Thursday, October 18, 2012

How fast is your internet?

Both of these connections came from the speed test at

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Friday, September 21, 2012

Are you sure you want to buy Windows 8 as soon as it comes out?

I've been using a dedicated retail computer as a file server since I discovered network file sharing some 20 years ago. For over half that time I've done the same for my clients (businesses with less than 10 - usually 1-3 - users).

The primary server need for a small business is file sharing. Everyone sees all the same files (depending on access restrictions) in the same drive letter and folder. There's no concern for versioning when documents are emailed around the office. Most critically for the sysadmin, backup is centralized.

No, you don't get local Exchange, some server-installed apps, or automatic workstation imaging. You do get reliable and versatile data storage and hugely simplified administration. And migrating your data to a new server is a matter of copying one folder, configuring users, and repointing shares.

If you think I’m just an old curmudgeon advocating this for everyone, here’s someone else who agrees. Here’s a good article on establishing a small network file server.

Convinced? Now the pull-back. If you think the Win8 features fit you to a “T”, you may want to wait until next summer. This post raises with good warning the point that we should never rush critical services to a new environment.

Thursday, August 2, 2012

No phishing

Did that email really come from my bank, or is it just a good imitation? Phishing is a message that purports to come from one source, but actually comes from a bad guy; usually trying to steal your valuable personal information.

Last month we discussed ways to recognize whether an email was probably legitimate. Here is an example of a good email I received from one of my financial institutions.
First of all, notice that I have disabled automatically showing pictures in email I receive (green circle). The critical content of the message is completely contained in text. Pictures can hide links or silently allow the sender to track that you actually opened the email and might be susceptible to more like this. Sloppy phishers may also use pictures wholesale to copy the look of the legitimate mailer rather than recreating the text from scratch.

Secondly, there are only two places (red circles) where they give you the specifics to contact them: one is a phone number and the other an email address. Neither of these contact points asks directly for your personal information.

As a reminder of good practices, the central part of the message advises you to type their website into your browser - no links to hide a bad connection - and log on to your account.

A few other financial institutions use similar good practices to send you critical information. Others - credit cards are notoriously bad - wrap their status updates around a myriad of pictures and links. Some of these links may not even go back to the sender, but to advertisers or other third parties. That type of email may be acceptable for a newsletter, but don't ever log in to your account from a link in a congested email.

Read more
Windows Secrets
article on "Whether Windows is safe for banking"

And then, there's a bad email from a financial company:

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2012 Bill Barnes - Disclaimer - Home Page - Blogs Home

Sunday, July 8, 2012

The internet will die tomorrow!

The internet will die tomorrow! (Monday July 9, 2012)

Maybe. But not likely for you. For 0.02%(1) (that’s 1 in 5,000) users in the world. Only 27%(2) of the total are in the US and since the US has a high percentage of users; your chances are even lower.

What happened?

A few years ago some bad guys infected some users and changed their DNS settings. The DNS system tells your internet connections where to go when you type an address such as “” in your browser. Rather than using the master DNS servers, an infected computer gets its directions from the bad guys’ servers. When you typed “” (or any normal address), they would actually send you to Google. However, when Google sent your browser back to pick up an ad, they would insert the destination to their own ads so they made money.

Pretty soon the global police forces found the bad guys and took over their system. But they realized if they shut it down cold no one who was infected would get to Google when they typed “” So … our FBI has, for several years, paid a private company to run the bad guys’ servers and to serve up correct information.

Why will the internet die?

Now the FBI has stopped paying this bill and 250,000 computers won’t be able to find Google, or any other named domain, until they fix their settings.

Am I infected?

Probably not. See the first paragraph above.

A site that will give you a quick “yes” or “no” is at, but with some caveats. The FBI also has a 6-page .pdf(3) explaining how to check your own DNS settings. It’s tedious, but detailed enough that anyone reading this can follow. It also points out that your computer can have an apparent safe setting while your router is infected.


(1) – Article on Time Techland.
The best non-tech explanation I saw.

(2) – Infection count by country, as of 6/11/12

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Saturday, July 7, 2012

Should I open this email?

Should I open this email?

A client asks:
I received an email from someone I don’t recognize. The email had an attachment (document) he wanted me to evaluate. Do I dare open the attachment?  Is there any way I can do so and guarantee it is not a virus? 

Basically, no. You can’t guarantee it’s benign.

In this sort of circumstance, either as sender or recipient, I try to validate the legitimacy of the contact. In the text of the email I identify myself and the attachment by filename and size. Sometimes I will make non-email contact to alert the recipient or verify the sender. Unless you or the data on your system are particularly high value, it’s unlikely a random attack would take the effort to pass these tests.

If you can’t make this “out of band” contact and still want to open the message or its attachment, there are some unilateral assessments you should make first. Start with the anti-spam / anti-phishing / anti-virus triggers you apply to every subject line, message, and attachment.
In the preview, before you open the email:
•    Are you expecting this?
•    Do the From and To addresses look reasonable. For example, do names look random or made up, are there multiple similar addressees at the same domain, or is your exact address missing from the list? If it makes reference to an account, especially a financial account, and is not directly and exclusively addressed to you; it’s probably a phishing attack.
•    Is the subject line meaningful and relevant?
•    If it refers to an “issue with your account;” does it identify the account or describe the problem?
•    Does the content apply to you? (Immediately trash a notice from BigBank if you don’t do business with them.)
•    Do the grammar, writing style, and content ring true to the request? If it comes from someone you know, do the style and content match what they usually send?
•    Are there excessive links and do they connect to what you expect? Hover your mouse over the link and look at the entire URL. Work back from the first “/” after “http://.” A link of “” will actually take you to BadGuys’ site. While you’re looking at the links, pay attention to the top level domain (TLD). That is the letters left of the “/” until you hit a period – classically “.com” or “.org.” The “.ru” in the example above refers to Russia; along with China, a common starting point for malware. This is a minor indicator as bad guys can buy a .com and good things can come from unexpected countries such as (a useful URL-shrinking service), where the “.ly” stands for Libya. (
•    Are the attachment’s name and file type what they appear to be? It’s an old trick to name the attachment “CuteKitty.jpg” and then pad the name out with many spaces before giving the actual functional name of “…virus.exe” which falls off the edge of the page.
•    Is it delivered primarily as pictures? Your previewer should be set not to download pictures automatically, but only on your request. Downloading the pictures can deliver malware and return significant tracking information about you. If you can’t comprehend the gist of the message from the text it doesn’t deserve further analysis.
•    Look at the source of the message. In Microsoft Office (retail) Outlook, right-click on the message and choose View Source. This is very geeky and includes a lot of garbage; but, with experience, you may be able to spot something suspicious. Backtracking the internet headers is even more obscure, but can reveal that the sender is not who he appears to be.
•    Did it pass your up-to-date virus and spam checker? Antivirus programs often remove the malware attachments and deliver a message that contains very little text. There’s usually a good reason for it to be labeled spam.
•    Right-click the attachment and save it to a temporary folder on your computer or sacrificial thumb drive. Run an on-demand virus check on it.
•    Be sure all your viewing software is up-to-date. There is often a “check for updates” option under the Help or Tools menu or you can go to the publisher’s website. Especially visit,, and at least monthly to check for updates for Adobe Reader, Flash Player (hopefully, you’ve never installed Shockwave Player), Java, and Windows.
•    Open the attachment in less common programs. For example, use foxit ( for .PDFs rather than Adobe Reader or send office documents to Google Documents (
•    Open the attachment on a Linux or Apple computer as malware is often (but not necessarily) Windows-specific. You can get a CD to boot your PC directly into Linux. Everything runs in memory and when you reboot there’s no record (and hopefully, no residual evil) from what you just did.
•    If this were a legitimate email and you trashed it without opening would it really cause any problems?

Surf - and email - safe!

Read more:
An example of a "good" email from your bank. 

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Tuesday, May 8, 2012

Tech Talk - Shared Folders

An enterprise user wants to transfer multiple files to a colleague at another site within the company. Previously I created a folder on our shared drive and told him anything he put there, she could get with a link I gave her. Fast forward a couple months and he asks what that link is, again.

You can map a drive letter on your computer and have it point to a folder on your computer or another computer on your network. That is convenient if you want to easily access a folder deep in your file system or on another computer. But the drive letter is an artificial designation. Your S: drive could be someone else's T: drive. How do you tell them exactly where to find a file?

Here's a step-by-step explanation of where a mapped drive is:
  • A mapped drive is a shortcut to a folder on some computer on a network (it could even be your computer).
  • Because everyone may map their letters to different locations you need to tell them the absolute location (this is called the UNC – for Universal Naming Convention – location).
  • The UNC includes the server name and the share name of the shared folder. The share name may be different from its true name when viewed from the computer it resides on.
  • If you look at My Computer, it tells you what folder is mapped to the drive letter; for example: shared on server (S:) (exact format may vary by version of Windows.)
  • The first thing before the server name is two backslashes (\\). Each folder is separated by a single backslash. Starting with “\\” tells many programs (such as Outlook) to make this a clickable link.
  • Therefore, S:\IT\Temp becomes \\server\shared\IT\Temp. This is called the complete path to the file.
  • Note that if there are any spaces or unusual characters anywhere in the path, the entire path must be enclosed in quotes. This is why I am so anal about my naming conventions because even the people who know this often forget it.
    It’s even harder making links to a file accessed through a browser. Don’t even try. If you’re linking to an http: resource rather than a network file, sometimes the browser address bar will replace special characters with their code such as %20 or %2d.
  • This only works if you are both on the same or linked networks. You can’t send a link to someone outside the company or your home and have them find a file on your computer or server.

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Friday, May 4, 2012

Google … evil?

According to a recent story, federal investigators are revisiting the question of whether Google Street View did anything wrong when they captured individuals’ WiFi data in the process of taking pictures the view along every inch of the worlds’ roads and streets.

To refresh, Google drives around in funny looking cars with posts sticking out of the roof. On these posts are cameras looking in every direction taking pictures of what you’d see if you were driving down this street. When you’re looking at Google Maps, click on the little guy above the scale slider. These cars also collected data on all the WiFi routers they could detect from the street. Their mobile GPS service can triangulate off these radio signals to give you a more accurate location, just like your cell phone company can find you from which towers are picking you up. In the process of fingerprinting WiFi signals, they also “inadvertently” recorded the data that was being broadcast.

If they scanned through the petabytes of data they might have collected, would they find anything interesting about you? Probably not. Did they steal your banking password? Definitely not. Was this illegal? In my opinion, not under US law. Is Google evil? That’s a point of opinion.

Technical discussion

How does it work?

A WiFi router can be identified by its name and radio channel. You have to verify this information when you go to a friend’s house so you use his internet and not a neighbor’s. By accurately knowing the car’s location, and monitoring the signal’s strength as it moves, Google can get a good feel for where your router is located. Since in most neighborhoods you can detect signals from several to many routers it’s easy to determine where you are; even if it’s not strong enough to get online.

What did they record?

Allegedly, in the process of collecting identifying details, they also recorded everything that was in the air as they went by. The cars are driving down the public street, not doing anything to intentionally invade anyone’s privacy. What they got was snippets of electronic conversations, just as if you were to cruise through a cocktail party in Tokyo.

Would they find anything interesting about you?

Firstly, you’re only picking up a couple sentences from any one in particular so you may hear them asking for another drink or even just stuttering a couple words – nothing malicious there. Plus, most people are speaking a foreign language – just like most WiFi connections are encrypted with their security password.

Did they steal your banking password?

Even more secure than your protected WiFi signal, not only financial sites; but every reputable site uses SSL (https) at least for password protected signs. Services like gMail, Twitter, or Facebook also are or can be accessed through secure SSL.

Was this illegal?

For the life of the wireless industry the rule has been that any signal accessible on the public airwaves is fair game. As long as they don’t try to invade your computer or decrypt or make fraudulent use of what they hear, listening in and recording it is not illegal. Think of the decades of big satellite dishes along rural highways just grabbing the networks’ unscrambled feeds or the celebrities whose cordless (not cell) calls got exposed.

Is Google evil?

Maybe, but not for this misdemeanor. I am much more concerned that my ISP might throttle my internet just because I’m a heavy user. Or that Hollywood is trying to get a fishing license to track down and prosecute anyone for a single, possibly illicit, song or video. Or that the NSA is analyzing a yottabyte (1,000 times the entre global internet traffic for a year) in a $2 billion bunker in Utah.

Let’s give Google a pass this time. And take it as a reminder to be sure your WiFi connection is protected with WPA and a good password.

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Sunday, April 8, 2012

Block that cookie - more than you want to know

Please come back soon for more details.

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Block that cookie

Note: The tips that follow reference one or all of Firefox, Google Chrome (Chrome), or Microsoft Internet Explorer (IE). Other browsers probably have similar features; but when I say “all,” I’m referring to all of these three. Examples come from recent versions of the browsers: Firefox 11, Chrome 18, and IE 8.

The good news is that you should be able to ameliorate a lot of the techniques to track you that web sites use. Much internet tracking is based on good old-fashioned web (html)  cookies. It’s easy to block cookies. Unfortunately, being followed by cookies is also vital to much of the productivity of the internet. They allow sites to remember who you are as you move from page-to-page; for example, from Add to cart to Continue shopping and back. They come in 2 basic flavors: first party and third party. (To find out about first and third parties, read our next post.) First party cookies are good to OK; but you might think twice about third party.

The easiest and most powerful way to protect yourself from tracking is by using a private browsing session. (instructions: next post). In this case, nothing, about your session stays on your computer when you close the browser. You can’t come back to a search or be automatically logged in at any site. You should always use private browsing on a computer you don’t control.

If that is too aggressive, your browser can control what it does with cookies. With greater or lesser ease (instructions: next post), you can usually tell the browser to block all cookies or only third party cookies. You can also accept cookies but tell your browser to throw them away at the end of the session. This gives you the advantages of using cookies; but websites won’t know about you the next time you go there. FireFox also allows you to choose your action for every cookie you’re given. This gets tedious fast, but is revealing as to how pervasive cookies are.

Another option is to choose a browser that you never sign to a site or fill out a form. Use another browser for your shopping, Gmail, or social networks. Financial transactions ideally should be transacted only in a private session. Although you trust your financial institution; you may be logged in, either temporarily or permanently, to another site which might benignly or maliciously have a small chance of tracking you there.

Unrelated to cookies; if you follow a link to a site, it knows where you came from and, if a search engine, what the search terms were. So if you got here by searching “Block that cookie” on Bing; Blogspot (a Google service) knows that. Although this form of tracking is relatively benign and primarily used by a site to fine tune its own advertising, you can avoid it by not clicking the link, but type it into another browser.

On the other hand, there are ways that your computer may be tracked that don’t rely on html cookies or a specific browser.

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home

Friday, April 6, 2012

Are You Following Me?

Did you read Google’s new privacy policy as of March 1? Nope, neither did I.

The primary piece of news is that Google is now consolidating tracking information from all of their services. This means you have the same login, profile, and preferences for Gmail, Google Apps, YouTube, and more. That’s not scary – since before Google was a college project; AOL and Microsoft, among many other services, have had a single login so your mail and instant messenger shared contact lists.

What is scary is that Google can consolidate your information across sites that you don’t log in to explicitly or sites you don’t realize are part of the Google family. For example, if you read a blog about the Parthenon on Blogspot and search for information on passports; the next time you check your mail you may see ads for Mediterranean cruises.

This is because one web service can track you across multiple websites. Since ads on many websites may come from the same ad server, you can be tracked even if the address you enter is a completely unrelated to any other place you’ve been.

Many web services pay close attention to where you came from, what you do, and where you go to build a profile of you. The more they know about you, the more valuable you are to advertisers and the more they can charge. (They’re not necessarily identifying you as a person by name and credit card number, but you as a 45-55-year-old male in a large southern city with 2 kids in college and an income over $80,000.)

However, if you’ve been logged in to a site that tracks you – such as Google – then they can tie your information to a real person with a name, address, credit card number, and possibly other details you’ve given them or their partners. They may not use all that information, but it makes your ads – and search results – more focused. (It may also make your search results less diverse. If you have previously selected the Washington Post, you may never again see a result from Fox News.)

I’m not picking on Google exclusively. Google just happens to be the biggest target today. I am less concerned being tracked by Google than I might be by a lot of other services.

The good news is that you should be able to ameliorate a lot of the techniques to track you that web sites use. Keep reading here:

But if you really want to be scared about tracking, your smartphone itself and many of the apps you’ve installed may be able to track you – not on the web, but in real life. And at the moment, there may be no way to control that tracking while still taking advantage of the reasons you got a smartphone.

 Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home