Hal is very correct. I would only add these suggestions if you are paranoid. Remember this - <b>hackers pick easy targets</b>.
<b>Best advice: Do not use the same password combo for everything.</b> I always tell folks this, but most of us (myself included) can be lazy. Problems start when, for example, vbulletin gets hacked due to an insecure script, someone compromises the security of a site which holds some info about you, then they make the connection.
For example, let's say I'm a hacker and I want somebody's info, not necessarily yours specifically, but someone's info. I find vbulletin/unix/NT etc. hacks, compromise the security of either a script or program, access the user database, and find "connection" info after decrypting the db info (if possible/necessary). I scan the information and look for easy targets.
If your login at the TMF is "stlouis" with password "rams" and your screen name or email is similar i.e. I notice a TMF member with the email address of "
[email protected]" and make the connection. Odds are, with that password combo, I can assume several things: 1. You are lazy about passwords, and probably use the same for everything because it's easy to remember. 2. I can probably hack into your email with the same password combo. 3. I can view the headers of the email and trace back your ip, which can provide other info such as exact location. Run a packet sniffer to monitor your outbound traffic to see if I can catch any other stuff (passwords, personal info) you're sending out as you move through the web.
How do you avoid being an easy target? You can put yourself in the category of "not an easy target" by simply using different password combos for each site you visit. Tip: Keep them in a little text document, and even obscure the name of the password file or password protect the file in case your system is compromised some other way. When you make it hard, hackers just move on to the next dummy.
Another technique they use is to "brute force" hack a website. They make their location anonymous (search for "proxy servers" on google), and guess password combos. Using the example above, they would try 10,000 combos to access a site:
stlouisguy:rams
stlouisgirl:cardinals
stlouis:arch
which would probably turn up a few matches (the weakest passwords), which they can then use to attempt to hack you in other ways. Let's assume stlouisguy:rams combo is live and gets into the site. A hacker sends an email to
[email protected],
[email protected],
[email protected],
[email protected] etc. Every email bounces back as undeliverable... except for
[email protected]. We can then assume two things: 1. This person is lazy with their choice of passwords. 2. The odds of their AOL account password being "rams" is very high. Using that info, they log into your aol account and have their fun.
Also, if something pops up and wants to install itself on your computer, you better be sure that it's from a reputable company i.e. ebay, macromedia, apple, microsoft, etc. If any site wants you to grant permission for it to install itself, 99% of the time it's so they can spam you, track you with spyware, litter your computer with porn pop-ups/dialers etc.
So be a safe surfer, and remember that trojans and other viruses can usually* only be aquired in a couple of ways: 1. You just open (rare) or execute an email attachment. 2. You grant permission for a program to run on your computer. If a grey box with something like "do you want to install and run bla bla bla?" Yes. No. Cancel. Choose "Cancel" or "No" ALWAYS unless, as stated above, it's a reputable site.
So ya wanna be a secure surfer eh? Downlod a free password manager at download.com, download lavasoftusa.com's free Ad-aware and run it on a regular basis. Download a free firewall program to monitor your incomming and outgoing traffic.
Steve
P.S. It is a popular misconception that you can get a virus from a website. While surfing the web, you are pretty safe, as long as you don't give anyone or anything permission to <b>execute</b> a program on your machine. If some thing pops up and asks you to do something you aren't familiar with, don't do it. Cancel, No, Cancel, No, Cancel, No, Cancel, No. You can get all the info you need out there without compromising the security of your computer.
