T.Byrd Computer Forum "LIVE" Talk Show

Trina's Column     Rick's Column    TechPicks      Show TOPICS     Hardware Review    Software Review   Internet Review   TechTips      Q and A   Term of the Week

Rick's Column -   March 2006

 

What is a Stratelite

A Stratellite is a high-altitude airship that when in place in the stratosphere will provide a stationary platform for transmitting various types of wireless communications services currently transmitted from cell towers and satellites. It is not a balloon or a blimp. It is a high-altitude airship.

Made of Space age Materials and powered by solar powered electrical engines, each Stratellite will reach its final altitude by utilizing proprietary lifting gas technology. Once in place at 65,000 feet (approx. 13 miles) and safely above the jet stream, each Stratellite will remain in one GPS coordinate, providing the ideal wireless transmission platform. The Stratellites are unmanned airships and will be monitored from the Company's Operation Centers on the ground.

A Stratellite will have a payload capacity of several thousand pounds and clear line-of-sight to approximately 300,000 square miles, an area roughly the size of Texas .

The Stratellite is similar to a satellite in concept, but is stationed in the stratosphere rather than in orbit. Existing satellites provide easy "download" capabilities, but because of their high altitude are not practical for commercially viable "two-way" high-speed data communication. The Stratellite will allow subscribers to easily communicate in "both directions" using readily available wireless devices.

Once the US National Wireless Broadband Network is completed, Sanswire will be able to provide voice, video, and broadband Internet access to all parts of the country.

Our subscribers will be able to sit in their home on a laptop computer while connected to the Internet at high-speed. If they need to go to the office or across town, they simply close the laptop and take off. When they get to their destination, they open their laptop and they are still on the Internet. If they need to travel to another city, they simply take their laptop with them and when they get to where they are going, they open their laptop again and they are still connected. No more finding local access numbers. No more tying up phone lines. No more modem hassles. And more importantly, no more slow speeds.

Once this platform is completed, content providers of all kinds that are interested in reaching our subscribers may do so without the existing concerns of the last mile void.

In addition to Sanswire's National Wireless Broadband Network, proposed telecommunications uses include cellular, 3G/4G mobile, MMDS, paging, fixed wireless telephony, HDTV and others.

Many Military and Government uses like secure communications, Border Control, Homeland Security, Remote Sensing, Surveillance, Battlefield control, Climate Research and Earth Sciences will be enhanced using the Stratellite

 

 

COMMON  VULNERABLE PORTS

The core component operating systems is the kernel. The kernel is responsible for a number of low level interactions between the operating system and hardware, memory, scheduling, inter process communications, file systems, and others. Because the kernel has privileged access to all aspects of the system, a kernel level compromise can be devastating. Risks from kernel vulnerabilities include Denial of service, execution of arbitrary code with system privileges, unrestricted access to the file system, or root level access. Many vulnerabilities are exploitable remotely, and are especially dangerous when the avenue of attack is by way of a provided service published to the Internet. In some cases, by sending a malformed icmp packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a Denial of Service.

Proper tuning of the kernel not only can protect systems against attacks, but it will also improve system performance.

 Operating Systems Affected
Virtually all Unix variants including Solaris and HP-UX, Linux distributions, BSD versions, and Windows versions have experienced kernel vulnerabilities, either from inherent factors or from flaws in applications that adversely affect the kernel.

 CVE/CAN Entries
CVE-1999-0295, CVE-1999-0367, CVE-1999-0482, CVE-1999-0727, CVE-1999-0804, CVE-1999-1214, CVE-1999-1339, CVE-1999-1341, CVE-2000-0274, CVE-2000-0375, CVE-2000-0456, CVE-2000-0506, CVE-2000-0867, CVE-2001-0062, CVE-2001-0268, CVE-2001-0316, CVE-2001-0317, CVE-2001-0859, CVE-2001-0993, CVE-2001-1166, CVE-2002-0046, CVE-2002-0766, CVE-2002-0831

CAN-1999-1166, CAN-2000-0227, CAN-2001-0907, CAN-2001-0914, CAN-2001-1133, CAN-2001-1181, CAN-2002-0279, CAN-2002-0973, CAN-2003-0127, CAN-2003-0247, CAN-2003-0248, CAN-2003-0418, CAN-2003-0465, CAN-2003-0955, CAN-2003-0984, CAN-2004-0003, CAN-2004-0010, CAN-2004-0177, CAN-2004-0482, CAN-2004-0495, CAN-2004-0496, CAN-2004-0497, CAN-2004-0554, CAN-2004-0602

 How to Determine if you are Vulnerable
There are a number of ways to help determine if kernels are vulnerable.
  • If offered by the vendor, register for security update emails when registering software.
  • Most of the security mailing lists announce kernel vulnerabilities as they are announced.
  • Trackinging the version of the kernel running on systems should be part of standard procedure.
  • Security assessment software can be used to determine the version of kernel running onsystems. Nessus has a number of plug-ins for testing systems for kernel vulnerabilities. Caution: many of these plug-ins are capable of causing denial of service conditions, and care should be taken when scanning your systems to prevent unanticipated down-time.

 How to Protect Against It
There are two classes of parameters that can be configured on the kernel to thwart attacks. One is to tune the system resources to restrict denial of service attacks and buffer overflows. The second class is to harden the network configuration settings against network attacks. The commands and parameters to configure are platform specific. Platform specific documentation should be consulted to understand how to tune the kernel appropriately.

It is recommended that all modifications be tested thoroughly before implementation in a production environment and that backups be taken and made readily available in case a problem were to occur.

There are several useful resources to help you to tighten systems by tuning the system kernel appropriately.

Name Port Protocol Description
Small services <20 tcp/udp small services
FTP 21 tcp file transfer
SSH 22 tcp login service
TELNET 23 tcp login service
SMTP 25 tcp mail
TIME 37 tcp/udp time synchronization
WINS 42 tcp/udp WINS replication
DNS 53 udp naming services
DNS zone transfers 53 tcp naming services
DHCP server 67 tcp/udp host configuration
DHCP client 68 tcp/udp host configuration
TFTP 69 udp miscellaneous
GOPHER 70 tcp old WWW-like service
FINGER 79 tcp miscellaneous
HTTP 80 tcp web
alternate HTTP port 81 tcp web
alternate HTTP port 88 tcp web (sometimes Kerberos)
LINUXCONF 98 tcp host configuration
POP2 109 tcp mail
POP3 110 tcp mail
PORTMAP/RPCBIND 111 tcp/udp RPC portmapper
NNTP 119 tcp network news service
NTP 123 udp time synchronization
NetBIOS 135 tcp/udp DCE-RPC endpoint mapper
NetBIOS 137 udp NetBIOS name service
NetBIOS 138 udp NetBIOS datagram service
NetBIOS/SAMBA 139 tcp file sharing & login service
IMAP 143 tcp mail
SNMP 161 tcp/udp miscellaneous
SNMP 162 tcp/udp miscellaneous
XDMCP 177 udp X display manager protocol
BGP 179 tcp miscellaneous
FW1-secureremote 256 tcp CheckPoint FireWall-1 mgmt
FW1-secureremote 264 tcp CheckPoint FireWall-1 mgmt
LDAP 389 tcp/udp naming services
HTTPS 443 tcp web
Windows 2000 NetBIOS 445 tcp/udp SMB over IP (Microsoft-DS)
ISAKMP 500 udp IPSEC Internet Key Exchange
REXEC 512 tcp } the three
RLOGIN 513 tcp } Berkeley r-services
RSHELL 514 tcp } (used for remote login)
RWHO 513 udp miscellaneous
SYSLOG 514 udp miscellaneous
LPD 515 tcp remote printing
TALK 517 udp miscellaneous
RIP 520 udp routing protocol
UUCP 540 tcp/udp file transfer
HTTP RPC-EPMAP 593 tcp HTTP DCE-RPC endpoint mapper
IPP 631 tcp remote printing
LDAP over SSL 636 tcp LDAP over SSL
Sun Mgmt Console 898 tcp remote administration
SAMBA-SWAT 901 tcp remote administration
Windows RPC programs 1025 tcp/udp } often allocated
Windows RPC programs to } by DCE-RPC portmapper
Windows RPC programs 1039 tcp/udp } on Windows hosts
SOCKS 1080 tcp miscellaneous
LotusNotes 1352 tcp database/groupware
MS-SQL-S 1433 tcp database
MS-SQL-M 1434 udp database
CITRIX 1494 tcp remote graphical display
WINS replication 1512 tcp/udp WINS replication
ORACLE 1521 tcp database
NFS 2049 tcp/udp NFS file sharing
COMPAQDIAG 2301 tcp Compaq remote administration
COMPAQDIAG 2381 tcp Compaq remote administration
CVS 2401 tcp collaborative file sharing
SQUID 3128 tcp web cache
Global catalog LDAP 3268 tcp Global catalog LDAP
Global catalog LDAP SSL 3269 tcp Global catalog LDAP SSL
MYSQL 3306 tcp database
Microsoft Term. Svc. 3389 tcp remote graphical display
LOCKD 4045 tcp/udp NFS file sharing
Sun Mgmt Console 5987 tcp remote administration
PCANYWHERE 5631 tcp remote administration
PCANYWHERE 5632 tcp/udp remote administration
VNC 5800 tcp remote administration
VNC 5900 tcp remote administration
X11 6000-6255 tcp X Windows server
FONT-SERVICE 7100 tcp X Windows font service
alternate HTTP port 8000 tcp web
alternate HTTP port 8001 tcp web
alternate HTTP port 8002 tcp web
alternate HTTP port 8080 tcp web
alternate HTTP port 8081 tcp web
alternate HTTP port 8888 tcp web
Unix RPC programs 32770 tcp/udp } often allocated
Unix RPC programs to } by RPC portmapper
Unix RPC programs 32899 tcp/udp } on Solaris hosts
COMPAQDIAG 49400 tcp Compaq remote administration
COMPAQDIAG 49401 tcp Compaq remote administration
COMPAQDIAG 49401 tcp Compaq remote administration
PCANYWHERE 65301 tcp remote  ADMNISTRATION

 

 

Big Spam Bust, Texas Style
State Files Lawsuit Against Two of Nation's Largest Spammers

Texas became the latest state or federal entity to take a swipe at spammers Thursday when it sued a University of Texas student and a California resident over what spam watchdog calls the world's fourth largest illegal e-mail operation.

The lawsuit contends the two were pitching mortgage refinancing services, although neither Pitylak nor Trotter are licensed in Texas to provide such services. According to Abbott, consumers, after being assured in the e-mail their privacy would be protected, provided personal information which Pitylak and Trotter then sold to other companies for as much as $28 per lead.

"We want to make clear that these defendants we are suing today and any other spammers in the State of Texas can't hide behind a computer screen any longer," Abbott said at the press conference. "Sending spam with misleading subject lines violate both federal and state law, and there is a very heavy price to pay for that illegal spamming."

Abbott said he was suing Pitylak and Trotter under the federal Can Spam Act, the Texas Electronic Mail and Solicitation Act, and the Texas Deceptive Trade Practices Act. Violations of the Can Spam Act carry penalties of $250 per violation, up to $2 million. The Texas spam violations allow for fines of up to $10 per unlawful e-mail or $25,000 per day.

Under the Texas Deceptive Trade Practices Act, penalties are authorized for up to $20,000 per violation.

Although Abbott did not disclose the specific amount of spam involved in the scheme, he noted that "spam traps" set up by Microsoft in cooperation with the Texas attorney general identified 24,000 illegal e-mails sent by Pitylak and Trotter over a six-month period. The Federal Trade Commission (FTC) also cooperated in the investigation.

Pitylak and Trotter ran their spam operation through a complex set of corporations and assumed business names. The lawsuit identifies corporations set up in both Texas and Nevada and more than 250 different business names.

Last summer, U.S. Attorney General John Ashcroft announced more than a hundred individuals were arrested and charged in a federal computer and Internet-related crime sweep known as Operation Web Snare. In all, Ashcroft said, approximately 350 individuals were targeted for major forms of online economic crime and other cybercrimes, resulting in 103 arrests and 53 convictions.

  

 

                                                                 

 

1.1              Purpose of Risk Management Plan

This plan describes the standardized, structured process the project/plateau/evolution cause to identify, categorize, analyze, and mitigate risks.  This plan also describes the method used to determine risk status and measure the progress of risk mitigation efforts. In addition, this plan contains the results of the risk identification , categorization , analysis , and mitigation planning (i.e., mitigation strategies, analysis of the strategies, planned implementation, and results of implementing the planned mitigations).

The risk management approach documented in this plan is based on proven risk management techniques developed by the Software Productivity Consortium. The Consortium and its members have successfully applied this methodology on numerous projects/projects, and the methodology is reliable, adaptable, and well suited to the current project/plateau/evolution.

The key ingredients of this methodology are:

·         A dedicated Risk Analyst is responsible for the risk analysis and management with a reporting line directly to Product Assurance (or management, as appropriate). The Risk Analyst has been trained in the methodology (or is experienced with the methodology) and has been dedicated to the project. The Risk Analyst is also an integral part of the project/plateau/evolution team, thus ensuring a comprehensive appraisal is conducted.

·         The risk management method is consistent and comprehensive. This method identifies, analyzes, and evaluates technical and non technical risks. Risks are categorized to aid in analysis, selection of mitigation strategies, and tracking related risks; that is, risks that are tightly coupled or linked in some way are assigned to the same category because they are best tracked and evaluated together. Examination of the risk relationships provides insight into how the risks interact and their potential project/plateau/evolution impact. The risk analysis provides criteria for determining which risks are sufficiently significant and must be mitigated and continuously monitored.

·         Periodic risk reviews are conducted. During the reviews, significant risks are reanalyzed, and the progress of their mitigation efforts is determined. Also, during the reviews, newly identified risks, or risks that were not considered significant, are reexamined. The methodology is then reapplied.

Section 2 describes in more detail the risk management methodology that is used on the project/plateau/evolution and includes techniques that ensure that risks, once identified, are properly tracked and mitigation strategies implemented at the appropriate time.

 

          The Risk Management Method

The 7 steps in risk management are:

1.       Determine Objectives and Stakeholders

2.       Identify Risks

3.       Analyze Risks

4.       Review Risk Analysis

5.       Evaluate Mitigation Strategies

6.       Plan Risk Mitigation

7.       Mitigate Risks

 

 

1.2              T. Byrd Computer Summary

This is a proactive risk management approach. Performing a risk analysis prior to estimating the project parameters enables the team to maintain project/evolution control and provide quality products within the proposed cost and schedule. We have successfully applied this method in the past on tightly constrained projects/projects and feel comfortable and confident with the approach.

 

 

Rick's Tech TV Live - click here for the latest 

Avoid Identity Theft
Don't Let Identity Thieves Make The Information Superhighway A Dark Alley
You’ve always paid your bills on time and closed inactive accounts. You have spent years meticulously grooming a spotless credit record. Yet when you apply for a home loan, you are rejected because your credit report says you’ve racked up unpaid balances on several credit cards and written tons of bad checks on multiple bank accounts that you didn’t even know existed. Someone stole your identity, and there’s an increasing chance he did so with the help of the Internet.

All a person needs is your name, address, SSN (Social Security number), and sometimes your date of birth and mother’s maiden name, and he can open an account in your name or even access existing accounts. In some cases, when a thief opens accounts using bogus addresses, the major credit reporting bureaus switch your contact information over to the new address, so you may not even know what’s happening until it is too late.

According to the Consumer Sentinel (http://www.consumer.gov/sentinel), an online fraud database the FTC (Federal Trade Commission) maintains, of the 380,103 fraud complaints made to the FTC in 2002, 161,819 were identity theft complaints. When the complaints are broken down by category, identity theft accounted for 43% of all complaints; Internet auction fraud complaints came in second with 13% of total complaints. It’s clear that identity theft is a growing crime, with the total number of victims varying depending on whom you ask. “If you talk to the credit reporting agencies, they’re going to tell you it’s a minor problem,” says Jay Foley, director of Consumer and Victim Services at the Identity Theft Resource Center (http://www.idtheftcenter.org). “If you talk to law enforcement, they’re going to tell you it’s a growing problem. If you talk to us, it’s obscene. We’re looking at 700,000 to a million victims last year, and we’re anticipating a 25% to 35% growth rate this year.”



 Spiders Of The Web

There are a slew of ways thieves use the Internet to gather personal information about their victims, and most are variations on real-world stunts. Many rely on social engineering to get victims to voluntarily cough up information. Some thieves create bogus Web sites that look like a business, government, or other legitimate Web site and use forms to collect information on misled visitors. They also send email messages that appear to come from a bank, a gift award center, the government, or another official-sounding source, requesting a person’s Social Security number for “verification” or other imaginary purposes. Some fabricated email messages even threaten the recipient with an electronic IRS audit. “I have it on personal authority from half a dozen auditors from the Internal Revenue Service that they will not electronically audit anybody,” says Foley, adding, “the auditors say that they’d all quit en masse because their only joy in life is being able to sit across from you and watch you sweat while they go through your paperwork.”

Aside from giving identity thieves wider access to potential victims, the Internet helps criminals in ways you wouldn’t expect. Online shopping is one of them. “They’ll shop on the Internet because they don’t have to show plastic,” says Beth Givens, founder and director of the Privacy Rights Clearing House (http://www.privacyrights.org), and the Internet also makes it much easier for them to apply for credit cards and other accounts in their victims’ names. “I can order the credit cards over the Internet, and no one ever has to see me,” says Foley. “No one even gets a piece of paper with my signature on it. I don’t have to go to all the trouble of getting preapproved credit card applications in the mail.”

The volume of information you can collect about people by doing simple Internet searches is frightening. Type a name and ZIP code into any of the online white pages and you can get addresses and phone numbers for millions of people. If you have only a phone number, you can do a reverse number lookup to get a person’s basic information. A quick trip to a few genealogy sites can unearth a mountain of additional information, including a mother’s maiden name and previous residences. Then there are the online news archives, which may contain wedding announcements that yield parents’ names, the places people work, the schools they attended, and other juicy tidbits. If any of the groups you belong to have a Web site, your company has a Web site, or you maintain a personal Web site, all could provide a treasure trove of information to people who want your identity.

Take measures to protect personal information if you use a computer and the Internet. Use a strong antivirus product, such as Symantec’s Norton AntiVirus 2003 ($49.95; http://www.symantec.com) and keep it updated. Also use a hardware or software firewall, which prevents outsiders from accessing your computer. Two good free software firewalls are Zone Labs’ ZoneAlarm (http://www.zonelabs.com) and Sygate’s Sygate Personal Firewall (http://soho.sygate.com).

Encrypt personal files on your PC, so even if a thief steals the files, he won’t be able to read the contents. Good freeware programs include OVSoft’s PowerCrypt (http://www.ovsoft.com) and HandyBits’ Easy Crypto-Deluxe (http://www.handybits.com). If you get rid of a computer, deleting files or reformatting the hard drive won’t protect your data from determined eyes, either. With the right data recovery tools, it’s easy to find, search, and restore “deleted” files. Use software that overwrites the files several times; try the free HandyBits File Shredder (http://www.handybits.com) or the free AnalogX SuperShredder (http://www.analogx.com). Strong degaussing magnets also are available that reorient all of the magnetic particles used to store data on a hard drive, but using special software is usually adequate.



 Out Of Your Hands

The real downside to identity theft is no matter how many tips you follow or steps you take to protect your identity, ultimately there’s little you can do to prevent the crime. “Identity theft doesn’t start with the consumer, it starts with the businesses,” says Foley. Every employee at every company you’ve provided with personal information is a potential identity thief. The same goes for every school you’ve attended and every organization you’ve joined that requested your Social Security number or other sensitive personal information. Even if all of those people are honest, you have to worry about an identity thief breaking into a computer and stealing all of that information from a central database.

Thieves don’t have to hack into computers to get your information, as demonstrated in a recent study by MIT graduate students Simson Garfinkel and Abhi Shelat. The two bought more than 150 used hard drives, mainly in Internet auctions, and out of 129 working drives, they found thousands of credit card numbers and other sensitive data. Many of the drives came from old business computers and were not properly erased before becoming someone else’s property.

To avoid having your personal information exposed like this, Foley says that when you are dealing with any company that wants your personal information, ask a representative from that company to answer the four Ws:

Why are you collecting this info?

Who’s going to have access to it?

What steps are you taking to protect it?

What steps will you take to dispose of it?

If you can’t get satisfactory answers, take your business elsewhere.



 Red Alert

If you have been victimized by an identity thief or even think you are a potential target, there are many steps you must take to report the incident and begin the process of protecting or restoring your identity.

First you need to file fraud alerts with all three of the major credit reporting bureaus: Equifax (800/525-6285; http://www.equifax.com), Experian (888/397-3742; http://www.experian.com), and TransUnion (800/680-7289; http://www.transunion.com). The three credit bureaus will send copies of your current credit report, which you can review and then dispute. A standard fraud alert stays on your credit record for 90 days, but you can ask each bureau in writing to extend the alert to seven years. “Send it by postal mail; don’t rely on the telephone with the bureaus,” says Givens. “They’re notorious for ignoring telephone communications.”

Unfortunately, the fraud alert isn’t a cure-all. “Credit monitoring doesn’t do diddly-squat for prevention,” says Foley, “it just gets you early detection at best. At worst it gives you a false sense of security.” Creditors are not legally obligated to deny credit if there is a fraud alert on an account. Because of this, Givens recommends checking your credit quarterly if you are a victim of identity theft and then at least once a year if you’re not.

The next step is to contact the banks, credit card companies, and other creditors directly to alert their security or fraud departments that fraudulent accounts were opened in your name or that your existing account was accessed without your permission. They can tell you what forms, affidavits, reports, and other information you’ll need to establish your case and get your accounts back in order. You also should contact your local police department and ask an officer to take an official statement, and you should file a report at the FTC’s Identity Theft Clearing House (http://www.consumer.gov/idtheft). This excellent Web site also contains a wealth of tips, instructions, and forms that will help you prevent and recover from identity theft, including a downloadable ID Theft Affidavit that will help you report the crime to the proper authorities and organizations.

In the end, most of the cost of identity theft is absorbed by credit card companies, banks, and businesses, and you’ll eventually get your money back and clean up your credit, but the bad news is that it takes a lot of time and effort to put it completely behind you.  

 

        Rick's Column

    Identify Theft on the Internet

Criminals in this area steal a Social Security or credit card number, and use it to build an identity. The victim discovers the problem when the bills arrive. By that time, the criminal has probably discarded the identity and moved to a new one. Victims are left with hours and hours of dealing with bill collectors, creditors and credit reporting agencies, trying to clear their names.

Most identity theft probably takes place off the Internet. Thieves can get your private information from your trash. Or they can steal your mail. You could be hit if you lose your wallet.

The Internet also contains risks. For instance, you might get an e-mail message that purports to be from your Internet service provider. It could say that your information was lost and ask you to send your Social Security or credit card number.

This is a classic example of "social engineering," or trickery. It is unlikely that a legitimate organization would request this information via e-mail. At the least, call and double check.

According to the Identity Theft Resource Center in San Diego, as many as 1.1 million people may have been victimized last year. In most cases, the victims do not have to pay the bills. But the time required to clear their names is substantial. There are endless stories about the misery this situation causes. Make no mistake, you're better off to prevent this crime, if possible.

The less information available to the public about you, the better. I wouldn't submit a profile--even my address--to an instant messaging system or America Online. If you've already done that, I recommend that you delete it. Don't give the bad guys a place to start. At the very least, people who have just a little personal data can use it to establish a rapport with you.

What's on the Internet about you? Put your name in a search engine and find out. If you find personal data, you may be able to get the site to remove it. Also, check Yahoo's People Search area.

Think twice about putting a family tree on the Internet. Your mother's maiden name may be there. Many people use that name as a password or a key to access a forgotten password. If you want to put the family tree on the Internet, require a password to get into it. Don't make it easy for strangers.

When you shop online, be sure you're dealing with a reputable company. If you're sending credit card information, be certain that the form you're using is secure. Look for the closed padlock at the bottom of the browser. Double check the company's privacy policy, which should be on its site.

Intruders will attempt to place programs--called Trojan horses--on your computer. Such intrusions are much more likely if you have an always-on Internet connection. These can be used to send your personal information from your computer back to the intruder. A software firewall program will stop such transmissions. Zone Labs (http://www.zonelabs.com) makes a good one--Zone Alarm. Furthermore, it's free. Norton, McAfee and many other companies also make firewalls. Get one.

Microsoft's Internet Explorer will save passwords and automatically insert them for you on Web sites. This is part of the program's AutoComplete. It's handy, but it could be dangerous if someone else has access to your computer. If you think there could be a problem, turn it off. Go to Tools>>Internet Options>>Content. Click AutoComplete. Clear "User names and passwords on forms."

Passwords can be a real problem. People use their middle names, their kids' names, their pets' names. They use words found in the dictionary. Or they use simple number combinations. Crooks use sophisticated programs that will guess these passwords.

An alphanumeric password is best. Pick one that includes numbers, letters and symbols. Those are virtually impossible to break.

Finally, check your credit reports at least once a year. If someone is using your identity and not paying the bills, it should show up there. Three companies--Experian, TransUnion and Equifax--produce reports. You can find lots of companies on the Internet that will round up all three for you. Don't get just one. Expect to pay about $35. There's no need to get your credit score, unless you're applying for credit.

If someone steals your identity, there are many resources online. Start with the Federal Trade Commission (http://www.consumer.gov/idtheft).

       

E-mail your Question or Comments

E-Mail us doing the show and we will answer your question on the air LIVE or select the items that apply, and then let us know how to contact you.

Answer my question or read my comment on the air.
Send me audio tape and report for the following show:  enter show # in comment section.
Have a T.Byrd Representative contact me

Name
Address
City/State/Zip
Question

or Comment
E-mail
Phone