Well it's been a while since I posted. Between customers, teaching, the elections, deer season, etc, finding time to post has been challenging!

Over the last couple of days, I've received 2 email that almost appeared legitimate for a PayPal Dispute Resolution. To give you some background, I've used PayPal since 2001 and rarely had any issues. Of course, I have a simple rule that I follow since PayPal is not a bank nor FDIC insured:

I don't keep any more money in PayPal than I can afford to lose.

Naturally, PayPal is a large target for scams since they are pretty much the only game in town other than Google Checkout. In the course of using PayPal, I've only had 2 disputes so I am familiar with the dispute resolution process and what the notification emails look like. That is why I did a double-take on these emails.

Of course, I checked out the emails thoroughly, figured out the scam, and decided to blog about them. For good measure, I also logged into my PayPal account just to check, but the important is that I went to www.paypal.com and logged in - not relied on a link in an email!

I've posted on phishing schemes and scams before, but I wanted to caution everyone again. Please be cautious whenever you receive one of these. If you receive one from a bank and you bank online (which you should for safety), then simply go directly to your bank site and login. Call your bank. Don't click links in emails that you don't trust absolutely!

Also, use FireFox and OpenDNS on your computer and home (or business) network. These 2 things will greatly enhance your security.

Labels: email, paypal, phishing

..a group of individuals had apparently installed a device inside a gas station pump in the area. This device had access to all information entered through the payment point.
..The device included a wireless transmitter that broadcast 300-400 feet, allowing someone seated in a car located nearby to capture all the information generated at the pump.At the end of a hard
day’s work, the thief would use this information to print the data onto card “blanks.”

Well, I've said it over and over. While the mainstream press tends to focus on "online predators, blah, blah, blah", the majority of ID theft or bank theft occurs by more traditional methods. Granted, this was making use of some relatively advanced technologies, but it goes to show you that you have to watch out from all angles.

It would be a good idea to read the article linked below.

References:

Happy Birthday…I’ve stolen $2500 from your account
http://blogs.zdnet.com/carroll/?p=1887&tag=nl.e539

For all of us, there comes a time on any given day, week, and month,every year and in different degrees over our lifetimes, when we choose to act in some way that is oriented toward fulfilling our social and psychological needs, not our market-exchangeable needs. It is that part of our lives and our motivational structure that social production taps, and on which it thrives. There is nothing mysterious about this. It is evident to any of us who rush home to our family or to a restaurant or bar with friends at the end of a workday, rather than staying on for another hour of overtime or to increase our billable hours; or at least regret it when we cannot. -- Benkler, Wealth of Networks

The question then becomes: How do you tap into those times and produce income?

It is not an easy one to answer. An obvious choice would be advertising and many of the social networks are taking advantage of that - some in conservative ways such as Digg.com or Facebook.com - but how does an individual or small business tap into this social need? I think the answer again lies in advertising, only in a more subtle and soft-sell manner.

As an example, I created a MySpace.com page sometime back. As all my friends and clients know, I'm not a fan of MySpace at all, but there is a compelling social aspect to the site. In my case though, I put up page to learn how their template works. Sure, I've had some old friends find me there, but even more importantly I've had a couple of clients pay me to create them a MySpace template - one without all the eye-popping glitzy bedazzled looking garbage.

Here is another example. On any message boards that I frequent, whenever I post I always put a URL to one of my websites in my signature line. Do I get much business from that? No, but I have gained a few clients and it only cost me my time.

Facebook has become very popular in the last 18 months. I definitely like it much better than MySpace, and I finally created a profile there. Am I looking to generate business there as well? Maybe. It doesn't hurt to network out. Think of it like going to a dinner party or conference only it lasts 24/7. If I gain some new business great - at the worst I've found some old and new friends.

The vast majority of my business has been through word-of-mouth. Social networking parallels that very closely. It costs virtually nothing except time and effort. Why not tap into it?

Links:
http://www.amazon.com/Wealth-Networks-Production-Transforms-Markets/dp/0300110561

Recently, I've been consulting with a client on network improvements. Following is an email correspondence sent to them in preface to some upgrades - such as migrating to a Novell SUSE Linux network.

============
From Email
============

As a reminder, security is relative. You have to weigh the cost vs usability vs convenience. If security practices are too complicated, end users will attempt to circumvent them at every turn. However, if the security measures only present a small burden to the end users, then most users will embrace them.

There are no 1-stop security solutions. Period. Anyone that tries to embrace that philosophy is selling snake-oil and will lull you into a false sense of security. Always avoid single vendor lockin to proprietary solutions as much as possible. I always favor free and/or open-source solutions where possible.

##############
User Training
##############

Most companies fail at training their users in basic technical skills and safe practices. In the short-term weak training expenditures may result in faster employee turn-around; however, in the long-term it costs more.

Not only should users (employees) be educated on the basic skills for their jobs, they should also be educated on basic security best-practices and company policy. As technology changes, users should be further educated as necessary for their particular job. In today's fast-paced world of data exchange, this is a necessity not an option.

##############
Data Security
##############

First, you need consider that like most things, your data is only as safe as the weakest link in the change. No matter what types of technology you employ, all it takes is one rogue employee with access to the data. This is where your company policies and NDA's come into play heavily. Employees must know that there are severe consequences for breaching policies.

Data must not be permitted to leave the company network unless a user has specific permission to remove the data. This includes USB drives, company and non-company laptops, cell phones, pda's, etc. Even hand-written notes concerning company information must be carefully considered.

Any data that is allowed to leave the company network and confines must be encrypted (see mobile security). It does no good to have the company information locked down, only to transport it in the free and clear.

##############
Email Security
##############

All company email must be controlled tightly through a service such as Google Apps Premier Edition powered by Postini. This allows for superior email security, archiving, and control.

"By 2005, 24% of companies had email subpoenaed and 15% had gone to court over lawsuits triggered by just employee email. According to the same survey, 10% of email at work contained sexual, romantic, or pornographic content." - http://www.amanet.org/press/amanews/2006/blogs_2006.htm

Plan Now for Managing Electronic Data Avoid Tomorrow’s Legal Risks
www.google.com/a/help/intl/en/security/pdf/WP44-BMGuide.pdf

I have a client (and friend) who purchased a mobile phone running Windows Mobile. His problem was keeping his phone synced to his Google Calendar, which he runs through Google AFYD. Fortunately, Google released a sync tool called Google Calendar Sync.

Running Google Calendar Sync allows Glenn to keep his phone, pc, and online Calendar together.

I also did the mobile setup for his Google Calendar - so he can add appointments any way that he chooses.

After running for over a week with no issues, he recently had an error with the calendar sync. Here is a copy of the emailed notes.

============
From Email
============

Here are my notes on fixing the Google Calendar Sync:

• Google Calendar Sync giving error message 2006
• Tried to launch Outlook - gave error message "unable to open your default folders"
• Checked Taskmanager - Outlook running in background - killed process
• Launched Outlook 2003 - worked fine, closed it
• Ran Google Calendar Synch - worked fine
• CMD -> net statistics workstation - uptime since 9/29/08
• Advised Glenn that he must restart workstation at least every other day

Basically, you have to restart XP (or any version of Windows) at least every other day. In your case, Outlook was "hung" running in the background which would not allow Google Calendar Sync to run properly. I had to kill the process and it worked fine.

You need to restart that computer.

==============
From email
==============
from XOXO
to Rex Moncrief
date Mon, Oct 6, 2008 at 7:25 AM
subject Is this worth having?
mailed-by gmail.com
signed-by gmail.com

Is this worth having?
http://www.komando.com/downloads/category.aspx?id=5536

===========
My Response
===========

Mark Russinovich arguably knows more about the Windows OS than Microsoft does. He has produced some great apps, which is one of the reasons MS finally bought his company.

There are only a small handful of them that I recommend an "above average" computer user should have - and these are ones that I run on a regular basis.

Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
*Runs at startup on all my Windows pcs.

Process Monitor
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

AutoRuns
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

RootKit Revealer
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Systernals applications can be very powerful, which is why I don't suggest them to typical computer users. That is why I also don't recommend downloading them all at once. People tend to get curious and then get off in an area where they don't belong. Of course, that is good for my business, but I try to be honest about technology.

If you want to give some of them a try, but always remember: "You are only as good as your last successful backup - from which you can recover."

*No - Windows System Restore is NOT a backup solution.

Labels: xp software

Well it appears that Google is trying to drastically change the way we use wireless phone networks. As opposed to the carrier lock-in we all face now, Google's vision is an open network where devices or phones connect to any open available network.

Their vision is very similar to how we connect to the internet now. Any computer can connect to the internet as long as it has a network connection.This is also how we connect to landlines based on the Carterphone decision in 1968. Any phone can connect to a landline phone service.

Of course, I don't expect to the wireless carriers to go willingly into the night. They will fight this tooth and nail and do their best to carry on with the current state of lock-in. Like I've said over and over, until we as consumers begin to fight for change - we are stuck in the current model.

Come on Google - help us out and by extension help your company.

Google's Full Patent Application

Labels: google, wireless

Recently, I've been purchasing a lot of things from my local Office Depot. The staff there are friendly and courteous, and their prices are pretty competitive. Plus it's close to my home/office.

Of course, I also love to price/review shop on the Internet prior to making purchases. Upon landing on the home page, they had a nice chair advertised on sale. Regular $139.99 it had an instant savings of $50 that brought it down to $89.99 - not a bad deal really. Besides I could use a new chair.

When I clicked on the chair to bring up the details - the deal got even sweeter! Office Depot was going to pay me $.01 to buy it! Hell, I was ready to order 100 of them, but my local zip code indicated that the stores near me didn't have them in stock. No big deal. I would gladly pay a little freight and order about 5 of them.

When I proceeded to checkout, none of the instant savings were applied though. Hmmm - so I called Office Depot's number - 800.463.3768 - to see what was up. Of course, the kind Indian call center gentleman pulled up the product number and confirmed the chair should be -($.01). After some more "checking" and a 3 minute pause, he stated "I'm so sorry for the false advertisement, but the chair is $139.99 and the website is incorrect. I am reporting this to our corporate department." Damn the luck.

Well, I couldn't stand it so I called back on my Skype phone and recorded the call (yes, it's legal in Louisiana as a one-party state). Sarah confirmed that the chair was being "reported to our corporate department" and that I could place an order for the chair. I couldn't get her to outright say it was "false advertising", which would have been fun.

What did I gain out of this? Nothing really but something to blog about!

MP3 Recording with Sarah from Office Depot Support

I've been working recently with a client on a web project (sales of digital art). As is typical of most of my projects, my expertise in other areas gets tapped - not just web development. After all I am an IT consultant.

This client needed an inexpensive VoiP telephone solution for the online small business. She wants customers to be able to contact a "real person" if needed as well as be able to fax digitally. In my opinion with a combination of free and inexpensive services plus cell phones, it can all happen.

Posted below are excerpts from the email correspondence. Keep that in mind as the "text flow" is not perfect.

You will see that I am recommending Skype as part of the solution. For all the naysayers out there, let me state this upfront: It works and works well. I am running a Linksys WRT54GL with DD-WRT firmware and QoS optimized for VoiP and Skype on a Dell Inspiron 1525 with a built-in webcam - video conferencing works well and barely puts a dent in my dual-core Intel. It offers conference calling features and when combined with Pamela, you can even do call recording and a whole lot more.

=========
From Email
=========

Also, I've been doing some research on the "phone line" and VOIP. I think using Skype may be a very viable alternative. You can purchase a "SkypeIN" number which gives you a "local" number that is routed to your free Skype account. When someone calls your number from a landline or cell, you answer it via Skype.

You can also purchase a Skype subscription which would allow US/Mexico/Canada/International calling for $9.95/month or less. You also have an option of using the include "SkypeToGo" service so that you could make international calls from your cell phone as part of your Skype subscription.

Here is the main advantage that I see. Suppose you contracted with someone to be the "receptionist" for Legally Hung. All you would have to do is forward the SkypeIn number (which acts as the business number) to that persons cell OR have them install Skype for free and login using the account for that number. You can also purchase up to 10 SkypeIn numbers per account.

Of course - Skype to Skype calls are completely free.

References:
http://www.skype.com/allfeatures/onlinenumber/

http://www.skype.com/allfeatures/callforwarding/

http://www.skype.com/allfeatures/subscriptions/

http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=331

=========
From Email
=========

As far as the 800-number status, I tend to be a little more realistic about that. How many people actually pay long distance per minute any longer? I would venture to guess (based on my business and clients) that 80-90+% of everyone has "unlimited" longdistance on their landlines and cell phones. That is why you are starting to see a lot of newer companies use local numbers versus worrying about toll free. However, there are stats that prove a toll free number can increase your traditional sales.

I'm not sure how much "customer service" callback you anticipate, but here are some possible solutions and ideas.

Labels: pamela, pbx, skype, voip

Earlier this year, I had the privilege of teaching a basic computer course to 2 classes at a local career training place. The first class was really great as I had a group of students who wanted to learn skills to better themselves and their career choices.

The only downside was that the IT guy for the company had unfortunately ordered a mixed batch of Lenovo and a couple of Acer laptops - all running Vista. To make matters worse, the Acer's were only running 512MB of RAM, which made Vista perform unbelievably slow. All the laptops had trial versions of MS Office, and the class was centered around office-type application skills. This was done prior to my arrival so I was left to deal with the situation as best that I could. We installed OpenOffice.org and used Google Docs extensively.

There were plenty of other issues including bandwidth problems at the facility, spyware (no Vista is not safe), and a host of other technical issues. Of course, it is normal for these types of things to happen; however, the worst part was that it was and still is frustrating to the students. They just want the technology to work.

Unfortunately, after the 2nd class, my business schedule just wouldn't let me commit the time needed to make the classes exceptional. I was left with no choice but to inform the owner that my training days were over. I offered my skills for IT support as needed though.

So what does this have to do with Ubuntu and Linux?

A couple of weeks ago, one of the students called me. Her Lenovo laptop had crashed and Lenovo's support was not up to par. They basically sent her the laptop back with a set of restore DVD's (the originals were lost) and informed her that her hard drive was possibly failing. To make matters worse, the recovery application from the DVD's just wouldn't work. This meant that she would be without her laptop for at least 2 weeks - not acceptable.

I was immediately able to get her laptop to boot up to an Ubuntu LiveCD and see her hard drive - it certainly wasn't failing. However, there was a serious issue with some system files or whatever that was causing Vista to endless reboot. After discussing the situation with her, I suggested that she try Linux.

Most of what she does on the laptop is web-based. She doesn't rely on any Windows-only applications and right now neither does the classes she is taking - most of which revolve around webconference.com meetings anyway. I installed Ubuntu 8.04 Hardy Heron.

Within about 90 minutes, we had Ubuntu running, wifi working, Skype installed for voip, and of course OpenOffice.org for an office suite. We setup audio playing and CD ripping software using Juicer and Rhythm. In the future, she wants to install Limewire for "independent" music, and we need to install Gyachi for Yahoo voice and video chat.

According to her, the other students want Linux. The training company owner wants her to go back to Vista and appears to be upset over change, but she refuses. This is an average computer user that wants a smooth-running system. Linux just works.

2 weeks later - She loves it. Period. Her friends love it. She doesn't miss Windows and hates Vista. Now that is a good experiment!

Labels: linux, ubuntu

Recently, I had to work on a Dell Dimension desktop. Unfortunately for my customer, the hard drive had the "click of death" even though I tried everything, including tapping the drive with a hammer to free the spindle. Luckily, there was no important data so I simply replaced the drive.

I kept noticing something odd that I had first attributed to the failed drive. I kept getting the following error on reboot:

Primary drive 1 not found
Secondary drive 1 not found
Strike the F1 key to continue, F2 to run the setup utility


That was odd considering that the drives were clearly installed and recognized in the BIOS. I checked jumper switches and everything was set to master and the drives were plugged in the ends of the IDE cables. I checked the BIOS again and the drives were recognized fine.

Thank goodness for Google. Here is the solution:

Boot into the BIOS using [F2]
Hold [ALT] F, then [ALT] E
After the beeping stops [ALT] B

It forces the BIOS to reset and re-recognize the drives.

References:

primary drive 1 not found
http://www.daniweb.com/forums/thread7688.html

Labels: bios, dell

For over a year now, I've been using Verizon's Broadband Access which uses the EV-DO technology. It's been pretty fast, and overall I'm a big fan of the service. It provides me a backup internet access if my cable connection goes down, plus with my business I need a constant connection.

Yesterday, I attempted to connect while at a customer's home who had lost their DSL connection. I needed to research some information and typically the Broadband Access is perfect in these situations. I even use it to share out the connection (yes you can use Windows ICS and Broadband Access). Anyway, after about 40 seconds of connection, the software went dormat, then disconnected. That was odd considering I had 4 bars of coverage and was well within the coverage area for broadband. I chalked it up to a temporary glitch with Verizon or interference and managed to fix the DSL connection anyway.

Later that evening I attempted to connect again. Same deal - VZAccess Manager connected, 40 seconds later - VZAccess dormant, and disconnect. What the hell I thought?

First thing this morning, I decided to troubleshoot. After all, I rely on the service when I am not at my office. The first thing I did was try and think of anything that had changed between Tuesday and Wednesday on my machine. My laptop runs a very clean installation of XP Pro - and I know every piece of software that is installed.

Linksys Print Server Utility 1.0
On Tuesday, I was at a client's office and we installed a Linksys WPSM54G Print Server, which requires the installation of Linksys Print Server Utility 1.0 and naturally Linksys thinks it has to run at start-up. Typically, I would remove software like that from startup, but in my hurry I just hadn't done it yet.

First thing - stop the software. Second thing, simply exit the software to test. VZAccess stayed connected as long as I wanted it to! As a matter of fact, I'm posting this while connected.

My final resolution was to simply remove the software from startup using MSConfig rather than completely uninstall it. I may need the software for further troubleshooting with my client.

Labels: linksys, verizon, vzaccess

From email:
-------------------------
is it possible for use to put a password on our wireless hubs to block out some local hacker that is exceeding our bandwidth?
-------------------------

We've discussed this before - the issue is NOT a local hacker accessing the wifi. The problem is HughesNet gouging and screwing over their customers.

While I'm a definitely an advocate of encrypting WiFi with WPA, because of the wireless mesh system that we are using to get wireless to Bob's house, you can't encrypt the wifi there.

For a "local hacker" to be using your wifi, he would have to be within 500 feet of the house AND know to setup and use a directional antenna. That is very very unlikely - almost impossible - in your area. This is why I've never worried about encrypting your wireless. You actually have "security through obscurity" in your case.

On my last trip there, we discussed this very issue and determined that the bandwidth overages were due to several things:

(1) HughesNet's pathetic rolling bandwidth caps.
(2) Leaving Limewire running on pc's even after songs are downloaded.
(3) Several users watching Youtube, downloading songs, etc - normal surfing habits (see #1)

I'm sorry to say but it is very easy for users to exceed the bandwidth caps from HughesNet even under normal use. Since most ISP's have peering arrangements, HughesNet is NOT doing this for the "quality of their network." It is simply another way to gouge the users. Your real gripe is with HughesNet - it's not a "local hacker."

References (please read):

HughesNet Lowers 'FAP' Caps
Despite New Spaceway 3 satellite
http://www.dslreports.com/shownews/HughesNet-Lowers-FAP-Caps-97011

http://www.broadbandreports.com/shownews/Track-Your-Remaining-HughesNet-Cap-Space-89144

http://www.ripoffreport.com/reports/0/244/RipOff0244913.htm

http://customercare.myhughesnet.com/fap_announce.htm

http://www.dslreports.com/blog?cat=87

http://en.wikipedia.org/wiki/Peering


Reply from Email:
---------------------
There is something funcky going on and I am running out of ideas. Yesterday I upgraded my hughs account to allow another 50 megs og download. All of the computers were turned off except my laptop and our PS3. Withing 40 minutes of the upgrade where they reset all of my usage they said I our server did a 211 meg download and then a 420 meg download.

So now I am using a dialup service to access the internet.

If it isnt the people across the street then somewhere we have a real nasty virus.
----------------------

As an example:

50MBs (megs) = only about 15 songs
Most MS patches or updates are more than 50MB's.
Vista SP1 is 434.5 MBs
XP SP3 is 316.4 MBs
To download the newest Acrobat Reader update requires 20MB's.
An iTunes update requires about 50MBs.

I'm not sure what is going on except that 50MB's is nothing. Plus according to many reports, HughesNet's method for monitoring the traffic (bandwidth) is very slanted towards the benefit of HughesNet - surprise.

You are being screwed over by HughesNet like most of their customers. I'm 99.999% sure it is not a hacker issue - unless your computer is exploited and you are sending spam out in the background - and Vista is not secure either.

The people across the street are a couple hundred yards away. The can "see" your wifi potentially, but they would have to have a directional antenna to transmit back to you since TCP/IP is a 2-way communication - very very unlikely.I will be glad to make a trip up and check things out, but I pretty much guarantee you what the answer will be - HughesNet is sticking it to its customers and getting by with it.

I'm not trying to be complicated or difficult, just giving you the truth about what is going on. You don't have many choices in your location so basically you are dealing with a monopolistic ISP.

Labels: hughesnet, mesh, wifi, wpa

From an email:

-----------------------------
The thing that I am having problem with are those damn AAC tags… What the f*** are they, why the f*** are they, and why the f** can I not figure them out I think I understand they are away to control content.
-----------------------------

Well let me try to keep this fairly simple. AAC is a digital audio format that is supposed to be the "next generation" of MP3. However, MP3 is so ubiquitous that it's going to be a while before it gets replaced.

Apple uses their own "version" of ACC with extensions for DRM (digital rights management). That allows them to control the content so that it only plays back under iTunes and specifically under your iTunes account. In short its a pain in the ass. Steve Jobs has publicly stated that the DRM is to appease the RIAA, although I have my doubts since Apple likes to control everything from cradle to grave.

There are basically 2 ways to convert your music in iTunes from AAC to MP3:

(1) By default, iTunes wants to rip (convert) everything to AAC. Click on Edit -> Preferences -> Importing (or Edit -> Preferences -> Advanced -> Importing) then change the Import Using from the default setting to "MP3 Encoder". Click OK to save this setting. Next you can r-click an AAC file in iTunes, and try to "convert selection to MP3". The only problem is that this won't work for purchased AAC music (DRM'ed).

(2) If you must buy audio from iTunes, then your best bet is to setup a playlist, burn it as a music CD, then immediately rip it back to high bit rate MP3. That frees up your music to play on any player. Of course, that could eat up a lot of CD's, so you would probably want to learn to use something like MagicISO, CD Emulator, or NoteBurner to keep from using a ton of CD's.

References:

http://en.wikipedia.org/wiki/Advanced_Audio_Coding

http://www.apple.com/hotnews/thoughtsonmusic/

http://www.salon.com/tech/feature/2007/02/23/itunes/

http://www.engadget.com/2007/02/06/a-letter-from-steve-jobs-on-drm-lets-get-rid-of-it/

Labels: aac, itunes, mp3

This "white paper" was created to present to several clients of mine. I'm posting it to my blog so that it can be reviewed and maybe raise some questions as to how you handle your home and business information.

PDF Copy Here

Company policy concerning safety and security of data

• How important is your data?
• What is the company policy about sharing data?
• What workers / contractors have access to what data?
• What would you do if that data were leaked to a competitor?
• Do you allow users to surf MySpace, FaceBook, or similar sites? How do you know?

“Over 90 percent of the Webpages that are spreading Trojan horses and spyware are legitimate sites, some belonging to household brands and Fortune 500 companies, Sophos reports. Most have been hacked through SQL injection.” - source: Sophos.com

“Cross-site scripting

AJAX also increases the possibility of so-called cross-site scripting flaws, which occur when the site developer doesn't properly code pages, experts said. An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users' computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites.” - source: Cnet.com

"Certification" method to insure all outside pc's (ex: laptops) are clean and malware free

• How do you know if the pc's are infected or not?

• What is the policy on maintaining anti-virus and safe surfing habits?

Secure Backup Method

• What is your backup method?

• Have you practiced recovery from disaster?

• Do you use imaging software to recover the OS and applications?

• Are your backup files secure?

Data Encryption on Laptops and Remote Devices

• Are your laptops and remote devices utilizing data encryption?

• How much is your data worth if it gets into the hands of a competitor or criminal?

There is some evidence that cyber criminals are now specifically targeting laptop users, encouraged to do so by the finding that corporate laptops hold an average $525,000 worth of sensitive data. - source: Bahn, October 2007

Company Email and Consistency

• Do your workers use their personal Yahoo or AOL accounts for email?

• Do you want your clients to have an image of your company with potentially suggestive email addresses? (ex: cutiegirl69@yahoo.com)

• What will you do if a lawsuit and discovery injunction requires that you are able to provide all communications?

Further Resources:

The Growing Importance of E-Discovery on Your Business

http://www.google.com/a/help/intl/en/security/pdf/importance_e_Discovery.pdf

Business Guide to Compliance

http://www.google.com/a/help/intl/en/security/pdf/WP44-BMGuide.pdf

The Impact of the new FRCP Amendments on your Business

http://www.google.com/a/help/intl/en/security/pdf/WP42-FRCP_0107.pdf

Protecting Off-Network/Laptop Users

http://www.google.com/a/help/intl/en/security/pdf/off_network_workers.pdf

2007 Annual Study: Cost of a Data Breach

http://www.ponemon.org/press/PR_Ponemon_2007-COB_071126_F.pdf

Labels: backup, email, encryption

--------------
Question from email
--------------

I just noticed that my C: hard drive is nearly full. I need to configure iTunes and DVDFab to save and run off of my D: drive.


-------------
Solution
-------------

Here are the steps to move your mp3 files from one drive to another and configure iTunes:

1. Copy your current music folder (typically "My Music") to your other drive.
2. Open iTunes -> Edit -> Preferences -> Advanced tab
3. Click change and select the folder on your new drive.
4. Click OK to exit from the Preferences.
5. Close iTunes and then restart iTunes.

Once you have done this, you can then delete the original files from your "My Music" folder. Just make sure that you did copy all the music files over!




Here is how to configure DVDFab:

1. Start DVDFab
2. Click Common Settings button -> General
3. Browse and select the Output Directory
4. Browse and select the Temporary Directory
5. Click OK

By the way, DVDFab is an absolutely great application for making legal backups of your movies, or encoding them to iPod format.

Labels: dvdfab, itunes

As taken from a recent email conversation with a customer:

There are several issues that can cause internet connectivity issues. If Verizon says that their service is running smoothly, then typically they are correct - although I have seen cases where the ISP states that nothing is wrong with their service and there really is an issue.

As I'm sure you are aware, any downtime in your ability to use the Internet leads to productivity loss and costs you money. It would be well worth your time to contract with me to straighten out your network. For instance, when we first met you were having issues with Outlook Express - and the problem was that you had well over 13,000 emails in your inbox causing OE to choke.

One other very important point to remember is that you really should have a backup system in place. If your pc's go down, you risk losing your data which is far more important than the hardware itself.

http://www.smartergeek.com/blog/2008/07/importance-of-backups.asp

Here are some possible things causing your issue:


SPAMMers don't have warehouses full of computers. They use exploited PC's - zombies - to send out the spam. That is part of why it is so profitable.

Problem: Zombies are uploading/downloading on your network consuming your bandwidth and causing you to think your Internet service is down.

Resolution: All pc's on your network should be thoroughly checked out, possibly re-imaged, and practices put in place to avoid the problem in the future.

------------------
Email and Spam
------------------

This issue is closely related to "Zombies". Your users receive an inordinate amount of email and much of it is spam. This consumes bandwidth and can cause what appear to be "temporary outages" in your Internet connection.

Problem: Too much inbound spam.

Resolution: Migrate to Google's email service as recommended several times.

-----------------
Users abusing Network
-----------------

This happens much more frequently now. Users tend to want to view MySpace.com or Youtube.com on company time and using up company resources. Video and audio consumes a lot of bandwidth, which can cripple your legitimate traffic.

Resolution: Setup a system to restrict certain domains and websites plus enforce a company policy that prohibits such usage.

--------------------
Hardware Issues
--------------------

Hardware can begin to intermittently fail. There is always a possibility that your router or modem is occasionally having an issue.

Resolution: Replace faulty hardware.

-------------
Additional Resources
-------------

http://www.smartergeek.com/blog/2008/07/why-did-i-get-infected-in-first-place.asp

http://www.smartergeek.com/blog/2008/03/layered-security-basics.asp

http://www.smartergeek.com/blog/2008/02/spam-and-phising-example.asp

http://www.smartergeek.com/blog/2008/06/backing-up-your-system.asp

http://www.smartergeek.com/blog/2008/01/simple-rules-for-your-computing.asp

http://www.smartergeek.com/blog/2008/01/virus-lessons-101-revisted.asp

http://www.smartergeek.com/blog/2008/01/smartergeek-newsletter-1-5-2008.asp

Labels: backup, google apps, rule #1, spam, zombies

Recently, I had a customer who needed XP installed on a Gateway ESX e4000 - originally, it came with Win 2000 Professional. Putting XP on a computer is no big deal, but sometimes finding the right drivers can be. In this case MPC computers has purchased some of the Gateway models, and of course the drivers for this model are not listed on Gateway's website.

To save you some time and trouble, here is the page that has the XP drivers (see screenshot):
http://support.mpccorp.com/apps/filelist.asp?ID=18140

The only driver that gave me any issue was the sound driver. However, if you "manually" install the driver using the "Have Disk" function, then it will install just fine.

If you have any questions or want a zipped copy of the drivers that I used, comment to this post or email me.

Labels: xp installation

Obviously, backing up your data is the most important since you can always replace failed hardware. However, recovering from a system crash can be very time-consuming. Installing XP, Vista, or Linux plus all your applications and then tweaking your system can be a pain.

Acronis® True Image Echo Workstation
http://www.acronis.com/enterprise/products/ATICW/

Add-ons / Acronis® Universal Restore
http://www.acronis.com/enterprise/products/ATICW/universal-restore.html
*This allows you to recover to an image if the hardware changes. It basically resets the HAL in Windows, and can be very useful.

Acronis is nice because it will image while the system is running under XP. I've used it for several years now and had great luck with it.

Here is the method that I suggest you do for a complete backup of your computers.

1. Backup all important data "bulk data" (movie files, word docs, spreadsheets, pictures, email files, etc) to removable drive, DVD, etc. A great utility to find a lot of extra data is JDisk Report.
   
2. Delete the "bulk data" from each machine after backup and before imaging. This keeps the image file(s) from being too bloated.
3. Run a temp file cleanup utility, Diskeeper Pro, and Registry Mechanic.
   
4. Image the PC and store the image to a removable drive, DVD, online storage, etc. Use the "archive splitting" option in the imaging software so break the images into 4.7 GB chunks so they will fit on a DVD.
   
5. Copy the "bulk data" back to the pc once imaging is completed.
   

Now you have a "clean" image of the pc that can be recovered relatively quickly and easily. If you have a computer that you use a lot and add software too, you can do an incremental image with Acronis also, which can be set to run automatically.

Additional Resources:

Technology Report 1-8-2008
http://www.smartergeek.com/blog/2008/01/technology-report-1-8-2008.asp

Firefox and Google Bookmarks
http://www.smartergeek.com/blog/2008/07/firefox-and-google-bookmarks.asp

Trusting Google with your Email
http://www.smartergeek.com/blog/2008/07/trusting-google-with-your-email.asp

Backing up your System
http://www.smartergeek.com/blog/2008/06/backing-up-your-system.asp

Labels: acronis, backup, imaging

When Gmail first came out I started using it as an address for message board registrations and things like that. Since I've owned my own domains since about 1999, I've always used them for my primary email. My old method of backup was to use Outlook or Outlook Express and finally Thunderbird for POP3. Periodically, I would backup the appropriate files for those applications.

The problems with that were several. First, I have a LOT of email. As the Outlook .pst file or the Thunderbird files began to grow in size, performance suffered. If I "archived" email to a CD/DVD and then removed old ones from Outlook or Thunderbird, searching archives meant restoring them, searching, then cleaning up again.

A couple of years ago, Google released a service called Google Apps for your Domain. Among other things, it allows you to use Google's GMail "engine" to handle the email for your domains. You have the advantage of basically unlimited storage, alternate port usage (SSL and TLS) which comes in handy for ISP port 25 filtering, web access, POP3 access, and more recently IMAP support. One of the cool things is that even if you use POP3 access, Google Apps archives a copy of your received and sent email. This means you can access all of your email from your browser, its very searchable through your browser, and it provides a great backup solution!

The Trust Issue

Several people have commented about "trusting Google" with your email. Well, here is the reality check. Trust is a relative thing. We trust that MS's software (Windows, Outlook, OE, etc) is not doing anything behind our back. We trust that our ISP handles our information correctly, but that has proven to be a shaky deal lately.

Most of those same people "trust their ISP" with their email or another 3rd party email service. In my opinion, I trust Gooogle far more than anyone else.

ATT/Bellsouth, Verizon, and a host of other service providers have given me far more reasons to distrust them than Google.

One other thing to mention about "trust" is that at least Google gives you all the mechanisms to move your email away from Google should you choose. By providing contact import/export, POP3 access, and IMAP support, you have full control of your mail. In contrast, Yahoo requires a premium subscription for export and POP3 access, most of the major ISP's such as ATT/Bellsouth don't provide any contact export, and POP3 access only helps retrives your received email - not your sent email.

I migrated my email service over a year ago and have been very pleased with it. I have email dating back to 2004 stored online and have plans to push email archives dating back to 2002. Many of my clients are now migrated to the service and love it.

Web Access or Local Application

As the line continues to blur between web-based applications and local applications (software on your computer), it gets more difficult to recommend which is best. About 2 months ago, I made the decision to go 99% web-based email. This means I use my browser (Firefox) for my email. The advantages are many, but mainly it gives me access to my email anywhere I have a connection. Plus I don't have to worry about contact synchronization.

There are a few disadvantages though:

• Must have a connection to read any of your email.
• Adding attachments is not as easy as drag/drop for multiple attachments.

This is one of those things that you just have to try both and see which works best for your situation and tastes. Now I said "99%" of my email. If I have an email that I need to attach several files, then I will use Thunderbird with IMAP. This gives me an easy way to attach multiple files quickly and easily.

Following Rule #1

Rule #1: You are only as good as the last successful backup from which you can recover.

As much as I trust Google, ultimately I trust myself more than anyone. Periodically (about once every 2 months), I POP3 down all of my received email and IMAP a copy of all of my sent email to local Thunderbird files. Then I export a copy of my contacts to CSV. Then I backup email adn contacts to DVD.

If something does happen to Google's service, at least I have a local copy.

References:

What is EFF's Lawsuit Against AT&T About?
http://w2.eff.org/legal/cases/att/faq.php#1

Google Apps for your Domain
http://www.google.com/a

Backing up your System
http://www.smartergeek.com/blog/2008/06/backing-up-your-system.asp

You like Yellow Dots from your Printer?
http://www.smartergeek.com/blog/2008/02/you-like-yellow-dots-from-your-printer.asp

AT&T and Other ISPs May Be Getting Ready to Filter - Bits - Technology - New York Times Blog
http://www.smartergeek.com/blog/2008/01/at-and-other-isps-may-be-getting-ready.asp

Labels: backup, gmail, google apps

I've been saying this for a long time too, but newspapers and the way we gather news are changing drastically. I'm not the only person who doesn't really read a newspaper. There are a lot of other people that prefer "time shifting" content.

Timeshifting content means viewing content when you want - not waiting for the radio or TV program time. Blogs, rss feeds, podcasts, and iPods help you do this easily.

Jessica DaSilva recently blogged about a staff meeting in which the editor in chief declared that the print edition was an add-on to the website.

“People need to stop looking at TBO.com as an add on to The Tampa Tribune,” she said. “The truth is that The Tampa Tribune is an add on to TBO.”

Just like anything else, traditional media needs to learn to innovate and expand into the new ways of communicating and gathering information - or they will die out. The warning signs have been on the wall for several years now.

References:

"It's worth fighting for"
http://www.jessicadasilva.com/2008/07/02/its-worth-fighting-for/

Net To Newspapers: Drop Dead
http://www.businessweek.com/magazine/content/05_27/b3941024.htm

Silicon Insider: Newspapers Nearing Death?
http://abcnews.go.com/Business/SiliconInsider/story?id=629221&page=1

Newspapers are dead…
http://scobleizer.com/2007/03/24/newspapers-are-dead/

This just in: Newspapers not dead yet
http://news.cnet.com/8301-10784_3-9975760-7.html?hhTest=1

Labels: old media, timeshifting

All too often, I have clients whose computers crash. Fortunately, I can recover the data most of the time, but there are times when the hard drive physically fails. In those cases recovering the data becomes nearly impossible and very very expensive.

Recently, I created a document for my clients on "The Importance of Backups". Here is copy/paste of that document and a PDF copy. Spread the word.

The Importance of Backups

Rule #1: You are only as good as your last successful backup from which you can recover!

The most important thing on your computer (PC or Mac) is not the hardware nor really the software. These can be replaced relatively easily. The most important thing is your data. Period.

Backing up your data can be very simple and painless. For most people, it should not take that much time either. Here are some simple ideas:

• Purchase a “thumb drive” and simply copy any important data to your drive.

• Use blank DVD-R's and your DVD burner – blanks cost less than $0.20 each.

• Purchase a removable hard drive – you can get 320GB of storage for about $100 now.