Website Safety: Log In, Log Off


As a frequent user of the Internet, I find myself constantly logging in and logging out of websites.  Whether I’m looking for a flight to my next speaking engagement, booking a hotel room, or purchasing a novel to read, I have to login to a website using my username and password.  The website needs to authenticate that we Continue reading

Locking the Doors and Checking the Windows

lock-pc1Due to the fact that I speak to many groups about how to browse the Internet safely, I hear lots of horror stories about innocent searches that have gone wrong. While the commercial world wants us to believe that playing on the Internet is like going to DisneyWorld, it’s actually a lot like visiting the Wild Wild West. There are lots of fun things to do, but it also can be incredibly dangerous. While “Ye Olde Miner’s Tavern” looks like a fun place to visit from the outside, how do we know that it’s safe? The answer is… we don’t. Most computer users are unaware which practices are safe and which are dangerous, which is why I’ll talk more about best practices in this article.

Idle Clicks are the Hacker’s Tools

How often have you received an email from a friend that has a link to a website your friend wants you to take a look at? It happens all the time. Unfortunately, the bad guys like to use links in emails they send to you to get you to visit websites that they want you to take a look at also. But even the most careless Internet user wouldn’t click on an address like for fear of something awful happening to their computer. So the bad guys have a few tricks up their sleeves to try to fool us into clicking on links in our email that will take us to their malicious websites. One of the tricks they use is to make the link look like it will take us to an innocent website. Just because a link in our email appears that it will take us to does not mean that it actually will. It might take us to eventually, but it will also take us to the malicious website first. This will happen so quickly that we may not even notice it. We also won’t notice our browser unwittingly downloading something from that evil website. Even hovering our mouse over the link in our email and looking at the bottom left hand corner of our screen will not always tell us where the link will actually take us. It’s just much safer for us if, instead of clicking on a link in our email, we open up our browser and type that address in ourselves. That way we are almost completely assured that the address we typed in is where we will end up. Once we stop clicking on links in our email, we take away one of the tools the hackers use to attack us.

Don’t Open That Attachment! You Don’t Know Where It’s Been!

On June 9th of this year, Microsoft released its latest Windows Update patch. Within that patch, there were thirty one fixes of vulnerabilities in Microsoft software. This was the largest patch that had been released to my knowledge and a few of the vulnerabilities were fixes for some of Microsoft’s Office products. One of the ways our attackers have been stealing our information has been using vulnerabilities in products like Excel, Powerpoint, and Word. This should make us think long and hard when we receive an email from a friend that has a file attached to it. It could be an innocent document, or a malicious file that will attack our computer once we open it to see what is inside. Windows Movie files (.wmv) and Quicktime files (.mov) have also been used to spread attacks to our computers. So it’s up to us as the defenders of our computer, to make sure that the attachments we receive are safe before we open them. We can do that by contacting the sender and asking them if they in fact did send us the attachment, and more importantly, do they vouch for its safety. They can do this by telling you that they are the creators of the file or that they received it from a trusted source. It is safer for us to assume that all attachments are malicious until we have proven that they are not. Attacks by file attachments are still very common, so we can lessen the risk to our computers by having the sender of the attachment vouch for its safety before we open it.

Is That All? Am I Safe Now?

Unfortunately, there is a lot more to being a safety conscious computer user than what I’ve talked about so far. But, with the two tips in this article, we take away two common attacks that are used by today’s attackers. In following articles, I will continue to list the best practices that we can use every day to minimize the chances of our computers being hacked. Internet Safety is an always changing topic. As soon as we figure out how to defend against one attack, the hackers invent a new attack that we haven’t seen. As long as we continue to educate ourselves about how to stay safe, we’ll make the hackers job a whole lot more difficult.

Kevin Poniatowski was a software engineer for Department of Defense contractors for over a decade. He has spent the last two years teaching software engineers, testers, and project managers from around the world how to create more secure software. He currently resides in Nashua, NH and spends his free time speaking to groups about Internet Safety and can be reached at

Internet safety and the job search

That’s Not My Job!!

id-theft To many of us, Internet security is a phrase defined by saying “That’s what the IT guys at the office do.” But for many of us who work from home or who are currently looking for a job, Internet security takes on a whole new meaning. “What am I doing to make sure that my computer and my personal sensitive data are safe from thieves that have much more technical skill than I have?” The Internet has brought us all together in ways that aren’t always for the good. Due to the ability of the Internet to shrink the world, this means that the hacker in Russia, the phisher in Zimbabwe, and the identity thief in our own country are all our next door neighbors. Even if our government law enforcement agencies know where a hacker is working, they might not be able to do anything because that criminal is in a foreign country where it might not even be illegal to attack our personal computers. We can’t rely on our law enforcement to protect us against these criminals, so we have to learn how to protect ourselves which does make Internet security our job.

Losing Your Data on Facebook.

Part of protecting our sensitive data from attackers is educating ourselves about what is currently going on in the world. Most of us have heard of the TJX scandal that occurred in the fall of 2007. It has been estimated that over one hundred million credit card numbers were stolen by thieves in that incident. This story made the front page of most newspapers, but these types of events are occurring on a weekly basis and are not being publicized. Very recently, Facebook has made it into the security news again. A security research team found a way that they could look at anyone’s information listed on the “Basic Information” panel regardless of the security settings the user had chosen. Facebook has fixed this issue, but only after the research team publicized their find two weeks after they had informed Facebook of the problem without any response. The lesson we can learn here is, “If we have information we don’t want the bad guys to know….don’t put it on Facebook!”

Patch Your Computer Now!

By having a little knowledge about how to protect our personal sensitive data, we would not have to rely on the software developers at Facebook to keep our data secure. There are many Internet browsing best practices that we should use that will help us keep our data and our computers secure. Many of them are simple, for example, making sure that your computer’s operating system is up to date with the latest patches. Microsoft releases a patch for its Windows operating system on the second Tuesday of every month. Every user should make sure that they install this patch as soon as they receive it from Microsoft. The reason we need to patch our computers immediately is that hackers from around the world are also receiving this patch from Microsoft. Once they receive the patch, the hackers attempt to figure out what the problem was in Windows that Microsoft is fixing. After they find the problem, they learn how to attack it. So, there is a race on the second Tuesday of every month. Are you going to install the patch you’ve received from Microsoft before any hackers figure out how to attack your unpatched computer?

There’s So Much More to Do…

Patching our computers is just the tip of the iceberg when it comes to keeping our personal sensitive data secure. Over the next couple of weeks, I’m going to be explaining many best practices that we should all be doing so that we minimize our chances of being victimized by the many thieves that are out there on the Internet. We can never be one hundred percent secure, but with a little knowledge, we can make it much less likely that we will fall prey to many of the Internet attacks that occur each day.

Kevin Poniatowski was a software engineer for Department of Defense contractors for over a decade.  He has spent the last two years teaching software engineers, testers, and project managers from around the world how to create more secure software.  He currently resides in Nashua, NH and spends his free time speaking to groups about Internet Safety and can be reached at

It’s the End of the World as We Know It (and I still have to find a job)

disney-chicken-littleThe sky is falling.

The US lost millions of   jobs last year.

Layoffs continue to happen – and I STILL need to find a job.

With the huge number of layoffs and a slow economy, it will be tougher to find a job in the next few years.    As the old saying goes “when the going gets tough, the tough get going”, but what does that mean?  Do you need to work harder this year to find a job?  For most people the answer will be a resounding ‘YES’.  But what about working smarter?  Are there ways that you can get more out of your job-search time?  Yes, there are – organization and focus will help you ‘work smarter’, but how can you improve your organization and focus?  Well, you could integrate the common tools you use, set-up a to-do list and calendar to schedule your time – basically use better tools.

VirtualJobCoach is the site that was built to integrate all common job-hunt tools, processes and advice to make your job-search easier.

Can you afford to run your job-search the way you did last year?

So while the sky may be falling, the question is what you will do differently to compete?

Only you can answer that question.