Well this is a scary thought - employees at utilities companies, government agencies, and other companies just looking through your account information. While the article focuses on Milwaukee-based WE Energies, I should imagine that the practice is very common-place.

The IRS took 219 disciplinary actions, including firings and suspensions, against employees who browsed through confidential taxpayer information last year, according to the U.S. Treasury Inspector General for Tax Information. That was more than double the number the previous year.

Worker Snooping on Customer Data Common
By RYAN J. FOLEY
http://ap.google.com/article/ALeqM5ghPenZUJTE7BfSfgQbj6RX597DEAD8V019TG0

Recently I had a client forward an email to me. She was concerned that she may have some security problems due to an email she received. These sorts of emails use a social engineering scare tactic to try and entice you. Kudos to her for asking me about it first!

This is a perfect example of what a SPAM and Phishing email looks like - so I figured I would post it with some notes. Yeah - I removed the email address and names to protect the innocent.

This is also a perfect example to all the AOL users out there. Quit using AOL. It sucks. Switch to Gmail.

Call me - my rates to setup Gmail AND move all your AOL email and contacts are very reasonable.

Click the image to get a larger and clear view.

Well this is definitely a case to watch as it appears it will go all the way to the Supreme Court. Here is the quick scenario.

The case arose when Kevin Boucher, a Canadian citizen with legal residency in the US, was traveling from Canada back to Vermont on December 17, 2006. He and his father were stopped by customs agents while crossing the border. A subsequent search of the laptop by an agent revealed adult porn and animations of adult and child porn. The key here is that the agent was able to access the files without a password.

After obtaining a subpoena on December 19, a Vermont Department of Corrections officer attempted to access the drive only to find that it was encrypted with PGP (Pretty Good Privacy).

Secret Service Agent Matthew Fasvlo, who has experience and training in computer forensics, testified that it is nearly impossible to access these encrypted files without knowing the password. There are no "back doors" or secret entrances to access the files. The only way to get access without the password is to use an automated system which repeatedly guesses passwords. According to the government, the process to unlock drive Z could take years, based on efforts to unlock similarly encrypted files in another case. Despite its best efforts, to date the government has been unable to learn the password to access drive Z.

Now, whether or not the kid has child porn in the encrypted drive is not the main point. He admitted to having porn and possibly child porn in his temp files. He actually allowed agents to view files, which prompted the initial arrest. The point here is whether the government can compel you to reveal a password - something that is in your mind. This has far-reaching implications on your rights under the 5th Amendment.

I'd have to say kudos to the kid for encrypting his drive in the first place. I cannot stress enough the importance of encrypting your data. Not that you need to worry about government snooping, but you should certainly be worried about theft of data. It is a very serious potential problem and disaster.

If you want to learn more about encrypting your data, hard drives, or email, contact me. Also look for upcoming blogs and tutorials on the methods that I use, including total disk encryption using TrueCrypt and email encryption using Gmail, Thunderbird, and Enigmail.

References:

Judge: Man can't be forced to divulge encryption passphrase
http://www.news.com/8301-13578_3-9834495-38.html

Feds appeal loss in PGP compelled-passphrase case
http://www.news.com/8301-13578_3-9854034-38.html

DOJ: No comment on forcing encryption passphrases
http://www.news.com/8301-13578_3-9835392-38.html

In Child Porn Case, a Digital Dilemma
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011503663.html

Well, I had read about this a while back, but a recent Slashdot post brought it to my attention again. Did you know that the US Government convinced printer manufacturers to encode every page of a document with a pattern of yellow dots to identify the printer (and user)? If that doesn't give you an uneasy feeling about surveillance than I don't know what will.

References:
Secret Printer ID Codes May Be Illegal In the EU
http://hardware.slashdot.org/article.pl?sid=08/02/15/1612226&from=rss

Is Your Printer Spying On You?
http://www.eff.org/issues/printers

As I reported previously, the GeekSquad and BestBuy has some serious issues going on such as the porn incident. Unfortunately for them, it serves as bad publicity. Fortunately for me, it drives more business to me.

The most recent thing is losing a laptop, and I have to agree with the lady who filed the suit. It's not about winning $54 million - it's about sending a clear message to BestBuy and other stores that you had better take customer information and service very seriously.

I have filed a lawsuit against Best Buy and launched this blog in an effort to bring attention to the reprehensible state of consumer property and privacy protection practices at America's largest consumer electronics retailer, with the hope that it might motivate Best Buy to effect changes and spare future consumers the experience I have been subjected to -- or worse.

Of course, it goes without saying that her data should have been encrypted on the laptop. Then her fears about identity protection would be minimized greatly. However, she does have a point about the way that BestBuy handled the situation, and apparently they are continuing to drop the ball.

Good luck Raelyn Campbell!

BestBuy vs Consumer Protection Blog
http://bestbuybadbuyboycott.blogspot.com

Over the years, this issue has come up time and time again. Most ISP's (internet service providers) now block port 25, which is the outbound email (SMTP) port. In the name of trying to "help block spam", they make it a huge headache for customers who use their own domain or another email provider. If you call Bellsouth or Comcast as a residential customer, their answer is "tough - upgrade to a business account". That is absolutely a waste of money.

As most of you know, I DO NOT recommend using your ISP's email account.

Many email services also don't allow you to use anything other than port 25 for your outbound email so customers are left with configuration issues to get their email to work if they use an email client such as Thunderbird, Outlook, Outlook Express, MacMail, etc. If you use a laptop, then things get really fun when you are on a network that is not your own such as a hotel, family member's house, customer, etc.

What do you do for now? The setup varies slightly from service to service, but basically you are going to setup your email client to use your ISP's outbound SMTP server and your ISP-provided email address/password for authentication.

What is the real solution? Use an robust email service that uses non-standard ports.

For instance, I HIGHLY recommend Google's email service - Gmail. It uses non-standard ports (995 inbound POP and 587 outbound SMTP) plus SSL connections on the inbound and TLS on the outbound for enhanced security. It also supports IMAP and a host of other features. You can use it as a central point for your email as it will POP in your other email accounts. You can even set it to reply from those account addresses if you don't want your Gmail address easily revealed.

Another solution is to just purchase your own domain and use Google Apps for your Domain for your email needs.

I use both of these methods for all of my email and have begun to migrate most of my customers over to the system. It just works - and the service from Google is basically free.

As usual, if you need help with any of these services, contact me. For a reasonable fee, I will be glad to setup everything including migrating your existing email over.

Helpful Links:

Webmail vs Local Email
http://www.smartergeek.com/forum/forum_posts.asp?TID=390

Anti-Spam Techniques in Email
http://en.wikipedia.org/wiki/Anti-spam_techniques_%28e-mail%29

ATT / Bellsouth E-mail Best Practice Guidelines
http://www.postmaster.bellsouth.net/best_practice.htm

ATT Bellsouth Port 25 Filtering Help Center
http://www.att.net/csbellsouth/s/editorial.dll?fromspage=all/home.htm&categoryid=&bfromind=62&eeid=3784168&eetype=article&render=y&ck=

Comcast takes hard line against spam
http://news.zdnet.com/2100-3513_22-5230615.html

Thunderbird - Cannot send email
http://kb.mozillazine.org/Cannot_send_mail

It appears that www.wesla.org (WESLA Federal Credit Union) has some serious issues going on. The site has been down for a couple of hours at least. At 3:55pm CST, a client of mine IM'ed me over GoogleTalk about it. More than just the homepage is down as well - looks like the whole site.

There are several things that can cause this so hopefully the admins will have it figured out pretty quickly.

*Note: No I don't use WESLA.

------------------------
Note: This blog is about the subject in general - not meant to be taken personally by the one who just sent me the email.
------------------------

Ok everyone. Please STOP sending this crap to me. I can only hit "reply all" and send refutes about these urban legends so many times before I get really tired of it. I realize that most people don't know as much as about computers and technology as I do, but just a little thinking and forethought would save all of us time and save some internet email traffic. Besides, most people who send me email have heard by soap box lessons about this kind of stuff.

Did I mention that I HATE unsolicited emails containing urban legends? Stop proliferating this crap. Please. They waste time, resources, and bandwidth. Instead of doing something productive, I have to respond to people and insure them that mass panic will not happen. Worse yet, I get the phone calls from clients wanting to know what all these things are about. When I tell then about urban legends, myths, and hoaxes, they just can't believe that "cousin Tommy - the family computer guy relative" would send them an email that was fake. Just because "Tommy" has an iPod and can play Guitar Hero and instant message does not make him an expert.

There is no virus that caused mass panic in New York and was reported on CNN. Software code can remove data but can't cause actual damage to a hard drive. Clicking on links in an email that obviously point to a ridiculous URL (website) such as : http://notme.hk/ should really be your first clue. Another clue would be not opening any untrusted attachments. A third clue is "this alert was received by an employee of Microsoft" - umm who cares and it was unsolicited anyway?

In summary, don't fall for the social engineering tactics at all. And don't forward them on to me unless you are genuinely asking me if there is any truth. If you do, then you will surely end up on my email newsletter list along with all 500 people that you cc'ed - since I'm sure every one of you needs real technology help.

All -

I just received this warning from my wife. I checked on Snopes. It is a REAL virus!

Read below.

- G****


Importance: High

FYI . . . Please take this seriously and read the link below . . .


Virus --CNN announced -- Snopes confirms as real.

Here is a link to the snopes page:

http://www.snopes.com/computer/virus/postcard.asp


PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!

A new virus has just been discovered that has been classified by Microsoft as the most destructive ever. This virus was discovered yesterday afternoon by McAfee. This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored.

This virus acts in the following manner:

It sends itself automatically to all contacts on your list with the title:

'You've received a Post Card from a Family member'.

As soon as the supposed virtual card is opened the computer freezes so that the user has to reboot. When the ctrl+alt+ del keys or t he reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN.

This alert was received by an employee of Microsoft itself.

So don't open any mails with subject:'A Post Card from ' As soon as you get the mail, delete it !! Even if you know the sender !!!

Please pass this mail to all of your friends.

Forward this to everyone in your address book. I'm sure most people, like myself, would rather receive thi s notice 25 times than not at All.

References:

http://www.snopes.com/computer/virus/postcard.asp

http://virusbusters.itcs.umich.edu//hoaxes/virtual.html

http://antivirus.about.com/cs/hoaxes/p/virtualcard.htm

http://www.trendmicro.com/vinfo/hoaxes/hoaxDetails.asp?HName=This+Is+Not+A+Joke+-+VIRUS+ALERT

I've been asked about this issue several times. To keep it simple:

No you don't have to buy a new $1500 HD television before February 17, 2009, and throw away your old TV.

What is happening is that the over the air (OTA) television stations will no longer be broadcasting in analog. They must begin broadcasting digitally. That's all it means.

FAQ's (Frequently Asked Questions):

Q. What if I am on cable or satellite (like DishNetwork)?
A. Then you don't have to worry about anything unless you also use rabbit ears.

Q. If I have an older analog television, will I have to throw it away after February 17, 2009?
A. Nope. You can purchase a digital-to-analog converter box to continue using your rabbit ears.

Q. Do I have to buy the digital-to-analog converter box?
A. No - If you have a TV imported after March 1, 2007, then by law it has a digital tuner built-in.

Q. How much does the box cost?
A. The price is expected to be around $60, but the Feds are providing coupons to everyone worth $40 to offset the cost. That brings your total outlay to about $20.

Q. The salesman at <> said I had to buy a new HD TV or I won't be able to watch television much longer.
A. The salespeople at those stores are typically very ignorant of technology and/or liars.

Q. Why is the Federal government mandating this?
A. "...because all-digital broadcasting will free up frequencies for public safety communications (such as police, fire, and emergency rescue). Also, digital is a more efficient transmission technology that allows broadcast stations to offer improved picture and sound quality, as well as offer more programming options for consumers through multiple broadcast streams (multicasting). In addition, some of the freed up frequencies will be used for advanced commercial wireless services for consumers."

Q. Who is going to buy up the spectrum?
A. Hopefully Google!


References:

http://www.dtv.gov/consumercorner.html#faq5

FCC Consumer Facts
http://www.fcc.gov/cgb/consumerfacts/digitaltv.html

Google's Public Policy Blog
http://googlepublicpolicy.blogspot.com/search/label/Telecom

Official Google Blog - Who's going to win the spectrum auction?
http://googleblog.blogspot.com/2007/11/whos-going-to-win-spectrum-auction.html

Everything You Always Wanted to Know About the 700-MHz Auction but Were Afraid to Ask: Expert Op-Ed
http://www.popularmechanics.com/technology/industry/4246037.html

700 MHz Explained in 10 Steps
http://gigaom.com/2007/03/14/700mhz-explained/

Imagine that police arrest an individual for a simple traffic infraction, such as running a stop sign. Under the search incident to arrest doctrine, officers are entitled to search the body of the person they are arresting to ensure that he does not have any weapons or will not destroy any evidence. The search incident to an arrest is automatic and allows officers to open containers on the person, even if there is no probable cause to believe there is anything illegal inside of those containers. What happens, however, when the arrestee is carrying an iPhone in his pocket?

Now you might think this scenario is far-fetched, but it's not really. Just imagine if you have your laptop, and the officer decides to search it. You may have data on there that is none of law enforcement's business. As a matter of fact, none of it is their business!

Here's another scenario that I preach to all my clients, family, and friends.

You can always replace your hardware if it gets stolen. You can't replace your data or the damage done if someone gets their hands on it.

While you may think that you don't keep enough data on your computer to matter, I bet the vast majority of you reading this post allow your email program or web browser (IE or Firefox) to remember your passwords. With that information, someone can have access to your email and a lot of other things. By using some social engineering combined with the data they are able to pour through, some serious damage can be done.

Oh - you didn't think about that did you? What about all those pictures of your family, kids, etc?

Fortunately, there is a pretty easily solution to most of this. You need to install and use TrueCrypt. This simple, free, open-source program will solve just about all of those problems. You know all those stories in the news about stolen/lost laptops with tons of SSN's and personal data? Well, there is simply NO excuse for that. You can install TrueCrypt, create an encrypted container, put your important data in it, and that's that. I actually use 2 containers. One is for my most important data that I cannot afford to lose. The 2nd container is used to hold my Thunderbird email and settings. As a bonus, I only have to backup 2 files - the TrueCrypt containers, and my backups are encrypted as well.

Another rule to remember: don't have your browser remember your passwords. First, this means you will forget them. Time and time again, I revamp customer computer systems and they have no clue what their passwords are. Secondly, if someone does steal your computer (swiped laptop or breaking into your house and taking your desktop), then they may get a nice computer and whatever software you have installed, but they won't have easy access to your email, banking sites, etc.

http://en.wikipedia.org/wiki/Post_Office_Protocol

Although plain text transmission of passwords in POP3 still commonly occurs, POP3 currently supports several authentication methods to provide varying levels of protection against illegitimate access to a user's e-mail.

Here's something else to think about: Did you know that the vast majority of email flies around the 'Net in plain text? That's right - your email has zero protection! Why do you think you should never ever ever send your SSN or credit card number via email? Let me give you a good example. People like me will sit at a hotel and run some network sniffing software. Your email client checks your email - I get to see your username, password, and email all sent across the network in the clear.

This is one of the reasons that I've been migrating and pushing most of my clients over to Gmail (Google's email service). Gmail uses an SSL connection from your email client to their servers. This is actually more secure than using your browser since Gmail only uses SSL for the login with your browser. The best news is that all major email applications support it (some better than others - like Thunderbird), and it totally stops the hotel scenario. And its free!

Now, that doesn't stop someone at Google from potentially viewing your email; nor does it stop anyone along the path from Google to the recipient's email. As as an example, many people use their ISP's email systems - Comcast, Bellsouth/ATT, Verizon, etc. We can't even trust them to deliver us the services we were sold and paid for. You think we can trust them with our email? The way around this is using something such as OpenPGP/Enigmail so that the entire contents are encrypted. Alternatively, you can do something as simple as create a small TrueCrypt container, put your message and contents in the container, and forward that as an attachment. Call the recipient and tell the the password. Simple but effective!

In the near future, I will releasing several video tutorials on how to set this up. As always, if you want assistance in creating a relatively secure way to store your data, then contact me.


References:

The iPhone Meets the Fourth Amendment
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1084503

www.truecrypt.org

You know that broadband internet coverage in the United States sucks right? Huh - you mean you thought it was so cool that you can now get a 1.5Mbs DSL connection? Bellsouth/ATT offered you 6Mbs Extreme? Have you checked your upstream connection lately? That is why it is technically known as aDSL. The "a" stands for asymmetric - as in the downstream bandwidth is much greater than the upstream.

Even with 6Mbs or 10Mbs (that mega-bits not bytes), the US is still way behind in the industrialized world with connectivity. For the most part, we created the Internet, and our connections suck.

Fixing US broadband: $100 billion for fiber to every home
...But these 100Mbps connections are coming slowly; in the meantime, countries like Japan already have them. To avoid falling further behind, the report calls for a national broadband policy to be passed this year, one that includes $100 billion for a fiber-to-the-home infrastructure that will connect every household and business in the country.
...Between 1999 and 2006, the US fell from third place to 20th in the International Telecommunications Union's broadband usage measurements.

Now here is the really interesting part of this whole deal. Ever heard of the "$200 Billion Broadband Scandal"? Let me summarize then. Basically - back in the mid '90s the telecos (telephone companies) were supposed to deploy fiber and fiber/coax networks to millions of homes by the year 2000 as part of the Telecommunications Act of 1996. We are supposed to have 45 Mbs connections. All 50 states and the District of Columbia contracted with their local telecommunications utilities for the build-out. Guess what? We don't have millions of homes with fiber do we? They all failed. The telcos made billions.

The $200 Billion Rip-Off: Our broadband future was stolen.
Over the decade from 1994-2004 the major telephone companies profited from higher phone rates paid by all of us, accelerated depreciation on their networks, and direct tax credits an average of $2,000 per subscriber for which the companies delivered precisely nothing in terms of service to customers. That's $200 billion with nothing to be shown for it.

...As just a small example of the way the phone companies took advantage of ineffectual regulation, they charged an average of $1 per month per customer to run Bellcore, the research organization set up to replace Bell Labs after the 1983 split up of AT&T. But when Bellcore was later sold and the profits from that sale distributed to the telephone companies, not to the customers, ALL BUT ONE RBOC CONTINUED THE $1 CHARGE DESPITE THE FACT THAT IT NO LONGER DIRECTLY SUPPORTED ANYTHING.

Broadband in the US is now defined as anything with a download bandwidth of 200 Kbs or greater. Big deal.


Broadband Scandal eBook (406 pages in PDF)
http://www.teletruth.org/docs/SCANDALFINAL92006.pdf

http://www.fcc.gov/Reports/tcom1996.pdfPublish Post

Fixing US broadband: $100 billion for fiber to every home
http://arstechnica.com/news.ars/post/20080131-fixing-us-broadband-100-billion-for-fiber-to-every-home.html

Good Example of a Phone Bill Breakdown
http://www.newnetworks.com/dirtyphonebill.htm

I've been on my soapbox about this for a long time now. People want to gripe about the cost of a gallon of gasoline, which has to be drilled, refined, shipped, heavily taxed, etc. However, nobody thinks twice about paying $5 per gallon for bottled tap water.

1 liter ~ .25 gallons

$1.19/liter x 4 = $4.76/gallon (approximately)

Just doesn't make sense does it? Oh - you think that your is pure and therefore it should cost more. Right? Wrong. The fact is that most bottled water is no more safe than the vast majority of municipal water supplies.

In 1999 the NRDC tested more than 1,000 bottles of 103 brands of water. (This is the most recent major report on bottled water safety.) While noting that most bottled water is safe, the organization found that at least one sample of a third of the brands contained bacterial or chemical contaminants, including carcinogens, in levels exceeding state or industry standards. Since the report, no major regulatory changes have been made and bottlers haven't drastically altered their procedures, so the risk is likely still there.

Bottlers don't have to let consumers know if their product becomes contaminated, but sometimes they pull their products from stores. In fact, between 1990 and 2007, this happened about 100 times, says Peter Gleick of the Pacific Institute in Oakland, California. Among the reasons for recall: contamination with mold, benzene, coliform, microbes, even crickets.

If you like bottled water and want to continue to pay for Coca-Cola's massive marketing campaigns for your Dasani, then that's great. Just don't gripe about the cost of gasoline around me. As a matter of fact, unless you want to drill, refine, and produce you own gasoline then shut or walk - and use that overpriced bottle of Dasani to quench your thirst.

http://www.rd.com/content/rethink-what-you-drink/