You may remember last December when Facebook began prompting users to make their shared content and status messages publicly visible [2]. With the announcement, Facebook founder, Mark Zuckerberg, encouraged Facebook users to follow suit by changing his own "old" privacy settings and posting this statement:
For those wondering I set most of my content on my personal Facebook page to be open so people could see it. I set some of my content to be more private, but I didn't see a need to limit visibility of pics with my friends, family or my teddy bear :)
A few months later Facebook pushed the privacy boundaries again with its latest program, “Instant Personalization”. This service allows other web sites to customize user experience by giving them access to user’s Facebook data. And no, it's not an opt-in program like the other one.
This new direction in privacy policy represents quite a shift from Zuckerberg's previous stance when he termed privacy control as "the vector around which Facebook operates [3]."
Not only did Facebook change its approach to privacy, it also changed its approach to implementing these new directions.
With the Instant Personalization program, Facebook embraced the "we know best" mentality further and omitted the prompts altogether. Users found themselves already opted-in without the need to trouble themselves with giving consent. Sure, you can still opt out, but Facebook warns you that you'll be forfeiting a "richer experience as you browse the web".
No, I'm not making this up.
So why the change in direction? What elixir did Zuckerberg drink to make him adopt Google CEO, Eric Schmidt's mantra, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place"?
Zuckerberg's Facebook page [4] offers this simple explanation:
"i'm trying to make the world a more open place."
In a video interview [5] with TechCrunch founder Michael Arrington, Zuckerberg elaborated on this idea further by promoting Facebook's willingness to stay flexible and embrace ever-changing "social norms".
It starts to get interesting at about 2:50 as Mark elaborates on Facebook's view of your privacy:
In case you don't want to watch the video, here are the relevant quotes:
We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are.
A lot of companies would be trapped by the conventions and their legacies of what they've built, doing a privacy change - doing a privacy change for 350 million users is not the kind of thing that a lot of companies would do. But we viewed that as a really important thing, to always keep a beginner's mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.
However, if I'm making my guess, I'd say the interests listed on his Facebook profile [4] tell the REAL story:
"Openness" - openness to increasing Facebook's marketshare & revenue
Let's cut to the chase...
Facebook sees an opportunity to control the web the way no other company - not even Google - can. It has 400 million users (and growing) and it will leverage those users (and their data) to control what people see and how they interact on the internet. That's an amazing opportunity which could make Zuckerberg one of the most powerful (and richest) people in the world.
Now do you see why some privacy concerns aren't going to deter Facebook or the venture capital people that back them?
Now don't get me wrong... I love Facebook and will continue to frequent the site. In fact, I may have even chosen to opt-in for a service like "instant personalization". But that aside, Zuckerberg isn't kidding anyone here. As far as this writer is concerned, this is all about increasing revenue and Internet dominance.
Last week, PC Magazine published a nice little slideshow tutorial [6] offering 8 steps on how to better protect yourself from the privacy pitfalls of Facebook. Unless you're planning on abandoning Facebook altogether, I highly recommend checking it out...just recognize upfront that your tutorial won't be personalized!
If you hadn't heard, identity theft company LifeLock agreed to pay $12 million dollars [9] to settle charges from the Federal Trade Commission and 35 states. The FTC felt that LifeLock ads were deceptive and overstated the protection provided by the service.
Personally, I think the charges are valid and I had to chuckle a bit when I read this email from CEO Todd Davis sent out to his partners. Mr. Davis certainly has his public relations firm working overtime to write something like this.
Take a read for yourself. I've got a few more comments below.
|
Important Message
|
|
|
Dear Valued Partner: As you know, because of LifeLock's efforts since 2005, more Americans now know of the risks of identity theft, and more importantly, have taken steps to help protect themselves. I am proud LifeLock has had tremendous success in helping to protect consumers' identities. LifeLock first gained national attention through an innovative advertising campaign in which I published my real Social Security number. Our advertising campaign was created at a time when there were absolutely no guidelines in place that governed the identity theft protection industry. I published my Social Security number because of my confidence in LifeLock's ability to proactively protect me and the knowledge that if my identity was misused, LifeLock would help fix the problem for me - as it would for any member. Unfortunately, some regulators felt these early advertisements gave consumers a false sense of absolute confidence that they could never become victims of identity theft. As a result, LifeLock has agreed to a set of advertising standards that establishes, for the very first time, federal and state regulatory guidelines for the entire identity theft protection industry. It is important to note that this agreement resulted from a review of practices from years past and has absolutely no impact on our current advertising, the LifeLock protection members currently receive through your valued partnership, or LifeLock's role as the leader in identity theft protection. In announcing the agreement, FTC Chairman Jon Leibowitz wished LifeLock well and expressly stated his conclusion that LifeLock now has a legitimate business model going forward with honest advertising. In fact, LifeLock has been in full compliance with the FTC agreement announced by Chairman Leibowitz for nearly a year. LifeLock remains as financially strong as ever and is committed to our single-minded mission to help members protect their identities. As part of the FTC agreement, consumers who are not fully satisfied with the LifeLock® service due to its past advertising can request a refund through the FTC. Significantly, we believe the FTC action explicitly recognizes that LifeLock is the leader in identity theft protection and provides real value to consumers. LifeLock helps reduce the risks of identity theft and will continue to educate consumers on the risks of identity theft. Further, you can rest assured that LifeLock has taken the strongest measures to protect members' data, measures which are certified both as ISO 27001 and PCI-DCS Level 1 compliant - the highest standards for information data security. We thank you for your partnership and your continued trust in LifeLock. As always, our number one priority is keeping members safe. If you have any further questions about your partnership, please contact your LifeLock Account Manager.
Sincerely,
Todd Davis CEO |
The current LifeLock service certainly appears to be better than their previous service - which was based mostly on placing fraud alerts (which you could do yourself for free [10]), putting you on the credit opt-out list (which you could do yourself for free [11]), and providing a million dollar guarantee. We applaud LifeLock for updating their service, though it appears getting sued (and losing [12]) by Experian to stop placing fraud alerts probably factored into their planning.
This sentence from the email absolutely drives me crazy:
LifeLock first gained national attention through an innovative advertising campaign in which I published my real Social Security number.
Their advertising was not innovative. It was stupid, irresponsible, and sent the wrong message to consumers about protecting their personal data. Calling it "innovative" doesn't sound like Mr. Davis is too sorry about this completely wrong-headed advertising campaign.
When you don't want to take responsibility for your actions, most people like blaming someone else. Mr. David tries to blame the government for his company's shortcomings:
Our advertising campaign was created at a time when there were absolutely no guidelines in place that governed the identity theft protection industry.
Common sense says plastering your CEO's SSN all over magazines, newspapers, internet, television and radio is probably a bad idea if you're serious about educating people on the dangers of identity theft. You don't need "guidelines" from the FTC or anyone else to point that out. They wanted to create an attention-getting and "innovative" advertising campaign, and they did it. Please don't blame the government when you're told it was a bad idea.
In the end, I understand why LifeLock would send out something like this. They need to reassure partners that everything is fine and that none of this was their fault. It just upsets me when I read double-talk like this:
Unfortunately, some regulators felt these early advertisements gave consumers a false sense of absolute confidence that they could never become victims of identity theft.
Hmmm... where did those consumers get that false sense of absolute confidence? Maybe it was our "innovative" advertising? Nah, couldn't be. It was those bad regulators who just don't see the truth.
I don't see an apology here. I'd feel better about LifeLock if they would apologize. What I see is more breast-beating and blaming. It's too bad. LifeLock is the biggest identity theft service and they got there because of the millions of venture capital dollars they've spent on advertising and their "innovative" marketing. They could apologize without jeopardizing their #1 status, but I don't think it will happen in my lifetime.
With the new year come the new worries about taxes - what kind of taxes will you need to file before April 15th, how much money will you have to pay, what bracket did you place in, etc. Unfortunately, you also need to worry about protecting your identity. As Privacyrights.org notes [15], your IRS information returns might constitute an identity thief's "dream."
None of us want to become a "dream" target for any kind of thief, let alone an identity thief. So while you're figuring out the right returns [16] to send to the IRS, this is also a great time to take steps to ensure the protection of your identity.
You should also look at a mail service like EarthClassMail.com [18] - especially if you're away on travel or vacation.
If you're a Facebook [21] addict - and chances that if you have a parietal lobe and a mouse, you are - then you'll be interested to see this eye-opening article about how easy it is to hack through the privacy settings in your profile.
According to ZDNet.com [22], an Israeli security research firm recently demonstrated just how easy it is to hack Facebook and bypass the privacy settings that so many of us hold dear.
Claims the man [23]:
I could write malicious application that steals users personal info or even simple application that build for me a bot net users for malicious purposes like hacking systems for SQL Injections and DDOS attacks. Using ClickJacking i also could fool users to click whatever I want: adding me as their friend, delete their account, and even open their camera and microphone using flash (Older versions then 10.x), or install Facebook applications that posting their web camera and microphone every time they connected to Facebook - Just use your imagination on what you want others to click on...Transfer to you poker chips???
In other words, be afraid. Be very afraid.
In all seriousness, this does give cause for concern. Many users simply believe that using the proper security settings on their Facebook profile is enough to keep unwanted users out, but a skilled hacker should have no trouble doing damage.
It's important to note that if you want to protect your privacy, it's still a good idea to keep your privacy settings strict so that unwanted users can't view your information or photographs. But the ease with which Facebook can be hacked, at least in the example above, does give rise to this question: is this proof that the most secure Facebook profile is no Facebook profile at all?
The researcher has released a video showing the clickjacking hack, though it doesn't have any audio - bummer.
There's no reason to cut and run simply because you're afraid of hackers. But if you closely guard your security online and keep a Facebook profile active, then this question is one you'll really want to ponder.
Remember also that just because a hacker could get to your profile doesn't mean that any necessarily will or would want to. Just be sure that you respect your own privacy and respect the power of hackers to go after your identity through something as simple as social media.
In a few days, it will be a month since Christmas has come and past, and that usually means a month since you've opened up those new computers and laptops. While you're enjoying the free trial offers of expensive anti-spyware and virus protection programs, you're probably also aware (or even repeatedly reminded) that they're about to expire. If you don't want to pull out the credit card but don't want to lose the spam and virus protection, it's time to look at a third alternative - free programs.
Yeah, yeah, I know. You get what you pay for, right? Some people may even be so dead-set against free anti-spyware that they simply pay for the more expensive suites just to feel comfortable. Don't be that person. Let's check out a few free programs that actually deliver the goods:
Microsoft often gets a bad rap these days, especially when it comes to software bugs. But what people don't take into account is that most viruses are written for Microsoft or Windows software; of course they're going to get slammed. MS isn't oblivious to this, hence the free Security Essentials [26] program that you can download right now. We love this as a security program because it's simple, gets the job done, and won't expire on you because it's absolutely free. Just one quick tip: make sure that you uninstall the previous spyware program you've been running if you decide to stick with Security Essentials. Keeping your computer free and clear of unwanted programs will help it run smoothly.
avast! [27] is another great alternative - they provide both hardcore, more costly Internet security systems but also offer Antivirus 5.0, a free program. You'll get the usual suspects - anti-spam firewalls, message scanning, and compatibility with your latest Windows system - as well as a few avast!-unique frills like avast! Community IQ. Which is the better choice? It depends on your needs. Give one of them a try or, if you're feeling ambitious, give them both a try and look for the best results. Ideally, a solid security program will run in the background, talk to you as little as possible, and keep your computer clean and fresh. If that's what one of these programs does for you, then it's doing its job. Leave it alone! You don't necessarily need the more expensive security programs unless you're really looking for some serious protection.
Still not sure which program to use? Lifehacker.com has a review and additional resources for both programs:
Let us know in the comments if you have a favorite free option. There are some good ones available and these aren't the only two out there.
Operating System: Windows XP (Service Pack 2 or Service Pack 3); Windows Vista (Gold, Service Pack 1, or Service Pack 2); Windows 7
As if there weren't enough worries about identity theft in this era high-tech, password/encrypted technology, we have to remind ourselves that identity theft still happens because of the hard technology and documents you expose to the world.
Consider the case of William Pollock [33], a young man from Texas who was looking to find a solid moving company to help move his family to Pennsylvania.
Pollock shopped around for a few different movers, as most of us would do, and when he wasn't happy with their price quotes, he turned to Craigslist. There he found Moo-Ving.com, a company with a professional enough web site and, what's more attractive, a far lower price quote.
Caveat emptor. As it turned out, the company took Pollock's $5,000 in upfront cash and started making demands, telling him that they wouldn't move his belongings unless he paid their fees. Eventually the company stored his belongings in a secret location, essentially holding his private property hostage.
This kind of theft isn't as cut and dry as "routine" identity theft. You know not to give out your credit card number unless the person taking it has a good reputation and the interaction is secure. But what about private dealings with companies that appear to have good web sites?
Let's consider some of the red flags Pollock could have considered:
All of these elements, put together with a company like Moo-Ving.com, spelled disaster.
How can you avoid this type of mistake? Simple: work with reputatable businesses when you entrust your belongings to someone else, and make sure that you pay after a job is well done, not before.
If you've become a victim of a company like this, you can turn to MoveRescue [34] - an organization funded by some of the larger moving companies that provides legal help and assistance to consumers stuck in this situation.
A Fight Identity Theft visitor forwarded this email to us today and it was so creative I just had to post it here.
The email supposedly comes from Robert Mueller - the current head of the U.S. Federal Bureau of Investigations. Not only was it sent by the FBI, the scammers try to get you to believe it's been vetted by the Anti-Terrorist and International Fraud Division. Unbelievable.
What they're really after is the fee they want you to pay in order to collect your $850,000 - that's why they call this an "advanced-fee fraud." The fee is sent by money order which makes it very difficult to trace and impossible to recover. Here's the money paragraph:
This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $239.99 ONLY to your claims agent via the information in which she shall send to you upon your request, if you do not receive your winning prize of $850,000.00 US Dollars we shall be held responsible for the loss and this shall invite a penalty of $3,000 which will be made PAYABLE ONLY by you (The Winner).
The $239.99 will likely only be the start of the fraud. They'll continue to ask for more money in order to deliver the $850,000. No matter how much you pay, the money will never end up in your bank account.
From: robertmul@fbi.gov.us
Subject: E-mail From The FBI..
Date: Wed, 2 Dec 2009 13:53:50 -0500
Anti-Terrorist and International Fraud Division
Federal Bureau Of Investigation.
Seattle, Washington 98101-2904
Telephone/Fax Number: +1(206) 426-2866
Attn: Beneficiary
This is to Officially inform you that it has come to our notice and we have thoroughly completed an Investigation with the help of our Intelligence Monitoring Network System that you legally won the sum of $850,000.00 US Dollars from a Lottery Company in the United Kingdom. During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be authentic and paid to you via a Certified Cashier's Check.
Normally, it will take up to 10 business days for an International Check to be cashed by your local bank. We have successfully come to an agreement with this company on your behalf that funds are to be drawn from a registered bank within the United States Of America so as to enable you cash the check instantly without any delay, henceforth the stated amount of $850,000.00 US Dollars has been deposited with Bank Of America.
We have completed this investigation and you are hereby approved to receive the winning prize as we have verified the entire transaction to be Legitimate, Safe and 100% risk free of scams and frauds of any nature, due to the fact that the funds have been deposited at Bank Of America you will be required to settle the following bills directly to the lottery claims agent in-charge of this transaction whom is located at the liaison office of the Lottery Company in Seattle-Washington. According to our discoveries, you are required to pay for the following:
(1) Deposit Fee's (Fee's paid by the lottery company for the deposit into an American Bank which is - Bank of America)
(2) Cashier's Check Conversion Fee (Fee for converting the Wire Transfer payment into a Certified Cashier's Check)
(3) Shipping Fee's (This is the charge for shipping the Cashier's Check to your nominated destination)
The total amount for everything is $239.99 (Two Hundred & Thirty Nine United States Dollars & Ninety Nine Cents). We have tried our possible best to indicate that this $239.99 should be deducted from your winning prize but the funds have already been deposited at The Bank of America and cannot be accessed by anyone apart from you the winner. Therefore you will be required to pay the needed funds to your lotto claims Agent in-charge of this transaction via Western Union Money Transfer Or Money Gram. The payment will NOT reflect at the Bank of America with the given transaction code(EA2948-910) until you have covered the processing fees needed.
In order to proceed with this transaction, Click Here to contact your claims agent Mrs. Louise Major. You will be required to call her for verbal verification and e-mail her with the following informations:
FULL NAME:
FULL MAILING ADDRESS(INCLUDING CITY/STATE/ZIPCODE):
AGE/SEX/OCCUPATION:
CONTACT PHONE NUMBERS(CELL & HOME):
You will also be required to request Western Union details on how to send the required $239.99 in order to immediately ship your prize of $850,000.00 US Dollars via Certified Cashier's Check drawn from The Bank of America, Also include the following transaction code in order for her to immediately identify this transaction : EA2948-910.
This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $239.99 ONLY to your claims agent via the information in which she shall send to you upon your request, if you do not receive your winning prize of $850,000.00 US Dollars we shall be held responsible for the loss and this shall invite a penalty of $3,000 which will be made PAYABLE ONLY by you (The Winner).
Signed:
Robert Mueller
Federal Bureau Of Investigation
NOTE: In order to ensure your check gets delivered to you ASAP, you are advised to immediately contact Mrs. Louise Major via contact information provided above and make the required payment of $239.99 to information in which she will provide you.
__________________________________________________________________________________________________________
The information contained in this email message is legally privileged and confidential information intended solely for the use of the intended recipient(s). If you are not the intended recipient(s), any distribution, dissemination, or reproduction of this email message is strictly prohibited.
We know everyone is looking for that best deal online, especially during the Black Friday shopping blitz. Here are some quality online shopping tips from Intersections, Inc. (provider of the Identity Guard [39] identity theft protection service).
We also recommend a post from the always excellent Privacy Rights Clearinghouse - "Holiday Shopping? Ten Timely Tips [40]"
As the biggest holiday shopping days of the year quickly approach, consumers everywhere will be lining up at stores on "Black Friday" for pre-dawn sales that will hopefully net great bargains and savings on holiday gifts. For those that don't want to fight the massive crowds at the malls and local shopping centers, they'll surf the Web on "Cyber Monday" - the Monday right after Thanksgiving - to catch even better sales, conveniently ordering their gifts online to have them shipped all over the world.
Finding the right deal on the perfect gift is going to be a priority this holiday shopping season as consumers everywhere are penny pinching during tougher economic times. The National Retail Federation expects average holiday spending this year will be around $682.74, down 3 percent from $705.01 last year, so getting the best value for your money is key, whether the gift is found on the Internet or at a retail store. With major online price breaks offered on Cyber Monday, online shopping sales are expected to increase 18 percent over last year, according to Information Resources, Inc.
To kick off the 2009 holiday shopping season, Intersections Inc. (Nasdaq: INTX [41]), a leading global provider of consumer and corporate identity risk management services, and provider of IDENTITY GUARD® Total Protection, the award winning identity theft protection service, advises holiday shoppers to take extra caution to avoid damaging their credit or becoming a victim of identity theft. Identity theft peaks this time of year -- wallets are stolen, credit cards are accidentally left behind and scammers everywhere are looking to prey on their next victims -- but there are simple steps consumers can take to avoid making careless decisions that can have a long-term effect on their financial well-being.
"With a soft economy and higher unemployment rates, consumers are under increased pressure to cut holiday spending, and this may lead to an increased willingness to take on greater risks," said Steven Schwartz, Intersections' Executive Vice President of Consumer Solutions. "While retailers will respond with timely offers and special discounts, it's important for customers to protect themselves from scammers and cyber scrooges who may try to prey on their emotions with targeted offline and online schemes."
One way to protect yourself is to be vigilant about where you shop (online or at the mall), what information you provide and to whom, and to protect your computer from spyware, malicious code and Trojans. Intersections' IDENTITY GUARD® Total Protection [39] is the most comprehensive offering on the market today covering personal information, credit reports, public records, computer, Internet and mobile transactions. The service also provides sophisticated software that protects consumers against keylogging attacks, secures their passwords and user IDs as they navigate online, identifies legitimate websites, and protects their computers from advanced malware software. IDENTITY GUARD® Total Protection [39] also provides identity theft recovery services and financial reimbursement insurance in the event identity theft occurs. Find out more at www.identityguard.com [39].
The spirit of giving has hit Google. They are generously providing free Wi-Fi at 47 airports from November 10, 2009 to January 15, 2010. That's great, but there are a few precautions you should take to keep yourself safe.
Using the free service is simple. You simply select the free Wi-Fi and accept the terms of service and there's no need to give any form of payment. However, Google wants you to catch the giving spirit and give a donation to any of the three non-profit organizations [44] they've partnered with. But, donate [44]once you're using a secure Internet connection at home - not on the Wi-Fi network. In addition to providing free Wi-Fi, Google's having a photo contest. You could win a prize just for submitting a photo [45] of you using the free Wi-Fi.
You can take advantage of Google's generosity at one of the following 47 airports:
| Austin (AUS [47]) | Indianapolis (IND [48]) | Panama City, FL (PFN [49]) |
|
Baltimore (BWI [50]) |
Jacksonville, FL (JAX [51]) | Pittsburgh, PA (PIT [52]) |
| Billings (BIL [53]) | Kalamazoo (AZO [54]) | Portland, ME (PWM [55]) |
| Boston (BOS [56]) | Las Vegas (LAS [57]) | Sacramento (SMF [58]) |
| Bozeman (BZN [59]) | Louisville (SDF [60]) | San Antonio (SAT [61]) |
| Buffalo, NY (BUF [62]) | Madison (MSN [63]) | San Diego (SAN [64]) |
| Burbank (BUR [65]) | Memphis (MEM [66]) | San Jose (SJC [67]) |
|
Central Wisconsin (CWA [68]) |
Miami (MIA [69]) | Seattle (SEA [70])* |
| Charlotte, NC (CLT [71]) | Milwaukee (MKE [72]) | South Bend (SBN [73]) |
| Des Moines (DSM [74]) | Monterey (MRY [75]) | Spokane (GEG [76]) |
| El Paso (ELP [77]) | Nashville (BNA [78]) | St. Louis (STL [79]) |
| Fort Lauderdale (FLL [80]) | Newport News (PHF [81]) | State College (SCE [82]) |
| Fort Myers (RSW [83]) | Norfolk (ORF [84]) | Toledo (TOL [85]) |
| Greensboro (GSO [86]) | Oklahoma City (OKC [87]) | Travers City (TVC [88]) |
| Houston Hobby (HOU [89]) | Omaha (OMA [90]) | West Palm Beach (PBI [91]) |
| Houston Bush (IAH [92]) | Orlando (MCO [93]) |
*Seattle launches late November
Airport Wi-Fi - like other public hotspots - is not secure and you should avoid logging into your bank account or other sites with sensitive info. Wireless network security can be compromised and put your passwords and other data out in the air and available to a fellow traveler with the right hacking tools.
We don't mean to scare you out of using the Google's Wi-Fi gift but to educate you about the potential risks
Here are some tips on how to protect yourself when using any Wi-Fi connection:
This video from Forbes provides more details on what you should watch out for:
Check out Google's Free Wi-Fi for the Holidays [94] site and their FAQ page [95] for more details.
Microsoft launched an update Tuesday to patch about fifteen holes in Windows 2000, Windows XP, Windows Server and Office. While most of the patches are related to various Word and Excel, or Windows Server issues, a critical vulnerability was found within the Windows OS kernel - a fairly rare occurrence.
The Windows kernel is the core of the operating system and the flaw is related to how embedded font files are processed. We're not going to get into the technical mumbo-jumbo here, so we'll just tell you that the problem - if exploited - would allow malicious code to be passed directly to the system, bypassing any browser defenses that have been created to stop this sort of attack. The code could be downloaded just by visiting a web page prepared by hackers. With the increase of URL shorteners being used [98] as well as advertising attacks [99], it's easier than ever to be accidently exposed to some nasty code.
Microsoft rated the kernel flaw as critical and gave it an exploitability ranking of 1. This means that Microsoft expects there to be a working exploit within 30 days and is similar to "SEVERE - Severe risk of terrorist attacks" on the Homeland Security advisory system (if anyone is actually paying any attention to that any more).
Researchers agree that the bad guys are going to move quickly:
"An exploit will appear sooner rather than later," said Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. "The target is Internet Explorer, and browsing is the number one attack vector in the world right now. Users can be infected simply by browsing on a [malicious] site.
So this is a big hole that can do some nasty things on unpatched computers.
Take the following steps to protect your computer:
To set your PC to update automatically in Windows XP, simply access the Control Panel in the start menu, click "Automatic Updates," and choose "Automatic." 
For Vista, open Windows Update in the start menu, select "Change Settings," and then select "Install updates automatically." 
More information can be found at Computer World [101] and The Washington Post's Security Fix blog [102].
Links:
[1] http://fightidentitytheft.com/blog/facebook-privacy
[2] http://www.reuters.com/article/idUSTRE5B82F320091209
[3] http://www.readwriteweb.com/archives/mark_zuckerberg_on_data_portab.php
[4] http://www.facebook.com/zuck#!/zuck?v=info
[5] http://www.ustream.tv/recorded/3848950
[6] http://www.pcmag.com/article2/0,2817,2363178,00.asp
[7] http://fightidentitytheft.com/blog/facebook-privacy#comments
[8] http://fightidentitytheft.com/blog/lifelock-ceo
[9] http://www.reuters.com/article/idUSN097877020100309?type=marketsNews
[10] http:///flag.html
[11] http:///junkmail.html
[12] http://www.wired.com/threatlevel/2009/05/lifelock/
[13] http://fightidentitytheft.com/blog/lifelock-ceo#comments
[14] http://fightidentitytheft.com/blog/five-ways-protect-against-identity-theft-tax-information
[15] http://www.privacyrights.org/irs-information-returns-identity-thiefs-dream
[16] http://www.irs.gov/efile/article/0,,id=98114,00.html
[17] http://www.steelmailbox.com/
[18] http://www.earthclassmail.com
[19] http://fightidentitytheft.com/blog/five-ways-protect-against-identity-theft-tax-information#comments
[20] http://fightidentitytheft.com/blog/proof-most-secure-facebook-profile-no-facebook-profile-all
[21] http://www.facebook.com/
[22] http://blogs.zdnet.com/security/?p=5293&tag=col1;post-5293#more-5293
[23] http://narkolayev-shlomi.blogspot.com/2010/01/clickjacking-facebook.html
[24] http://fightidentitytheft.com/blog/proof-most-secure-facebook-profile-no-facebook-profile-all#comments
[25] http://fightidentitytheft.com/blog/your-new-computer-complaining-about-expired-virus-protection-replace-it-free
[26] http://www.microsoft.com/Security_Essentials/
[27] http://www.avast.com/index
[28] http://www.avast.com/free-antivirus-download
[29] http://lifehacker.com/5452079/avast-free-antivirus-50-adds-behavior-monitor-heuristics-engine-and-improved-performance
[30] http://lifehacker.com/5433229/microsoft-security-essentials-ranks-as-best performing-free-antivirus
[31] http://fightidentitytheft.com/blog/your-new-computer-complaining-about-expired-virus-protection-replace-it-free#comments
[32] http://fightidentitytheft.com/blog/why-moving-companies-may-be-threat-your-privacy
[33] http://www.walletpop.com/blog/2010/01/16/desperate-moves-consumers-belongings-held-hostage-by-rogue-mov/?icid=main|htmlws-main-w|dl3|link3|http://www.walletpop.com/blog/2010/01/16%
[34] http://www.moverescue.com/
[35] http://fightidentitytheft.com/blog/why-moving-companies-may-be-threat-your-privacy#comments
[36] http://fightidentitytheft.com/blog/fbi-says-youve-won-lottery
[37] http://fightidentitytheft.com/blog/fbi-says-youve-won-lottery#comments
[38] http://fightidentitytheft.com/blog/avoid-grinch-when-shopping-online
[39] http://partners.nextadnetwork.com/z/406/CD76
[40] http://www.privacyrights.org/holiday-shopping-tips-2009
[41] http://studio-5.financialcontent.com/prnews?Page=Quote&Ticker=INTX
[42] http://fightidentitytheft.com/blog/avoid-grinch-when-shopping-online#comments
[43] http://fightidentitytheft.com/blog/airport-wi-fi-isnt-secure-even-if-google-makes-it-free
[44] http://www.freeholidaywifi.com/give-back/
[45] http://www.freeholidaywifi.com/photo-contest/
[46] http://fightidentitytheft.com/%20%20%20a.href%20%20%20
[47] http://www.google.com/search?q=AUS airport
[48] http://www.google.com/search?q=IND airport
[49] http://www.google.com/search?q=PFN airport
[50] http://www.google.com/search?q=BWI airport
[51] http://www.google.com/search?q=JAX airport
[52] http://www.google.com/search?q=PIT airport
[53] http://www.google.com/search?q=BIL airport
[54] http://www.google.com/search?q=AZO airport
[55] http://www.google.com/search?q=PWM airport
[56] http://www.google.com/search?q=BOS airport
[57] http://www.google.com/search?q=LAS airport
[58] http://www.google.com/search?q=SMF airport
[59] http://www.google.com/search?q=BZN airport
[60] http://www.google.com/search?q=SDF airport
[61] http://www.google.com/search?q=SAT airport
[62] http://www.google.com/search?q=BUF airport
[63] http://www.google.com/search?q=MSN airport
[64] http://www.google.com/search?q=SAN airport
[65] http://www.google.com/search?q=BUR airport
[66] http://www.google.com/search?q=MEM airport
[67] http://www.google.com/search?q=SJC airport
[68] http://www.google.com/search?q=CWA airport
[69] http://www.google.com/search?q=MIA airport
[70] http://www.google.com/search?q=SEA airport
[71] http://www.google.com/search?q=CLT airport
[72] http://www.google.com/search?q=MKE airport
[73] http://www.google.com/search?q=SBN airport
[74] http://www.google.com/search?q=DSM airport
[75] http://www.google.com/search?q=MRY airport
[76] http://www.google.com/search?q=GEG airport
[77] http://www.google.com/search?q=ELP airport
[78] http://www.google.com/search?q=BNA airport
[79] http://www.google.com/search?q=STL airport
[80] http://www.google.com/search?q=FLL airport
[81] http://www.google.com/search?q=PHF airport
[82] http://www.google.com/search?q=SCE airport
[83] http://www.google.com/search?q=RSW airport
[84] http://www.google.com/search?q=ORF airport
[85] http://www.google.com/search?q=TOL airport
[86] http://www.google.com/search?q=GSO airport
[87] http://www.google.com/search?q=OKC airport
[88] http://www.google.com/search?q=TVC airport
[89] http://www.google.com/search?q=HOU airport
[90] http://www.google.com/search?q=OMA airport
[91] http://www.google.com/search?q=PBI airport
[92] http://www.google.com/search?q=IAH airport
[93] http://www.google.com/search?q=MCO airport
[94] http://www.freeholidaywifi.com/
[95] http://www.freeholidaywifi.com/faq/
[96] http://fightidentitytheft.com/blog/airport-wi-fi-isnt-secure-even-if-google-makes-it-free#comments
[97] http://fightidentitytheft.com/blog/microsoft-windows-kernel-patch
[98] http://fightidentitytheft.com/blog/do-you-know-what-lurking-twitter-url
[99] http://fightidentitytheft.com/blog/scareware-everyday-halloween
[100] http://update.microsoft.com
[101] http://www.computerworld.com/s/article/9140688/Hackers_will_exploit_Windows_kernel_bug_researchers_say?taxonomyId=17&pageNumber=1
[102] http://voices.washingtonpost.com/securityfix/2009/11/microsoft_plugs_15_holes_in_wi.html?wprss=securityfix
[103] http://fightidentitytheft.com/blog/microsoft-windows-kernel-patch#comments
[104] http://fightidentitytheft.com/blog?page=1&p=48
[105] http://fightidentitytheft.com/blog?page=2&p=48
[106] http://fightidentitytheft.com/blog?page=3&p=48
[107] http://fightidentitytheft.com/blog?page=4&p=48
[108] http://fightidentitytheft.com/blog?page=5&p=48
[109] http://fightidentitytheft.com/blog?page=6&p=48
[110] http://fightidentitytheft.com/blog?page=7&p=48
[111] http://fightidentitytheft.com/blog?page=8&p=48
[112] http://fightidentitytheft.com/blog?page=9&p=48
