A funny but O so true write-up from SANS (www.sans.org) on what NOT to do online.

1. Practice Unsafe Surfing. When you purchase a new computer, go online without activating the firewall, or purchasing protective software.

Further expose yourself digitally by sharing a wireless connection with the entire neighborhood. Without digital encryption, you can share the contents of your hard drive with anyone on the street. For maximum risk, do some online banking on a public computer -- like the one at the library or a public cafe. Bonus points are added if your Social Security number is your user ID for any transactions.

• Use a hardware firewall at work and at home along with good AV software that is kept up to date.
• While the desire to go 'Wireless' is high and the products make is so easy take the time to set it up properly or call in an expert to set it up for you.
• Never do more than just check news stories on some basic searching when on an unknown and thus un-trusted computer be it at the library or even over at your friends house.

2. Skimp on anti-virus and anti-spyware protection. Courting disaster online is easy. Invite malicious code to attack your computer simply by doing nothing. Antivirus programs can be pricey, and the maintenance of constantly downloading updates is time-consuming. Combine that with the security updates from Microsoft or Apple and it's enough to seriously annoy anyone.

Install a good Anti-Virus solution, most like F-Secure, come in a full protection suite and could be included free with your internet connection (Shaw includes F-Secure for example) Turn on automatic updates in Windows and if your programs can be set to do the same do so. Once a month manually check to ensure your programs are up to date with something like the online F-Secure Health Check or the Secunia Software Inspector. It wouldn't hurt to visit both Windows Update and Office Update while your at it.

3. Passwords are a pain! Make life easy for yourself by using the same password for EVERYTHING, and make it something easy to remember, like your first name or 'password'. Just in case, make sure you write it down on a yellow sticky and put it somewhere easy to see.

And don't forget to have your browser set to 'remember password' to make life easy for you - and the cyber thief.

• Use the idea of a password phrase to remember hard to guess passwords. A favorite phrase or poem can become the backbone of a secure password policy.
• For Example the phrase 'The quick brown fox jumped over the lazy dog' can be used to easily remember a password of 'tqbfjotld'.
• Make your password harder to guess by throwing in Capitalization, numbers and special characters.
  • If you want to keep things simple then come up with at least three or four secure passwords.
  • The first would be used only for online banking. The second would be used for your e-mail. The third would be used anywhere you have to register to use a site. The fourth could be used for questionable sites that require you to register.

4. Peek at junk email and open attachments from unknown sources. Open attachments from strangers, secret crushes, long-lost friends saying "what's up," or strangers hawking cheap drugs -- you'll never know unless you peek at that email. One of the many fun things that can happen when you open an attachment containing malicious code is infecting your computer with a Trojan horse or virus, which can easily lead to identity theft.

Use a service like CudaMail to filter out all these unwanted messages. They are either marketing messages or worse, spammers trying to add your computer to their botnet. Stay away from these messages no matter how 'interesting' the spammers make them.

5. Stuff your wallet with juicy identifying tidbits. Wallets and purses are more than just handy cash-carrying devices. They often have credit cards, identification, insurance information and even Social Security cards. Obviously, more is better if you'd like to become the prey of fraudsters.

Losing or misplacing a wallet or purse can cause more problems than just the hassle of replacing all those cards and buying a new bag. Armed with your date of birth, Social Security number and mailing address, there's no limit to the damage thieves could cause.

• Keep only what you need in your wallet or purse.
• The rest of the information should be in a safety deposit box where you can get it if you need it but the rest of the time it is locked away.
• Check on the personal information the credit bureaus have on you to make sure it is accurate and that someone hasn't signed up for a credit card or something else in your name but using a different address.

6. Make your checks payable to criminals. If you're like most people, you wouldn't post your checking account information on your front door, though you should if you'd like to be a victim of fraud. Similarly, checks reflecting the same information can be dropped casually into unsecured mailboxes. Statistically the chances of your mailbox being targeted by criminal elements are low, but not that low. According to the 2008 Identity Fraud Survey Report from Javelin Strategy and Research, almost 1 in 10 victims of identity theft who can pinpoint the scene of the crime say that it happened at the mailbox.

7. Opt out? Opt in! While you're mailing checks from the unlocked mailbox, go ahead and get credit card companies to send you all the pre-approved offers that the postman can cram into the box. Similarly, don't get credit card statements online; leave them on the side of the road so that they're more convenient for fraudsters who lack the technical knowledge or follow-through to launch complicated hacking schemes.

Don't use the mailbox by your front door as an outbox just because it is convenient. Take your bills to the bank to pay or drop them off at a real post office. Anything you do get that has your identifying information on it like a pre-filled out credit application should go through a good cross cut paper shredder before leaving your place.

8. Nothing is too good to be true. Everyone wants to feel special and maybe more importantly, filthy rich. When reading an emailed proposition from an African business tycoon, an imperiled prince or downtrodden heiress offering millions of dollars in exchange for some small measure of assistance, it's difficult not to wish it were true. Falling for the story will undoubtedly lead to unpleasantness.

Don't let your greed get the better of you. While the 'I have umpteen million dollars that I'm trying to sneak out of the country' e-mail's are getting old hat people are still falling for them. What is more insidious is the 'work at home as an agent' e-mail's that make it sound so easy. All you have to do is deposit a check or two each week into your personal bank account and wire transfer the funds to 'the company'. You either end up out the entire amount when the check is returned NSF or you are working for organized crime and are a money launderer.

The internet is a wonder and scary place at the same time. Be educated and play safe.

Thailand

Emirates

> Source: http://isc.sans.org/diary.html?storyid=4343

• http://oit.nd.edu/email/fullheaders.shtml

• All Fools' Day
• Doh! All's Fool
• Doh! April's Fool.
• Gotcha!
• Gotcha! All Fool!
• Gotcha! April Fool!
• Happy All Fool's Day.
• Happy All Fools Day!
• Happy All Fools!
• Happy April Fool's Day.
• Happy April Fools Day!
• Happy Fools Day!
• I am a Fool for your Love
• Join the Laugh-A-Lot!
• Just You
• One who is sportively imposed upon by others on the first day of April Surprise!
• Surprise! The joke's on you.
• Today You Can Officially Act Foolish
• Today's Joke!