>

November 29, 2007

How Hackers Get Your Data: (Part 1 of 3)

It seems like every other day we are hearing about how a large company has lost their customers data, or how they are investigating a breach in their security. You would think that in this day and age it would be almost impossible for a company to just "lose" 100,000 customers names, social security numbers, and credit card info. So how does it happen? How are people still able to sneak in and steal hundred of thousands of records from private corporate records.

Here is how:

  1. Password Theft: if you have read this blog, you will see that I mention passwords being vital to security over and over again. Passwords are like the keys to your house, if someone else gets them, then they are as good as in. Stealing or cracking a persons password is without a doubt the most common way hackers are able to bypass a companies security and get at the data they crave. As computers become more and more powerful, it becomes easier for hackers to use software to crack a password. A password really is just a string of letters, numbers and special characters, and because there are a finite amount of choices, a computer can eventually crack any password you try, the stronger the password, the longer it takes, and the longer it takes for a hacker to crack a password, the greater the risk of them getting caught. So as computers get faster and are able to try more password combinations in a shorter amount of time, the faster passwords will get cracked. So when choosing a password your goal should be to keep it as strong as possible and as long as possible but not to the point where you need to write it down. Also, try not to use things like your name, birthday, address, or other things so easily associated with you, or if you do, make them more complex. For instance, if your Wifes name is Amber, you could make the password @Mb3r!. Notice the combination of Uppercase and lowercase letters, numbers and special characters. Because of this combination it will take a computer significantly longer to crack the password than just using Amber. Remember, the goal of security isn't to make things uncrackable (that is impossible) it is abut making them harder to crack than they are worth.

    In addition to that, people who use the same password for every site they visit cause a problem as well, because if one site has a security flaw and a hacker gets your password, they now have access to your accounts everywhere. Also, as tempting and convenient as it is, do not write down your password. writing your password on a post it and sticking in under your keyboard is like hiding a copy of your house key under your doormat. So please, don't do it.


  2. Viruses, Worms, and Trojan Horses: Have you ever gotten an email from someone you never new with the subject line of "Really cool picture!!!" and the attachment was named Awesome_Picture.jpg.exe or something similar? Of course you have, we all have. That my friends, is a virus. Viruses come in all sorts of shapes and sizes and have many purposes. Some are written to simply delete your files, while others are written to just send out spam. Some of the worst how ever are written to collect information from the computer they get installed on, and these are called Trojan Horses. A Trojan Horse will typically install it self and run silently in the background, if it is a good one, you wont even notice that it is there. It will simply sit and silently collect data about everything you are doing, logging information like your user name and password for websites that you go to, credit card numbers and bank information. Then, it sends that information off to its creator. Without even noticing it, someone may have just stolen your identity.

    So how do we protect against things like this? The best way is to just use common sense. When going through your email, pay attention to what you are opening. If you aren't friends with a guy named John Doe, then you probably don't care about his vacation, so why open a picture from him? Just delete it and move on. When surfing the web, if something is big and bright and flashy, don't click on it, the old saying "if it seems to good to be true, it probably isn't" has never been truer than when surfing on internet. Also, if you see a pop up that says "you have a virus" then tries to sell you something, it's a lie.

    In addition to being careful, you can use technology to help you! Using anti-virus and anti-spyware software is a great way to not only keep your computer running smooth, but to keep you identity safe. This software is made to search of viruses not only on your computer, but in the emails your receive as well. There are a number of titles to choose from like Symantec Anti Virus and my personal favorite Kaspesrky Anti Virus, both sell for around $40, or you can go with a free option like AVG by Grisoft. The paid versions have a few more options, and typically have better support, but AVG is a great product as well.


See Part Two

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 27, 2007

Securing Your Wireless Network

As more and more people buy laptops instead of desktop, or smart phones with wifi access we will begin to see a huge in crease in wireless networks being set up. I did a little experiment about a few years ago and set up my laptop to search out and log every wireless signal t saw while I was driving through various neighborhoods (this is called war driving) I expected to see maybe 100 wireless networks and knew about half were going to be insecure. What I found was astonishing. Over 700 wireless networks and less than 1/3 of them were secure. This was in an area of about 5 square miles. Not big at all. It amazed me that I could literally park anywhere and was able to get an internet connection. Because of this, I wrote a small guide on things you should do to secure your wireless network.

Setting Up Your Wireless Network:
Key words have been linked to their definitions so you can get a better understanding of each term.

  • The first thing you should do with any device you buy is change the default administrator password. This go for routers as well. Any security you put in place is useless if the person can just connect to your router and change the settings.

  • Change the default SSID to something familiar to you. The SSID is the name of your network, changing from the default helps you recognize your network and ensure you connect to it and not someone else's by mistake.

  • Do not broadcast your SSID. Although it is easy to see networks that don't broadcast the SSID, you can't connect to them unless you know their name. So by not broadcasting it, the SSID can kind of act like a user name, while your encryption will act like a password.

  • Turn on Wireless Encryption. If your router and wireless card support it (any made in the last 2-3 years should) use WPA or WPA2 (both are strong forms of wireless encryption) Older routers and wireless cards may not support those, in which case use WEP. (WEP is better than nothing, but is considered a weak encryption)

  • If you don't expect visitors using your network, use the MAC address filter built into most routers. MAC addresses are unique identifiers on all electronics. By enabling the filter, you can make sure your router only connects to devices you tell it to (you will need to enter the MAC address for each piece of equipment that will be connecting into the filter list)

  • If you live in a small house/apartment, turn down the power of the antennas so your wireless signal only reaches where you need it to. There is no reason to give your neighbors and people passing by free net access.


How to do each of these will vary from router to router, so consult your instruction manual, or give the manufacturer's technical support a call and they will happily assist you.




Microsoft has some tips on increasing performance of your wireless network:
http://www.microsoft.com/athome/moredone/wirelesstips.mspx

Original post I Worte: (read through the comments, anti-online has a lot of smart people)
http://antionline.com/showthread.php?t=264530

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 26, 2007

Got Something to Sell?

In the age of the internet anyone can open their own store. Got an idea for a funny t-shirt? got a great idea for a cool new widget? With a little time, and a little help from some good shopping cart software you can have your own online store up in no time. Ashop Commerce has a really nice e-commerce software available for you to use. From an administration stand point, it is outstanding. It is very user friendly and easy to learn to use well.

From the Administrator Interface You Can:

  • Control user access (define who can make the changes in product and pricing)
  • Manage the types of payments your store will take (Which credit cards, etc)
  • Manage your inventory (Prices, sales, coupons, Brands, product reviews etc)
  • Manage your customers
  • Manage your marketing strategies
  • Track sales
And dozens of other tasks that would normally require several pieces of software. You have access to all of these tools in an easy to use web interface.

And the client front end is absolutely wonderful. Clean and easy to use, your customers will be able to easily look for every product you have to offer and then be able to pay and check on the status of their orders from the time they place them to the time their package arrives at their door.

Ashop Commerce has 2 demo sites up that you can take a look at, one is for a toy store the other for a Phone store. 2 very different products that have different requirements, but are set up very well with this software. The demos are each 2 parts, one for the administrative side of the software, the other is the customers side and both demos allow you to take control of the sites to modify the styles and the feel of each as well as to play with fake customer data so you can get a good feel for how powerful these tools are.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Make Money Blogging

If you are online for any significant amount of time, you have probably seen dozens of "Make a million dollars from home!" type advertisements. You probably also know that they are pretty much a scam. There are ways to make money online, but the real ones will not make you rich over night, heck they probably wont even make you rich at all. But one of the ways to make some extra money is with a company called Smorty.

Smorty is a "Pay Per Post" type service that you can sign up with, and they will give you products to blog about, and then pay you for the post. They can do this because advertisers pay them for the exposure, and they in turn pay you. I think this concept is interesting because not only does it allow bloggers to make some extra cash, but it also feeds them ideas of things to blog about when they are having dry spells, so it really is win-win. The amount you are paid varies based on your blogs ranking (the higher the ranking the better the pay) and can range from $6.00 to $100.00 per post, so if you enjoy writing, and are ready to get paid to blog then follow the link and check Smorty out.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 25, 2007

Dear Viewers:

Please do not believe everything you see on TV. I am a huge fan of shows like CSI and Law and Order, but I pull my hair out when I see them using computers to do EVERYTHING. They make it seem like on a whim a random detective can "hack" a computer, look up every single email ever sent, get the IP address of the sender, then get a map to their house based on the IP address alone, then put a stop on their credit cards, order a pizza to be delivered to the house they are about to raid, and they do it software that has an amazing 3d interface and works in seconds.

Take this image from an episode of CSI: Miami



Lets look at what is wrong with it.

  1. It is not a real IP address. I'm sure they do this becasue they don't want people to do something with that info (same reason they use fake phone numbers) but there are IP addresses that are real and can be used like the 169.x.x.x series (which is the default private IP network) or the 192.X.x.x or 10.x.x.x network and of course 127.0.0.1 All are real IP addresses and are no risk to put online.

  2. You cannot take an IP address and translate that into a real address on the fly. You would have to take the IP, give it to the provider who it is assigned to, have them check their logs and see who it was assigned to at the time the incident. To do this, you need a warrant, and it will take days since ISPs work slow.
You also have random detective who are now expert hackers. They flip on a computer and "crack" the password on it in seconds with nothing more than the software on the computer. Cracking a password on a computer is not hard, but you do need software to do it. In addition to that, they seem to be able to do it on every computer they encounter. Who cares if computers run different operating systems, everyone knows everything.

In addition to that, the user interfaces on every computer are outstanding. I wish every piece of software I had included a nice 3d interface, and ran as smooth as theirs. No programmer is going to program nice interfaces on utilitarian software built for the government, its un-needed and a waste of system resources. There is no need for a great user interface if you are just typing in an IP address, and why would it just show you the physical address of the home(which isn't possible) instead of say the registered owner of the account? Software is designed first for functionality, then for how it looks. When dealing with people like the government, they don't pay for a great 3D design.

What about "enhancing" pictures. How often do we see them take this ultra grainy video or photo from an ATM machine a block away, then enhance it to be nearly High Definition quality. It just isn't possible. The way cameras work are they take a picture, and what is sees is all the data you have. as you blow that picture up, a computer can try and "enhance" it some by guessing what other data would be there, but you don't go from barely legible to perfect. Maybe from almost legible to barely legible.

They do the same thing with forensics. They make it seem like DNA is the end all and can be found anywhere and prove without a doubt who committed the crime. Not only can it be done, but it is done in seconds. Real labs take WEEKS to get DNA results, it isn't done in 10 seconds.

This stuff, as fun as it is to watch, is an insult to the people who do it for a living. Forensic Technicians work hard, they work long hours and spend years learning to properly gather forensic evidence (either digital or physical) and some random person does it in seconds.

It also spreads false information to viewers. In the picture above, it makes you believe an IP address is like a fingerprint and is rock solid proof a person identity. The truth is, it isn't. IP addresses are used by many people and are cycled through users. Sure they can be traced back to an account at a specific time, but there is still no way to tell who was using the computer. What if the jurors on the Jamie Thomas v. RIAA case thought that IP addresses were solid proof, like DNA. Then they were basing their decision on false facts. I wonder if any of the lawyers asked if any of them watch shows like CSI and know how digital evidence is gathered. Probably not, and becasue of that, the jurors have false knowledge of how things work.

What about if jurors in a murder case hear the defense talking about there being a lack of DNA evidence. What if they think "wow...no DNA must mean he is innocent because DNA is really easy to get. I saw it on CSI last night!"

So please, enjoy the TV shows and movies, but realize a lot of it is fiction. Just like your favorite action hero can't really take 5 shots to the chest, jump off a building and catch a helicopter that is taking off, while throwing a grenade into a window and destroying a building while rescuing a woman who is falling from the upper floors. Its all great to watch, but just isn't true.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

One Laptop Per Child

Many of us take the technology we have available on a daily basis for granted. The ability to access enormous amounts of information in seconds via the internet, the ability to make telephone calls no matter time of day or where you are with your cell phones, and the ability to share photos and send letters in seconds with email. Computers are used every day in schools across the world to allow students to learn about almost anything they want.

With the use of websites like Google, this information really is only a few key strokes away. But not everyone is so lucky. not everyone can buy a laptop or a desktop. not everyone has an internet cafe down the street, and not everyone has a readily available internet connection only minutes away.

The One Laptop Per Child Foundation is working to change this. OLPC's goal is to get this technology in the hands of those who need it but don't have access to it. They have built a user friendly, cheap, and economically friendly laptop for children in the 3rd world. To assist in paying for this project OLPC is running a program where if You buy 1 of their laptops for 400 dollars, they can donate one to a child in a 3rd world. Half of your purchase price is also tax deductible. The reason for this is becasue the laptop costs just short of 200 dollars and you are buying 2 but giving one away. It is for a great cause, so if you are looking for a cheap laptop, or just want to help out a good cause, you should check them out.

If you would rather just give a laptop, you can do that as well and OLPC also takes donations on their website (via Paypal, Google check out, you can donate stocks that you own, or just send in a check.)

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Free Web Offers

The internet is an awesome thing. not only does it contain a wealth of information, but you can get tons of stuff for free! No really, companies give away free stuff all the time, and it's great. One of the problems with this is nothing is really free. Usually the "free" stuff means you will be sent a bunch of junk mail through your email and sometimes even via regular mail. Here is how I get lots of free things and avoid the junk mail.

  1. Have a "junk email" account. I have one email address that I use to register for everything, and one that I use to give to friends, family, and clients. I check my junk email box right after I register for things just to do the confirmation email then just about never look at it. I use hot mail for this since its free and has lots of storage. Then I use gmail for my regular account.

  2. When registering I almost never give my real name. Not only is it good for security (cant steal an Identity if you don't have a name!) but it makes it easier to filter out the junk mail. If I get an envelope at home addressed to Dr. Nick Riviera, I know its from a company who is sending me junk (or a delicious free sample of Dunkin' Donuts Coffee!)
Between these two things I just about never open an envelope that doesn't have something I want/need in it and I just about never see spam in my inbox.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 21, 2007

Nostalgia

So tonight I decided to pop onto an old message board I was really in to for a while. Antionline.com was where I learned a lot of what I know and was where I could always ask questions (and provide answers when needed). Check it out. My SN was XTC46 (yes I am XTC46 for those who haven't figured it out yet and have seen me posting elsewhere)

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 17, 2007

Quote of the Day:

"More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."

-Bruce Schneier

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 16, 2007

I Have a Dream!

I have a dream, that one day we will rise up, and share our knowledge and let every user know there is a better way and that not all networks are created equal.

I have a dream that one day in our corporate break room the sons of jocks and geeks will be able to sit down together at the table of brotherhood.

I have a dream that one day, even Doctors and Attorneys, sweltering in self importance and dripping of ignorance will be transformed into a group of highly intelligent and cooperative people.

I have a dream that my future children will live in a nation where they will not be judged by the speed of their internet connection, but by the content of their blogs!

I HAVE A DREAM TODAY!

I have a dream that one day, down in Alabama, with its red necks, and it’s Hillbilly’s having their lips dripping with words of “the internets” and “tubes”, little geeks and little nerds will be able to join hands with little jocks and little Hillbilly’s as brothers and sisters(who don’t marry each other)

I HAVE A DREAM TODAY!

I have a dream that one day every valley shall be exalted and every hill and mountain shall be made low, the rough places will be made plain, and the crooked places will be made straight; and the glory of Unified Communications shall be revealed and all flesh shall see it together.

This is our hope. And this is the faith I go back to server room with.

With this faith, we will be able to hew out of the mountain of despair a stone of hope. With this faith, we will be able to transform the tangled CAT5 of our nation into a beautiful symphony of wireless frequencies. With this faith, we will be able to work together, to instant message together, to share music together, to go to jail together, to stand up for freedom together, knowing that information will be free one day.

And this will be the day -- this will be the day when all of Linus' children will be able to sing with new meaning:

My country 'tis of thee, sweet land of liberty, of thee I sing.

Land where my night elf died, land of my guilds pride,

From every mountainside, make Wi-Fi free!

And if America is to be a great nation, this must become true.

And so let Wi-Fi spread from the prodigious hilltops of New Hampshire.

Let torrents seed from the mighty mountains of New York.

Let cell phones ring from the heightening Alleghenies of
Pennsylvania.

Let P2P flow from the snow-capped Rockies of Colorado.

Let broad band spread from the curvaceous slopes of California.

But not only that:

Let viral video spread from sea to sea

Let operating systems work on any hardware.

Let freedom of files spread from continent to continent

From every server room, share files free.

And when this happens, when we allow file sharing, when we let torrents seed from every village and every hamlet, from every state and every city, we will be able to speed up that day when all of Bill's children, Linux users and Unix users, Windows Users and Mac Users, Novel Users (ok…there are no novel users), will be able to join hands and sing in the words of the old Nerd spiritual:

Free at last! Free at last!

Thank God Almighty, information is free at last!

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 15, 2007

A Story of Stolen Data

Details of this encounter have been changed to help protect the identity of the company I did the work for. It is illegal to access computer information without permission, so please do not use the information provided to do anything illegal.


Everyday I deal with people who just don't seem to think security is that big of a deal. As a computer technician I am tasked with implementing policies that that allow staff to do their work, and at the same time keep their information secure. One particularly stubborn client refused to implement even some of the most basic security procedures because they didn't want to make it harder for the employee's to work (despite me showing them how it wouldn't) I got sick of just telling them how bad it was and decided to prove how easy it was to steal their companies information.

This is what I did:

To make sure what I was doing was could be applied to a real life scenario, I decided to set some rules for this challenge.

  1. I would only use software that was readily available for free download
  2. I would not use my user information (as a contractor, I already had admin level access)
  3. I would not use any proprietary knowledge of the company, any info I used must be attainable by an outsider with minimal effort.


The first step in trying to steal data from a company is to figure out who already has access to it. A pretty good assumption about very company is that the CEO and most of the senior management will have access to just about anything valuable that the company has, so I decided they would be my primary target. I hopped onto the company’s website to do some recon work. I was able to get the First and last name of all of their senior managers, the departments they were responsible for, and their email addresses. So in less than 2 minutes I had a good deal of the information you need to do some of the real work.

With manager’s names in hand, I went to Google and did a search on each. I was able to find the home addresses of each person, home contact info, contact info from the company and some more details about the people they work with (including 2 of their secretaries names and email addresses) I also searched the to get all the phone numbers listed for the company and the address of all their offices. (I knew this info already, but remember, I want to make sure any info I had could be obtained easily by others) I printed out some maps to the offices and took a drive by one of them.

I parked in the parking lot among a bunch of other cars, popped open my laptop and searched for available wireless networks. Conveniently, one popped up and the name was obviously there’s (while not the name of the company, anyone remotely familiar with the company could guess it was there’s). It was a good start. But the network was secure (good for them not for me) but luckily they were using WEP. I smiled as anyone familiar with network security would, because WEP, while better than nothing, is by no means good. I didn't have time to sit and crack the key right then and there so I left. I came back another day, parked my car, left my laptop running inside plugged into a power inverter, and used the AirCrack Package to capture the packets on the network while I went and had some lunch. I came back a bit over an hour later and had a sufficient amount of data to crack the WEP key. Wonderful, so I left. I went home (as I had other things to do that day) and cracked the WEP key so when I returned I could get some work done.

I went back a few days later, connected to their wireless network, and used NMAP to scan the subnet to see how many computers were connected. A bunch came up and by the ports that were open, I could tell they were using Windows Remote Desktop and running Windows XP. Perfect.

One of the cool things about remote desktop is, if you try to connect to a computer, and someone else is logged in, it warns you so you don't kick them off. This is good because it lets you know you have the right password without actually logging in. So I tried to connect to a handful of them using the default Administrator user name with no password (which is the default). It worked on 2 of the 5 computers I tried. At this point, I consider myself successful because I could easily plant a key logger on the computer and just let it capture user info for me, but I wanted to continue.

I searched the network for open shares. Most computers had the default shares open and available, I also found a couple of network shares, excellent, this is where the good data is. With the default shares being available, I was able to find the user names for people who logged in on the computers (if you look under documents and settings there is a folder for every user who ever logged in, their user name is what is used to name the folder) So now I was able to figure out the naming convention for user names (which is usually the same as email, but not always. In this case, it was not the same)

I also decided to try if a favorite tool of mine would work. It’s called GenControl basically what is does is remotely install a VNC client to the default share of a computer and then connect you to it. Once you disconnect, it deletes the install. For those of you who don't know, VNC is remote access software. Once connected to VNC you have full control over the computer as the user who is logged in. I successfully connected to a few computers without problems and without the users noticing as far as I could tell.

So let’s recap what I have done in about the span of a week (could have been done in a day had I dedicated the time to it)

  • Found the locations of their branches
  • Got information (including personal info like home address) about senior members
  • Cracked the key to their wireless network
  • Gained admin rights to several computers
  • Located several network share
  • Successfully installed remote access software on several computers


From here I had a few options. I could continue my exploration and actually steal data, or just write out the additional steps on what to do to get that data since by this point the hard work is done. I decided to just explain the damage I could do. Here are some things I could do with my current access.

  1. Install sniffer software on the computers and just wait to be sent the user names and passwords of everyone who logs in to the computers
  2. I could hijack one of the email accounts for one of the users I got access to (one was an assistant to a senior manager) and send messages from there to gather other info
  3. I could copy/delete data from one of the shares copying is the big danger, not deleting since most companies have backups.


If I wanted to do a little more work, I could head to one of the senior members homes. I guarantee each has a computer online and id guess half of them have wireless routers (I asked about it later, and actually all of them use wireless routers) and the thing about people is they are very habitual. If they have so little concern for security in the company they run, I guarantee their home security is worse. I can drop a sniffer on their home computer and capture their info if they ever log in to check their email from home (and what CEO doesn't?) and with that chunk of info, I would have pretty close to total access.



With all the information I gathered I went and met up with some of the senior management of the company. I showed them how easy it would be to get to their data, they were surprised and upset that I went and did this (no one likes when you point out their flaws). After a heated argument, I just asked "are you mad at me, or mad at yourself for letting this happening?" and we started to have a reasonable discussion. Over the next few months I was able to implement some basic security for them, and while not ideal, it would certainly take me longer than a day to break in the next time around.

Also, I never used it in this case, but gathering personal info about senior members helps when using social engineering to gather info. If you call and say “seniorVP said to call you and you can tell me how to access fileX” you are going to get helped. Or you could be really aggressive and just try to convince the IT department that you are the senior member and reset your password. (Although this will rarely work in a small company because they know the senior members)

In an upcoming post I will detail some of the changes companies can make with little effort that add a lot of extra security to their networks.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 14, 2007

The Paypal Mafia

CNN Money has a great article high lighting The Paypal Mafia a group of founding members of PayPal, lead by Peter Thiel, who has gone on to fund and run some of the internet's most successful startups such as FaceBook, YouTube, Digg, and many more.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

The Fight Continues

JD over at Get Rich Slowly had a guest poster review Mint.com Everyone here knows my opinion of them, but go check out the post. The reviewer did a good job (aside from excluding security completely) but the comments are good and an employee of Mint seems to be commenting as well.


Click here to check it out.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 11, 2007

When to Trust an Expert

I was reading a Times Magazine Article about the relationship between doctors and their patients in the information age. It's a story about a doctor who encounters a patient who has done so much research on her ailment and the doctor himself that she is getting in the way of the treatment. Its a really good read, so take a look at it. But it got me thinking, that as a technician, I deal with the same thing on almost a daily basis. I assume most people in a professional environment come across similar people.

The question I have always asked is, "if you are just going to argue with me, why did you ask to begin with?" I understand that you have done your research and think you are correct, and hey you might be, but lets think about what is happening.

You have a computer problem, so you looked up the symptoms of the problem online. You found a problem that matches all the symptoms. Now you give me all the symptoms and I tell you it is something different is the problem. What causes the difference in our diagnoses? The answer is easy.

You are armed with raw data. You know what could be the problem, but in reality have never experienced the problem and have no idea how to fix it (because if you did, you wouldn't be asking me). I have the data AND the experience to apply that data to a real life situation. I have seen these symptoms and know how to differentiate the symptoms that are causing the problems and the ones that are the effect of the problem. Its a big difference.

Maybe people are so used to getting screwed over that they feel they need to do the research. I encourage people to do research, but you have to understand that there is a difference between spending an hour online looking up a problem, and fixing computers for years. You don't need to prove to me that you know a lot about computers, becasue it comes down to 2 things. Either you know what the problem is, or you don't. If it is the first case, we wouldn't be talking becasue you would fix it. So its the second. In which case, give me the info you collected, if I agree with it, thats awesome Ill probably charge you less to do the fix. If I don't agree with it and I think it's something else don't argue with me. Either accept it or take your equipment somewhere else.

It has gotten to the point where people have argued with me, so I challenge them. Ill say "fine, Ill fix the problem you are saying it is, if its wrong I will fix it my way, but you have to pay double. If your way is right, ill only charge you half" I have never only charged somone half for work in one of these instances. And only 2 people have ever taken the challenge, they both paid double.

The point is: Do your research, but realize experience and knowledge is worth more than just knowledge alone.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 10, 2007

For faster service...please know why you are calling.

Why is it that so many people make telephone calls to service numbers without having an idea of the question they want to ask?

Not a day goes by where I don't get a call along the lines of

"Person X called and said that I can come pick up my computer."

Thats it, there is no question. Just a statement. What response do people expect when they say things like that. My usual answer is "OK." followed by an awkward pause. Eventually I will say "did you have a question?". On a good call I will get a reply of "Oh I just wanted to make sure it was ready" or "I just wanted to know what time you folks closed" those are questions that can be answered, and while I wish they would have started the conversation, its still OK because we are getting somewhere. However on a bad call, and by bad I mean most, the person simply repeats their statement. It's confusing.

It boggles my mind, that people pick up a phone and call people with no intended purpose. So here is my request. Before you call somone, or some place. Think to your self "what is it I want to ask" If you have nothing to ask, then you have no reason to call. Now, your question does not need to be specific (although it helps). Just a vague idea of your purpose for calling me and I can go from there and ask you questions to get the information I need to help you. I can understand maybe if you had a question, but after a 45 minute hold time you have forgotten it...but no customer who gets to my phone line is ever on hold for more than 5 minutes, and even that is rare so there really is no excuse.


As a side note:

Please don't ask me how I am doing if your intention is to not even pause for a response. Whats the point? I'm sure you don't give a crap about how my day is (why would you, we aren't friends or even know each other) so why pretend.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 8, 2007

Oh noz! I broked ur commentz




Blast you Digg for giving in to those evil catz!

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

It's not a flaw, it's a special feature!

I was reading through a book and part of it included basic network implementation and it was giving an overview of the different types of connections I found this kind of funny. (among the other flaws in the table)




In the first instance I thought they were talking about the physical flexibility of the cable they are using, but that would simply be an "N/A" rather than "limited" since wireless has no wires... and then in the second, I assumed they were talking about flexibility of implementation/use in which case it makes sense. I just find it funny that they listed something functionality as limited and then tote that limited flexibility as a "special feature".

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 4, 2007

Know your worth

In my years as a tech, I have done different kinds of work. I worked for IT companies that do out source work for other companies who don't want to staff an IT department, I have worked for ISPs, I have worked in the IT department for larger companies, and I have done freelance work. Each of these positions bring a different point of view and a different set of experiences.

For instance, when working for an IT company as a tech, you are the money maker. You are why the company is around. Sales people, accountants, etc. are all support for the work you do. Because of this, you have a serious sense of pride (and ego).

Working in the IT department of another company, your role is changed dramatically, now you are the support staff. No one cares how awesome of a job you are doing (well they might, but its not something they can typically put a dollar value on).

Freelance work is a beast in it self. You are on your own. You are the company. But one of the hardest parts of doing freelance is figuring out your worth. A lot of young freelances make the mistake of offering the services they provide at really low or free rates. I see this a lot especially in the web and graphic design, people are so eager that they offer to do work for dirt cheap or even free just to get "exposure", in reality, they are saying there work is worth nothing. I see ads on craigs list and other forums asking for "green" designers to come work on projects with claims that there work, while not getting them a pay check, will be great for their portfolio. But the logic used in this is flawed.

The companies that are big enough to really create buzz around your work don't want rookies messing with their designs, they want pro's. If they see a rookie's work and like it, they certainly would pay for it since they recognize quality when they see it.

In addition to this, if a company who you did free work for does get successful and start dropping your name, price of the work will be discussed, and if they say "oh he did it for free" or "he did it for reallylowprice" the next person calling you will probably expect that. So you really are setting your self up for failure.

Another time I see a persons professional worth being diluted is doing work for friends and family. Now, I have no problem being the family tech. My mom or dad give me a call and I have no issue helping them out. Aunts and uncles, sure if I have some time I'll hook them up. And for really close friends, no problem. The issue comes when you start doing work for friends of friends or friends of family. You should be charging them, discount it if you want to be nice, but don't do work for strangers for free. Not only do you value your work at $0 but you also devalue the work of others in the profession.

I recall my aunt calling me one night and asking me if I had some time to stop by her friends house because they were having some problems. turns out, she already told her friend I would, and I have never even met or spoke to this person in my life. So its an awkward situation because I don't want to let my family down, but she shouldn't be promising people I'll do work for them. Not to mention she didn't even as how much I'd charge to do it. I told her I would stop by, but let her know that I had no problems drumming up my own business and would prefer she not promise people I would help them out. She could give them my email address or phone number and Id decide if Id take them as a client.

The way I "charge" people is as follows.

Immediate Family: I don't charge. (My mom tends to cook me dinner while i'm there...and that rocks)
Close Friends (really close): I don't charge (although buying me a drink the next time we are out doesn't hurt.
Secondary Family/Friends: If it is really simple, and not out of my way, I wont charge them but if its something that I'll need to take time out of my normal work hours (and in the process lose money) Ill give them a discounted rate.
Fiends of Friends/Family/Strangers: They get charged full price. The only time I have done free work for people I didn't know was when it has been for schools or other non-profits that I wanted to help. I consider it a way to give back.


The point is, know what your talent and skills are worth. If you aren't sure, look around and see what others are charging. There is nothing wrong with undercutting the competition, but make sure you are getting what is do to you. If you really just need experience, go find a firm that specializes in the work you want to do and see if you can get an internship. You will learn from the pro's and thats where you will get the experience. If you need exposure, then do some mock up's and create a portfolio out of those. People will pay for quality.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

The Boss Button?

A lot of the bigger TV stations have started putting their most popular shows on their website, and personally I love it. I work 2 full time jobs, and go to school, so the ability to watch the TV shows I like when ever and where ever I want, is awesome. I plan on doing a review of the 3 major ones I watch soon but this is just to show one of the cool little features CBS has added to their online video player. Its called the "Boss Button"

Say you are watching a TV show, this iw what you would see.





Notice, in the bottom right corner, there is a little button that says "Boss Button" push it and then you see this:





It pauses your show and makes it look like a blank email. You cant actually type into it, but it is a quick way to hid the window. just click anywhere on you screen, and your tv show starts playing from where it left off. Well dont CBS. Well done.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

November 2, 2007

A Music Revolution

A revolution is among us. For the first time I can remember major bands are releasing their albums without the help of the major record labels. First RadioHead, now Saul Williams w/ NIN Front Man and Music God Trent Reznor.


Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google