Oh and a suggestion, let us make corrections to your auto generated voice mail transcripts.  I would happily do this if it meant the transcriptions would improve.

-Zach

- Zach

This is a temporary fix until the patch is released: http://support.microsoft.com/kb/2286198

Update 8/2/10 – There is now a patch available.  Everyone should run Windows Update as soon as possible.

-Zach

A few days ago I email Google Mail/Apps support about an issue I was having when using a Google Apps account at the same time as a Google Account.  When logged into both accounts in the same browser I would get an error message when I tried to view (in the Google Docs viewer) a PDF attached to an email in my Google Apps account.  Today I received an email from Google saying that they fixed the problem.  I can only image how many emails/bug reports they get daily.  To fix something that fast impressed me.  Thank you Google for all of the services you provide us.

-Zach

What is Social Engineering?
Social Engineering is a technique used by malicious attackers to make people believe the attacker is someone they are not.  A recent example:  An attacker hacks someone’s email account and goes through all of their email trying to find some identifying material they can use to appear like the owner of the hacked account.  The attacker then sends out emails to everyone in the address book of the hacked account and sends and email saying that they were traveling to Europe and lost all of their money, passport and whatever else they had with them.  They are asking you to send a few thousand dollars to an address in Europe to they can pay their hotel bill and come back home.  This may sounds convincing, but it is 100% fake.

How do I protect myself from Social Engineering?
Following this simple rule can protect you from almost everything.  If something looks somewhat suspicious, it probably is.  If you ever get an email from someone that is out of the ordinary, verify that it came from the sender before doing what it says.  NEVER click a link or reply to an email with login information to any site.  Also, never trust someone calling you on the phone.  Caller ID can be spoofed and cannot be relied upon.  If a company calls you asking to verify your information, take the person’s name and call them back with the companies number in the phone book or on their website.

Other forms of Social Engineering to be aware of.
One common form of Social Engineering today is websites posing as antiviruses.  Never click on something that claims to be your antivirus, but is not.  If you have Norton, ignore messages from anything other than Norton.  If you have McAffe, only pay attention to the McAffe messages.  If you get a message from some other antivirus, close the window.  If when you close the window it tries to download a file, click NO and close the larger browser window.

~Zach

So that brings me to another good practice if you are going to download attachments.  If you are using windows it is a good idea to turn off file extension hiding.  In a file browser window (any window where you are looking at files on your computer, for example, my computer or my documents), go to tools, Folder Options, View, and uncheck “Hide extensions for known file types”.  In Windows 7 go to Control Panel,  Appearance and Personalization, Click Folder Options, select View, and uncheck “Hide extension for known file types”.

But I have an antivirus, that will protect me right? Yes, and no.  An antivirus will try to protect you against known viruses and can sometimes detect unknown viruses.  But, it is not a guarantee that all viruses will be caught.  Also, virus scanners do not usually scan files downloaded in your web browser.  So, it is still a good idea to follow these practices whenever you download files on the Internet.

Second, clicking on links in emails can be just as dangerous as downloading attachments.  Links in emails can be disguised to make you think you are going somewhere that you are not.  For example, a link could say www.paypal.com and actually link to paypal.mymalicioussite.com.  Once you go to the fake site and try to login the attacker now has your login information and then can login to the real site using your information.

These kind of emails are called phishing.  It sounds like fishing, because that is exactly what the attacker is doing.  They put the bait out (the fake email), and wait for you to bite (you go to the fake site and enter info).  Often phishing emails state that your account has expired and in order for you to keep your account you need to reply to the email with your credit card number or login information or they give you a link to click that goes to a malicious site that could look exactly like the real site.

So what should you do?  Well, first never reply to an email with any kind of personal information (including username, password, credit card number, bank account numbers, etc), legitimate companies will not ask for this kind of information via email because email is not secure.  Second, when possible always type the URL of the site manually instead of clicking a link.  If, however, you do click the link, check the URL in your browser to make sure it matches the site you want to go to before entering any information.

Finally, you should know that email is NOT secure.  Anyone who has access to the equipment that your email passes through has access to the entire message.  It is not wise to send anything confidential via email.

-Zach

-Zach

Almost all computers today have hard drives in them.  This is a tried and true storage device used to store large amounts of data.  What many people do not know is that all hard drives will fail eventually.  Hard drives are mechanical devices and they do wear out.  To give a general idea of how long a hard drive will last I will say this.  If your hard drive does not fail in the first few months you will most likely have at least a couple of years of use.  After those couple of years your chances of the drive failing continuously go up.  This is the number one reason why a consistent backup routine is very important.

Now that we know that a backup routine is a good idea you are probably wondering how often you should backup and how you should backup.  The answer to the first question is that it depends.  How often do you have new data on your computer that you do not want to lose?  Truly you should backup each time you create something that you do not want to lose.  However, that is not usually practical.  The main idea is how much data are you willing to lose?  If you have a number of things every week that would be bad to loose then backup every week.  If it is longer you may not have to backup as often.  My personal backup routine is the following: I back up my documents every Saturday, when I copy photos from my camera I back them up immediately, I have a copy of my music and videos (which do not change often) on two computers.

Now, how do you backup?  The most straight forward way to backup your computer is to manually copy everything to a second device (another hard drive, a CD, a flash drive, another computer).  This is the simplest, but requires the most work on your part.  You need to remember to do it and you need to start the process.  There is software that you can download or buy that you setup once and it will automatically backup specified folders on a specified basis.  This is easier for the user because they do not have to remember to manually backup things.  However, often times it can be forgotten and the backups are not checked to make sure that they work.  One free program that does a fairly good job of automatic backup is SyncToy from Microsoft.

Another important thing to remember with backups is that simply having a copy sitting next to your computer may not be enough.  What would happen in the case of a natural disaster or a theft?  This is where the idea of “off site” backup comes into play.  It is a good idea to have a copy of the most important things in another location.  Give a copy to a friend or family member to store for you or use an online backup service to store a copy of your data on a server that is not in your house.  If you do not want others to be able to see your data you will want to make sure that the service that you choose encrypts your data on your computer before it is sent to them.  This is often an advertised feature for this very reason.

~Zach

-Zach

1. NEVER use words or commonly known arrangement of characters.
2. Never use your name or any part of your username, birth-date, siblings names, etc.
3. Use Special Characters, numbers, upper and lower case letters (You want at least three of the four in your password).
4. Do not reuse passwords.
5. At least 8 characters

Now for an explanation of why you need to follow those rules:

1. Words or other common arrangements of characters are the first thing that someone trying to guess your password will try.  Passwords are not cracked (guessed) manually, there are files that contain common passwords (rainbow tables) that programs can quickly use as a guess to your password.  If your password is only a dictionary word it will be cracked in seconds.
2. Again, your name and public information is easy for someone to find and guess.
3. Using a mixture of these three types of characters greatly increases the number of guesses that have to be made before a password is cracked.  Let us think about this.  Lets think about a 1 character password.  If only lowercase letters are used you have a 1 in 26 chance of guessing the password.  Adding upper case letters lowers the chance to 1 in 52.  Adding numbers and special characters decreases the chance of guessing it even lower.
4. If you reuse the same password everywhere and it is cracked in one location that essentially gives the attacker access to your accounts everywhere.
5. Each character that you add decreases the odds of guessing the password.  Today 8 characters is long enough that in most cases the password cannot be easily guessed.

Suggestions on creating passwords:

One common technique is to use one “main” password, but mix things in for each place that you use it.  For a really bad example) if you use “password” as your main password on Amazon you would use the password “ApMaAsZsOwNord”.  That is AMAZON and password mixed together.  For google you would use “GpOaOsGsLwEord”.  This same technique is useful when creating your main password.  For instance you make take your dog’s name and your name and the year you got your dog.  ZACH + doggie + 2005 = dZoAgCg2H0i0e5.  You just have to remember what you used and you can always recreate the password.

Another suggestion is to use a password vault.  This is a piece of software that you install on your computer.  You have a password to login to the vault and then it generates a new random password for each website that you go to.

The last thing I am going to say is that these techniques do not guarantee that your password will always be safe.  All passwords are crackable, it is just a matter of time.  If you follow all of the guidelines your password will be strong enough for most cases today.

~Zach