In addition, I have stood against attempts to censor or restrict the Internet by state and federal governments by advocating for the protection of the open Internet. In spite of my recent candidacy as a Democrat running for U.S. Senate, I have found overwhelming non-partisan support for keeping the fingers of government out of controlling, censoring, or monitoring the Internet.

Protecting American constitutional rights is not the same as harboring illegal activity. XMission has repeatedly cooperated with law-enforcement provided we are served with a proper warrant, signed by a judge, that is specific in demand. I do not support wholesale spying on my network, nor will I ever. I would rather shut down XMission than allow the government to use it as a tool for violating privacy otherwise guaranteed under the Fourth Amendment.

While some ISPs cower at threats, XMission stands against them. While some seek to control or censor the Internet, we fight to protect its freedom. Through transparency, there is accountability, and the Internet remains a unique technology for revealing despotic and despicable acts. It should be protected. As one of the few, if not the the only remaining American ISP that believes this, I ask you to consider our services and support XMission. If you are already an XMission customer, thank you.

One day after warning of a new attack on its Reader and Acrobat software, Adobe issued a security advisory Tuesday offering users some advice on how to mitigate the problem.

Security experts say the flaw lies in the way Adobe’s software executes JavaScript code, and Adobe offered a few workarounds in its advisory to help users avoid being hacked by the attack.

The simplest way is to turn off JavaScript in Reader and Acrobat. Security experts have long recommended this option, because a number of Adobe attacks already depend on the use of JavaScript. To disable JavaScript, select Edit -> Preferences and then pick the JavaScript category. There, users can uncheck the “Enable Acrobat JavaScript” choice.

Criminals have been sending out malicious PDF files since Friday that include this new attack code, but these attacks have not been widespread. However, security experts worry that as information on the bug spreads, these attacks will become a bigger problem.

Several hacker sites on Tuesday claimed to have published samples of the attack, which means that the code could soon be picked up by even more criminals.

“This is legit and is very bad,” the anti-malware volunteer group Shadowserver said in a post to its Web site late Monday.

The flaw lies in the current version of Adobe Reader on Windows, Macintosh and Unix systems. Macintosh and Unix computers will crash when they try to open the malicious files, but Adobe and outside security experts say that, so far, the attack code only works on some versions of Windows. Older versions of Reader and Adobe Acrobat are also affected by the issue, Adobe said.

Windows Vista and Windows 7 use a Data Execution Prevention technology that prevents the attack from doing anything more than crashing Reader, Adobe noted.

Adobe is not saying when it will patch the issue, but its next set of Reader and Acrobat patches is due Jan. 12.

Link to original article:
http://www.macworld.com/article/145122/2009/12/adobe_reader.html

Phishing emails are dangerous and have potentially catastrophic effects.

One particular type of phishing email could be the most malicious of
them all: an email pretending to be your email provider that asks you
for your account and personal information. Do not be fooled.

Read below and learn about phishing attacks, what you can do and what
XMission does to protect your accounts.

How phishing attacks happen.

Phishing is an elaborate form of data and identity theft. It works by
persuading users to respond to emails asking for personal information or
to go to a website where information can be entered. These are so
effective because the emails usually look trustworthy and sound like
plausible scenarios.

How to spot a phishing email.

While phishing emails often differ, they almost always look legitimate
and always ask you for something confidential.

Examples of email subjects:

• “Verify Your Account”
• “Email Upgrade”
• “Update Your Email Account”
• “Your email account has been suspended!”

Examples of From:

• “Xmission Admin”
• “Support”
• “Webmail Support Team”
• “email@xmission.com”

Example of a Phishing body:

Confirm your email account by filling in the details below:

Username:

Password:

Why it’s so difficult to stop.

Often, phishing emails come for legitimate email accounts that have been
compromised, which is what XMission has been dealing with recently.

Phishers use a variety of camouflage techniques to avoid being detected
by our antispam/antiphishing systems by using:

• Random letters or famous quotes in the subject or in the body of the
  email;
• Invisible text in HTML emails;
• HTML or Java content instead of plain text;
• Pictures only (no other text in the email body).

Potential consequences:

By replying or following links inside emails like these you can do more
damage than you might imagine.

Common Examples of what phishers can do:

• Use your information to run up your bank accounts
• Open new accounts, credit cards, loan or contracts in your name
• Have access to all of the confidential emails you receive from your bank

Don’t fall for it:

Follow these tips to stay safe:

• Don’t ever reply to emails that ask for personal/confidential
  information
• Forward the email to spam@xmission.com and then promptly delete it
• Do not click links in emails unless you were expecting the email
• Do not fill in forms that request information. Any trustful provider
  will use a secure website and digital certificate

Safety:

Customers with “@xmission.com” email addresses can verify that they have
spam filtering enabled on your account, this catches almost all phishing
attempts. You can verify that filtering is enabled by going to
http://webmail.xmission.com and entering your login information. There
you will find a button called, “Filters”. Business customers have
filtering enabled already, unless requested otherwise. If you have
questions, you can always go to http://chat.xmission.com and talk with
one of our technical staff or call us at 801-539-0852.

Use an antivirus program that helps detect malicious emails and websites

What XMission does to protect you:

We have full time staff that monitors incoming and outgoing email for
spam, phishing and other potentially harmful traffic

XMission uses Spamassassin on its five email scanning servers
(http://spamassassin.apache.org) and is constantly writing rules to
account for trends in spam and phishing emails (see: What is
Spamassassin below)

We have Email Admins available around the clock to respond to phishing
emails.

We keep details statistics that you can view at:
http://postmaster.xmission.com

Our systems have been configured to automatically detect phishing emails
and notify our staff

What is Spamassassin?

Excerpt from spamassassin.apache.org

SpamAssassin uses a wide variety of local and network tests to identify
spam signatures. This makes it harder for spammers to identify one
aspect which they can craft their messages to work around.

If you’d like to get into the details of our filters, you can visit:

http://postmaster.xmission.com/senders/spamassassin/

What is Prey ?

Prey helps you find your stolen laptop by sending timed reports to your email, including information of its whereabouts. Prey reports the general status of the computer, a list of running programs and active connections, fully-detailed network and wifi information, a screenshot of the running desktop and — in case your laptop has an integrated webcam — a picture of the thief. Pretty cool!

You need to have the software installed on your laptop for it to work. With enough luck you may just get your machine back.

The program runs on Mac OS , Linux, and Windows.

I’ll be installing this on my laptop tonight.

This latest addition to the XMission domain based services makes it even more convenient to manage your online presence. Need to secure your web transactions or an email server? We can help!

Using SSL Certificates reassures your clients that you are doing everything possible to keep their information secure. Your customers can easily spot sites using SSL because the web address contains “https://” and web browsers shows either a lock symbol, key symbol, or specially highlighted navigation bar display.

Like a drivers license, SSL Certificates are issued by a trusted source, known as the Certificate Authority (CA) and the SSL protocol allows applications to communicate across the net in a way designed to prevent eavesdropping, tampering, and message forgery. All this conveys a level of trust and security to increase your client’s confidence in your online presence.

XMission will handle all your SSL Certificate needs from start to finish. Unlike other companies, we are here to help with real humans that answer the phones and respond to your emails. We will help you every step of the way and with a single bill so you do not have to manage several vendors.

Learn more about SSL Certificates by reading about them on our SSL wiki support page. You can order your SSL online, or simply call someone on our sales team. They will take care of you!

The XMission sales office is open weekdays from 9 AM to 5 PM, MST. You can reach us by calling 801-539-0852, 877-964-7746, or by emailing sales@xmission.com. As always, our support staff is here 24×7 to help you with any technical assistance you require.

Immediately after release of the patch in question and prior to exploit code being released into the wild, along with most other major providers, XMission has patched its servers for this serious issue on both its primary nameservers as well as its dedicated resolvers.

This past Tuesday (July 8), Microsoft released a patch (KB951748) via Windows update which was meant to fix a DNS exploit where hackers could redirect web page requests to malicious pages. This exploit widely affected hardware and software from many different companies. However, when combined with ZoneAlarm—a popular software firewall by Check Point Software—Windows XP and 2000 users found themselves without internet access after applying the update.

Since many Windows systems are set to automatically update the system, many people woke up that morning to find that they could no longer browse websites or get their email. We received many calls about this problem, and the fix at the time was to either set ZoneAlarm’s security level to medium, or uninstall the Microsoft update.

On Wednesday (July 9th), Check Point Software updated ZoneAlarm to correct this problem. They suggest users either update to the latest version of ZoneAlarm, or use either workaround mentioned above. (Instructions are provided on ZoneAlarm’s page.)

As always, XMission tech support is available 24/7.

*[DNS]: Domain Name Service

Obviously, we find emails like this incredibly frustrating. Spam has cost us tremendously in time, money, and network resources, and forces our customers to feel increasingly suspicious of anything in their inbox. Like you, we have all received spam from companies claiming to be eBay, PayPal, our credit union, or even the IRS. Even though XMission successfully filters out the majority of phishing spam, be aware that some still does squeak through.

Many of these emails ask the user to enter information using a fake web address, while others request information via email directly. Spammers send out large numbers of emails betting on the odds that someone with a legitimate account will respond. Usually these emails have an urgent tone or even threaten penalty, suspension, or account closure.

Because of the volume and persistence of this threat, we wanted to share a few reminders from the Federal Trade Commission:

1. Simply do not reply. If you have concerns about an account, pick up the phone and call the business, or bring up a fresh browser and contact them directly using their website. No legitimate business will ask you for personal information over email.
2. Scammers can fake anything including “from” addresses, logos, websites, and phone numbers. Even if an email includes a local phone, donít take it at face value. Call the company using a legitimate number from a trusted source.
3. Update anti-virus and anti-spyware software regularly. Always use a firewall if you have a high-speed Internet connection.
4. Do not use insecure websites. Always confirm the security certificates of secure websites.
5. Review credit card and bank statements as soon as you receive them.
6. Even if you receive an email from a trusted source, be cautious about opening attachments or downloading files.
7. Report phishing emails to XMission (abuse@xmission.com), the FTC (spam@uce.gov), and to the legitimate company being spoofed.
8. If you have had your information compromised, report it immediately to the FTC, and then visit the identity theft website at: http://www.consumer.gov/idtheft.

http://www.ftc.gov/bcp/edu/microsites/idtheft/

Using this site, consumers can learn how to avoid identity theft, and find out what to do if their identity is stolen.  Businesses can receive information about helping their customers prevent and cope with identity theft. This site also includes resources for law enforcement to help victims of identity theft.