Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.
In theory this is mainly done due to Facebook not allowing you to see the profile of anyone you have not friended, but that feature is optional on all other social networks.
As Mr. Hodson points out, this is tantamount to handing over the keys of your house to your employer, and telling them to have a look around. Not only would you be giving them access to your profile, but also to your private messages, the ability to see your friends profiles that are otherwise private and other potentially sensitive information in your account. Never mind the fact that one of the first rules of passwords is to never give them out to any one.
City attorney Greg Sullivan explained the reasoning of this request to MontanasNewsStation.com this way:
So, we have positions ranging from fire and police, which require people of high integrity for those positions, all the way down to the lifeguards and the folks that work in city hall here. So we do those types of investigations to make sure the people that we hire have the highest moral character and are a good fit for the City.
While it is understandable that a city would want to hire only upstanding people, demanding access to their private information is a whole different matter. Mr. Sullivan also continued:
You know, I can understand that concern. One thing that’s important for folks to understand about what we look for is none of the things that the federal constitution lists as protected things, we don’t use those. We’re not putting out this broad brush stroke of trying to find out all kinds of information about the person that we’re not able to use or shouldn’t use in the hiring process.
The problem I have with this is what if someone entrusted with the checking of your profiles is unethical? What if they are a gossip? You are giving some faceless person all of the information they need to find out pretty much anything they want to know about you, and that is worrisome. And what happens to those pieces of paper you write down your information on? Can the city guarantee that those documents will be under lock and key at all times with records kept at all times of whom accessed them?
It is easy to understand that in these difficult economic times that people will do whatever they can for a job, but for the city to even suggest that you should hand over this type of sensitive information is insanity. And, lets be honest here, do they really suspect that if someone is doing something illegal that this will give them the magic solution to finding out? Do they really think that if someone is a child molester it is going to be spelled out for them on their social networking profiles?
No matter how you slice it this is a bad idea, and something that the City of Bozeman has no right asking for. What is private is private, and you sure would never catch me giving them access.
The extent of our request for a candidate’s password, user name, or other internet information appears to have exceeded that which is acceptable to our community. We appreciate the concern many citizens have expressed regarding this practice and apologize for the negative impact this issue is having on the City of Bozeman.
Thanks to heatherkoyuk on Twitter for bringing this to our attention.
People everywhere are concerned about the Conficker virus that is running rampant across the Internet, butas it sits dormant for so long, it can be difficult to tell if you have it or not. Luckily the Conficker Working Group has come up with an amazingly easy way to tell if you have it by just taking a look at the chart below.
Conficker Eye Chart
How to interpret:
If you see this above:
It probably means this:
= Normal/Not Infected by Conficker (or using proxy)
= Possibly Infected by Conficker (C variant or greater)
= Possibly Infected by Conficker A/B variant
= Image loading turned off in browser?
Any other combination
= Poor Internet connection?
If you’re curious as to how this works, the first row of images are served up by the actual websites for those anti-virus programs. As Conficker prohibits you from going to those sites to download tools, you would not be able to see them if you were infected. The second row is there merely as a control sample so you know if your browser is working properly. If you are showing signs of infection you can go here to check out some tools to help you get rid of it.
Gmail and Google Talk users be warned, the service is under a phishing attack.
The image to the right (provided by Adam Ostrow of Mashable) shows the message people using Gmail and Google Talk have been receiving for the past few hours. When you click on the link, you are taken to a site (pictured below) named ViddyHo. The site asks for you to log in with yoru Google credentials to view the video your friend is supposedly sharing with you. Instead, what you are doing is giving your username and password to a third-party who then spams your entire Google contact list with the same message to get more people to go to their site and do the same.
Back in January we reported on a phishing attack on Twitter that was using a similar method, and again we must warn you that you should never give your login credentials for any service to any site that is unkwown to you. If you receive a message like the one shown here, ask the person what the video is before you click on it, and even if you should click through, never give your login credentials! If something like this does ever happen to you, make sure to change your password immediately upon discovering it.
Ever wondered if someone is accessing your Gmail account? You’re in luck! There is an easy way to tell.
It is inevitable that every one gets the feeling at least once that someone has accessed their email account without permission. We recently received a question from a reader about how to tell if his Gmail account had been accessed by someone other than himself. Luckily there is an easy for you to check this as often as you like with just a few clicks… two to be exact.
The first thing you need to do is scroll all the way to the bottom of the page of your inbox. In the area where it tells you how much space you’ve used and so on, you will see the word “Details”. Simply click on the word and you will see a popup window appear.
In the popup window you will see the last five sessions of your Gmail account, and the IP address you are currently using. If you see an address radically different than your own, simply click on the button that says “Sign out all other sessions”, immediately killing all other logins into your account other than the one you are currently on.
That’s it, you’re done! Super easy to check, and something you can do as many times a day as you like to see if someone you don’t approve of is accessing your account.
Popular microblogging service Twitter appears to be undergoing a phishing attack.
Phishing is an attempt by scam artists to acquire personal information about you and your login to popular sites by mimicking official information of another site. In this particular case you will receive a direct message from one of your contacts on the service that says:
hey! check out this funny blog about you… http://jannawalitax.blogspot.com/
Luckily the website has not been blocked by Google as you can see from the image below that you now receive when you go there.
When the page was unblocked it did look exactly like the Twitter login page and asked you to submit your username and password that you could see this “funny blog about you.” The problem here is that these particular scammers undercut themselves with anyone that is the least bit web savvy by directing you to a blogspot.com blog and then asking you to login in to your Twitter account which has no connection whatsoever with blogspot.
According to Pete Cashmore at Mashable, part of the problem in this particular case arises from people who have their direct messages set to be delivered to them via email. If you were to click on that link inside of a piece of mail, you might be more likely to go ahead and sign in with your user information.
As always, you need to be careful with any site you visit that then asks for your login information for a site. Does the web address look correct? How did you get there? All questions you should be asking yourself before you give any site your information.
UPDATE: They have already changed their message. The new one is:
Hey, i found a website with your pic on it… LOL check it out here http://twitterblog.access-logins.com/login
UPDATE #2: They have changed their tactics again.
hey look at this funny blog http://rosalierebyb.blogspot.com/
UPDATE #3: You have to give them points for their persistence.
fixed it.. hehe here is that blog i wanted to show you http://twitterblogs.access-logins.com/login
“I can help you with that, just let me have your password and I’ll be able to take care of that straight away for you.”
As hard as it may be to believe, people will just go ahead and give someone their password after being asked such a question. After you’ve gone through the trouble of picking a strong password, it would be a shame to waste it by just giving it away to someone.
It is amazing how often this actually comes up online, even after this many years of the Internet being a popular past time for people. So here are a few do’s and don’ts of online password safety.
Do’s
Make sure you went to a web site by typing in the address yourself, and not clicking on a link in an email
Click on links in emails that then ask you for your password
Give your password out to anyone in a chat room
Give it to a friend so they can help you out with something
Give out over the phone
Basically, treat passwords like you would anything like your passport or social security number, don’t just tell it to anyone on a whim. If you are curious what prompted this, I actually saw someone in a game chat room tonight trying to get someone else’s password, so it does still happen.
While it is good news that this patch is out there, you will still have to wonder how many people never even know it was there, let alone that it is now fixed. We still recommend you look at using other browsers such as Firefox, Chrome or Opera.
Some days it just doesn’t even pay to turn on your computer when you run in to malware.
Malware is short for “malicious software” which is any piece of software that loads on to your computer without your informed consent, and intends to do harm to your system in some way. One of the most popular versions is a style known as “Rogue Malware” that usually intends to in some way mimic other software. The best known example of this style is the type I get infected with last night known as “Antivirus 200X”.
Antivirus 200X (there are versions for 2008 and 2009) attempts to fool you in to thinking that it is a Windows security program and that is is scanning your system for spyware, malware, adware and viruses. It will fake reports for these items and tell you that you will need to purchase their software to remove the harmful files. Until you do buy it, it will take over your system, attacking you with pop-up ads even in web browsers you don’t currently have open.
While I had fought off Antivirus 2008 before on someone elses computer, the 2009 iteration is even more devious. It barred me from going to websites that hosted software to uninstall it, even when I did finally get the software on the computer it kept me from installing it and it also locked me out of being able to edit my registery file so I could remove it by hand.
After trying several programs, I finally found one called SpyHunter V 3 that unlocked the installation problem. Once that was done, I used a combination of other softwares, and invested around 6 hours in fighting the infection. To help save others some of these problems, here is what I suggest you use”
Malwarebytes took out the main problem of the actual Antivirus 2009. I found good instructions, and a download link, at BleepingComputer.com
AVG Free seemed to find even more and has now installed guards warning me of potential problem sites
And when I found I still was getting random popups, BleepingComputer.com again came through with ComboFix. Make sure to follow the instructions on this one closely.
So after six hours of pain, my system seems to be free of this pain finally, but I am still being cautious.
Just remember to be safe in your surfing, backup your files frequently, and keep your anti-virus software up to date!
Internet Explorer users have a new security flaw they need to be concerned about.
According to the Chicago Tribune, the “Zero-Day” flaw, meaning a flaw that has always been there, but only recently exposed, only requires a potential victim to visit a malicious website. The user does not need to download anything, so in the course of their normal Web browsing, they could simply stumble into the malicious coding. The coding installs itself on your computer and is currently used to harvest passwords for popular online games, which can then be sold on the black market.
At this time the flaw is only known to exist in Internet Explorer 7, the most popular iteration of the program, but could very well be lurking in older editions also. At this time, Microsoft, the makers of the program, have not yet released a security patch, nor have they given any indication to one may be forthcoming.
Until such a time as a security patch is released, it is recommended that users download another browser such as Firefox, Chrome or Opera (our choices are in that order, but all are good) to use.
MakeUseOf.com, a well-known tech blog, had their domain name not only stolen, but held for ransom today.
While the domain name is now back under the rightful owners control, they had a lengthy and draining battle to get it back after GoDaddy, a major web registar, transferred the title far faster than they should have. All of the details of what exactly happened still are not 100% clear, but MakeUseOf kept their readers updated with a temporary blog of the happenings as the information rolled in. This should be considered essential reading by anyone who owns domain names.
Until it is fully known what exactly happened, it’s difficult to tell you how to protect yourself from something similar happening, but if something like this does happen:
Do not panic.
Do not pay the ransom.
Contact the company you registered the domain with immediately.
Follow their instructions to the letter.
Domain names are your identity on the web, and having yours held hostage can probably feel as bad as having a loved one taken from you. Stay calm and try to follow all of the domain registars instructions as best you can.
If you want a job with the city of Bozeman, MT it’s only going to cost you all of your privacy.
Gmail and Google Talk users be warned, the service is under a phishing attack.
Ever wondered if someone is accessing your 
Popular microblogging service 
All users of Internet Explorer need to update immediately to fix a critical security hole.
Some days it just doesn’t even pay to turn on your computer when you run in to malware.
