Has Your Address Been Spoofed?

Deb Shinder, Editor WinXPnews
“Are you getting e-mail messages from administrators of other mail domains, notifying you that the messages you sent were undeliverable? When you open these, do you find that you never sent a message to the supposed recipient? Sometimes these messages indicate that you have a virus sending e-mail from your account without your knowledge. Other times, though, the mail didn't come from your account at all - instead, somebody spoofed your e-mail address and used it as their return address.

Either way, it's more than just an anomaly or an annoyance. If your address is used to send spam, it may be reported to various "spam cop" organizations, resulting in your address - or even your entire domain - being added to various public blacklists of known spammers. And that means the legitimate e-mail you send won't get through to a lot of recipients. Not a good situation. You can read more about how e-mail spoofing is done in my article at http://www.winxpnews.com/rd/rd.cfm?id=050308ED-Spoofing.

What can you do about it? The federal CAN SPAM Act makes it illegal to send unsolicited commercial e-mail with false or misleading headers (return addresses). Unfortunately, you can't prosecute someone for this or any other crime unless you know who the perpetrator is.

Okay, what if your name ends up on a black list? Is there anything you can do about that? The answer is: sometimes. There are many different black lists, so the first challenge is to find out which list(s) are identifying you as a spammer. There is a list of some black lists at http://www.winxpnews.com/rd/rd.cfm?id=050308ED-Black_Lists. In some cases, you can write to those who maintain the lists and explain what happened and ask to have your address removed. Here is an article that contains info on how to get off of specific blacklists: http://www.winxpnews.com/rd/rd.cfm?id=050308S1-Off_Blacklists. Have you been blacklisted? If others are telling you that your e-mails don't reach them, it might be because you're on a blacklist. Many ISPs use blacklists to block spam at the server level.”

http://www.winxpnews.com/?id=166

Understanding E-mail Spoofing

Deb Shinder
“Spam and e-mail-laden viruses can take a lot of the fun and utility out of electronic communications, but at least you can trust e-mail that comes from people you know – except when you can’t. A favorite technique of spammers and other “bad guys” is to “spoof” their return e-mail addresses, making it look as if the mail came from someone else. In effect, this is a form of identity theft, as the sender pretends to be someone else in order to persuade the recipient to do something (from simply opening the message to sending money or revealing personal information). In this article, we look at how e-mail spoofing works and what can be done about it, examining such solutions as the Sender Policy Framework (SPF) and Microsoft’s Sender ID, which is based on it.

If you receive a snail mail letter, you look to the return address in the top left corner as an indicator of where it originated. However, the sender could write any name and address there; you have no assurance that the letter really is from that person and address. E-mail messages contain return addresses, too – but they can likewise be deliberately misleading, or “spoofed.” Senders do this for various reasons, including:

• The e-mail is spam and the sender doesn’t want to be subjected to anti-spam laws
• The e-mail constitutes a violation of some other law (for example, it is threatening or harassing)
• The e-mail contains a virus or Trojan and the sender believes you are more likely to open it if it appears to be from someone you know
• The e-mail requests information that you might be willing to give to the person the sender is pretending to be (for example, a sender might pose as your company’s system administrator and ask for your network password), as part of a “social engineering” attack
• The sender is attempting to cause trouble for someone by pretending to be that person (for example, to make it look as though a political rival or personal enemy said something he/she didn’t in an e-mail message)

Note:
“Phishing” – the practice of attempting to obtain users’ credit card or online banking information, often incorporates e-mail spoofing. For example, a “phisher” may send e-mail that looks as if it comes from the bank’s or credit card’s administrative department, asking the user to log onto a Web page (which purports to be the bank’s or credit card company’s site but really is set up by the “phisher”) and enter passwords, account numbers, and other personal information.

Whatever the motivation, the objective of spoofed mail is to hide the real identity of the sender. This can be done because the Simple Mail Transfer Protocol (SMTP) does not require authentication (unlike some other, more secure protocols). A sender can use a fictitious return address or a valid address that belongs to someone else.

Receiving mail from spoofed addresses ranges from annoying to dangerous (if you’re taken in by a “phisher”). Having your own address spoofed can be even worse. If a spammer uses your address as the return address, you may suddenly find yourself inundated with angry complaints from recipients or even have your address added to “spammer” lists that results in your mail being banned from many servers.…”

http://www.windowsecurity.com/articles/Email-Spoofing.html

Finding Free Content in the Creative Commons

By Chris Sherman, Associate Editor Searchday
“Looking for photos, music, text, books and other content that's free to share or modify for your own purposes? The Creative Commons search engine can help you find tons of (legally) free stuff on the web.

The Creative Commons was founded in 2001 to introduce a new form of copyright that's less restrictive than the "all rights reserved" approach generally in practice today. The goal was to restore "balance, compromise, and moderation—once the driving forces of a copyright system that valued innovation and protection equally."

By using a Creative Commons license, content creators adopt a "some rights reserved" form of copyright that encourages sharing and modifying content by others.

Today, the Creative Commons organization estimates that more than 5 million web sites link to its license. That's a lot of content, most of which is available for free or nominal charge.

The Creative Commons search engine (powered by Nutch, which we've previously covered) makes it easy to find this content. You can search for Creative Commons audio, images, text, video, and other formats that are free to share online.

You can also limit your search to works that you are free to modify, adapt, or build upon, or even use for commercial purposes.…”

http://searchenginewatch.com/searchday/article.php/3487206

4 steps to take if you've responded to a phishing scam

“What to do if you've responded to a phishing scam

You can do your best to prevent having your identity stolen by a phishing scam, but no method or system can guarantee total safety and security.

If you suspect that you've already responded to a phishing scam with personal or financial information or entered this information into a fake Web site, there may be ways you can minimize any damage.”

http://www.microsoft.com/athome/security/email/phishingrespond.mspx

5 don'ts and 3 do's for handling spam e-mail

“Despite your best efforts, you no doubt have received e-mail and instant messages you didn't ask for. Here's what you can do about all that junk.…

Beware of fake e-mail

Thieves use a method known as phishing to send e-mail or instant message spam that meticulously imitates messages from reputable, well-known companies, including Microsoft and others. The forged message capitalizes on your trust of the respected brand by enticing you to click a link on a Web page or in a pop-up window. Clicking it could download a virus or lead you to reveal confidential information such as account and Social Security numbers. Get more details from our video on phishing. ”

http://www.microsoft.com/athome/security/email/options.mspx

Using Microsoft Windows AntiSpyware (Beta)

“Microsoft Windows AntiSpyware (Beta) is a new security technology that helps to protect your computer from spyware and other unwanted software. You can manually scan your computer for spyware or schedule the program to perform a scan automatically on a regular basis at any time.

How to install and set up Windows AntiSpyware (Beta)
How to scan your computer for spyware
How to help remove spyware from your computer
How to set up a scheduled spyware scan
Understanding real-time protection”


http://www.microsoft.com/athome/security/spyware/software/howto/default.mspx

Microsoft Patches Windows 98, ME Flaws

By Ryan Naraine
“Microsoft Corp. on Tuesday updated two previously released bulletins to add critical security fixes for customers running Windows 98, 98SE and ME.

Patches for Windows 98 and ME are a "bonus" because of the critical nature of the vulnerabilities being addressed, a Microsoft spokeswoman said. "Those products are out of lifecycle, but we made a commitment to provide critical updates, and that's what you're seeing."

She said priority was given to rolling out patches for supported products. "After further testing on the out-of-lifecycle platforms, we updated the advisories." The patches cover two remote code execution vulnerabilities.

First, MS05-002, fixes a hole in the cursor and icon format handling feature that could open the door for an attacker to take complete control of an affected system.

Microsoft also added patches to MS05-015 to protect users against a remote code execution vulnerability in the Hyperlink Object Library.”

http://www.eweek.com/article2/0,1759,1774106,00.asp?kc=ewnws030905dtx1k0000599

Shooting Web video: How to put your readers at the scene

By Regina McCombs

Freelance writers, bloggers and independent journalists yearning to use video on the Internet, grab your PDAs. Use these tips to help you begin shooting and editing your own Web video stories.

“As anyone who’s ever watched a great documentary knows, stories told in video can be amazingly powerful. And as anyone who has sat through home movies knows, they can be mind-numbingly boring as well. If you’re a freelance writer, a blogger or an independent journalist with a story to tell in video, there are steps you can take to make sure your story tilts more toward the powerful than the sleep-inducing. (See Sonya Doctorian's video essays for RockyMountainNews.com.)

The story

First, it’s about content. One of the great things about the Web is that there are so many tools at our fingertips. We can use text, animated graphics, photos, audio or video to tell a story. But that means we need to be thoughtful about which we choose. Video is experiential, immersive, emotional – it puts you at the scene, gives flavor and personality, and of course, shows motion.

Video isn’t cheap in terms of time or equipment. Shooting, editing and posting video all demand more effort and gear than text. So first you need to decide why you want to tell a video story, and then you can gather what you will need to get video on the Web.

If you’re just interested in posting video from your Webcam, this article is not for you. Check out audioblog.com or Vlog it! from seriousmagic.com. Here, we’re going to talk about taking your camera out into the world and shooting video.

A common storytelling exercise is to state your story in one sentence, using an active verb. Who is doing what? “Neighborhood garbage burner” is not a story. On the other hand, “Neighbors hate the smelly garbage burner” has real potential.

Refining your story into a sentence helps focus your idea and keeps you from shooting everything that might have only a tangential relationship to the main idea. If it’s your first time out, start small. Really small. Simple, interesting stories deserve to be told, and they won’t make you insane while you deal with the steep video learning curve.

Cameras should be DV with firewire. If not, you’ll need additional hardware to capture video to your computer. There are plenty of good microphones available for under $100. A tripod is important because keeping shots steady is critical for Web encoded video. Every change in pixels makes the encoder work harder and makes your picture fuzzier.

A list of audio and video equipment options at several price points is available here on Visual Edge's site.…”

http://www.jr.org/ojr/stories/050303mccombs/