Internet reaches middle age

Although few had even heard of this Internet thing (then known as the "information superhighway" until the early or mid-1990s, it got its real start 40 years ago this week.

It was Oct. 29, 1969 when the first two nodes of ARPANET were interconnected between UCLA’s School of Engineering and Applied Science and SRI International (SRI) in Menlo Park, California. And unless you were one of the guys on the inside, you really didn't know or care.

I was a bit of a late adopter. It was 1996 when I used a noisy modem to link into an Internet provider in a nearby city. My computer was an old Leading Edge XP, with an 8088 processor, Hercules graphics card, DOS 5, and 2400-bytes-per-second modem. I used Procomm to link up, and the text-only Lynx browser to surf.

This wasn't the first time I'd used a modem. By then I was an old hand at sending text files point to point over the phone lines. I worked for a newspaper in Kingman, Arizona at the time, and generated a lot of stories from my home office in Bullhead City, 40 miles away. I'd call the publisher, Matt, and tell him to set up the computer for incoming copy, give him five minutes, then send the stuff. Soon Matt would see my text streaming across his screen, a character at a time. One of my other reporters would send me his copy from his home office, I'd edit it from home, then send it to the home office the same way. I was even able to execute commands on my home computer (the Dos-driven PC) from the MacIntosh at work, using an old-school program called Telnet.

Once I got the knack of surfing the Internet, it became a bigger part of my life. And I remember telling my parents about my experiments. Dad was already good with computers -- we'd traded software for several years -- but he wasn't sure about this online thing. A curious toy, he concluded.

At the time, Netscape was the go-to browser before Internet Explorer nuked it in market share. There were rumors that you might be able to surf on the same infrastructure that your cable TV used, and much faster than dialup. Companies began building their own primitive Web sites, and ordinary people were cobbling together their own Web sites on GeoCities (which shut down a few days ago). It was a whole new world out there, the Wild Blue Yonder.

It's been 13 years since I fired up my first Web browser (Lynx, by the way, is still available and still text-only). But a lot has changed since then. Rather than write for print, my work shows up in the ether of the Internet and many of my readers are on the other side of the world.

I've developed friendships with people I'd never met, and who live in places I've never visited. I've discovered musicians I've never heard before and downloaded their music. I've downloaded entire a lot of software and quite a few operating systems -- and asked questions about the software online. I've communicated with a Linux developer in Australia and let him know how I was able to get his system to run on computers that even he wasn't sure could be done. I've debated many a subject online. I've set up the computer to download news from several hundred sources at a time.

I'm an experimenter, and can't leave stuff alone. Besides Netscape, I've used Internet Explorer, Mozilla, Seamonkey (which is what Mozilla has become), Opera, and Google Chrome. Firefox is my most-used browser now, but I notice Seamonkey is now in 2.0 and it deserves a look.

Instead of listening to a whining modem, I go straight wireless. I have about a half-dozen places where I go to do my work -- some indoors, some outside, and I'll unpack my netbook, hit a few buttons, and talk to the world. In fact, once I left dialup I had no earthly reason to even keep a landline -- a cell phone on my hip, wireless Internet close by, a second, Internet-based phone line through Google Voice, all my communications needs are met.

Even then, I'm a bit of a primitive. My cell phone merely makes calls and sends off text messages. It doesn't browse the Web. I can send short text messages to Twitter or this blog, even an email, but my single-function LG doesn't stack up to those iPhones or Crackberries that do everything.

When you consider the all-purpose cell phones, netbooks, laptops -- and I recently read about a pen that's really a computer -- you just may see desktop computers as another dying breed. Even hard drives may become a thing of the past, what with USB thumb drives and online file storage. Some of your netbooks work with just internal flash storage and USB drives, without a hard disk in sight.

The folks at UCLA and Menlo Park had no idea at the time what they'd started.

(Screenshot: The old text-based Lynx web browser, where I made my first forays on the Internet, is still around. It's shown here with Firefox 3.5.3.)

###

You tell me: Remember your first time on line? Care to share? Use the comments section for your input.

Site outlines 10 ways to spot an Email scam

I've spent a bit of time looking at some of the nefarious things that can find themselves on your computer courtesy of the Internet. You can get bad programs, spyware, viruses, and some eerie email at the click of a mouse.

What with the speed and ease with which one can send off mass emails, the scammer has all the tools he needs to separate many people from their dollars. And you've probably seen a few of these messages showing up in your inbox -- maybe even a few this week.

From switched.com, here are 10 red flags that the email you've received is probably a scam:

Look for things like requests for personal information, lots of misspellings, clickable Web links, innocent-sounding surveys, that "hot tip" you don't remember requesting, unsolicited attachments, and you-must-act-now pitches.

From Switched:

If you see the phrases "verify your account," "you have won the lottery" or "if you don't respond within XX hours, your account will be closed," it's a scam – every time. Hit the delete button and don't look back.

This is one you should delete, kill, whatever you do with it.

It's a jungle out there. But then you already knew that.

###

Facebook password-reset email carries a virus

Sheesh!

These writers of viruses and other nefarious code will stop at nothing to spread the love. But while you can see many viruses coming a mile away, I understand this one looks official.

This one, a Trojan horse dubbed Bredolab, comes dressed up as a "Password Reset Confirmation Email" from Facebook. In the email you click on the link to -- you think -- get your new password. That's when the fun -- if you can call it that -- starts. That link downloads system-destroying files, such as rogue "anti-spyware" programs that inject their own spyware, into your computer.

Considering some of the problems Facebook has been encountering -- partly from increased traffic and partly from its own recent redesign, this email almost sounds plausible.

I haven't seen this one myself; I got the details from Mashable! and MXLab.

According to MXLab, here's the body of the message:

Hey vguysville ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

Here's the drill. If you see something like this from Facebook, watch out. It's probably not from Facebook. Bear this in mind:

- If you didn't request a password change from Facebook, you have no reason to receive a reset confirmation. Don't bother opening it; dispose of it immediately.

Enjoy your computer, don't be skeered of the virus bogeyman, but be wary when you go online. Cool?

###

Computer issues being resolved

I can say it now: The laptop is back among the living.

Most of my software is back up. I've knocked off most of my to-do list. I'm writing this column on it, and soon I will upload it and download email and news. I'm extremely pleased.

One of the things I noticed is that, with the new configuration, it's handling power better. I haven't checked to see if I'm getting any better battery life, as I tend to forget about things like time when I'm online. Gee, I could fly a passenger jet ...

But I have noticed that it's running much cooler when it's plugged in to the A/C adaptor. Seriously. It's not like I took its temperature (I'm not sure where to stick the thermometer), but I can tell the difference. I take that to mean the CPU isn't working as hard, a good thing.

From my master list, I still need to locate a program that will put the computer into sleep mode when I close the lid. My temporary operating system had that, so this shouldn't be difficult to find or install. From there, most of the work is either convenience or cosmetic -- like rebuilding my menus so they'd be a little more intuituve.

I still want to find an uncorrupted version of the Windows system file I blew out (hal.dll), but there's no rush there.

For the geekus extremis among us, here's a printout of some of the basics. If your eyes glaze over when someone mentions "CPU," feel free to skip over this part:

-Computer- Processor : Intel(R) Atom(TM) CPU N270 @ 1.60GHz Memory : 1022MB (267MB used) Operating System : Unknown distribution Date/Time : Tue 27 Oct 2009 01:31:22 PM GMT+5 -Display- Resolution : 1024x600 pixels OpenGL Renderer : Unknown X11 Vendor : The X.Org Foundation -Version- Kernel : Linux 2.6.29.3 (i686) Compiled : #1 Tue May 19 23:43:56 GMT-8 2009 C Library : GNU C Library version 2.9 (stable) -Current Session- Computer Name : epulsifer Desktop Environment : Unknown (Window Manager: Fluxbox) -Misc- Uptime : 17 hours, 5 minutes Load Average : 0.23, 0.15, 0.15

This "uptime" is interesting. Keep in mind, this is a laptop and I don't have that sleep-mode switch fixed, so it's been running, powered and plugged in, with the lid closed.

Just for yuks, I checked to see how long my desktop (which also runs on Linux) unit has been booted up without a restart:

7d 17:46

OK. I rebooted that computer a week ago. I usually only shut the desktop down when I'm experimenting with another computer (not enough power cords to go around), replacing a part, or moving the unit.

Just try doing that with Windows.

###

(Pictured is a screenshot from the laptop. OK, you may not recognize a lot of this stuff if you're a Windows user. The interface -- Fluxbox -- is pretty minimal, but it stays out of my way.)

Resurrecting laptop took plain & fancy fixes

OK. I think I'm back up and running.

Was out of the loop for a few days; my main access to the Internet went south until I was able to fix it.

This laptop is my mobile workhorse. Although I do much of my writing on the home computer, it's strictly a standalone unit that doesn't conect to the web. To upload and download, I use my Acer netbook for all the dirty work.

The Acer was victimized by my tendency to experiment. I'm not even sure what I did. I jiggled when I should have joggled, and corrupted a couple of system files. Now, that computer is driven by Windows XP, which doesn't lend itself well to evil experiments. Anyway, when I boot up into Windows, an error message pops up letting me know just what I'd b0rked, and won't let me go any farther than that. A dead computer.

Thanks to some other experiments I'd run, the netbook wasn't dead in the water for very long. I have a few quick-and-dirty solutions that brought it back to the land of the living, but I'm not done yet. Working on a "final solution," but the duct tape and spit will work for now.

From quick-and-dirty land:

I have a Linux system installed on a 1-gigabyte thumb drive, and I set up the laptop's BIOS to look there first before booting anything else up (instructions are on the screen). I'm using a variant of Puppy Linux, which is great because it runs in memory. Once I'm booted up, I can pull the thumb drive and work without that thing hanging out of the computer. It's probably an OCD thing.

If you're a Linux user, you can set up any version to run with a program called Unetbootin. It's very cool. You grab the .iso image file of whatever Linux version from the Internet, install it to the thumb drive via Unetbootin, fire up the computer with the thumb drive installed, and you're running Linux. You'll be able to access the files on your hard drive as before. The only caveat is that, unless your version of Linux is designed to run completely in memory (such as Puppy Linux), you won't be able to remove the thumb drive without screwing things up.

On that USB drive, I have all the goodies I need -- wireless fixins, a Web browser, text editor and word processor, and a program to play mp3s while I work. I'm all set there, at least for now. And I have the same system installed on a smaller, 256-megabyte USB drive that stays in my cell phone case, so I have a backup.

That was my temporary fix, and it served me well. But it wasn't the final solution. The good news is that over the weekend I got much closer to something more permanent. A newer, more expandable version of Puppy Linux is now installed on my hard drive, and I can boot directly into it without using the thumb drive. Much cleaner, much more permanent.

One of the limitations of Puppy Linux is that its ability to install newer software is a little squirrelly. The developer, a nice Australian guy named Barry Kauler, built the system for speed and a small footprint, and many of the add-in programs had to be adapted for that system. But, through the "woof" project, one is able to import software from Ubuntu repositories or the Slackware-based .tgz format.

I know this means nothing to non-geeky types, but here's the upshot: Newer, better software. With the old Puppy Linux, I'm limited to version 2 of Firefox; now I'm able to grab the newer -- and in this case better -- version 3.5.

OK. Almost there. But something's still missing:

I'm a news junkie, and a big part of my blogging is my ability to capture all the news I need. Plus, I want something that would give me some flexibility. I want to be able to move all this news from my laptop to the desktop at home.

In short, I want a portable RSS reader that I can use online or offline.

For those who don't know about such things, an RSS reader is the world's greatest invention for news junkies such as myself. You subscribe to your feeds, download the news you want, and read it at your leisure. Most news websites and blogs -- including this one and The Column, Reloaded (which I highly recommend) -- allow you to subscribe; but some will just give the partial feed, a paragraph or two, while others give the full text and graphics.

My own feeds include a handful of news outlets -- Yahoo! News, CNN, Newsweek, the BBC, ESPN. Plus many blogs. I have tons of political blogs in my feeds -- Daily Kos and the Huffington Post on the left, The Heritage Foundation on the right, and the libertarian Cato Institute. Although my politics are pretty well defined, I like to see what all sides have to say.

I never bothered counting the number of news feeds I have, but I have more than 1,00 news items to sort through every day. Some, obviously, are good for little more than a glance at the headline. Others I'll read, mark, prioritize, quote from, and link to in my blogs. And still others I'll forward to friends.

If you're a Gmail user, you have access to Google Reader, which fits most of the bill. But I wanted my news to be more portable than that. Google Reader does have offline capabilities, but that's still experimental.

I considered using a second, 8-gigabyte thumb drive that I use as my mobile storage disk. That's where I keep my work files, plus my Portable Apps suite.

I love Portable Apps. That's where I have a handful of to-go programs. There's Firefox, Abiword, Thunderbird, a few games, and Open Office, all on a flash drive that I can plug into anyone's computer, do my work, and leave no trace. I wrote about Portable Apps in my other blog, and it's one handy tool. The developers have some great programs available, but no RSS reader. And I'm ticked. In a pinch Thunderbird will work, but it's a poor option at best. And, these Portable Apps programs are Windows-based, meaning I need to use an emulator -- such as WINE -- to run them. Useful as WINE is, that's one layer of software I don't want to mess with for something as crucial as gathering the news.

While running my temporary system from the thumb drive, I experimented with several Linux-based RSS readers, and none were satisfactory. But with the freshly-installed Puppy Linux I tried the multi-platform, Java-based RSS Owl, and so far the interface works. While uploading this blog, I will test my installation to see if it actually downloads the news. I hope so. RSS Owl was my go-to news reader on Windows, so there won't be any real learning curve.

Fast update: It's working! I'm excited!

OK. What's still unresolved is my ability to share my RSS news with my desktop computer. The only real solution I see -- and this is theoretical -- is to score a router and network the two computers. But that's another project I'll study on later. My plate is already piled so high it's ready to tip over.

Here's my to-do list:

- Laptop lid switch - fix. (One problem with my system right now is that it doesn't go into sleep mode when I shut the lid. This means I either leave it powered up, or shut the whole thing down.
- Firefox 3.5 (Will download this in a few days.)
- Thunderbird, with calendar (My favorite mail reader, and there's a calendar add-on that, well, keeps me organized. Shoot, keeping myself organized is a losing battle most of the time, but let's not go there.)
- A couple of games (I'm not real big on that, but it's not all work and no play, and I do like a lightweight game or two every once in a while.)
- Gantt (This is a program that I use for planning, when time is important and there are definite steps to be taken. The one I use on my desktop is a Java-based program, and it's a simple download and install.)
- RSS reader!! (As I mentioned, this is being addressed.)
- qt3 (This is a series of library files that are needed to run Scribus, an open-source page layout program.)

That's the more important stuff. The rest of the list is something I can attack later:

- GIMP (This is an open-source graphics and photo-manipulation program, on a par with PhotoShop.)
- Audacity (This is a simple sound-editing program. I've used the laptop to record band rehearsals. Also need to come up with something better than the lousy condenser microphone that came with the laptop, but that's not an immediate need.)
- Open Office (I do have that, via Portable Apps, on my thumb drive. In truth, I don't use it all that much.)
- TweetDeck (This helps me organize my Twitter account, and it's quite useful. Twitter, by the way, is great for keeping up with the absolute latest news, but it's also the biggest time-waster since the Internet was invented.)

Enough already!

Scareware a big business, but fake virus 'protection' can be removed

Viruses and spyware are a real concern when you spend any time on the Internet, and some people are feeding on your fears for big bucks.

But while there are quite a few legitimate anti-virus programs out there, there are more that not only do not get rid of your viruses and malware, but install more of the same on your hard drive.

Symantec, which owns Norton, says more than 40 million people have fallen victim to the "scareware" scam in the past 12 months. According to the BBC, "online criminals make millions of pounds by convincing computer users to download fake anti-virus software." Which translates into an awful lot of dollars, not to mentioned the number of computers that are trashed by this cottage industry.

Over my years of surfing on the Internet, I've seen plenty of this. An ad shows up on a Web page I'm browsing, offering to scan my hard drive for free. Or flashing a message that would make even the most savvy Web surfer sweat -- that viruses have been detected.

The idea is that you click on the ad and it will scan your disk, or install a virus-protection device. That's what you think, anyway.

In reality, the scan or program is useless at best. At best.

At worst, the program or scan will install its own spyware, or its own virus, and really make hash of your hard drive -- and maybe even bill your credit card in the bargain.

Welcome to the rogue security software. They either are disguised viruses, trojans or are nothing but a sales pitch, trying to push another product to the user.

Call it scareware, because it's designed to frighten you into buying its product or download its own viruses, Trojan horses, or spyware.

Most of my Internet work is with this netbook, using Windows. But even while using Linux I've even seen these ads come up. I'm talking about the ads saying that viruses have been detected on my computer.

Which told me right away the claim was a bunch of horsesqueeze. For several reasons, Linux is not prone to viruses or spyware. Nor is MacIntosh, really.

OK. Time to check your computer. See what kind of virus protection you have. If it's from this list, you're in a bunch of trouble:

Cyber Security
Alpha Antivirus
Braviax
Windows Police Pro
Antivirus Pro 2010
PC Antispyware 2010
FraudTool.MalwareProtector.d
Winshield2009.com
Green AV
Windows Protection Suite
Total Security 2009
Windows System Suite
Antivirus BEST
System Security
Personal Antivirus
System Security 2009
Malware Doctor
Antivirus System Pro
WinPC Defender
Anti-Virus-1
Spyware Guard 2008
System Guard 2009
Antivirus 2009
Antivirus 2010
Antivirus Pro 2009
Antivirus 360
MS Antispyware 2009

These are rogue programs, according to ghacks. And if you have one of these, you'd better get rid of it awful fast. You probably clicked on something, downloaded what you thought was virus protection, and you may have noticed your computer running like crap.

So what do you do?

There's an article in ghacks which mentions "Remove Fake Antivirus," a portable software program for the Windows operating system that has been designed to uninstall 27 different rogue antivirus software programs from the computer system. You can download Remove Fake Antivirus here, and it's free.

I downloaded and ran it, though for me the on-the-workbench test was inconclusive. This is probably because I know the likelihood of me actually downloading and installing some of this scareware is really slim. The dialogue box showed, though, that it was removing each of these antivirus programs. My assumption was that this is the "default" dialog box. After running the program, you will be asked to reboot.

In truth, I'm a little chary of installing a virus-protection program from a non-company website (this is from a blog, how sketchy is that?) but sites like Download Squad (which gave it really lukewarm reviews), Softpedia, TechForums, and CNet (which rated it two-and-a-half stars out of five; not that great, and none of the readers reviewed it) carry links and product descriptions. Plus, I've never found reason to fault the information I get from ghacks.

A caveat: Here's one of the Download Squad reviews:

Well, I ran it, and it killed my main windows service and forced a restart. When the PC came back up, I had no internet connection. Warnings should be posted.

With that in mind, I checked things out when I rebooted. The Windows security service flashed a warning saying I had no virus protection, but I see ClamWin had loaded itself in the system, per normal. A glitch, perhaps? The good news was that my wireless Internet ran just fine. But be careful!

Menawhile, there are several good virus-removal programs out there. Some -- Norton and McAfee -- are the kind you pay for, while others -- AVG, ClamWin, and Avast! -- are free. The for-pay ones are probably a bit better than the free ones, but any of these are good for the computer and your peace of mind. That is, if you update them every so often -- there's always some idiot thinking that if he builds a better virus, the world will beat a path to his door. These viruses seem to be coming down the pike faster and faster. A virus protection program is only as good as its updates, and it's also useless if you don't run it regularly.

For spyware removal programs, only two are worth downloading -- AdAware by Lavasoft, and Spybot Search And Destroy. And neither one is perfect. But, unlike antivirus programs, you can have both installed and running on your computer. I highly recommend you run both, one after the other, as part of your regular security regimen. What spyware program one doesn't catch, the other one probably will.

Ways to keep phishers out of your email

A few days ago, I wrote about how phishing (Password Fishing) attacks exposed a lot of Hotmail user accounts. It turns out the attacks were much bigger than Hotmail -- Google's Gmail (which is my go-to email system) got compromised, along with Yahoo, Earthlink, Comcast, and AOL.

Shoot, it might be easier to list the major email carriers that didn't get hit.

Meanwhile, the major email carriers are in damage control mode, and many put out statements and how-to's for self protection.

Here are some basics, courtesy of Mashable. Most of these involve passwords, the user's first line of defense:

*****

Use different passwords on different sites — After all, if you use the same login credentials for multiple sites and one gets compromised, they all are. Since many of us use umpteen web services daily, it’s worth checking out a good password manager tool to help you keep the all straight — and safe.

Don’t use common words or sequences — Simple dictionary terms or sequential numerical sequences won’t cut it. You should make sure your passwords are a mix of letters, numbers and symbols.

Don’t base passwords on personal data — Hackers often use “social engineering” techniques to greater effect than running actual lines of code. Since we routinely share various bits of personal data with others, things like pet names, middle names, birthdays and so on don’t make a good basis for passwords.

Don’t leave your password somewhere visible — If you simply must write it down, don’t put it on a post-it attached to your monitor. Relatedly, if you keep a list of passwords on your computer, name the file something more cryptic than "password file."

Make sure your password recovery questions are also secure — Strong passwords that lack semantic meaning are unfortunately also easier to forget. Many sites allow you to reset your password over email or after answering one or more Security Questions you set up when creating the account. Make sure these aren’t based on common-knowledge personal data either — try to make them difficult to guess, and avoid any information you’ve posted publicly online anywhere as well.

*****

Good advice, that. An analysis of the data from Hotmail showed the most common password among the compromised accounts to be '12345.' I mean, duh! You don't need expensive software to crack that password, and it appears there are quite a few folks around that have no business running a computer. But that's fodder for another rant.

Here's more, from gHacks:

*****

The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.

If you are not a customer of the site delete the email immediatly. Don´t click on the link or reply.

If you are a customer and you are not sure if the email is legit do one of the following:

Contact the institute by phone or contact at the official website ( do not use the email link of course) and ask if the mail is official.

Instead of using the link provided open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time).

*****

There's plenty more on that site. I highly recommend checking it out.

If you're using Firefox (as I am), go into the Tools > Options > Security in the Firefox options to set up your protection levels. I really recommend you do this now, while you're reading this. If you don't find these options, you're probably using an older Firefox. You'll find more Firefox phishing protection and testing tricks here.

Also, I did download LastPass, though I haven't installed it yet. I see where it involves creating an account online, though it's free for private use. According to the manufacturer, the password information is stored on your own computer. Still, I'm a little chary of using any Web-based password keeper. I'll install it and take a look at it, but my instincts tell me it's not a perfect solution.

In the meantime, enjoy your computer. It's a great tool, and the more plugged-in the world is, the more your computer will become a part of your life. But be careful. It's a jungle out there.

Phish tales: My Twitter, 1000s of Hotmail accounts hijacked

I'm fairly new at this Twitter thing, and I'm still prone to rookie mistakes. And for a few days, I was paying for one.

I occasionally get worthless tweets from folks about quick-and-dirty ways to build my traffic. Most of them are pure crap, by the way, but while some are harmless crap, others are more nefarious. I came across one -- GET 1000's OF FOLLOWERS, with a link. OK. I could smell the crap all the way from here, but I thought I'd take a look at it to, well, see what was going on. Research purposes, you understand.

I clicked on the link and immediately got the warning that the site was possibly one for phishing. For those who don't know what that is, phishing is when someone is trying to harvest information from you. Valuable information that you wouldn't give out otherwise. Like a password.

As soon as I saw that warning, I clicked on it to basically abort the mission. Supposedly, that was the end of that.

Not so. Soon after that, I noticed I had been making some real strange tweets, or more correctly, some jerkface was sending them out under my name. Every day. There would be some message credited to me, advertising some "service" that gives you thousands of followers. Or something. In social media, followers and friends are the coin of the realm. The more followers you have, the bigger your network and the more valuable your site. I use Twitterfeed to link my writing directly into Twitter, and all of my followers (right now about 40 of them) gain access to my work.

Soon I noticed these posts linking to the phishing site started going out every day, with the link and my name on them. Some idiot hijacked my Twitter account, and I became a spammer.

I tried a few quick damage-control measures. Blocking the original source of the link. Adding a disclaimer to warn followers away from that link. Part of that was saving face -- letting my followers know it wasn't me sending those things. And the spam messages still showed up, every day.

Final analysis: There seems to be a simple fix, a real no-brainer. Change your Twitter password. I did that, and the messages stopped. D'oh!

Meanwhile, those who use Hotmail for email (I'm not sure why you'd want to) are getting phished big time. According to gHacks Technology News:

Microsoft has recently confirmed that thousands of Windows Live Hotmail customer’s credentials were exposed on a third party website. According to Neowin the account information were posted by an anonymous user at the pastebin website. The list that was posted contained over 10.000 account details of accounts starting with the letters A and B which suggests that additional lists might be in the hands of the attackers. Initial investigations suggest that only accounts used to access Windows Live Hotmail were affected (which includes email accounts ending with hotmail.com, msn.com or live.com ... Microsoft determined that the attack was not a breach of internal Microsoft data and believes that the account data was gained by a phishing attack. Phishing attacks are common ways these days to lure users into entering their account data on websites that look like the real deal but are not ...

Again, the gHacks-prescribed fix is a simple one: Change your password. Now.

There are a few before-the-fact and after-the-fact ways to protect yourself here:

Changing your password is the best back-end fix, though it is a pain in the butt. Even more painful now, when you access your accounts through a third-party application or site. For me, this meant changing the passwords on TweetDeck and Twitterfeed. As I write this, I'm pretty sure I haven't checked if my feed on this blog has been fixed yet; probably not. Note to self: Fix.

I haven't really checked it out yet, but there's a program called lastpass that's supposed to make it easy. It was mentioned in the gHacks piece, so I downloaded it and will give it a go. Might have something to write about there; stay tuned.

Also, the other standard self-protection rules apply. Don't click on Twitter links unless you know the source. Pretty much the same rule as opening email attachments. I know I'm screwing myself here, as I get a fair bit of blog traffic through Twitter. But y'all pay attention to what the link is. If the link is attached to a blog post (in my case it's prefaced with a COLUMN or WORKBENCH) it'll be OK. Those attachments will only mess with your mind, not your computer or Twitter account. If the preface is something like GAIN ZILLIONS OF FOLLOWERS, MAKE MILLIONS WHILE SITTING ON YOUR BUTT, or LOSE 20 POUNDS OF DANGEROUS UGLY FAT WITHOUT CUTTING OFF YOUR HEAD, the link is probably real sketchy and you'd do well to ignore it. But you don't need me to tell you that.

This last is going to require some extra vigilance, as so much Twitter traffic involves passing links back and forth. Especially mine. Looking at the last 40 tweets from my network (representing about two hours), 31 have clickable links. Most will refer me to a blog post or a news story. This is probably disproportionately high, as many Twitter users merely use the account to keep track of some friends. Mine actually doubles as a news feed, so I'm going to have a higher percentage of links.

Sometimes it's tempting to cut all cords and wireless, eschew all technology, and go back to quill pen and foolscap. But that's not an option, not if I wish to function in today's hooked-up dialed-in world.

###

You tell me: What protective measures are you employing here? What works? What doesn't? Do you have any horror stories you wish to share? Use the comments section below.