February 27, 2009

Common IP address Questions

Q. What is an IP address?

A. An IP address is the Internet's equivalent to a street address. Every device that connects to the Internet needs an IP address to do so. There are not enough IP addresses currently for each connecting device to have its own, so IPs are broken into two groups, Internal and External IPs. External IP addresses are assigned by Internet Service Providers, internal IP addresses are assigned by routers or servers on a given network. Each device that assigns internal IP address has an External IP address that it uses to connect all the other devices to the Internet with. Doing this allows hundreds of computers to connect to the Internet with only a single external IP address.

Q. How do I find my IP address?

A. To find your Internal IP address do the following:

Click on Start -> Run -> enter "CMD"  and click ok -> in the window that pops up, type in ipconfig and press enter. You should see results like this:


A. To find your external IP (the IP address all of the Internet sees you as) you can use a web site like www.showmyip.com


Q. Can I be tracked by my IP address

A. See My Post Here about tracking people by their IP address


Q. Can I change my IP address?

A. You can change your internal IP address as often as you want, although there is almost no point in doing so.

A. You External IP is controlled by your ISP. Many External IP addresses are assigned dynamically, so if you unplug your modem for a while then plug it back in, you may be assigned a new one.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

The Recycle Bin is NOT a place to file things...

Ill never understand the apparent surprise of people when the files that they moved to their recycle bin, or the deleted items folder in Recycle_Bin Outlook disappear. You wouldn't be surprise if you put some mail in your rubbish can at home, and then days later that bin was empty, and you certainly wouldn't put something you had no intention of getting rid of in a trash can. So why is it, that people think the recycle bins on their computers are a storage space? Or that if they deleted emails, they should expect them to be in the deleted items folder instead of being gone?

Now I understand that Microsoft (and every other Operating System developer) has trained people to think that deleted really isn't deleted, and they have done this so people who accidentally delete something aren't screwed, but really, you should not depend on these recycle bins as a storage place, and here is why.

  • If you are in a corporate environment, and their mail server begins to run low on space, one of the first things an admin is going to do is flush the deleted items folders (assuming the don't already have them configured to automatically delete email after a specified period of time)
  • If you run any software to "clean up" your computer, one of the things it does is empty the recycle bin to clear up space.

Rather than using the deleted items folder or the recycling bin, you should Create and Use Folders to Organize your Mail and Windows files.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Rouge Admin or Dedicated Employee

Over the last several month, there have been many articles published about Terry Childs; the San Francisco network administrator who is img_50191_laptop_theft_wb now in jail after being accused of 'network tampering' during his tenure as Lead Network Administrator for the city of San Francisco.

For those who have not been following the story:

  • Terry Childs was the lead network administrator for the city of San Francisco, and managed a very large network responsible for the majority of government data traffic.
  • The unofficial reason for him tampering with the computer network was that he was trying to create an insurance policy of sorts for himself after he got a poor performance review and his supervisor tried to have him fired.
  • Childs' allegedly configured a single administrative username/password that only he had access to on several key pieces of equipment, and when asked for the credentials, he gave wrong info, then refused to give the correct info.
  • Child's is also accused of deleting the startup configurations on several pieces of equipment, so in the event the power went out on the device (required to reset passwords sometimes) the configuration would be lost. Password recovery features were also disabled.
  • Childs' also allegedly install data monitoring software on several supervisors computers, and was found with lists of usernames and passwords, including those of his superiors.
  • And finally, Child's is accused of setting up 'rouge' devices across the network to provide him remote access to it.

I know, this looks bad. But lets consider what his job was, the man was a network administrator, and much of the above can easily be seen as part of his job.

Things Terry did, that I do daily.

  • We have 2 administrative accounts on each computer, 1 master administrator account that stays un used, and 1 administrator account that we use for admin tasks. We do this, so in the event something happens to the one we use, we have a backup that is not used. Only we have these passwords, our clients do not. It is not rare for them to request this info, but we explain that if we provide them administrative access to servers and other equipment, we cannot be held responsible for it any longer. If they need changes made, we can do it for them. If they insist on access, we reevaluate them as customers as it is not worth our reputation to allow an untrained person admin access to a server when they have no reason for needing it.
  • Part of the service we provide is installing an application on each computer that monitors event logs, runs maintenance at night, monitors anti-virus software, provides us remote access to computers, and several other things. Monitoring computers is part of our job.
  • Configuring remote access to sites. Any network admin who has to support multiple locations sets up ways for them to access things remotely, otherwise they cant do their job. It is not rare to set up multiple methods of remote access, so in the event one fails, you have another option.


How do I feel about this case?

My feeling towards this are mixed. I understand that sometimes an IT admin needs to protect a company from itself. Too often company executives think that because they are high up in a company they should be allowed to do what they want on a computer and access whatever they want. This is not true. Executives are targets in the hacking world. Their information is all over the place on the web and on their company web sites because they want to be known. Because so much data about them is available, it makes it easier to exploit them. This means their accounts need to be even more tightly controlled than the average user, but this is the exact opposite of what they want, and sometimes demand.

When a CEO demands access to something, an IT professional is put in a tough position. They can give the access, and the deal with any problems created by it (and trust me, problems occur frequently when people have unneeded access), or you can stand up to the person and risk backlash.

I have been in this position in the past. A position where executives come up with inane ideas and requests, and despite the IT department explaining why the idea is bad, and the risks involved, and the potential for problems, we are pushed into making the changes. When something goes wrong, we are then looked at like we caused it, and that is not fair. I have left jobs because of situations like this.

The networks and computers we build and maintain as administrators are like a living resume. If you are named as the admin on a network with a major security breach, it can dramatically hurt your career, so when you are faced with these decisions, you are being asked to put your reputation on the line. So with every decision, you ask yourself, "is this risk worth my career?"

However, as a professional, there is a point where you just need to cave and give the boss what they want, and let them deal with the problems. When he was faced with arrest, Childs' should have left the job, and turned over all credentials and information in a proper way, there is no if ands or buts. The data belonged to the city, and while I'm sure he wanted to protect it, and while he may have thought he had been wronged, he had no legs to stand on when it came to that.

I am very interested in seeing how this will turn out.


More info about the case:






Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 26, 2009

What Causes Delays in Email Delivery?

Email is one of the most handy tools available to both individuals and businesses a like. It provides nearly instantaneous communication with friends, family, colleagues, and even that friendly Nigerian E-mailPrince who said he wanted to give me a million dollars.

For the most part, when you send an email, within a few seconds, the recipient has it, but sometimes, that email that you really really need doesn't show up when you expect it, and you don't know why. To understand why emails get delayed, you have to understand how an email is sent from one person to another.

When an email is sent, it doesn't just go from your computer, to the recipients computer, it follows a path along the Internet, and along the way has several stops.

  1. An email is created on your computer using a email authoring tool like Outlook or by using a webmail service like Gmail.
  2. Once you click send,the message is sent to your mail server.
  3. Your mail server then looks at the email, determines where it needs to send it according to DNS records the recipient company has set up.
  4. Your mail server then sends the message to the place listed,
  5. Many times, the server listed isn't actually the recipients mail server, it is an intermediary server set up as a spam filter or an archive server.
  6. The receiving server then forwards the message off to the real mail server
  7. The recipient then connects to their mail server and grabs the message.

This process seems simple right? not exactly. The Internet really is a series of computers, connected via wires, fiber optics, and other computers. An email must travel long distances, and a break down at any step, or between any step can cause a delay.

Some of the most common causes for delays and failed delivery that I see are the following:

  1. User Error: It is very common for someone to mistype an email address. If you are missing an email, get in touch with the sender, and have them read you the email address they are sending to (don't ask "did you send it to youremailaddress as they will just assume they did)
  2. Spam Filters / Grey Lists / Black Lists: Spam filters are meant to block spam, but sometimes they are wrong and block a legit email, which means the recipient doesn't get it, check your junk mail folder, or ask your admin to check the spam filter if you are missing something.
  3. Internet Connectivity Problems: Sometimes things break, and broken things causes delays. A bad connection between your computer and mail server, your mail server and a DNS server, your mail server, and the recipients mail server(s), or the recipients mail server and the recipients computer can all cause delays in email delivery. Because of this, email servers have rules on the configured to retry message delivery several times before you ever get an error that says the message could not be delivered.

The bad part about most of these delays is that there is little you, or your IT department can do about it. People make mistakes, computers make mistakes, and things break. The good part is, at least now you have a better understanding of how email gets to you, and are more forging towards your IT guy a little slack when he says there is little he can do to find that missing email for you. In fact, most times, I cant even look into email delays until the email actually gets there and I can take a look at the message header to see where the email has been and when it got there. But Ill talk about that another time.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 23, 2009

Microsoft Elevates America

Microsoft announced today that they will be partnering with governments, private, public and community organizations to launch microsoft_logo Elevate America; a free and low cost resources that provide the skills, training and certifications needed for people of all ages who are preparing for job opportunities in today's changing economy.

"As part of our ongoing investment in education and workforce readiness, Microsoft is providing additional support through governments and designated partners to accelerate the workforce readiness of Americans through the most relevant training and certification programs we offer."

Some of the things Microsoft will be assisting with are:

  • Expanded access to basic technological literacy and skills training.
  • Intermediate technology skills training courses, instructor-led and online, plus selected certification exams.
  • Access to a new web portal that will help guide individuals to training that positions them for success in the economy today, and tomorrow.

One of the programs I am looking forward to is an expansion on the Microsoft Second Shot Offer. In addition to Microsoft giving test takes a free retake in the event they do not pass their exam, they will also be offering a highly discounted price on e-Learning material to study for your exams. If you have not taken any of your exams yet, DO IT NOW. Check out the new ThinkSmarter Store for some recommendations on study material. As for me? Its time to get back to grinding away at those certifications.

To read more about this amazing program, or to learn what resources will be available to you, see the Elevate America Website.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

The ThinkSmarter Store is now open

I have decided that since I spend a lot of time recommending cool products and gadgets, I would give you an easy way to also buy them.

The ThinkSmarter Store, powered by Amazon, is now open, and available via the sidebar below the RSS sign up section of the Blog.



I will be adding product to the store as I review things or find things that I think you would like. Right now there are some books, movies, software and hardware that I like, and the prices are pretty good (it is amazon after all), so check it out, as I will be adding more stuff frequently, and of course, if you have any recommendations of things I should check out, feel free to send me an email, and Ill take a look, and add them to the store if I like them.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Don't Feel Bad...Even Banks Get Scammed.

The New York Times has reported that Citibank may have fallen victim to none other than a Nigerian Scammer.

"Swindles in which someone overseas seeks access to a person’s bank account are so well known that most potential victims can spot them in seconds.

But one man found success by tweaking the formula, prosecutors say: Rather than trying to dupe an account holder into giving up information, he duped the bank. And instead of swindling a person, he tried to rob a country — of $27 million."

Luckily (For CitiBank), it looks like the scammer has been caught.

Read the Full Article on the NY Times Website.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 22, 2009

Live CDs...The Swiss Army Knife of the Computer World

Life Hacker Posted a pretty good article about the Top 5 Live hivefivedicsCDs and you should definitely check it out if you work on computers for a living, or just like tinkering with technology.

Basically, a Live CD is a CD (obviously) with a full operation user environment on it. So rather than booting into Windows (or what ever other Operating System you use) you pop the CD in, and the computer boots to that.

The uses for them are pretty much limitless as they can be customized to do pretty much any computer task you want. I use them for Hardware troubleshooting, Virus clean up, general testing, anonymous computer usage, and many many other things. Check out the article on Life Hacker, and check back soon. I have a post in the works about how to be be anonymous on a computer.



Photo by bulinna.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google


I'm a big fan of awesome TV shows, and while my taste is eclectic (I love House MD, but am happy to sit back and enjoy some Top Chef) I limit what I allow my self to sit down and watch so I have time for other things (Like this Blog), but recently a new show hit fox, and it get my attention...Ok Eliza Dushku got my attention, but the show still looked cool.


I missed episode 1 and 2 when they premiered (Its rare I watch things at their scheduled time) but I really wanted to give this show a shot, so I headed over to Fox.com and watched it online. (God I love online episodes)

Episode 1 was interesting, a little background on what is going on, a little character development, and an ok story line, and of course Ms Dushku front and center. So, I watched the second episode. Now that was some good stuff. More store, more kick ass Eliza. I think next week, Ill be watching this thing live (yes, we need to do that to the makers get their Ad money and keep making good shows.)

So why am I mentioning this on a technology blog? Well....its my blog, so I can write whatever I want AND the show is based on technology that allows you to program a person to do what ever you want. They image people, like I image computer...and that's cool (albeit a bit creepy).

So check out the show, its looking to be pretty good, and from what I here, it shifts from good to totally awesome in episode 6, so im looking for ward to it.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Instant Messaging in the work place

No No No, this is not some blog about how instant messaging is a waste of company resources, or how to do it without getting caught. This is a blog about how great a tool instant messengers can be for instant-messengersa  company.

As a tech, instant messaging has been a tool that I have used in the work place for as long as I can remember. It, along with email, are the primary way I contact other techs. Recently, many clients have thought about implementing a good instant messaging software for their employees to use, but are concerned about the risks IM software poses, as well as the loss of productivity that may occur is people can just chit chat all day.While both of these concerns are valid, there are solutions in place for both, but before we worry about the risks of using Instant Messaging software, lets look at some of the benefits.

The Benefits:

  1. Fewer Interruptions - A lot of the work I do requires me to concentrate on several things at once. Because of this, other interruptions, big or small can cause a problem. If I'm "in the zone" and get a phone call or even worse, someone comes over to talk to me, I usually get distracted and then have to take the time to regroup my thoughts before I can get back to what I am doing, some times it takes only a minute, but sometimes, it takes longer depending on the task at hand. If someone IM's me, I can wait until a natural break in my work occurs, like when I complete a thought and write it down, I can then look at the message, respond, and then move on. And lets face it, most things can wait a couple of minutes, so that delay usually isn't a big deal, and if it can't wait, you can still call.
  2. Convenience - For me Instant messaging is easier and more convenient that making a phone call. I have a list of names in front of me so I don't need to look up a number, and most times I only have a  quick question, so its just simpler to ask. It also gives the other person a minute to look up and answer if they need to, and you aren't wasting that minute sitting on hold. You also aren't interrupting the person like mentioned above.
  3. Tracking Employee Conversations - Yes, I know, most people absolutely hate this, but it is a perk for a business. My company logs all conversations held via IM for every employee, the boss will occasionally read through the logs just to see what we are up to. Do we stop joking around, sending funny links and pictures, nope, and he doesn't expect us to. Then why does he do it? So he can see what we are up to. If we are asking each other a lot of questions, or a lot of people are asking about the same thing, maybe its time for an email explaining something, or a training. If we are all complaining about a customer, maybe its time to reevaluate them as a customer. It is also helpful for when we ask a question to a superior and then do what we are told and it turns out to be wrong, we simply pull the log and say "I did ask, and was told to do this" or if a dispute occurs between what was said and what was done. It gets resolved quickly.

The Risks:

  1. It is Informal - People sometimes forget that not everything should be discussed via IM. Confidential client information, or confidential company information usually shouldn't be discussed over IM. IM should be an unofficial communication channel. Things that need to be "on the record" should be communicated in person or in formal writing, like email.
  2. Data Security - There are some risks when using IM. Most are not encrypted by default, because they are meant to be informal forms of communication. The logs are also not encrypted in many cases, so information that shouldn't be shared may be. Depending on the software you use, this data could also get out of the company (although much of the IM software available currently has the ability to make it internal only)
  3. Viruses and Malware - There are a lot of viruses and Malware that target popular IM software. If you allow communication with outside users, this can be an issue. To prevent this, make your IM internal use only and have a good AV software running.
  4. People will use it for Chit Chatting - Yes, people will chit chat with one another and talk about non work related things. As long as it is within reason, its no big deal, they are going to do it anyway, and there are far worse things your employees can be doing aside from communicating with one another.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 20, 2009

Update From Yelp.com

Yelp.com has replied to the allegations that they are trying to sell a service of removing bad reviews from their site. They attribute the report to miscommunications regarding the services they do offer (the ability to highlight a good review) and also the algorythims used to sort the reviews that are listed.

"It appears that a key source of confusion is our anti-spam algorithm which makes
a small number of reviews come and go from a typical business' page.
realize we need to do better at communicating the why and how of this
counter-intuitive "feature" and we will."

Read the Full Response on Yelp's Blog.

I hope this really is all just a miscommunication. The idea Yelp.com is trying to bring to life (and has been) is a good one. Consumers need a place to voice their opinions, and if a company is manipulating those opions, then there is a problem.

See the comments left on The Consumerist, apparently several users there agree with the assesment that Yelp is a scam.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Don't Keep Personal Data on Work Computers

ThinkSmarter is guest blogging on Dumb Little Man. Check out the post HERE

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 19, 2009

Yelp.com Real Reviews may not be so real...

What started as an almost idealistic endeavor, a place to give every day consumers a voice,  seems to have taken a turn for the worst as advertising budgets shrink and investors are becoming more cautious in who they give their money. Recent complaints reported by The East Bay Express indicate that Yelp.com, who's motto is "Real people. Real Reviews.", has started offering to remove bad reviews for a fee, and may also be falsifying reviews or altering the order in which they appear on their web site if the business declines to pay this fee. Simply put, this is extortion.

The idea behind Yelp.com, founded in July 2004 by Jeremy Stoppelman, 31, and Russel Simmons, 30, both coming from PayPal, was to give a place for customers to not only find local businesses, but to also give these customers a voice by allowing them to post reviews. Since the creation of Yelp, their primary source of funding has been private investors, so far totaling over $31 Million, as well as selling advertisements, and upgrade business profiles, but in just under 5 years of operation, the company has still failed to turn a profit.

Chief Operating Officer Donaker said it's all a big misunderstanding;

"Do I think that sales reps call are saying, 'We'll move your bad reviews'?" he asked. "No. But I think it could be true — when you get to pick your favorite review and put it to the top, if I said it a little different way, it might sound a little nefarious."

To read the full story, check out The Full Article on The Easy Bay Express web site.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Top 9 Dirty Tricks Scammers Use

PC World has posted an interesting article Outlining some of the more common scams that are being used to trick hard working people out of their money.

The list contains scams that are used on Social Networking sites like Facebook and MySpace, as well as attempts to trick users by emailing them at home and at work.

Scams like this are becoming more common as unemployment rates go up and the budgets shrink because people are getting desperate and looking for an easy fix. Like everything else in life, if something seems to good to be true, it probably is. Be careful who you give your personal information to, and you will be well on your way to protecting yourself from scams like these.

Read the Full Article Here

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 17, 2009

Update on Kenny Glenn

Update#1 - http://www.kenny-glenn.net/ is now online.

Update #2 - Video of Second cat found


The second cat has alow been removed from the home, why it was left there to begin with, I dont know.

When asked about the fate of the abuser, Sheriff "Schulte says he did not know what punishment the boys may face if found guilty, but said the penalties for a juvenile conviction could include psychological counseling, court monitoring until they turn 18, community service to provide restitution for treatment of animals, and/or placement in court custody."

Please remember that this is a Minor that is being delt with, so do not harass the family. Contact the DA if you want to punish him, we dont want others being hurt becasue of this incident.


This story has now made it to CNN. Well done everyone. This type of thing is why the internet really is the great equalizer, the power is back with the people when we are able to come together and right the wrongs that have been committed.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 16, 2009

Kenny Glenn Caught...

Yesterday a kid in Oklahoma decided it would be a good idea to wake up, and with a friend record him torturing a cat and then post the video to YouTube, this would make him cool right? Wrong!

What Kenny Glenn did not expect was the wrath of the Internet coming down.

The Internet is a powerful place. A place where those who do good and bad on a daily basis come together at times when a single enemy has emerged. Last night, that enemy was Kenny Glenn, and no one held back.

Within hours, his name, address, phone number, school, parents phone numbers, dads business phone number, maps to his house and constant updates were up on their own web site kenny-glenn.com (web site has been taken down, probably for the kids safety.) People were enraged, and these people have the know how to get things done.

How did they find Kenny? The were able to locate the kid via MySpace based on his YouTube user info, they then verified the information because he had some pictures up which showed enough of his house to match with what was seen in the video. His gross green carpet, a drum set, a strange window, and a confederate flag. From there, is was only a matter of a little investigating to get all of his personal information. It was like a game to these guys, and trust me when I say they had fun doing it. The boards were lighting up last night, updates faster than most could read them. Some updates were solid info about the kid and family, verification of information, work some of the best private investigators in the world would take hours or days to do was being done in minutes by an Army. So to gents at 4chan and the DGers who made this their personal mission, good work.

Sine the uproar Kenny was taken into custody, released back to his parents, and from the info I have is set to meet with the DA on Tuesday to determine the charges.

I wont link to the original video because it really is painful to watch, I'm not exactly a cat lover, but this kid deserves everything he is going to get. So let this be a warning for everyone out there who thinks they can be anonymous, who thinks no one will know it was them, be careful. There is an Army out there who love nothing more than to ruin pieces of trash like this.

Oh, and Dusty the cat is ok. He was removed by the sheriffs department last night and taken to vet for treatment. Kenny on the other hand is going to be miserable for a while...

YouTube Video of a local news report

Lawton news (site is slow to heavy traffic)

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Woman Sues Microsoft Over XP Downgrade Charge

PC World has published an article about a woman in Washington that has decided to sue Microsoft for charging users who purchase computers with Windows Vista a downgrade charge if they want XP installed.

Her argument is that Microsoft is being unfair because they are forcing people to buy Vista if they want XP, because XP is being discontinued. Because of this, she things they should give her XP for free since she is buying vista.

Lets remove Microsoft from he equation, and pretend its another piece of software. Lets say Adobe release Version CS4 of Photoshop, with CS4 do you get CS3? CS2? no, absolutely not, you get CS4. If there was something you wanted in CS3 that's not in CS4, you pay the money for the older version (and they don't give a discount)

Microsoft is charging just under $60 dollars as a downgrade fee. They do this because now they not only have to give you a copy of XP, they have to continue to manage the licensing for it and provide support for it. I think this is very reasonable.

Also, the women fails to realize that a product manufacturer is allowed to discontinue any product they want, regardless of level of demand, so saying but people hate vista, and want XP" is not a legal argument for them to allow people to just buy XP.

As an IT company, we buy these downgrade rights all the time for clients. Many don't want to move to Vista on new computers because they want to keep all of their systems running the same OS and they don't want to pay to upgrade 40-100 machines to Vista since they have no reason to. This makes sense to me. Smaller companies who are just getting started and are buying new company computers buy all Vista machines, because Vista IS a good operating system despite what all the people who have never given it a shot have to say.

The bottom line is, if you want a piece of software, you are paying for it. If the only way to get it is packaged with something else, that's a manufactures decision, not yours. What's next. Apple getting sued because I need to use iTunes if I want to upgrade the software on my iPod?

Read the full PC World Article Here

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

February 14, 2009

How do Spam Filters Work?

Over 95 percent of all email sent today is spam. That means if you have nothing filtering the email you read, only 5 of the 100 emails you look at will be legitimate. Within those 95 pieces of junk mail, several will contain tempting attachments that are really viruses, even more will contain letters of sorry trying to get you to send money, and even more will contain advertisements for fly by night pharmaceutical companies trying to sell you miracle drugs. How has time to deal with all of them? No one, and that is why Spam filters are becoming more and more important.

But how do spam filters know which emails are real and which are spam? Well, like any good security system, they run each message through several layers of tests and checks to ensure the email you get is not dangerous.

  1. Black Lists: The first layer of protection that a spam filter offers utilizes a black list. A black list is a list of IP address and domain names that in the past have sent out spam. It is similar to the black list used by clubs and casinos to keep out trouble makers. Where at a club, every person has their ID checked, spam filters do the same thing and look at where the email is coming from. If the sender's domain or mail servers IP address is on a black list, the message is refused. Some of the most popular blacklists that people use are Spam Cop, Barracuda Central and The Spamhaus Project, although there are hundreds of others, many of which use each other to increase their effectiveness.
  2. Key Word Searches: Spammers know what attracts peoples attention, they know that people love money, people love good looking men and women, people like exciting news, and because of this, they use the same type of word combinations to get people attention. This makes them predicable, and because of that, spam filters can look for key words and phrases and if present, block a message. For instance, if a message says something like "FREE VICODIN!!!!" its probably not legitimate, so the spam filter will mark it as spam. Some of the most common words used in spam are "millionaire" and "sex"
  3. Mail Formatting: Spam filters can also look at the design of an email. Is it all text? is it one big image? are their tons of links to other things. is any of the text hidden? By using characteristics like this, the spam filter can make an educated guess as to what is real and what isn't.
  4. Attachment Scanning: Spam filters will not only scan the email it self, but good ones will scan the attachment as well. This allows the filter to catch viruses and Spyware before they get to your computer.

When using any of the methods above on their own there is a good chance that you will both miss a lot, and let a lot through, so many spam filters use a point system to rate emails. For instance, a key word search might find a few things that look like spam, but could also be real, so it will give it 2 points, the formatting also looks bad, so it gives it another 2 points. The message comes from an IP that is not black listed, so no points given, and there are no attachments, so no points there wither. this is 4 points. So if the spam filter is only configured to block things that get 5 points or more, then the mail would go through, if it is configured to only allow 3s and below, it would be blocked.

Of course, no scan is ever going to be perfect. because of this good spam filters will have a way for the email recipients to see all mail that was filtered so they mark it as not spam so the spam filter doesn't make the mistake again, and also have an option to mark things it did let past as spam so the filter can better recognize the spam in the future.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 13, 2009

          Why Do I get Spam?

          SPAM has got to be one of the most annoying things about the Internet.  Not only does it take up space in you mailbox, but it also wastes you time because it forces you to wade through it to get to your real email. In addition to being a waste of time and money, it can be dangerous.

          Every day people fall for scams like the well known Nigerian 419 Scam, and it costs them time and usually money. SPAM can also contain viruses and malware in attachments that are sent and look like something important, maybe pictures from a friend, or an urgent message from your bank. So how do you avoid getting all of this trash?

          As always, Prevention is key. Spammers collect email addresses in a number of ways, here are a few of the more popular methods and ways to prevent them.

          Method 1:  Buy them from shady companies who collect them by tricking people into signing up for things like surveys, mailing lists, and free things.

          Prevention: The best way to prevent this is to be careful who you give your information to. Always read the terms and conditions of service when you sign up for something, and make sure it mentions not sharing or selling your info. If you must sign up for something like this, use an email designated just for signing up for things. I have several email accounts. 1 for this blog, 1 for friends, family, and lists I actually care about, 1 for junk mail, and 1 for various other things. All of them are free GMAIL accounts.

          Method 2:Spammers with scrape web sites for information. This is when they use a piece of software and scan hundreds of web sites for email addresses. Sites like Craig's List are very popular, because while the real email address usually isn't listed, people their are categorized by what they are interested in (that is where they posted) so they make good targets, and will end up replying with their real email address. Businesses are highly vulnerable to this because they need to list contact info on their web site, which exposes them a lot.

          Prevention: Never post your email address in a forum, on a web site, or anywhere that someone can see it easily. For businesses, using "Contact Me" links like the one I use are very helpful. People can contact you, but not know your email address.

          Method 3: They guess. People tend to use common formats for email addresses, and will usually include their first initial and last name, or first name and last name, so they really can guess.

          Prevention: The only way to stop getting emails like this is to have a good spam filter in place. Most services like GMAIL, Yahoo! Mail, and Hotmail use a spam filter, but if you are a business and host your own email, you need to get one.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          67 Computers Missing from Los Almos Nuclear Weapons Lab

          POGO reported today that 67 computers have gone missing from Los Almos Nuclear Weapons Lab, 13 of which were in the last year. While the number of machines missing is a bit alarming, Los Almost says that none of them contained confidential data. I did however find one part of the report concerning;

          "Thirteen of the missing computers were lost or stolen in the past 12 months, including three computers that were taken from a scientist's home in Santa Fe, N.M., on Jan. 16, and a BlackBerry belonging to another employee was lost "in a sensitive foreign country," according to the memo and an e-mail from a senior lab manager...Only one of the three computers stolen from the employee's home was authorized for home use, which raised concerns "as to whether we were fully complying with our own policies for offsite computer usage," he said."

          While I am ok with people taking their work home (believe me, I know how necessary it is sometimes) I also understand that if you are taking a piece of equipment home, there are some special security concerns that need to be addressed. It is concerning that in a place that is supposed to be so heavily secured someone was able to walk out with 3 computers.

          Read the complete article.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 12, 2009

          People are the weak link in security

          Errata Security recently released their finding after analyzing 28,000 User passwords that had been stolen.

          From the AFP Article:

          "It found that 16 percent took a first name as a password, often their own or one of their children, according to the study published by Information Week.

          Another 14 percent relied on the easiest keyboard combinations to remember such as "1234" or "12345678." For those using English keyboards, "QWERTY", was popular. Likewise, "AZERTY" scored with people with European keyboards.

          Five percent of the stolen passwords were names of television shows or stars popular with young people like "hannah," inspired by singer Hannah Montana. "Pokemon," "Matrix," and "Ironman" were others.

          The word "password," or easy to guess variations like "password1," accounted for four percent."

          While I don't find the results all that difficult to believe, I am still amazed by how little people seem to care. Your username and password are the key to who you are online or on a computer network. If someone steals them, they are you for that moment. In the case of these passwords, I partly blame the administrator of the network that allowed such weak passwords to be used. While we can't expect everyone to understand what makes a password strong, I can expect those tasked with the security of a website to know.

          The Do's and Don'ts of strong passwords:


          • Use a minimum of 8 characters
          • Include both upper and lower case letters
          • Include at least one number
          • Include at least one special character

          Do not:

          • Use your name, your kids names, spouses name
          • Use your birthday, anniversary, kids birthday, etc
          • Use simple words like love, hate, dog

          Things like names and dates are easy to find out and are the first things tried. Simple words are easy to guess, and password cracking software will try common words before trying random characters.

          Your password does NOT have to look like this: Yffg87^7!!4f (Although I do know several administrators who do use passwords like that) That type of password is unnecessary for most things. Sure, it wouldn't be cracked very quickly (it would take days to crack if on a Windows network), but it is also very hard to remember, which usually means it will be written down and kept somewhere, which means someone can steal it.

          Instead, use something you can remember, a word with special meaning,  a phrase, or a song title like H0telCalifornia! This provides almost the same level of security, and also has the benefit of being remembered.

          Remember, strong passwords need to meet the balance of security and usability. If you cant remember it, it is useless, but if its easy to crack, its a security risk, so find a happy medium.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 11, 2009

          Getting rid of an old computer?

          Ah...the smell of new computers in the morning... there is little in life which is better (except for bacon...bacon > most things in life)anyway...

          So you just got your new computer, you backed up the data off the old one, moved it to the new one and are ready to take that old box to the recycling center (you wouldn't just throw it in the trash would you)

          Not so fast...

          One major mistake I see individuals and companies make on a nearly daily basis is taking their old computer and just throwing it in the trash. This is a big mistake. Before you throw out any computer, you need to make sure all data is properly removed. I can't count the number of computers I have gotten for free that were loaded with personal information, and not just silly things like family photos, I'm talking about bank statements, quicken files, "personal" photo albums, etc.

          Reformatting your hard drive will discourage most people from looking for information, but it is not really deleting your data, just flagging the parts of the hard drive as empty. To really delete you data, you actually need to delete it, and then write more stuff over it. To do this, you need a special tool.

          While there are several commercially available piece of software out there that can do this, I'm not a fan of any of them because they cost money. I'm cheap, I like free things, so I use DBAN,



          DBAN is an outstanding tool that deletes your data, then overwrites its it to make sure it is gone. It then repeats this up to 7 times if you want it to. (Department of Defense requires a minimum of 5 overwrites). It is incredibly simple to use, you just pop the disk in, pick the drive, and poof! all data is gone (ok, the poof! might take an hour or so depending on the size of the drive) but still, once you have done this, the recovery would take way more time and money (if possible at all) than almost any person or companies data is worth.

          For businesses who need to remove data from drives frequently, there is EBAN which allows you to wipe data from dozens of computers at once.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 10, 2009

          What's a Netbook?

          Anyone who has been looking around for a new computer as of late has probably seen the growth of a relatively new class of computers, the NetBook. They are small, cheap, and portable. Sounds perfect right? Maybe not...

          Many people are dazzeled by the low price (Dell's 9" Inspiron Mini starts at $249.99) so they may hurry into buying one without considering what they are actually buying.

          The basic differences between netbooks and notebooks are:

          • Netbooks are smaller and lighter usually
          • Netbooks tend to have less RAM
          • Netbooks have a superior battery life
          • Netbooks have smaller hard drives
          • Netbooks have less powerful video cards

          A netbook might be ok for you if you want to:

          1. Browse Websites
          2. Check your email
          3. View pictures
          4. Stream media from sights like YouTube and Hulu (non Hi-Def)
          5. Light word processing

          Buy a standard notebook if you want to:

          1. Edit photos and video
          2. Stream Hi-Def video
          3. Don't want to carry an external drive around.
          4. Heavy MS Office work (mostly because the small screen size makes these tasks harder after long periods)

          Are netbooks for everyone? No, but they absolutely have their place in the world. Would I buy one? I'd like to pick up one of the Dell Inspiron Mini's sometime. It would not be my primary computer, but I could definitely blog from it, and do a lot of my other day to day web tasks, and then remote desktop to my primary and do work if I didn't feel like going to my desk.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 9, 2009

          Physical Security Matters

          With all the talk of firewalls, anti-virus software, spam filters, and anti-spyware software it is sometimes hard to remember one of the most important aspects of secure computing; keeping your computer in a secure location. I know what you are thinking, you use a strong password or a biometric lock on the computer so even if it stolen, your data will be safe. You are wrong.

          Law #3 of Microsoft's 10 Immutable Laws of Security states:

          "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore"

          I work on computers every day, and getting around passwords on desktops, laptops, and servers is so common it is routine. In fact, the only time it gets a second though is if I have to do it remotely, but I some times take for granted that many people don't understand how easy it really is. I was reminded of this a few days ago, and it started with an urgent call.

          A very good client of mine gave us a call because one of their colleagues was having some trouble and was in a pinch. He had been having some trouble with the fingerprint reader on his HP laptop, after calling HP support and spending several hours trying to troubleshoot the problem, they decided it would be best to just disable the finger print reader, and see if they could prove that was the cause to they could get it replaced, so he did as support asked. The problem was, this person didn't know the password to his computer because he had been using the fingerprint reader for so long. Now he had a computer, which needed a password he didn't know. He was in a panic. He was thousands of miles from his office, needed access to the info on his laptop to do business, and the best HP could do for him was ask that he mail them the computer and they would reinstall windows for him. They were not hopeful when they called us, but have no fear...its only a password after all. We asked the client to bring in his computer, and he did while barely grasping for hope as we assured him this wouldn't be an issue.

          He came by the office and took a seat as he settled in for what he could only assume was going to be a battle. I took hold of the laptop, popped in my trusty password reset CD, booted to that oh so wonderful command line interface, set the local administrator password to blank, rebooted the computer and a few seconds later, was welcomed with that oh so familiar sound of Windows loading.

          The client sat in astonishment. How was it that after hours on the phone with HP, being told there was no hope, we had now given him access to his data in under 5 minutes. He praised us, thanking us, and singing our graces to our client, who in turn emailed our boss to let him know just how much they appreciated us being around.

          Now I am good at what I do...but this was no major feat. Resetting passwords really is that easy. While doing it remotely can take hours, days or years against a properly secure system, once that computer is in my hands, it is only a matter of seconds before the data is mine.


          So what can you do to prevent someone malicious from doing this to you?

          • Keep servers in a locked and secure environment which is monitored both electronically and by a human.
          • Keep desktops in safe areas, and if disable booting to a CD, Floppy, or USB drive.
          • Set a BIOS password so the above setting cant be changed easily.
          • Keep your laptop within arms reach, especially if on a business trip. Once that thing is gone, it is gone and so is your data.
          • Use encryption software on external drives so if they get lost or stolen, the data is still secure.
          • Use strong passwords, yes this is still important.
          • If possible, encrypt the data on your drive, or at least data in folders where critical data is stored.

          So let this be a lesson. Security is not a single piece of software, it is not an expensive firewall, it is good planning and a set of well placed items to deter a thief, this includes the kind that sneak in through windows at night.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 4, 2009

          Windows 7

          There is a lot more buzz as of late about Windows 7 since the Beta was recently opened and is now closing soon. I have it installed on one of my spare computers and so far, its like a much leaner, more friendly version of Vista, which is good.There are already dozens, if not hundreds of reviews out, so I wont write one on the Beta, I did however want to address one of the issues that I have been hearing about, and that is "How many version of 7 will there be?"

          One of the biggest marketing issues I saw with Vista was how they sold the versions. Not only did you have the traditional full and upgrade versions, but you also had 4 consumer versions available (Home Basic, Home Premium, Business, and Ultimate), this made a total of 7 SKUs for people to choose from, that's too many. So Today when Microsoft announces there would be 6 Windows 7 SKUs without including the upgrades, everyone basically freaked out. So lets just clarify right up front that when you go to the store, you WILL NOT have that many choices. The versions you will see on the store shelves are:


          Windows 7 Home Premium (Upgrade and full versions)

          • Includes AERO interface (like Vista)
          • All Media Center functionality
          • Windows Home Network Functionality
          • Muti-Touch capability
          • Premium Games


          Windows 7 Professional (Upgrade and full versions)

          • Everything in Windows 7 Home Premium
          • Professional Network Capabilities (RDP, Domain Support, Offline files, etc)
          • Mobility Center
          • Presentation Center

          That is it. Then what are the others you ask?

          Windows 7 Starter Edition

          • This will not be available to consumers, only to OEMs (manufactures) and will be used mostly for new netbooks as it requires very little resources and has several major operating limitations by design.

          Windows 7 Home Basic

          • This will be available to consumers...in emerging markets, not to anyone in the United States.

          Windows 7 Enterprise

          • This will only be available to Volume License customers, not for retail sale
          • Includes all features of Windows 7 Pro
          • Also includes Bit Locker Drive encryption
          • Direct Access
          • Branch Cache

          Windows 7 Ultimate

          • This will only be available in limited supply, it is essentially a home version of Windows Enterprise, and most users will never need to bother with it as those who need the technology will likely have access to the Volume License version for much cheaper.

          So that is all, yes many version will be out there, but no, you will not have to worry about picking which one is right for you.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

          February 1, 2009

          Are you being tracked?

          I got an email this morning from one of my family members, it was forwarded to them from one of their friends concerned about a part of a very large well known web site tracking users that visit it. Apparently he thinks its an invasion of privacy for them to see what he is doing on their site, and on their affiliate sites.

          My thoughts?

          The tracking with clearly disclosed in their Terms of Service.  The site offers their services free of charge, and the way they pay for it is they sell advertising on their site and on affiliate sites. In order to sell advertising they need to know what demographic is using their site at the time so they can post the proper advertisement. I think this is fair, and I think they are doing it with a lot of transparency. They do not specify the data they gather, but I can tell you on this site, I track the following data.

          • IP Address - Give me a general idea of where readers are from
          • Time of visit - Doesn't really help me, but is logged by default.
          • Length of visit - Am I providing enough content
          • What pages were visited - what posts are popular
          • Who referred you - Lets me know how you found me (RSS, Google search, link on another page, etc)
          • What was the last page you read before leaving

          This is basic info that just about every web site tracks. It helps the publisher know who's reading it, and what they like/dislike. As someone who works as an IT professional, and who takes security very seriously, this doesn't bother me, because I know it is harmless. Now, if a web site dumps a piece of software onto your computer and tracks every web site you go to...then there is a problem.

          Bookmark this post:
          StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google