| Tech Tips - Business IT Support Tips
Archive for 2008
Monday, April 28th, 2008
There is a new computer exploit in the wild, one that allows hackers and criminal elements to inject code of their choosing into popular internet websites. Once this code has been injected to the unsuspecting website, and you visit it, your computer will become infected with additional code that allows the hackers to then gain control over your computer. What’s worse, you will probably never know that your computer is infected without the help of a computer security expert. Just by visiting websites on the internet you’re at risk. Once infected, your computer will be used by the hackers to remotely send spam, steal private data, purchase goods on stolen credits and perform other types of online crime. All of this will happen invisible to you, in the background, using your internet connection. When the authorities go to trace back the source of the crimes that have been perpetrated, they will see your IP address and mistake you as the criminal, because the crimes originated from your ISP, even though you had nothing to do with them!
There are basically two problems at work here. First, there is a problem with vulnerable Microsoft IIS web servers, along with Microsoft SQL and Active Server Pages (ASP). The problem is described pretty well over at Dancho Danchev’s blog. This is a SQL injection attack and it works on servers with website code that is poorly written and does not validate input passed via ASP forms to SQL server. There’s a pretty impressive (but partial) list of websites that are infected via this Google Link. Basically, the majority of websites in this list (and many, many more that aren’t listed) will cause your computer to become infected upon browsing to them. I do not recommend you browse to or visit any of the websites listed unless you are using the Firefox browser and have the noscript add-on installed. See my earlier post that links to and describes browsing the internet safely with noscript and Firefox.
Website owners beware. If any pages on your website have a script that looks something like this, you’re infected: “script src=http://www.nihaorr1.com/1.js” If you currently own or manage a website and are concerned about the possibility of your website being infected, contact Leo Polus today. We offer professional website services and can check your server for problems, cleaning up any vulnerabilities if found.
The second problem exists on the computers of individual internet users. It deals with the alarming rate at which Javascript is expanding into every website on the internet. You can hardly use a modern website on the internet without Javascript being enabled, and this presents a real challenge for Noscript. Noscript works when you use it sparingly, turning it on only for the most trusted of sites that you visit. Now, with the exploit taking over legitimate websites, even those sites that you think you can trust and enable scripting for could in fact contain malicious code that will damage your computer. Noscript is no longer a reliable security tool under these circumstances. In fact, noscript could actually be harmful, giving you a false sense of security on websites that you’ve always been able to trust but have since been exploited.
The best defense against this existing threat is the use of Windows Hosts files. I won’t go into the details of using Windows Hosts, there is already a lot of really good information on the internet that can tell you how to configure them. Personally, I’ve added both 127.0.0.1 nihaorr1 .com and haoliuliang.net to Windows Hosts and now I can feel a little bit safer. Exploits that take advantage of scripts on these websites will instead harmlessly bounce back to my local machine. There are plenty of other exploit websites you can find to add to a Windows Hosts file just by searching on Google.
If you are concerned about the security of your computer or your personal data, please contact a computer security professional at Leo Polus immediately to have your computer scanned, cleaned and protected.
Posted in Tech Club General | No Comments »
Saturday, April 19th, 2008
PayPal has released a white paper via their blog which suggests that future visitors to PayPal may receive a message asking them to upgrade their browser in order to continue using the PayPal service. Specifically, “unsafe” browsers which include versions of Internet Explorer prior to version 7, earlier versions of FireFox, Safari Web Browsers and any other browser that does not support the latest security methods will be denied access to the PayPal website. PayPal hopes that, by preventing access to visitors using older version browsers, it can convince the visitors to upgrade to more secure browser versions. This will protect both the browser user (from online security threats) and PayPal, through reduced account access and account losses as a result of phishing.
It’s about time! Hopefully this act by PayPal will be the trickle that forms a stream that forms a river for online security. Currently, only a small percentage of computer users understand the dangers of browsing the internet. Most do not know that your computer can be infected with a trojan, passwords can be stolen and your privacy violated simply by visiting an unsafe web page. These attacks often happen in the background, hidden to the user and the victim will never even know that they’ve been infected. Often times, the end result of this is a need for a computer professional to visit and perform spyware and virus cleanup to fix the infected computer. By informing users who visit their website that their browser is not safe, PayPal is providing an excellent service to the internet that will result in a safer experience online for everyone. It could also save the average consumer billions of dollars in PC security related charges.
This solution has been suggested before, preventing visitors from accessing a website if they are using older or unsupported browsers. The problem is that you can’t, from a business perspective, exclude potential visitors from your website. Doing so will only frustrate them and convince them to go elsewhere for business, to a competitors website that does not ban their browser. However, a large company like PayPal is mostly immune to this problem. They already have a firm grasp on the online market for payment of goods and services, and enough companies use PayPal to process transactions that users will be more likely to follow their instructions than turn away. We need more large companies like PayPal to enforce these types of standards before the little guys like us can follow suit. Eventually, however, if this plan by PayPal works out, secure browsing on the internet will become the norm.
Some tips for internet surfers everywhere that can be implemented immediately:
- Ensure that you have the latest version of your browser by checking for updates on a regular basis.
- Ensure that you have all patches installed for your operating system by checking for updates on a regular basis.
- As a general rule, Mozilla Firefox is a more secure browser than Internet Explorer and it should be used as your primary web browser.
- While using Firefox, you should also use the NoScript plug-in to further enhance security.
- Employ a software and hardware firewall at all times.
If you would like to know more about computer security and protecting yourself online, consult my PC Techs.
Additional Resources:
http://it.slashdot.org/article.pl?sid=08/04/18/003226&from=rss
http://www.eweek.com/index2.php
http://news.digitaltrends.com/
http://blogs.zdnet.com/Apple/?p=1586
Posted in Tech Club General | 1 Comment »
Thursday, April 17th, 2008
Link to original article
The United States Postal Service (USPS) has instituted a new pilot program whereby they will take small electronics, cellular phones and inkjet cartridges, for free, and recycle them. This is pretty cool! Previously it was always a hassle to find somewhere to recycle these small electronic devices and, in most cases, it was easier to just throw them in the trash than to call all over town to find a facility willing to take them. The great thing about the new USPS program is the simplicity of it. All you have to do is put the device into an envelope (provided by the post office for free) and then drop it into the mail.
An example of the types of products you can recycle through this method: Inkjet cartridges, PDAs, Cell Phones, Digital Cameras, iPods, MP3 Players.
Since the components are recycled and reused, they don’t end up in landfills and this actually helps the environment. You can find the envelopes for free in any Post Office and you can take as many as you’d like. Be sure to keep some on hand for ease of use the next time you need to dispose of a broken technology item.
The pilot is set for 10 areas across the country, including Washington, D.C., Chicago, Los Angeles and San Diego, but could become a national program this fall if the pilot program proves successful.
Posted in Tech Club General | No Comments »
Thursday, April 17th, 2008
In a surprise to many but not me, having recently watched my Google Adwords account costs rise, Google announced today that their earnings for the first quarter of 2008 were higher than expected. As of this writing, the stock is up a whopping 17% (or $76.42) in after-hours trading! For those of you who don’t follow stocks, 17% in a day is a HUGE number for a stock with a market cap the size of Google. Now for some links:
Live Analysis
The future of internet advertising
CNET
Reuters
For online advertising, there really is no alternative to Google Adwords. They own a solid grasp on this booming industry, one that is set to continue to grow at a rapid rate as conventional businesses realize the importance of advertising on the internet.
If you bought Google any time in the past two months you ought to be feeling pretty good about yourself right now!
Posted in Tech Club General | No Comments »
Sunday, April 6th, 2008
As a website developer, I utilize several online resources on a daily basis to gather facts, check code syntax and share ideas. There are some resources that I just couldn’t live without. I use the following fifteen resources so often that I’ve dedicated an article to them and would like to share with you my thoughts on why they are important. I’m also hoping that others can read this and learn from it, or possibly even teach me a thing or two. Anyways, here’s the list of the top 15 online website development resources that I use, in order of importance:
Google: Google is my homepage. It should be everyone’s homepage. Isn’t it your homepage? There are very few questions in this world that Google can’t help you find an answer to. |
|
Adobe Devnet: I do the majority of my web development using Adobe Dreamweaver CS3. I have the web premium suite that also includes Photoshop CS3, Flash CS3, and Fireworks CS3. The Adobe Devnet is an excellent resource not just for the tools I’ve just mentioned, but development in general. I get a lot of use out of the blogs, exchanges and forums there. |
|
Dictionary.com: What webmaster is complete without a thesaurus and online dictionary? I often find myself beautifying text with the thesaurus on dictionary.com. Not only is it great to make sure you don’t use where instead of wear, it’s a hunky-dory way to utilize words like disgruntlement instead of anger. |
|
Bluehost: Do you design websites? Have you ever used Bluehost? These guys have excellent customer service, affordable prices, and a ton of hosting features. I use Bluehost for hosting whenever possible and have used them for several years now as a very happy customer. Their services also include a very useful support forum.
|
|
Google Adwords: Let’s face it, if you’ve got a product to sell you’re going to need Google Adwords. Since we know that everyone has Google for their homepage (see above), we also know that the first thing they’re going to do when they want to buy something is search for it on Google. All bow before Google, the king of online advertising. |
|
iStockPhoto: Do you need an image for a website? Does it have to be high quality? Do you want to be able to search for it based on concept keywords? How about low cost? iStockPhoto does all of this and they do it well. iStockPhoto, for those times when you need to find an image of ‘goth nosering‘ for a company website. |
|
Flashkit: I can’t tell you how many hours I’ve spent digging through ActionScript code on this website to find ways to accomplish what I needed to do. Let’s be honest, the Flash CS3 software has really poor built-in actionscript3 reference material. No worries, we’ve got Flashkit, our savior! PS: They’re great for other things, too, like sound clips and example movies. |
|
osCommerce Forums: There’s a bit of irony here. You’re selling a product, trying to make a quick buck, and the tool you’re using to do it is completely free! Crazy world we live in, I know. Sure enough, osCommerce is a free shopping cart solution that works marvelously and it’s completely customizable via PHP. |
|
Google Code Search: I’ve always liked the word snippets. Why couldn’t they have called this Google Snippets? Maybe if Google hadn’t turned down my resume for a position in their company a few years ago, things would be different. Oh well, their loss, my gain! In any case, even though I don’t work for Google, and it isn’t called snippets, I still find their code search a useful tool when hunting down bits of PHP, ASP, ColdFusion or JavaScript. |
|
SQL Dialects Reference: A quality SQL reference, for times when ‘Select * from Widgets’ just doesn’t go deep enough to get the job done. |
|
PHP: Manual Quick Reference: PHP is fun. This online PHP reference manual is a shining example of just how fun it really is. |
|
VBScript Forum: When you need a piece of VBScript code, chances are good that the crazy guys at VBScript Forum can help. |
|
Web Design Forum: No mystery here, it’s all in the name. |
|
WebDeveloper.com: The ONLY thing I don’t like about this site is the bland appearance. Everything else rocks, especially the depth of topics and the history of information contained within. |
|
Whois.net: I used to be a big fan of the Network Solutions whois tool. Not anymore, I’ve tasted the glory of whois.net! |
So there you are, 15 web design resources packaged nicely into this Tech Club wordpress blog. Develop until your fingers peel away my friends! Are there are resources that you use regularly for website development that you’d like to share? Let me know, I’d like to hear about them.
Posted in Tech Club General | No Comments »
WE WORK HARD FOR YOU, BUT DON'T JUST TAKE OUR WORD FOR IT! We've helped over 1,000 satisfied businesses throughout the Phoenix valley, click here to view some of their testimonials:
©2010 my PC Techs is owned and operated by Leo Polus, L.L.C., concept by Andre Morris |
| |