Also just because the link LOOKS valid and safe does NOT mean it is. I “moused OVER” the link (did NOT click) and you could see in the status bar that the link actually went to a Czech site. Not even from Canada at all!

In the one that I received today the link went to a .pif file extension.

The PIF file type is primarily associated with ‘Windows’ by Microsoft Corporation. A Program Information File dates back to the early versions of Windows. Basically, it’s an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.

A .pif is a program information file that contains information about how Microsoft Windows should run a non-Windows application. Consider all PIF files that come as e-mail attachments as viruses.

Never open files attached to emails if the attached file’s name ends with any of these sets of three letters: *.EXE, *.VBS, *. LNK, *. PIF, *. COM, *. SCR, *.BAT, *.CMD.

Resources:
http://www.file-extensions.org/filetype/extension/name/dangerous-malicious-files
http://sourcedaddy.com/ms-word/understanding-and-avoiding-office-viruses.html
http://filext.com/file-extension/PIF
http://www.wisegeek.com/what-is-a-pif-file.htm
http://www.file-extensions.org/article/forbidden-file-extension-in-email-attachments
http://pastebin.com/pnBjzPMN

“Last account activity: 5 hours ago on this computer. Details.”

How often do you check if your account has been intruded?

You should do so often! These are links I got my information:

• http://mail.google.com/support/bin/answer.py?hl=en&answer=45938
  
• http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html
• http://www.addictivetips.com/internet-tips/how-to-check-if-some-intruder-is-accessing-your-gmail-account/
• http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7 **EXCELLENT READ!**

But I don’t go to bad sites or give out my password so I don’t have to worry!

What? Are you seriously that naive? I have a good password and good security and even I, a few days ago, found this in mine:

Unknown    China (119.39.21.154)    Jan 17 (3 days ago)

As you can see it is first accessed through one IP (66.212.31.35) through a browser and then sold to someone else (someone in China (119.39.21.154) who bought the info) who checked it through a browser as well to make sure he could access it, and then accessed it on his own (shown by Gmail highlighting it in dark red) through some “unknown” means.

Actually I am assuming that is what happened as I have no hacking experience what so ever.

So what can be done once you find out someone has accessed your account????

Well you first scan your computer to make sure it doesn’t have a Trojan or key-logger on it giving out your login information. You scan first because if you are infected with those then no matter what you change your login information to they will know it.

And then what? What if it is clean?

Then you access through a clean computer and change your Password AND your Security Question. Make it unique and one that has NOT been used on ANY other sites!

Is that all?

Next I went through my emails looking for any information they could use (such as log ins or emails from sites verifying my log ins) and changed my password and security question with all other sites. I didn’t wait for any other intrusions or invasion of my privacy!

Here is more reading that will help you:

How to recover a Hacked or Compromised Gmail Account
By The “C” Man and Brett Carver

http://knol.google.com/k/the-c-man/how-to-recover-a-hacked-or-compromised/3p9k5zywla4ku/7?pli=1#When_you_reclaim_Your_Account

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and recovery e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it's disabled and empty]

E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

Additional Information
Keeping account secure:  https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
More account security info:  http://www.google.com/help/security/
If your account is compromised:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50270
Someone using your address:  http://mail.google.com/support/bin/answer.py?hl=en&answer=50200
Google Employee comments:  http://www.google.com/support/forum/p/gmail/thread?tid=560d53dee40be5e6&hl=en&start=70

And even more reading (originally found posted by the same guy (bkc56) at https://www.google.com/support/forum/p/gmail/thread?tid=34cf3f6e6c2d3b87&hl=en):

Hacking Methods
There are many ways an account can be compromised/hacked.  A few (but by no means all) of the common ones follow some what in order of frequency used:

Phishing
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password.  Never follow a link that doesn’t go to to a known url (for example:  http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\).  Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
- Phishing:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
- Reporting:  https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
- Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380

Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others.  Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account.  Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
- Changing passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
- Selecting passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Linked accounts
* Related to the above in that one account has information leading to other accounts.  If they gain access then they know about the other accounts too.  This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised.  Also consider a “junk” e-mail address for all forum/web-site registrations so it does not lead back to your primary account.

Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
- Sign out:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8154

Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser’s auto-fill capabilities unless you’re on a 100% private, secure, and trusted computer.
- Clear saved data:  http://mail.google.com/support/bin/answer.py?hl=en&answer=12095

Keylogger
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).

Trojan/Virus/Malware
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you’re logged in.
* Always keep virus scanners enabled, and using up-to-date definition files.  Regular use of malware type scanners is good too.
- Virus protection:  http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
- Anti-virus scanning:  http://mail.google.com/support/bin/answer.py?hl=en&answer=25760

Password guessing
* A brute-force method of guessing someone’s password, made easier if they know you in real-life, especially if you use a weak password (like a kid’s or spouse’s name).
* Follow standard password generation safeguards:  no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
- Strong passwords:  http://mail.google.com/support/bin/answer.py?hl=en&answer=29409

Server attack
* When someone compromises a company’s server gaining access to account or private information for a large number of users.  This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.

Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information..  Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.

Am I actually supposed to read all that?

Yeah I know it is long but trust me, you will wish you had read them after you find out your account has been accessed without your permission. The indented parts are quotes of some of the links I checked out myself. Very informative information by The “C” Man and Brett Carver! The rest of the info I found doing Google Searches and the links to those are listed at the top of the blog. Just be glad I did this searching for you! Or else it would take you longer than just reading this!

- K

Has your Gmail been compromised? :  http://wp.me/pQWLB-2v

http://www.techsupportalert.com/content/vote-now-top-freeware-product-2010.htm

Here are the choice in the vote:

CCleaner

Microsoft Security Essentials

Firefox 3.6 – I personally prefer this to IE

LastPass

Revo Uninstaller

Everything Search

Google Chrome Browser

Sandboxie – I absolutely love this program and use it in investigating suspicious web links.

IrfanView

PDF-Xchange Viewer

7-Zip – Make sure you use .org and not any other extension as there are fake sites out there.

Opera 10

VLC Media Player – I use this to watch my DVD’s on my computer in Windows 7

FastStone Image Viewer

Open Office Suite – Excellent alternative to MS Office and its free!

NotePad ++ – I love to use this for all my coding as I don’t go for WYSIWYG

Secunia PSI – Great program for telling you if any of your programs you have installed are insecure or out of date and need to be updated!

Superantispyware – Love this one for keeping spyware at bay

Malwarebytes – Good for scanning for Malware

Microsoft ICE

Personally for me it was a hard choice on which one to choose as I have tried 14 of those 20 listed to vote for.

What will YOU pick?

Today, 11:30 am

Shaun Nichols in San Francisco

Originally posted: http://uk.news.yahoo.com/16/20101213/ttc-symantec-warns-of-new-cutwail-url-ta-6315470.html

http://yhoo.it/e21nBf

Scammers use url shorteners just like bloggers do … to shorten a url. However they do it for different reasons. Where as bloggers do it to simply shorten the link or forum users use it in forums in their signature due to character limits, spammers on the other hand do it to trick users into following the link without questioning it and for security browser tools such as WOT or McAfee SiteAdvisor not to alert them because there is no danger in the url shortening service but there is in where the link will redirect you to.

The redirection happens as quick as a flash and will not be noticed by the caller.

For example, a spammer wants you to visit virusinfestedporn.ru but uses a url shortener service such as tinyurl or juniurl or cli.gs or budurl.com or bit.ly or is.gd or goo.gl or traceurl.com or what ever numerous are now out there currently! So you see the url .. and just like any tweet or facebook message out there that you see that is shortened .. it is nothing new so you don’t question it and follow the link out of curiosity. But you don’t expect where it is taking you and wish you never followed that link!

Maybe one day url shorteners / redirectors will have something in place to investigate every single url someone shortens but for the time being it is up to us to educate each other and implement browser plugs (if you use Firefox) such as “Long Url Please“

Bit.ly is different though when it comes to security!

There is one I came across. Bit.ly actually does have warnings! Check this out: http://bit.ly/cgBT8e brings you to this warnings page:
https://bit.ly/a/warning?url=http%3a%2f%2f5z8.info%2fcockdock.gif_z7g9w_openme.exe&hash=cgBT8e instead of directly to http://5z8.info/cockdock.gif_z7g9w_openme.exe

(this link http://f5z8.info/cockdock.gif_z7g9w_openme.exe actually was created by a security person to give an example so it is made to look bad but actually is another redirect to http://safeweb.norton.com/ and is safe)

Also Bit.ly tells us on their blog (http://blog.bit.ly/post/263859706/spam-and-malware-protection) about a Firefox plugin that will preview the link to let you know where you are actually going:
https://addons.mozilla.org/en-US/firefox/addon/10297/

And if you add a + at the end of any bit.ly url you will get more info on where it will take you.

Continue reading about this here:

http://kasha.freeforums.org/be-wary-of-any-shortened-webpage-link-t14.html

There is also a write up about url shorteners / redirecters here:
“How to Avoid Being Caught by Bad Tiny URLs”
http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/

What is the issue, why is it a problem, and what can we do about it?

Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.

So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.

When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.

Sounds good so far, right?

The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.

A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.

Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.

You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.

To continue reading the rest go to http://www.cogniview.com/convert-pdf-to-excel/post/bad-tiny-urls/

Today Review be about Odin Sphere!

This is one of the coolest and most beutiful grapich i ever seen on PS2
i dont understand why the make more of this, or i have perhaps just miss all other game how have same? are they crap? or too good? i will never know (if no one tip me one haha)

we begin with the characters
there are 5 playable characters and these are

Gwendolyn

Cornelius

Mercedes

Oswald

Velvet

Ok these character how we will follow will have a problem to solve and try to do the right in there world.

Story
is war between Odin and the Fairy queen. and the Queen have a ring how Odin was to make him to the most powerful person. This ring will activate to a big machine how can make a so like called “Rangarök”. this game have some out take of nordic history but very small out of it.

Gameplay
simple beat them up sidescrolling and with some RPG element. you can even choose to have Japanse voice or English voices. i prefer the japanse one

i just find a english version of a gameplay but here it goes

My thinking of this game

this was a game i found very cheap in a shop.  it looked intressting for me and i buy it. It was so worth it, this game give nice feelings while play, and the story is really intressting more you understand it. this is a really beutiful made game.

i will give this game  9/10
why i dont give it the last 1 point is becuse something was missing, a litte thing but i cant know what but 9/10 is much anyway and is a really good game!

see ya!

Final Fantasy 7 is the most popular final fantasy game many know and liked, and yeah it was a great game But i think final fantasy 6 is much better. becuse of the character. all have a rule in it, even the bad guys or the side characters. All of them make sense. not make unaccary moments. so you will give all love to every character you will learn about in this game even the Kefka how will hate you!

Story
is about 2 worlds, our world and the espers world. epsers and humans once share one world and lived together but later the human got greedy and used the espers as power and then for that epser go in another world. it was a war with magic but then disappear becuse of the espers. later on a guy named Kefka did find a way to get magic again and got a girl called Terra and mind controll her, this girl Terra was a mix between human and esper and knows magic becuse of this.

Gameplay
pretty typlical, commando which how choose which attack/support skill one character gonna use. and its fun with so simple

my thinking of the game

This is the nummber 1 final fantasy game i know. i like all character but if i must choose 3 person they would be theses guys

Kefka

Locke

Edgar

Kefka is the most EVIL video game character i know and the most charming one too. hes have a very funny humor and special style how make him so charmy diffrent from all other typical evil  video game character , and yes i look at you

ehm. anyway Locke is very kind person and lucky with the girls even if Edgar how is the girl crazy one dont get any! how unlucky for him! Edgar is one of the funny in the team and have cool tools! as Chainsaw or crossbow

the music in this game is reallllly good is sounds like magic

and yes of course we cant miss Kefka´s meanie theme

i get this game a 10/10 this game dont miss a thing this is a real game

i cant wait for this game have a remake on the NDS like all other games and soon we hope for Final fantasy 5 remake so we able to play that game

see ya later!

The Intro of this game

A Litte Information

This game Clocktower game series is a very special games. It was made by Human Entertainment but the 3rd game was created by Capcom. Capcom was the right one to make the new clocktower game (2003). The older series was using a klicking game but 3rd game didn’t have it, wich make the series acheive a totally new level.

Gameplay

The genre is Horror survival and puzzle game. That’s whats make the game so special. like playing a game such as Monkey island. Monkey island is puzzle game where you can think out the outcome of an action. In clocktower you can do same but must be careful and think fast before the murder gets you! That’s what makes the game  challenging but Monkey island is still a fun game anyway.

Story

It’s about a girl called Alyssa. She is 14 years old but soon to be 15. She has been in a school far away from her mum and this day near Alyssa`s birthday, she wanna come back home to her mum. But come to the House, a man dressed in black cloths appears and tell her mother is not here. Alyssa don’t wanna listen and is sure shes still at home. Alyssa wanna go around the house and look for her. Later in the game she will find her mother´s room. She suddenly hear a music playing from no where and suddenly is sent to an unknown place.

What i think of this game

This is really a well made game. Capcom was very creative in making this game. The Characters in this game make it so alive and real human, just check this moment.

http://www.myspace.com/index.cfm?fuseaction=vids.individual&VideoID=5208234

The game show many beautiful thing even is this game is really dark. The most hurting cutscene for me was this moment.

The murder is sooo dead.

I think this is a game for everyone “perhaps the 12 year old or younger haha”, horror in this game is scary but not deadly scary and it have some beautiful things to give.

The funny things in this game is that many talk British. i so nice hearing someone talk British.

the game gets 9.9/10
why the game don’t get the last 0.1 is because that this game could be a longer game.

i hope in the future i can send in picture here on my Reviews, but i new to blogging so i learn soon

Hope you like it!

This was copy from my blog Tumblr

Because of this I wanted to share this here that was posted on consumeraffairs.com.

Don’t Fall For Facebook Profile Scam

Despite scammers’ claim you can’t see who has accessed your profile

Mark Huffman
ConsumerAffairs.com

October 12, 2010

Most people are curious about who might be curious about them. So when they log onto their Facebook account and see a new tool that will reveal who has accessed their profile, it might be tempting to click on it.

Big mistake.

Graham Cluley, security expert for Sophos software, says scammers are once again using Facebook as a lure for new victims.

“Right now we’re seeing messages spreading across Facebook claiming to have found a way to allow you to sneakily tell who has been looking at your profile,” Cluley writes in his blog. “And it’s no shock to see that many people are intrigued as to who might be checking them out online.”

However, Cluley points out that this is not new legitimate functionality that Facebook has built into its social network. Instead, if you click on the link you are taken to a third-party website which, to the untrained eye, may at first glance appear to still be on the real Facebook site, but is in fact designed to trick you into sharing their link further.

A typical message reads:

See who viewed your profile original version 2.0:
now you can see who viewed your facebook profile
<LINK>

“As we’ve seen in the past in connection with other scams, the page encourages you to ‘like’ it and ‘share’ it numerous times before it will hand over the ability to see who has viewed your Facebook profile,” Cluley warns. “This should, frankly, be enough to trigger your suspicions and have you rapidly retreating.”

Cluley says so far, many Facebook users appear to be falling for the ruse. In doing so, he says, they are helping scammers spread their links across the Internet.

“Ultimately you have to have your wits about you to avoid scams like this,” he said.

Report Your Experience: www.consumeraffairs.com/php/a_report.php

If you’ve had a bad experience — or a good one — with a consumer product or service, we’d like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

*** This was posted on consumeraffairs.com so please post comments there.

How can i install windows on a netbook that doesn’t have a CD player?
-Bryan F. Ontario, Canada

Well you can use diskpart to make a USB key from wich you can boot from BIOS. This also enables instant slipstreaming.

Here’s a quick look at the process:

• First, you’ll need the DiskPart utility on the system you will use to prep the thumb drive. This is a free disk partitioning utility that is likely already installed on your Windows system. If not, you can download DiskPart here.
• Launch the DiskPart utility by typing diskpart at the Start Menu.
• Then run the list disk command to check the status of your drive.Video

  Dennis Chung, an IT Pro Evangelist at Microsoft, demonstrates how easy it is to prepare a USB thumb drive and use it to install Windows 7.

• Now run select disk 1 where the “1″ is actually the corresponding number of your USB drive.
• Run clean.
• Once the thumb drive is clean, you can run create partition primary.
• Now make the partition active by entering active
• Then you need to set up the file system as Fat32 by runningformat fs=fat32 quick (quick, of course, specifies that you want to perform a quick format to speed up the process).
• Entering the assign command gives the USB drive a drive letter, making it easy to access from Windows Explorer
• Then you can copy/paste everything from the Windows 7 installation DVD onto the USB key (a simple drag and drop will do).
• Now you can insert the thumb drive into the system you want to install Windows 7 onto and boot the system. The installation will now proceed as usual—but faster.

If you would like to ask a question too you can send us an email on the contact page!

• Full Name
• Date of birth
• Address
• Full name of mother before marriage.

As you can see, that set of information is pretty easy to gather on a person especially with sites like facebook and the white pages.

A fake phone polling session would gather this information about 45% of the time said Verisign. And this is bad news for us because it makes it a lot harder to protect our identity.

The US and Canadian laws state that if someone is caught making a fraudulous phone poll, that person can get up to 5 years in prison and 100,000$ fine. Note that you only have 1 year to complain about someone at the police. And proving that you are good willed and that he is the bad guy you have to prove there is defamation, falsification or a recording of illegal questioning. And if you fail to give this proof and you attacked that person, they can make sure you get fined for attack of their character.

Things you can do to protect yourself

1. Install an anti virus on your computer.
2. Before entering any information in a website, check the certificate of the website and the address.
3. Modify your passwords often.
4. Secure your wifi.
5. Clean up your social networks and other profiles.

Congratulations, you just been socially engineered.

It is even easier to trick you because all the current browsers use a file called History.js that saves all the website addresses you ever visited. (the same technology that makes blue links go purple after you went to it) So the hacker can ask that file if you went to specific addresses and then change itself when it sees you went to a specific site. And all this works even if NoScript is installed. So what all this does is that any ad you leave open could change into a site you visit often without your knowledge!

How The Attack Works

1. A user navigates to your normal looking site.
2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of JavaScript that takes place instantly.
4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and mouldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful

Source : http://www.azarask.in/blog/post/a-new-type-of-phishing-attack

A Popup appears!

You dun care and take focus away and open a new tab. The website sees that and changes it’s title and skin.

You come back and enter your credentials.