Greetings from SurfSafely.com! If you enjoy reading this newsletter as much as I do writing it, pass it on to all your friends and family but please respect their privacy. Place the addresses of those you send to in the BCC: field rather than To: or CC:. And as always, this newsletter is opt-in only. If you feel you've received it in error, reliable removal instructions are at the bottom. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In this issue: 1. The PICS filter war 2. More email scams 3. Recent virus alerts and hoaxes 4. Identity theft - Are you at risk? 5. Sounding off - Some personal ramblings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In the aftermath of the terrorist attacks on America, it almost seems selfish to discuss anything else. But to not do so and go on with life means the terrorists win and I for one will not let them win. We win. More comments in the Sounding off section. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ News and guest articles may be submitted for editorial review to mailto:news@surfsafety.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. The PICS filter war ====================== PICS (the Platform for Internet Content Selection) is a filtering mechanism built into Microsoft Internet Explorer v3.x - v6.x and Netscape Navigator v3.x - v4.77. Why not Netscape 6 you ask? Good question! Most who took part in my online survey are asking themselves that very question and also want to know. ICRA continues to forge ahead with development of their stand alone product that, as far as I know, will not support any other filtering standards like SafeSurf. It looks like a fine product and I am one of less than 100 who are getting a sneek peek at the pre-beta release product to take it for a test drive. Future editions of this newsletter will report on new developments with this product as they become available. You, my loyal subscribers, will be the very first to know. SafeSurf, the primary labeling standard here in the US, has formed an alliance with SurfSafely.com to urge manufacturers of wireless web devices to adopt their standard for this product type and build it into the firmware so it can not be disabled. Because devices of this type can be used in total secrecy, away from view of parents and guardians, the dangers are all that much greater that parents and guardians lose control of the content levels they want those in their care to have access to. We support any effort to include any standardized PICS filtering mechanism into the firmware of these devices to restrict access to material deemed inappropriate by parents and guardians and applaud SafeSurf for taking the lead in this regard. Ultimately I would like to see an atmosphere of cooperation between ICRA and SafeSurf. Already I have seen a softening of opposition between them and hope to help it along further. ICRA now labels their site with the SafeSurf standard and SafeSurf has just unveiled a high profile link to SurfSafely.com which links also to the ICRA web site. The benefactors in all of this will be you and I, and of course our children. As a next step in the process, I would call for SafeSurf to reciprocate with ICRA labeling and ICRA to open their new stand alone filter to other filtering standards like SafeSurf. Little would go further towards acquiring my wholehearted endorsement of this new filter than to make it an open platform for others to contribute. I could also then recommend users of Netscape 4.x to upgrade to 6.x without reservation, but not a moment sooner. We'll have to wait and see how it all plays out. I am encouraged by the progress so far and confident it will continue. Ahead we forge. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2. More email scams =================== We've discussed before some of the more elaborate scams making their way around the web but let's take a minute to review a few fundamentals. What precipitates this topic is I just recently received, and subsequently squashed, one of the most basic email scams of all time - The deal that sounds too good to be true. Guess what? They always are. The one I received was an incredible sounding deal for web hosting service. It was supposedly sent to me "On behalf of my current hosting provider." - Red flag number one. Why on earth would my hosting provider deliberately recruit someone to solicit me to switch hosting companies? Secondly, this supposedly credible solicitation asked that I send them my name, billing address, credit card number and expiration, VIA EMAIL! - Red flag number two. No credible company will ever ask you to send credit card information via email, the least secure means of transmitting personally identifiable information ever devised. They will ask you to pay online via a secure web site on which you will always see the lock symbol activated in your browser to make you aware that the site is indeed secure. Lastly, I contacted the web host being promoted who told me there was no way they would ever offer their services for such a ridiculously low cost and CERTAINLY not through an independent rep as this solicitation would have me believe. This was credit card fraud at it's very worst, in it's most obvious form. What irritates me the most is I'm sure many fell for this obvious scam. Like any other product or service offered by any other vehicle, the same rule applies. If it sounds too good to be true, it is. Trust your instincts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Recent virus alerts and hoaxes ================================= The summer of 2001 has had no shortage of virus hoaxes and real threats. Let's start first with the hoaxes, explain how to spot them, and how to stop them. How do you spot them? Just like marketing scams, if they seem too incredible to be true, they probably are. It's just that simple. Did you see the one telling you to delete a certain file on your computer if you found it there because it was a virus? Do you know what happened if you did? You deleted an important system file that is part of Windows 98! Oops! How do you stop them? Avoid the temptation to forward the warning or act on them in any way before investigating its' truthfulness. Also just that simple. I get really annoyed with friends who think they're helping by forwarding these vehicles of mass hysteria. If they just took a moment to sit back and take a deep breath before giving in to knee jerk reactions, they would realize the nature of the hoax they are helping to perpetuate. Check out this page at McAfee http://vil.mcafee.com/hoax.asp? Bookmark this page and read it every time you get such an email. Don't become part of the problem. Become part of the solution. ----------------- The real viruses going around that I have received include CodeRed, SirCam and the newest entry Magistr. Information on this virus can be seen at http://vil.nai.com/vil/virusSummary.asp?virus_k=99040 Until now, email worms like CodeRed and SirCam were targeted specifically at users of Microsoft Outlook and preyed upon the vulnerability it once had which automatically executed infected files just by opening the email. Microsoft finally woke up to consumer outcry and removed this "feature" but not before much damage had already been done. The question I have is why were they not able spot such a huge security hole before the fact? The fact is, they knew it was there and did not care. It's a scenario we have seen Microsoft repeat over and over. When do WE wake up and look elsewhere for our software needs? When do we send Microsoft the wake up call and hurt them where it counts - their wallets. But now the virus authors have had to return to trying to trick you into executing the infected files on your own again. In doing so, the threat is no longer contained to users of Outlook as it once was. Once again, with the release of Magistr, users of most other email programs are at risk again. They now include Netscape Messenger and Eudora. McAfee labels this virus as "Medium risk" but, given how wide spread it is becoming, I'm not so sure. I think it deserves a higher risk label. But then again, I don't take any viral infection lightly, be they pranks or not. Any computer virus is an invasion I did not ask for. Just because it didn't trash your computer doesn't mean it should not be taken seriously. In order for viruses to infect your computer you must deliberately execute these email attachments when received. For you it may seem obvious that no email attachment or program file should ever be opened unless it has first been scanned with an up to date virus scanning program and you know for sure the one who sent it to you did so deliberately. Most worms will send themselves to everyone in your address book using your return address so the recipients suspect nothing is wrong. But do your children have email accounts too? If so, have you taught them not to execute or open attachments until they have passed a proper virus screening, no matter who they appear to have come from? To be aware of the potential dangers? To alert you when they get something they're not sure about? These are important questions that I hope you have already asked and answered. If not, it's time to do so. Once infected, it does not matter who is using your computer at the time. Your information has been compromised and chances are good everyone you know with an email address has already received the same unwelcome "gift", this time from you. Carelessness here will not score you any points with your friends. It's no joke when time invested in your computer is lost because of a virus written by a malicious hacker who couldn't care less. Please use virus scanning software religiously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. Identity theft - Are you at risk? ==================================== There are many ways your identity can be stolen online and off. Some are obvious, some not so obvious. Some can damage your credit and some can put you in serious physical danger. I will share with you one situation I uncovered recently involving a beautiful 21 year old model who had no idea her privacy could be so easily invaded. Her name is omitted here to protect her privacy but make no mistake, this is not fantasy. This is a true story. I was introduced to a voyeuristic web site that likes to promote itself as a great way to meet others, the name of which will not be shared here because they do not deserve the added traffic they might get by my mentioning it. Suffice it to say, it's clever and very addictive. Users are defaulted to viewing page after page of only females with a choice to view only males if they wish and rate each image presented to them on a 1 to 10 scale then presented with the next selection. Some of the photos shown also give you a way in which you are supposed to be able to contact that individual without revealing their true identity to you until they're ready to do so. The premise is that all photos presented on this site are put there voluntarily by the subjects IN the photos. The reality is many of the photos presented there are hijacked from other sites and personal web pages because, let's face it, if they had to rely on all voluntary submissions, no one would go there and the site would not be nearly as popular as it obviously is right now. When a photo is submitted to the service, all that is needed is the web address of the photo itself. The service web page showing the photo actually displays the photo from the other web site without hosting the photo on their own servers. Openly they state that they do not permit pirated or copyrighted material on their site but privately they do little to prevent it. I ran into one photo of a girl so beautiful that I had to say to myself "What does a girl like that need with a service like this?" What indeed. With a few keystrokes I was able to determine the location of the image. With a few more keystrokes I found the web site that the photo was intended to be displayed on along with her full name, the town and state she lived in and a valid email address. With her name and town, because her telephone number is not unlisted I was able look her up in an online telephone directory complete with street address and turn for turn driving directions to take me from my doorstep directly to hers. So, I wrote her an email and asked her why she had posted her image on such a despicable web site. She had never heard of of this site before and had no idea what I was talking about. I replied again and laid it all out for her. Unfortunately, I probably scared her half to death in the process but that's the reality of identity theft. It's scary. She immediately removed her last name, town and email address from her own web site and obviously took my advise and contacted the offending web site to have her image removed from there as well. Now, here's the real question. What possible motive could anyone have to pirate the image of someone else from their personal web site to be shown on another site? Unless, of course, that individual was directly connected with the offending site trying to pump up business? I can't think of any. Can you? Because of this simple breach in personal privacy, had I not had honorable intent, I had everything I needed to stalk this person and make her life a living hell. Thank God for her that I got to her first. I once reported to you on another site whose marketing efforts I felt was a serious threat to personal privacy called quickdot.com. Evidentially I was not alone. They are no longer, and it's not because they had a bad idea. It's because they had a dangerous scheme by which to promote their good idea. Had they taken the high road I am convinced they would still be around. Too bad, but good riddance to them just the same. May other marketers take a queue from their failure and realize it's in their own best interests to respect our online privacy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5. Sounding off =============== Please pray with me for the friends and families of the survivors and emergency rescue teams in the aftermath of the terrorist attacks in New York City on Tuesday and offer support in any way you can. I was disappointed and yet overjoyed Tuesday going to the Red Cross to donate blood and couldn't get in because so many had already lined up ahead of me. God bless all of you who have helped and who will help. You are the heart and soul of our great Nation and it is why we will rise above this with our heads held high. May we never need another wake up call like this again to guard against the few ignorant radicals who make life hell for us all. Justice will be served. (If you would like to sound off, write us and maybe we'll include it here.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ That's news for now. Until next time... Be informed, Be involved, Be well. Sincerely, Mark Brasche Founder and CEO, SurfSafely.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~