Ad: Manage updates with the Download App
ie8 fix
Click Here

OpenDNS provides added safety for free

OpenDNS is a free online service that offers an extra layer of safety on the Internet. Technically, the service is DNS resolution, which I'll explain below. The main defensive computing advantage it provides is protection from bad Web sites, most importantly from phishing scams. ID theft is, to me at least, the worst thing that can happen to a computer user, so any extra protection helps. You also get some flexibility in deciding which other types of Web sites should be restricted.

You don't have to register to use the service, and there is no software to download … Read more

Is that e-mail message legit? How a computer nerd analyzes it

My clients often ask my opinion on whether an e-mail message is legitimate or not. The message below, asking for credit card information and claiming to come from Register.com, was a doozy, and a lot can be learned from analyzing it.

First, it addressed my client, who is a Register.com customer, by name and was sent to an e-mail address associated with a domain registered there. Both my clients' name and e-mail address are publicly available. The message did not contain anything private such as an account number at Register.com.

I left out the Register.com logo … Read more

A dangerous conflict of interest between Firefox and Google

Update: This blog post was edited after receiving complaints from a number of Mozilla employees. For a list of the edits, go to to the bottom of the post.

The Firefox browser may not be as independent as previously thought. Mozilla essentially owns Firefox, and it proved so when it flexed its muscles last year in forcing Debian to rename its browser IceWeasel.

However, the open secret in the tech sector is that at the end of the day, Google calls the shots. As this blog post will explain, when a pro-user security feature in the browser threatens Google's … Read more

Test your e-mail program

My last posting, Defending against a phishing e-mail message, described a JavaScript trick bad guys use to make a link appear to go one place when it really goes somewhere else.

So you can test if your e-mail program (or Webmail system) falls for this type of forgery, I created a test e-mail message.

To receive my test e-mail message, send an e-mail to:

It does not matter what, if anything, is in the subject or the body of your message.

The test e-mail message contains a link that appears to go to CNET, but really goes to my personal … Read more

Defending against a phishing e-mail message

I previously made the case that Windows users should use Thunderbird for email. When I got a fraudulent e-mail message on Saturday claiming to come from PayPal, Thunderbird offered two lines of defense.

The first was the big warning that the message might be a scam. Indeed it was.

The body of the message was a pretty standard phishing scam, with the usual typos and the true destination of the link hidden.

Thunderbird's second line of defense was not falling prey to the common practice of using hidden JavaScript code to hide the real destination of a link embedded … Read more

Fake caller ID: Fun, legal and easy to do

Caller ID information is not to be trusted. Judging by the reactions I've gotten from colleagues and friends recently after they've been the victims of spoofed-ID demonstrations, it's not common knowledge that caller ID information, primarily the phone number that often appears on the recipient's telephone display, can be easily faked. Best of all for the mysterious caller, it's not illegal in the U.S. (except in cases where fraud occurs). Calls for the purpose of amusement or revenge are perfectly legal.

With the help of easy-to-use Internet calling card services, it's possible to … Read more

The threat of political phishing

Later today, I will be presenting as part of a panel on the subject of political phishing at the Anti-Phishing Working Group eCrime Researchers Summit.

During the panel discussion, I will be speaking about the threats to the online fundraising model used by political candidates in the United States. While attacks in the wild have yet to be seen, there are a number of factors which make online campaign giving particularly vulnerable to phishing attacks.

To go along with my talk, Professor Markus Jakobsson and I have released a white paper which clearly explains the issues, threats and a solution … Read more

Political dirty tricks 2.0: Outsourcing voter suppression calls?

During my blog posts this week, I'll be focusing on ways in which the Internet can be used to disrupt elections and the political process. On Friday, I'll be giving a talk on the subject at the Anti Phishing Working Group eCrime Researchers Summit on the subject of Political Phishing.

In today's post: What happens when voter suppression calls get outsourced to India? How will law enforcement track down the evildoers, and what will this mean for our elections?

Shortly before the 2006 election, voters across Virginia received calls that falsely claimed that their voting places had … Read more

Update for Internet Explorer 7

If you've disabled the antiphishing filter in Internet Explorer 7, you're not alone. The filter, as it currently works, takes something short of forever to process each site, deciding whether to mark it as safe for viewing or suspect as a potential phishing site. In response, Microsoft has quietly issued a service update for users of Internet Explorer 7 for XP and Windows Vista, running on Windows Vista (all editions, including x64 editions), Windows XP SP2, Windows XP Professional x64, Windows Server 2003 SP1, and Windows Server 2003 SP1 x64 editions.