What You Should Know

1. What is the difference between FTP and HTTP?
2. What is an ActiveX control?
3. What is Modem Jacking?
4. What are Email headers?
5. What is Phishing?
6. What is Internet Security?
7. What is the difference between Web-based Emails & POP3?
8. Securing your Internet Passwords

1. What is the difference between FTP and HTTP?

   FTP (File Transfer Protocol) is a protocol used to upload files from a workstation to a FTP server or vice versa. When ftp appears in a URL, it means that the user is connecting to a file server and not a Web server for file transfer. Most FTP servers require the permission to log on to the server for file transfer to proceed.

   HTTP (Hyper Text Transfer Protocol) is a protocol used to transfer files from a Web server onto a browser for viewing a Web page that is on the Internet.

   Unlike FTP, where entire files are transferred from one device to another and copied into memory, HTTP only transfers the contents of a web page into a browser for viewing. FTP is a two-way system as files are transferred back and forth between server and workstation. HTTP is a one-way system as files are transported only from the server onto the workstation's browser. When http appears in a URL it means that the user is connecting to a Web server and not a file server. The files are transferred but not downloaded. They are not copied into the memory of the receiving device.

2. What is an ActiveX control?

   An ActiveX control can be automatically downloaded and executed by a Web browser. ActiveX is a set of rules for how applications should share information. ActiveX controls have full access to the Windows operating system, which comes to a certain risk that it may cause damage to software or data on your machine. To control this risk, Microsoft developed a registration system so that browsers can identify and authenticate an ActiveX control before downloading it. ActiveX controls are limited to Windows Operating Systems environments.

3. What is Modem Jacking?

   Modem Jacking, also known as Internet dumping, is a process wherein the telephone line that connects your computer to the Internet is disconnected and then reconnected to a new telephone number without the victim?s knowledge.

   The new number is generally an international number with premium rates on top of the international charges, and leads customer to incur high phone bills for services that in most cases are undesired.

   Modem jacking occurs more for 56k Dial-Up users.

   Where does it come from?

   The most common sources of modem jacking are adult sites. These are websites that are often loaded with many pop-up windows or banners making it easy to accidentally click on a window that will initiate download of certain software. The scams are also generally operated from pornographic sites where people prefer not to give personal details.

   When does it happen?

   This happens after a user downloads a program, usually from websites with adult contents. Internet users, while they surf, may not be aware of softwares being downloaded, or users are aware but thinking that these are just pieces of normal softwares. In most cases, user has clicked on a pop-up agreement window or has not read all the conditions on entering a new part of a site. Some unscrupulous websites may not provide you sufficient warnings on the call rates before the dialer is downloaded. Consequently, users blindly agree to the terms and conditions. Once the user agreed, the dialer will transfer the user from their initial dial-up number to a premium number.

   How does it work?

   Internet dumping or modem jacking is more prevalent with dial-up modem connections (Internet users running on 56k modem). A software program known as an Internet dialer that is downloaded onto your computer from these websites controls the voice modem connected to your computer and telephone line. These dialers are capable of dialing and redialing to the Internet using a high call-charge rate or premium numbers, usually 190, automatically replacing your ISP?s dial up number. Your modem is even muted to avoid the dialing noises and to avoid detection. Internet dialers are also frequently linked with pornographic websites, gambling, games and music sites.

   How do you know you have fallen victim to modem jacking?

   Common signs of modem jacking are:

   • Unexpectedly high telephone bill due calls made to unknown international telephone numbers
   • A telephone bill from another telephone company apart from your telephone line provider
   • An unfamiliar shortcut icon or dialler is found on your desktop
   • A ?dialler.exe? file may appear on the C drive of your computer
   • You are connected to the Internet but cannot send emails via your email client

   What measures should you take to prevent modem jacking?

   Some measures that can be taken to prevent modem jacking:

   • Restricting access to international calls and 1900 numbers
   • Activation of call control available through your telephone provider and/or the use of personal identification number control for access to international calls
   • Read EVERYTHING in the contract before clicking OK when you are going to download
   • Be especially careful of adult sites
   • Make sure that your modem volume is ON. This will let you hear any re-dialing if you get disconnected
   • Install software that prevents automatic downloads or filter undesirable materials. A pop-up blocker is one example
   • Turn off your computer and modem when not in use

4. What are Email headers?

   Does email leave a trace of its origin?

   Like fingerprint, each email has its own identification. We may call this identification as email header.

   Email header is the routing information that email travels from sender to recipient. It reveals details about the sender's IP address, the transit point's IP address, the time stamps and other information. We have to understand that a typical email passes through at least four mail servers or what we cal Mail Transfer Agents (MTA) during its lifetime.

   How we We Obtain Email Headers?

   First, we learn how to extract email headers before we can read them. The basic headers such as "To:", "From:", and "Subject:" will not get us any farther. We have included below the steps in obtaining email headers.

   Outlook Express	New versions of Outlook Express 6 are reported to work correctly using forward-as-attachment. You may first try this method, as it is easier and faster. Alternatively, you may go through the steps below: Select the email which header you wish to extract Click "File" Click "Properties" Click the "Details" tab Highlight, and copy everything from this window.
   Netscape Messenger	Select the email which header you wish to extract. Click "View" Click "Page Source" (ctrl-U in Windows, ?-U on the Mac) Copy the contents of the window. For Netscape 6.0 and above, the "Page Source" is replaced with "Message Source".
   Webmail	For those who check email via http://webmail.pacific.net.sg : Log on to Webmail via the above URL Open the respective email Click "Message Source" Copy the email headers

   How do we read and interpret Email headers?

   Most Internet users know that when an email is sent, it is passed directly from the sender's machine directly to the recipient. What most Internet users do not know is that it hops through multiple MTAs.

   The email is passed from one MTA to the others via SMTP (Simple Mail Transfer Protocol). Typically, a server that handles email traffic has one SMTP server or MTA running on it.

   Let us use an example for a better understanding of how it works:

   Consider two users, sender@pacific.net.sg and recipient@pacific.net.sg. Below is the normal email header visible on an email client once it is received:

   Date: Tue, 15 Aug 2000 12:58:03 +0800
   To: recipient@pacific.net.sg
   From: sender@pacific.net.sg
   Subject: mail header

   The above shows only the small and general details of the email sent by sender@pacific.net.sg to recipient@pacific.net.sg, with the date and the subject included.

   Let us now see the full transaction that has taken place, including the communication from the sender's machine to another computer, and another before it reached the recipient:

   Note: We have added numbers on each hop for easy reference.

   7	Return-Path: sender@pacific.net.sg
   6	Received: from outgoing2.pacific.net.sg ([192.168.0.2]) by outgoing3.pacific.net.sg                     (Post.Office MTA ID# 0-53829L2S100V35)                     with ESMTP id sg for <recipient@pacific.net.sg> ;                     Tue, 15 Aug 2000 12:58:21 +0800
   5	Received: from outgoing1.pacific.net.sg (outgoing1.pacific.net.sg [192.168.0.1])                     by outgoing2.pacific.net.sg with ESMTP                     id MAA26529 for <recipient@pacific.net.sg> ; Tue, 15 Aug 2000                     12:58:22 +0800 (SGT)
   4	Received: from vyasa (dialup.pacific.net.sg [210.24.xx.xxx])                     by outgoing1.pacific.net.sg with SMTP                     id MAA09701 for <recipient@pacific.net.sg> ; Tue, 15 Aug 2000                     12:58:21 +0800 (SGT)
   3	Message-Id: <3.0.5.32.20000815125803.00asdf003@pacific.net.sg>
   2	X-Sender: sender@pacific.net.sg X-Mailer: Microsoft Outlook Express 6.00.2800.1437 Date: Tue, 15 Aug 2000 12:58:03 +0800
   1	To: recipient@pacific.net.sg From: sender@pacific.net.sg Subject: mail header X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

   Here is a line-by-line analysis of this header and exactly what it means:

   1	To: recipient@pacific.net.sg From: sender@pacific.net.sg Subject: mail header X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

   The above indicates the recipient's email address, the sender's email address, the subject and the type of format used, respectively.

   2	X-Sender: sender@pacific.net.sg X-Mailer: Microsoft Outlook Express 6.00.2800.1437 Date: Tue, 15 Aug 2000 12:58:03 +0800

   The email client, in this case Outlook Express, generates these parts of the header. The above data are client dependent. It contains the sender's identification on the mail server, the email client used, and the time as set on the sender's computer where the email was composed. You may wish to know that the date and time on this part of the header reflect your system's setting

   3	Message-Id: <3.0.5.32.20000815125803.00asdf003@pacific.net.sg>

   The receiving machine assigns the ID number to the message. (Used internally by the machine, it's something an administrator would need to know to look up the message in the machine's log files, but it's usually meaningless to anyone else.)

   4	Received: from vyasa (dialup.pacific.net.sg [210.24.xx.xxx])                     by outgoing1.pacific.net.sg with SMTP                     id MAA09701 for <recipient@pacific.net.sg> ; Tue, 15 Aug 2000                     12:58:21 +0800 (SGT)

   This line indicates that outgoing1.pacific.net.sg received the email from vyasa, which is the name of the sending machine. sender's IP address is shown as 210.24.xx.xxx. Mail transfer happened on 15 August 2000, 12:58:21 +0800 (SGT). That is, 15 August 2000 at 12:58:21, Singapore Time (8 hours after GMT). Remember that this is the most important part of the header when trying to determine the real source of the email.

   5	Received: from outgoing1.pacific.net.sg (outgoing1.pacific.net.sg [192.168.0.1])                     by outgoing2.pacific.net.sg with ESMTP                     id MAA26529 for <recipient@pacific.net.sg> ; Tue, 15 Aug 2000                     12:58:22 +0800 (SGT)

   This line indicates that outgoing2.pacific.net.sg received the email from outgoing1.pacific.net.sg with IP address 192.168.0.1 using extended SMTP. The ID MAA26529 is the unique message ID to identify this email on the specific server or MTA.

   6	Received: from outgoing2.pacific.net.sg ([192.168.0.2]) by outgoing3.pacific.net.sg                     (Post.Office MTA ID# 0-53829L2S100V35)                     with ESMTP id sg for <recipient@pacific.net.sg> ;                     Tue, 15 Aug 2000 12:58:21 +0800

   This line indicates that outgoing3.pacific.net.sg received the email from outgoing2.pacific.net.sg with the IP address 192.168.0.2 on 15 August 2000 at 12:58:21 hours. +800 indicates the time zone, which is in GMT (Greenwich Mean Time).

   7	Return-Path: sender@pacific.net.sg

   Just like "From:", the server generates the return path.

   Conclusion

   Each of us would like to know where our emails are coming from especially those unwanted ones. By simply looking at the address in the "From:" line is not always an accurate indication of the sender. You will need to look at the full header of the message to decipher the real sender. This is where the importance of knowing how to read email headers comes in handy.

   It is not necessary that you understand every aspect of the email header, but basic knowledge of the above subject will allow you to understand how emails are passed on from sender to recipient.

5. What is Phishing?

   

   Have you received emails before that look like they come from legitimate organizations like banks or companies or even from individuals requesting you to submit personal data especially financial related information? Beware! These emails are most likely to be a scam.

   Scam, according to the dictionary is a fraudulent or deceptive act or operation. It may come in various forms like insurance, sales of items and so on. In the Internet world, scams are now proliferating. It has been widespread that victims of such are unable to notice the difference between the real and the reel.

   Among the various scams in the Internet, one of the most dangerous and deceptive scams ever to have been created is called PHISHING. It is an act of sending emails to another Internet user falsely claiming to be an established legitimate enterprise in an attempt to scam the victim into surrendering private information that will be used for identity theft. It is alternatively known as BRAND SPOOFING or CARDING and the word originates from a variation of the word ?fishing?. The idea being that the bait is thrown out with the hopes that those who will be tempted will bite the bait. (Webopedia)

   Now that we have defined phishing and have created an image of the true meaning of the word, let us see now how it works .

   Uses SPOOFED emails and fraudulent websites designed to fool recipients into divulging personal financial data HIJACKS trusted brands of well-known banks, online retailers, credit card companies and ISPs Uses a link within the body of the scam email itself that diverts to another ?LEGITIMATE WEB SITE? where recipients are asked to update personal information (e.g. passwords, credit card and bank account numbers, etc.), and threatens to have dire consequences if you don't do so. Mimics HTML CODES in the web site that the recipient is being diverted to show that it indeed is a genuine site.

   An example of such a scam email is shown below:>

   ------------------------------------------------------------------------------------------------------------
   
   From: CompanyName
   To:
   Sent: Tuesday, September 07, 2004 02:34
   Subject: Official lnformation from CompanyName
   
   Dear CompanyName Customer!
   
   For security purposes your account has been randomly chosen for verification. To verify your account information we are asking you to provide us with all the data we are requesting. otherwise we will not be able to verify your identity and access to your account will be denied. Please click on the link below to get to the CompanyName secure page and verify your account details. After verification you will be redirected to the CompanyName home page.
   
   Thank you.
   
   https://www.company name.com/internet-banking/verify.jsp
   
   ------------------------------------------------------------------------------------------------------------

   Another example of a phishing scam email WITH virus:

   ------------------------------------------------------------------------------------------------------------
   
   Return-Path: <@pacific.net.sg>
   Received: from aristo.pacific.net.sg ([203.120.90.216])
   by maxis9.pacific.net.sg with SMTP
   id
   <20040831024405.YUE1169.maxis9.pacific.net.sg@aristo.pacific.net.sg>
   for <@pacific.net.sg>; Tue, 31 Aug 2004 10:44:05 +0800
   Received: (qmail 7509 invoked from network); 31 Aug 2004 02:44:05 -0000
   Received: from unknown (HELO pacific.net.sg) (202.155.146.40)
   by aristo with SMTP; 31 Aug 2004 02:43:58 -0000
   From: "Automatic Email Delivery Software" <@pacific.net.sg>
   To: recipient@pacific.net.sg
   Subject: Delivery reports about your e-mail
   Date: Tue, 31 Aug 2004 09:34:31 +0700
   MIME-Version: 1.0
   Content-Type: multipart/mixed;
   boundary="----=_NextPart_000_0011_7D4485AC.51114404"
   X-Priority: 3
   X-MSMail-Priority: Normal
   X-Mailer: Microsoft Outlook Express 6.00.2600.0000
   X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
   Message-Id:
   <20040831024405.YUE1169.maxis9.pacific.net.sg@aristo.pacific.net.sg>
   
   This is a multi-part message in MIME format.
   
   Dear user of pacific.net.sg,
   
   Your email account was used to send a large amount of unsolicited email messages during this week.
   
   We suspect that your computer was compromised and now runs a trojan proxy server.
   
   We recommend that you follow the instruction in order to keep your computer safe.
   
   Sincerely yours,
   The pacific.net.sg support team.
   
   ------------------------------------------------------------------------------------------------------------

   The example below is the most recent scam email distributed by these scammers in the name of Pacnet Internet.

   ------------------------------------------------------------------------------------------------------------

   From: Verification
   To: userid@pacific.net.sg
   Subject: pacific.net.sg ID: userid@pacific.net.sg

   Dear pacific.net.sg Member,
   
   We must check that your pacific.net.sg ID was registered by real people. So, to help pacific.net.sg prevent automated registrations, please click on this link and complete code verification process:
   
   http://pacific.net.sg/TAZWi8k3RmM0jwnpiXI38OfE3aJhiDcswBu8wkOKCRc7htZPGPsMiia2s3gf4
   
   Thank you.
   
   ------------------------------------------------------------------------------------------------------------
   

   How to avoid Phishing scams?

   We have to realize that the number of phishing scams sent out to Internet users continue to increase dramatically. It has become sophisticated as it goes along and it makes it harder to differentiate between the real. Below are some recommendations on how to avoid becoming a victim of these scams: BE SUSPICIOUS of any email with urgent requests for personal information Do NOT use links in an email to get to any web page if you suspect that the message is not authentic AVOID filling out forms in email messages that asks for personal financial information Always ensure you are using a secure website when submitting credit card numbers or account information. If you are unsure, DO NOT provide personal financial information via the web Pay ATTENTION to the URL of a web site. Phishers use web sites that may look identical to the legitimate site but the URL may use a variation of spelling or a different domain name ENSURE that your browser is up to date and security patches are applied INSTALL and MAINTAIN anti-virus software, firewalls and email filters to reduce receiving such messages as some emails of this type may have a virus/Trojan attached into it If in doubt, CHECK or NOTIFY with your Bank, online retailer and/or credit card companies about the validity and authenticity of the email message received

   There are other ways that you can prevent being duped by these types of emails and scams plaguing the Internet.

   Always remember that legitimate businesses and financial institutions will HARDLY ever ask for personal information via email. Outsmarting these scammers will ensure you of having a better experience when using the Internet.

   Pacnet Internet offers Pacnet MailGuard Anti-Spam service to let us help you minimize the influx of these kinds of emails. This is an email filtering service that identifies SPAM emails. It can prevent these types of scams from being sent into your mailbox.

   For more information about the service, please access the URL below:

   http://www.pacific.net.sg/enterprise/mailguard/antispam.htm

6. What is Internet Security?

   We use computers and Internet for almost everything. Studies, banking, shopping and communicating with others through email or chat programs are only few of the common activities wherein Internet and computers are used. Surely, you would not want strangers reading your email, examining confidential information stored on your computer, using your computer to attack other computers, and sending forged email from your computer.

   Anyone who uses the Internet for any purpose, even just to simply play games or send email to a friend is vulnerable to computer attacks. As a low profile computer user, you may be wondering why would someone wish to intrude into your system. Hackers do not choose whom to attack. Once they have gain control of your computer, these hackers can use it to hide their identity and launch attacks on other computer systems.

   What are the most common methods used to breach Internet Security?

   1. Trojan Horse
   2. Email Spoofing
   3. Email-borne viruses
   4. Denial of Service attack
   5. Exploitation of Software flaws

   There are further methods how one?s system can be compromised and/or attacked by unscrupulous hackers and breach Internet security. As soon as you connect it to the Internet, your system potentially becomes a target for intruders. Take note that there are risks when you log on to the Internet. Any information you send across the Internet, there may be people who can listen and capture the information sent. In turn, these people can use it for their own benefit.

   How do you keep your system safe?

   Keeping your system safe from intruders is a task that needs to be on one?s priority to ensure satisfying experience when using the Internet.

   Tips on how you can make your system safe from external intruders:

   1. Use Anti-Virus Programs
   2. Ensure System is Patched with the Latest Version
   3. Extreme Care in Reading Email with Attachments
   4. Use A Firewall Program
   5. Use Strong Passwords
   6. Be Aware of what programs you are Downloading and Installing

   Internet Security is a great challenge that each responsible Internet user must face. Don?t let laxity and security fatigue set in. Remember, like crime, you are the first line of defense!

   Common Breaching Methods

   1. Trojan Horse is a program containing malicious or harmful codes that often performs the following:

      • Opening a backdoor
      • Collecting passwords
      • Accessing accounts including email
      • Modifying documents
      • Gaining control of the computer remotely

   2. Email spoofing is a method of forging the return path of an email to make an email look like it originated from someone else when it actually sent from another source. Virus or worm sometimes initiates email spoofing but spammers may intentionally do it as well. Below are some of the effects:

      • Sending out unsolicited materials such as advertisements or simply as a way of spreading viruses or worms across the Internet.
      • Untraceable origins in some cases making it difficult to apprehend the culprit

   3. Email-borne viruses are malicious codes sent as attachment that may originate from any infected system. It is sent to unsuspecting recipients containing return addresses, a provocative envelope or something that entices the receiver to open it. These viruses can be transferred from opening attachments as well as opening unneeded ports and protocols. Some of the dangers of email-born viruses are the following:

      • Information disclosure
      • Add/Modify/Delete files
      • Affect system stability
      • Install a backdoor
      • Attack other systems
      • Send unsolicited bulk email (spam) to other users without the computer user?s knowledge

   4. Denial of Service attack is a form of attack that usually uses a huge amount of resources pointed to a particular service, may it be an email server, World Wide Web, or to one particular system. Again, an unsecured system can be either a victim or a part of the attack by letting intruders to hack into their system. The attacked system may cause the following:

      • Produce abnormal amount of traffic to a particular server
      • Excessive slowdown of the attacked system
      • Allow systems to be controlled remotely by installing new applications or programs

   5. Exploitation of Software flaws are being exploited and become the trigger point to make one?s system the source of attacks to another system. Peer to peer applications are the most common sources of these. Furthermore, accessing websites that contain scripts to install applications are other sources of these types. An infected system becomes a server, sending out emails or triggering attacks via open ports and protocols to another Internet user. Examples are spy wares and ad-wares that are bundled together with some programs offered by most peer-to-peer applications

      • Produce abnormal amount of traffic to a particular server
      • Excessive slowdown of the attacked system
      • Allow systems to be controlled remotely by installing new applications or programs

   Keeping Your System Safe

   1. Use Anti-Virus Programs:
      

      Anti-Virus programs perform tasks that will help in ensuring that all files sourced externally are scanned and verified accordingly. Viruses can reach your computer in many ways from floppy disks, CD-ROMS, emails, websites and downloaded files. The point is, make sure that these are scanned properly.

   2. Ensure System is Patched with the Latest Version
      

      If you are running on Microsoft Windows system, or any other operating system for that matter, it is highly advisable to regularly install patches to make sure that loopholes are sealed, vulnerabilities are closed and bugs are fixed. Patching can be done automatically depending on your operating system. For Microsoft Windows, you may use http://v4.windowsupdate.microsoft.com/en/default.asp or activate the automatic download and installation of any updates as offered by them.

   3. Extreme Care in Reading Email with Attachments
      

      Email-borne viruses are spread normally when an attachment containing the virus is opened. It is sent to unsuspecting recipients containing forged return addresses, a provocative envelope or something that encourages the receiver to open it. The virus propagates once executed and unknowingly, your system becomes the source of similar emails. It operates as soon as the Internet connection is established. As a result, system slowdown and Internet lag may be experienced. The sending out of emails operates in the background and this does not require opening your email client or clicking the ?SEND? button.

   4. Use A Firewall Program
      

      A firewall program acts as a guard that looks closely to network traffic in and out of your system and vice-versa. It determines if the traffic should continue or not. Its very purpose is to prevent unwanted connections from external sources and permit appropriate traffic to enter and leave the system. Using a firewall program will ensure that connections to your system are controlled as authorized by you.

   5. Use Strong Passwords
      

      You should use passwords not only on your home computer but also for services you use elsewhere on the Internet. Each password should be unique and unrelated to all other passwords. A strong password is a password uses combinations of uppercase and lowercase letters, numbers, and punctuation, and that is usually not a word found in a dictionary.

   6. Be Aware of what programs you are Downloading and Installing
      

      Nowadays, downloading and installing programs may not be safe as these may have flaws that install spy wares or ad-wares to your system. Ensure that the applications that are downloaded originate from a valid site. In the process of installing, ensure that what is being installed only contains the application needed. In this way, it prevents pop-ups, Internet Explorer homepage hijacking and advertisements. Most importantly, it prevents acquisition of important information stored in your computer.

7. What is the difference between Web-based Emails & POP3?

   Email, or electronic mail is the transmission of messages over networks. It is the most important tool that is used ever since the Internet is introduced. The speed of transmission is incomparable to a snail mail. Email does not have the restrictions of time and place as long as an Internet access is available.

   As simple as it is, the email process is in fact complicated. It connects from one network to another in order to deliver messages, documents, and files and stores them in electronic mailboxes until the recipient fetches them.

   In this topic, we will try to elaborate on the major differences between a Web Mail and a POP3 account. We hope that we can provide you insights and better understanding between these two types of electronic mailboxes.

   First, let us differentiate web-based emails and POP3.

   Web-based email (or Web mail) is an electronic mailbox that is stored in the World Wide Web and is retrieved using any Web browser such as Internet Explorer or Netscape. Hotmail, Yahoo and Netscape are few of the many who offer, as part of their services, Web based emails that can be categorized under this definition.

   POP3 or Post Office Protocol version 3 is a computer language used to retrieve emails from a remote server to a particular computer over an Internet connection. Normally, when you sign up to any Internet Service Provider (ISP), may it be a dial up, broadband or cable account, you are provided with at least one mailbox for email. To access your POP3 email account, you will need an email client such as Outlook Express, Microsoft Outlook, Eudora or Netscape. These mail clients are used to send and receive emails with a proper setup as indicated by your ISP.

   Now that we have defined web-based emails and POP3, let us take a look at some of the advantages and disadvantages.

   Advantages
   Web-based Email	POP 3
   It lets you have access literally anywhere as long as an Internet connection is present, may it be on a café, library, at work, in a hotel or at home.	Managing of email is much more flexible. Most email clients are equipped with features such as filters or message rules, text formatting, etc.
   It is simple and easy to use, as it doesn't require software configuration.	The size of your computer hard disk becomes the limit of your mailbox storage after downloading your emails
   It focuses largely in providing email service, making it their priority to include features such as anti-spam and anti-virus filtering.	Navigation of your email is faster and more efficient because your emails are now stored in your computer.
   It is advantageous to frequent travelers as it allows checking of mail from more than one location.	Users are able to read mail and compose email while offline.

   Disadvantages
   Web-based Email	POP 3
   It limits the file attachment?s size being sent. For business users who use more of their emails, this may be a disadvantage.	It does not allow you to access previously ?popped? messages. Though mail clients have an option to ?leave copy of messages on the server?, it may tend to overflow and disallow further receiving of messages if not properly attended.
   The response in sending and receiving email is affected by the Internet traffic on the provider?s end. Sending or receiving a message may be tedious to do in the end.	Most viruses are transmitted using this type of email. It is also hard to filter SPAM emails unless third-party software is installed in the email server or to the end user?s machine.
   Web-based clients set a time limit. If you take longer than what is set to compose your message, you may lose your connection to the server. As a result, you may have to retype the message again.	You need an email client configured for your account. Emails are not accessible anywhere else once you have downloaded them into your machine. This can hinder users that travel or use several different computers for email access.
   Every click results in the opening of a web page. Thus, causing slowness and lessens efficiency.
   In order to read and compose emails, an Internet connection must be constantly established.

   CONCLUSION:

   Whichever type of electronic mailbox you use, web-based or POP3, will have its own pros and cons. Ultimately, you, as end user of these services will know best which one suits your need. Depending on how much you utilize emails, weigh the benefits and maximize its use.

8. Securing your Internet Passwords

   An increasing number of us are now conducting more online activities over the Internet such as purchasing things, managing bank accounts, paying bills, sending messages, and a lot more. Each service may require us to set up an account that requires a username and a password, which are used to access the service. A typical Internet user may have five or more of these usernames and passwords to keep track of. The Internet may have made life more convenient, but keeping track of these security codes has also added to our regular chores.

   In this article, let us try to understand why is there a need for passwords, specifically those provided by Pacnet Internet. We will also include tips on how we can keep our passwords secure.

   Let us first define what is a password. It is a series of characters that you keep secret, and allows you to access a site, file, program, or computer. etc. The primary function of the password is to prevent unauthorized access.

   Pacnet provides two (2) passwords to its subscribers

   • Dial-up and Homepage password (only applies to subscription plans that come with homepage space)
   • Email password

   What are the uses of these passwords?

   The dial-up password is used to establish Internet connection. The same password allows us to access our personal homepage account too.

   The email password, which may differ from the dialup and homepage password, enables us to access and manage our mailbox.

   The passwords give us the assurance that no one is connecting to the Internet using our account or downloading our emails without our permissions.

   How to ensure password integrity?

   1. Change the default password provided as soon as possible.
   2. Use passwords that are difficult to guess.
   3. Change passwords from time to time.
   4. Do not keep a written list of passwords.
   5. Do not share passwords with others.
   6. Avoid setting Internet browsers to save passwords or perform auto-complete.
   7. Clear your browser's cache and cookies periodically.

   Characteristics of Weak and Strong Password

   A password that is difficult to guess, obtain or determine is what we may call strong password. Otherwise, it is considered as a weak password.

   Some of the possible characteristics of each type of password:

   Weak Password	Strong Password
   -   less than 8 characters	-  Uses 8 characters and more
   -  dictionary words (be it English or Foreign)	-  Combination of alphabets and numbers
   -  number pattern (e.g. passw0rd -> passw1rd -> passw2rd -> passw3rd)	-  uses special characters like !@#$%^&*(.,
   -  contains any form of our name or user ID	-  Combination of alphabets and numbers
   -  uses personal information, such as names of family members, birthdates, IC number, or other similar information	-  mixture of upper and lower case letters (e.g. a-z, A-Z).
   -  uses common words or acronyms spelled backwards	-  Note: Some websites may not accept special characters for password.

   What happens if we have forgotten our Pacnet password?

   For consumers, the account holder is required to contact our Technical Support Hotline at 63366622 (option 2) personally to request for a reset of password. Pacnet requires that the account holder to be the only authorized person to request a password reset. This is one way to protect the secrecy of our password and/or our user identification. The transaction will be validated based on certain criteria to ensure the authenticity of the request, and the identity of the requestor.

   For corporate users, only fax-in requests are processed. The request must bear the company's letterhead and/or logo duly signed by authorized personnel.

   It is highly recommended that after the password reset, we should change our passwords immediately. To manage our passwords, visit http://www.pacific.net.sg/personalEManager/ and access the Password Administration function.

   Note that as users, we play a vital role in keeping our account from wrongful or fraudulent use through vigilantly maintaining password confidentiality. Parts of Section 5 on Pacnet's General Terms and Conditions highlight security matters pertaining to passwords and user identifications. You may visit the following links for details:

   http://www.pacific.net.sg/terms/t&c_general.htm