In the context of this article, "account" refers to anything on the internet that requires a username and password in order to access it, such as a web-based email account, instant messenger account, and so on.

There’s an old word (if you could call it that) that’s been used time and time again in thousands of different I.T. departments across the world, and that word is PEBKAC, pronounced "pebb-kack." It stands for, "Problem Exists Between Keyboard and Chair."

PEBKAC accurately states the #1 reason why people get their account(s) compromised, that being end user stupidity and/or lack of knowledge.

Here are some classic examples of PEBKAC:

"My husband/wife and I use the same email account because it’s more convenient."

Not good. One of you is going to inevitably make a major error that will lead to you losing the email account in some way. It doesn’t matter how long you’ve gotten away with it to this point, nor does it matter how much you trust each other. One of you will screw up, probably very innocently with no bad intentions whatsoever. And when it happens (and it will,) bye-bye email account.

Email accounts should only be used per individual. Shared accounts is just a bad, bad idea because there are way too many things that can go wrong just from normal use.

"I use the same password for my email as I do for my online banking account, because remembering passwords is just too hard."

Dumb. This means if one of your accounts is compromised, so are the others. Why? Because you probably use the same username as you do password for all your accounts.

Solution to problem: Use KeePass.

"I keep my account information in a Notepad text file on my desktop."

Not smart. Okay, so you’ve got the right idea to at least keep track of your accounts, but in the worst possible way. Anybody who goes in front of your computer can open the file up as its in plain sight. And even if you’re the only one who uses your PC, if your hard drive crashes, your account info is gone.

Again, KeePass it. Store the database on a USB stick. It’s encrypted.

Here’s a few other ill-advised methods for your consideration:

• Using the browser to store all username/password information. Bad because anybody who uses your PC has access to everything, and I guarantee you’re not backing up your credential information.
• Using a browser bookmark synchronization service to store all username/password information. Also bad. The bookmarks supplied with account credentials are still on your local drive. You’re at least backing up your stuff, but are still poising your account information to be compromised from the locally cached copy.
• Setting site preferences to keep you logged in for more than 24 hours. Thankfully, online banking prohibits this – even down to an auto-logout after 10 minutes of inactivity. But other web sites do not do this. There are some (like Gmail for example,) that have a small checkbox that state to keep you logged in. I strongly recommend against using features like this, because I guarantee you’re never clicking the "log out" link but rather just closing the browser. This means somebody else can simply walk up to your PC, open the browser, go into the history to see where you’ve been, then have complete full access to whatever you were signed into just by clicking a few links. It’s all right there.

If you exercise basic common sense when it comes to your account information, the chances of your accounts getting compromised decreases dramatically.

I’m not saying to get all paranoid and lock down your PC like Fort Knox. What I am saying is that you should be aware of the simple ways (as outlined above) not-so honest people can get to your information.

By individualizing account credentials, using an external means of account information storage and routinely clearing your browser history, these simple steps add a rather good level of protection. No, it will not protect you from all means of ways an account can be compromised, but it’s a really good start.

On many download sites, you may see an MD5 checksum (or hash) included on the page next to the file download link. If you have ever wondered what this is and how it is useful, then hopefully this tip will help.

An MD5 checksum (you can read the full info on Wikipedia here) is basically a string of letters and numbers determined by the characteristics of a particular file. By making a small change to the file, a completely new MD5 hash string would be generated.

This becomes useful when you download a file because you can compare the MD5 checksum of the file you downloaded against what the download site says it should be in order to ensure the file is the same. If the MD5 result between the two files are different, then the file you have has been tampered with. For a good demo of MD5 and how you can use it, check out this YouTube video.

While MD5 is not 100% foolproof (nothing is), it is a very good way to make sure you are getting what you think without and “surprises”.

Whenever you do browsing to sites you are not familiar with, you always run some risk of the site not being “on the level”. If you do not go the route of script blockers, it is a good idea to have something watching your back. Web of Trust (WOT) is a tool that can fit this bill.

WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It’s easy and it’s free.

When you have WOT installed, it will check websites you are visiting as well as search results/links (on popular sites) so you can see if they are rated safe before you visit. Based on what I have seen, this site gets positive reviews from several sources, so I have no reason to question it.

Alliteration aside, the most popular firewall program I see recommended on this site, outside of the one built into Windows, is Comodo Firewall. While there is certainly nothing at all wrong with it, if you are looking to explore alternatives then PC Tools Firewall Plus is worth a look.

PC Tools Firewall Plus is advanced technology designed especially for people, not just experts. Powerful prevention against attacks and known exploits is activated by default while experienced users can optionally create their own advanced packet filtering rules, including IPv6 support, to customize the network defenses. All you need to do is install it for immediate and automatic ongoing protection.

Basically, everything you would expect to find in a firewall package is there. I imagine the difference between Comodo and PC Tools Firewall Plus would be small if any, so it would boil down to personal preference.

Has anyone tried both and if so, which one did you prefer?

For those of you who carry USB drives with utilities to help diagnose and clean other people’s machines, a utility you might want to take a look at is Dr. Web CureIt.

This is a FREE anti-virus and anti-spyware utility based on Dr.Web Anti-virus scanner, which will help you quickly scan and cure, if necessary, a computer operated by MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/2008/Vista/7 without installation of the Dr.Web Anti-virus.

Since the utility does not require installation, you could have it on your flash drive and run it as needed. This can be an ideal suppliment/alternate scanner to run in the event the machine already has anti-virus present.

Have you ever wanted to hide certain programs from people that may be looking over your shoulder? If so then the free program, Window Hider is for you.

You give Window Hider a list of programs and a shortcut key then when it detects you pressing that shortcut key it hides those windows in your list.

While the author makes the case of using this to hide programs from your boss (which I do not endorse by the way), I could certainly see this being useful for quickly hiding password programs or when you are looking at banking information on a browser.

Pretty much every current browser out there has the ability to save your user name and password information on different sites and then fill them in when you visit later. While this function is incredibly useful and convenient, it is important to remember it is not a substitution for a password manager.

Since this information is stored in your browser, it lives and dies with your browser data. While this is typically not a problem, there is always the chance this information could be corrupted with an upgrade/patch or even worse, stolen via malicious software or a browser exploit.

By using a password manager, such as KeePass, you are assured protection. Since these programs focus on keeping your password information safe, this is the most reliable way to store your sensitive information.

Whenever a platform is widely used, it is a big target for attacks. Take Windows, it is by far the most widely used OS so it makes sense there are more attacks on it than anything else. The same holds true for browsers and web platforms. So for those of you who use the popular WordPress platform for your blog, security should be a consideration.

To help with this, you can check out the Maximum Security plugin for WordPress.

Maximum Security for Wordpress is packed with strong protection that makes your site extremely secure. It guards against intrusion; tracks a plethora of events; blocks malicious content that could harm your readers and your search engine ranking; and includes a strong Web application firewall along with a full blown intrusion prevention system[.]

You can read the full list of features here. Any version of WordPress later than 2.5 is supported so even though this plugin is still in beta, it is worth taking a look at.

What is a keylogger? It’s something that records keystrokes and is normally used without the consent of the user.

You’ve probably heard that keyloggers are a bad thing. It is when used for illegal purposes, such as having a keylogger app installed without your knowledge via spyware. But it’s not a bad thing when you are the one who installed it to keep track of what people are doing when using your computer. For example, if you’re a parent who thinks your child is doing not-so-good things on the internet, you’ll be able to find out what’s been going on with a keylogger.

If you decide to use one, you can opt to use hardware or software.

Hardware

Above is a hardware keylogger from ThinkGeek. It connects directly to the keyboard connector, can be hidden easily and holds up to 128k of data. While that may not sound like much, bear in mind it’s all text so it is actually quite a bit. Additional features include password protection and keyword searching.

The only real drawback is that it is, as you can see, a PS/2 connector and not USB. However that can be easily remedied with an adapter should you use USB.

Cost is $59.99

There are other hardware-based keyloggers out there on the internet, just do a search for them and they’ll show up.

Software

You need not look any further than SourceForge to find freely available keylogging applications for Windows and Linux.

Best Free Keylogger, a.k.a. BFK, is one of the better ones.

Bear in mind you do have to set up appropriate permissions for this app, and if you use existing spyware/malware security software it may identify this app as "dangerous". Obviously it isn’t, so if you see the warning(s), give the app the appropriate security "pass".

Which is better, hardware or software?

Hardware is the better of the two because it’s not an app you can simply disable as it requires no software. The only way to disable the hardware is to literally unplug it.

Will either slow down my computer?

No. Either will run in the background seamlessly.

This is actually a very easy question to answer: No. And it never has been. But don’t freak out about it. More on that in a moment.

When I say that email isn’t secure, I’m not referring to the username/ password you use to access your account. That’s a local level of security. Email isn’t secure because the vast majority of it is transferred from sender to recipient using nothing but plain unencrypted text. It’s the transport method where the insecurity happens.

Any message sent across the internet unencrypted can be intercepted and read easily because there’s nothing to decode.

In addition, the routing process of each mail you send hops across so many servers that any number of people could intercept your mail.

Side note: If you want to examine exactly how many hops it takes to get from you to a particular server on the internet, this is done using the trace route function.

In Windows: Start / Run / type cmd / press Enter

If you want to know how many hops it takes to get to mail.yahoo.com, type tracert mail.yahoo.com and press Enter once at the command prompt. It will take a few seconds to go show all the hops.

Should you be concerned now, knowing that email is so insecure?

Not really.

You have to remember that each email you send or receive is one of countless millions transferred every day on the internet. The likelihood of your mails being intercepted are extremely slim at best.

There have been those who have tried to make email more secure.

The only method of secure email that has had some limited success is the use of digital signatures.

Using the Microsoft way, Outlook Express and the newer Windows Live Mail can use what’s called a "Digital ID". In Windows Live Mail this is found via Tools / Safety Options / Security tab, then look under the heading "Secure Mail", like this:

Clicking "Get Digital ID" brings you to Microsoft Offline Online, because these IDs are tied to not only email but MS Office products as well.

Oh, and by the way, Digital IDs are not free.

Using the free method, you can use PGP. It is a pain to use. The only email client I’ve ever seen do it right is Mozilla Thunderbird outfitted with Enigmail.

On the Enigmail home page, it states under the "What do I need?" section:

You need a supported email client, the GNU Privacy Guard (GnuPG), and a little patience.

Even they know it’s a pain to set up. And yes, I can vouch for this because I actually tried it out once for a few weeks. Sure, it works fine once everything is set proper, but it certainly not a 1-2-3 easy process.

"Are you saying the mail has to be tied to an email client in order to use these secure features?"

No. There is Hushmail. Email from that particular system is encrypted and freely available. It is the only one I know of that has encryption, is web-based and free.

However you have to bear in mind that even though your mail is encrypted, your recipients are most likely still using plain text.

In the end, email is insecure no matter how much you try to make it secure. But don’t lose any sleep over it.

As you probably are aware, websites can serve as hosts for malicious scripts. If you are not adequately protected, they can damage your system. One tool to help protect from these infected sites is LinkScanner.

LinkScanner Lite inspects each search result as it is returned to your browser. One of four color-coded icons will appear next to each result.

LinkScanner Lite also allows you to inspect any hyperlink on the Web, at any time, simply by right-clicking on it. LinkScanner Lite will perform its analysis and return a verdict.

This tool is included with AVG’s security tools, so you may already have it.

One note on this is it should be used responsibly. I would recommend you try to use only the on-demand scanner to avoid sending garbage traffic (via the pre-scanner) to websites you might not even visit.

If you have some sensitive information on your computer which are ‘for your eyes only’, it is important to make sure they are adequately protected. While you can apply broad security such as Windows permissions or through drive encryption (TrueCrypt, etc.), a simple and effective method is to compress them in a password protected zip file.

Any zip client worth its salt will allow you to create a password protected archive, so odds are you already have everything you need. Whenever anyone tries to open the the zip file, they will have to enter the password to continue. This is also a great way to securely transfer files over email. As with any protection by password, you will want to make sure you use a strong password.

If you have lots of files you are protecting, you can include them in a single zip archive. Additionally, you can set the compression method to low or none if you want to minimize the time it takes to save and load your files from the archive.

I have written in the past that you really only need to have one version of Java installed on your machine – the latest. Unfortunately the Java installer does not remove your outdated versions when upgrading to the new version, which leaves the older and probably more vunerable releases installed.

Rather than uninstalling them manually, check out this post which references a tool to automatically do this for you. The tool is free and can save you quite a bit of time if you have 5 or more older versions of Java installed… which is actually quite common.

One thing I have noticed when reading some articles across the Internet regarding data destruction is many recommendations are on the ‘paranoid level’. I have seen articles/forum posts where people talk about 0 writing their hard drive 5+ times and then taking it apart and smashing the disks. First of all, 99.999% of the data out there is worthless to anyone except the owner and second, 99.999% of people who would try to steal this data would pick the ‘low hanging fruit’ where they find a drive which has data on it and exploit it.

The point of this is simply if you are getting rid of a hard drive with important data on it, 0 writing it one time is enough. I’ve written a tip about this in the past which references the Ultimate Boot CD as a great resource for easily getting access to the tools you need.

Let’s be realistic, nobody is going to be running your hard drive through rediculously sophisticated and expensive hardware to try to steal your data.

If you are very concerned about malware on your system and already have a couple of programs to scan for such programs, another anti-spyware package you might want to try is Malwarebytes.

From their description:

Malwarebytes’ Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes’ Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module [available in the pro version] uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure.

I recently used this application to remove a rather nasty piece of spyware from a relative’s machine and it worked great. I have found, typically, that certain anti-spyware programs are better than others for particular infections so this may be one you want to consider in the future.