27. June 2008 by admin.

I just read an article about another 51,000 credit card numbers going into the wind… See the article here…

These stories scare the bejeebies out of me… I guess it’s a “there, but for the grace of  God, go I” kind of thing.  How would I know if someone has my credit card information?  Apparently the company that bought the rights to the Montgomery Ward name didn’t feel it was important enough to let their unlucky customers know.

I wonder if someone has any of my financial information.  I am pretty sure there is no key-logger installed on any of my own computers…make that 99.999% sure, but not 100% sure.

Since I constantly work with other people’s data, I am especially sensitive to the possibilities and careful to stay as infection-free as humanly possible.  But since I am human, I can’t be 100% certain… No one can. Firewalls, anti-virus, anti-spyware, and Trojan remover software…all of these things stand guard between me and thee, but is it enough?  Who knows?

As we move out from my semi-controlled environment and into the technological wilderness of my client’s accounts, I become more and more concerned.

At my Wilmington Delaware network support company, we always spend extra time stressing to our clients just how important safe surfing and safe-email practices can be.  We spin a lot of  “what if” tales to illustrate just what can happen if you let your guard down for even a minute.

We’ll take a computer with a new, unpatched installation of XP and set it in the client’s DMZ, then check it a couple of hours later. Almost every time you’ll find that the available free drive space has shrunk by 2 to 3 gigs. This is  a great argument for when a client thinks they are too small to be of interest to a hacker. There just “ain’t no such animal” as an installation that is of no interest to a hacker.

We monitor our clients’ anti-malware installations and make sure the signature files get updated daily. We check the status of the firmware of the hardware firewalls daily. We make sure that all available patches are up-to-date (after checking them for unexpected results).  We run Snort intrusion detection on our larger clients.  We train.  We explain. We do pen testing.  And still, I worry if some client is giving away the keys to the kingdom… right now.. this very minute.

Posted in Virus, Worm, Trojan, Malware, Networking, Troubleshooting, Computers | Print | No Comments »

7. June 2008 by admin.

For quite some time now, hackers have been infecting web sites with malicious code by using SQL injection and iframe injection attacks. This operation is usually performed at, or right before the times when traffic is historically at a high for the day, thereby infecting the greatest number of visitors.

Unfortunately, you do not have to do anything particularly dumb to become infected.  If you navigate to one of these infected sites you will get an infection from embedded malware scripts.  This is commonly referred to as a “drive-by” infection.

I say you don’t have to do anything dumb because the sites I am discussing here aren’t porn sites, or ‘warz and serialz” sites…going to those sites would definitely qualify as dumb. No, they are often  some of the most popular and well known sites on the net… even news, weather, and public information sites

I provide Delaware Network Support all over the state and the surrounding areas. When you have this kind of business, you run into all kinds of infections.  Sometimes the users know they are infected, but most times I only find the infection when looking for reasons for poor performance or odd happenings.

This is where a really good anti-malware program comes in,   AVG 8, for instance, installs a component called “link Scanner” that blocks infected websites and checks links on search engines for these threats.

I suggest you check it our, and sooner than later.  Who knows… your favorite site may be next to fall to the black hats.

Good Luck and Good Networking

From way down in the trenches… Tom

Custom Search

Posted in Worm, Software, Virus, Trojan, Networking, Malware, Computers | Print | No Comments »

3. June 2008 by admin.

There are a lot of things you can do, or not do, to almost guarantee computer problems.  I sometimes have a hard time understanding why people do the things they do… I mean, what are they thinking?

Here’s a perfect example:

I just got a call from a lady who was nearly hysterical. She works for one of my corporate clients and about three months ago she called me to ask what brand of computer she should get for her personal use at home.  I gave her my opinion (free of charge of course, as she expected, even though I do provide support for Delaware computer networks for a living) and never heard from her again until yesterday.

It seems there was a thunderstorm here last night (I must have slept through it) that messed up everyone’s power.  Clock Radios and VCR’s were blinking, TV’s had to be reconfigured… all the little annoyances that accompany a power outage. Come to think of it, I’m surprised my UPS didn’t wake me up with its little beeping alarm.

This lady was nearly in tears.  Apparently she had left her computer on overnight during the storm.  This morning she sat down at her desk and realized the computer was off.  She pressed the on button and …. Nothing.

The first thing I suggested when she called was to check her surge protector to see if it was on…. A long silence… followed by a weak meek voice that said “What’s a surge protector?”   “What’s your computer plugged into?” I asked, suddenly pretty sure I already knew the answer.  “The wall plug” she answered.

So, although I ALWAYS tell people to use a surge protector, or better yet a UPS, apparently that advice goes in one ear and out the other.  They call me for advice on how to get the best equipment for the lowest cost, but ignore the advice on how to protect the equipment I recommend.

Anyway, as we talked I suggested that she unplug the power cord from the back of her PC.  I then went on with my mini-tirade about the perils of power surges and about two minutes later, told her to re-plug her computer and try it again.  (drum roll please)… Ta Dah… it worked.

Many power supplies work in this way when they experience a slight surge… IF YOU ARE LUCKY!  Apparently, unplugging the power cord allows some capacitors to discharge. Whatever the cause, simply turning the on-off switch to off doesn’t do the same thing.

I strongly advise having at least a good name brand surge protector, but if you truly value your computer and the data you have stored there, go for a UPS.  A surge protector just protects against… well… surges.  A UPS, on the other hand, actually conditions the power coming into your system, preventing not only surges, but power drops, sometimes called “brown-downs”, slight changes in input frequency, and since it’s a battery backup, even short power failures.

Good Luck and Good Computing.

From way down in the trenches… Tom

UPS Unit

Surge Protectors

Posted in UPS, Power Surge, Power Supply, Uninterruptible Power Supply, Surge Protectors, Networking, Troubleshooting, Power Failures, Computers | Print | No Comments »