned on January 26th and later released on $50,000 bail. A preliminary hearing will be scheduled at a future date in Lackawanna County Central Court.

Corbett thanked the Dunmore Police Department for their cooperation and assistance with this investigation.

Latona will be prosecuted in Lackawanna County by Deputy Attorney General Christopher Jones of the Attorney General’s Child Predator Unit.

Joseph Thomas Ursich
Corbett said that Ursich allegedly used an Internet chat room to contact an undercover agent from the Child Predator Unit who was using the online profile of a 13-year old girl.

According to the criminal complaint, Ursich sent a webcam video of himself masturbating during his first online chat. Over the next several weeks, Ursich allegedly sent a total of 14 sexually explicit webcam videos.

Corbett said Ursich also allegedly encouraged the girl to masturbate during their online chats and asked her to send him nude photos.

Ursich is charged with 14 counts of unlawful contact with a minor (related to sexual materials or performances) and one count of criminal use of a computer, all third-degree felonies which are each punishable by up to seven years in prison and $15,000 fines.

Ursich was preliminarily arraigned before Hawley Magisterial District Judge Bonnie L. Carney and lodged in the Wayne County Prison in lieu of $75,000 bail. A preliminary hearing is scheduled for February 3rd, at 9 a.m., at the Wayne County Central Courthouse.

Corbett thanked Pennsylvania State Police Honesdale for their cooperation and assistance with this investigation.

Ursich will be prosecuted in Wayne County by Deputy Attorney General Christopher Jones of the Attorney General’s Child Predator Unit.

Internet Safety
Since its creation in 2005, the Attorney General’s Child Predator Unit has arrested 250 people, all accused of sexually propositioning children online or sending pornographic or nude photos and videos.

Corbett explained that online predators work in many different ways. Some try to arrange meetings with kids, while others draw satisfaction from sending nude photos or sexually explicit videos to children.

“Computer and cell phone technology makes it fast and easy to send messages or images, and many of the suspects arrested by the Child Predator Unit began sexually graphic discussions during their first online conversations with children,” Corbett said. “The best defense for parents is to regularly discuss Internet safety with their children and actively monitor their online activities.”

Corbett encouraged parents to considering the following family Internet safety tips:

*
Know what children are doing online.
*
Understand the websites they use and who they are communicating with.
*
Review their MySpace and Facebook pages or other online profiles.
*
Make sure children do not give out personal information, like their names, ages or addresses.
*
Talk to them about the dangers of face-to-face meetings with strangers.
*
Encourage children to report any inappropriate contact involving strangers, including sexually suggestive comments or attempts to arrange face-to-face meetings.
*
Do your own research – use Google or other Internet searches to see what your children, or their friends, may be posting online.

Suspected Internet predators can be reported to the Attorney General’s Child Predator Unit using the “report a predator” link, located on the front page of the Attorney General’s website, or by calling the Child Predator Hotline, at 1-800-385-1044.

Internet safety tips and other information are available in the “Operation Safe Surf” and “Just for Kids” sections of the Attorney General’s website. Organizations interested in materials, speakers or presentations, can contact the Attorney General’s Education and Outreach Office at 1-800-525-7642 or via email at education@attorneygeneral.gov

(A person charged with a crime is presumed innocent until proven guilty.)

Phishing Scam: “some jerk has posted your pictures”

There is a massive email phishing scam that comes with a variety of subject lines, such as, fw and re. The body of the email usually looks like this:

Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:

http://photobank.tygersg.cz/id1073bv/get.php?email=your-email-address

DO NOT CLICK ON THE LINK. It is advised that you turn html off in your email program.

Microsoft Internet Explorer Alert

Microsoft has released updates for multiple vulnerabilities in Internet Explorer, including the vulnerability detailed in Microsoft Security Advisory 979352 and US-CERT Vulnerability Note VU#492515.

By convincing a user to view a specially crafted HTML document or Microsoft Office document, an attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution
Apply updates
Microsoft has released updates to address these vulnerabilities. Please see Microsoft Security Bulletin MS10-002 for more information.

Apply workarounds
Microsoft has provided workarounds for some of the vulnerabilities in MS10-002.

Internet: Understanding the Hidden Threats of Botnets

from U.S. CERT

What are rootkits and botnets?
A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it (see Avoiding Social Engineering and Phishing Attacks for more information). Rootkits are not necessarily malicious, but they may hide malicious activities. Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.

Botnet is a term derived from the idea of bot networks. In its most basic form, a bot is simply an automated computer program, or robot. In the context of botnets, bots refer to computers that are able to be controlled by one, or many, outside sources. An attacker usually gains control by infecting the computers with a virus or other malicious code that gives the attacker access. Your computer may be part of a botnet even though it appears to be operating normally. Botnets are often used to conduct a range of activities, from distributing spam and viruses to conducting denial-of-service attacks (see Understanding Denial-of-Service Attacks for more information).

Why are they considered threats?
The main problem with both rootkits and botnets is that they are hidden. Although botnets are not hidden the same way rootkits are, they may be undetected unless you are specifically looking for certain activity. If a rootkit has been installed, you may not be aware that your computer has been compromised, and traditional anti-virus software may not be able to detect the malicious programs. Attackers are also creating more sophisticated programs that update themselves so that they are even harder to detect.

Attackers can use rootkits and botnets to access and modify personal information, attack other computers, and commit other crimes, all while remaining undetected. By using multiple computers, attackers increase the range and impact of their crimes. Because each computer in a botnet can be programmed to execute the same command, an attacker can have each of them scanning multiple computers for vulnerabilities, monitoring online activity, or collecting the information entered in online forms.

What can you do to protect yourself?
If you practice good security habits, you may reduce the risk that your computer will be compromised:

Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date. Some anti-virus vendors also offer anti-rootkit software.

Install a firewall – Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer and limiting the traffic you send (see Understanding Firewalls for more information). Some operating systems actually include a firewall, but you need to make sure it is enabled.

Use good passwords – Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices (see Choosing and Protecting Passwords for more information). Do not choose options that allow your computer to remember your passwords.

Keep software up to date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.

Follow good security practices – Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection (see other US-CERT security tips for more information).

Unfortunately, if there is a rootkit on your computer or an attacker is using your computer in a botnet, you may not know it. Even if you do discover that you are a victim, it is difficult for the average user to effectively recover. The attacker may have modified files on your computer, so simply removing the malicious files may not solve the problem, and you may not be able to safely trust a prior version of a file. If you believe that you are a victim, consider contacting a trained system administrator.

As an alternative, some vendors are developing products and tools that may remove a rootkit from your computer. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. Also, the infection may be located at such a deep level that it cannot be removed by simply reinstalling or restoring the operating system.

Google Looking Into Inside Attack

Google is investigating whether employees helped orchestrate a cyber attack on their network in December. They made an announcement last week that they were considering pulling out of China because of the attack and theft of their intellectual property.

“We’re not commenting on rumor and speculation. This is an ongoing investigation, and we simply cannot comment on the details,” said Google about the attack. As for pulling out of China, Google said, “We are going to have talks with them in the coming few days.”