Another PC Rule Post

When people find out what I do for a living I am most often asked about viruses. I am constantly amazed to find out that people have anti-virus software on their machine but never set it up. Most of the time I find it is a trial version of either Symantec or McAfee software but people just take for granted that it is a full version and updates and scans by its self.

Depending on where you bought the PC the store may have set it up for you but when the 30-90 day trial is up, so is your protection. Updates are posted almost every day and a virus scan should be run at least once a week. When I first started in the network Security business updates were only once a month and you ran a scan every quarter. The ability to write a virus has become much easier as coding software has become simpler to understand and use. Now anyone can write a virus just by downloading a script and making a few modifications to personalize it.

Currently the threat to computer security is not just from a virus but is combined with trojons, spyware, scripts and phishing which can be delivered in a web site from cookies on the web page or just play on your good nature in an e-mail. Much of this can be prevented just by educating yourself and other users as to good computer practices.

Keep your operating system up to date with the latest security patches.
Update your Anti-Virus software to have the latest signatures at least once a week.
Use the free firewall in windows XP or download one of the free ones.
Do not open e-mail with attachments from people you don’t know or e-mails that seem out of character from the sender.
Please monitor your kids especially teens as they like to turn off firewalls and antivirus because it “slows my music down loads” or “ it makes my game run slow” True statements but that is where many virus writers put their new stuff to see how well it works.

Be prepared

Got these off MSN If number one was not true we would not need the rest. It is a shame that Large companies who say they value employee loyality will lay someone off 6 months before retirement to save money. Or even worse a company that hire and trains good workers but when it comes time to start paying them just lets them go.

1. Keep in mind that in the current environment the idea of womb-to-tomb job security is as dead as a hammer. Be loyal to your present employer, but never develop a romance with the organization. Know that the relationship can end at any time. There is enough suffering in store for anyone over the loss of a job without adding the pains of an unrequited love. Look out for yourself first.

2. Be alert and well-informed at all times about the outlook for your employer and your job. If you know things are going down the drain, begin a below-the-radar search for other opportunities. If the axe falls, you'll have a head start on finding another job.

3. Stay prepared financially. Always try to have enough cash in reserve to cover at least three months living expenses.

4. Keep your skills current with the needs of the job market. Capitalize on opportunities for additional training. Read the literature of your field.

5. Maintain an up-to-date record of your accomplishments so you can produce a resume in 24 hours.

6. Nurture contacts with people in your line of work and with those likely to employ your type of qualifications. Be visible through outside activities and positive publicity.

7. Help others who lose their jobs. Also, be of assistance to those who are looking to recruit employees. They may help you someday.

8. Understand your emotions. Psychologist Bill Weber says getting fired is very much like dealing with the death of a loved one. "The first reaction is denial, or wishful thinking. There's been a mistake," Dr. Weber says. "Then the shock sets in, followed by anger, depression, frustration and fear. Worst of all is the loss of self-esteem."

9. If you get fired, allow some time for grieving; but not too much. Don't just sit there feeling sorry for yourself. It's natural to be angry with your employer, but don't let your feelings show. You still need him. Negotiate the best severance package possible for continuing pay and benefits, particularly insurance coverage. Don't forget good references, too.

10. Start immediately to launch your search for another, better job. Use this time to reassess the goals you have set for the rest of your life. Define the job that will enable you to achieve these objectives.

11. Prepare a plan to market yourself. Let it be known you are available; "advertise" what you have to offer. Involve your network of friends and family in the job search.

12. Be patient. Recognize it will take time to find another acceptable position.

13. Don't panic. If you possibly can afford to wait, don't jump on the first opportunity that comes down the pike, unless, of course, it really matches up with your objectives.

Finally, try to remember two things.
It can happen to anyone, and A high percentage of people end up with better jobs than the ones from which they were fired.

More on VOIP

It is a shame how everytime a new technopigy becomes accepted it ends up as another toll for someone to try to scame you out of your money. Well, but then again because of people like that I have a good job.

Experts: VOIP Attacks Are Tough to Stop
JULY 10, 2006 Security experts say a high-profile VOIP hack is setting operators into action to protect against future problems. (See Two Charged in VOIP Hacking Scandal.)
Early last month federal authorities arrested Edwin Pena and Robert Moore for allegedly participating in a scheme that exploited the network weaknesses of several VOIP providers.
The feds accused the duo of secretly routing calls through legitimate VOIP networks, forcing those companies to foot the bill for the extra traffic they were carrying. On the flipside, Pena allegedly collected some $1 million in connection fees from other phone companies that he sold minutes to. (See VOIP Hacker Blues.)
Companies familiar with the Pena/Moore debacle worry that others will try, using relatively unsophisticated means, to exploit or take down their networks.
BusinessEdge security expert Yaron Raps says the Pena/Moore attack resulted in two large Tier 1 telcos calling on his company to do full security audits of their VOIP networks. Raps is the former head of technology and engineering at deltathree Inc. (Nasdaq: DDDC - message board).
Raps believes the security issue is changing the way big telcos view the role of VOIP in their businesses. “Before this, VOIP was just a software infrastructure that corporations introduced to reduce operational expenses and increase speed to market -- and it was not about security," Raps says. "The big telcos are realizing that VOIP is not a cheap replacement to the PSTN.” (See VOIP Gear Approaches Peak.)
IP-security expert Mike Hrabik of Omaha-based Solutionary says his company is also receiving more calls on VOIP security issues. Hrabik says the new interest in security is a normal part of the evolution of new technologies. “We see this in every new or evolving technology. It sort of goes through these phases,” Hrabik says. "They’re going to have to concentrate on this -- the security of the protocol itself, the security of the infrastructure -- and move it up in their priorities."
VOIP providers tag their own calls with a unique identifier or "prefix" so they can be admitted to the network. Pena, with Moore's help, allegedly bombarded the VOIP providers' networks with test calls -- each carrying a different prefix -- until they found one that was admitted to the network. The two then allegedly tagged all the fraudulent calls with that prefix.
Erecting a reliable wall of defense against these tactics is no easy, or cheap, proposition, the experts say.
Hrabik explains that large VOIP networks deal millions of calls each day, so it's sometimes hard to tell the fraudulent traffic from the legitimate traffic. “So you turn on your native logging to see who has logged into the router, in some cases the transaction volume is so large that finding the few the are from the attackers is the difficult part."
Operators will also be challenged, Hrabik notes, to maintain security even as hackers invent new attacks. "You may address one type of attack avenue, but what are some of the other ones somebody else might be able to find to exploit me in a different way or from a different angle?"
He adds: "We always find that to be the problem: Once the problem is controlled, and the press dies down, can you keep the intensity to find all those avenues and start to plug those holes?"
Net2Phone Inc. (Nasdaq: NTOP - message board) was one of as many as 15 networks victimized by Pena and Moore, and the only carrier actually listed in the legal complaint. Net2Phone did not respond to numerous requests for comment on the article.
According to Rap at BusinessEdge, three basic components must be in place to achieve real-time security. “You have to have a very strong authentication at the edge, you have to have very strong fraud detection at the core, and then you have to have very strong prevention and detection in your network.”
He says the RBOCs may have an easier time absorbing these security costs than their unaffiliated or “pure play” competitors like SunRocket Inc. and Vonage Holdings Corp. (NYSE: VG - message board).
Many VOIP providers use session border controllers to protect the edges of their networks. In fact, security functionality has become one of the main selling points of the devices.
"The messages were spoofed both at the IP-layer and signaling layer," writes Acme Packet product manager Hadriel Kaplan of Pena's and Moore's technique in an email to Light Reading Friday. "That is a non-trivial thing to do, and represents a serious sophistication and commitment on the part of the criminal."
— Mark Sullivan, Reporter, Light Reading

'Vishing' Attacks Use VOIP

Nothing better than using new technology to run an old tried and true scam! It is a shame so many people are so trusting.


JULY 10, 2006 VOIP's anonymous nature may be convenient, but it can also be used against you. Secure Computing today warned of a new phishing exploit on the loose -- dubbed "vishing" -- that uses voice-over-IP and good old-fashioned social engineering.
Santa Barbara Bank & Trust and PayPal were the first to fall prey to vishing, where an attacker telephones a credit-card customer automatically, with a war dialer or directly, and dupes him or her into revealing account information by claiming there's been fraudulent activity on their account. The victim is then instructed to dial a "bad" phone number that then prompts them to enter their account number.
On Friday, an email posing as a PayPal message was circulating with a phone number for credit card customers to call, akin to the type of message Santa Barbara Bank & Trust customers recently received.
Paul Henry, vice president of strategic accounts for Secure Computing, says attackers are finding it's easy to hide behind VOIP numbers from any geographic location they choose. "Anyone can open a Skype account, get a dial-in number, and work from anywhere in the world," Henry says. "And they can have any specific regional dialing prefix they want…VOIP is so anonymous."
War dialing with VOIP is very simple: An attacker can use open source PBX software or a Windows app, and with a little minor scripting, configure a PBX to use Skype and make the calls, Henry says. "Doing it over VOIP is incredibly simple and lets them remain anonymous."
There is no tool that protects you from such an attack, which is more social engineering than technology, anyway.
Henry says Secure Computing has been monitoring several newsgroups over the past year that have been talking about this form of attack, and that Secure Computing felt it was time to educate users about the threat.
"We've finally gotten it in our heads not to click on URLs, but this is the next evolution of phishing," Henry says. "You'll find a lot of people will dial that number. They are used to credit card companies sending a notice to call and verify account information."
The most important way to protect yourself is to always call the phone number on the back of your credit card or the bank itself, not any number a third party provides you, he says.
— Kelly Jackson Higgins, Senior Editor, Dark Reading

Writing

Well it has been a while but no one reads this anyway. My son had to write an essay for the soldier of the month board and he asked me to look at it. I was written just like his e-mails. Using u instead of you chronic misspellings and punctuation. This is how he would write I love you.
i lv u tty Translation I love you. Talk to you later. Holy shit it is like learning another language. Anyway I was very helpful in critiquing his essay. As it is to be his presentation to the board of Senior NCO's and will be their first impression of him prior to him coming before them I made a few suggestions on better presentation and professionalism in presentation.
I am getting better 15 years ago I probably would have just rewriten it for him and he would learn nothing. His subject for the essay was his own and was on a subject that he understands. He knows the problem but did not understand that you must also be ready with a solution. Oh well maybe this will help him. Now if he would just get over his shyness around women (more of a confidence thing) he would start doing ok. He does work out religiously, he would probably stop if he new I had associated his bodybuilding with religion, and is actually a pretty good kid when he trys. His biggest problem too much like his mother sometimes, that must be the Korean in him, stubborn and always has to have the last word. Seems to be attracted to bad girls, not really bad but the type that is a little rebelious. I guess that might be from me although his mom liked the badboy type and dated me because she wanted to try something different LOL. Ok that is enough for now.