PayPal Phishing Scam - December 5th, 2007
I debated whether to write something about the recent scam on a phishing site for Pay Pal, but it is so cleverly done, that I decided it needed mentioning. Today, I received an email that at first glance appeared to come from PayPal warning that my account may have had an unauthorized transaction and to go to their "Resolution Center" to verify my account. Sounded suspicious, but I decided to have fun with it. After "cloaking" my PC (using a proxy server) so the "bad" guys could not find me, and then using Sandboxie to "sandbox" the site I was about to go to, my fun began. I logged in using a fake email address and password. Of course, I was sent to a page to update/verify my account and filled the fields in and then clicked save. PayPal (not really of course), thanked me and then redirected me to the real PayPal site.
What does all this mean? It means if an unsuspecting person had done that, they would have just given the "bad" guys everything to them (SSN, Pin Number for card, Credit card number, Card Verification number from the bank and more). Scary, but there will be somebody that will fall for this. Why? Because the site looks exactly like PayPal's site. I decided to do a screen capture which you can see here: fakepaypal graphic and you will see what I mean.
If you have a PayPal account, PayPal will never (see PayPal's Phishing expanation here) send you to a page of theirs and ask you to fill in personal information. And if you are ever unsure, look at the URL and you will see that you were directed to some other site, not PayPal's. You can also do what I did and make up some really fake email address and password. If you then go to an update page you will know that something is really fishy. - Lawrence
Notice - October 24th, 2007
As of December, 2006, I have left the insurance business and have devoted my full time to my computer and telecommunications business. If you have landed here from hettingerinsurance.com or stmsolutions.com and you are a past policyholder and need help, you can contact me by email. You can also go directly to the Insurance Companies website for assistance and contact information. For Pennsylvania Life Policyholders, their website is: http://pennlife.com and for HPA clients, you can go here: http://hpa-inc.com. - Lawrence Hettinger
Thunderbird 2.0 is out! - April 20th, 2007
Thursday the 19th of this month, Thunderbird 2.0 was released! Anyone currently using Thunderbird for their email client will be pleasantly surprised at many of the new features. Two important features that really kick *ss. First off the ability to now go forward and back to messages that you viewed. This makes it possible to go back to a message you read moments earlier without trying to find it! Another great feature is now tagging (previously labeling). It used to be to "label" a message you would have to go to "Message" in the menu and then Labels. Now with one click you can tag your email as, important, work, etc. What is great is you can create your own tags if any listed doesn't suit you. Thunderbird 2.0 is a major improvement over 1.5 and I love it with many more features such as better email notification (trust me, you will be impressed). Keep in mind that if you currently have 1.5.* on your computer, installing 2.0 will overwrite any previous versions! However, you will not lose any emails, making this transition an easy one. You will need to download Thunderbird 2.0 from Mozilla's site. Any previous releases will not upgrade to this release, so you will have to download and install it. Good Luck!
Security Update from Microsoft Breaks Third Party Applications - April 6th, 2007
If you applied the recent security update from Microsoft, some of you found the following message after logging into your desktop:
"The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."
For a fix, Microsoft released a package on April 6th, 2007 that you can download and run (Package 935448).
Download and information:
http://support.microsoft.com/kb/935448/ Update: For those systems effected, Microsoft pushed a patch via the update process on Tuesday the 10th, so downloading and installing package 935448 is unnecessary.
W32/Grum-A Worm - April 1st, 2007
On Friday of last week a security company (I believe Sophos) announced a worm attack that masqueraded as an Internet Explorer 7 update. If you receive a link in an email suggesting that you get this update, do not click on it. As a general rule this is a bad idea anyway, however this one installs itself as a rootkit and just clicking on the link will infect your computer. For more info on this worm, visit Sophos.
Daylight Savings Time - March 10, 2007
Tomorrow Daylight Savings Time begins four weeks earlier and I have gotten many questions on this. IF you keep your operating system updated, you should have no problems. However, there are some third party applications (like Palm), where you will need to do the update manually. Visit Microsoft's web site for more information on this and how to manually update your machine.
- For general information and third party applications affected... go here
- More Info and Download Page... go here
Zero Day Exploits - February 19th, 2007
Last Tuesday (2-12-07), there was a Windows patch released to fix six zero day exploits. If you have automatic updates enabled, make sure you go through with the install and a reboot of your computer. These are serious exploits, and I highly recommend that you install the latest Windows updates to protect your computer. Since these exploits are installed by scripting language by visiting a malicious web site, I also recommend using the NoScript Add-on for Firefox, and only allow scripting for sites you deem safe.
Keyboards for Sale - February 16th, 2007
Anyone having trouble with their keyboard? I currently have
eight six Kensington Keyboards in stock if you are interested. These are new in the box, white Kensington Keyboards, Model 64362. First come, first serve for only $5.00 each (in Ohio add .35 sales tax) plus shipping. For more information, please contact
Winner of Kensington Port Replicator! - February 15th, 2007
Congratulations to Pat McBride from Cadscape (New Carlisle, Ohio) for answering February's Newsletter question and getting it right, despite all the confusion in making this question totally unclear! She won a Kensington Universal Docking station for her laptop. In case you missed it, "According to Eric Thompson of AccessData, a typical password consists of a root plus an appendage. A root isn't necessarily a dictionary word, but it's something pronounceable."
Question: Read the above statement (after reading this Wired.com article) and answer this: "What is an appendage, according to Eric Thompson of AccessData?"
Answer: An appendage is either a suffix (90 percent of the time) or a prefix (10 percent of the time).
Note: Pat McBride is an AAS Architectural Technician and the owner of Cadscape outside of New Carlisle, Ohio and is also my sister.