Pitfalls of information harvest
By Scot Mewbuorn and John Garrison
Modern technology means you can handle lots of information. Make sure only people you choose to share information with have access.
When it comes to technology and the growing usage of it,
harvest is a year-round process. In today’s modern farming and ranching
environment, there is a growing need to accumulate and process information. It
may be tracking the chemical usage and yield on your farming acres, keeping
records on your livestock to increase production and meet government
regulations or just keeping that old shoebox full of receipts for tax time, but
collection of your information is critical to every agricultural family or business.
So it is important to know how to efficiently collect that
information—and safeguard it.
The great part about technology is that the useful devices
keep getting smaller. This makes it easier for you to use and transport these
devices around your farm.
Today there are personal digital assistant (PDA) devices
that range from the electronic phone book to fully capable computers that fit
in the palm of your hand. There are programs available for these PDAs that
allow for all types of information to be gathered as you do your daily tasks.
Once gathered, it is important that you have the ability to rapidly share that
information between your PDA and other devices such as your home computer.
Technology is making it easier to gather and move this information with
wireless (Wi-Fi) and infra-red communications. In turn, you are better able to
use great sums of information to increase your business profits and ease your
daily work efforts.
Use just a few of these ag-related programs that can be
obtained from universities and private vendors to gather information for
everything from birth weights to acre-by-acre yield, and you will soon discover
you better understand the strengths and weaknesses of your operation.
The bad news is, you’re not the only one who wants to
harvest the information contained on your computer and PDA. Attacks on the
Internet are becoming more and more commonplace as hackers and other criminal
elements gain their own technical prowess in manipulating and recording
activities and personal information. Much of this happens online. There are
many ways to deceive the common Internet user. One of the most accomplished
deceptions occurred last year. Many people received what appeared to be an
e-mail from Microsoft, advising that there was a Windows update available. Of
course, the link in this message did not lead the user back to Microsoft, but
to another Web site that installed malicious software on the user’s PC. There
were several clues that the e-mail was illegitimate; the most obvious hint was
that the message was written with very poor grammar. However, many people
simply saw the Microsoft logo, the familiar colors and fonts, and haphazardly
clicked on the dubious link. In turn, the link took users to a site that
installed a program that altered the computer, allowing the hacker to control
the newly infected PC.
This type of computer infection is known as spyware and has
become a scourge of the Internet. Spyware can be installed as simply as
visiting any Web site that is set to spring a hacker’s trap. Users usually know
nothing is happening until the computer begins to run increasingly slower day
after day.
Decreased processing speed is due to the spyware sending
information back to the hacker while the computer is online. Spyware can record
keystrokes such as typed user names and passwords as well as personal financial
information stored on the infected machine. To combat this, anti-spyware
software is available for download from the many reputable sites for free or
minimal cost. Microsoft’s own anti-spyware application is located at
http://www.microsoft.com/athome/security/spyware/software/default.mspx. It is
currently free of charge. Another anti-spyware application is
Spybot—Search & Destroy, which can be downloaded for no charge from
http://www.safer-networking.org/en/download. The Microsoft version runs
automatically in your processor. Spybot’s icon must be clicked on to start.
Both are effective defense against malicious software.
Another type of attack against personal computers is a variant
of the Microsoft update e-mail. This type of exploit uses a similar disguise,
claiming to be from a noteworthy bank or credit card company. Such probing has
been dubbed “phishing,” as it is actually fishing for your personal
information. Because these e-mails have the same look as a familiar company’s
Web site, users may assume that it is legitimate. Usually, the verbiage of a
phishing e-mail suggests it is from the company’s customer service or account
management office. The ploy typically involves asking for verification of
personal information. Unsuspecting recipients are asked to click the included
link in order to confirm their name, date of birth, Social Security number,
user name and password—sometimes even financial account numbers. If ever
in doubt about an e-mail like this, ask yourself one important question,
“Wouldn’t the bank or credit card company, or even eBay already have this
information?” Links on phishing e-mails often connect the deceived user to a
temporary Web site that looks like the familiar company’s Web page. The user
then enters their personal information, and, with the click of the submit
button, the process of identity theft has begun.
According to the Federal Bureau of Investigation, phishing
Web sites exist for less than a week, then disappear along with all the
information they have stolen. To combat this type of attack use common sense.
Never click on a link that is incorporated in this type of an e-mail message.
Resist that urge and you will protect your personal data. Some current phishing
attack messages are using eBay, Chase Bank and even the Internal Revenue
Service logos as the proverbial sheep skin as lure to catch your financial
identity. If you suspect this type of message is bogus, contact the company by
telephone. They will appreciate the news that their company name is being used
in a phishing message, and sometimes enroll corporate security to help stave
off the attacks. There is a free tool that is distributed by GeoTrust.com to
verify Web sites. It checks against
with legitimate site registration agencies to confirm that you are visiting a
proper site and not a bogus page. This technology is currently used at MFA’s
home office to verify Web sites. The download places a toolbar in your browser
with an icon that states if the site is verified. The software warns you if the
site is not verified, and such sites should be avoided—unless you know by
other means that the Web site is safe to visit. This tool is also available
free of charge at http://www.trustwatch.com. Click on “toolbar download.” The
GeoTrust toolbar also incorporates a pop-up blocker.
Yet another type of deception that is becoming prevalent on
the Internet is Web site hijacking, which has come to be known as “pharming.”
Pharming is similar to a phishing attack, but rather than sending an e-mail
with a bogus link, criminals actually hijack a reputable company’s Web site by
name. The hackers replace the legitimate Web site with their own Web server and
a page that looks identical to the one they have hijacked. The hijacked site
will have some sort of statement that requests confirmation of personal
information just as the phishing Web site. Pharming sites also are short lived,
disappearing in mere hours or days, yet taking with them critical information
from all the users duped by the ruse.
Scot Mewbuorn is the IT services director for MFA and John
Garrison is the technical support manager for MFA.
|