Leo’s Answers #278 – April 12, 2011

A Weekly Newsletter From
Ask Leo!
Leo Notenboom

Hello!

Do you have a tech question? Don't hit reply! Ask it here. Newsletter subscribers using that link go to the head of the line.

Questions about the newsletter? Check the newsletter administration page. You can also unsubscribe using the link at the bottom of this email. The latest newsletter is always available on-line at http://ask-leo.com/currentnewsletter.html, where you'll also find links to complete archives.

*** New Articles

How do I use an open WiFi hotspot safely?

I've returned to the same coffee shop where I was when a few months ago I noticed that my email had been hijacked/hacked. This time I'm using my phone, but last time when I noticed the hack I was using my computer and doing email over an open Internet free WiFi network.

Do you think that could be the source of the problem or just a coincidence? I'm still afraid to do email from here.

*

It definitely could have been. Unfortunately it's hard to say for sure and it could have been something else unrelated.

Since we can't really diagnose the past, let's look ahead instead.

It absolutely can be safe to do email from a coffee shop or any other location that provides unsecured or "open" WiFi. In fact, I do it all the time.

But you do have to make sure to follow some very important practices to ensure your safety.

Continue reading: How do I use an open WiFi hotspot safely?
http://ask-leo.com/C4790

* * *

How did a website install malware on my machine?

I went to a website and the moment I got there, my computer started to tell me that I had virus. I know I did not except for this advertising; I have antivirus and antispyware and it still got in. I found it and put the program in the all users application data. After I removed it and restored to an earlier date, it was gone. I went back to the same site and nothing happened. So, my question is how did it install the program on my computer and why did it not do it the second time I went back to the same site?

*

First, I want to let you know that you were lucky; this approach to malicious infection is incredibly devious and, sadly, often successful.

I also want to say that if you restored from a backup to get rid of it, that's excellent. Unfortunately, other manual approaches to getting rid of malware - including system restore - are not guaranteed to always remove all traces.

Let's review what probably happened.

Continue reading: How did a website install malware on my machine?
http://ask-leo.com/C4788

* * *

I clicked on a link that I shouldn't have. What should I do now?

I'm very careful with emails but one finally got me the other day. It was innocuous in content and I clicked on "Click here for further details". It went to a blank page that the browser said it was unable to find. So, my first question is could a virus be installed, even though it didn't go to another site?

Searching online, I found that that particular email is possibly used to install a keylogger. It was purportedly from NACHA and referred to a canceled ACH transaction. I went to Microsoft and they had me run SuperAntispyware and called it a day. I have Avast and use also Eusing registry cleaner and Malwarebytes. Since, I've installed Defender and Trusteer Rapport. Superantispyware did find a trojan but I can't be sure what it is.

So, I inactivated my online banking, which is awful as I use it every day. A woman at the bank said her mother-in-law got another computer and uses it just for financial transactions, as suggested by Clark Howard. So, I decided to do that. But now, once I setup the new laptop, exactly what financial transactions besides my banking, should I transact on it? I do not want to contaminate it of course.

I'm wondering, can the virus pick up my credit card numbers that I enter on websites where I make purchases? I usually use Amazon, Meijer, Overstock, but what about websites where you don't know about their security? I order medications from Canada for example. I am driving myself crazy on this, afraid they will get into my bank account and clean it out. I plan to reactive it and go in and change the password on the new computer. I'm using a switch so I can use my DSL for both computers. All this technology is rapidly whizzing past me...

*

The short version is that while there can be no absolutes in a case like this, I'm fairly certain that you're OK.

There are several interesting aspects to your situation and the questions that you've asked, so let's have a look.

Continue reading: I clicked on a link that I shouldn't have. What should I do now?
http://ask-leo.com/C4787

* * *

How do my phone company and ISP relate?

I've moved to my first home. I had my landline installed by a telephone company after I moved. That phone provider unexpectedly set up my internet connection also when he was in my house. I was assuming that I would have to call my original ISP and go through a step-by-step procedure to reestablish my internet connection. I've had the same ISP (different from the phone provider) for eight years. How can my email address with a domain name different from the phone company be working on the phone company's system? I'm currently being charged by both my original ISP, whom I have never called to reconfigure my connection with my new phone number, AND the phone company, which automatically set up my internet connection without me having to talk with anyone to go through a step-by-step procedure. I'm not certain with what ISP I should continue. Having read some other posts, I'm not sure that, if I continue with the phone company as my ISP, I'll be able to continue using my email address because of the different domain name. That situation is working now, BUT I'm being charged by both ISPs.

*

At one end, your telephone company provides the wires that lead to your home. At the other ,your ISP provides you with an email account and email address.

In between, the combinations connecting the two can get very, very confusing.

Your ISP, as the acronym implies, provides your internet service - but what does that really mean?

Not as much as you might think.

Continue reading: How do my phone company and ISP relate?
http://ask-leo.com/C4786

* * *

How do I securely share sensitive electronic documents with my attorney?

I wished to send some personal documents to my lawyer via Google Docs for security reasons but my attorney refused, saying that she doesn't "do Google Docs." Instead, she prefers that I send her my files of a personal nature via email attachments. I object to this as being far less secure than Google; SMTP is inherently insecure, but HTTPS is very secure. Forget about setting up encrypted email. How do I convince said lawyer that my privacy interests are paramount to her convenience interests?

*

Well, I can't answer that last question: it's difficult to persuade people who are set in their ways, as it sounds like your attorney might be.

I'll discuss some of the pros and cons of the two approaches that you mention and throw out a few additional ideas of my own.

I just went through this with my bookkeeper, who is decidedly more open minded and security aware.

Continue reading: How do I securely share sensitive electronic documents with my attorney?
http://ask-leo.com/C4785

*** Our Sponsor

Bluehost Web Hosting
UNLIMITED Space & Transfer
2500 POP Email Accounts - FTP, CGI, SSL, PHP
One Click install of popular packages such as WordPress, phpBB and more...
Only $6.95/month
Learn more: BlueHost Professional Web Hosting

Advertisement. Ask Leo about advertising here.

*** Last Week's Articles

*** Comments

Dropbox - Share files across machines, with friends and publicly for free

MAKAW writes:

I love Dropbox and have been using it for about a year. However, I am concerned about the security of the files. For example, should copies of my tax returns be stored on Dropbox?

What is your recommendation for document security and the use of Dropbox?

Here's Dropbox's own statement on security (which I choose to believe): http://go.ask-leo.com/dropboxsecurity

-Leo

*

Why Am I Being Labeled a Spammer?

Jim H writes:

[excerpted from a lengthier comment]

I do understand that the volume of unwanted stuff Leo gets can be huge but it seems to be there should be a warning system such as an email he could send back. It could state that the person should cease and desist from forwarding stuff and contain a simple explanation on why continued forwarding is both annoying and risky. A clearly stated warning that if the person continues to violate this they will be labeled a spammer and the consequences of such a tag laid out.

Again I know it may be a hassle, but this minefield approach when no harm is intended by the people who send this stuff seems over the top. For some people email and things like Facebook is all they have to communicate with each other and i would think twice before i trashed that ability for them.

Now, real spam and spammers- no quarter given! No mercy, no prisoners!

"it seems to be there should be a warning system such as an email he could send back." I absolutely agree. And yet when I've taken the time to do so all I've received in return is anger. I can to that a few times, but as a regular practice ... no, it's not something I need.

-Leo

*

How do I securely share sensitive electronic documents with my attorney?

Adam Pomson writes:

all the negatives you stated for Google Docs are also true for DropBox! AND you have missed out a key point Google slice and dice all docs so that even someone standing next to a google server with the hard drive in their hand will have nothing more than small unreadable part of a doc someone getting your username and password is the only real threat
but that threat is much much smaller than say someone stealing your laptop etc

Actually as I understand it, documents stored in Google Docs may not be encrypted, and thus potentially accessible to Google employees - either maliciously (unlikely) or in response to legal action. Dropbox files are encrypted such that not even a Dropbox employee has access to the contents. Naturally ALL sharing mechanisms that rely on only a username & password are vulnerable to account theft. Regardless of where you store your files you do need to take appropriate steps to secure those accounts. I'd feel comfortable sharing more via DropBox than I would via Google Docs, but as others have pointed out the ultimate would be to encrypt with another tool before sharing.

-Leo

*

What's a "fraudulent certificate" and should I be concerned?

Harish Dobhal writes:

This is somewhat confusing, I thought phishers use a 'similar' domain name and can not use the same domain name they try to fake. For example, they would use something like "www.gooogle.com" as "www.google.com" can not be used unless hacked, whether its secure or not. Please throw some light on it.

There are techniques where a hacker can, indeed, re-route "google.com" to a server of their own choosing. The most common are viruses that install a bogus "hosts" file on your PC. That, then, with a fraudulent certificate could allow them to impersonate an https connection to what you see as the correct domain name.

-Leo

*** Leo Recommends

AWeber Email Service Provider for email newsletters and more

If you're a spammer, you can stop reading now. AWeber will not help you.

On the other hand, if you're considering setting up a CAN-SPAM compliant email mailing list, AWeber may be the solution for you.

AWeber is an Email Service Provider (ESP) that provides bulk and sequence emailing services. The most common example might be periodic newsletters: for example I use AWeber to send out my newsletter every week to over 25,000 125,000 subscribers.

Not to sound too "marketing-ish", but AWeber leads the industry in an incredibly important measurement: deliverability.

Continue reading...

AWeber Email Service Provider for email newsletters and more
http://ask-leo.com/C3407

*

Each week I recommend a specific product or resource that I've found valuable and that I think you may as well. What does my recommendation mean?

*** Popular Articles

With account theft at what feels like record levels, understanding the risks of the various internet connection options is prudent. Here's one approach to bypass an entire class of problem:

Is cellular broadband more secure than WiFi?

I recently upgraded to a Blackberry with "National Broadband Access". I can now connect my Blackberry to my laptop and get internet access almost anywhere. The salesperson said it will be more secure to use, even in places that offer WiFi. Is it more secure?

Yes.

That's not to say that there aren't risks (and even costs) involved, but by-and-large, data connectivity through the cellular network is, as a practical matter, more secure than open WiFi.

In part, though, that's really a reflection of just how insecure open WiFi really is.

Continue reading...
Is cellular broadband more secure than WiFi?
http://ask-leo.com/C3349

*** Thoughts and Comments

My trip last week to Austin was great. Had a good time geeking out with a number of entrepreneurial types, not to mention a few readers! Here's a group photo of the reader meet-up.

In addition to all the great people I also had more than my share of great tex-mex food - something I'm missing now that I'm back home. Something I'm not missing: the million or so bats that fly out of the Congress Avenue bridge each evening. Fairly amazing to watch, but happy to leave all those bats in Austin. We have a few bats that help control our bug population here at home, but a million or more ... well, I have my limits.

I'll be traveling to Denver at the end of July, where we're planning another meetup, and another in Seattle in September. As always, keep watching here for the details as the dates get closer.

*

A peek behind the curtain...

I was considering adding a section to the newsletter with the most popular articles on Ask Leo! for the last 30 days. I elected not to because it just doesn't change that much from week-to-week.

Since I did the research, though, here's the current list. I think you'll see why:

I'm pretty convinced that the first three are all related to ongoing email account hacks and theft, and I don't see that changing for a while.

I did add one new section though, a list of last week's articles, since I know that it's easy to miss an issue occasionally.

'till next week...

Leo
Leo A. Notenboom

*** Administration

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at http://newsletter.ask-leo.com for their own FREE subscription!

Need more help with or have questions about the newsletter? Check out the newsletter administration page.

Newsletter contents Copyright © 2011,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC