Hacker Free Holiday Shopping

Oh, the joy of the Holidays. You may, like many, decide to buy some (or all) of your gifts online this year. And why not? Why go out in the cold, snow and slush, fight traffic, and have to walk a mile from the only available parking spot? Why push through aisles of crabby people only to find out that the person in front of you just bought the last Nerf N-Strike Stampede?

When you could have just stayed home in your jammies and fuzzy slippers and ordered it online…

Shopping online is fantastic. But unfortunately there are some modern day Grinches out there that try to ruin it for everyone. That latest e-mail you received from a “name brand” store that has the super Nerf Vulcan Automatic Heavy Blaster for half price just may not be legit. It could be a fake e-mail that leads you to a spoofed site.

Spoofed sites are a common technique that hackers use to collect personal & financial information from unsuspecting victims. A spoofed site is a site that is run by hackers, and is camouflaged to look like the website of a real store. Many times it is very hard to tell the difference between a spoofed site and a real one. Here are some browser screenshots comparing legit websites with sample spoofed sites.

See if you can tell them apart (Click images for larger view):


Wow, pretty much identical. The one on the top is the original site. The one on the bottom is fake. The only discernable difference is the address bar. If you look closely, the real site says “http://www.sears.com” while the fake site says “”.

The address is not a valid routable internet address, but a real spoofed site would be using a live IP address. Internet explorer 8 ties to help you out against these types of attacks by highlighting the website (domain) name in the browser. If you look at the address bar on the top, sears.com is in bold.

Here is another example:


Okay, these ones aren’t quite identical, but this shows that spoofed sites can look and behave just like the real ones. The advertisements have dynamically updated on the spoofed site just as they would on the real one. So advertisements beside, the only real difference is the address bar.

If you look closely, the real site has “amazon.com highlighted and again the fake site just lists an IP address. One other difference is the icon in the address bar. The real site has the Amazon icon and the fake one has the generic internet explorer icon. But this is not always the case.

Using the IP address is just one tactic hackers use. For additional ways site names are spoofed check out my article, “Spoofing a Website Address: How to Obscure a URL”.

Please be careful this Holiday Season as you shop for your loved ones. Be leery of using links in e-mails, especially in unsolicited mail. You can always manually surf to the website yourself and find any deals that are legit.

Have a happy and safe Holidays!


Online Computer Training: Tips for Unemployed IT Workers

I am amazed at how volatile the computer industry has become over the years. The IT field used to be a very stable field to be in. IT workers were almost “untouchable” when it came to company cutbacks. Unfortunately, now, many IT workers are considered “overhead”, and are included in the first wave of layoffs. After working for the same computer company for 15 years I left for a “Dream Job”. It did not work out quite like I thought. In the last 5 years I have been caught up in 3 corporate layoffs by three different companies. It has been some hard times, but you do gain wisdom along the way. So what do you do when you find yourself suddenly without work?

You have many options. Maybe it is time to go back to school. Due to the high unemployment rates, many states are offering college and continuing education opportunities. Not a bad deal. Also, it may be time to consider a career change. Most of my friends that I have worked with over the years have left the IT field all together. Again, many states will cover re-training expenses for laid off employees. Or maybe you want to start your own business. Some states offer training and support for displaced workers that want to start their own businesses. The best thing to do is to talk with your local unemployment office to see what is available.

If you want to stay in the IT field, but can’t afford or don’t want to go back to college, there are other options. Take the time and update your skill set. SANS training is excellent and is beginning to be required for many government security jobs. But it can be very pricey. Updating your IT certifications is a good idea too, but again, many IT workers are used to their company covering the costs for training classes.

Here are some cost effective ways to increase, sharpen or update your IT skills.

Online training is a good choice. There are numerous options for online training. VTC Online University offers almost 900 IT video training courses, many presented by Microsoft Certified Trainers, for $30 a month. You will find server, network, application and even certification preparation training. It is very similar to training classes that large corporations offer employees, but at a fraction of the cost. Multi-user licenses are also available. I have completed numerous classes through VTC and I was very impressed. I was so pleased with VTC that I became an associate. One perk as an associate is that you are allowed to place VTC ads on your site and you get paid for referrals. But don’t let that turn you off. VTC allows you to preview the first section of most classes for free, so you can decide for yourself if you want to join or not. If you spend some time searching, you can find online training that meets your needs and is easy on the pocket book.

Watch online seminars. What better way to stay up to date than to watch videos from top security experts. And most of them are free. SANS offers a library of archived webcasts that you can watch. Most top security conferences will offer videos of past conferences, including whitepapers and handouts. The Blackhat and Defcon security conferences come to mind. Government Computer News and FS-ISAC also sponsor many free online conferences. With so many companies doing online training now, just check the Video section of your favorite computer security sites, you will probably find some great training material.

Online Forums. Online forums are a great way to learn new skills and network with others with similar interests. One way to search through the mountain of information is to use google groups.

Go to College, for free. Really, not kidding here, and not just computer classes. Want to take C++ from MIT? Or how about Molecular, Cellular and Developmental Biology from Yale? Check out College Open Course Ware (OCW), you take real college classes by real professors and it is free. Many top colleges from around the world are offering several of their classes for free. You don’t get the credit for the class, but I do believe that you can challenge the class to get credit if so inclined. Also, Sam Bowne (City College San Francisco) offers a lot of his Ethical hacking and Network Defense class material, including class videos, for free.

Read a book. There are some great security titles out there to brush up on skills or to learn new skills altogether. Or if you are a self-learner, there are many certification prep type books available. Many online book stores also allow you to purchase used books for a fraction of the price of new. I recently purchased an $80 security title from a big name online book reseller used for $10. The cover was a little scuffed up, but other than that it was in excellent condition.

Volunteer. There are several not for profit places that would greatly appreciate someone with your talent. And you just may learn something new in the process. Anyways helping others is always a boost to morale.

Hopefully this has given you some ideas that will help you out with your career choices, or just give you something creative to do. The best thing is to remain positive, move forward and keep your eyes open; a door will open for you.