TWT Newsletter, Issue #39 – What is Social Engineering? Digital download service launched and more.
Hello again from Top Windows Tutorials HQ. It is the 10th of August and that means it is time for the latest TWT Newsletter to pop into your inbox. This month we look at social engineering attacks, round up the highlights from the recent Black Hat security conference and bring you details of our new digital download service. Not forgetting our regular tip of the month and free utility of the month items too.
Important! A number of our subscribers have had difficulty receiving our newsletter. At Top-Windows-Tutorials.com we never send out unsolicited e-mails. To make sure your TWT newsletter reaches your inbox, please add TWT_Newsletter@top-windows-tutorials.com to your contacts, buddy list or white list.
In this months issue:-
1) What’s new at Top-Windows-Tutorials.com?
2) A super sale and two new ways to get your Windows 7 Superguide
3) Social engineering attacks on the increase
4) Tip of the Month – Left handed? Change your mouse to suit!
5) Free Utility of the Month – Daemon Tools Lite
6) Black Hat security conference reveals more privacy and security problems
What’s new at Top-Windows-Tutorials.com?
We kicked off July’s content with two tutorials for RocketDock, a popular desktop enhancement that makes it easy to launch your favourite programs. Check it out by viewing our tutorials here.
Rounding off our look at how to reinstall Windows, we looked at how to perform a startup repair on Windows 7 machines. If you have a Windows 7 PC that just won’t start, you can find out how to perform a startup repair by using this tutorial.
Burning CD images got a whole lot easier in Windows 7. No longer do you need third party software in order to record CD image files you download, you can simply use Windows Explorer. See our handy tutorial here.
Have you ever accidentally deleted a file and then emptied the Recycle Bin before you realised? NTFS Undelete maybe just the tool you need to recover that deleted file. Find out more about this tool by using this link.
We also setup a new digital download service for our Windows 7 Superguide, you can read more about that in the next section.
. A super sale and two new ways to get your Windows 7 Superguide
Our Windows 7 Superguide DVD’s have proved popular with readers all over the globe. However, our main distributor only ships to a limited number of destinations worldwide. If you are reading this newsletter in Barbados or India for example, then up until now you would not be able to purchase our DVD.
To help with this problem, we introduced not one but two new services for our readers. Firstly, we signed up digital publishing service Lulu as an alternative manufacturer and distributor. Lulu ship to virtually every corner of the globe, to order a Windows 7 Superguide from them, use this link.
If you have a fast internet connection, you may be interested to hear about our new digital download service. You can now download the Windows 7 (and soon the Openoffice.org Writer and Offline Archive) Superguide digitally, thus negating expensive shipping fees altogether! Both the digital download and DVD versions of our Superguides contain the same great content and are DRM free. You can use either Paypal or Google Checkout to purchase the digital download version, see this page for more information.
Super sale now on!
To celebrate the launch of our new digital download services we’re offering all our readers the chance to grab our superguide products at a discounted rate. You can save $5 on all our DVD’s and digital downloads from now until the 1st of September, grab yourself a bargain today!
Social engineering attacks on the increase
This years Black Hat security conference, that you can read about later in the newsletter, was the first to feature a social engineering challenge. Social engineering has long been recognised as an attack vector for criminals, but what exactly is social engineering? In a security context, it means manipulating or tricking people into giving away confidential information. It can also include deceiving someone into allowing access to their computer system, either at home or at work.
When most people think of computer hackers, their mind turns to a picture of a darkened room with an individual hunched over a keyboard, fingers frantically trying to outwit the corporate firewall they are hacking. Of course, the reality is somewhat removed from this Hollywood fantasy. Increasingly, criminal gangs are turning towards social engineering as a means to break into peoples computers. Just this month, I personally received an interesting phone call from an individual claiming to be a Microsoft support representative who had received error reports from my computer. Offering to fix these problems for me, the operator quickly hung up the phone when I asked “This is an interesting scam, how does it work then?”. We advise all our readers to be on their guard if they receive a call claiming to be from Microsoft technical support or any other technical support company. Microsoft will never telephone customers out of the blue like this, since they do not collect phone numbers from customers.
Scams like this highlight the problem of keeping customer details private. We’ve no idea how this bogus company obtained our details, but with companies increasingly cutting costs and corners by setting up call centres overseas, where cheaper labour is more common, its highly likely that selling information is simply too tempting an opportunity to miss for workers looking to top up their income.
Of course, telephone calls are not the only means of setting up a social engineering attack. Phishing e-mails are another common attack vector and one that is easy to exploit. With e-mails so easy to send, its possible to target millions of victims with a phishing scam in minutes and you only need one or two people to fall for it. Of course, social engineering can cover all forms of communication. Many instant messaging malware programs use social engineering to spread to other computers. After infecting a victims computer, the malware sends out tempting links to the victims friends, such as “hey, download this picture you look so funny” or “visit this site and play this game, its so cool!”. Of course, the links send the unsuspecting victim to malware, rather than anything interesting.
Social engineering attacks are often designed to exploit peoples feelings, insecurities or desires. Many of us will have received an e-mail claiming that we’ve been left a share of a large inheritance, or won some kind of international lottery. More devious still are the scams that target online singles profiles. Posing as a potential partner, they arrange a date and then claim they have no money, asking the unsuspecting love struck victim to loan them enough so that they can meet them for dinner or a movie. Social engineering also plays on peoples good nature, everyone wants to be helpful, so when someone phones and needs a vital piece of information and does not have time to wait for the correct channels, many people will help out simply because they do not want to appear rude or inconsiderate.
Social engineering attacks also have more of an impact than you might imagine. Sites like Twitter Phishr are deliberate phishing attempts set up to illustrate just how many people are less than careful with their passwords and other confidential information. Twitter Phishr continues to harvest twitter usernames and passwords despite being obviously a scam.
The best defence against social engineering is common sense and to always be on your guard. Learn to spot phishing e-mails, banks generally do not e-mail customers as e-mail is not a secure means of communication. Rather than follow a link in an e-mail to Paypal, Twitter or Facebook, simply enter the web address manually, thereby ensuring you get to the correct site. Although there are plenty of opportunist criminals out there aiming to steal your private information, staying ahead of them simply means using your common sense and being aware of the threats. Remember, using your PC sensibly is the best defence against most types of malware!
Tip of the Month – Left handed? Change your mouse to suit!
Are you left handed? Did you realise that you can reverse the mouse buttons in Windows to make use of the mouse more comfortable? Rather than struggling with a right handed mouse, move the mouse over to the left and reconfigure the buttons, you’ll soon be zipping around your computer much more quickly.
To see how to reconfigure your mouse, check out PC basics tutorial 5 by following this link. You can also change the double click speed and other mouse options by following this tutorial.
Free Utility of the Month – Daemon Tools Lite
This months utility is an interesting one for our more advanced readers, or for anyone that has ever downloaded a CD or DVD image from the internet.
Daemon tools is a special piece of software that acts like a virtual DVD drive. Using the programs system tray icon you can ‘mount’ a CD/DVD image (ISO image or most other kinds) and use it as if it was a real CD or DVD disc. This means you can explore and test the contents of a disc without having to use a real recordable CD or DVD first.
Great for testing and saving on consumable costs, Daemon tools is used and loved by many Windows users, check it out for yourself by visiting this link.
Black Hat security conference reveals more privacy and security problems
Long time readers may remember how we mentioned the Black Hat security conference in last August’s newsletter. The conference was held once again this year and once again highlighted some serious security problems in systems we take for granted. Most headline grabbing was Barnaby Jack, who demonstrated a working hack against an ATM (cash machine). Boldly claiming that there were few ATM’s he couldn’t break into, Barnaby certainly captured the imagination of the media.
Also headline grabbing was Chris Paget, who demonstrated his attack against cellular telephones. By spoofing a base station, he was able to intercept even encrypted phone calls. Do you use an Android phone? A vulnerability in the Android OS was also revealed at the event. For home computer users, the most significant attacks were against routers. By using clever techniques, hackers were able to access a routers configuration page from across the internet, thereby opening up a computer to all kinds of attacks. If you haven’t set a different password for your router, you should do it now. Follow the instructions that came with your router for more details.
If our summary of the events at Black Hat has you worried, then try to remember that the purpose of this conference was to make people aware of these problems so that they can be addressed. When security problems are known, they can be fixed or mitigated, which makes conferences like Black Hat useful in the fight against underground crime networks. Computers are programmed by humans and humans are fallible, just like driving a car or even walking to the store, everything has a risk, so we hope these security revelations haven’t put you off using the internet.
That rounds off our newsletter for July. As always, we’d like to send a huge thank you to all our readers for your support. The TWT Newsletter will return on the 10th September 2010 to bring you more tips, tricks and techniques to help you get the best out of your PC, be it Windows XP, Vista or Windows 7! We hope that you found this newsletter informative and useful. If you did not then please let us know why, you can contact us by visiting this page. If you have enjoyed this newsletter, feel free to pass it on to all your friends and family, or better still encourage them to sign up for their own copy. Until next month, keep checking Top-Windows-Tutorials.com and enjoy happy, safe and stress-free computing!