Quite often, I receive e-mails requesting complete lists for keyboard shortcuts.

Unfortunately, I never really have one. Most of the lists I put in the newsletter are ones I compile from a variety of references.

And, to be quite honest, I wasn't too worried about a "whole" list, because most people I've worked with have difficulty learning that much material all at one time.

But, I've stumbled upon a way to get MS Word to make a full list, so for those of you who really want the "complete" list of keyboard shortcuts, this one is for you!

In all versions of Word, you'll need to begin with an open blank document.

For those of you with older versions of Word, you need to go to the Tools menu, Macro submenu, Macro choice (or Alt + F8).

If you're running Word 2007, you need to click the Macro button on the Developer ribbon. (If you don't see the Developer ribbon, go to the Office button, Word Options button and in the Popular section, check the "Show Developer tab in the Ribbon" and click OK).

No matter which version you're running, we're all looking to choose Word commands under the "Macros in:" field in the Macros dialogue box.

From the list that appears in the Macro name: field, you need to select ListCommands.

Next, cialis sale click Run.

When the List Commands window opens, choose either "Current menu or keyboard settings" or "All Word commands." (I've made both of these lists. The "All Word commands" choice produced a much longer list that contained all the commands, even if there wasn't a keyboard shortcut to list. A good portion of the 42 pages had no shortcuts for me to use. As a result, I whole heartedly recommend you choose the first option).

When you've made your choice, click OK.

You will be returned to your document and Word will create a table of your shortcuts.

The first column is the command name.

The second column (titled "Modifiers") is the combination of Alt, Ctrl and Shift that you will need to use with the key listed in the third column.

The last column is the menu where the command can be located in Word.

That's it!

You can save and/or print the document as a reference tool.

One last thought: for those of you who may be overwhelmed by such a long list, never fear. I'm positive you'll still find smaller, more manageable lists included in this newsletter from time to time!

Q:
I just set up a wireless network in my home and while I love it, I'm still a little concerned about others being able to use cialis reviews my signal or even hack into my computer. I was told that hiding my SSID will take care of the problem, but I'm not sold on that idea. I'm not even sure what an SSID is or how to hide it. Can you please help me? Thanks!

A:
First of all, I want to welcome you to the world of wireless! I've been using a wireless connection in my home for a few years now and I absolutely love it. I'm sure you will too! And it's very impressive that you're already concerned about your safety when it comes to using your wireless network. A lot of people don't start worrying about that until it's too late, so it's great that you're already so far ahead of the game. I think your question will help a lot of other readers out there who are using wireless networks as well. I just love that!

As we all know, when you use a wireless router, there's always a chance that other computers will be able to pick up your signal and use it, without you ever knowing a thing about it. Even more than that, there's always the risk of your computer being hacked into as well. So, what can you do to keep yourself safe when using your wireless connection? Well, the person who asked today's question mentioned hiding their SSID and while that helps, it's not always the best solution. Let's take a look at our options!

To begin, wireless routers are set up to send out a beacon called the Service Set IDentifier (SSID), which is what helps your wireless devices (laptop, etc.) connect to the Internet. The main purpose of the SSID is to broadcast wireless signals and invite available devices within range to connect to them. Now, if a device doesn't know a network's SSID, it will not be able to connect. So, if you change your SSID settings, only the people who know the SSID will be able to connect to your wireless network. That can help keep some of the "outsiders" away.

Now, while hiding your SSID keeps casual users at bay, you could still have trouble with hackers. Unfortunately, a hacker who is determined enough to get into your network will find a way. If they have the right kind of software, they will be able to easily gain access to your computer. Plus, changing your SSID can result in a slower performance and it could take you longer to connect to the Internet. Who wants that?! Luckily, there are a few other things you can do to keep your wireless network as secure as possible. Let's check them out!

For starters, you can change your router's login and password to be different from the default settings. If you're still using the login and password that came with your router, anyone could connect to it, change your settings and even lock you out. You should also change your SSID to something a little more unique. Most routers come with a name of "default," which is very easy for hackers to figure out. You should change it to something a little more meaningful to yourself. Lastly, you should turn on your encryption. If you do that, your router will not give access to any wireless devices unless they can provide the password you specify. It will also encrypt any communication between your computer and your router so that no one will be able to see what goes on. Note: If your router supports WPA encryption, you should use that over WEP, which is an older version.

Doing the three things I discussed above are your best bets for secure wireless networking, but if you still want to hide your SSID, you can do so by following the directions in your user manual. Every router is different, so your manual should give you detailed directions on how to get the job done. If that doesn't work, you can always contact your ISP for help as well. Either way, it's very important to keep your wireless network as safe as possible. Hopefully one of the above suggestions is just what you've been looking for. Test them out today!

Letter Case Mania

Ever find that you're constantly trying to change the capitalization of words or sentences? What do you do?

Maybe you highlight the word or phrase and retype it.

Maybe you're the type who only replaces the individual letters that need to be changed. What a headache!

Are you the person who found the Change Case feature on the Format menu? You know, where you get the choices of sentence case, all lowercase letters, all uppercase letters, all title case letters or to toggle all letters between upper and lowercase.

What I have for you today are a few shortcuts for all of this change case stuff. It's something even faster than the Change Case choice on the Format menu.

Let's start with the most versatile choice.

Once you highlight the text to change, use Shift + F3. You'll scroll between sentence case letters, all lowercase letters and all uppercase letters.

That's good! Looks great, but what if you know you want all caps and don't cialis review feel like toggling through your choices?

Is there a quicker way?

Yep, you bet. (Isn't that why I brought it up in the first place)?

If you know you want your text all caps, simply try Ctrl + Shift + A.

And… if that weren't enough, there's another option altogether. You can use small caps. That is all the letters in capital letter formation, but slightly smaller than the usual capital letter.

Ctrl + Shift + K will put you straight to small caps, which is a good "attention getter" without completely shouting at the reader.

That's it! Three keys and you're on your way to the formatting you need.

MS Excel Text Into Columns

Have you ever found yourself wondering what in the world possessed the person who created your MS Excel file to put both first and last name in the same cell?

Now how are you supposed to sort that list alphabetically by last name when first name is listed first?

The answer is that you can't—you have to separate the first and last names—somehow…

But how?

You could spend your time retyping the last name into the next column. It works but it's not a great plan since it could take "forever" if your list is really long.

Or… maybe you have other text / data that really should be separated into different cells for easy sorting and editing.

Would you like a fast way to separate the data? (This works best with data that's pretty consistent and not too complicated.)

Most of us would say "yes". (Even if you don't have an immediate use for this one, it's one of those handy little pieces of information that may just get you out of a jam one day. 🙂

So let's get to that faster way…

The first thing you'll need to do is to highlight the data that needs to be separated.

Now go to the Data menu, Text into Columns choice.

A 3-step wizard will start to guide you through the process.

On step 1 check at the top that the data will be delimited.

Then click Next.

In step 2 you need to check the Space option in the Delimiters section. (Make sure all other choices are unchecked.) Basically what you're doing here is telling Excel what character separates your pieces of data—so that when it find a space it knows to stick the next piece of text in a new column.

Did you notice the preview of your data in the bottom window? See how the names are now divided into different columns?

cialis rebate

Click Next.

Step 3 will allow you to do some formatting and placement of your data—but for now, as beginners, just click the Finish button.

Poof!

Just like magic your first and last names are in two separate columns, ready to sort – no retyping necessary.

(Ok—maybe not magic but, if your list was long, you'll feel like it was when you realize how much time you just saved.)

"Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don't think we are really winning this war."

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

There seems to be some serious evidence then for the idea of an evolution from hacking and virus writing for fun to creating malicious code for profit. Security experts are increasingly pointing to the existence of a "black" or "shadow" cybereconomy, where malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors.

It is difficult to establish exactly how organized this malware economy is but, according to David Marcus, security research manager at McAfee Avert Labs, it's relatively straightforward to buy not only the modules to build malware, but also the support services that go with it.

"From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts," said Marcus. "They present themselves as a cottage industry which sells tools or creation kits. It's hard to tell if it's a conspiracy or a bunch of autonomous individuals who are good at covering their tracks."

As well as kits and support, legions of compromised computers, or botnets, can be hired for nefarious purposes–usually for spam runs, or to perpetrate denial-of-service attacks. One of the most successful botnets of 2007 has been "Storm," so-called due to the hook-line used to trick victims into opening e-mails containing the Trojan horse. In January, the first malware was sent out with the tagline "230 dead as storm batters Europe."

The Storm botnet, estimated now to contain millions of compromised computers, has advanced defenses. The servers that control the botnet use so-called fast-flux Domain Name System (DNS) techniques to constantly change their location and names, making them difficult to locate and shut down. And security researchers who have attempted to find the command and control servers have suffered denial-of-service attacks launched by the controllers of the botnet.

"Storm has been exceptionally successful," said McAfee's Marcus. "It's used for spam runs, and researchers attempting to locate Storm command and control servers have come under attack. The hardest part is finding the key to those channels. They're not always easy to detect and find. Some of the communications are encrypted, while some are difficult to detect from a network point of view. I hate to use the word evolution, but they're certainly learning from their successes and failures. If it weren't for Storm, bots would be in significant recession. Some days we're seeing 1,000 different variants a day."

Weathering the Storm
Joe Telafici, director of operations at McAfee's Avert Labs, said Storm is continuing to evolve. "We've seen periodic activity from Storm indicating that it is still actively being maintained. They have actually ripped out core pieces of functionality to modify the obfuscation mechanisms that weren't working any more. Most people keep changing the wrapper until it gets by (security software)–these guys changed the functionality."

In the past year, the development of illegal malware has reached the point where it is almost as sophisticated as the traditional software-development and sales channel, according to Telafici.

"We've seen platform development, middleware, solutions sellers and hosting–all types of software and companies, with the same level of breakdown," said Telafici.

One indication of the maturity of the black economy, according to Telafici, was the recent case of a hacker who wrote a packer (software used to bypass antivirus protection) and who "threw in the towel recently as it wasn't profitable enough–there's too much competition. They opened the source code and walked away."

Security vendors seem to be powerless to take any action against the groups in control of botnet networks, especially those who use fast-flux techniques to move the location of command and control servers.

"With botnets, we are unlikely to make a dent unless we find the guy who controls the command and control server," said Telafici.

While law-enforcement agencies have a headstart in tracking cybercriminals, due to their experience of dealing with economic crimes such as fraud, many of the crimes are seemingly small, not warranting police attention.

"The majority of cybercriminals are small players for small dollars and short bursts of traffic," said Telafici. "On the flip side, you see the amount of effort and money spent protecting spam relays (as in Storm). If (security researchers) aren't careful they get DDoS-ed"–that is, hit by a distributed denial-of-service attack–"by a chunk of the spam network. That the guys are protecting their turf indicates that in aggregate the amount of money that is changing hands is significant."

Game theory, a branch of applied mathematics that models how adversaries maximize their gains through adapting to each other's strategies, features heavily in security assessments of the black economy. As one player becomes stronger, the other increases its efforts to gain the upper hand.

"I view it as we're locked in a Darwinian power struggle," said Telafici. "As we up the ante, the black economy adjusts to that, and it in turn ups the ante."

Anatomy of the 2007 black economy
Raimund Genes, chief technology officer of anti-malware for security company Trend Micro, said that malicious software via the affiliate model–in which someone pays others to infect users with spyware and Trojans–has become more prevalent in 2007.

The affiliate model was pioneered by the iframedollars.biz site in 2005, which paid Webmasters 6 cents per infected site. Since then, this has been extended to a "vast number of adware affiliates," said Genes. For example, one adware supplier pays 30 cents for each install in the U.S., 20 cents in Canada, 10 cents in the U.K., and 1 or 2 cents elsewhere.

Hackers also piggyback malicious software on legitimate software. According to Trend Micro, versions of coolwebsearch co-install a mail zombie and a keystroke logger, while some peer-to-peer and file-sharing applications come with bundled adware and spyware.

While standard commercial software vendors sell software as a service, malicious-software vendors sell malware as a service, which is advertised and distributed like standard software. Communicating via Internet relay chat (IRC) and forums, hackers advertise Iframe exploits, pop-unders, click fraud, posting and spam. "If you don't have it, you can rent it here," boasts cialis reactions one post, which also offers online video tutorials. Prices for services vary by as much as 100 percent to 200 percent across sites, while prices for non-Russian sites are often higher: "If you want the discount rate, buy via Russian sites," said Genes.

In March the price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20.

In the 2007 black economy, everything can be outsourced, according to Trend Micro. A scammer can buy hosts for a phishing site, buy spam services to lure victims, buy drops to send the money to, and pay a cashier to cash out the accounts. "You wonder why anyone still bothers burgling houses when this is so much easier," said Genes.

Antidetection vendors sell services to malicious-software and botnet vendors, who sell stolen credit card data to middlemen. Those middlemen then sell that information to fraudsters who deal in stolen credit card data and pay a premium for verifiably active accounts. "The money seems to be in the middlemen," said Genes.

One example of this is the Gozi Trojan. According to reports, the malware was available this summer as a service from iFrameBiz and stat482.com, who bought the Trojan from the HangUp team, a group of Russian hackers. The Trojan server was managed by 76service.com, and hosted by the Russian Business Network, which security vendors allege offered "bullet-proof" hosting for phishing sites and other illicit operations.

According to Trend Micro, there are many independent malicious-software developers selling their wares online. Private releases can be tailored to individual clients, while vendors offer support services, often bundling antidetection. For example, the private edition of Hav-rat version 1.2, a Trojan written by hacker Havalito, is advertised as being completely undetectable by antivirus companies. If it does get detected then it will be replaced with a new copy that again is supposedly undetectable.

Hackers can buy denial-of-service attacks for $100 per day, while spammers can buy CDs with harvested e-mail addresses. Spammers can also send mail via spam brokers, handled via online forums such as specialham.com and spamforum.biz. In this environment, $1 buys 1,000 to 5,000 credits, while $1,000 buys 10,000 compromised PCs. Credit is deducted when the spam is accepted by the target mail server. The brokers handle spam distribution via open proxies, relays and compromised PCs, while the sending is usually done from the client's PC using broker-provided software and control information.

"This is a completely standard commercial business," said Genes. "The spammers even have their own trade associations."

Ready-made tools for creating phishing e-mails, such as fake requests for bank details, are fairly easy to buy, with many independent vendors selling them. Bulletproof hosting is also easily available, while phishers engage spam services to lure users to their sites.

Carders, who mainly deal in stolen credit card details, openly publish prices, or engage in private negotiations to decide the price, with some sources giving bulk discounts for larger purchases. The rate for credit card details is approximately $1 for all the details down to the Card Verification Value (CVV); $10 for details with CVV linked to a Social Security number; and $50 for a full bank account.

Scammers use a variety of ways to launder cash. Compromised bank accounts can be used to launder funds, or struggling companies can be bribed to turn the money into ready cash. Scammers can find businesses with a debt of $10,000, and agree to pay them $20,000 if they agree to cash out 50 percent of the funds. Dedicated cashiers, also known as "money mules," can also take up to 50 percent of the funds to move the money via transfer services.

Money can also be laundered by buying and selling merchandise on the wider black market. Shipper rings can ship PCs to scammers via intermediaries, which can then be resold.

Cost to legitimate business
As the malicious-software economy grows in sophistication, so do the losses sustained by legitimate businesses. According to the 2007 Computer Security Institute computer crime and security survey, these losses have seen a sharp increase this year.

Robert Richardson, director of the CSI, said the average annual loss among U.S. businesses due to cybercrime has shot up to $350,424, from $168,000 in 2006. "Not since the 2004 report have average losses been this high," said Richardson.

This year's survey results are based on the responses of 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions, and universities.

Almost one-fifth of those respondents who suffered one or more kinds of security incidents said they had suffered a targeted attack aimed exclusively at their organization, or organizations within a small subset. Khalid Kark, a principal security analyst at Forrester, said targeted attacks against companies and institutions are becoming more common.

"As banks and companies have increased security levels, the hacker community is casting a much wider net," said Khalid. "Instead of hacking into something right away, now it's low and slow. They're determining attack avenues, taking their sweet time to find holes, and then using stealth (to steal data)."

Financial services companies are being attacked more and more, said the analyst, while the attacks are increasing in number and complexity.

But while the black cybereconomy is maturing, at the moment its main practitioners seem to be individuals or small groups acting within a loose web of affiliations that can be quickly established and broken to evade detection.

F-Secure's Hypponen blames a lack of international co-operation and political and social problems for the current situation. "In many cases these are people with skills but without opportunities," said Hypponen. "What if you are born with IT skills in rural China, or in the middle of Siberia? There is no legal way of making use of the skills they have."

While law enforcement co-operation with government and the IT community is paramount in addressing the problem in the short term, longer-term solutions must be found. One way to address the issue of the growth of the "black cybereconomy" in the long term is to harness the IT talent in developing countries that otherwise might be co-opted into illegal activity, say security experts.

"We have to make it more attractive to be in the white economy than in the black–when that happens we will turn a corner. We're starting to see that happen as companies look to less expensive economies as places to put people. In Eastern Europe and Asia there are highly skilled people where there are less opportunities–this is where the black economy is fueled now," said McAfee's Telafici.

Tom Espiner of ZDNet UK reported from London.