Archive for the 'Security' Category

OpenDNS and FamilyShield

Published July 12, 2010 Internet , Security Leave a Comment
Tags:

Following up on my previous post about using OpenDNS for home use…

OpenDNS has recently released their ‘FamilyShield’ service, which is essentially the same service as OpenDNS Basic – EXCEPT, you don’t have to sign up for an account or figure out all the dynamic IP address updating stuff I explained in my previous post.

Check it out here: http://www.opendns.com/familyshield

The main difference is the FamilyShield service blocks the same stuff for everyone, and there’s no white-listing or blacklisting capabilities. What this means is if OpenDNS blocks a site you think is legitimate, there’s no way to tell OpenDNS to unblock it.

The good news is, it’s easier to set up, as the only requirement is to set your DNS to 208.67.220.123 and 208.67.222.123 – the ‘.123’ part is unique to their FamilyShield service, and will block the same ‘bad stuff’ for anyone using these servers.

So it’s kind of ‘big brotherish’ in that you’re entrusting OpenDNS with whatever they deem to be inappropriate, but it’s a very simple way to put in a reasonable way to protect your kids online.

Again, nothing is foolproof, and nothing replaces a parent’s watchful eye.

Home Internet Safety and OpenDNS

Published June 16, 2010 Internet , Security Comments
Tags:

OpenDNS is a free service I highly recommend – both for business and for home use. This post is targeted more at home use, and more specifically parents of computer-using children in their homes.

One of the biggest fears for parents when letting their children access the Internet from home is the accessing of inappropriate information (text/pictures/video), whether that access is inadvertent or purposely sought out.

As a caveat here, no mechanism is 100% foolproof, and as your children become more savvy than you in the ways of the computer world, they will eventually figure out what is going on. That could take a couple of years, or not. My 10 year-old son has a friend who thinks he knows a lot (and he does), but he was stymied when he was over for a play date and couldn’t get to places he though he should have had free reign over (he wasn’t used to an adult knowing more than him about computers).

Here’s a quick lesson on how the Internet works.

  • Internet addresses are numerical like this: 123.123.123.123.
  • So we don’t have to remember numbers, we use domain names – like microsoft.com instead. ‘Domain names’ are registered with its DNS (Domain Name Server) address information with a domain ‘Registrar’, and these Registrars tell all the other Registrars this same information. This is how Internet addressing gets propagated around the Internet.
  • When we ask a computer to go to a ‘named’ address, it uses their designated DNS server to translate the name to a number that it can actually use. Your Internet Service Provider (ISP) provides DNS servers for you to use (and usually provides the information automatically). When your child types in www.<domainname>.***, it is these DNS servers that translate and deliver the numbered addresses back to the computer making the request so it can then get routed through the Internet to its destination and begin receiving information back.
  • If you really want to get deep into how this works, go check out Wikipedia.

So the trick is to change where your computers obtain these IP addresses. OpenDNS categorizes web sites allowing you to go in and block whole categories (nudity, drugs, etc.). It’s not perfect, but it’s very close. Along with this function, you can also customize search pages with your own logo and messages when a site gets blocked (“what are you doing Spencer?”).

So here’s what you need to do:

  • Set up an account with OpenDNS. Basic service is free and $10/year per household for more stuff – like a year’s worth of logging and ad-blocking.
  • Register your address with OpenDNS (all your home computers will share the same address through a router – usually).
  • Customize OpenDNS settings to block specific categories.
  • Manually set your DNS addressing to point to OpenDNS (see below).

99% of home users are going to have a ‘dynamic’ Internet service, meaning your numbered address provided by your ISP is subject to change. So you will also need to:

  • Install a piece of software to allow your computer to dynamically update your IP address with OpenDNS, OR
  • Use a combination of services to dynamically update OpenDNS with your home router.
  • CHANGE your DHCP (dynamic address allocation service) in your router to manually set the DNS addresses to 208.67.220.220 and 208.67.222.222. If you don’t have a router, and are directly connecting, you’ll have to set your TCP/IP settings on your computer’s network card to use these addresses manually (and then you should run, not walk, to the computer store and buy a router – yes, even if you only have 1 computer. It’s the best firewall protection you can have from the bad guys trying to get in).

In order to do the dynamic updating from a home router, you need 3 things:

  1. An account with a Dynamic DNS Service provider like DynDNS. There are others, like www.no-ip.com, but the trick is to pick one that works with your home router. Which brings us to the 2nd thing you need:
  2. A router that has ‘Dynamic DNS Services’ functionality built-in. You will find this somewhere in your home router’s web interface, usually under Advanced settings of some sort.
  3. An account with DNS-O-Matic. Also free. Go here last and add both your DynDNS account and OpenDNS accounts.

Once set up, whenever your router gets a new IP address, it will notify DynDNS of the new address. Then your DNS-O-Matic account will check in with your DynDNS account, see there’s a new address, and report that to OpenDNS.

So why do all of this? The point is your OpenDNS account has to be associated with a specific network (your outside IP address) in order to know what you want blocked and to generate reports on your specific address.

This may seem like a lot of work and headache, but this is a one-time thing you can set and forget. Another added benefit is the OpenDNS servers are proven to be a lot more responsive than most, if not all ISP’s DNS servers, and a lot more reliable.

Last point – because this service is completely separated from your actual computer, it won’t have any impact your PC’s performance – a key point for older machines that choke on the large security packages from all the major vendors (McAfee, Trend, Symantec), which I loath to install, because they tend to take over your PC’s resources, especially on older systems, and they slow to a crawl.

Happy computing!

Thieves & Credit Card Scams

Published November 27, 2009 Security Leave a Comment

Arrrgh. A GPS and my prescription sunglasses got stolen out of my car last night. Partly my fault as I didn’t lock the car (too many distractions coming home with kids and pizza).

Speaking of thieves, here’s a scam to watch out for with everyone whipping out their credit cards, making retailers happy…

The following message originates from a detective with the Toronto police. Looks like a true story, and worth paying attention to…

Royal Bank received this communication about the newest scam. This is happening in southern Alberta right now and moving.

This one is pretty slick since they provide YOU with all the information, except the one piece they want..

Note, the callers do not ask for your card number; they already have it.

By understanding how the VISA & MasterCard telephone Credit Card Scam works, you’ll be better prepared to protect yourself. One of our employees was called on Wednesday from ‘VISA’, and I was called on Thursday from ‘MasterCard’.

The scam works like this:

Person calling says – ‘This is (name), and I’m calling from the Security and Fraud Department at VISA. My Badge number is 12460, Your card has been flagged for an unusual purchase pattern, and I’m calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a marketing company based in Arizona ?’

When you say ‘No’, the caller continues with, ‘Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?’

You say ‘yes’.

The caller continues – ‘I will be starting a Fraud Investigation. If you have any questions, you should call the 1- 800 number listed on the back of your card (1-800-VISA) and ask for Security. You will need to refer to this Control Number. The caller then gives you a 6 digit number. ‘Do you need me to read it again?’

Here’s the IMPORTANT part on how the scam works - The caller then says, ‘I need to verify you are in possession of your card’.

He’ll ask you to ‘turn your card over and look for some numbers’. There are 7 numbers; the first 4 are part of your card number, the last 3 are the Security Numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card.

The caller will ask you to read the last 3 numbers to him. After you tell the caller the 3 numbers, he’ll say, ‘That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?’

After you say no, the caller then thanks you and states, ‘Don’t hesitate to call back if you do’, and hangs up. You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back. Within 20 minutes to ask a question. Are we were glad we did!

The REAL VISA security department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card. We made a real fraud report and closed the VISA account. VISA is reissuing us a new number.

What the scammers want is the 3-digit PIN number on the back of the card. Don’t give it to them. Instead, tell them you’ll call VISA or Master Card directly for verification of their conversation.

The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you’re receiving a credit; however, by the time you get your statement you’ll see charges for purchases you didn’t make, and by then it’s almost too late and/or more difficult to actually file a fraud report.

What makes this more remarkable is that on Thursday, I got a call from a ‘Jason Richardson of MasterCard’ with a word-for-word repeat of the VISA Scam. This time I didn’t let him finish. I hung up!

We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening. I dealt with a similar situation this morning, with the caller telling me that $3,097 had been charged to my account for plane tickets to Spain , and so on through the above routine.

It appears that this is a very active scam, and evidently quite successful.

 

Pass it on & stay safe.

Phishing Attacks – Sneaky buggers

Published October 13, 2009 Security Leave a Comment

As the SBS Diva blogged yesterday, there’s a nasty possible attack out there this week. One of my clients was alert enough to ask us if we had sent it.

Don’t click links in email folks!

Subscribe in a reader

Pages