SecurePuter

Most Realistic Hacker Movies Survey

Ever wonder if what the hackers do in the movies can actually be done?

So did I. Now that I’m in the industry, I’m continually analyzing every Hacker based movie theme for accuracy. Sometimes I wonder if Hollywood even employs a Computer Security Expert or Hacking consultant to advise on technical possibilities. I get a kick out of a film that portrays a hacker at the computer and the screen displays them flying around like an X-wing in an asteroid field of formulas while they frantically type at the keyboard.

Below are movies involving a hacker of some sort. I’d like to poll my readers and get your opinion on the most realistic hacker movies. I’ve purposely left out pictures that are beyond reality, such as The Matrix and Tron. I also didn’t include Documentaries or true story based films, such as Revolution OS and Takedown. Please refrain from voting on movies that you have not seen. The scaling is 1 – 5.

1 - Unrealistic
Not a chance that this is possible

2 - A bit Absurd
Ok some elements work, but the presentation is all wrong

3 - Somewhat Realistic
About half of what is shown is possible

4 - Quite Accurate
The majority was accurate, but there are some holes.

5 - Realistic
Everything featured is possible, and the terms, technology, and display are all real.

Realistic Hacker Movie Polls

Comment below if you have another nomination. I’ll leave these polls going indefinitely and continually add hacker movies as they are released. Maybe this archive will get to a point where you can actually identify a non documentary but educational hacker film.

Digg this to bring in more voters, and don’t forget to Bookmark this page for future results and additional movies.

Series: CISSP Study Sheet
Entry: Information Security and Risk Management

The CISSP Study Sheet Series will identify the most important details regarding each individual domain within the Common Body of Knowledge. You will want to expand your preparation beyond these study sheets, such as my top 3 favorite CISSP study resources. The intent of this study sheet is to act as a last minute cram of the most significant principles, theories, formulas, and terms for each domain. I recommend reading the CISSP study sheets just before the test, and then doing a “brain dump” of notes for the first 15 minutes onto the paper issued with the CISSP exam. Hopefully, you will have remembered enough to have created an authorized cheat sheet. Let’s begin with the Information Security and Risk Management Domain.

Information Security and Risk Management Study Sheet

Confidentiality – the security objective to protect from improper disclosure of sensitive information.
Availability – the requirement of business to have access to systems and data.
Integrity – the reliability of systems to properly function in order to prohibit improper modification of data.

Known as the CIA or AIC Triad, Confidentiality, Availability, and Integrity have to work in concert to keep data not only protected and accurate, but accessible to authorized users.

Policy – management stating the role security plays in an organization.
Procedure – a mandated series of steps to accomplish a task, such as software installation.
Standard – usually the implementation of a common hardware or software solution to a security risk, such as a Firewall.
Baseline – a consistent minimum benchmark for security configurations across a multitude of implementations, such as password rules.
Guideline – a recommendation until adopted as standards, but are considered best practices, such as the Common Criteria.

The Organization’s Security Policy is an abstract statement from management which is implemented through the IT staff. For example, the following of a procedure, to install a standard, in accordance with a guideline, and is setup referencing the baseline, is an instance of adhering to policy.

Safeguards – uniform and proactive controls applied before an incident, which incorporates the idea of least privilege.
Vulnerability – a flaw in a procedure, implementation, or control that if exercised will result in a security breach.
Threat – a potential accidental or intentional danger to an information system.
Exposure – an opportunity for a threat to cause damage.
Risk – probability of a threat agent exploiting a vulnerability resulting in losses.
Risk Transference – the passing on of risk to a third party, such as insurance.
Countermeasure – reactive controls applied after an incident.

Safeguards are installed to protect against threats, but if a vulnerability exists in a safeguard an exposure to a threat surfaces resulting in a risk which either has to be countered or transferred.

Strategic Planning – a long term plan focusing on high level requirements, such as the overarching security plan.
Operational Planning – a mid term plan focusing on an organization’s functional plans.
Tactical Planning – a short term “fire fighting” strategy usually at the keyboard level.

The Planning Horizon is the compilation of strategic, operational, and tactical planning.

Job Rotation – movement of employees to expose collusion and policy violations.
Mandatory Vacations – forced leave to detect elements of fraud.
Separation of Duties – split knowledge and dual control of job tasks, which helps prevent errors and fraud.
Need to Know – only those persons absolutely requiring information should have access to such information.
Least Privilege – allowing processes and users only enough permission to accomplish their job.
Roles and Responsibilities – used to ensure everyone knows what an individual will be doing.
Due Care – responsible acts reducing the probability of being held liable or negligent.

Data Owners – responsible for data classification, user access, related business continuity plans and disaster recovery.
Data Custodian – is the security enforcer for the data owner, such as an email server admin.
Auditor – independent assurance that the security controls are being implemented correctly and are operational.
Application Owners – addresses user permissions and security controls on data specific to a particular application.

Information Risk Management – implementing the right mechanisms to mitigate and sustain an acceptable level of risk.
ISO 17799 & 27001 – guidelines, controls, and best practices for comprehensive security programs.
Asset Identification – are tangible, such as the facility, and intangible, such as data.
Assurance – a level of confidence that a particular security level is being upheld.
CobiT – four goals to ensure IT maps seamlessly with business needs; Plan and Organize, Acquire and Implement, Deliver and Support, Monitor and Evaluate.

Governance – a set of management directives to ensure strategic direction, objective accomplishments, risk management, and appropriate use of enterprise resources.
Organization for Economic Co-operation and Development (OECD) – an international group assisting governments with economic, social, and governance challenges worldwide.

Project Sizing – a pre risk analysis documentation of the scope of the project.
Failure Modes and Effect Analysis (FMEA) – an assessment of manufacturing defects.
Fault Tree Analysis (FTA) – analytical approach to detect failures and system safety within a complex environment.
Quantitative Risk Analysis – a monetary determination of risk.
Qualitative Risk Analysis – a scaled intrinsic value assigned to a level of risk, such as 1-5 or high med and low.
Delphi Technique – an anonymously communicated group decision.
Single Loss Expectancy (SLE) – amount that could be lost if a threat is executed upon, such as the value of data, cost to replace data, and potential opportunities missed.

Risk Analysis is performed to balance the economic impact of risk and the cost of the safeguards.

Risk Analysis Formulas

Total Risk = Threats X Vulnerability X Asset Value
Residual Risk = (Threats X Vulnerability X Asset Value) X Controls Gap
Annual Loss Expectancy (ALE) = Single Loss Expectancy X frequency per year

More CISSP Study Sheets and other CISSP resources.

Fake Websites Exposed

Dancho Danchev’s Computer Security blog has been releasing consistent posts revealing fake websites on a number of topics. This information is invaluable to identify fake sites claiming to offer a legitimate service or product. In reality, a fake website is either mimicking the template of a genuine company’s webpages, or creating professional looking sites that run malicious code in the background infecting a visitor’s system.

A Diverse Portfolio of Fake Security Software

In this series, Dancho exposes domains, such as antivirus-scanonline.com, xpantivirus.com and other URL’s all parked on a few suspect IP addresses. He followed up this post with two more entries found here and here .

Barack Obama cannot be Trusted with Classified Information

How can the President of the United States be denied a basic security clearance? How can the Commander and Chief of the most powerful military be denied access to classified information? Barack Obama would be denied the necessary security clearance for President if he was held to the same standard as everyone else. If you can’t pass a Secret level background investigation, which is required for many soldiers, you should not be eligible for the Presidency.

What is a Security Clearance?

Having served in the U.S. military, law enforcement, and as a civilian government contractor, I’ve had my fair share of background investigations. The United States government employs a multitier security clearance paradigm.

Confidential – Unauthorized disclosure could cause “damage to national security.”
Secret – Unauthorized disclosure could cause “serious damage to national security.”
Top Secret – Unauthorized disclosure could cause “exceptionally grave damage to national security.”

Each level of access requires a progressively more in-depth background investigation before the clearance is obtained. The President of the United States should be able to flawlessly pass the most extensive investigation and a polygraph test. Both are required for workers in some Special Access Programs classified Top Secret.

The purpose of the clearance is to determine an individual’s honesty, trustworthiness, reliability, financial responsibility, criminal activity, emotional stability, foreign influences, family associations, drug use, mental health, judicial proceedings, employment history, traits of character, and loyalty to the United States. This collective data is used to evaluate your ability and willingness to safeguard national secrets. Based on the facts about Barack Obama, he fails to satisfy the minimum requirements for even a basic secret clearance. His background investigation would have “Red Flags” shooting up in so many places; the issuing panel would deny him a clearance outright.

Obama’s Answers on the Security Clearance Application

Instead of going through all the Security Clearance Application questions, I’ll examine the questions that would deny Barack Obama a Secret Clearance.

List foreign national relatives whom you or your spouse are bound by affection, obligation, or close and continuing contact.

Barack Hussein Obama, Sr. of Kenya, and Lolo Soetoro, the Indonesian oil manager his mother married. These two foreign relatives would probably initiate a Defensive Security Services or Department of Defense investigation that would take roughly a year to explore. I’m not sure how many degrees of separation are involved, but Obama Sr. and Soetoro’s associations are not friendly to the United States. However, they are not the primary concern.

Barack Obama’s brother, his kin Abongo Obama, is a militant Muslim who has been quoted saying, “A black man must liberate himself from the poisons of European cultures and western values.” Obama’s paternal cousin, Raila Odinga is also a Muslim extremist who recently lost the Kenyan Presidential election to a Christian. How can such relations exist between the President of the United States and radical Muslims?

Have you ever been an officer or a member or made a contribution to an organization dedicated to the violent overthrow of the United States Government and which engages in illegal activities to that end, knowing that the organization engages in such activities with the specific intent to further such activities?

Have you ever knowingly engaged in any acts or activities designed to overthrow the United States Government by force?

These two questions go hand and hand. Having gone through the interview phase of the clearance process a number of times, I can’t image the look on the face of the investigator nor the sheer amount of time it would take to explain Barack Obama’s anti American ties.

Sen. Barack Obama served as a paid director alongside a confessed domestic terrorist and granted funding to a controversial Arab group that dubbed the creation of Israel as a “catastrophe.” The founder of the Arab group in question, Columbia University professor Rashid Khalidi, also has held a fundraiser for Obama. Khalidi is a harsh critic of Israel, has made statements supportive of Palestinian terror and reportedly has worked on behalf of the Palestine Liberation Organization while it was involved in anti western terrorism.

Barack Obama also served on the Wood’s Fund board with William Ayers, a member of the Weathermen terrorist group which sought to overthrow of the U.S. government and took responsibility for the bombings of New York City Police Headquarters in 1970, of the Capitol building in 1971, and the Pentagon in 1972. Bill Ayers has killed hundreds of civilians, police officers, and was recently quoted saying, “I don’t regret setting bombs, I feel we didn’t do enough.”

I would deny a security clearance for anybody that even shook these men’s hands, never mind launching a campaign from Ayer’s living room.

Have you illegally used any controlled substance, for example, marijuana, cocaine, crack cocaine, hashish, narcotics (opium, morphine, codeine, heroin, etc.), amphetamines, depressants (barbiturates, methaqualone, tranquilizers, etc.), hallucinogenics (LSD, PCP, etc.), or prescription drugs?

Barack Obama has specifically admitted to using marijuana and cocaine in his book “Dreams From My Father.” He even confesses pursuing heroin, but was scared of the drug dealer. A clearance question such as this is used to test someone’s ethical fortitude to stand up for what is right, legally forbidden, and ultimately make correct decisions. Obama fails this test with his weakness to deny temptation.

Would anyone question your honesty?

Obama’s lies regarding his recollection of policies supported and the reality of what he actually did endorse are too numerous to count. However, these lies are unfortunately common in today’s politics. An article written in a conservative blog has outlined 26 more personal deceptions Obama has made to the American people. How can anyone trust this guy with confidence?

Barack Obama’s Patriotism and National Security

Although not a question on the Security Clearance application, “Are you a Patriotic American” should be.

The National Anthem is playing and Barack Obama is the only person on the stage not inclined to put their hand over their heart. The hand over the heart is symbolic of your respect and love for your country. Of all people, the President of the United States must be the most devote patriot in the nation. If you are not a patriot, how are you to provide unconditional national security? Three other instances come to mind that have me question how loyal he is to the U.S. and if he even loves this country.

Reverend Jeremiah Wright

I bet most of us have heard about Reverend Jeremaiah Wright’s radical anti American preaching and Barack Obama’s consistent attendance of this man’s sermons, but did you know Reverend Wright officiated Barack and Michelle’s wedding and even baptized their kids? It appears to me that Wright is a significantly influential person in the Obama family’s life. Do we want a President who has been barraged and apparently supports their religious leader’s lectures containing anti American propaganda, such as…

“We bombed Hiroshima, we bombed Nagasaki, and we nuked far more than the thousands in New York and the Pentagon, and we never batted an eye.”

“We have supported state terrorism against the Palestinians and black South Africans, and now we are indignant because the stuff we have done overseas is now brought right back to our own front yards. America’s chickens are coming home to roost.”

“The government gives them the drugs, builds bigger prisons, passes a three strike law and then wants us to sing ‘God Bless America.’ No, no, no, God damn America, that’s in the Bible for killing innocent people. God damn America for treating our citizens as less than human. God damn America for as long as she acts like she is God and she is supreme.”

“In the 21st century, white America got a wake-up call after 911. White America and the western world came to realize that people of color had not gone away, faded into the woodwork or just ‘disappeared’ as the Great White West kept on its merry way of ignoring black concerns.”

“Racism is how this country was founded and how this country is still run!…We [in the U.S.] believe in white supremacy and black inferiority and believe it more than we believe in God.”

“Barack knows what it means living in a country and a culture that is controlled by rich white people. Hillary would never know that. Hillary ain’t never been called a nigger. Hillary has never had a people defined as a non-person.”

“Hillary is married to Bill, and Bill has been good to us. No he ain’t! Bill did us, just like he did Monica Lewinsky. He was riding dirty.”

“The Israelis have illegally occupied Palestinian territories for over 40 years now. Divestment has now hit the table again as a strategy to wake the business community and wake up Americans concerning the injustice and the racism under which the Palestinians have lived because of Zionism.”

“God Damn America”

- Reverend Jeremiah Wright

I don’t care that Obama now condemns Wright’s remarks. He never denounced the man before, and continued to attend Wright’s church for over 20 years.

Michelle Obama
The person you marry is your closest confidant and Barack Obama has recently said that Michelle is one of the people he listens to and respects the most. Michelle has been quoted saying, “Our souls are broken in this nation”; “For the first time in my adult life, I am proud of my country”; and “…as a member of the black community, I am obligated to this community and will utilize all of my present and future resources to benefit the black community first and foremost” to name a few. As a President’s closest adviser and the country’s first lady, take pride in how far this nation has come, and work toward the benefit of all not just your ethnicity. Can this woman, with such animosity toward ancestral shortcomings, come into the present and forget about skin color? Isn’t that what Martin Luther King Jr. meant by, “…all men are created equal” and “…not be judged by the color of their skin but by the content of their character?” Michelle’s narrow vision, obvious unwillingness to conform to unity and equality, and her desire to benefit the black community instead of the community at large is not first lady material.

Not visiting the troops
As a former enlisted soldier having been deployed twice and a current government contractor, Obama’s recent neglect to visit our country’s courageous troops is insulting. He had time to woo German citizens and play basketball, but opt out on supporting wounded soldiers. Retired Lt. Col. Joe Reypya had me nodding in approval when commenting on Obama’s decision, “”The most solemn duty of a commander in chief is to fulfill his responsibility to the men and women who serve this country in uniform. Barack Obama … broke that commitment, instead flitting from one European capital to the next…For a young man so apt at playing President, Barack Obama badly misjudged the important demands of the office he seeks. Visits with world leaders and speeches to cheering Europeans shouldn’t be a substitute for comforting injured American heroes.”

I could go on and on about how this man is not fit for office, but my point in this post is to express my opinion that the potential Commander and Chief of the United States could not receive a Nation Security Clearance to even hold a low level intelligence position within the government. How can he be President? Better yet, how is he even a Senator?

I’d like to get other’s opinions on this so please Digg.

Selling a Used Computer and Identity Theft

Identity Theft is the fastest growing crime over the last few years. The amount of data stored on computer systems is an ideal repository for criminals to attempt identity theft. When someone either discards or sells a used computer system, hard drive, or external storage device most people do not appropriately sanitize the media, but rather delete or format a disk falsely believing all the data is gone.

A friend of mine recently bought a new fancy rig costing $2,000 or so. When I asked him what he did with his old system, he said he sold it on craigslist for $550 to help fund the new purchase. “Did you put in a new hard drive?” “No, but I reformatted it.”

There is a misconception among those unfamiliar with the inner workings of computers that deleting files and formatting hard drives removes data completely. Think back and try to remember all the files you deleted over the past 10 years. Did you ever delete financial data, such as accounting spreadsheets, bank numbers, credit card data, or personal information? How about scanned documents, such as mortgage paperwork, driver’s licenses, birth certificates, or pay stubs? What happened to those computers or hard drives with which you think you deleted those files from? Did you sell the PC like my friend, donate it to an organization, or just throw it away? Who has used that computer since, and what may they have found? These are all important and scary questions.

I recall a thesis paper written by some graduate students from the Massachusetts Institute of Technology that outlined this very threat. They had purchased 150 or so used hard drives from eBay to study how much personal data was left on old systems. They reportedly found medical records, email correspondence, corporate financial data, illicit personal photographs, thousands of credit card numbers, and even an ATM drive with numerous bank accounts. This is a very real concern for every computer owner, especially my friend now that the system is out of his possession.

What Deleting and Formatting Really Does

I proceeded to give my friend a little education on how computers store information and what deleting and formatting actually does. Basically, the hard drive is broken down into sectors in which the data is stored. In the figure below, suppose File A is a Tax return for 2007. 2008 comes around and you delete 2007’s record and the file appears gone. All that has happened is the Operating System (OS) has marked those sectors as available and removed it from the user’s view. It is still easily recoverable through a variety of software. The file still exists and is in just as good of shape as before you deleted it.

When space is needed the Operating System will then overwrite the sector with a new file. Perhaps, 2008’s Tax return isn’t as large as 2007’s, and the OS decides to use Sector 1 and 2 to store the data. 2007 (File A) has now been overwritten, but part of Sector 2 was not needed. This extra space is called “Slack Space,” and still retains part of the deleted file. Again, this information is recoverable.

Because my friend decided to format the drive, he figured all the information on the drive was inaccessible regardless. In reality, formatting only redefines the hard drives characteristics to store information. The data is still physically embedded on the media and recoverable with simple tools, such as MediaRECOVER. This software even allows for the overwrite sanitization technique I explain below.

How to Really Erase Hard Drives

What needs to happen to totally remove the data yet keep the drive functioning is repetitive overwriting. This should be done multiple times. As an analogy, say your child writes his name with permanent marker on the living room wall. You take some left over paint and coat the area, but after it dries the writing is still visible. This is called residual data. The same applies with overwriting as a technique to sanitize your computer drives. You’ll need multiple coats or overwrites to sufficiently mask what was originally written. Tools, such as WipeDrive will overwrite all addressable sectors with random characters eliminating the slack space and the residual data. WipeDrive is a U.S. Department of Defense approved software solution to sanitizing hard disks. It is relatively inexpensive in comparison to its features and protections.

If you are going to donate, sell, or dispose of your computer be sure to appropriately safeguard your private information by using some sort of sanitization method. You don’t want to be a victim to evil folks whom actually purchased used computers for just this purpose.

CISSP Study Materials

I was recently required by the United States Department of Defense (DOD) to cram for the ISC2 Certified Information Systems Security Professional certification or CISSP . The company I work for graciously sent me to a Common Body of Knowledge (CBK) Seminar and paid the testing fee. As far as certifications go, the CISSP is by far the most sought after and reputable credential in the Information Security field. I had planned on taking the exam in the next couple of years, but a DoD directive has put a time constraint on me.

There is plenty I could write about the CISSP, but for this post I’ll share with you the study materials that have best prepared me for passing the exam. You could be in this field for 30 years and still not pass the exam. There are 10 domains of knowledge relating to all aspects of security that you must know in depth before you are ready.

My Top 3 Study Recommendations for the CISSP

CISSP Certification All-in-One Exam Guide, 4th Ed. (All-in-One) – Considered by many as the premier book geared toward teaching you what is required to pass the exam. The All in One Exam Guide is the highest rated book on Amazon and my instructor at my CBK seminar even recommended it. Included is an excellent disc of practice tests for question drilling, which helped me the most.

Official (ISC)2 Guide to the CISSP CBK ((Isc)2 Press Series) – The only officially sanctioned resource offering a compendium of the Common Bodies of Knowledge by the governing body of the CISSP certification. Remember, the answers on the test are what they are looking for and not another’s interpretation or practice. Going with an official source is always recommended.

www.CCCure.org – is a massive collection of CISSP practice questions. You can choose from which domain(s) you wish the questions generated, the relevancy of the questions, and the difficulty. The site allows you to choose the number of questions you wish to try and a timer to judge your speed. Upon completion of a question you can check your answer and see a detail description of why the answer is correct. Again, question drilling is my favored way of learning.

If anyone else knows of valid, recent, and accurate CISSP study resources, please comment.

It has been almost 2 months since my last post and for that I apologize. Anyone in the field will know that there are periods of straight out high priority projects, and times when days are mostly responsive. There are just not enough hours in the day. Anyhow, I had an article about 75% complete before the onslaught of work. You can expect this soon.

A coworker of mine just sent me a hysterical application form that asks your significant other (in this case female) permission for a night out with the boys. I just had to share this with everyone as it brightened my day in an altogether busy week.

Permission Slip

Series: Do Not Fall Victim to Internet Scams
Entry 1: Internet Auction Fraud Prevention

In 2007, the Internet Crime and Complaint Center (IC3) received 219,553 complaints that totaled $239,090,000 in financial losses. The average loss per complaint is around a thousand dollars. That is a mortgage payment, two months of groceries, or even a week of gas (soon enough anyhow ). Now take into consideration the reports of other agencies and all instances that go unreported and you have an enormous amount of e-commerce dollars being stolen yearly. According to the 2007 IC3 Report, Auction Fraud and Non-Delivery Fraud make up over 60% of all e-commerce crimes.

From the IC3 2007 Report

If I could have educated just one percent of the victims reporting auction or non-delivery schemes to IC3, I would have prevented almost a million and a half dollars from being unlawfully taken. This is one of the reasons I have created this blog . The best contribution I can make is educating the public. If that makes the smallest difference in preventing computer crimes, I have done my job. This will be my first entry in a series titled “Do Not Fall Victim to Internet Scams ” that will explore each of IC3’s top 10 internet crimes.

What is Auction Fraud?

Internet auctions are big business within the e-commerce marketplace, and as such make up the largest amount of reported complaints. Websites, such as eBay and Yahoo Auctions, complete millions of transactions a day by allowing anyone to post an auction. Although convenient, the anonymity of these sales requires buyers to be ever vigilant of auction scams.

Auction Fraud Example
I read an article a while back by Bob Sullivan for MSNBC which details how a man in South Salt Lake, Utah, masterminded one of the largest eBay fraud schemes in the history of the website. He victimized close to one thousand people, and received roughly $1 million in a matter of weeks. He owned a company called Liquidation Universe and sold laptops exclusively on eBay. After masquerading as a legitimate business for nearly 6 months, the company stopped shipping merchandise to buyers. Many of the victims were lured into a false sense of security due to a SquareTrade $1,000 protection logo. The assumption was that the buyer was guaranteed, up to $1,000, not to get scammed by this seller. However, on SquareTrade’s website the terms of service state that the $1,000 is allocated per seller, not buyer. Therefore, the victims are entitled to approximately a “buck” a piece. The example shows how even legitimate businesses, with promises of security, still need to be thoroughly researched before sending payment.

Protect yourself from Auction Fraud

There are a few symptoms to watch out for when attempting to discover a fraudulent internet auction.

• An extremely new account, with no feedback history, should be treated with extreme caution.
• A negative user rating indicates that other buyers and sellers dislike the business practices of an individual or company.
• Auctions that require payment by any other means than credit card or Paypal should be avoided, especially if the seller request payment be sent to a P.O. Box.

Some preventative measures are taken by the auction sites themselves, but the authenticity of an auction still requires some work on the part of the buyer.

• Ensure the auction site is legitimate and has a secure payment process. On any website that you are entering sensitive information, ensure that the site has an SSL Certificate. Double click the icon in the bottom right of your browser window to see the Certification Authority.
• Attain a clear understanding of the obligations of the buyer and the seller, as set forth in the auction details, to alleviate any confusion.
• Read the policy of the hosting website, and only participate in an auction if they are in full compliance.
• Research the seller’s feedback history, and check with the Better Business Bureau if they are a legitimate company.
• Scrutinize the shipping procedure, the return policy, and how the payment transaction is supposed to occur.
• If you are purchasing something fragile or highly valuable, it may be worth purchasing insurance on the item.
• International sales aren’t governed fully by United States laws, and should be thoroughly researched before doing business.
• Offer only information pertinent to completing the deal, ie. a social security number is never needed.
• I can’t stress this enough, use common sense. If something looks suspicious, smells suspicious, and tastes suspicious, avoid it completely. It is not worth the risk.
• And one more cliché for you, “If a deal looks too good to be true, it probably is.”

Free Auction Fraud Prevention Tool
If you can’t be bother to spend your time researching each and every auction, there is a FREE software tool for Windows and MAC users that screens for over 200 signs of auction fraud called Auction Inquisitor . It will examine user feedback, auction history, and a number of other factors. The system operates on best guess assumptions by flagging suspicious activity. However, it cannot identify definitively if the seller is a scammer. The tool basically does the legwork for you and presents the information in a simple report.

Reporting Auction Fraud

Victims of internet auction fraud and scams should immediately contact their local and state police departments. Complaints ought to be filed with the auction company, the Internet Crime Complaint Center , the National Fraud Information Center , the Better Business Bureau , and if possible, the law enforcement agencies at the perpetrator’s location. Internet auction frauds are tough to identify, but utilizing the preventative methods described herein is a step toward eliminating the chances of being victimized. As technology develops and consumers achieve a better understanding of the online marketplace, auction fraud will become less costly in the future.

Check back soon for Entry 2 of the Series, “Do Not Fall Victim to Internet Non Delivery Scams”

About the Computer Security Deals, Discounts, & Coupons

Separation of Deals and Information

I began SecurePuter.com in April of 2008 and since then I have received affiliate offers for a number of security related products and services. I will not recommend a product or service lightly. If I seriously recommend or despise a piece of hardware, a software package, or a service of some sort, it will be clearly stated in an article on this blog. Therefore, I created a deals section of secureputer.com that operates as a separate blog in itself with different categories, archives, and feeds. This works as a separation between finding great deals, and reading great content and my opinion. Feel free to subscribe to both the secureputer.com feed and the SecurePuter.com/deals feed.

Where are these deals found

The SecurePuter – Deals Discounts & Coupons offshoot blog will feature all of the great deals that are offered to webmasters that many do not share with their visitors. A few of these affiliate companies are allowing me to offer certain products at a discounted price. Others are giving me affiliate coupons to share with you. I don’t want to pass up the opportunity for my readers to save on computer security related purchases. In addition, I’ll be scanning the internet for real deals, discounts, sales, and coupons for all products and services related to securing a computer, running utilities, and performing maintenance tasks.

Comparison to other Coupon Sites

On many coupon sites, I’ve seen some deals claiming to offer super hot savings, but if I did a quick search with other online retailers, I find the product cheaper elsewhere. I will not do this. Prior to any posts within the deals blog of secureputer.com, I will verify if the discount is legitimate and that you will not find the product cheaper elsewhere. This is the benefit of having a real person finding the deals for you and not an internet scrapper of sorts.

These deals will change quite frequently as the sales and coupons expire. You’re more than welcome to bookmark or Subscribe to this page and check back when your current security product is outdated. If you would like me to search for a specific discounted product for you, don’t hesitate to email me at webmaster at secureputer dot com