What is a SSL Certificate?

SSL stands for Secure Socket Layer.  Pages using a SSL certificate typically start out with a https in the URL as opposed to a http.  A  SSL certificate encrypts data as it travels from computer browsers to website servers. However it does nothing to protect the emails that are then sent out from the website server.

Why it’s not safe to email credit card information

As emails travel through the Internet to their destination they’re passed through different servers. Hackers could intercept the email at any point along the email’s journey.  (Earlier in the week I posted a video about how email works. )  So despite the fact that my new customer was trying to safely collect credit card information, it wasn’t a good way to go about it.

So what are the safe ways to collect credit card information online?

One  way to transact business online is to use a merchant gateway.  (Authorize.net is a popular one. PayPal is another.)  Systems like Zen Cart and 1ShoppingCart.com help website owners to tie merchant gateways together with shopping cart software.  PayPal even has its own shopping cart system that’s great for business that sell services or just a small number of products.

What happened?

My new customer was just as concerned about this website vulnerability as I was.  We redesigned the website form.  Website visitors now either pay by check or phone in their credit card information.  Problem solved!

What can you do to keep your website safe?

1. If you use any third party software on your website be sure to keep it updated.  These updates usually include the latest security fixes.
2. Make sure your password is adequate.  It should contain letters as well was numbers.  If the system will allow it things like an ampersand or a dollar sign are great additions.
3. Have your website developer make sure that your email forms are safe.  Putting in an email form is very easy.  It takes more time to make sure that its safe but it’s well worth the time.
4. Make backups of your site and your database just in case the worst happens.

I quickly found an excellent provider – Yahoo Groups.   Go to the Yahoo Groups page and look for the “Start Your Group” link.  Follow the instructions.  Once you’ve created the group you’re given the options to “Customize Your Group”.  Click on that to set some important safety feature for your family group.

1. Make the group unlisted.  This means that it won’t be displayed anywhere.
2. Specify that people can only join with your approval.  This is ideal for a family website.

That’s it.  With those two changes you’ve made a safe environment for a family site.  The only way people will get into the group is through your invitation.

There are some very nice features too.  In addition to chatting with one another, people can create polls, post photos and and a database of family addresses.   And the price is pretty good too.  It’s totally free.  Yahoo makes its money by placing ads on the site and in the group emails.  I think that’s a small price to pay for a great service.

I’m using a product from Witopia.net.  The price is reasonable and it seems to work.  The only problem is that installation is not for the faint of heart.  It took hours to install and I now now more about network connectivity than I ever wanted to know.

I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked snopes.com, this afternoon ( 04-05-08) and it is for real!! Get this E-mail message sent around to your contacts ASAP.

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!

You should be alert during the next few days. Do not open any message with an attachment entitled ‘POSTCARD,’ regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called’ POSTCARD,’ even though sent to you by a friend, do not open it. This includes all cards, too. Shut down your computer immediately.

This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. his virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.

http://www.snopes.com/computer/virus/postcard.asp

I’ve written about Snopes before. The site checks out urban legends and emails like the above. It let’s us know what’s true and what’s not. Since the above links to a page on Snopes it has to be real doesn’t it?

Not so much.

If you read the page at Snopes you’ll see that the above actually deals with two virus reports. One of them is real and one isn’t.

Last year a virus really was being spread by the use of fake postcard emails. The virus spread some really icky malware that could turn your computer into a zombie computer.

The fake part of the “postcard virus” email takes the very real virus threat and combines it with wording from a hoax virus – the infamous invitation/Olympic torch virus. Does this seem familiar?

WARNING

You should be alert during the next days: Do not open any message with an attached filed called “Invitation” regardless of who sent it. It is a virus that opens an Olympic Torch which “burns” the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it. If you receive a mail called “invitation”, though sent by a friend, do not open it and shut down your computer immediately.

This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

SEND THIS E-MAIL TO EVERYONE YOU KNOW, COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS AND REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US

I think the lesson here is to get some good virus/malware protection software, be careful of links in emails and read the fine print at Snopes.

The antivirus program was malware, software designed to be utilized without the computer owner’s informed consent. Was this program a valid antivirus program? Who knows? That fact that it was delivered via a scam makes the product malware and the people who made the software are hackers.

The scam has a new element that makes it noteworthy. The hackers made up advertising that contained a hidden program that displayed the warning messages. (The advertising was for another product entirely.) Then the hackers went to legitimate ad agencies and paid to have their malware-carrying ad displayed on legitimate websites.

What’s being done about it? Internet ad agencies are putting in safeguards. Sean Harvey, senior product manager at DoubleClick DART states, “This is an industry-wide challenge. Unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware. This has the potential to affect all businesses and consumers in the online environment.”

More Information:

• Hackers Use Banner Ads on Major Sites to Hijack Your PC
  
• Rogue Anti-Virus Slimeballs Hide Malware in Ads

One of my clients sent me a great example today. The email looked like it was from GoDaddy but it was one of the best fakes I’ve seen. If you examined the source code for the email you could see that the “clickable” link wasn’t really going to GoDaddy. That was the only thing that gave it away.

The best thing to do if you get one of these emails is to log into your account by going to the company’s website.  That way you can verify your information without using the links in the email.  You should also feel free to call the company in question and ask them about the veracity of the email.

When in doubt – don’t click that link!