eHarmony Free Communication Weekend

• Tweet

May 28th, 2010 - Posted by Tasha

Rejoice – eHarmony's free communication weekend is back!  Today through this Monday the 31st, you can get the full eHarmony user experience for free.  And it really is free – you don't even need to enter your credit card information.

Just click on the eHarmony link, go to the site and create a profile.  Then you'll be matched up with compatible singles and you can communicate to your heart's content over the long weekend.   If you start now, you'll have 4 days to meet the guy/gal of your dreams!

Tab-napping phishing technique uncovered

• Tweet

May 27th, 2010 - Posted by Kent

There's a new type of phishing attack and it's been discovered, not by a hacker (at least as far as we know), but by a Firefox developer. Aza Raskin posted the technique on  his blog—so if hackers didn't know about it already, they do now. The technique works something like this:

1. User goes to a malicious, but seemingly innocuous website
2. User opens up a new tab for other browsing
3. When the hacker suspects activity on the original page has ceased they substitute phishing page (Gmail, Facebook, online bank)
4. When the user returns to the tab and doesn't pay attention to the url, they may inadvertently provide account details to the phishing page

What makes this rather ingenious is that it exploits holes, not so much in browsers, but in our memories. If the hack is well executed the favicon (the icon near the url bar) is duplicated too. We take visual queues; we don't remember what site we were at before. Maybe it was Facebook, and maybe it wasn't, but seeing the Facebook login page makes you think you've been logged out.

Want to try it out? Go to Raskin's site, open up a new tab, then watch how his site becomes a duplicate of Gmail behind the new tab that you've opened. Creepy, isn't it? Raskin thinks that it's up to the developers who create web browsers to develop better authentication methods. While we agree, we think users should get used to looking at the urls in their browser windows. Also, Internet security software can help alert users to phishing attacks. Like all issues related to Internet security, the best approach comes from developer action, user caution, and software security.

My credit score is 761, and my wife has a 764 FICO score. We are trying to refinance and are wondering in these are good enough scores.

• Tweet

May 27th, 2010 - Posted by Tasha

Q:  My credit score is 761, and my wife has a 764 FICO score.  We are trying to refinance and are wondering in these are good enough scores.

A: This is a tricky question, mostly because creditors use their own judgment as to what is a "good" score and what isn't.  Your FICO score is calculated based on 5 factors:  payment history (35%), amount owed (30%), length of credit history (15%), new credit (10%), and types of credit used (10%).  Fair Issac basically puts all this information into their magic (and secret) algorithm blender and generates your FICO score.   Your FICO score (and everyone else's) is included in the national distribution of FICO scores provided by Fair Issac.  Creditors draw their own conclusions from this data.

However, your FICO score isn't the only factor they take into consideration.  Creditors also look things like your income, employment history and credit history.  Then based on all this information (and their own underwriting policies) they decide whether they will offer you credit and on what terms.  So if your combined income is $90,000/year, you've had a spotty employment history and you want to refinance a $1,000,000 loan, they may feel the credit risk is too high, regardless of your FICO score.  On top of this, sometimes regional factors come into play, so a suburban midwest creditor may perceive your information differently than an urban east cost creditor.

Of course, a FICO score that's perceived as high should help.  Our advice is to do your research, approach several creditors for the refinance loan and see what they come back with.   And make sure you stay on top of your credit history and scores, because they are a moving target and fluctuate over time.  The easier (and least expensive) way to do this is to sign up with a credit report monitoring service like our top rated Identity Guard.

My purse was stolen, and it had my social security card, driver license and credit cards it. I'd like to sign up for a identity theft prevention service, but I don't have a credit card right now. How can I sign up as soon as possible without a credit card?

• Tweet

May 26th, 2010 - Posted by Tasha

Q:   My purse was stolen, and it had my social security card, driver license and credit cards it.  I'd like to sign up for a identity theft prevention service, but I don't have a credit card right now.  How can I sign up as soon as possible without a credit card?

A: It may be somewhat counter-intuitive, but the vast majority of identity theft protection services require a credit or debit card to enroll.  They aren't set up to make automatic deductions from your checking account, like your mobile phone company might do.

There is a more creative solution to your problem.  If you go to your local supermarket or convenience store, they usually sell prepaid credit cards.  You can then sign up for an identity theft protection service with this pre-paid card.  Problem solved!

It's important to mention that even though you provide the billing information at signup, most of the providers reviewed on our site – including the top rated Trusted ID – offer a free 30 day trial, so you won't be billed until the end of the 30 day period.

Facebook privacy changes: the slow roll-out begins

• Tweet

May 26th, 2010 - Posted by Kent

In a blog post today, Facebook CEO Mark Zuckerburg did a kind of explanation-cum-mia-culpa on the social network's privacy settings. In the process he announced new, simplified privacy controls that should clear up confusion about just who has access to your what, and give you actual control over all of it. Now the only confusion seems to be around just when these controls will be available to all users. It doesn't seem to be on my account yet, and the blog post suggests they will be available over the "next few weeks." And this is confusing because an email from Facebook states that "starting today, Facebook will:"

• Provide an easy-to-use "master" control that enables users to set who can see the content they share through Facebook.  This enables users to choose, with just one click, the overall privacy level they're comfortable with for the content they share on Facebook. Of course, users can still use all of the granular controls we've always offered, if they wish.
  
• Significantly reduce the amount of information that must be visible to everyone on Facebook. Facebook will no longer require that users' friends and connections are visible to everyone. Only Name, Profile Picture, Networks and Gender must be publicly available. Users can opt to make all other connections private.
• Make it simple to control whether other applications and websites access any user information. While a majority of our users love Facebook apps and Facebook-enhanced websites, some may prefer not to share their information outside of Facebook. Users can now opt out with just one click.

So, maybe it's today, and maybe it's next week. Keep clicking refresh on your privacy settings and see! And if you want a preview of coming attractions, check out the Facebook Privacy Guide.

Eset discount: Get more Smart Security 4 for less

• Tweet

May 26th, 2010 - Posted by Kent

Eset is offering deep discounts on its popular Smart Security 4. Right now, NextAdvisor readers can receive additional savings on multi-year, multi-PC plans. A 2-year, 3-PC license comes in at $104.99, a savings of almost $30.00. Check out the full offering here.  This is a good deal for those attracted to Eset's minimal setup and non-intrusive design. Click here to read our review of Eset Smart Security 4, and see how it stacks up to the competition.

How can I get my credit report from last year?

• Tweet

May 25th, 2010 - Posted by Tasha

Q:  How can I get my credit report from last year (July 24th 2009)?

A: That's a tricky one.  According to the 3 credit bureaus (Experian, Equifax and Transunion), you can't actually get in a time machine and retrieve your credit report from yesteryear.  This is because your credit report is being constantly updated with new information.  It's basically a moving target, and data is usually being added (or removed).  There isn't a static credit report from last year that they can pull out of the files, dust off and hand over to you.

I wasn't completely clear on why you'd want an old credit report, but you can try this work-around.  Sign up for a credit report monitoring service, carefully review your credit history and manually "back out" any transactions or changes that happened within the last year.  I'm not sure this will work perfectly, but it should be a pretty good estimate.

Watching out for criminal hacks

• Tweet

May 25th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

We use the web to search out tons of information, to shop online and to connect with friends and family. And in the process criminals are trying to whack us over the head and steal from us. And they’ve become very proficient at their craft while most computer users know enough about protecting themselves today as they did 15 years ago. Which equates to not so much.

Back in the day, a person only had to know not to open a file in an attachment from someone they didn’t know. Maybe even not opening one from someone they did know and making a phone call first. Today there are more ways than ever that your PC can be hijacked.

Today you can simply visit a website thinking you are safe and the bad guy was there before you and injected code on the site and now it infects your out-dated browser. That’s a “drive by” and it’s very common today. Here is a list of likely attacks occurring every day.

Fundamentals:

Update your browser. Internet Explorer and Firefox are the most exploited browsers. Whenever there is an update to these browsers take advantage of it. Keep the default settings and don’t go to the bowels of the web where a virus is most likely to be. Consider the Google Chrome browser as it’s currently less of a target.

Update your operating system. No matter what brand of computer you are on you have to update the critical security patches for your Windows operating system. Microsoft will no longer support Windows XP after 2014, so start thinking about upgrading to Windows 7 (which is pretty sweet). Go to Windows Update. Why anyone would keep XP running unless they have to is a mystery to me. It’s a dog who has been kicked too many times.

Update Adobe Reader and Flash. Adobe PDFs and Flash Player are ubiquitous on almost every PC. Which makes them a prime target for criminals. To update Reader go to "Help" then "Check for Updates." To update Flash go here.

Don’t be suckered into scareware. Here's the typical scenario: a popup launches and it looks like a window on your PC. Next thing a scan begins. The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day. Don't believe it. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year. Just shut down your browser and do a scan with your existing anti-virus. Then update your browser because it’s probably outdated, which is why you saw scareware in the first place.

Beware of social media scams. Numerous Twitter (and Facebook) accounts including those of President Obama, Britney Spears, Fox News and others were taken over and used to ridicule, harass, or commit fraud. Often these hacks may occur via phishing emails. Worms infiltrated Twitter, requesting that users click on links that infected their accounts and then multiplied the message from follower to follower.

Invest in social media protection @ Knowem.com. Protect your computer with Internet security software.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Romance is in the air: Yahoo! Personals is now Match.com

• Tweet

May 24th, 2010 - Posted by Tasha

It's true love folks; Match.com is making a serious commitment to Yahoo!Personals.  Effective today Match.com is the exclusive Yahoo online dating site.  The current Yahoo!Personals site is now co-branded with Match.com and users are being encouraged to migrate over to Match.com.

Yahoo!Personals members can continue to stay with the service, but they will have a smaller dating pool to fish in as other members either head over to Match.com or leave for another site altogether.  Members who elect to quit Yahoo will be given a pro-rated refund.  Members who migrate over to Match will retain their Yahoo!Personals pricing and discounts, as per this statement:

"People who move an active subscription…will be charged the same subscription renewal price plus applicable taxes on the same renewal date and keep the same term (1, 3, or 6 months) as their current Yahoo! Personals subscription, including all applicable discounts. These exclusive Yahoo! Personals rates are equal to or lower than the standard rates on Match.com on Yahoo!. Subscribers will retain their exclusive Yahoo! rate and free premium features for as long as they are continuously subscribed to Match.com on Yahoo!."

We here at NextAdvisor actually think this move will benefit current members of Yahoo!Personals as they will be given access to all the top-rated Match.com features as well as their larger subscription basis.  If you're curious, check out our Match.com discounts to see if you can save more money by quitting Yahoo and signing up with Match.

Lifehacker rates top five web hosts

• Tweet

May 24th, 2010 - Posted by Kent

Lifehacker, a Gawker Media blog which reports on ways users can improve their online lives, has ranked its top 5 favorite personal web hosts. We are happy to see that four of the five they list we also reviewed, and three of those are also in our top five (in the same order too). Their top choice is a web host called NearlyFreeSpeech.net, a web host we did not review (any web host that says in its own FAQ that it's not easy to use, doesn't really fit our criteria). But here's what they had to say about the rest:

Bluehost: Bluehost offers unlimited disk storage, unlimited bandwidth, unlimited hosted and parked domains, and a free drag-and-drop web-based site editor. You can have up to 100 MySQL databases, 2,500 email accounts, and a 1,000 FTP accounts. Bluehost offers one-click installation of forum, image gallery, blogging, and content management tools.

1&1: 1&1 hosting starts at $3.99 a month and even the basic package includes a free domain name. The basic plan comes with 10GB of storage, unlimited monthly transfer, and hosted email. All accounts come with the 1&1 Webspace Explorer a web-based tool for managing account files and site organization. Basic accounts don't include any one-click application installers, but all accounts above the basic tier include site templates and applications like forums, blogs, and task management tools.

Hostgator: HostGator packs in quite a few freebies for even their lowest tier plans. The basic "hatchling" plan comes with unlimited disk space and bandwidth, access to their site building application, unlimited email accounts, and dozens of one-click applications like information portals, forums, and more. Upgrading from the basic plan gives you additional features like unlimited domains, domain parking, and SSL.

Dreamhost: Dreamhost has made a name for itself with frequent promotional sales with outrageously good prices. Even if you don't catch them during a promotional window, the $8.95 per month plan includes unlimited storage, bandwidth, email accounts, MySQL databases, and domains hosted. Every account comes with a free domain registration, and additional domains are $9.95. Dreamhost accounts include one-click installation of popular blogging tools, forums, and wiki software.

You can read our reviews here.