Beware of using third party email as your prime email account

There is a thread at webproworld.com about someone who was using a Yahoo email account as their primary email. Suddenly they found that the account was deleted. The problem was that the account contained their whole life. Apparently, they had not saved the emails.

This could be a disaster if you are doing things like registering domain, purchasing hosting or doing auctions.

One person posted a reply that the original poster should consider purchasing a domain and using that domain for their emails. That's great advice. Some people might not have the technical knowledge for that, but they should be able to hire someone to set them up for a relatively modest amount.

We still see businesses run on AOL accounts. Converting old AOL emails to outlook can take some time. However, you will have to do it sooner or later. You might as well make the move now.

If you are using AOL, Hotmail, Yahoo mail or Gmail, you might want to make a risk assessment of the impact of suddenly losing the account. None of these services provide a really easy way to back up that I know of . (If you know of any that provide an easy backup, please reply to this post).




Link to the thread at webproworld

Magnavox MWR20V6 - VHS to DVD Dubbing

As we mentioned in a previous post, the device we bought to try to copy our VHS tapes to DVD via the PC just didn't work out.

Instead, we purchased a Magnavox MWR20V6. Among other things, this device has the ability to copy your VHS tapes to DVD and vice versa, if the tapes are not copy protected.

It works pretty well, we have not had any coasters yet. On the other hand, there is a fairly steep learning curve and some of the functions seem a bit awkward.

Once you get everything set up, you put your VHS tape in and set it to about 5 seconds before where you want to start. It is proably a good idea to fast foward and rewind the tape which will even out the tape.

You can feed the machine a wide variety of DVDs including +R, -R, +RW and -RW. We've only tried the +Rs at this point although it appears that the RWs would give us a little more flexibility.

At this point we are trying to archive our vhs tapes. Tapes deteriorate over time. We want to get copies in a digital format for posterity. That leads us to our next decision: what quality to use for recording the DVDs? You have several options where you can trade the recording time for quality. At the best quality, you only get one hour of recording on a DVD. At one notch down, you get 2 hours. Most of our VHS-C's are about an hour and a half. Right now, we are recording at the second level to get one tape on one DVD. We plan to go back and redo things at the highest level once we get all the initial tapes archived.

The copy protection, obviously installed to the whims of the hollywood elite, is incredibly annoying. The tapes I was archiving initially were from about 1995 and were not viewed very often. I kept getting alerts that 'copying this program is not allowed' while recording. When this happens, recording stops but the tape continues. If you walked away, you will now spend time trying to re-cue the tapes. Obviously, the copy protection system is overly sensitive.. G-d forbid that Hollywood doesn't get every penny possible. The actresses and singers are so poor, Brittney can't even afford panties.. Anyway, enough ranting.. This could be very frustrating if you had recorded a long segment and the scene stops in the middle of something important. It seems that a fast forward and rewind will help reduce the false copy protection alerts.

It takes some time to determine how to set up the titles and chapter marks. If you are using DVD +/-Rs instead of the RWs, you cannot split titles up. This reduces the functionality of the menu screen when viewing the DVD. However, our initial objective is to digitize the analog tapes. Therefore we aren't spending too much time ont he front end.

Our plan is to eventually take the digitized tapes and run those videos through pc based video editing software and create more polished presentations.


Some other random thoughts.

• As we mentioned earlier, there is a learning curve.
• The 800 support was very good. We had a question on navigating the screens and got the right answer withing 15 minutes. (your mileage may vary)
• Creating the titles can only be done through the handheld remote. This process can be a little tedious and if you don't hit the enter key, you lose your edits.
• You should understand the issue of finalizing the DVDs. That will allow them to be compatible with other machines but will prevent further edits.
• Hitting the 'display' button while in the recording mode should show the amount of time remaining on the disc. Keep in mind that edits use up the workspace.
• If you delete a title, it appears that you have lost all of the video associated with that title.
• This device does not interact with your PC. If you have a video out on your PC, you should be able to copy from the PC to DVD, although you could do that on the PC. You can take the DVDs you create and use them in the PC with your PC based video editing software.

Overall, the Magnavox was a good purchase. It will take a while to really get the dubbing process moving. It's long overdue. As we go through the process, we are taking copies of the DVDs offsite. That will greatly increase the odds that the videos will be available for future generations.

Hardware Review - Smartdisk's Videosafe

Video tapes degrade over time. If you don't do anything, they will eventually be unusable.

We found a piece of hardware by Smardisk called VideoSafe. It's simplicity itself with a usb connector and jacks for video, left and right audio and s-video. The software by arcsoft is also minimalist. The unit was jsut $49 at OfficeMax.

The idea is that you plug it in, then put a tape in your VCR or Camera and you can easily record up to 2 hours onto a standard 4 gig dvd.

The install went easily and didn't require a reboot. When you plug the unit in, you need to be patient as it will load the video drivers and then the audio drivers. However, when we tried to use it, we were getting a 'could not find the device/ device in use " message.

We checked out the web and found that it could be related to the usb port we were using. So, we tried other ports and could not get it working. This probably isn't the fault of the unit but rather that we have a machine that is several years old (and due for replacement soon). The machine does not have usb 2.o ports.

One other issue was that we were down to 3 gig free on the machine. The software told us we didn't have enough space but didn't say how much to free up. We moved a couple of gigs to an external drive (told you we need a new desktop). That eliminated the space message. There was no provision for pointing the temp files to another drive.

The software looked extremely easy to use even for a complete novice. Overall, it is probably a good choice if you have a limited library of tapes that you want to digitize.

The software doesn't appear to support Vista at this time although that will probably change soon

On reflection, we decided it might not be the best solution for us. We are going to go out and get one of the units that has the tape player and Dvd recorder in one unit. They can be found for under $150. The nice part about them is that you put the tape and dvd in and walk away. You are not tying up disk space or your machine while burning DVDs.

So, regardless of the solution you choose, consider doing something to get copied of your videos onto a more durable media.

(check back later after we've purchased a tape to dvd machine for a report)

How to prevent hotlinking with Frontpage published sites.

I just got a notice that one of my sites was at 80% bandwidth. There was still over a week left in the month. When I checked the logs, there were a couple of forums hotlinking to my images. Hotlinking is where someone uses a link to one of your images on their site, a forum or a blog. The problem is that if it is a high traffic site, the traffic can kill your bandwith allowance.

I'm using frontpage and FP is a pain about messing with the htaccess file at the root. If I tried to enable hotlink protection via cpanel, it broke the fp extensions (yeah, I know, move off FP)...

WARNING- Be careful with the following. It did not break my site, but it could break other FP sites. Backup first and use at your own risk.


You can read up on the .htaccess file commands a simple htaccess file that will block hotlinking would be

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$ [NC]
RewriteRule .*\.(jpgjpeggifpngbmp)$ - [F,NC]


If you put this .htaccess file at the root, you will mess up FrontPage. The trick is to put all of your images into the images folder or it's subfolders. By nature, subfolders inherit the htaccess of their parents. The htaccess file you create will go into the images folder of your site.


You should customize the file to meet your needs.

1. Go to the file manager in cpanel and find your images folder.
2. Create a file called .htaccess (the period at the beginning is critical)
3. Put in your code similar to above (with your site name and not mysite)
4. Test to see if hotlinking will work on your images (a) Go to one of your pages (2) right click on an image and look at the properties (3) copy the image location (4) test it in a hotlink checker such as http://altlab.com/hotlinkchecker.php
5. Test to make sure that you can publish with frontpage and that your site is working, especially FrontPage specific items such as forms.

Keep in mind that if you reinstall the Frontpage Extensions, your .htaccess file in the images folder will probabloy be renamed (or deleted). If it was renamed, you can simply go into cpanel's file manager and name it back to .htaccess. If it was deleted, hopefully, you saved it locally and can either created it in cpanel's file manager or upload it via ftp. REMEMBER to create it in the images folder, NOT the public_html root folder.

Again, there is some risk to this but it is becoming necessary due to rude behaviour. (Hotlinking)

It's Fishing and Phishing season again!!

I just got an official looking email from Amex in my inbox. The problem was that it was sent to one of my emails that I don't use for our amex account (Different domain entirely). Of course, we never click on email links but will go directly to the site.

The problem is that the phishing expeditions are getting more sophisticated. The links in this email were designed to look like actual Amex links

To pay your bill online, click here.
(I've munged a couple of the components of the link to render it unusable, just in case..)


It appears that this is part of something called a replay attack.

I found some clues at http://jalcorn.net/weblog/archives/556-Beware-the-replay.html
which explained part of the methodology.


http://www.tedhaynes.com/haynes1/mtoz.html
replay attack An attempt to break security by retransmitting information that was originally communicated legitimately. See active attack, one-time password system, and passive attack.

One sure clue is that when you look in the email header, you see a return path of nobody@lovemall.propagation.net . Yea, I'm sure that's how Amex would send out an email.

In short, the phishing techniques are getting a whole lot more sophisticated. You would have to analyze the hidden technical portions of an email to spot a fake, and even then you might miss the clues.

So, when you get an email allegedly from your financial institution (or anything else that is important such as your ebay or amazon account)

• DON"T TRUST IT. Do NOT click on any of the links and log in directly from the email
• If you feel you need to check things out, open up your browser and go directly to the site by using your favorites (assuming you linked to the real site originally) or by typing the site address into the address bar.. eg. www.americanexpress.com DO NOT copy and paste links.
• Make sure the rest of your family is aware of phishing attempts and how to handle incoming emails.
• Again- Be paranoid. Identity theft is a royal mess. This is a time for tinfoil hats!!

FBI claims 1 million infected computers id'd in operation Bot Roast

According to the FBI press release, over 1 million computers have been identified as being controlled by Bot herders.

http://www.fbi.gov/page2/june07/botnet061307.htm

we’ve identified about 1 million computers across the country that have
been compromised.

This is the number of infected computers identified as the result of 1 investigation. The number is staggering. However, we still see business and home users that are unable to adequately protect their machines and unwilling to hire professionals to do so.

The issue is truly one of national security. There have been numerous stories in the past about foreign countries and groups probing and testing. With control of a million computers, it would be possible to cause untold economic damage. We are becoming highly dependant on computer systems and the internet for our day to day activities and commerce.

The perpetrators need to be made examples of. A long term in a dismal (not white collar crime) federal prison would serve as a warning to others. Of course, when domestic bot herders are reduced, the offshore operators will continue to operate..

GREAT NEWS- Botnet operators arrested...!!!!

Well, this is great news.. The FBI has arrested 'several' 'botherders. These are the people who use malicious software to gain control of home, business and institutional computers. Their task is made easier by the millions of small businesses and home users who do not keep their computers adequately secured.

Once a botherder has a number of computers under their control, they now have a 'botnet'. A botnet can be used to attack other computers and computer systems or to send out spam. The botnets are usually rented to individuals or groups. Say, for example, you are a member of the yellow team and you don't like the blue team. You could hire a botnet to attack the blue team's website and cause it to crash.

http://www.cbsnews.com/stories/2007/06/13/tech/main2926298.shtml


One of the questions I had when first hearing this is "what will happen to the compromised computers that made up the botnets?" The story mentions that CERT will start trying to identify and notify those people. The problem is that the compromised machines are still vulnerable to attack because the holes that were used originally to control them are still there. Worse yet, most hacksers/botherders will put their own rootkits on those machines to enable an easy 'back door' to the machine.

The FBI is working with computer industry partners, including the Carnegie
Mellon University's Computer Emergency Response Team, to notify botnet victims,
but officials stress that they will not be able to contact everyone whose
computer was affected.

I sincerely hope that the FBI combs the records of these creeps and finds out who rented the botnets. They really need to go after them as well.

Lightning Strikes

I just got back from a client with a home office. We had some nasty thunderstorms and it appears that the juice from a close hit travelled through their cable. It blew the cable modem, the linksys router and the onboard Nic for one of the two machines.

Here are a couple of thoughts on this..

• I've been meaning to get Network Surge Protectors for my systems, They are less than $30 each and go inline with your ethernet connection to the PC.
• This drives home the idea of (1) Always having a good data backup and (2) Having a disaster plan, even for a small or home office. Fortunately it appears that only the one NIC was lost. I have seen cases where lightning will fry motherboards, power supplies and even hard drives.
• We have a lightning suppressor on the main circuit panel of our house. It came with the house when we bought it. I'm not sure how effective they are but it would be worth running it by your electrician
• When you get hit by lightning, it is possible that you will experience some other failures a few days down the road. Components may have been weakened but may not fail immediately.
• Surge suppressors should be replaced after a strike. Most of them wear down as they take hits.

Overall, they were pretty lucky. No one got hurt and there were no fires.

Some (fun) summer reading

It's an old book but I've found that it is still very relevant today. It's Cliff Stoll's "The Cuckoo's Egg"..

Stoll was an Astronomy Professor at Berkley who was put in charge of the computer department. He noticed a 75 cent discrepancy in the billing. As he investigated, he found that a hacker was using the school's system to break into some of the most sensitive computer installations in the county.

The book is written as a novel. It's fairly easy reading for most people. One of the really important aspects of the book is the techniques that enabled the hacker to succeed: Default passwords, unpatched systems, social engineering etc. Cliff puts the techniques into a wholly understandable format.

It's been about 2 decades since his experience. However, I still go out to businesses today and find that they have many of the vulnerabilities that Stoll described. Hackers are still out there exploiting those vulnerabilities..


Once you've read the book, you might want to check out some audio clips of a Stoll speech.. They can be found at http://town.hall.org/radio/University/Stoll/

So, grab a copy of the Cuckoo's egg and take it to the beach with you. It probably won't attract the opposite sex for conversation, but it will give you a crash course in systems security.

Google trends - Compare what people are searching for..

Google has a neat tool available called Google Trends. http://www.google.com/trends You can put in a search term or terms and it will show you the historical trends for searches for that term. It will also highlight news articles pertaining to that term and when they appeared.

You can also put in multiple terms to compare seperated by commas.

It's great for comparing the popularity of certain things. For example, try Atlantic City, Cape May, Wildwood as a search, you will see the relative popularity of each of these. You will also notice the seasonal trends.

There are regional, city and language graphs showing where the searches originated for a particular term.


Tips

• If you compare a couple of terms and one has a much higher or lower search frequency, you may have to retry without that term to see the trends more clearly for the remaining items.
• Don't forget that many words have multiple meanings. For example, bush will not only get you searches for the President, but also for shrubs and trees.
• Terms with low volumes of searchs will probably not show up.

Some things to try

• equinox, solstice
• Full moon
• Blue moon
• lawn mower, snowblower
• Federal election
• New years eve
• sunburn

Anyway, it's a pretty neat tool. If you are a webmaster, it can help you understand the seasonal variations in searching patterns.

Need to send a lot of large files?

You can run into a problem when sending large files via email. The problem is that many accounts are still limited to about 20MB for their inboxes. Suppose you have 3 files you want to send to one person who has a 20MB cap on their inbox. Each file is 8MB. You can email the first 2 ok, however the third will probably bounce because it would exceed the mailbox limit.

This is becoming more of a problem due to the ever increasing file sizes of documents (caused by more pictures, embedded video and audio etc).

So, what do you do when you want to send a large file to someone with a limited mailbox?

yousendit.com is one answer. You can go to www.yousendit.com and type in a recipient's email, your email, and a short message. Then you browse to the file on your machine that you wish to send. Currently the free version is limited to 100MB files. All you have to do then is hit 'send'. The file is then uploaded to yousendit's servers. An email will go to the recipient with a link that will allow downloading the file via a web browser.

There are a couple of things you should consider,

* This is NOT a secure way of sending information. Sensitive files should not be sent. Even if you put a password on am office document, there are password recovery apps that can determine the password you used.
* They offer a paid subscription of about $30/month that will allow you to send larger files (2 Gig), password protect the download and offer authenticated delivery. Even with the password option, you should still evaluate the risk of sending information this way.
* You do get a couple of emails when you use the free service but they are non-obstrusive
* Make sure the person on the other end is expecting the yousendit email so it doesn't end up in their spam box or get overlooked.


If you had a large number of users, you could probably set up a web based solution that would allow your users to upload the files to a website and then send a link via email to the person they want to give access to the file. However, you need to establish ironclad security. I would think that there would probably be additional liability issues if you were dealing with third party information such as information subject to Hipaa. On the other hand, I didn't find anything on yousendit's site about Hipaa compliance.

Be careful whose wireless you access

Depending on where you live, how busy the local cops and prosecuter are, and your overall luck, freeloading on an open wifi connection could cost you dearly.

A guy in Michigan was spotted using a local cafe's wireless. From the description, it doesn't sound like he was a bad guy - volunteer firefighter, secretery for a bagpipe band.. It also sounds like the cafe owner wasn't all that worried about the access.

If you have friends and family that are noobs, especially as far as wireless, you might want to warn them about being careful where they surf. If you know people who are complete jerks but clueless, tell them it's ok to freeload wifi...


http://www.foxnews.com/story/0,2933,276720,00.html

A Michigan man has been fined $400 and given 40 hours of community service for
accessing an open wireless Internet connection outside a coffee shop.
Under a
little known state law against computer hackers, Sam Peterson II, of Cedar
Springs, Mich., faced a felony charge after cops found him on March 27 sitting
in front of the Re-Union Street Café in Sparta, Mich., surfing the Web from his
brand-new laptop

PS - I'm really glad that the cops and prosecutor have gotten rid of all the drugs, street gangs, burglars, rapists and other hard core criminals and now have time to prosecute cases like this /sarcasm

itunes hiding personal data

It appears that at least your name and email address get embedded in itunes files you download from Apples iTunes Plus.


Suggestions

- Make sure your kids know not to share the files they download
- Don't leave files on machines you don't have control over - i.e. - at work
- Make sure all music files are deleted if you sell or donate an old computer (You should really use an application to completely destroy all data or physically destroy the hard drive)


Questions
- How long will it be before some poor soul gets a hundred thousand dollar lawsuit against them because their songs were 'in the wild' but the reason was that their ipod, pc or cds were stolen or their PCs hacked.?
- Will these music files be the next target of hackers and malware?


Thoughts
Corporations in the entertainment industry are really taking some liberties with our privacy. Remember the Sony Rootkit debacle a little while back? Play a Sony CD and have a rootkit installed on your system.(a rootkit is one of the most dangerous types of malware) If it weren't for one individual finding the rootkit, millions more machines would have been infected. http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal

Makes you really wonder about Hollywood....


Personal data found hidden in iTunes tracks-Business-Industry Sectors-Media-TimesOnline: "Fresh privacy fears have been sparked after it emerged that Apple has embedded personal information into music files bought from its iTunes online music store.
Technology websites examining iTunes products discovered that personal data, including the name and e-mail addresses of purchasers, are embedded into the AAC files that Apple uses to distribute music tracks. "

Google is now showing 360 degree street level views. It's great from the perspective of showing people exactly how a particular location looks. However, the problem is that it is showing individual recognizable people. I'm not sure how Google is able to do this. I'm not an attorney so I don't know the exact laws. However, most things I read indicate that you need to have a model release any time you publish a photograph of a recognizable person or persons.

For our travel and location websites, we Photoshop out any recognizable individuals and private vehicles in front of residences just to be safe and to protect the privacy of those individuals. (ie, the red sports car in front of the historic Victorian house might not belong to one of the owners of that house)..

Right now, the odds of you showing up on one of these pictures is infintesimally low. It's even lower that you would have something embarrassing such as being photographed in front of a strip club. However, as Google and other companies constantly expand and add an ever increasing amount of photos, the odds start to increase.. "Hey, is that our mayor in front of the Alchoholic's Anon building?" "Doesn't that look like our neighbor's daughter coming out of the Planned Parenthood building?"

There are some possible solutions. You don't have to photoshop things to make the people invisible. This would be a great overseas outsourcing opportunity.. All someone would have to do is take the photo and apply a small blur or pixelate to each picture.. Sure it would cost a little per pic but balance that against a pic of you in your birthday suit reaching out to get the morning paper...


Scenes Through the Eye of Google - The Lede - Breaking News - New York Times Blog: "Even so, privacy concerns are starting to spread like wildfire. The Drudge Report, that early-warning system for democracy, is now using a screencap of someone peering out of a living room window as his top image. If that didn’t scare you, the banner headline might: SMILE, YOU’RE ON GOOGLE EARTH!CNET tells the story of one fellow who was caught smoking on a competing service from Amazon, revealing a secret he would like to have kept from his family. That service has shut down."


Scenes Through the Eye of Google - The Lede - Breaking News - New York Times Blog: "Even so, privacy concerns are starting to spread like wildfire. The Drudge Report, that early-warning system for democracy, is now using a screencap of someone peering out of a living room window as his top image. If that didn’t scare you, the banner headline might: SMILE, YOU’RE ON GOOGLE EARTH!CNET tells the story of one fellow who was caught smoking on a competing service from Amazon, revealing a secret he would like to have kept from his family. That service has shut down."