Monthly Archives: July 2010

Profile Spy Steps Up Attack On Facebook Users

Over the past week we alerted users to the return of “profile spy”, a tool that promises to let users see who’s viewing their profile. As we said last week, the tool is FAKE, however it isn’t preventing thousands of users from participating in the scam once again. Rather than using a different strategy than last time, the only thing that the scammers have changed is the URLs. Do not complete this scam, instead share this article and let your friends know of the scam.

As before, here is the message that’s being posted when users complete the scam:

OMG OMG OMG… I can’t believe this actually works! Now you really can see who views your profile!!! WOAH

The scammers have dramatically increased the number of URLs that are part of this widespread attack. These are the latest URLs that we have compiled that are part of the attack:

Profile Spy scam continues to spread, as first pointed out by AVG.

5 Tips to a Phishing Free Life

Phishing scams threaten our Internet security and can be hard to detect. They can lead to identity theft, viruses, or the need for computer repair. To help protect your Internet security, we offer five tips for detecting phishing scams.

1. Avoid Action – Phishing scams work when you take action. An email that requests you reply with information or features clickable links only may be an attack. Generally legitimate emails include cut and past style links to verify instead of clicking. If there are only clickable links, the email may likely a phishing scam.

2. Beware of Overly Technical Words and Phrases – Phishing frequently uses highly technical words and phrases within their emails to scare you into believing them. An email that discusses your security in great detail, or sounds as if it was written by a computer tech, is probably a phishing scam. Legitimate businesses send out emails that can be read and understood by typical people, not just computer specialists.

3. Check the Links (URLs) – Phishing scams violate your security by providing links to apparently legitimate sites. Protect your security by checking the URLs of all links. The URL is the address of a website, www. some for example. If you move the cursor over the link in an email, the URL that link connects to will be displayed at the bottom of the web browser. Make sure the URL corresponds to what it’s claiming to be. Otherwise, your security may be at risk.

4. Read Carefully – Emails from legitimate businesses are screened carefully, so mistakes can be signs of phishing. Many of these mistakes are small, like spelling “reset password” as “reset possword”, for example – and hard to notice. Read carefully to protect your security. A poorly written email is a indication of phishing.

5. Verify – If you worry that phishing emails might be real. Overcome this fear by contacting the “sender” directly, NOT by replying to the email or call a phone number in the email, however by only using an known, published, and good web address or phone number, DO NOT give them any personal information.

  • 07/28/2010
  • IT

Facebook users are now better protected from unauthorized password changes

Facebook users are now better protected from unauthorized password changes and suspicious logins thanks to a new set of security features.

The first: if a user enters an old password that has since been changed, Facebook now tells the user when the password was changed and asks if the user remembers doing so. If they don’t remember, they are asked to verify their identity, and are prompted to reset their password or use the hacked account self-recovery tool.

The second change: if an account is logged into from somewhere distant from its usual login location, the person accessing the account will also be brought through the identity verification flow which instead of changing passwords involves identifying friends in photographs.

However, it’s not perfect. Some users have friends they can’t recognize by photo, or are prompted to identify people in photos that only include logos, pets, or other indistinguishable images — and they have been mistakenly locked out of their accounts by this identity verification method.


If running Windows XP SP2, please upgrade!

The bug admission affects all versions of Windows (XP, Vista, and 7).

Need assistance call BWS Technologies @ 358-6305.

This is a pretty nasty attack and for once Microsoft have actually acknowledged and confirmed this is a critical unpatched vulnerability. Incidentally Microsoft also recently retired Windows XP SP2 from the support cycle, and this vulnerability effects that system and they have stated they will not be patching it.

It’s a pretty serious bug and it seems hackers have been maliciously exploiting it in the wild for over a month. The Stuxnet malware has been using this vulnerability to gain access to machines then download further attack files including a root kit.

“In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware,” Dave Forstrom, a director in Microsoft’s Trustworthy Computing group, said in a post Friday to a company blog . Stuxnet is a clan of malware that includes a Trojan horse that downloads further attack code, including a rootkit that hides evidence of the attack.

You can find a temporary workaround in the Microsoft Security Advisory here:

And Microsoft has stated they are working on a patch, but Windows XP SP2 user will not get a patch.

Need assistance call BWS Technologies @ 358-6305.

  • 07/26/2010
  • IT

How to: Make your Facebook account more secure in 5 seconds!

A little known feature in Facebook will help you stay on top of your Facebook account and everyone who’s accessing it. The feature, provides you with notifications every time a person accesses it from a new computer. You can receive both email and SMS notifications about the access.

Two steps to a more secure FB account:

  1. Log in to Facebook and simply click on the “Account” drop down in the top right corner of the site. Then click on “Account Settings” as pictured in the screenshot below.
  2. After you are in your account settings, simply click on the “change” link directly next to “Account Security” toward the bottom of the page (as shown in the screenshot below). From there you will be able to turn on notifications for each login that takes place from a new device.

You’re Done! You will now receive notifications every time someone logs in to your account from a new computer.

Adapted from

  • 07/22/2010
  • IT

Two New Facebook Scams: reference Mother went to jail and McDonalds

Hot on the heels of the Coca-Cola Facebook scam, there are two more spreading via Facebook status updates.

  1. Contains the message: “OMG!! Guys, you have to see this: This mother went to jail for taking this pic of her son,” with a link to a page that tricks you into sharing the story with your Facebook buddies. Once you’ve done that, the page will take you to a survey designed to take your personal info.
  2. Message says, “OMG!! McDonalds might soon shut down because of this, you have to see this,” followed by a link that roughly duplicates the process above.

Our advice:

  • NEVER click on links like these
  • If a Facebook page or any site insists that you share a piece of content or do a survey before reaching the promised destination, it’s likely a scam
  • Never give away your personal info.
  • If you’ve fallen for these types of scams, remove the message from your status, newsfeed, and your Likes and Interests in the “Edit my Profile” menu.

Adapted via

  • 07/21/2010
  • IT

Photo Printing Kiosks can share malware and viruses

A common place that a lot of people probably do not think getting a virus from is digital photo kiosks. These places are prime distribution points for infections. Think about it, if you were up to no good with some know-how, you could infect the photo kiosk computers then sit back and laugh as literally thousands upon thousands of people walk in and insert their memory cards.

Some Windows-based photo kiosks apparently don’t run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers’ USB keys.

What can you do to protect yourself against infection from a dirty public kiosk?

  • Buy a SD Card and use it’s read-only protection switch.
  • Burn your photos to read-only media such as a writable CD or DVD.
  • 07/21/2010
  • IT

Why use a UPS or Surge Protection?

The past couple of weeks we have had many computers brought into the shop that have had un-expected power supply or motherboard failures. We have also had many electrical events in the area such as lightning and brown outs. Most did not have an UPS or surge protector. Coincidence? Not likely…

The important step of power surge protection is often neglected. After all, the chances of being blown out by a direct or nearby lightning strike are pretty slim. While that may be true, lightning is not the only reason of power damage to your computer and peripherals. The seemingly harmless erosion of minor but frequent power spikes can be just as damaging over time, if not as dramatic. In fact, industry reports estimate that the average household encounters 120 power problems a month. Unnoticed on the surface of things, those daily hits take their toll, gradually diminishing your computer’s performance, accumulating damage and threatening your data.

Fortunately for you and your files, help is at hand: the oft-overlooked guardians known as surge protectors and UPS devices.

What are they and what do they do?
Surge protectors and UPS (uninterruptible power supply) devices protect your expensive computer system and invaluable data by regulating wayward power fluctuations — not just the spark-showering lightning strikes, but more mundane surges from everyday sources, such as the kick-in/kick-out routines of household appliances like refrigerators or air conditioners. These protection devices stand between your computer equipment and the power supply, absorbing any excess power and grounding it, thereby warding off performance glitches and gradual damage. They also guard against moderate surges — spikes that fall far short of lightning, but still carry enough of a wallop to damage and even destroy unprotected components.

However, while a surge protector successfully manages excess power, it leaves its back turned to problems caused by inadequate power, such as blackouts and brownouts. A UPS takes that extra step by shielding against the sags as well as the spikes. It uses AVR (automatic voltage regulation) to automatically boost or reduce voltage to maintain the optimum power level. During power outages, the backup power source of a UPS gives you a few minutes to save your work and shut down properly.

In short, a surge protector is built to sufficiently handle all power spikes that come its way, while a UPS device is designed to deal with the entire spectrum of power problems. Both can manage surges that range from the mundane to the fire-breathing. Take the worst-case scenario: a lightning strike. Depending on the proximity, the blast may damage or even destroy your surge protector or UPS, but in the process, the device will have sacrificed itself to keep your equipment unscathed. Besides, it’s certainly easier to replace a surge protection device than your entire computer system, not to mention all your data.

What should I look for when buying one?
Before shopping for a surge protector or UPS, make an inventory of your computer system and its peripherals so you can find a suitable match. It is critically important to plug each and every cord and cable into the protection device, because each one is a point of entry for power spikes. Leaving even a phone line unconnected creates a gap in your defenses. Therefore your surge protector or UPS must have enough AC outlets, phone jacks and networking ports to accommodate all your equipment.

When considering a UPS, you must also know your system’s total power requirement. Check the labels and back panels and create a list of the watt, VA or amp power consumption rating from each component. UPS power levels are expressed in VA (voltage amperes), so convert any watt or amp listings to VA; simply divide watts by 0.7, and multiply amps by voltage (120 volts standard in North America). Add them all together to find the minimum VA level you need.

Here is a list of product specifications that may help you narrow the field:

  • Joule Rating refers to how much energy can be channeled. Generally speaking, a higher joule rating is better, especially for a computer. However, keep in mind that not all manufacturers use the joule rating system, instead listing voltage let-through.
  • UL 1449 Rating should be applied to any surge protector or UPS device worth its salt. Conferred by the Underwriters Laboratory, the 1449 rating denotes the product has been satisfactorily tested for surge suppression. Just as important, it indicates the product met 1998’s thermal fusing standards. These surge protectors and UPS devices permanently kill the power if too much heat is generated during strong surges — meaning it won’t catch on fire.
  • Response Time – The response time is an important benchmark for comparing devices. Your protection device should react in one nanosecond or less, meaning an almost instantaneous response to power problems.
  • Diagnostic Lights are very helpful in monitoring the effectiveness of the surge protector or UPS. For instance, a ground indicator light displays whether or not the device is properly grounded — crucial knowledge, because you will not be protected if it isn’t.
  • Warranty are offered that not only cover the product itself, but also extend to the equipment connected to it. Examine the warranty terms and conditions to see under what circumstances you will be safeguarded.
  • There are other conveniences to consider as well. Switched and unswitched (always on) outlets are one example. A surge protector with this feature will allow you to turn off some components while leaving others (such as a fax machine) on at all times. Specialized circuitry is another example, where the surge protector automatically turns off components if confronted with a power surge it cannot handle

How do I use it properly?
OK, you’ve decided our advice makes sense, purchased a surge protector or UPS and brought it home. It’s even out of the box, looking promising and trustworthy. Now here are a few tips for ensuring it does everything it’s supposed to do:

  • Ground it: Your surge protector must be properly grounded in a three-prong outlet. There’s no way of getting around this one. If it isn’t grounded, it won’t protect you from surges because there is no place for it to shunt the excess voltage. Many surge protectors have a ground indicator light for just this reason, so if the indicator doesn’t light up properly, try another outlet or call an electrician to check for and repair any faulty wiring.
  • Connect all your equipment. Be sure to connect each and every cord, component and peripheral, including any phone lines or networking cables. Leaving out even one connection leaves a door open for wayward power spikes.
  • Connect equipment to the right spot. Make sure on a UPS you connect the computer, monitor, cable modem, router, switches to the battery side. Other non-critical devices can be connected to the surge side. Please note NEVER connect a laser printer to an UPS, use a separate surge protector.
  • Be direct: Don’t be tempted to extend the reach of your surge protector with an extension cord, because then it won’t be suitably grounded. The device must be plugged directly into a three-prong outlet. What we said about grounding still stands, and there is no way to get around it.
  • Check the warranty: Most surge protectors and UPS devices offer warranties that cover connected equipment as well as the product itself. Check to see if the warranty requires any documentation or registration to validate it. As the saying goes, it’s better to be safe than sorry, and supersafe is better yet.

Ready to protect your computer system against renegade power problems?

Need assistance, we can help. 358-6305

Adapted from information

  • 07/20/2010
  • IT

3 Easy Steps for Email Safety

We cannot remind others enough about the tips below. We see it everyday… a computer gets trashed by someone not following the 3 cardinal rules of email.

1. Don’t open e-mails from people you don’t know.

2. Don’t open e-mail attachments from people you don’t know.

3. Beware of e-mail attachments from people you do know.

Read on for more great Email tips:

Don’t pass on “chain letters” or forwards, at least not messages that have no informative value. It may seem harmless, and I’m not really sure what people’s motives behind starting them are, but the end result is a lot of useless Internet traffic which has to be processed before real e-mails and requests for web pages can be processed. It seems so innocent, how could forwarding one little chain letter hurt anything? Don’t forget there are millions of other people around the world doing the same thing, all that useless traffic adds up. Not to mention that they’re annoying and personally I question a person’s reliability if they forward me bad news or even worse, a message that just says I’ll have bad luck if I don’t pass it on. I have broken many chain letters in my time, and I assure you no ghost is going to kill you, and you’re not going to have bad luck, so break the cycle and don’t forward spam.

Trash those generic e-mails from random foreign guy, who needs an American citizen to set him up a bank account in the US for whatever contrived reason, and will split the millions he saves by doing this with you, but somewhere along the line needs you to wire him a large cash sum. You’re not investing in your future, you’re giving your money to a con artist.