[nsao] NSAO Newsletter July, 2004 : Issue #14
- From: nsao@xxxxxxxxxxxxx
- To: <nsao@xxxxxxxxxxxxx>
- Date: Thu, 8 Jul 2004 12:29:28 -0400
<http://mail.nsao.com/newsletter.htm>
July, 2004 : Issue #14
In this issue:
Missing Floppy Drive
Browsing Safely
NSAO's New Employee
This month's giveaway!
________________________________
Missing Floppy Drive
You may have noticed that most new PC's & Laptops no longer have the 3 ½"
1.44MB Floppy Drive as a standard feature if available at all. A more cost
effective alternative would be an external USB Floppy Drive that will not only
satisfy the need for the lack of an internal one (provided the PC or Laptop has
a open USB port) but can be shared throughout your office or home.
Another useful and affordable option is the new and very popular Thumb Drives.
The new generation of USB drives is even smaller than before. So small, in
fact, that "thumb" drive may no longer be appropriate--- they're more the size
of your fifth finger; the smallest. Crucial came out with a line of second
generation USB drives that are smaller, faster, and lighter weight than their
previous generation: In fact, the entire Version 2 drive is no wider than a
normal USB plug by itself!
Either way is a much more useful option rather then the old internal floppy
drive.
________________________________
Browsing Safely
Many people browse the Internet without much thought to what is happening
behind the scenes. Active content and cookies are common elements that may pose
hidden risks when viewed in a browser or email client.
What is active content? To increase functionality or add design embellishments,
web sites often rely on scripts that execute programs within the web browser.
This active content can be used to create "splash pages" or options like
drop-down menus. Unfortunately, these scripts are often a way for attackers to
download or execute malicious code on a user's computer.
JavaScript - JavaScript is just one of many web scripts (other examples are
VBScript, ECMAScript, and JScript) and is probably the most recognized. Used on
almost every web site now, JavaScript and other scripts are popular because
users expect the functionality and "look" that it provides, and it's easy to
incorporate (many common software programs for building web sites have the
capability to add JavaScript features with little effort or knowledge required
of the user). However, because of these reasons, attackers can manipulate it to
their own purposes. A popular type of attack that relies on JavaScript involves
redirecting users from a legitimate web site to a malicious one that may
download viruses or collect personal information.
Java and ActiveX controls - Different from JavaScript, Java and ActiveX
controls are actual programs that reside on your computer or be downloaded over
the network into your browser. If executed by attackers, untrustworthy ActiveX
controls may be able to do anything on your computer that you can do (such as
running spyware and collecting personal information, connecting to other
computers, and potentially doing other damage). Java applets usually run in a
more restricted environment, but if that environment isn't secure, then
malicious Java applets may create opportunities for attack as well.
JavaScript and other forms of active content are not always dangerous, but they
are common tools for attackers. You can prevent active content from running in
most browsers, but realize that the added security may limit functionality and
break features of some sites you visit. Before clicking on a link to a web site
that you are not familiar with or do not trust, take the precaution of
disabling active content.
These same risks may also apply to the email program you use. Many email
clients use the same programs as web browsers to display HTML, so
vulnerabilities that affect active content like JavaScript and ActiveX often
apply to email. Viewing messages as plain text may resolve this problem.
What are cookies? When you browse the Internet, information about your computer
may be collected and stored. This information might be general information
about your computer (such as IP address, the domain you used to connect (e.g.,
.edu, .com, .net), and the type of browser you used). It might also be more
specific information about your browsing habits (such as the last time you
visited a particular web site or your personal preferences for viewing that
site). Cookies can be saved for varying lengths of time:
Session cookies - Session cookies store information only as long as you're
using the browser; once you close the browser, the information is erased. The
primary purpose of session cookies is to help with navigation, such as by
indicating whether or not you've already visited a particular page and
retaining information about your preferences once you've visited a page.
Persistent cookies - Persistent cookies are stored on your computer so that
your personal preferences can be retained. In most browsers, you can adjust the
length of time that persistent cookies are stored. It is because of these
cookies that your email address appears by default when you open your Yahoo or
Hotmail email account, or your personalized home page appears when you visit
your favorite online merchant. If an attacker gains access to your computer, he
or she may be able to gather personal information about you through these
files.
To increase your level of security, consider adjusting your privacy and
security settings to block or limit cookies in your web browser. To make sure
that other sites are not collecting personal information about you without your
knowledge, choose to only allow cookies for the web site you are visiting;
block or limit cookies from a third-party. If you are using a public computer,
you should make sure that cookies are disabled to prevent other people from
accessing or using your personal information.
Authors: Mindi McDowell
Source: http://www.us-cert.gov
________________________________
NSAO's New Employee
We are excited to announce an addition to our team at NSAO. As of July 1st Rory
Arnold has become a full-time employee of NSAO. Many of you may remember Rory
from the days of Copeco's Networking Division. We are very excited to have Rory
join our team as he brings a great deal of knowledge and experience with him
including being Microsoft Certified Professional and is a graduate of R.G.
Drage's Cisco Networking program. Rory has already been busy performing many
service calls since his start last week and will continue to become an
increasingly important member of the NSAO team.
Please join us in welcoming Rory as the newest addition to our team. You can
reach Rory via email at rorya@xxxxxxxx <mailto:rorya@xxxxxxxx
?subject=Newsletter Arrticle> or via phone at NSAO's office number, which is
(330) 966-8097.
________________________________
This month's giveaway!
Last month Paula Moyer of Schumacher Lumber won a Dell A920 all-in-one
printer/scanner/copier ( $189 VALUE). This month you could be the winner of a
Norton AntiSpam 2004 ($40.00 VALUE).
To find out more about this month's prize go here
<http://www.symantecstore.com/dr/sat1/ec_MAIN.Entry10?V1=584408&PN=1&SP=10023&xid=27674&DSP=&CUR=840&PGRP=0&CACHE_ID=0>
.
To win be the first to send an email to us with the correct answer to the
following question. What does "USB" stand for and what is the newer faster
version/standard? Email <mailto:info@xxxxxxxx ?subject=Newsletter Question>
your answer to us with a subject of "Newsletter Question."
________________________________
How to Contact Us
Website: www.NSAO.com
Directions to our business are included on the website
Disclaimer: The tips and other information given in this newsletter are
researched and are believed to be accurate at the time of publication, but we
cannot and do not guarantee that all the information here will work on your
particular combination of hardware, software and user skill level. All
information herein is offered as-is and without warranty of any kind. To the
greatest extent allowed by law, neither Network Solutions And Optimization, LLC
(NSAO) nor its employees nor contributors are responsible for any loss, injury,
or damage, direct or consequential, resulting from your choosing to use any
information presented here.
This newsletter is a service of NSAO is Copyright @2003 NSAO All worldwide
rights reserved
To unsubscribe, click here <http://www.nsao.com/newsletter.htm>
Questions? Email us any questions or comments to info@xxxxxxxx
N.S.A.O. 5692 Pontiac Circle N.W., North Canton, Ohio 44720
Other related posts:
- » [nsao] NSAO Newsletter July, 2004 : Issue #14
