Preventing Attacks

We were in Sheridan, Wyoming, half way across the country to Jill's grandmother's house. I logged into my email to find something I hadn't seen in a long time: more spam than real messages. There were a couple dozen spams in my Inbox, and only half a dozen real messages. What happened to my spam filter?

I originally thought it was just a new type of spam not yet recognized by the filter. But then I looked closer and realized that the little signature my spam filter adds to each message was missing-these messages had not even been checked. No wonder they were getting through in such large quantities!

It's only when the tools fail that you come to recognize how valuable they are. In the 5 hours the server spam filter was out, I received more than 50 spams, and many of my customers also noticed immediately. The cause of the outage was a power flicker in the nasty weather Seattle was getting that weekend, which made that server shut down. Fortunately, we had this contingency (and many others) covered for our vacation, and were able to get everything back up and running.

Windows flaws keep causing trouble for most Internet users. Earlier this week I was at a meeting of a group of tech professionals in the Seattle area, all of whom work with small businesses.

It's been a bad week for computer security. Basically, if you use the Internet and have a computer, it needs updating. Even Mac and Linux users are affected.

First off, Windows. For those of you trying to limp along with Windows 98, ME, or NT, I'm sorry to say we've reached the end of the line. Microsoft has announced that they do not plan to release a fix for these operating systems, for the critical vulnerability revealed earlier this week. If you use any Windows 98 or ME machines to browse the Internet, you're vulnerable, and the only thing you can do is update to a newer operating system.

Let's talk about phishing. Phishing is just like fishing, only your identity is the fish and the bait is an email that looks like it came from your bank, or eBay, or Paypal, or any other legitimate place. The goal is to get you to follow a link to a site owned by the phisher, and trick you into divulging some private information, such as your bank account number, pin, passwords, or social security number.

Some phishing emails look completely legitimate, using logos, links, and text from the real business. Many try to warn you about fraud being committed with your account--the truth is, the senders of the email are the ones trying to commit fraud with your account, if they can trick you into divulging it. These types of emails are almost always fake. When you follow the link in such an email, you'll usually get taken to a web site that looks exactly like the real web site. But it's not.