This post could be out dated due to the constant changes in technology. Please be careful as you surf and don’t consider these steps as the absolutely safest way to surf. You need to be an alert and aware technology user!

Earlier today I got off the phone with someone who was dealing with identity theft due to a malicious website hacker that had done some things to try to take over his eBay account and his Yahoo account. After trying to explain things to him I asked for permission to blog about his scenario and then give some tips on avoiding this problem moving forward. Hopefully you’ll find this post handy and you can use the advice and information appropriately. Here’s an outline of the things you’ll want to do/need to do:

• Know the danger
• Know the technology (not everything, but enough to be informed)
• Know your browser
• Know where you surf

These are important keys to avoiding many online identity theft issues.

Know the Danger

The danger is real, but its not pervasive. You need to be aware that bad people exist out there who want your money. They want your money for little or no time or money on their part! So what you do with your computer needs to be set into a routine that you control and with safety in mind. Your money should change hands when you tell it to, not any other time. The rest of this article will outline what the dangers are and how to avoid them. By understanding these simple things you should be taking steps in the right direction. Be an alert web surfer.

Know the Technology

There are several terms that you should know in the context of the internet.

Vocabulary

Browser

The browser is the application that you used to access the internet. This may seem like a rudimentary thing to know, but I have talked to many people who don’t know that Internet Explorer is for web surfing and that Outlook Express (or Yahoo.com or MSN.com) are different mail clients. Different browsers are available for different operating systems. For example Internet Explorer is the default browser under Windows. It is free with the operating system and many people assume that its the only browser. That’s not true, there are also other browsers such as Firefox (my personal choice), Opera and Safari. I recommend you check them all out and look at the choices they offer. No matter which browser you use, you’ll need to know its settings to maintain some higher standards of safety.

SSL

SSL stands for ‘Secure Socket Layer’ and is a security feature that all sites that handle sensitive data should use. If they require a username and password (or email and password) for you to login, they should offer it with SSL. All browsers will give you some sort of visual indicator that tells you that you are accessing a secure location. Look for a lock icon in the address bar (where you type the website address) or possibly down in the toolbar. Firefox will actually change the color of the address bar to give you a large visual indicator of your location.

Cookies

Cookies are used by web sites to store small amounts of data on your computer to be accessed by the browser. Cookies are often used to improve security, but its these little bits of data that can cause the most harm! You don’t need to disable cookies, you just need to know how they work. Cookies are set by the computers sending you the web pages (called ‘web servers’ or sometimes just ’servers’) with a command that your browser understands. Cookies can also be access through javascript, and this is where things can get sticky. Javascript is a programming language that is embedded into web pages and it is what makes many web sites do slick visual things like hide and show content, but it also can be used by bad people to do bad things to people who don’t know what they’re doing. Since you’re reading this article we’ll assume that you want to be informed and want to avoid bad people doing bad things. JavaScript is NOT Java. Don’t confuse the two.

Cross Site Scripting

Cross Site Scripting is when someone who wants to do bad things writes JavaScript code that attempts to get your cookies or other data from a web page by embedding their code into another site’s code. This is most commonly done through advertisements on a web page. What takes place is this: a web page wants to make money so they contact a third party company who handles the advertising and the web site owner puts generic code into the web page that gets the ads from the third party company. That third party company may then link to yet another site where the ads are stored. Here’s the rub: those fourth party sites could be run by bad people doing bad things. Those people could be trying to get yoru information.

What you need to do is to setup your browser to take advantage of some built in security features that will take advantage of the technologies without losing any usefulness on the web.

Know Your Browser

Your browser, no matter which one you use, has some settings that you need to understand. Each browser has settings that will allow you to enable or disable cookies (or other custom settings) as well as enable or disable JavaScript. I don’t recommend disabling either of these handy features as they can be used for security. I do recommend that you understand how they work so that you can use them in a secure fashion. I’m going to post some screen shots for each browser so that you can find the one you use and make sure that you have things set appropriately for your risk tolerance. Always check your browser maker’s recommendations for maximum security!

Internet Explorer 6 & 7

To access the cookie and javascript settings in Internet Explorer you will need to click on the tools menu option and then select Internet Options. There are multiple steps as Internet Explorer makes doing this (without plugins) difficult.

You will need to go into the ‘Privacy’ tab and select ‘Advanced.’ After going to the advanced view you’ll want to make sure you prompt for what cookies are being set.

Click OK after changing your settings.

After each site you visit with private information used you’ll need to do the following:

Open up the options and click the ‘Browsing history’ Delete button.

You’ll need to delete cookies and it wouldn’t be bad to either disable password storage all together or delete the data periodically and re-enter it at regular intervals. This does two things: 1) it keeps the passwords in your head and 2) It keeps the passwords off your computer. After you’ve deleted the cookies you don’t have to restart the browser, but its a good practice to also delete the history as well so others can’t click the browser’s back button and possibly discover sensitive information.

Firefox

In Firefox you have several options for cookie security. You’ll want to change it to ask every time or have it delete the cookies when you close the browser. Then, after you’ve changed this setting close the browser after you visit a site that will have financial or personal information affiliated with it!

Opera

Here in Opera you can see that you can request that the browser prompt you for permission to set the cookie as well as deleting the cookie when you shut down the browser. It is always good to know that you’ve erased valuable cookie data when the browser shuts down. By using these settings and by shutting down your browser after visiting sites that could be setting valuable cookies you’ll greatly reduce your chances of getting hacked.

Safari

In Safari’s preferences you’ll want to make sure that you have cookies set to only accept from the site you’re visiting.  This reduces the number of sites that can track your whereabouts, which is good for privacy.  Also, after you’ve visited a web site with sensitive data you’ll want to clear your browser history by going to the history menu and clicking ‘clear history’.

Know Where You Surf

When you surf the internet you need to really be careful. I strongly recommend that people only go to sites that they’ve heard about from many, many people and that they can feel comfortable at. Sites that I don’t recommend (for ethical reasons and not moral reasons) include file sharing sites, adult content sites and any site that looks like its just selling something that you’ve never heard of. Google actually does a good job of filtering out bad sites in comparison to Yahoo!, but you need to be alert and aware of where you’re going!

Related posts

• No related posts.

This entry was posted on Tuesday, August 21st, 2007 at 10:06 pm and is filed under General, Lesson Learned, Outside the Box, Tips'n'Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.