Friday, September 02, 2005

The Tragedy Hurricane Katrina

To those who are still going through the horror of Hurricane Katrina even after all the time that has passed I wish to express my sorrow for your tragedy. This is a republish of a poem that I wrote and published shortly after that tragedy.

So while still basking in the light of your recent celebration and the joy of wining the super bowl I thought it was also time to look back and reflect on that time and how far you have came. New Orleans isn't all the way back but it's well on the road.

So while no words can take away your pain or bring back either your loved ones or your property may God help you to continue to rebuild both New Orleans and your lives.

One Man's Prayers and Tears

If one man's prayers could heal your lives,
You would be healed. As I pray for you now.

If one man's tears could wash away your pain,
Your pain would be gone. As I cry for you now.

If one man's hope could lift you up.
You would be lifted above the devastation. As I hope for you now.

But only God and faith can see you through this time of trouble.
He is with you now through all our prayer and He will heal you.

His tears he sheds for you will wash away your pain.

He will lift you up and carry you and all will be made whole again.

To the victims of Katrina
By Frank Woodman Jr (9/2/2005)

Tuesday, August 30, 2005

We need security companies too quit shortchanging us.

I can’t help but wonder why security software companies aren’t using more of the protection methods available to them than they are. It’s time for sandbox technology and memory monitoring software to become a part of the standard tools available to us to protect our systems. I see no reason that companies like Diamond CS can write programs like ProcessGuard while companies like ZoneAlarm, Norton, and McAfee continue to hand us the same old methods that are becoming far too vulnerable to being compromised.

For any of you who aren’t familiar with ProcessGuard it’s a program that monitors the actions of all the programs running on your computer and prevents certain actions and processes from running with out permission. Sometimes it is a pest because of its messages but it is nice to realize that it is almost impossible for a program or process to run with out permission. It tells you every time something tries to do any action that is questionable or shouldn’t be happening. While it’s not perfect it works very well and provides an additional layer of protection that greatly increases security on a system running the program.

So if a little company like Diamond CS can provide such protection why aren’t other security companies also providing similar protection? I understand that not everyone would want to be bothered by a program like this but it should be available for those of us who want to use it.

Sandbox technology has the same problem of being used very little by the security software industry. To see my antivirus software detect a virus and quarantine it leads me to wonder why programs like Internet Explorer aren’t contained in a protected section of memory. Now we can even buy programs to run numerous “virtual machines” on the same computer without them disturbing each other but we can’t isolate the processes of a program to prevent it from running amuck on our machine. Strange isn’t it !

I currently run Windows XP and Red Hat Linux on the same machine at the same time with each OS running and sharing the resources of the computer without any problem. Each OS runs in a virtual machine that is configurable to allow for the amount of memory and hardware resources that it needs without affecting the other OS at all. If this is possible why can’t we use this method to protect our systems from malware and viruses?

It’s time that we as consumers start demanding that the best technology and methods are made available to provide us the protection we need and deserve. The security software companies are continuing to shove old outdated technology and solutions at us while raking in the profits. We need to demand that it stop and that they start using some creativity and quit ripping us off.

Sunday, August 28, 2005

Internet Explorer 7 a Tale of Two Programs

Microsoft’s new beta version of Internet Explorer is out and it is interesting to note that there are two versions. The first one is shipping with the Vista OS beta just released and is designed to be used with Vista. (See yesterdays post for my early impressions of Vista.) I didn’t have time to check out if it would also work with XP but it would be interesting to know if it would. The other Internet Explorer beta is designed for XP and it has slightly different features.

With Firefox breathing down their neck and their market share dropping quickly Microsoft decided to rush through a hurried up date to Internet Explorer for XP before they released Vista and it’s version of Internet Explorer. Lets hope that it isn’t such a rush job that security suffers. It’s hard to know how well a browser is constructed until it hits the net and the hackers and crackers have a shot at it. My prediction is that version 7 of Internet Explorer will have as many serious security problems as did version 5 and 6 and that doesn’t bode well for users.

So what’s up with version 7 of Internet Explorer? What new magic is Microsoft giving us this time?

Well it seems more than anything else Microsoft was feeling the pressure from Mozilla and Firefox with its growing market share. These last few months have found Microsoft feverishly trying to rework a tired threadbare Internet Explorer version 6 to hold off the competition from Firefox. Since the current version of Internet Explorer (version 6) wasn’t that much of an improvement or change over version 5 a change in Internet Explorer was long over do. Before Firefox Microsoft basically let Explorer coast along but Firefox’s competition forced them to take action on an update or risk further losses in market share and market share isn’t something Microsoft gives up easily.

So what is the verdict on the new program and does it offer any reason to move from version 6 to version 7.

Well the first thing that you notice is that it offers tabs just like Foxfire, Opera, and several other browsers. That is a nice feature as you can move around so much easer between sites you visit often by using tabs. I don’t think that it’s done as well as Firefox’s tab feature but it is pretty good. It’s just too bad that Microsoft was so stubborn about offering tabs before now.

Since Microsoft was only planning on updating Internet Explorer after Vista came out it shows just how desperate they were to keep their position. Pushing up the release date for the XP version is a risky decision for Microsoft. Can they get security right with a hurried rewrite of Internet Explorer is a question yet to be answered. Let’s hope so for everyone’s benefit.

We also see search being more visible with a new search box next to the address box in IE. Both Vista and Internet Explorer offer a much faster more complete search feature but it is hampered by not having the new file system that Microsoft promised. Search is definitely a hot button item right now with so many trying to corner the desktop search market that Microsoft felt that they had to improve search capacities, abilities, and speed. So far it looks like they did do that in this version of Internet Explorer as well as Vista.

Next is the addition of an RSS reader built into Internet Explorer. Once you get past the fact that Microsoft has changed the name from RSS feed to web feed you will find that it seems to work alright except for the fact that you have to check a feed source manually. Let’s hope that they fix that before the final version ships.

I for one don’t want to have to click on the my favorites tab and then click on the feed source to check for updates. That kind of defeats the purpose of using RSS and especially when you can have a tab for any site you visit often. With one simple click on a tab you can see the site anyway. Given the way Microsoft has RSS feeds setup I predict that most people will chose to use the tab feature to check for updates or get a real RSS reader. Maybe this is Microsoft’s plan to destroy RSS feeds since they can’t control them.

I also have some reservations about RSS feeds being directly tied to the browser knowing Microsoft’s track record with active x and other browser active components. Time will tell on this issue but I will bet that security issues will arise with RSS being a component of the browser. I can see the real possibility of active components getting through to the browser hidden in an RSS feed and being allowed to run on the system.

Microsoft is taking one direct security measure that is long over due by adding better protection against Phishing by adding a filter to help warn people about questionable sites. (The only down side is that this feature is currently only in the XP version of Internet Explorer version 7.) Even more interesting is the fact that the filter will also be able to check against a data base to block known Phishing sites. Sounds like a good idea lets hope it works as advertised. What we don’t need is people thinking that this filter is protecting them when it isn’t.

So what’s the verdict?

Well all in all it seems to be a good program. It’s got enough improvements in security and features to make it worth going to the trouble to update to Internet Explorer version 7 if Internet Explorer is still your choice in browsers. I just wish that it was also being offered to those who are still using Win98 and ME.

Many may wonder if Microsoft’s failure to make Internet Explorer 7 only run on XP or Vista is one more attempt to force people to update. I just hope that Microsoft remembers that most people who are running Win95/98 and many running ME can’t update because of hardware limitations. People using these older systems are often those who are on the fringes of computer use anyway. To use security to try to force people into updates to their OS isn’t something that Microsoft or anyone else should be doing.

Of course you could do what I’ve done and just install Firefox and get all the features that Internet Explorer version 7 will have except the Phishing filter and not have to wait. Firefox is here and available now with tabbed browsing, proven security and it’s not dependent on Microsoft.

It will also run on all versions of Windows from the older Windows 98 to Windows XP as well as Linux. That’s especially nice when you run a network with mixed operating systems and only want to have to support one browser. So if what you want in a browser is security, versitality, and features you don’t have to wait on Internet Explorer to update you can get Firefox today.

If you want to check out Firefox just head to their homepage;
http://www.mozilla.org/products/firefox/

Saturday, August 27, 2005

Microsoft’s Vista is on the Right Track but there’s Still Much to do.

Microsoft released their much anticipated updated beta of Vista on July 27th and I’ve finally gotten a chance to really set down and check it out. Even with the stupid name it looks like it will address a lot of the security problems that have plagued Win XP.

So after two days of really putting it through its paces I’ve got some initial personal reactions about it to share with you.

The General Look and Feel

First, as usual, Vista includes the usual superficial bells and whistles that Microsoft loves to put in its OSs. It has sharper graphics (With the price of needing a much more powerful graphics card.) and a different look to the windows frames called “aero glass”. Aero glass gives a cool see-through effect to the window frame boarder.

The sharper graphics seem nice and the over all draw and opening time of windows programs seems faster and crisper. (Of course with the powerful graphics card this OS requires to display “aero glass” and other such graphics enhancements they should be.) So when it comes to cool looks Vista is on track. And while this is certainly nice it’s hardly a major reason to run out and buy Vista.

I did also find “aero glass” makes some actions harder. Dragging and dropping and other similar actions are trickier since you can’t easily tell just where the edge of the window frame is located since they have a semi transparent look with edges that fade into the background.

Much more impressive to me are the graphics icons that the system uses to represent files and folders. Now a document or folder will be represented by a graphical representation of the actual document or file not the stored, stylized, generic graphics used in XP. Now just like all of your program shortcuts your file and folder icons will use distinctive representational icons.

They have also changed the look of the standard application menu bar that contains the file, edit, view, insert, and other such function menus in windows. Now they have either eliminated it or moved it to the bottom of the window. I’ve not decided what I think of this change yet. It will take some time for me to decide on this one as I fail to see a reason to change this except to try to look different from XP and the other windows flavors.

I was also disappointed to find that Vista doesn’t seem to boot up or shut down with out taking all day to get it done just like XP and all the other versions of windows before it. It has always amazed my how long it takes to turn off Windows. What can it possibly be doing that takes it sooooo long to get it over with.

Search and moving around within Vista is also one of its bright notes. Everywhere you look you can find a search box or an icon to help you find a file or move to another location. It’s just too bad that this comes almost too late since so many search tools (many free to boot) are becoming available that do the job even better. I guess it’s just like many of the other features found in Windows. Use what comes with Windows if you don’t need a full set of features for the job but if you need a complete solution then get a third party solution.

As to the many other features like virtual folders and such I didn’t really look at them since it seems that they it will be a much later before they are fully implemented (If they aren’t dropped like the new file system Microsoft promised but like so many of their promised “features” not delivered.)

Under the Hood

But the real changes we’re all looking for relate to improvements in the basic underlying security and stability of Vista. On this issue the jury is still out since the final features that will be in the “finished” product are hard if not impossible to predict yet.

The ability to easily use programs in Vista at a reduced rights level rather than always needing to be logged on with Administrator rights promises to be one great security addition that will most definitely be implemented. It still is a little rough around the edges in this version but it seems likely that Microsoft will work out most of the problems by its release. Being able to use programs like internet explorer at reduced user rights really improves a user’s ability to protect against malware. It only remains to wonder why Microsoft took so long to do this for internet explorer.

Microsoft is also promising other safety security features but they are harder to see or substantiate since some of them aren’t in this beta and others seem to work poorly. An example is their claim that the OS will have the ability to detect imminent component failure (hard drives, video cards, DVD’s and such) and suggest data backup and other protective actions before these problems strike.

In an attempt to prove if that feature works or not I installed a hard drive I had which had gone bad sometime ago. This drive had developed a loud squealing noise (Bad bearings I guess.) and wouldn’t always let windows boot due to read problems on some sectors. Luckily I’m one of those guys that always hangs on to such junk so I had what I needed to test Microsoft’s claims on this one.

Well after three tries the system booted and I was able to install Vista on to this hard drive with out any real problem except for listening to the noise of the drive grind and screech away. (Really I ducked out and only checked in once in a while because I just couldn’t stand to hear this drive trying to self destruct.)

As a testament to Western Digital though the drive made it through the install and I allowed it to run for over an hour while rebooting it two or three times. After all that not once did Vista ever complain. This is not a scientifically controlled test but since the drive was so bad it was a real disappointment that Vista didn’t complain even a little bit.

Vista is also suppose to be able to detect whether a system has been tampered with and know what files have been changed. This should make it much easer to prevent malware and viruses from changing anything in the system files and folders with out detection. I’m betting that this feature will work and work well in the final release but I didn’t try to test it since the question shouldn’t be if this feature works or not. The question should be why has it taken so long to get it as a feature. Up to now Microsoft’s attempt to detect or detour intrusions to the critical systems files has been worse that poor it’s been totally lacking. Much of the real problem with security and Windows is that everything is just too open. With lots of sharing of everything from dll’s and services to drivers it’s surprising that there aren’t more security problems.

So to sum it up the jury is still out but it seems that Vista is headed in the right direction but it will be interesting to see how long it takes to live up to it’s promises. It has take XP until service pack 2 to have the features and security that it should have had right out of the box! I’ll bet Vista will take a year or two to really deliver on its potential. That means that most likely a rush to up grade isn’t necessary.

Tomorrow we’ll look at Internet Explorer’s update beta that shipped with Vista and see if it is really ready for prime time and ready to fight Foxfire’s growing popularity.

Thursday, August 25, 2005

Windows 95's Birthday Passes Quietly

Yes yesterday the 25th of August was Windows 95’s 10th birthday. It passed quietly with no comment by Microsoft. There was no party, no balloons, and no excitement shown by Bill Gates or Microsoft.

This is unfortunate as a comment should have been made.

Come on Bill Windows 95 was your baby and it is why your company continues to dominate the OS markets to this day. I could easier see a Disney with out Mickey Mouse than a Microsoft with out Windows 95. (Yes I know some people see a resemblance to Mickey Mouse in your software anyway but that’s another story.)

Without Windows 95 the Mac OS would now be the leader in OS software and you and Microsoft would be a distant 2nd.

So if you won’t praise your baby I’ll take a moment to say a word or two.

Windows 95 was a mile stone in computer software development and for better or worse started the "modern" era of easy computer use. While Windows 3.1 was the first real Windows it was so unstable and resource intensive that it only hinted at what was to come. (Yes I know that Windows 95 wasn’t all that stable either. But it was so much better than Windows 3.1 that there was no comparison.)

No one software release has made computers more open to the general population than Windows 95. With a common look and feel across all programs, a simple development environment, and common drivers for all programs even the newbie could handle a computer. And with that change computer use took off and grew in ways never imagined by anyone.

In just 10 years the computer has made inroads into daily life that it’s hard to imagine. Much of that would not have happened the way it did without Windows 95.

Anyway HAPPY 10th BIRTHDAY WINDOWS 95!!!!!

PS It’s also interesting to note that I still have two computers that I and others in the family use occasionally that run on Windows 95 and they still do the basic tasks that I use a computer for just fine. (Some days I wonder if NT, 2000, ME, and XP are really worth the extra trouble and cost.)

(Look Mac users don't take this article personally. Mac is a great system and is in many, many ways better than Windows. But it just has never been as popular and for that reason hasn't had the effect that Windows 95 has had on general computing. Just stay cool Mac users because with Mac’s new OS and move to Intel chips Windows may not win in the end after all. I see a new Mac on a lot of desktops with in the next few years.)

PC World’s Article “The Web of Crime” is a Must Read!!

PC World is currently running a great 5 part series about computer crime called “The Web of Crime”. It’s a short well written series covering crime on the internet and how it’s changed from humble beginnings into the major criminal activity it is today.

Taking us from the early days of computer crime and the independent hackers who were behind it we are lead to the modern professional criminal of today’s internet.

For a such a short article it weaves a spell binding account of crime on the internet. Its story about the company that produces the PC Tools utilities and their attack by on line criminal extortionists is intriguing and very informative. It shows that even moderate sized companies doing business on line today are targets of attack.

If nothing else this series of articles will forever change how you think about computer crime on the internet.

So if you want to read what I think is one of the best stories so far this year about crime and the internet today this is one series of articles you shouldn’t miss. I guarantee you’ll read it from beginning to end without stop.

The series can be found here at PC world’s web site;

http://www.pcworld.com/news/article/0,aid,122240,00.asp

Tuesday, August 23, 2005

The Latest Report on Malicious Software on the Internet.

Webroot recently released there quarterly report on malicious software on the internet and it wasn’t encouraging.

After scanning almost 60,000 computers at approximately 20,000 companies they found a large increase in the number of Spyware and Adware programs infecting these systems. This is most worrisome since corporate enterprise systems have available the most resources to protect themselves. They have the manpower and the budgets to implement the software and practices that should be preventing such infections. If corporate America isn’t getting the job done then you can bet that the problem is much, much worse for individual users.

Webroot found that 80 percent of the enterprise computers they scanned are infected with some kind of Spyware/ Adware program. The average number of such programs found per computer increased to 27 up a whopping 20 percent from the previous quarter.

This increase comes at a time when awareness of Spyware, Adware, and other malicious software is at an all time high and in a sector which potentially has the resources available to it to fight against these kinds of problems. That means that companies are losing their battle with malicious software writers.

Even more troubling is the fact that infection by the worst of the malicious programs, mainly Trojan Horses and key loggers, stayed about the same. These programs are a much greater risk to the security of any system than the Spyware/Adware programs we’ve known in the past. They result in identity and data theft which is much costlier and more destructive than spam and pop up ads ever will be.

This increasing trend toward developing Trojans and key loggers shows that the malicious software writers are changing from a pay-per-click advertising theme to an identity data theft model. Their attacks are more and more exploiting these much more profitable crimes. It also seems to indicate that organized crime is involved since these programs are more intricate and require a lot of group involvement.

It isn’t the juvenile hacker who’s the problem anymore. It’s the well funded technological savvy criminal that we all need to fear. These guys aren’t interested in where you go on the internet. They aren’t trying to show you ads and popups. They are after your credit card and bank account numbers so they can rob you of all the money they can get. They want to get into your eBay account and would love to get your PayPal password. They’re after cold hard cash and they will do what ever is necessary to get it.

Using new advanced methods and stealth technology they are creating programs that are circumventing the safeguards that we have came to rely on. That means that we all must adapt to these new threats and increase our efforts if we are to protect ourselves. Just remember that even though there are dangers out there it is possible to be on line and be reasonable safe. It just takes awareness and the right tools and procedures to make it happen.

So while it’s gotten tougher it isn’t impossible to protect ourselves we just need to work smarter and harder to get it done. With that in mind I’ll be covering what we can all be doing to properly protect ourselves in a series of up coming articles so stay tuned.

Resources

Read an excerpt from Webroot’s report with links to the complete report here;
http://www.webroot.com/land/stateofspyware_excerpt.php

(The complete Webroot report in PDF format is about 9megs and to download it you are required to give them you name and address. The excerpt is however is available with out any information required and will provide a good overview of the complete report. Besides unless you love this stuff you don’t want that much information anyway. Trust me I’ve read the complete report and it will put you to sleep.)

You can read eWeek’s article about Webroot’s report here;
http://www.eweek.com/article2/0,1759,1850937,00.asp?kc=EWRSS03129TX1K0000614

Monday, August 22, 2005

It’s So Long to CardSystems Solutions, I Hope!

Well another story about CardSystems Solutions has hit the wire services. Again attention is being drawn to the whole credit card clearing house problem. The lack of enforcement of security rules on card processors used by the major card issuers has been an underlying security problem for sometime.

Larry Loeb writing in eWeek expresses the opinion that CardSystems Solutions will have problems surviving in the long term. I can only hope he's right but as I said awhile back I doubt it.

I know that for what CardSystems Solutions did shutting them down is too being to easy on them. I think that someone needs to spend some time in jail where they can be left alone to study computer security.

Anyway on the surface the card companies are pushing their new heightened security standard for the press and to parade before Congress in the up coming hearings on credit card customer security. I think it's more for show than for true change. With Congress and the news media sniffing around the credit card companies are trying to do a white wash job.

I say we need to do what the Queen in Alice in Wonderland wanted to do, “Off with their heads!!!!”

Anyway you can read Larry’s article on the subject in eWeek here;

http://www.eweek.com/article2/0,1759,1839515,00.asp?kc

Microsoft to the Rescue???

Well the "old dog" Microsoft is trying to get into yet another area of internet services that of providing outsourced email handling. They are purchasing FrontBridge a secure email hosting company. It is only one of many moves Microsoft has been making in the area of email and email security for the last year or more. It shows just how important email security, management, and storage have become that Microsoft would look to enter this market.

While the jury is still out on the question of if Microsoft can get any security matter right let’s hope that this time is different. With all of the issues surrounding email in the workplace right now email is in need some big, big changes if it is to survive. Of course the real issues facing email today go beyond any Microsoft’s entry into the managed email market can solve. They go to the root of email and how it’s sent and managed over the internet. Email is so vital to modern business that it must be protected from all of the possible catastrophic events that might happen. From power outages and natural disasters to internet sabotage nothing must be allowed to stop or destroy a company’s email.

That comes on top of the problems of viruses, pfishing, and Spyware. Problems we all know effect email and aren’t going to go away any time soon. But it's even more complicated than that. We are now seeing Sarbanes Oxley’s rules and regulations going into effect requiring businesses to monitor, store, and provide email in ways that are hard for a company to manage and enforce internally. Having a disinterested party provide these services through a managed email service will end up being the most common way it's handled for medium to small companies in the future.

Let’s just hope that Microsoft’s entry into this market signals a movement toward change that will really result in email being safer and more protected for everyone on the internet wither they use a security mail provider or not. At least it shows that some of the well know big players are beginning to move into a market that has been dominated by large but lesser know companies for sometime now. Maybe Microsoft’s entry will bring an awareness and competition that will result in improved email for everyone. We can only hope so.

But one way or the other email needs to be saved just because it has become too vital to modern business. We all rely on it too much to see it completely fail and I predict that some how it will be salvaged. We need things to change lets just hope I’m right and it’s not already too late.

Read a related article on eWeek;
With a Name Like Microsoft�

Thursday, July 28, 2005

New Rootkit Techniques Spell Trouble

Just when we thought we were getting safer from computer intrusion comes word of a new type of stealth rootkit. This new proof of concept rootkit means the bad guys are gaining on us again. Just the though that someone can install a piece of software on your system to perform secret acts while remaining completely undetected is a very scary though. But it's more than a though or possibility its being done right now with rootkits readily available. Worse the new method revealed shows that it can be done at a level and in a way that it’s not detectable by most if not all of the current detection software programs available.

Jamie Butler (a director of engineering at HBGary Inc.) and Sherri Sparks (a student at the University of Central Florida) demonstrated a technique at the recent Black Hat Briefings in Las Vegas that uses DKOM to prevent the Windows Event Viewer from seeing a program. The technique can even hide drivers and such allowing for just about any activity that a hacker could possible want to do. Worse still is that it can be done with little or no impact on performance?

"This is a prototype for a fourth generation of rootkits that would defeat the current rootkit detection technology," said Sparks. With its use of DKOM (Direct Kernel Object Manipulation) to hide from the Windows Event Viewer it makes forensics virtually impossible and will require that scanners improve and expand existing rootkit detection technologies.

So what's the answer?

The same as it's always been; pay close attention and stay vigilant. Look for and monitor changes in how your system functions. Is it taking longer for your system to start up? Is it hanging or freezing up? Does your computers response and activity seem slower or different than usual?

Any of these danger signs mean that you should be checking your system even closer than normal. This also means that it’s becoming necessary to use dedicated software for Trojan and Rootkit detection.

Sadly we've reached the stage in computer security that Rootkit Trojans and other such software have became enough of a danger that only specialty software can address the problem.

So pay attention, do your homework, and get a good Trojan/Rootkit detection program to go with your Spyware/Antivirus software and use them frequently.

Check out the eWeek article on the same subject at;
http://www.eweek.com/article2/0,1759,1841266,00.asp?kc=EWRSS03129TX1K0000614

Thursday, July 21, 2005

American Express Cuts Ties With Processor

Finally at last the major credit card companies (American Express Co., Master Card, and Visa) are taking action against CardSystems Solutions Inc., the Tucson-based company responsible for the largest loss of credit card data in history. It's certainly time for something to happen to this company for putting so many of us at risk for identity theft due to their carelessness.

Let’s hope that this action will send a strong message to all the companies that process our credit cards that the loss of personal data will have major consequences.

But is this really a case of too little too late?

Will the major credit card companies really stick by this decision and not just give a little slap on the wrist to CardSystems Solutions Inc. before going back to business as usual?

Will the credit card companies do what the government so far has been unwilling too do; punish companies that are careless with our personal information?

Well I for one doubt it.

Let’s face it; one of the last of the "Good Old Boy Clubs" is the credit card industry. Most of the companies that process credit cards and collect consumer data are private companies answering to no one. Not to the government due to the lack of laws and regulations and not to the public or stock holders due to their being private businesses.

From the massive amount of lobbying money they throw around in Washington to the ruthless business practices they employ against their competition the big boys in this industry play rough. Worse still they care little about the customers that make them their obscene profits. These guys make Microsoft's business practices look like school boy antics.

So what I predict will really happen is that as soon as the publicity quiets down the major credit card companies will go right back to using CardSystems Solutions Inc. It will be business as usual just as it was before any of this ever happened and their buddies who own CardSystems Solutions Inc. (Including Camden Partners a major private venture capitol company which invested $9.3 million in the Tucson company last year.) will continue to rake it in while leaving us at risk.

Anyway a good article about American Express’s, Master Card’s, and Visa’s action against CardSystems Solutions Inc. can be found here;

American Express Cuts Ties With Processor

Let,s just hope that it's for real and this company is made to pay the price for their carelessness.

Thursday, July 07, 2005

Microsoft’s Old Dog “Security” Hasn’t Learned any New Tricks.

Microsoft has never received high marks when it comes to security but things seemed to be getting better. With the advent of security based code writing and the purchase of a company to get an excellent Spyware Adware scanner it seemed that Microsoft had finally decided that their customers deserved security and protection and Microsoft was committed to providing it.

But as the saying goes it’s hard for an “old dog” to lean new tricks. Now it seems that Microsoft’s old dog named “Security” is back at its old ways. Microsoft seems to again be looking at profits before security and customer protection.

The first hints of trouble started recently with the growing rumors of Microsoft’s intent to purchase the software company Claria. I’ll bet you’ve never heard much if anything about this company. It keeps a low profile but it’s well known in security circles.

Claria just happens to be the company that has single handedly produced some of the worst of the Spyware/Adware programs found on the web today. Just look up Gator, Gator Wallet, PrecisionTime, and Weatherscope on Google and you’ll see that these programs have a really, really bad reputation with security experts. (One that is rightly deserved in the opinion of every expert I’ve studied.)

At first I didn’t put much credence in these rumors of a buyout but now it seems that there must be some truth to these rumors after all. If it’s not a buyout something is definitely going on between Microsoft and Claria. It seems that suddenly Microsoft’s much touted Anti-Spyware program is now passing over Gator and some of the other programs that Claria software writes and distributes.

Strange that since by default every single major Spyware/Adware scanning package disables and/or removes all of these Claira programs so it’s not in question if these programs are Spyware/Adware. All of these Claria programs were by default also quarantined by Microsoft’s Anti-Spyware program UNTIL their latest “update”. Now it seems that Microsoft has changed the default setting of it’s scanner to pass over these programs and it allows them to continue to run on systems it’s scanned.

So if Microsoft isn’t trying to buy Claria then why did they make such radical changes to the basic default settings in their Spyware/Adware scanner? It didn’t happen by accident. Microsoft is smelling profit somewhere and it looks like they’re willing to lie down and roll over to make it. It’s too bad that some companies will do anything to make a profit. I was hoping that Microsoft had changed that attitude but it looks like it hasn’t.

Security and data protection have been sold out by Microsoft and unless their Anti-Spyware scanner is changed back to labeling Claria’s software for what it is Microsoft will ultimately be held accountable. I would hope that Microsoft wakes up before it’s too late but I don’t suppose that will happen if the past is any indication.

Microsoft and security still seem to be opposites.

PS If you still want to remove these Claria programs you only have to go to the ignore list and change the setting back to quarantine or remove to solve this problem. I've already be there and done that!!!

You can also find out more details on this matter in two other good articles located at;

eWeek’s home site http://www.eweek.com/article2/0,1895,1834607,00.asp
and on sunbelts blog site http://sunbeltblog.blogspot.com/2005/07/microsoft-sets-claria-to-ignore.html

Saturday, July 02, 2005

STUPID IS AS STUPID DOES.

Well the experts are at it again and it’s a real bone headed stunt this time. It seems that I received an email the other day that I just knew was a phishing attempt. My credit card company (one of the largest in the country) had sent me an email explaining their new security feature of providing one time use numbers for on line purchases.

Having a number that was only good one time would make stealing the number worthless. Good idea!! I’m thinking that maybe these guys have it really together. Here’s a simple, cheap to implement, useful answer to stop online credit card number theft from being effective. Steal the numbers, so what, they’re useless.

So far so good I’m thinking as I read on through the very BOOOOOORING letter.

Then suddenly as I read on the alarm bells begin to ring. They (the credit card company) want me to click on an embedded link to go to their site to automatically activate this feature.

“YEAH RIGHT” I’m thinking.

Who do these idiots think they’re dealing with some dumb newbie?

Do they really think that I’m that stupid?

Now being a good net citizen I went straight to the banks site and sent a copy of this email to their “security” contact address. Now I’m I thinking that have nothing to do but sit back and wait to be thanked for reporting this new phishing attack. I just know that the bank will be glad to be able to warn others about it.

Well guess what?

I get a call from the bank the next day telling me that this email is correct and it really is from the bank credit card center.

“WHAT you guys are sending out emails that contain links to be clicked to go to your site.” I said. “Don’t you know that’s the favorite method used by hackers and phishing artists to get us to go to their bogus sites and be ripped off.”

“But this is different, said the agent on the line, we really did sent this email. It really will take you to our site.”

“But how should I know your email from all of the other phishing email that I receive”, I ask?

I get a long silence from the other end before he says that I don’t understand how this works. When I click on the link I will activate the one time use credit card number security feature which will protect me from such things as phishing and credit card number thieft.

“But what if a hacker or phisher gets a copy of this letter and changes the link to take me to a site where they try to get me to reveal my credit card information I ask? If I have any doubts and contact the bank you guys will even tell me it’s ok. Just like your doing now. How could I not be fooled by this copied email from going to a rogue site. You've told me everything is ok.”

“But it is ok the agent says. You don’t have anything to worry about we did send you that email.”

Well as you can guess by this time I’m giving up on this guy so I thank him for his help and ask to talk to his supervisor. When the supervisor comes on the line I let him know that I think I’m going to changing my credit card company and could he just put a hold on the account until I can pay off the balance due.

I bet you know what he said. “Why would you want to do that?”

Well I told him that I would send him an email to explain it to him if he would just give me his email address. While writing this email I was sorely tempted to enclose a clickable link to my blog site so he could read this letter but I resisted.

Besides he wouldn’t get it anyway!!!!

PS another article on the subject can be found here.

http://www.eweek.com/article2/0,1759,1833855,00.asp?kc=EWRSS03129TX1K0000614

PPS Have a safe and sane Fourth Of July everyone. I want to see you back here again so be careful.

Monday, June 27, 2005

Summer Jobs Mean Hidden Opportunities!!!

Well its summer time and your high school (or college) aged kids are getting jobs to earn a little spending money or help with college expenses. It probably doesn’t seem that long ago that the most important thing in their lives was getting their drivers license and that all important first date.

These are events that they (and you) will always remember (Fondly I hope.) as defining the beginning of their change from a child to an adult. These and other such events foreshadow the things to come in their life. College, marriage, that first good job, and of course kids are right around the corner most likely and it’s a busy and hopefully thoughtful time in a young person’s life.

What both you and that new worker are probably missing however is just how big an event that first job and the earned income it provides are to the total picture of your child’s future.

With that job comes a unique opportunity!!!

Silently, quietly, and never to come again has arrived the most opportune time in their life to start saving and planning for their future. It may have more potential for financial security later in life than a college degree or climbing the corporate ladder to a high paying job or profession.

What is this magic moment?

What has changed in their life that you and they may be missing?

What opportunity has occurred that will never happen again?

Well it’s the chance to start a ROTH IRA while they are young.

PLEASE, PLEASE….. DON’T LET THEM MISS THIS OPPORTUNITY.

Get them to set up a Roth IRA as soon as possible.

It’s never too early to start saving and starting a Roth IRA at young age is a guaranteed winner if it’s left alone to grow. Start a Roth by 20 and it has a chance to grow for 40 to 45 years tax free rather than the current average of 25 or 30 years that most retirement plans do.

Time not investing savvy or how much you save is the greatest asset that any investor has in their arsenal. It is the one asset that can’t be made up for as compounding interest requires TIME to work it’s miracle of tremendous growth. While bad returns on investments can be over come and savings amounts can be increased when opportunity allows only time allows compound interest to work it miracle and grow our savings to astronomical levels.

Believe me this is the stuff that investing dreams are made of. The difference those extra 10 to 15 years of growth makes is impossible to realize unless you play with the numbers. But it’s safe to say that on average it will probably DOUBLE and maybe TRIPLE the amount they have at retirement if allowed too.

Remember no less than Albert Einstein when referring to compound interest is quoted as saying:

"It is the greatest mathematical discovery of all time"

If Albert Einstein felt that compound interest was a greater discovery than his other findings like E=MC2 it shows just how powerful it can be for your child’s future financial security. Just think Einstein was saying that compound interest was more powerful than atomic energy and I can’t argue with him when you’re talking about investments.

In my next article we’ll look at the Roth IRA and why it’s one of the greatest investing programs that Congress has ever given us. I’ll cover both the basic rules governing Roth IRA’s and the cautions that you need to keep in mind.

Friday, June 24, 2005

Here’s additional Information on the Research Project Code Named Avalanche.

This original paper filed on Microsoft’s website explains the Avalanche project in detail and should help to put to rest the question of what Microsoft’s plans were and are for Avalanche.
http://research.microsoft.com/~pablo/avalanche.htm

You can also see eWeeks take on this issue of a conspiracy to damage BitTorrent. Check out this article by Steven J. Vaughan-Nichols at for his take on this issue.

http://www.eweek.com/article2/0,1759,1831018,00.asp?kc=EWRSS03129TX1K0000614

What Conspiracy against BitTorrent??

John Dvorak sure opened up a can of worms for me with his strongly worded story about his theory of a “Conspiracy” to ruin BitTorrent by the media and Microsoft. Since his article came out I’ve gotten more email about my article on this subject than I could have ever imagined. (You can read John’s article here if you haven’t read it yet to see what he has to say http://www.pcmag.com/article2/0,1759,1829684,00.asp .) Because of this article and the buzz it’s caused I felt that I should reply to John and the others that are pushing this conspiracy theory.

Come on John look around and see who’s writing these stories. It isn’t a bunch of fools that are writing about the Spyware/Adware problem with BitTorrent. Articles have been in every magazine and blog from eWeek to mine talking about the problem. Do you really think that I have any agenda with BitTorrent? I love and read your stories John but they aren’t always right especially when it comes to Microsoft and your conspiracy theories.

No one I know of is saying the problem is within BitTorrent itself but how it's being used by the Spyware/Adware distributors. BitTorrent is a great program and offers an answer to over loaded servers while providing secure data downloads without the possibility of tampering.

But that isn’t my concern!

The facts as I and others have stated them are as follows.

First Microsoft currently has no plans to challenge BitTorrent and all of the avalanche studies were just that studies. It seems that conspiracy theories are like gossip when it comes to Microsoft hard to stop and impossible to trace to their source. Microsoft is truly the company that people love to hate. Sometimes rightfully so but in this case John Microsoft is innocent and there is no conspiracy except in the mind of those who want to see one.

Microsoft has never had plans to release avalanche now or in the future. That’s right in documents on their web site from long before this argument took place. (Of course if they get enough buzz going on the subject that might change.) It was a research project in the beginning and it is still just a research project. Check it out yourself John if you doubt what I’m saying. Just search their information data base and see for yourself.

Second BitTorrent has definitely become a tool of choice to deliver Spyware/Adware programs and such to an unsuspecting public. I don't have to take someone else's word for this John as I have found Spyware/Adware floating around in BitTorrent downloads myself. When I scan my system before and after a BitTorrent download and find Spyware/Adware programs that weren't there before the download then they came in the BitTorrent download.

End of story!

So that’s the reason and the only reason I've quit using BitTorrent for the time being. Not because of some conspiracy, nor because I’ve bought into any false rumors or stories but because I, myself, found Spyware/Adware programs on my system that came in BitTorrent downloads.

And Third few if any Spyware/Adware detection programs are able to look into BitTorrent packets and see the signatures of any Spyware/Adware they may contain. Once the creodonts that produce Spyware/Adware programs found this out they realized that they had a great opportunity to use BitTorrent to distribute their cr*p. By their using a respected, popular program with good security features an unsuspecting public is allowing Spyware/Adware programs to be downloaded to their computers without even suspecting it.

That’s why I have recommended that people either stop using BitTorrent or use it with great care. I based my decision completely upon what I found was happening not on rumor or speculation. I’ve taken a great deal of flack on my article about BitTorrent after your article John but I stand by my statements in this article and in the original.

My advice to those people using p2p software is as it was before your article; Use BitTorrent if you feel you must use a p2p program. None but BitTorrent meets any standard of security that I trust as being very good. Just remember though that having a secure method of transmitting data that prevents tampering doesn't mean anything if the data is corrupted too begin with.

If you want to use BitTorrent or any other p2p program make a full Spyware/Adware scan before and after downloading anything. That will allow you to trace any problems you have back to the source. And while I have been accused of everything from being a co-conspirator with Microsoft (don’t I wish I was that close to Bill and the boys!!) to being a fool, I’m neither. I’m just an honest writer who feels that BitTorrent should be avoided like all of the other p2p programs as being too dangerous to use because of the Spyware/Adware risk.

So my decision to add BitTorrent to the list of programs that are just too much of a risk to use right now still stands. I download data using methods that allow for scanning for Spyware/Adware programs during the download process and thereby avoid the risk that I might not find them later.

So should YOU not use BitTorrent John?

I’ll leave that up to you and let you decide what risk is acceptable in your case.

Why? Because it is your business what you download to your computer.

Just don’t imply that I’m involved in any conspiracy with Microsoft or anyone else to stop you or anyone who wants too from using BitTorrent. I just prefer to stand on the side of security and safety and I feel that should I tell others of my concerns.
John I have too much at risk to take unnecessary chances and I’m too concerned with others not to express my fears to them! If that’s conspiracy then so be it but I call it being careful and avoiding unnecessary risk while meeting a public responsibility to help with safe computing.

Frank Woodman Jr

Tuesday, June 21, 2005

Flexible Spending Accounts are going to get better in 2005.

For a long time now flexible spending accounts (FSA’s) have helped taxpayers handle things like child care and medical expenses by allowing employees to pay such expenses with tax free dollars. That has made life a lot easer for many people and resulted in tax savings for a great many Americans. (Especially in the area of medical expenses since not many can take advantage of the Sch A medical deduction due to the high exclusion).

A participant in an FSA is currently able to set aside up to $5,000 toward child care and medical expenses and pay for these expenses out of their FSA account. The down side to this system though has always been that any money not spent within the calendar year it was saved was given back to the employer. So if you saved money to your FSA in 2004 you had to spend it in 2004 or you lost it. This use it or lose it rule in has always made figuring out what to withhold kind of tricky. Save too much and you loose it back to your boss with no benefit to you at all (ouch) save too little and you had to pay the expenses out of your after tax dollars (ouch again).

Well there’s good news for people who use flexible spending accounts regarding this matter.

The have loosened up what they call the grace period and made it a little farer as regards the time you have to spend the money. Beginning in 2005 and there after you will have up to March 15th of the year following the contribution to your FSA to use the money.

That extension of the grace period has only one down side. Your EMPLOYER not you must ask that it be extended as part of their plan provisions. I can’t imagine that any employer would not do so but some might. I suppose if they get back a lot of money because employees are withholding too much it might cost them but other wise it’s of no difference to them. But you do need to check with your benefits, payroll, or HR department, depending on who handles your FSA program, and see what you employer plans on doing.

If they don’t say that it’s in the works and will be available to you for 2005 do a little lobbying. It never hurts to put a little pressure on to be sure such things get done. Kind of like the Roth 401k program I spoke about a while back. Don’t forget to see if your employer is going to start it on Jan 1st as well. You can easily lobby for both changes at the same time since they are going to be administrated by the same department.

Monday, June 20, 2005

Watch Out for Changes to 529 Plans!!

While I’ve always liked and recommended the 529 College plans they may become a little less attractive after 2010. I don’t usually like to speculate on changes in tax law that are to take effect more than a year or two out since they have a bad habit of changing. But since 529 programs are long term commitments and require a lot of lead time to implement I will make an exception in this case. Besides I’ve got a feeling that this is one change that will take effect due to the need to balance the budget while not changing or increasing the taxes.

Currently all gains on 529 plans are tax exempt when use for College under a sunset provision passed as part of the tax reform bill of 2001. That prevision is due to expire at the end of 2010. At that time, unless the 2001 sunset provision is extended, the old rules pertaining to taxes on gains will be restored.

Those rules only allowed for tax exemption for gains in a 529 plan until you draw them out. Much like the rules for IRA’s and 401k plans you would be taxed on any gains as you take money out of the plan whither it’s used for college or not .

Does that mean that I don’t favor 529 programs any more? Not on your life. They still offer one of the best programs for college tuition savings available. Maybe not as attractive as before but good none the less.

So keep the 529 plan but don’t count on the gains being tax deferred even when used for college after 2010.

Sunday, June 19, 2005

In the Here We Go Again Department

Now it’s FDIC that’s got egg on its face over poor security. It seems that the security breach of its employee HR records is much worse than first though.

For those of you who haven’t been following the recent rash of security problems in detail I’m sure you missed the FDIC story that came out recently. Briefly it had to do with the loss of employee HR records which was first reported in March of this year (2005) and was though to affect only a small group of current and former employees. At that time the FDIC contacted both the FBI and the employees in question that their personal data had been compromised (stolen).

The employee information stolen included the name, date of birth, salary, Social Security number and other such information contained in their personal HR files. That’s a total breach of personal information for those involved. I can’t imagine anything else that an identity thief would need to ruin you life except maybe a high speed internet connection.

Well now it seems that upon further investigation that not just the few employees contacted back in March were affected but ALL I repeat ALL current and past employees have had their data “compromised” (stolen).

So here we have the agency that is in charge of insuring and protecting our banking system as well as overseeing and notifying banks about how to secure sensitive information having all of their employee HR records stolen.

Worse to me is that it took further investigation to figure out that all employees were affected. You would think that it would be evident when the whole security system was compromised and all of the HR records had been stolen. That wasn’t the case though so for many of those employees who had their data stolen they also lost the help of early notification. The time it took to find out their data was taken is in some ways even more unacceptable than the loss it’s self.

Could you imagine coming home to find your house broken into and not noticing that rather than a few items being taken that the whole house was empty? Well that’s just what the FDIC failed to notice. Everything was taken not just some HR records but all of the HR employee records had been taken.

Why does this not surprise me?

Well again any system is only as good as the people who use it and most government agencies today aren’t any better at security than the private sector.

If you don’t separate digital data across different data bases, encrypt those data bases, provide physical protection to paper records generated, and destroy any old paper copies of information you dispose of then you will at some point lose data to thieves.

That doesn’t take a genius to figure out and it shouldn’t be so hard to do for such a large government organization to understand and implement. But time and time again they fail at it and so does the private sector.

So remember to be vigilant, watch your credit information, and protect your personal data so that you don’t add to the already growing problem of data theft. Just because others are sloppy and risk your data doesn’t mean that you shouldn’t be careful and do a better job.

Saturday, June 18, 2005

Hackers Strike Again and 40M Americans Stand to Lose!!!

To see just how bad things are getting with the security of our personal information you only have to read about the most recent case of data lost by Tucson-based CardSystems Solutions Inc., a third-party processor of payment card data.

Somebody gained access to around 40 Million credit card numbers and the related security codes necessary to use them on line. Master card seems to be the biggest loser in the deal with some 13 to 14 million card numbers possibility compromised but all the major companies have been exposed.

Richard Smith at his website ComputerBytesMan.com described it as eligible for “the Guinness Book of World Records.” Wither that’s true or not CardSystems joined the ranks of Lexus, Bank of America Corp, ChoicePoint Inc., Reed and Elsevier, and Motorola as recent major companies having customer information compromised by their lack of security.

This is more than unacceptable it’s just stupid. As major company after major company commits the same childish security blunders you have to wonder why they can’t learn from the mistakes of others in this business. To keep repeating the same dump practices over and over again defies logic.

By their actions these companies are going to force government involvement and then they will all cry bloody murder. Well I can’t feel sorry for them but I know who will bear the cost of all of these new regulations.

You and I will pay for their stupidity. Both by the losses from the theft of the information and the cost to implement any new regulations required to protect us.

There is no good reason for these data bases not to be encrypted so as to be less venerable. It comes down to greed as the companies involved reduce costs by lowering their IT expenses. Encryption software isn’t expensive and using it would at least make the data basically unusable by the thieves.

This case is made so much worse because not just the credit card numbers but also the security numbers required to use them on line were kept TOGETHER in the same data base.

How stupid can you get???

Any first year computer student could come up with a way to store these numbers in a separate data base to make it harder to match up both the credit card number and the security number. If I were designing a system to store that kind of information I would keep the card holder name, the card number, and the security code each in a separate data base. That way if you didn’t know how to combine these separate files you would only have lists of names and numbers that would be worthless. If these separate data bases were also encrypted it would make it almost impossible to compromise this data.

So……… If I can figure that out then why can’t these so called experts?

When are these companies going to be called to task?

When are they going receive the fines and criminal punishment they deserve?

Only when the public wakes up and demands that the government give some teeth to legislation requiring the protection of personal information in the private sector. These large, many times unknown, companies have an obligation to protect the data they gather about us. They owe us at least a modest attempt at having security that is able to protect us and that isn’t happening right now.

Personally I would like to see fines and in cases of real mismanagement criminal punishment handed out. It’s time to put a stop to this and to do it NOW not later.

A good article on the case is also located on eWeek at this URL
http://www.eweek.com/article2/0,1759,1829378,00.asp?kc=EWRSS03129TX1K0000614

Intermix Media Settlement with New York

Check out this eWeek article about the recent settlement against Intermix Media that resulted in a fine and settlement of $7.5 million dollars. At least this company has been brought to justice and it should serve to warn other such companies that retribution may be at hand if you go around spreading Spyware/Adware. You can read the entire article at; http://www.eweek.com/article2/0,1759,1828397,00.asp Let’s hope this sends a loud and strong message to these guys. Stop spreading this filth or else pay the price!!!!

BitTorrent and its Spyware/Adware Problems

Well folks it’s finally became such a problem that it can’t be hidden or over looked any longer. BitTorrent (the darling of tech bandwidth sharing download programs) has become a major spreader of Spyware and Adware. What started as only a small problem has become a real river of filth and trash as BitTorrent becomes only the latest in a long line of p2p software download programs to be taken over by Spyware/Adware distributors.

Let me make one thing clear. BitTorrent isn’t to blame as it’s impossible to stop this stuff and I knew it was only a matter of time before it became a problem for BitTorrent. If you use ANY p2p program not just BitTorrent it’s only a matter of time before you become infected with one or all of the following; Spyware, Adware, a virus, or a Trojan. Let’s just say that BitTorrent took a little longer before it had the problem because of its high tech base.

I first noticed it back in October of last year (2004) when I found that a download of Linspire I had made using BitTorrent was infected with an Adware program (yes even Linux has this problem). It got me to checking into what was going on and what I found was discouraging to say the least. Most of the savvy users of BitTorrent I knew had discovered that it was now spreading more and more Spyware/Adware infected programs.

It’s too bad as I loved BitTorrent and used it quite often to download programs because of its easy handling of large downloads. Even with my high speed cable modem it made many downloads faster and easer by reducing the bandwidth problems for servers downloading large popular programs.

But that is over as I no longer use BitTorrent’s program anymore. The chance of infected downloads is just too great right now. So sadly I bid goodbye to a program that I used and loved. Does this mean that you shouldn’t use BitTorrent? Well I’ll leave that up to you but I don’t think that it’s a good idea if you’re concerned about security.

So a word to the wise avoid BitTorrent unless you have a good compelling reason to use it and be sure to scan and examine anything that you download or you will be opening the door to a lot of security issues.

For additional information about this problem check out this recent article from eWeek;

http://www.eweek.com/article2/0,1759,1828633,00.asp

Friday, June 17, 2005

A Timely Quote from Steve Job's Commencement Address

I received this quote in an email today and felt that I should share it with you. If you follow this advice your life will always be more successful and happier so take it to mind and use it today. You'll see the difference I promise.

Do you know who Steve Jobs is?

If you don't, his success story is legendary.

Put up for adoption at an early age, dropped out of college after 6 months, slept on friends floors, returned coke bottles for 5 cent deposits to buy food, then went on to start Apple Computers and Pixar Animation Studios.

Steve Jobs is one of the most successful entrepreneurs of our generation.

On June 12th 2005, Steve Jobs gave the commencement address at Stanford University and I want to share with you a few clips from his powerful speech.

From Steve Jobs commencement address:

"Sometimes life hits you in the head with a brick. Don't lose faith. I'm convinced that the only thing that kept me going was that I loved what I did. You've got to find what you love. And that is as true for your work as it is for your lovers. Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do. If you haven't found it yet, keep looking. Don't settle. As with all matters of the heart, you'll know when you find it. And, like any great relationship, it just gets better and better as the years roll on. So keep looking until you find it. Don't settle.

"When I was 17, I read a quote that went something like: "If you live each day as if it was your last, someday you'll most certainly be right." It made an impression on me, and since then, for the past 33 years, I have looked in the mirror every morning and asked myself: "If today were the last day of my life, would I want to do what I am about to do today?" And whenever the answer has been "No" for too many days in a row, I know I need to change something."

"Remembering that I'll be dead soon is the most important tool I've ever encountered to help me make the big choices in life. Because almost everything all external expectations, all pride, all fear of embarrassment or failure these things just fall away in the face of death, leaving only what is truly important. Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart."

"Your time is limited, so don't waste it living someone else's life. Don't be trapped by dogma - which is living with the results of other people's thinking. Don't let the noise of other's opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary."

P.S. This quote is most timely with the recent death of Corey Rudl the internet marketer. He certainly followed it everyday he lived and I'm sure he went just the way he would have wanted. Doing what he loved both in his private life and in his business career. As always the good ones seem to go all too soon from our lives.

Take care and God Bless,
Frank Woodman Jr

On Google vs. MapQuest the Winner is???

Use this URL address;

http://hostingproject.info/Zilos/googlex/

It will take you to a great page where you can chose from all of Google’s web tools. On this page with a click on an icon you can jump to any Google service. It’s not a page that is hosted by Google but it should be as it makes getting around between all of the many Google web services so much easer.

It’s just much quicker than going to google.com and trying to get around.

Anyway go there and click on the map icon to check out the new Google map site. Google is giving all of the other map sites a real run for their money. MapQuest is going to have to work hard to hold on to number one.

Google’s maps and directions look nicer and you can have local search information shown right on a map. Do a search for “pizza parlor” and bingo the map shows flags of all of the pizza parlors that are close to the entered address. One thing for sure Google just doesn’t rest until it puts out a better product in what ever service they are providing.

P.S. Be sure you play with the satellite view feature in Google maps. It’s so cool the way you can jump from map view to satellite view with just a click on the control bar. You can even see your rout in map view or satellite view with just a click to toggle from one to the other. Using the satellite view can help to make the map more understandable and easer to follow.

Any way check it out and see what Google maps are all about if you haven’t already done so.

P.P.S It’s interesting to note that while Google has been busy pushing online map services up a notch both Microsoft and Yahoo have been busy pushing hard to move up a in the fight to dethrone Google as the number one search engine. Google needs to be looking over their shoulder and watching the competition.

Both MSN and Yahoo have undergone some real changes that will up the pressure on Google to add features to their search engine. If you haven’t tried them out recently it’s time you revisited both MSN and Yahoo and checked out their search features again.

You might be surprised to find that both offer some real interesting choices and that for some types of searches they may beat Google. (I never though I would ever say that as Google is something I use constantly!!)

Anyway it’s going to be an interesting year with all of the battles going on in the search engine arena. The winner is yet to be determined but Google still leads the pack as much by momentum as by anything else. Everybody else is playing catch up and Google certainly isn’t going to make it easy for them.

Sunday, June 05, 2005

Is There Any Hope for Computer Security or are We Doomed??

Part 1

This article is the first in a series of articles looking at where we stand with computer security today and what we need to be doing in the near future to address this problem. I’m going to look at computer security and present both my security concerns and some answers on how to achieve a reasonable level of security for your system.

The need for this series of articles became evident to me when I started to write the current security measures that I use to protect my computer systems while keeping my personal information and my client’s business data safe.

It soon became evident to me that what I was going to propose to the average computer user was going to seem to be way over the top. I felt that without some explanation most readers would feel that my suggestions were to expensive, require too many programs, and take more time than necessary. It’s my hope that with this series of articles I will show you why all of these measures are both prudent and necessary.

Here a Computer, There a Computer, Everywhere a Computer.

As a society of computer users we have come to depend on our computers for so many things that we’ve become trapped as innocent pawns in the consent and ever changing battle between the thieves, hackers, crackers, and spam ware artists vs. the computer security industry.

Computers are already in our phones, our cars, our TV’s, and surprisingly enough our refrigerators. They control our power girds, clean our water, handle our sewage and even diagnose our medical problems. We are facing a world in which computers are in everything we use and control most of what we do. So computer security will become even more important in the future than anyone can imagine.

That means that on the one hand we can’t exist with out using our computers for everything from our kid’s homework to our online banking. While on the other hand we live in constant fear that we are at risk for everything from identity theft to having our bank accounts cleaned out. It’s the preverbal being caught between a rock and a hard place.

The first thing to note is that currently we’re losing ground in this battle. If we all don’t take major steps to address the current security problems that exist email and many other features we’ve came to rely on are going to become unusable. Our data both business and personal must be protected from loss and misuse if our society is to realize the great promise of our technology. We must win this battle at any cost and we can’t afford to sit on the sideline and hope that things will work out. Like it or not we have been drafted and we’re all in the fight.

So what fuels this war of the geeks and the freaks?

The sad fact of the matter is that for most of the perpetrators it’s really only a game. They are just in it for bragging rights and to feed their massive egos. Like a video game the damage and destruction they cause is of no more concern to them than the vandal writing on a restroom wall. We saw a good example of this with the recent verbal baiting and taunting between virus writers. For this group there is hope that education can eventually help to reduce their numbers.

For the rest it’s just an easy and profitable form of theft. When you find a way to steal large sums of money with only a small chance of getting caught it’s certain to attract the attention of criminals and opportunists. Recent trends and schemes show that even organized crime is getting into the act. Lots of money to be made with little risk sure sounds like a criminals dream. The only thing that this group will understand is quick, harsh punishment but even that won’t completely prevent it.

But whither they are deceiving us with phfishing schemes, stealing our passwords and personal information with key loggers, or just destroying our hard drives with viruses it is becoming harder and harder to stay ahead of those who would attack our computer systems whatever their motivation.

We will only solve the computer security problem by education, legislation, and hard work.

First, we must join in the battle and through education and by staying constantly vigilant we can reduce the risk both to ourselves and everyone else.

Second, we must be willing to devote resources to solving the problem. Yes it does cost money and it will take time to keep our systems clean and protected. But it will be well worth it if we keep the free and open use of out computers without risking our safety and privacy.

Third we must recruit others to the fight. Far too many people feel that this is someone else’s problem. It’s not going to be the computer industry, nor is it going to be the government, but us as computer users that will solve this problem. Remember no legislation or magic software program will take the place education, vigilance, hard work, and common sense.

As the cartoon pogo (sorry if this dates me since it comes from the 60’s) said, “We have met the enemy and they are us!”

So What are the Major Risks to Our Computer Security?

Email and its lack of protection as both a source of Spam and Viruses.
Trojans and key loggers.
Spyware and Adware.
Bot systems and denial of service issues.
Staying alert since NEW risks are always being created.


So join me next in a detailed look at these risks and what we can do to reduce them.

Experts Warn of Growing Trojan Threat

Experts Warn of Growing Trojan Threat

Friday, June 03, 2005

Security Alert for Netscape 8

Just a quick alert to let you know that the much awaited release of Netscape’s browser (version 8) has some security issues you should be aware of. I mention this because I don’t want the quick patch release they made for other security issues to make you think that all is safe and sound with version 8.

It seems that the trusted site feature is currently allowing some sites that are known Spyware/Adware sites to download software to a user’s computer. Sites are supposed to be checked against a white list/ black list screening system to determine if they are trusted or not.

This scanning should be blocking questionable sites that are known to download Spyware/Adware from being able to download software to a user’s computer. For reasons that aren’t being made clear that isn’t happening.

EWEEK tested and found that the green "trustworthy" symbol was displayed on both hotbar.com’s home page and on ABetterInternet.com’s home page. I checked out the sites of Hotbar and ABetterInternet (two sites that are notorious for their Spyware.) for myself using Netscape 8 and found that both sites did receive the “green” or “trusted site” rating.

Worse still I then verified that both sites had successfully downloaded their nefarious software by scanning with spybot search and destroy and finding the software downloads in place and seemingly functional.

Not what I was hoping but my findings none the less.

In theory since these sites are listed on one of the lists that the trusted site scanning engine is supposed to use (Aluria's list of Spyware/Adware) and they both should have been blocked from making any software downloads and shown as none trusted sites. That certainly wasn’t what I experienced.

Netscape’s use of third party lists and rating systems is part of the problem. Several of the lists being used don’t address Spyware/Adware issues at all. Some are trade associations while others deal with business issues like privacy of customer information. These groups and organizations aren’t the ones to help with detecting Spyware/Adware sites. Netscape should be using only lists and organizations that are known and trusted as experts in the field of Spyware/Adware detection and prevention.

A good example is the use of TRUSTe. Their rating system and therefore the sites bearing their seal of approval don’t address the issue of software downloads, Spyware or other wise. This is according to no less than Fran Maier the executive director at TRUSTe. Their seal of approval only addresses the rated company’s privacy protection policy. Certainly something to know and be aware of but not something that pertains directly to the Spyware/Adware issue.

Anyway until Netscape gets things working as advertised with the trusted site rating system use caution and be sure you keep your Spyware/Adware scanners up to date. Remember safety lies in continuing to scan your computer system often no matter what browser you use.

It is unfortunate that this has to happen just when the Foxfire browsing engine (used in both the Netscape 8 and Foxfire browsers) has been gaining on IE mainly due to better security and more advanced features. But bear in mind that both Netscape 8 and Foxfire for that matter are very good browsers and are a step above IE in security with or without the trusted site feature.

Let’s hope that Netscape cleans up this problem soon like they did with the other security issues that were patched shortly after version 8 was released. We need to have a reliable and secure second choice in internet browsers.

Let’s hope that Netscape and Foxfire keep pushing Microsoft to improve IE or we’ll be stuck with poor security and no improvements in browsers for years to come. It is encouraging to see Microsoft rushing to release the next version of IE much sooner than was expected.

Thursday, June 02, 2005

The Truth about the NEWS and What it means.

I’m sitting here reading the newspaper and thinking about some of the recent events that have been in the local news. This has caused me to think about the truth of the “NEWS”. To ponder and think about the many things that make the “News” and the many things that aren't covered is to give though to the truth behind the “NEWS”.

I've always pointed out that it's not news that where I live 300,000 thousand people go home every night, go to bed, sleep undisturbed and get up the next day to do it all over again. When nothing happens to them that isn’t news and their stories aren’t considered as news worthy.

So the news isn’t about reality it’s about a unique and unusual musicale part of reality. It is a microscope seeking out the unusual and unique to show us what’s different and not what is normal or usual.

We don’t see a picture of the hundreds of houses in our neighborhood that are fine and ok we see the one that caught fire. We don’t hear about the hundreds of friendly dogs who play lovingly with their families we hear about the one that bites a kid. It's the three idiot gang members that shoot at each other that gets attention not the hundreds of good kids that go to school everyday and cause no trouble.

So we all need to remember that the news has always distorted and damaged the public’s perception of what's normal and expected. If the public doesn't learn to judge the news and rate it’s importance while remembering that then we will all forever live in fear of the wrong things being while being manipulated by who decides what is being shown and reported as “NEWS”.

Remember if its news it's because it is unique and seldom happens and if it was truly normal it wouldn't be covered or mentioned at all.

So don’t live in fear of the things they are telling us about on the “NEWS” and be on the lookout for the real dangers in your life. Trying to judge the importance of things by their real chance of happening and not some imagined danger to our safety is the real key to our security, piece of mind, and freedom.

Wednesday, June 01, 2005

Is it a Hoax, maybe a lie, or just a rumor?

Maybe you should find out first before you spread it around.

A friend recently forwarded me an e-mail about StarBucks and how they weren’t supporting out troops in the Middle East and should be boycotted. This is a person I’ve known since college and is a fine man in all regards. He’s that kind of friend that you know you could trust with anything and over the years I have found him to be beyond reproach. He’s someone who would never dream of spreading gossip or stories about someone even if he though they were true.

Yet here on the net he was only all to willing to press the forward button. So what makes such a person so eager to blindly forward an email without even a moment’s though or investigation? That is a question I wish I could answer but somehow I fear that I never will. It is possibility one of the great mysteries of the internet. Certainly not something we’ll answer here today but ……anyway.

I immediately went to StarBucks web site and found the information to refute the email I had received. It took less than 5 minutes to discover that this email was incorrect and should not be circulating. I took a moment and sent a reply to everyone on the mail list including the friend about what the facts were and where they could find out the information to verify what I had written.

I felt good knowing that I had helped to kill an untrue story.
But guess what I found the next morning in my email box. The same email sent by three other people I know. Again I sent them the email that I had sent the night before. But this story only shows how things on the net never die and that even people that I consider reasonable and caring people will forward almost anything they receive in an email without any checking or verifying.

Folks this is something that is against the whole concept of the web. The web is the one place in the world where an almost unlimited amount of information is available. That means correct information should rule but the sad truth is that too many people don’t check things out that they hear or see on the web. They just hit that forward button and keep the junk flowing.

So with the though that in mind that if people knew where to check things out maybe they would do it I am listing my favorite sites for checking out on rumors, stories, hoaxes, and such.

Please check with one or more of these sites BEFORE you send on junk you get in your email box.

http://www.snopes.com
http://urbanlegends.about.com
http://www.scambusters.org/legends.html
http://www.factcheck.org (political content)
http://www.breakthechain.org (chain letters)

Just remember this stuff is as bad as or worse than SPAM so keep that in mind when you consider forwarding anything.
MAKE TIME FOR SAVING THE TRUTH
OR THE LIES WILL END US ALL!!!!

What in the World is FACTA and Why Should I Care?

Starting last December major changes were made in the federal Fair Credit Reporting Act by the passage of FACTA. Since this law has taken effect it hasn’t gotten the attention that it deserves. That’s why I felt that I should discuss it here.

The Fair and Accurate Credit Transactions Act

FACTA for short strengthened the federal Fair Credit Reporting Act which has been in effect for several years. Now numerous rules and provisions are in effect that are going to mean lots of changes for Americans and how their personal data is protected by businesses, professionals, and others. These changes are going to be far reaching and for the most part positive.

While most of the bill and it changes are good for consumers (for a change) there are some parts that aren’t all they could have been. I think that the worst part is where the states are bared from passing any laws that are more restrictive than FACTA. That is another nail in the coffin of states rights on consumer issues. While I think that Federal laws in this area are going to be the best total solution to bring both protection and consistency that doesn’t mean that if the states want to address some of these areas with stronger legislation that a weaker Federal version should take precedence.

Any way the following changes have either take effect or will shortly take effect.

Federal rules and regulations either now or soon will require that credit card receipts and such data not be printed in full to prevent data theft. (Exceptions for hand written embossed receipts are allowed which is unfortunate.)

Businesses that handle medical, financial and other important data in printed form are required to shred documents before they throw them away.

Electronic data must be deleted by a secure method that makes recovery difficult to impossible.

A new alert called the “fraud alert” allows consumers to have credit agencies flag their accounts to alert potential creditors of possible fraud. Once a fraud alert is placed on an account a potential credit provider must call a phone number listed by the consumer to verify the transaction.

Military now have the “active duty” alert to flag their accounts while they are out of the country on active duty. Military personal have been prime targets for identity theft artists since they aren’t going to find out for sometime that their account had been compromised and they are out of the country and unable to actively pursue the matter.

Consumers will in many cases be able to obtain free credit reports after filing a fraud alert and or an active duty alert.

Victims of identity theft will now be able to obtain the records of the transactions or have them sent to any police or federal agency necessary. This goes a long way in helping them to recover from identity theft and restore their credit.

And the list goes on and on covering such things as your rights as a credit consumer, how to dispute inaccurate information, when a notice of negative information is required, how medical information is handled, your right to a free consumer credit report, and it even addresses regulation of agencies besides credit reporting agencies with the section dealing with what are called nationwide specialty consumer reporting agencies.

It is hard to believe that the same Congress and Senate passed both the new Bankruptcy bill with all of its negative impact and the FACTA with it positive protections against identity theft. Go figure sometimes even the Government can do something right!!

You may remember the story about how an unlimited number of monkeys typing away on an unlimited number of typewriters would finally be able to create a great work of literature. Well this bill proves that story has some element of truth. ;-)

Anyway this bill much too long to cover in its entirety here but to see a great review and study of the whole bill and its importance check out this site. It is definitely a bill that you should read and understand.

http://www.privacyrights.org/fs/fs6a-facta.htm

I will also be writing a short article about how this bill will affect you if you have a small business. These new requirements are going to require everything from shredding a lot more paper to having in place better electronic records management.

DON’T LET THIS FLY UNDER THE RADAR AND GET YOU IN TROUBLE.

These new rules require a careful study of your day to day business practices and should be the signal to study all aspects of customer privacy as practiced by your business. Wither your an accountant or an Avon lady you will come under these previsions and you need to be prepared or face strong fines and consequences.


(This site carries a lot of great information on many issues that deal with consumer rights and legislation. Bookmark it and check it out once in a while for lots of good reading.)

Saturday, May 28, 2005

The Coming Retirement Funding Crises!! Or Money, Money, Who’s got the Money?

If you think that the only thing you have to worry about regarding your retirement is if Social Security is healthy then you better think again. The scandal taking place in private retirement programs is becoming a much bigger problem and its being largely ignored by the both media and the legislature.

While the questions raised about the future of Social Security benefits has left us looking for a pea of truth under moving shells of deception we are being kept from seeing the much larger picture of private retirement funding problems.

It comes as no surprise that many sectors in the economy are having a hard time today but it is being underplayed just what this means for the future of retirement in America. For example take the recent case of United Airlines and its bankruptcy. On the surface it’s a pretty cut and dried case of a problem sector company (air transportation) filing for business bankruptcy.

But the facts of this bankruptcy go much deeper than that. United Airlines is being allowed by the bankruptcy court to screw its employees out of their pensions. The bankruptcy court ruling in this case has resulted in United Airlines pulling off the biggest default in the history of retirement funds. This ruling is a sad day in American judicial history.

Worse yet with many airlines (not just United), auto manufactures (including GM) and retailers (like Kmart) seeking protection through, sale, reorganization, or bankruptcy we will continue to see huge under funding in employee retirement programs. While the companies involved are allowed to walk away from these obligations the employees and tax payers will be stuck with them.

We have seen the federal Pension Benefit Guaranty Corp. go from a $10 billion surplus to a $23 billion deficit in under 7 years. (The PBGC is the federal agency which insures traditional pension plans.) And while most Americans know even less about the PBGC, which is maintained by corporate premiums, than they know about the Federal Depositors Insurance Corp. (that insures bank security) they will soon be made aware of their precarious situation.

Currently the PBGC has $39 billion in assets while having and estimated $63 billion in long term liabilities. At the same time, the PBGC estimates that the total under-funding in the pension system(that it could be at risk for coverage) has reached a record $450 billion. At this rate the under funding problems of Social Security look puny by comparison.

No insurance program can endure that kind of outflow and of course the tax payer is on the hook for any amount needed to bail out the system. This problem has the potential to make most of the scandals of the last few years ago look small and insignificant by comparison.

It also comes at a time that couldn’t be worse for the American worker. This hemorrhage of red ink is threatening our private retirement system just when it will be needed to help shore up retiree’s incomes during the coming Social Security crises.

So while major corporate salaries are still in the stratosphere and worker salaries are being pummeled by the twin terrors of outsourcing and lowered earnings we watch as corporate thefts of the night busily stealing our retirement funds. There use of corporate bankruptcy laws comes after new legislation that has personal bankruptcy more restrictive and harsher than at any time in recent history.

We are watching corporate America steel our retirements from us while penalizing us by making us pay for it as never before.

What can be done to resolve this problem before it’s too late?

We can start by recognizing the problem and facing the fact that we’re already been ripped off to the tune of Billions of dollars. Companies are failing to pay the funds to employee’s retirement programs that they are obligated too under their existing contracts.

That must be put to a stop!!!!!

We all need to be writing our Congress men and Senators demanding that such events as have happened with United Airlines not be allowed to continue.

We also need a much higher premium for corporations paying into PBGE if we are to end the shortfall that exists with the PBGC while we can still can. Corporations are getting a rate that is much too low for the risk that is being assumed and they must be made to pay up.

We need bankruptcy laws that protect retirement fund payments from forgiveness. It’s time that the employee receives the necessary protection to prevent him from being left holding the bag. Under current law they lose twice; once as the employee and again as the tax payer.

So remember you’ve been warned!

You neglect this problem at your own peril.

Failure to act will doom this next generation of retirees to face the worst conditions of any group of retirees in America since Social Security was instituted.

Wednesday, May 25, 2005

What are the Differences between Viruses and Spyware?

I guess I should have known that my last blog would bring several questions from readers about what are the differences between viruses and Spyware. I guess I can understand the confusion since there are no definitions that all can agree on when defining these terms.

So here are my answers to the questions I received.

Just bear in mind that they are my answers and I know that not everyone would agree with them but I feel that they generally define the problem and clarify these terms. They are based upon my own experiences and judgments and certainly aren’t intended to be considered as definitive. They are just my perspective based upon my years of working with computers and fighting viruses, Spyware, and other malware.

What is a virus?
It’s any program containing all the code necessary to reproduce itself from a self-contained package that allows it to replicate from computer to computer and network to network without any human intervention. Virus can range from being nesciences to being dangerous threats. All of them cause some damage and some can completely destroy a computer system or network.

How do viruses spread and how do they do it so fast?
Viruses are spread when their code is run on a computer allowing the virus to replicate and make other copies of its self. These copies are then spread to other computers as payload within another program. Often it’s contained in an email but it can be hidden in any program that is downloaded to a computer ranging from an mp3 file to a text document. Since viruses are small self-contained packages that can be copied quickly and are sent as small payloads they can and do spread very fast.

What is Spyware?
Spyware is any program that resides on a computer with the intent of gathering user information and secretly sending it to someone else. Spyware in general doesn’t try to replicate itself but is only interested in residing on the machine it’s installed on and gathering information. Spyware may be as innocent as a program that watches what sites you go to and thus allows for targeted ads or it may gather any and all information typed or located on a computer. Key loggers are a good example of the latter. It is this wide difference in what Spyware does that make it so hard to define, detect, and control.

How do I get Spyware?
Spyware gets on a computer through active content on a web site or by downloading a program that then secretly installs the information gathering portion of the program. The information gathering is then done without the user’s knowledge or informed consent. Often a computer user willingly installs Spyware on their computer by installing a program that purports to do some innocent function but ends up spying on them and reporting back to someone with the information.

(Remember to use caution since many of the screen savers, weather monitors, wallet programs, and other freeware on the web are really marketing Spyware and should be avoided.)

Why is Spyware getting so much of the attention now and not viruses?
Well I’m not sure which is getting the most attention but I know that Spyware is becoming more of a problem than viruses. Spyware is much harder to detect and scan for and it’s much harder to get rid of. Currently most virus detection programs are close to 100% effective at virus detection while Spyware detection is luck to hit an 80 to 85 % detection rate. Worse still is that while it’s easy to define a virus just what is Spyware is much harder to define.

What can I do to prevent Spyware and viruses from getting on my computer and compromising my system?
Well you’ve all heard the standard answers. Be careful and trust no one. Watch what sites you go to and don’t open email that seems to be suspicious. Use a good firewall program, keep your antivirus program up to date, and scan for Spyware with a good Spyware detection program. And I agree that if that’s done with the right tools you will avoid trouble with not only viruses and Spyware but the Trojans and the other malware that’s out there as well.

That leads to the question of; what are the best choices for these programs and how should a person go about using them? I think that this matter is important enough that I will write a second article describing the methods I’ve use for over 5 years to avoid having any major problems with viruses, Spyware, or the other dangers out there on the net. Being in the tax and accounting business I have had to deal with these and other problems so as to protect both my computer systems as well as my client’s data. The method that has evolved has grown over these years becoming more and more involved and using several programs but it’s still easy enough for most people to implement it.

So stay tuned and we’ll discuss my solution to protecting my system in detail. Hopefully it will help you to develop a system for yourself that will work and protect your computer from attack and surveillance.