Archive for the ‘Security’ Category

I get a lot of email. A LOT. Between work and personal emails it is a wonder I find time to do anything other than answer or deal with emails.  All I know is, that on those days when something goes wrong with our email server, there is a lot more work getting done, although the urge to keep checking to see if it is back up and running does cause some stress.

Part of the curse that is email, is dealing with spam and junk emails. If you set your filter too strict you end up missing important emails, and if you don’t use any filtering you end up with so much crap to deal with you will be pulling your hair out.  Of late I’ve noticed an increased amount of utter crap coming in again.  Not sure why, seems to be a cyclical thing every few months, and I have to laugh at the horrific spelling and grammatical errors in the emails and wonder if they ever catch anyone in their webs with these?  Below is a perfect example of what i mean…


The nice thing is that the spelling and grammar mistakes usually make it easier to spot the spam. (‘appliance’ used when they meant ‘application’ for instance)

Another dead giveaway is the “actual” email address that the email is coming from or directing you to reply to ( in the example).  More often than not, you will see a link that when you hover over it you can see the address which rarely matches the supposed subject (witoptions in this case does, but if you google it it doesn’t exist as a company and is fishy enough not to clink the link) and takes you to some ad website that will get you stuck in an endless loop of trying to close popups and pop-unders.  A good idea is to use a domain lookup site like “Whois” and check the domain name to see if it is even valid.  If it’s a real site, there will be info on it.  That doesn’t mean it is a valid website or email, just a better chance that it might be legit.

When spotting spam in the wild, there are tons of common phrases to look for.  Offering pills is big one of late, and I’m sure we’ve all seen at least one from some President of some foreign country offering to send us money if we give our banking info.  Many make vague statements about you and your previous involvement with their company, or offering you something for nothing.  Typically I find it best to toss any suspicious emails without even opening them just by previewing the subject line.  It used to be you could create a list of words to block, but even that is getting tougher since many bots or people substitute other letters or characters for some letters in words to sneak thru.  A bracket ‘(‘ for a capital ‘C’ for instance, or using the number ‘0’ for the letter ‘o’.

Remember, no bank is going to contact you via email and request info, or confirmation of any interactions you’ve had with them, so anything you get from any bank it is best to assume is fraudulent and follow-up with your bank directly.  I’ve even forwarded a few emails to my bank so they are aware and can warn others.

The old adage, “when in doubt throw it out” is never more on point than when dealing with email nowadays.  Thankfully the scammers and spammers are attacking in bulk and hoping they get one response out of the thousands they send out, and as such their attacks are easily spotted with a little vigilance.  Keep your eyes open and be careful what you click on or reply to.

“He is most free from danger, who, even when safe, is on his guard”. (Publilius Syrus)


wiresWith more and more laptops and tablets becoming the mode we stay connected, the Ethernet cable is slowly becoming a thing of the past, especially with a recently reported 7 percent of north american consumers already dependent solely on smartphones for Internet access.  It easy to see the writing is on the wall for wired connectivity.  Add to that the slow shift from land-line telephones to cellphones, and you can see the winds of change blowing.

Those same winds are also helping to encourage workers to use their own devices at work.  The whole Bring Your Own Device (BYOD) movement is gaining momentum in the workplace and companies for the most part are encouraging it, seeing it as a free way to get new tech in the hands of the workers for no cost to themselves, or at least, very little cost.  That however, may be more dangerous than the corporate bean-counters are aware of.  IT needs to be aware of the situation and figure out how to best provide fast, secure, reliable wireless network access while remaining cost-effective.

Some interesting stats:  Wireless usage in the corporate environment is around 25%, and expected to be near 35% within 18 months.  Roughly half of all employees are using their own devices for business purposes, and the vast majority of those employees are using more than one device.

What this means is that right now about half of the people using their own devices are also footing the bill for their data consumption while at work, rather than connecting to the office network, but this is bound to change.  Employees will want the ability to use the corporate network, but IT will want to control the info and access to ensure security.  And rightly so.  On both parts.

Encouraging employees to work from outside the office can mean that employees are more readily accessible even during non-working hours which is a win-win for management when done with BYOD.  Wireless LAN can be a great way to encourage employees to work from anywhere within the office, and even from outside the office if a secure connection to the corporate network can be established, but it needs to be secure and monitored and limited.

The change is coming, make sure you and your company network is ready for it.  Wireless connectivity is soon to be a must have in any office, and VPN is not far behind.  Security is the most important part of the puzzle but hot on its heels so to speak is the need for a fast connection without bandwidth limits, and IT needs to spend the money now to prepare and get it in place ahead of the need rather than trying to retroactively address the situation.

It seems fitting to end with a quote from the man who pioneered electronic communication as we know it today, Alexander Graham Bell,… “before anything else, preparation is the key to success“.


lockMarch is Fraud prevention month, and the recent problem with web services being hacked has made me a little more cautious about my online habits.  One that stands out is the hacking of Evernote.  While they were quick to make adjustments to their programs to force users to pick a new password, the fact of the matter is, many people use the same usernames and passwords on numerous services or devices and having them “out there” for the hackers is a scary thing when it comes to personal information.

I’m sure most people do it, they have 3 or 4 common passwords and cycle thru them. As a matter of fact, I’m sure of it.  I’ve seen people in my office do it when trying to remember a specific site’s password.  If one of those is out there in the wild and you are using the same username in a bunch of places, odds are any hacker worth their salt will be able to find the commonalities and abuse them.  If you don’t want to use a different username on everything you sign up for, then at least use a different password for everywhere/everything you use that common username on. If you are worried about forgetting your passwords, or at least forgetting which one is used where, there are plenty of apps out there to help you with that.  My app of choice for the past few years is 1Password and I know I’d be lost without it, thankfully it is installed on my iPhone, iPad and MacBook Air so it is always with me.

Don’t be too quick to reset info or provide more info.  If you get a request, be it email or a pop up on a website to verify your information, don’t just take it at face value.  Wherever possible, call your bank or whoever is requesting the info.  It is still difficult to hack a telephone call.  Many sites have two-step verification in an attempt to eliminate the hacking of passwords, since you have to match a phrase or image as well as input your password.  That’s not to say they are unhackable, just more difficult.  The old adage “an ounce of prevention…” still holds true when it comes to your personal info.  Think before you share too much.  The more info you put out there, the easier it is for you to be spoofed or hacked.  Especially when most people’s passwords are either a child’s name or a pet’s name.

Facebook, Twitter and all the social networking sites make it so easy for us to share our lives (and info) with the world, just be careful you are not sharing too much and opening yourself up to personal identity disaster.  Check those security settings and use them.  If you don’t understand them, find out what they mean.  It only takes a few minutes to be safe and can potentially save you tons of time, money and headaches later on.


So, you downloaded Mountain Lion, and everything was good.  Then went and grabbed a new third-party update for a program only to find that when you double-click it you are greeted with a new dialogue box telling you that you can’t do that. What the heck?
Don’t fret, it is supposed to work that way and unbeknownst to you, it’s in your settings to behave that way as the default, but you can change it easily enough.

you used to be able to double-click

right-click or ctrl-click to get this

The default is to allow only Mac App Store apps to install by double-clicking, which is a change from the old way where double clicking gave you the option to install.  Now if you want to install you need to right-click or control-click the app and select “Open” and you will be greeted with the second screen grab.

It may seem a tad goofy at first, but it’s all about security and meant to work that way to help stop you from installing something that could be dangerous.  Viruses, for example.  Yes they do happen on Macs just not very often… yet.  Those nefarious types are trying though.  So far Windows is an easier larger target to hit, but some do like the challenge of the Mac OS and are playing around with little nasties to infect our pretty little Macs.

Getting back to the settings, if you go into System Preferences, in the tab for Security and Privacy (shown below) you can change the setting, but it will make you more susceptible to any scams and viruses that may be disguised as apps you wanted to download and install.

you can change by clicking the lock and then selecting Anywhere

But as the warning says…

i’m not fond of this setting, left it as is

My personal preference is to leave the setting as is and be more secure.  Just have to retrain myself to not try to double-click apps to install them.  That adage about old dogs and new tricks comes to mind, but it is better to have to click a couple more times to install something, than to mistakenly install something nasty that could take hours to remove properly and irrevocably damage or delete irreplaceable files.  Don’t treat installers like the way most treat EULAs.  Make sure you know what you are installing and meant to do it.


When people hear “terminal” they immediately think of being at death’s door, which is why it confuses me why Apple calls their command-line program Terminal. It is not something to be hiding from. The command-line is something that can be very useful. For instance, seeing everything on your Mac can make it easier to perform certain functions, such as deleting the files associated with the FlashBack virus.

There are all kinds of stories about the FlashBack virus, and if you are concerned you may have it, go to github and download the checker app here.  It’s a small download and while it won’t remove the virus from your Mac, it will check to see if you are infected.  If you are infected, thankfully Apple has addressed the issue, although many people had already followed the directions to remove the virus manually, such as one of my coworkers.  It  is not that tough to do, but you do need to fire up the Terminal and get all command-liney with it.  If you want to do it the easy way, check out the Apple security update info here.

Getting back to the Terminal though, one thing that comes in handy as alluded to earlier, is the ability to see all the hidden files on your Mac.  Part of removing the virus manually requires you to get rid of a few hidden files buried deep in your library.  The easiest way to see the hidden files is with a third-party app like MainMenu (paid), TinkerTool (free) or Onyx (free).  But if you don’t have any of those already installed, don’t despair, Terminal is pre-installed on every Mac running any recent version of OS X.

Open it up and you are greeted with a screen that harkens back to the old DOS days of typing out commands.  At the command prompt type the following…

(NOTE:  all commands below are to be typed without the quotes.)

defaults write AppleShowAllFiles TRUE

then return and type:

killall Finder”

You will now see all the hidden files in all directories and on your desktop.

and to change it back:

defaults write AppleShowAllFiles FALSE”

again followed by:

killall Finder

The command is the same, just changing the last word which is the setting from TRUE, being on, to FALSE, being off.  A simple setting that gets repeated all over the place in any Unix based OS like OS X.   Many times commands are either on or off, true or false.  That is just one simple example of what can be done with just a few words and no need to install anything.

The Terminal is your friend.  Don’t be afraid, but do be cautious.  A spelling mistake can prove disastrous.  I hope it is not too late to mention, but remember to backup your Mac before you start deleting anything, even if cleaning off a virus.  There are no do-overs or undos when it comes to Terminal commands.

Happy command-lining,