The Internet is a computer network made up of thousands of networks worldwide. No one knows exactly how many computers are connected to the Internet. It is certain, however, that these number is in the millions.
No one is in charge of the Internet. There are organizations which develop technical aspects of this network and set standards for creating applications on it, but no governing body is in control. The Internet backbone, through which Internet traffic flows, is owned by private companies.
All computers on the Internet communicate with one another using the Transmission Control Protocol/Internet Protocol suite, abbreviated to TCP/IP. Computers on the Internet use a client/server architecture. This means that the remote server machine provides files and services to the user's local client machine. Software can be installed on a client computer to take advantage of the latest access technology.
An Internet user has access to a wide variety of services: electronic mail, file transfer, vast information resources, interest group membership, interactive collaboration, multimedia displays, real-time broadcasting, shopping opportunities, breaking news, and much more.
The Internet consists primarily of a variety of access protocols. Many of these protocols feature programs that allow users to search for and retrieve material made available by the protocol.
--------------------------------------------------------------------------------
COMPONENTS OF THE INTERNET
,
--------------------------------------------------------------------------------
WORLD WIDE WEB
The World Wide Web (abbreviated as the Web or WWW) is a system of Internet servers that supports hypertext to access several Internet protocols on a single interface. Almost every protocol type available on the Internet is accessible on the Web. This includes e-mail, FTP, Telnet, and Usenet News. In addition to these, the World Wide Web has its own protocol: HyperText Transfer Protocol, or HTTP. These protocols will be explained later in subsequent articles.
The World Wide Web provides a single interface for accessing all these protocols. This creates a convenient and user-friendly environment. It is no longer necessary to be conversant in these protocols within separate, command-level environments. The Web gathers together these protocols into a single system. Because of this feature, and because of the Web's ability to work with multimedia and advanced programming languages, the Web is the fastest-growing component of the Internet.
The operation of the Web relies primarily on hypertext as its means of information retrieval. HyperText is a document containing words that connect to other documents. These words are called links and are selectable by the user. A single hypertext document can contain links to many documents. In the context of the Web, words or graphics may serve as links to other documents, images, video, and sound. Links may or may not follow a logical path, as each connection is programmed by the creator of the source document. Overall, the Web contains a complex virtual web of connections among a vast number of documents, graphics, videos, and sounds.
Producing hypertext for the Web is accomplished by creating documents with a language called HyperText Markup Language, or HTML. With HTML, tags are placed within the text to accomplish document formatting, visual features such as font size, italics and bold, and the creation of hypertext links. Graphics and multimedia may also be incorporated into an HTML document. HTML is an evolving language, with new tags being added as each upgrade of the language is developed and released. The World Wide Web Consortium (W3C), led by Web founder Tim Berners-Lee, coordinates the efforts of standardizing HTML. The W3C now calls the language XHTML and considers it to be an application of the XML language standard.
The World Wide Web consists of files, called pages or home pages, containing links to documents and resources throughout the Internet.
The Web provides a vast array of experiences including multimedia presentations, real-time collaboration, interactive pages, radio and television broadcasts, and the automatic "push" of information to a client computer. Programming languages such as Java, JavaScript, Visual Basic, Cold Fusion and XML are extending the capabilities of the Web. A growing amount of information on the Web is served dynamically from content stored in databases. The Web is therefore not a fixed entity, but one that is in a constant state of development and flux.
For more complete information about the World Wide Web, see Understanding The World Wide Web.
E-MAIL
Electronic mail, or e-mail, allows computer users locally and worldwide to exchange messages. Each user of e-mail has a mailbox address to which messages are sent. Messages sent through e-mail can arrive within a matter of seconds.
A powerful aspect of e-mail is the option to send electronic files to a person's e-mail address. Non-ASCII files, known as binary files, may be attached to e-mail messages. These files are referred to as MIME attachments.MIME stands for Multimedia Internet Mail Extension, and was developed to help e-mail software handle a variety of file types. For example, a document created in Microsoft Word can be attached to an e-mail message and retrieved by the recipient with the appropriate e-mail program. Many e-mail programs, including Eudora, Netscape Messenger, and Microsoft Outlook, offer the ability to read files written in HTML, which is itself a MIME type.
TELNET
Telnet is a program that allows you to log into computers on the Internet and use online databases, library catalogs, chat services, and more. There are no graphics in Telnet sessions, just text. To Telnet to a computer, you must know its address. This can consist of words (locis.loc.gov) or numbers (140.147.254.3). Some services require you to connect to a specific port on the remote computer. In this case, type the port number after the Internet address. Example: telnet nri.reston.va.us 185.
Telnet is available on the World Wide Web. Probably the most common Web-based resources available through Telnet have been library catalogs, though most catalogs have since migrated to the Web. A link to a Telnet resource may look like any other link, but it will launch a Telnet session to make the connection. A Telnet program must be installed on your local computer and configured to your Web browser in order to work.
With the increasing popularity of the Web, Telnet has become less frequently used as a means of access to information on the Internet.
FTP
FTP stands for File Transfer Protocol. This is both a program and the method used to transfer files between computers. Anonymous FTP is an option that allows users to transfer files from thousands of host computers on the Internet to their personal computer account. FTP sites contain books, articles, software, games, images, sounds, multimedia, course work, data sets, and more.
If your computer is directly connected to the Internet via an Ethernet cable, you can use one of several PC software programs, such as WS_FTP for Windows, to conduct a file transfer.
FTP transfers can be performed on the World Wide Web without the need for special software. In this case, the Web browser will suffice. Whenever you download software from a Web site to your local machine, you are using FTP. You can also retrieve FTP files via search engines such as FtpFind, located at /http://www.ftpfind.com/. This option is easiest because you do not need to know FTP program commands.
E-MAIL DISCUSSION GROUPS
One of the benefits of the Internet is the opportunity it offers to people worldwide to communicate via e-mail. The Internet is home to a large community of individuals who carry out active discussions organized around topic-oriented forums distributed by e-mail. These are administered by software programs. Probably the most common program is the listserv.
A great variety of topics are covered by listservs, many of them academic in nature. When you subscribe to a listserv, messages from other subscribers are automatically sent to your electronic mailbox. You subscribe to a listserv by sending an e-mail message to a computer program called a listserver. Listservers are located on computer networks throughout the world. This program handles subscription information and distributes messages to and from subscribers. You must have a e-mail account to participate in a listserv discussion group. Visit Tile.net at /http://tile.net/ to see an example of a site that offers a searchablecollection of e-mail discussion groups.
Majordomo and Listproc are two other programs that administer e-mail discussion groups. The commands for subscribing to and managing your list memberships are similar to those of listserv.
USENET NEWS
Usenet News is a global electronic bulletin board system in which millions of computer users exchange information on a vast range of topics. The major difference between Usenet News and e-mail discussion groups is the fact that Usenet messages are stored on central computers, and users must connect to these computers to read or download the messages posted to these groups. This is distinct from e-mail distribution, in which messages arrive in the electronic mailboxes of each list member.
Usenet itself is a set of machines that exchanges messages, or articles, from Usenet discussion forums, called newsgroups. Usenet administrators control their own sites, and decide which (if any) newsgroups to sponsor and which remote newsgroups to allow into the system.
There are thousands of Usenet newsgroups in existence. While many are academic in nature, numerous newsgroups are organized around recreational topics. Much serious computer-related work takes place in Usenet discussions. A small number of e-mail discussion groups also exist as Usenet newsgroups.
The Usenet newsfeed can be read by a variety of newsreader software programs. For example, the Netscape suite comes with a newsreader program called Messenger. Newsreaders are also available as standalone products.
FAQ, RFC, FYI
FAQ stands for Frequently Asked Questions. These are periodic postings to Usenet newsgroups that contain a wealth of information related to the topic of the newsgroup. Many FAQs are quite extensive. FAQs are available by subscribing to individual Usenet newsgroups. A Web-based collection of FAQ resources has been collected by The Internet FAQ Consortium and is available at /http://www.faqs.org/.
RFC stands for Request for Comments. These are documents created by and distributed to the Internet community to help define the nuts and bolts of the Internet. They contain both technical specifications and general information.
FYI stands for For Your Information. These notes are a subset of RFCs and contain information of interest to new Internet users.
Links to indexes of all three of these information resources are available on the University Libraries Web site at /http://library.albany.edu/reference/faqs.html.
CHAT & INSTANT MESSENGING
Chat programs allow users on the Internet to communicate with each other by typing in real time. They are sometimes included as a feature of a Web site, where users can log into the "chat room" to exchange comments and information about the topics addressed on the site. Chat may take other, more wide-ranging forms. For example, America Online is well known for sponsoring a number of topical chat rooms.
Internet Relay Chat (IRC) is a service through which participants can communicate to each other on hundreds of channels. These channels are usually based on specific topics. While many topics are frivolous, substantive conversations are also taking place. To access IRC, you must use an IRC software program.
A variation of chat is the phenomenon of instant messenging. With instant messenging, a user on the Web can contact another user currently logged in and type a conversation. Most famous is America Online's Instant Messenger. ICQ, MSN and Yahoo are other commonly-used chat programs.
MUD/MUSH/MOO/MUCK/DUM/MUSE
MUD stands for Multi User Dimension. MUDs, and their variations listed above, are multi-user virtual reality games based on simulated worlds. Traditionally text based, graphical MUDs now exist. There are MUDs of all kinds on the Internet, and many can be joined free of charge.
Friday, July 17, 2009
Friday, July 10, 2009
Make a slide show of your photos with music.
Everybody knows how big is a wish to share impressions with family and friends after a journey. There’s not much to do – select the folder with photos, press “Start” and enjoy the moments passed (Hey! Don’t forget to insert an ethnic music CD. I recommend).
I doubt whether our software is the first one created for such purposes, BUT no doubt it is the easiest. Of course, if you like to investigate the toolbar you can look at Adobe Photo Elements or Picasa, but if you want to see the photos accompanied by music – try PhotoMusic.
* Step 1: Select the folder with photos. Press Start - and see the professional SlideShow on your HDTV panel at high resolution.
* Step 2: If you are interested not only in photos but music also, select the folder with mp3 files or insert Audio CD.
* Step 3: Hard-to-please customers can manage settings, save and load created projects.
By the way if you want to give photos to your friends, just burn PhotoMusic on CD together with the photos and the software will automatically display images from the folder.
courtesy: http://www.coolutils.com/PhotoMusic
I doubt whether our software is the first one created for such purposes, BUT no doubt it is the easiest. Of course, if you like to investigate the toolbar you can look at Adobe Photo Elements or Picasa, but if you want to see the photos accompanied by music – try PhotoMusic.
* Step 1: Select the folder with photos. Press Start - and see the professional SlideShow on your HDTV panel at high resolution.
* Step 2: If you are interested not only in photos but music also, select the folder with mp3 files or insert Audio CD.
* Step 3: Hard-to-please customers can manage settings, save and load created projects.
By the way if you want to give photos to your friends, just burn PhotoMusic on CD together with the photos and the software will automatically display images from the folder.
courtesy: http://www.coolutils.com/PhotoMusic
The Case for Idealism...an Ode to Idealists!
Case Study: Three young idealists, who blew away their competition: Gandhi, Obama And Walt Disney
I often wonder about the difference between great idealism, great ambition, and great stupidity. It is a fine line indeed. Idealism has always been scoffed at. But where would we be without it?? Failed idealism is often termed as stupidity. But is it really??
I like the quote "Aim for the moon; if you miss it, you will still land among the stars." It is only when you aim high that you can soar high.
George Bernard Shaw once famously said, "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
And indeed so. Its very easy to forget that the people who have been the greatest visionaries were also termed as idiots and idealists. While everyone now might laugh at the thought, Americans have been quick to forget that the president they now adore would not have been but for a healthy dose of idealism on his part. Barack Obama for all given purposes had no business even thinking he would be President. He was of mixed parentage, with a white mother and African (different from African American) father; grew up in Hawaii (a state that has produced zero presidents before this one) with no proper religious background; had a muslim middle name sandwiched between strong Kenyan names; had a Harvard degree, no military service, very little public service, and was of modest means. Add onto that, that he was running against a Clinton. Yet he ran, and he won. And hopefully, he will be the change we all want to see among leaders of our world.
Speaking of "be the change," think of Gandhi, a softspoken, slight Indian man who thought that he could take down the mighty British empire, with a grand total of, well, no weapons. Even fist fights weren't allowed!! If he had told you in the early 1900's that the non-violence movement would not only encompass India and topple the British empire, but bring civil rights to African Americans in the US, reverse apartheid in one of the most racist regimes in the world - South Africa, bring the Chinese military to its knees in Tianenman Square, and become the mainstay of EVERY modern demonstration in the world, you would have laughed!! Many did; yet all those things happened and the movement still endures.
A few days ago, I found myself in another mecca of idealism - Disneyland. Riding some of the rides I had loved as a kid, I was struck by how timeless they were. Disney was SO ahead of his time. To think that much of Disneyland and Disney World's layouts have scarcely changed since they were built, inspite of the massive changes in technology in the recent past; that the most popular rides then still endure, and they continue to "make dreams come true" everyday is mindboggling. I'm sure if Disney had told you in the 30's that people would pay an-arm-and-a-leg to watch talking robot animals in the 21st century, we would have laughed. Yet here we are, years later doing exactly that.
Probably the biggest and powerful idealists are parents and teachers - moms, especially.
I think we need more idealism. Balanced with pragmatism, an unrelenting idealist with clear vision is capable of great change. Rather than laughing at them, maybe we should support them with our pragmatism. That while they soar high, we can be the tails on their kites to guide them, while also enjoying the ride.
Here's to the idealists amongst us!!
Courtesy: http://tworque.blogspot.com/
I often wonder about the difference between great idealism, great ambition, and great stupidity. It is a fine line indeed. Idealism has always been scoffed at. But where would we be without it?? Failed idealism is often termed as stupidity. But is it really??
I like the quote "Aim for the moon; if you miss it, you will still land among the stars." It is only when you aim high that you can soar high.
George Bernard Shaw once famously said, "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
And indeed so. Its very easy to forget that the people who have been the greatest visionaries were also termed as idiots and idealists. While everyone now might laugh at the thought, Americans have been quick to forget that the president they now adore would not have been but for a healthy dose of idealism on his part. Barack Obama for all given purposes had no business even thinking he would be President. He was of mixed parentage, with a white mother and African (different from African American) father; grew up in Hawaii (a state that has produced zero presidents before this one) with no proper religious background; had a muslim middle name sandwiched between strong Kenyan names; had a Harvard degree, no military service, very little public service, and was of modest means. Add onto that, that he was running against a Clinton. Yet he ran, and he won. And hopefully, he will be the change we all want to see among leaders of our world.
Speaking of "be the change," think of Gandhi, a softspoken, slight Indian man who thought that he could take down the mighty British empire, with a grand total of, well, no weapons. Even fist fights weren't allowed!! If he had told you in the early 1900's that the non-violence movement would not only encompass India and topple the British empire, but bring civil rights to African Americans in the US, reverse apartheid in one of the most racist regimes in the world - South Africa, bring the Chinese military to its knees in Tianenman Square, and become the mainstay of EVERY modern demonstration in the world, you would have laughed!! Many did; yet all those things happened and the movement still endures.
A few days ago, I found myself in another mecca of idealism - Disneyland. Riding some of the rides I had loved as a kid, I was struck by how timeless they were. Disney was SO ahead of his time. To think that much of Disneyland and Disney World's layouts have scarcely changed since they were built, inspite of the massive changes in technology in the recent past; that the most popular rides then still endure, and they continue to "make dreams come true" everyday is mindboggling. I'm sure if Disney had told you in the 30's that people would pay an-arm-and-a-leg to watch talking robot animals in the 21st century, we would have laughed. Yet here we are, years later doing exactly that.
Probably the biggest and powerful idealists are parents and teachers - moms, especially.
I think we need more idealism. Balanced with pragmatism, an unrelenting idealist with clear vision is capable of great change. Rather than laughing at them, maybe we should support them with our pragmatism. That while they soar high, we can be the tails on their kites to guide them, while also enjoying the ride.
Here's to the idealists amongst us!!
Courtesy: http://tworque.blogspot.com/
Tuesday, July 7, 2009
How do I remove the Microsoft "Windows Genuine Advantage Notifications" ?
RemoveWGA is a small utility that enables you to remove the Microsoft Windows Genuine Advantage Notifications tool.
RemoveWGA will enable you to easily remove the Microsoft "Windows Genuine Advantage Notifications" tool, which is calling home and connect to MS servers every time you boot. Futures updates of this notification tool will (officialy) setup the connection rate to once every two weeks.
Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot.
Moreover, connecting to Microsoft brings security issue for corporate networks, and privacy issues for everyone. It is also unclear which information are transmitted (Microsoft published an official answer, but an individual study brought some questions).
All of that, along the fact that Microsoft used deceptive ways to make you install this tool (it was told you it was an urgent security update, whereas it is a new installation giving you no extra security) makes me calling this tool a spyware.
Also, Windows Genuine Advantage Notifications is different than Windows Genuine Advantage Validation. RemoveWGA only removes the notification part, phoning home, and does not touch the Validation part.
Here are some key features of "RemoveWGA":
· Tell you if the WGA notification tool is active on your system
· Allows you to remove the WGA notification tool from your system
· Accept the "-silent" command line parameter to silently check if the WGA notification tool is active on your system, and popup only if it is found (usefull for checking automatically at startup for instance)
Note: Some antivirus and antispyware programs flag RemoveWGA as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. This is called a 'false positive'. The term false positive is used when antivirus software wrongly classifies an innocuous ( inoffensive ) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. [Similar problems can occur with antitrojan or antispyware software.]
What's New in This Release:
· Added more error checks (files existing, processes can be read, etc...)
· Added more files to be deleted : WGANotify.settings, WgaNotify.log
· Set all files to be deleted at next reboot instead of just the system32 ones (Wgalogon and WgaTray)
download link: http://www.softpedia.com/get/Tweak/Uninstallers/RemoveWGA.shtml
RemoveWGA will enable you to easily remove the Microsoft "Windows Genuine Advantage Notifications" tool, which is calling home and connect to MS servers every time you boot. Futures updates of this notification tool will (officialy) setup the connection rate to once every two weeks.
Once the WGA Notification tool has checked your OS and has confirmed you had a legit copy, there is no decent point or reason to check it again and again every boot.
Moreover, connecting to Microsoft brings security issue for corporate networks, and privacy issues for everyone. It is also unclear which information are transmitted (Microsoft published an official answer, but an individual study brought some questions).
All of that, along the fact that Microsoft used deceptive ways to make you install this tool (it was told you it was an urgent security update, whereas it is a new installation giving you no extra security) makes me calling this tool a spyware.
Also, Windows Genuine Advantage Notifications is different than Windows Genuine Advantage Validation. RemoveWGA only removes the notification part, phoning home, and does not touch the Validation part.
Here are some key features of "RemoveWGA":
· Tell you if the WGA notification tool is active on your system
· Allows you to remove the WGA notification tool from your system
· Accept the "-silent" command line parameter to silently check if the WGA notification tool is active on your system, and popup only if it is found (usefull for checking automatically at startup for instance)
Note: Some antivirus and antispyware programs flag RemoveWGA as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. This is called a 'false positive'. The term false positive is used when antivirus software wrongly classifies an innocuous ( inoffensive ) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. [Similar problems can occur with antitrojan or antispyware software.]
What's New in This Release:
· Added more error checks (files existing, processes can be read, etc...)
· Added more files to be deleted : WGANotify.settings, WgaNotify.log
· Set all files to be deleted at next reboot instead of just the system32 ones (Wgalogon and WgaTray)
download link: http://www.softpedia.com/get/Tweak/Uninstallers/RemoveWGA.shtml
Thursday, July 2, 2009
10 essential e-mail security measures by Chad Perrin
There’s a lot of information out there about securing your e-mail. Much of it is advanced and doesn’t apply to the typical end user. Configuring spam filters such as SpamAssassin, setting up encrypted authentication on mail servers, and e-mail gateway virus scanner management are not basic end-user tasks.
When one can find end-user e-mail security tips, they’re usually specific to a single mail client or mail user agent, such as Microsoft Outlook, Mozilla Thunderbird, or Mutt. This sort of information is of critical importance to many users of these applications, but there are few sources of more general security information for e-mail users that aren’t specific to a given client application.
The following is a list of some important security tips that apply to all e-mail users - not just users of a specific application. The first five are listed in the order one should employ them, from the first priority to the last. This priority is affected not only by how important a given tip is, but also by how easy it is to employ. The easier something is to do, the more likely one is to actually do it and move on to the next tip. The last five pointers are best practices that will help prevent users from making careless mistakes.
Note: This article is based on the IT Security blog posts Basic e-mail security tips and More e-mail security tips by Chad Perrin. It’s also available as a PDF download.
#1: Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought.
At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML - or “Original HTML,” as some clients label the option. Even better is to configure it to render only plain text. When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead.
#2: If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail.
This means avoiding the use of Web-based e-mail services, such as Gmail, Hotmail, and Yahoo! Mail for e-mail you want to keep private for any reason. Even if your Webmail service provider’s policies seem sufficiently privacy-oriented to you, that doesn’t mean that employees won’t occasionally break the rules. Some providers are accused of selling e-mail addresses to spamming “partners.” Even supposedly security-oriented Webmail services, such as Hushmail, can often be less than diligent in providing security to their users’ e-mail.
#3: Ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not.
The reason for this is simple: You do not want some malicious security cracker listening in on your authentication session with the mail server. Someone who does this can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers). Check with your ISP’s policies to determine whether authentication is encrypted and even how it is encrypted (so you might be able to determine how trivial it is to crack the encryption scheme used).
#4: Digitally sign your e-mails.
As long as you observe good security practices with e-mail in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of e-mail-but it is still a possibility. But if you use an encryption tool, such as PGP or GnuPG, to digitally sign your e-mails, recipients who have your public key will be able to determine that nobody could have sent the e-mail in question without having access to your private key-and you should definitely have a private key that is well protected.
#5: Avoid unsecured networks.
If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.
Be aware of both your virtual and physical surroundings when communicating via e-mail. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.
Your e-mail security does not just affect you; it affects others, as well, if your e-mail account is compromised. Even if the e-mail account itself is not compromised, your computer may be if you do not take reasonable care with how you deal with e-mails - and that, in turn, can lead to affecting both you and others adversely as well.
#6: Turn off automated addressing features.
As communication software accumulates more and more automated convenience features, we’ll see more and more cases of accidentally selecting the wrong recipients. A prime example is Microsoft Outlook’s “dreaded auto-fill feature,” where it is all too easy to accidentally select a recipient adjacent to your intended recipient in the drop-down list. This can be particularly problematic when discussing private matters such as business secrets.
#7: Use BCC when sending to multiple recipients.
It’s a bad idea, from a security perspective, to share e-mail addresses with people who have no need for them. It is also rude to share someone’s e-mail address with strangers without permission. Every time you send out an e-mail to multiple recipients with all the recipients’ names in the To: or CC: fields, you’re sharing all those e-mail addresses with all the recipients. E-mail addresses that are not explicitly meant to be shared with the entire world should, in e-mails addressed to multiple recipients, be specified in the BCC: field - because each person will then be able to see that he or she is a recipient, but will not be able to see the e-mail addresses of anyone else in the BCC: field.
#8: Save e-mails only in a safe place.
No amount of encryption for sent e-mails will protect your privacy effectively if, after receiving and decrypting an e-mail, you store it in plain text on a machine to which other people have access. Sarah Palin found out the hard way that Webmail providers don’t do as good a job of ensuring stored e-mail privacy as we might like. Many users’ personal computers are not exactly set up with security in mind, either, as in the case of someone whose Windows home directory is set up as a CIFS share with a weak password.
#9: Only use private accounts for private e-mails.
Any e-mail you share with the world is likely to get targeted by spammers - both for purposes of sending mail to it and spoofing that e-mail address in the From: field of the e-mail headers. The more spammers and phishers who spoof your e-mail address that way, the more likely your e-mail address is to end up on spam blocker blacklists used by ISPs and lazy mail server sysadmins — and the more likely you are to have problems with your e-mails not getting to their intended recipients.
#10: Double-check the recipient, every time - especially on mailing lists.
Accidentally replying directly to someone who sent an e-mail to a mailing list, when you meant to reply to the list, isn’t a huge security issue. It can be kind of inconvenient, though, especially when you might never notice your e-mail didn’t actually get to the mailing list. The converse, however, can be a real problem: if you accidentally send something to the list that was intended strictly for a specific individual, you may end up publicly saying something embarrassing or, worse, accidentally divulging secrets to hundreds of people you don’t even know.
Courtesy: TechRepublic.com
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.
When one can find end-user e-mail security tips, they’re usually specific to a single mail client or mail user agent, such as Microsoft Outlook, Mozilla Thunderbird, or Mutt. This sort of information is of critical importance to many users of these applications, but there are few sources of more general security information for e-mail users that aren’t specific to a given client application.
The following is a list of some important security tips that apply to all e-mail users - not just users of a specific application. The first five are listed in the order one should employ them, from the first priority to the last. This priority is affected not only by how important a given tip is, but also by how easy it is to employ. The easier something is to do, the more likely one is to actually do it and move on to the next tip. The last five pointers are best practices that will help prevent users from making careless mistakes.
Note: This article is based on the IT Security blog posts Basic e-mail security tips and More e-mail security tips by Chad Perrin. It’s also available as a PDF download.
#1: Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought.
At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML - or “Original HTML,” as some clients label the option. Even better is to configure it to render only plain text. When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead.
#2: If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail.
This means avoiding the use of Web-based e-mail services, such as Gmail, Hotmail, and Yahoo! Mail for e-mail you want to keep private for any reason. Even if your Webmail service provider’s policies seem sufficiently privacy-oriented to you, that doesn’t mean that employees won’t occasionally break the rules. Some providers are accused of selling e-mail addresses to spamming “partners.” Even supposedly security-oriented Webmail services, such as Hushmail, can often be less than diligent in providing security to their users’ e-mail.
#3: Ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not.
The reason for this is simple: You do not want some malicious security cracker listening in on your authentication session with the mail server. Someone who does this can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers). Check with your ISP’s policies to determine whether authentication is encrypted and even how it is encrypted (so you might be able to determine how trivial it is to crack the encryption scheme used).
#4: Digitally sign your e-mails.
As long as you observe good security practices with e-mail in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of e-mail-but it is still a possibility. But if you use an encryption tool, such as PGP or GnuPG, to digitally sign your e-mails, recipients who have your public key will be able to determine that nobody could have sent the e-mail in question without having access to your private key-and you should definitely have a private key that is well protected.
#5: Avoid unsecured networks.
If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.
Be aware of both your virtual and physical surroundings when communicating via e-mail. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.
Your e-mail security does not just affect you; it affects others, as well, if your e-mail account is compromised. Even if the e-mail account itself is not compromised, your computer may be if you do not take reasonable care with how you deal with e-mails - and that, in turn, can lead to affecting both you and others adversely as well.
#6: Turn off automated addressing features.
As communication software accumulates more and more automated convenience features, we’ll see more and more cases of accidentally selecting the wrong recipients. A prime example is Microsoft Outlook’s “dreaded auto-fill feature,” where it is all too easy to accidentally select a recipient adjacent to your intended recipient in the drop-down list. This can be particularly problematic when discussing private matters such as business secrets.
#7: Use BCC when sending to multiple recipients.
It’s a bad idea, from a security perspective, to share e-mail addresses with people who have no need for them. It is also rude to share someone’s e-mail address with strangers without permission. Every time you send out an e-mail to multiple recipients with all the recipients’ names in the To: or CC: fields, you’re sharing all those e-mail addresses with all the recipients. E-mail addresses that are not explicitly meant to be shared with the entire world should, in e-mails addressed to multiple recipients, be specified in the BCC: field - because each person will then be able to see that he or she is a recipient, but will not be able to see the e-mail addresses of anyone else in the BCC: field.
#8: Save e-mails only in a safe place.
No amount of encryption for sent e-mails will protect your privacy effectively if, after receiving and decrypting an e-mail, you store it in plain text on a machine to which other people have access. Sarah Palin found out the hard way that Webmail providers don’t do as good a job of ensuring stored e-mail privacy as we might like. Many users’ personal computers are not exactly set up with security in mind, either, as in the case of someone whose Windows home directory is set up as a CIFS share with a weak password.
#9: Only use private accounts for private e-mails.
Any e-mail you share with the world is likely to get targeted by spammers - both for purposes of sending mail to it and spoofing that e-mail address in the From: field of the e-mail headers. The more spammers and phishers who spoof your e-mail address that way, the more likely your e-mail address is to end up on spam blocker blacklists used by ISPs and lazy mail server sysadmins — and the more likely you are to have problems with your e-mails not getting to their intended recipients.
#10: Double-check the recipient, every time - especially on mailing lists.
Accidentally replying directly to someone who sent an e-mail to a mailing list, when you meant to reply to the list, isn’t a huge security issue. It can be kind of inconvenient, though, especially when you might never notice your e-mail didn’t actually get to the mailing list. The converse, however, can be a real problem: if you accidentally send something to the list that was intended strictly for a specific individual, you may end up publicly saying something embarrassing or, worse, accidentally divulging secrets to hundreds of people you don’t even know.
Courtesy: TechRepublic.com
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.
Subscribe to:
Posts (Atom)
