Live Chat Sales: 561-247-2422

 

 

Dear Valued Customers,

We are very excited to announce that WebSmith is now part of the Rebel Internet Systems & Technologies family of companies.  Rebel IST brings a breadth of experience and knowledge in secure hosting services, such as HIPAA compliant and secure dedicated servers, as well as a strong background in IT and cybersecurity.   We look forward to telling you about all of our product offerings in the coming months.

Rest assured, WebSmith will remain intact and operating as usual.  You will meet some new members on the team, but Ron & Pam Van Alstyne will remain onboard for the foreseeable future to ensure a smooth transition.

On behalf of myself, VP: Dan, Cybersecurity Specialist: Jon, and Customer Service / Operations Manager: Clint, we are thrilled to have WebSmith join us and look forward to continuing the tradition of offering everything you need to keep your business operating in the digital world!

 

Regards,

Doug Becker

President & CEO

 
 

You've probably heard about the Equifax data breach that's making headline news. Investigators have discovered that it was preventable.

Sensitive information on 143 million people was stolen because Equifax had failed to apply a security patch that was available two months ago. Two executives have now resigned and the company is the target of law suits.

If your systems aren't patched on time, you increase your risk of being attacked.  Half of all attacks target small businesses.

How to Check if You Are Vulnerable:

A security scan of your systems can help determine your vulnerabilities. Make sure that all of your software patches are up-to-date.

We help our clients manage their IT security proactively.

Contact us today for a custom assessment to learn how "at risk" you are and what you can do to protect your business.

Contact Us

Please share this alert with your friends at other companies. We might be able to save them from being a victim.

So far we dedicated several articles to the interesting, low-level ransomware called Petya, hijacking the boot sector. You can read about it here:

Each of those versions was using Salsa20 algorithm to encrypt Master File Table and make disk inaccessible. However, due to the implementation bugs the intended algorithm was weakened – giving a chance to recover data.

Unfortunately, as always in such cases, it is just a matter of time when cybercriminals get their cryptography fixed. Petya’s authors got it right at the third attempt. The currently launched wave of this ransomware finally seems to have the proper Salsa20.

Behavioral analysis

Behavior of Petya didn’t changed – we can see exactly the same UI like in the previous green edition:

Inside

Let’s take a look at differences in the code. Using BinDiff we can spot, that not many functions have changed. However, those that were giving weak points to the previous edition are modified.

main_changes

Salsa20

First of all, let’s take a look the function s20_littleendian that was causing the major bug in the last release. Due to it’s invalid implementation, only 8 out of 16 characters of the key were meaningful and brutforcing the key was easier (working solution has been implemented by procrash). Detailed explanation of this bug you can find in the updated post about the previous Petya – under the section “New Petya, new bug”.

On the left – you can see the implementation of the buggy function (from the previous edition). On the right – current, fixed implementation:

fixed_s20

Explanation
The old implementation was truncated – it didn’t used 32 bit values as it should – only added a sign bit expansion to the 16 bit value:

static int16_t s20_littleendian(uint8_t *b)
{
  return b[0] +
         (b[1] << 8);
}

Now, authors got the proper implementation, using 32 bits. So, the last bug in Salsa20 got finally fixed, making implementation complete.

Key

In the first (red) version of Petya  authors used 32 byte long Salsa key – that was, however, generated from the 16 byte long key, using a custom function to pre-process it and extend.

In the second – green edition, they gave up this idea and applied the original 16 byte long key, without any modification.

This time, they changed mind and went back to the first solution of using 32 byte long key, yet with some improvements. Again we can see expand32 in the code (instead of expand16 known from the previous edition):

expand32

When the victim insert the key for the verification, before using it as a Salsa20 key, it is preprocessed by a new algorithm (more complex than  in case of Red Petya):

process_key

Conclusion

New edition shows that the project is reaching maturity – however, as we can read on the associated onion page – it is still a beta version and we can expect that it will keep evolving. Below – fragment of Petya’s RaaS website:

beta

We are not yet sure about the distribution method, but probability is high, that also this time it is spam with a link leading to cloud storage. We strongly advise to be extra vigilant for the job applications coming this days – it proven to be a common cover for Petya/Mischa dropper. More information about it you can find in our previous articles about Petya.

Reprinted from Malwarebytes Labs.

You log onto your computer and it takes forever to boot. When it finally does, a few unfamiliar applications litter your desktop, and your browser immediately sends you to an ad for hair loss products.

Sounds like your PC has a problem with malware.

So what should you do? Before you flip out, try these simple steps to clean up your infected computer.

Computer acting suspect? Do a little digging and check for symptoms.

  • Does your web browser freeze or become unresponsive?
  • Do you get redirected to web pages other than the ones you are trying to visit?
  • Are you bombarded with pop-up messages?
  • Does your computer run slower than usual?
  • Do you see new icons on your desktop that you don’t recognize?

 

 

 

 

These are just some of the issues that are characteristic of a malware infection. Unfortunately, even if you see nothing wrong with your computer, there may be trouble brewing under the surface, sneaking around and screwing with your files undetected. So here’s what to do:

  1. Use protection: Enter safe mode.

    • Remove CDs and DVDs, and unplug USB drives from your computer. Then shut down.
    • When you restart, press the F8 key repeatedly. This should bring up the Advanced Boot Options menu.
    • Select Safe Mode with Networking and press Enter. Only the bare minimum programs and services are used in this mode. If any malware is programmed to automatically load when Windows starts, entering safe mode may block the attempt.
  2. Back up your files, including documents, photos, and videos. Especially cat videos.

    • Do not back up program files, as those are where infections like to hide. You can always download these programs again if files are lost.
  3. Delete temporary files.

    • To speed up your virus scanning, free up disk space, and possibly even get rid of some malware, delete your temporary files using Disk Cleanup.
    • For Windows 8, select Start and search for System Tools. Then select Disk Cleanup. For Windows 7 or lower, select Start, Programs, Accessories, System Tools, and then Disk Cleanup.
  4. Download an on-demand malware scanner such as
    Malwarebytes Anti-Malware.

    • Follow set-up instructions and install the program.
  5. Disconnect from the Internet. Then run a scan.

    • If you truly believe you are infected, do not pass go, do not collect $100. Just go directly to the scan. If you do have an infection, your on-demand scanner should let you know that you in danger, girl. A list of scan results tells you what malware was found and removed.
  6. Restart your computer. After all, everyone deserves a second chance.

  7. Confirm the results of your anti-malware scan by running a full scan with another malware detection program.

    • Restart again if the program found additional infections.
  8. Update your operating system, browser, and applications.

    • If there’s an update available on any of your software, go ahead and do it. Some of the most dangerous forms of malware are delivered by “exploits” that take advantage of out-of-date software.
  9. Reset all of your passwords.

    • Before being deleted, malware could have captured your passwords and forwarded them to hackers. Change each and every password you can think of, and make sure they’re strong. None of this 1, 2, 3, 4, 5 business. That’s the combination an idiot would use on his luggage.
  10. If, after all of these steps, you’re still having problems with a possible infection, feel free to contact us.

 

 

Tuesday, 12 May 2015 14:17

RANSOMWARE - Under Attack!

Ransomware is a type of malware that prevents or limits users from accessing their systems. It forces its victims to pay aransom through certain online payment methods in order to grant access to their systems, or to get their data back. No device is safe. Ransomware targets desktop computers, file servers, smartphones and laptops. Several examples of ransomware have become very well known because of their reach and cost to those infected.

RANSOMWARE FACT SHEET

It says a lot about the brashness of criminals when even law enforcement agencies become their victims. That’s exactly what happened in late February when a police department in Illinois paid a $500 ransom to unlock a department computer after it was infected by ransomware.
 

PREVENTION STARTS WITH PEOPLE

 
When it comes to preventing any virus, including ransomware, your first step should be to reduce the potential for human error. It helps to know what to watch out for:
 

Avoid sites that offer pirated or free software,music, movies or TV shows.

Watch out for emails claiming to be frombanks or government agencies.

Don’t click on a link or attachment in an email or text message if you don’t know the source.

 

ROLL BACK THE CLOCK ON RANSOMWARE

 
If your files are being held hostage, we can help. We offer both Carbonite Pro for workstations and Carbonite Server Backup to enable you to roll back to a time before your files were infected, so you can restore an uncorrupted version of the file. The key is making sure you’re backing up regularly and using Carbonite before you become a target.
 

CRYPTOLOCKER

 
Renders data files unusable unless the victim pays for a key to unlock infected files. It’s usually triggered when a user downloads an attachment or clicks
on a link in a email disguised to look like it’s coming from a friend or business partner.
 

CRYPTOWALL

 
Incorporates data-theft malware, which allows the virus to steal potentially valuable data from infected systems, whether or not the victim pays the ransom.
 
TORRENTLOCKER
 
First appearing in August 2014, it’s made from components of CryptoLocker and CryptoWall. It’s typically distributed via emails that pretend to be shipping
notifications, driving or speeding violations, or other corporate/government correspondence.

CRYPTOFORTRESS

 
Making headlines in February 2015, it looks similar to TorrentLocker. It encrypts files with a 2048-bit RSA-AES encryption routine. This type of encryption
would take a standard desktop computer 6.4 quadrillion years to decrypt.
 

PACMAN

 
Debuted in early 2015. It uses very convincing Dropbox links to fool victims. Its first targets were Danish chiropractors who received emails with the subject line,
“Possible new patient.” The email contained Dropbox links to MRI and CT scans, which launched the ransomware.
 

Recent FBI investigations reveal that ransomware authors continue to improve ransomware code by using Tor hidden services for end-to-end communication and bitcoin to collect ransom payments. The increase in sophistication is likely due to lessons learned by cyber criminals following the FBI seizure of Cryptolocker domains and backend servers in late May 2014.

First identified in late April 2014, CryptoWall was the first ransomware variant to accept payment exclusively in bitcoins. CTB - Locker, which was released in mid - June 2014 (after Cry ptoWall) , also requires ransom payment exclusively in the form of bitcoins. The operators of CryptoWall also use numerous bitcoin addresses to receive victim payments and route transactions through multiple addresses. The fund flow pattern and the use of an unregistered exchanger concealing its true location hinder efforts to trace the victim payments to their final destination.

At the end of July 2014, a more sophisticated variant of CryptoWall, CryptoWall v2, emerged. The new variant uses a modified Tor executable to communicate with up to three Tor hidden service C2 servers hardcoded into the program. The modification was likely to remain competitive with newer malware variants like CTB - Locker. CryptoWall victims are provided with an Internet Web address where they can access the ransom payment page, decrypt one file as proof that their files can be recovered, or contact CryptoWall support. The URL for this site is a Tor hidden service; however, the actors provided a Tor bridge, which allows victims to access the Tor site via the Internet. CTB - Locker is the first ransomware to use Tor for its C2 infrastructure. CTB - Locker uses Tor exclusively for its C2 servers and only connects to the C2 aft er encrypting victims’ files.

Additionally, unlike other ransomware variants that utilize the Tor network for some communication, the Tor components are embedded in the CTB - Locker malware, making it more efficient and harder to detect

 

Precautionary measures to mitigate ransomware threats include:

Ensure anti-virus software is up-to-date.

Implement a data back - up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location.

Backup copies of sensitive data should not be readily accessible from local networks.

Scrutinize links contained in e-mails, and don’t open attachments included in unsolicited e-mails.

Only download software - especially free software - from sites you know and trust.

Enable automated patches for your operating system and Web browser

Monday, 22 December 2014 13:41

Microsoft and Google hit with DDoS Attack?

What is a DDoS Attack?

For a lot of us without an understanding of network security, it is easy to think about DDoS attacks as a single thing companies can simply solve. But the term DDoS covers a large class of malicious attacks on network or internet infrastructure, so while some defenses may be simple, others are not so easily constructed.

Some DDoS attacks flood servers with traffic in order to bring them down, but the most common DDoS attacks work at a network layer, blasting senseless traffic at target systems, in this case Microsoft and Google, hoping to overwhelm them and exhaust all available bandwidth.

However, other denial-of-service attacks can include locking other users out, like through multiple failed password reset attempts knocking out your services. Administrators and software must Identifying the attacker against all of the legitimate traffic. 

Unstopped, and it's very difficult, the lethal traffic ends up causing a shutdown of the target servers, and/or squeezing out legitimate traffic to and from the target.

Why are DDoS Attacks so Difficult to Defend Against?

The mix of distributed attacking traffic and legitimate traffic during a DDoS attack is precisely why they’re so hard to defend against. When you’re being simultaneously bombarded by hundreds or thousands of attackers it takes valuable time and bandwidth that you and I don’t have. Some companies choose to treat DDoS attacks as an occasional inconvenience, as it's just so difficult to defend against them.

What Can Companies Do?

We need to get tougher at finding where these attacks originate and with government help in international cases pursue them to the end. Prosecution without fail will deter them, new technologies are needed to stop them! We take this very seriously and have many systems in place to protect our network, as an end user you can take Microsofts advice and tighten your own network down: http://msdn.microsoft.com/en-us/library/cc722931.aspx

 

 

What is CryptoLocker?
CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

What should you do when you discover your computer is infected with CryptoLocker?
When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files. Some people have reported that once the network connection is disconnected, it will display the CryptoLocker screen.

Is it possible to decrypt files encrypted by CryptoLocker?
Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.

Will paying the ransom actually decrypt your files?
Paying the ransom is no guarantee you will have your files restored, but this is a descion you will need to make if you have no backups of vital files infected by this virus. Paying the ransom will start the decryption process of the CryptoLocker infection. When you pay the ransom you will be shown a screen stating that your payment is being verified. Reports from people who have paid this ransom state that this verification process can take 3-4 hours to complete. Once the payment has been verified, the infection will start decrypting your files. Once again, it has been reported that the decryption process can take quite a bit of time.

Be warned, that there have been some reports that the decryption process may give an error stating that it can't decrypt a particular file. At this point we have no information as how to resolve this. Visitors have reported that the infection will continue to decrypt the rest of the files even if it has a problem with certain files.

How do you become infected with CryptoLocker?
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

The current list of known CryptoLocker email subjects include:

  • USPS - Your package is available for pickup ( Parcel 173145820507 )
  • USPS - Missed package delivery ("USPS Express Services" )
  • USPS - Missed package delivery
  • FW: Invoice
  • ADP payroll: Account Charge Alert
  • ACH Notification ("ADP Payroll" <*@adp.com>)
  • ADP Reference #09903824430
  • Payroll Received by Intuit
  • Important - attached form
  • FW: Last Month Remit
  • McAfee Always On Protection Reactivation
  • Scanned Image from a Xerox WorkCentre
  • Scan from a Xerox WorkCentre
  • scanned from Xerox
  • Annual Form - Authorization to Use Privately Owned Vehicle on State Business
  • Fwd: IMG01041_6706015_m.zip
  • My resume
  • New Voicemail Message
  • Voice Message from Unknown (675-685-3476)
  • Voice Message from Unknown Caller (344-846-4458)
  • Important - New Outlook Settings Scan Data
  • FW: Payment Advice - Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]
  • Payment Advice - Advice Ref:[GB2198767]
  • New contract agreement.
  • Important Notice - Incoming Money Transfer
  • Notice of underreported income Notice of unreported income - Last months reports
  • Payment Overdue - Please respond
  • FW: Check copy
  • Payroll Invoice
  • USBANK
  • Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages)
  • past due invoices
  • FW: Case FH74D23GST58NQS
  • Symantec Endpoint Protection: Important System Update - requires immediate action

 

 

CryptoLocker and Network Shares CryptoLocker only encrypts data stored on network shares if the shared folders are mapped as a drive letter on the infected computer.
Despite what some articles state, CryptoLocker does not encrypt data on a network through UNC shares. An example of a UNC share is \\computername\openshare. It is strongly suggested that you secure all open shares by only allowing writable access to the necessary user groups or authenticated users. This is an important security principle that should be used at all times regardless of infections like CryptoLocker.

Prevention
Most viruses and spyware issues come through web browsers and email software. Having a secure web browser like Firefox will help lower infection rates. Services like Gmail offer better junk mail protection and lower the possibilty of opening a bogus email containing a virus. A two tier backup system will save your computer and files if you happen to be affected by this virus. A backup software like Acronis True Image will take a snapshot of your whole system, including files and programs. This will allow you to restore your whole computer before the virus caused any issues. While Carbonite, another backup program can safely backup your files in the cloud. Should your PC become compromised you can download your backed up files directly to your PC after removing the virus.

Here are a Few Tips to Follow
Use Firefox as your web browser. Make sure you are using an antivirus software designed for your computer and is up to date, like Microsoft Security Essentials. Make sure you are using a backup sotware as mentioned, like  Carbonite. The main bullet point, Please be Careful What You Click On.

Friday, 02 June 2017 00:00

Crappy service in the crapper?

I know, that sounds bad, or at least stinky... But, if you are like me you have that room in the corner of your house where you do some reading - I hope it's not an out-house. In the old days we'd "grab a seat" and read the paper or a new magazine.
Now, we flip open our tablet and expect FaceBook, CNN, and our email to work at the far reaches of our homes...yes, even in the bathroom! If you're like me, the range is just not there. And, boy, there is nothing worse than getting all set and finding you have no bars!
Ok, already - I can hear you say, what is the solution? Glad you asked! Assuming you already have a wi-fi router in your home, you can add a wi-fi extenter to your network. They are relatively inexpensive and extend the range of your current wi-fi for those hard to reach locations.  It's really not hard to do, and most of you could do-it-yourself. If you are not one of them, feel free to call us we can help!
As usual if there is anything we can do to help you with your business, website, email, or even add Wi-Fi to your throne we are just a phone call or email away!

For most of us, a hard drive failure in any month would be a major setback - this month we have one less day than last month, so lets eliminate the risk!

If you can do these three steps:

1) Image back up your hard drive;

2) Uninstall any program you don't recognise and all your antivirus programs;

3) Reboot and instal Microsoft security essentials.

I'll gladly give you more detailed instructions if you need them. But, TRUST ME it's that easy! Once that is done, your computer will be running faster, will be safer, and if you do have a failure - you have the image back-up.

Now, I recomend going a step further and setting up a cloud back-up too. That also is very easy, once that's done all you need to do is set it up once and you are forever protected. I recomend Carbonite and we offer it as a service. Just drop me an email and I'll give you the details and set you up!

As usual if there is anything we can do to help you with your business, website, email, or even to just chat about back-up we are just a phone call or email away!

Contact me for anything, really - I look forward to your email or call!

Last month I spoke about a slow running PC, this month I want to talk about a slow running web site and how it can effect your business.

When you create a website design it's wise to go the extra mile ensuring your website has the speed your visitors need, or your site risks getting passed by.

It's well known that you have about 3 seconds to capture your visitors interest before they hit the back button and click on another google result! As you might imagine it's imperative that your site comes up, loads fast, and your message is front and center for your visitor. I think we've all searched google for somthing, pages of results come up - we click one, and if it's blank or loading slowly we hit back and try another. We can go back and forth very quickly untill we land on a site that comes up AND looks like it fills our needs.

Making sites work like this is a science, it's taken for granted by the visitors and often overlooked by site owners.

If you want to learn more on speeding up your site click here. As usual if you have questions or if there is anything we can do to help you with your business, website, email, or even to help change or speed up your web site - we are just a phone call or email away!

Contact me for anything, really - I look forward to your email or call!

Monday, 03 March 2014 00:00

Are you ready to SUBSCRIBE?

Well, ready or not here comes subscription everything! It seams in study after study people would rather pay a "small" monthly charge than buy these days. We've seen rental rates go up, we've noticed car leases on the rise - but software? Is that going too far? The industry sees it as a way to increase revenues and lock in customers. Subscribers feel it's an easier pill to swallow (the smaller monthly charge) than the upfront cost of the program. Whichever side of the fence you are on I have some concerns:

1) Will it be available? After all, if you subscribe the software really isn't in your possession, you'll need to connect to get it;  If you're connected, no software.

2) Will it be up to date? In the past, software developers made improvements and offered them as updates (some free, some at a small charge) to keep your copy fresh and in the new. Once they have your monthly payment what will entice them to update the product for you?

3) Will there be a version for you? The subscription plan or plans will be streamlined, many small features of the "package" may be omited to enhance speed of delivery for the masses at the expense of the individual;

As with anything new, I'm sure the offerings will change dramatically over the next few years. Now is the time to start thinking about if and how subscription based software can affect your business or your home...

As usual if there is anything we can do to help you with your business, website, email, or even software subscriptions we are just a phone call or email away!

Contact me for anything, really - I look forward to your email or call!

 

I won't mention names, one of our clients were hacked this week, like each of us - busy running our own companies, the last thing they wanted was a complete disruption of their business! It's terrible, it's disrupting, and it's just not fair!

It can happen at any time, and it can happen to you. There are 9,500 websites that are blacklisted on a daily basis due to malware infection, many are shutdown. Statistically 4% to 20% of websites get infected each year, websites just like yours and mine.

People ask "why me"? In most cases it's just unlucky to be one of these shutdown sites. There's not usually a person actually working on hacking your site, what they do is write scripts that go out and search for a certain type of program, a form, a blog, and many other parts that are in everyone’s website. They come up with a way to inject code and HACK with this script - it's sent out on the search and if your unlucky, it finds your site latches on, injects some "phone home" code and then the phishing begins... Trust me, it's not good old fishing, it's a technique used to trick people out of their passwords!

Bottom line - hackers are out there, you should protect your home computers, your website, and databases. Everyone has heard of protecting home computers, but just how can we protect our websites?

First, you should be hosting with us (yes I'm biased) - we offer state-of-the-art cloud hosting and it's harder to hack updated new platforms.

Second, you should update your site with the latest versions of your software - if it's older it's easier to get hacked.

Third, I recommend backing up your site at least monthly that way should anything happen the worst case would be rolling back 30 days - no big deal! Oh, if you have a CMS site like Joomla or WordPress you'll need to back up the databases too.

Finally, a security monitor if you really want to cover yourself, these monitor your site hits on an individual basis and can challenge the user (or script) if certain telltale signs of a hack occur effectively blocking the attack!

Remember since big guys like the NY Times and eBay get hacked you'll have to realize nothing is foolproof - a simple backup can keep you from having your back up against a wall!

Contact me for anything, really - I look forward to your email or call!

This Christmas many Americans learned the hard way that last-minute shopping online poses far too great a risk of spoiling their holiday cheer.

Let’s face it. We are a nation of procrastinators. Down-to-the-wire holiday shopping is part of who we are – for better or for worse. Year-in and year-out, stores and shopping malls are packed every Christmas Eve. And, although brick and mortar retail has ceded tremendous market share to online shopping, last minute Christmas shopping may be one occasion with a barrier to entry that online shopping will have a hard time overcoming. The bottom line is: Christmas morning is one time when a gift absolutely has to be there - so, to paraphrase FedEx, “when it absolutely, positively has to be there" …perhaps it’s just smarter to buy the item at your local store. (Watch link here.)

This is the realization hitting Americans and it will have a lasting effect. News that overcapacity at UPS caused thousands of Amazon packages to be delayed and not reach their destinations in time for Christmas will dampen the final online rush in 2014. It means less potential revenue for online retailers in the final week preceding the holiday – and more sales for brick-and-mortars. (Either that, or we’ll all have to get our act together and finish our shopping ahead of schedule. Doubtful.)

Amazon customers are angry but, the company has (rather skillfully) deflected the debacle onto UPS, reminding customers it was the mail carriers’ fault. Still, Amazon was the organization promising its customers Christmas Eve delivery and, as such, runs the risk that it will lose customer trust. Customer trust is the intangible, and most important quality, a retailer can offer. To its credit, Amazon is offering free returns, $20 gift cards, and a refund on shipping costs. But, it still doesn’t make up for gifts that didn’t arrive. After all, certain things, cannot be corrected after the fact.

The good news is: While this year’s holiday delays may not only force UPS and FedEx to better streamline their systems, they may also provide an incentive for Amazon to focus more attention on its delivery modes, including more research into the so-called “prime delivery drones” that Jeff Bezos is testing.

In the meantime, the bad publicity is bound to affect online shopping. This Christmas, millions learned that gifts are in the hands of organizations that have yet to prove they can manage increasing demand. We should all think twice before believing in the delivery system again.

Author: Trish Regan

Contact me for anything, really - I look forward to your email or call!

Data dump; Stolen credentials

After the bureau claimed authorities dismantled the hacktivist collective, Anonymous responded with a leak of thousands of records containing law enforcers’ personal information.

An FBI agent last week said the 2012 arrests of several activists, lead to a drop in hacking activity.

Now Anonymous has released several documents, with thousands of lines of personal information. “The collective used a restaurant's compromised website, Texas' The Federal Grill, to host them,” CSO reports.

The records appear to be stolen from the FBI’s Regional Forensics Computer Laboratory. “One document contains a list of first and last names, email addresses, location (state), InfraGard status, Operating system type, browser type, and IP address. The document appears to be a registration list taken from a website's database for a law enforcement webinar. A majority of those listed are active law enforcement.”

Plus, there's “a sorted list of 19,329 law enforcement email addresses. This list spans several states and agencies, and many of the email addresses are formatted with the person's name, but others use what seems to be a badge number. . . After that, a list of names, agency assignment, and cell phone numbers (claimed to be BlackBerry), were also published.”

A separate spreadsheet file, titled SWAG, allegedly contains email addresses, phone numbers, and full names for Federal Reserve employees, as well as other information such as employment assignments.

In a statement, the Fed said that the leaked data was likely taken during a breach disclosed earlier this year.

People who viewed the leaked FBI information also questioned its age, speculating that it was taken some time ago and only recently released.

sector

Financial Services; Government (U.S.)

reported

August 26, 2013

reported by

CSO

number affected

Thousands

location of breach

United States

perpetrators

Hacktivists

location of perpetrators

Unknown

date breach occurred

Early 2013

date breach detected

Early 2013 and August 2013

Ok, here are some new words added to dictionaries in the 1990s. Did they last?

Applet: This one caught on, didn't it? But only in its abbreviated form, app.

Boot Up: In the old days, a computer booting up could take a minute or two as technical arcana flashed up your monitor. That's not how most computers work anymore, and slowly, I think we're losing this word. And in its more figurative meaning — go through the turning-on process — we have "spin up" and "start up."

Browser: This one has stuck. It certainly is more likely to mean the piece of software we use to move around the web than someone looking through a store.

Cowabunga: This word has nothing to do with technology. Still. You kind of miss it, too, right? It wasn't the Teenage Mutant Ninja Turtles that initially popularized it, but rather surfers via the Howdy Doody Show. (How childhood dies.)

Cypherpunk: In the early days of both computing and the Internet, cryptography to keep people from spying on you was all the rage. For obvious reasons, both the term and idea of cypherpunk are coming back, I think. 

Digerati: This is another word used primarily by newspaper columnists to discuss large, vague groups of people, as far as I can tell. It is certainly still in use, though dubiously useful.

Dot-com: It's still used to refer to the go-go era before the tech bubble burst, but now the preferred name for an Internet company is clearly "startup." (Especially now that many companies are going "mobile first." Someone who works for Facebook might technically work for a dot-com, but it'd be a real stretch to say an Instagram employee does.)

Emoticon: Still doing the Lord's work of inflecting text with affect. :)

E-Tailing: If anyone tries to sell you e-tailing consulting, run! Almost no one uses this term anymore, although you do sometimes see people sometimes call Amazon an "e-tailer" instead of the preferred nomenclature "steamroller."

Flying Mouse: "A mouse that can be lifted from the desk and used in three dimensions." New Oxford Dictionary of English, 1998. Huh. I think this can be classed a failure.

Geek: Yup, nailed it. This word is everywhere, including its horrifying verb outgrowths ("I'm geeked!").

Icon: A New York Times writer provides a strange window into the world before icon meant a part of a graphical user interface. "Readers of this dictionary will find 'icon,' defined not as a religious picture but as a small symbol on a computer screen." 

Infobahn: This synonym for "information superhighway" never caught on. Too German sounding for American ears, I reckon.

Infotainment: I'm pretty sure videogame developers came up with this word to sanitize their wares for parents. This word's still floating around, and I wonder if it could be profitably attached to the current generation of MOOCs.

Glocal: Global + local. Eww. This was coined in the early '90s and is enjoying an improbable resurgence to describe some types of business models. 

Hunt and Peck: The slow way of typing is still recognizable as a phrase, but as more and more people type faster and use smartphones/tablets, we seem to have fewer opportunities to use it. 

Karaoke: A spectacularly successful entertainment technology experience, the original noun is now a verb, too. 

LOL: This rather contemporary sounding term made a dictionary way back in 1998, when I was LOLing and ROFLing in chat rooms across the Internet.

Mouse Potato: This play on "couch potato" didn't make it many places outside the Oxford Dictionary of New Words. 

Nerkish: Another missed opportunity! Formed from nerd and jerkish, it describes a substantial portion of the Internet.

Netiquette: This word appears to be used by newspaper columnists and grandparents. It's fallen out of common usage. 

Netizen: I guess people sometimes use the term, but the spirit that infused it, this idea that the net was a separate space, an independent country that you could have citizenship in... Well, yeah, the NSA thought that was cute, and made sure to tap the pipes on American soil. 

Palmtop: Appearing in Webster's New World Dictionary, this word never caught on, though, with the rise of the old smartphone, we're all living in the age of the palmtop. (What the editors didn't see coming in 1992 was that we'd hang on to the word "phone" for devices that are used far more often to do other things!)

Pharm: This term was supposed to mean a place where genetically modified plants and animals were raised. But that would be most U.S. corn farms, for example, and you don't see the term applied. 

Phone Sex: Still around, though I think it's lost its 900-number paid-for connotation. Now, the meaning seems more like "voice sexting." 

Phreaking: Phreaking was hacking the telephone system, essentially, and it's a classic term that's becoming obsolete because a smaller and smaller slice of our communications run through the infrastructure phreakers investigated. 

Publify: I LOVE THIS ONE. Publify was meant to mean "publish online" or in a database. I can't wait to publify this post. Please help me bring this into common usage. Tell your blogger friends. 

Screensaver: Most people don't use screensavers anymore because our computers are sophisticated enough to shut off their own monitors when they're not in use. I will say that I think we collectively missed an opportunity to repurpose this word to mean terrible, ignorable television (or other content).

Spam: This is probably the one technological thing you never, ever have to worry will go away.

Voice Mail: Sadly, the word and phenomenon persist. (Though at some point, people deleted the space: voicemail.)

Y2k: Not so prevalent anymore. But you know, if the world had come to an end when '99 rolled over into '00, we'd probably be talking about it more, so it's probably best this one is long gone.

Zettabyte: Maybe some day this word will catch on. I think the editors were a bit ahead of their time in this case. The scale goes: kilo, mega, giga, tera, peta, exa, zetta. So, we're a few years off from this becoming a household term.

Tuesday, 06 August 2013 12:20

Apple awarded new Liquidmetal patent

Summary: A new patent awarded to Apple could pave the way for a whole host of devices -- iPhones, iPads, iPods, iWatches -- made from the high-tech, super-touch amorphous metal alloy.

(Source: Liquidmetal Technologies)

Interest in the high-tech, super-touch amorphous metal alloy called Liquidmetal spiked back in August of 2010 when Apple gained an exclusive licensed to the product. Was this going to herald in a new era of Liquidmetal iPhones, iPads, Macs, and iPods?

Well, short of making the SIM eject tool for the iPhone out of this wonder material, Apple has done nothing with Liquidmetal. Part of the problem with Liquidmetal is making it in significant enough volumes for mass market devices.

See also: What is Liquidmetal used for?

But this could change.

United States patent 8485245, titled "Bulk amorphous alloy sheet forming processes," which was awarded to Apple on July 16, outlines a process that could operate non-stop for 10 to 15 years and output 6000 kilometers of Liquidmetal a year in thicknesses between 0.1 to 25 millimeters and widths up to 3 meters. The process outlined to output Liquidmetal is similar to the "float glass" process used for making window glass.

This, according to the patent, could "be valuable in the fabrication of electronic devices" such as iPhones, iPads, iPods, laptops, and even "a device such as a watch or a clock".

(Source: Apple)

I've come into contact with Liquidmetal in the past, as part of the casing for a super-strong Sandisk Cruzer Titanium USB flash drive. The casing of this drive took an insane amount of punishment and survived. I stamped on it, ran my office chair over it, drove over it, threw bricks at it, hit it with a baseball bat and it just wouldn't break. In fact, I could barely put a scratch in it.

There's no doubt in my mind that Liquidmetal is tough stuff. Now that it seems that Apple has cracked the problem of making it in large volumes, we could see some interesting things done with it.

By for Hardware 2.0 |

Computer and OS Market Outlook

     
292.5 MILLION   75%
Number of tablets consumers
will buy by 2016
  Number of devices that will
be Touch by 2016 (IDC)
     
 
SHIFT FROM WINDOWS XP & WINDOWS 7 TO WINDOWS 8 PRO
     
APRIL 2014   50%
Windows XP End of Support,
affecting 40% of all businesses
  Percentage of SMBs who are unaware
that XP Support will expire in April 2014
     
 
NEW POWER EFFICIENT PROCESSORS ARE ENTERING THE MARKET
     
‘HASWELL’   ‘KABINI’
Intel’s 4th Gen Processor   AMD’s Next Gen Processor
  • Increased battery life of notebooks and Ultrabooks
  • Improved system performance
  • 58% performance improvement in graphics over its Ivy Bridge equivalent
 
  • Designed for small, touchscreen laptops for higher graphics, computing performance and longer battery life than the Elite Mobility models
  • Delivers 10 hours of resting battery life, nine hours of web browsing, and more than six hours of 1080p video playback

What Is The Future Of Business?

  • More than 75% of the current NA workforce is mobile, ‘working anytime, anywhere’
  • Device selection is being driven by workers (BYOD & BYOPC)
  • Workers need smaller, lighter form factors with longer battery life
  • Businesses want devices with multi-mode functionality and intuitive inputs (i.e. Windows 8 Pro)
  • Over 75% of devices will be ‘touch’ by 2016

Next weekend is our 4th's fireworks. We'll have lots of bangs all around from now til then!

Speaking of bangs - how about getting more bang for your buck in the summer months - would that be nice?

Do your sales figures drop in the summertime? Do your customers forget all about you when they begin preparing and going on summer vacations? Maybe you’re on vacation, maybe your customers are, either way it’s the perfect time to ready your retail store with a campaign to keep them shopping all summer!

How do you keep them shopping? Here are some ideas for a brick and mortar storefront:

  • Offer a special coupon that can be redeemed in-store only
  • Offer a special deal for out-of-towners
  • Promote location based services
  • Encourage posts and photos on Facebook

If you have an online storefront:

  • Make sure your site is mobile-friendly!
  • Have a good, old-fashioned summer sale
  • Put a “vacation-ready” spin on your products, whatever you are selling

Bottom line be sure that you are always in front of your customers (TOMA from last month) and interacting with your customers through social media channels. There’s no better way to keep a pulse on what they want to buy, and keep your brand at the top of their mind. Keep your website and store looking great, and keep emailing on a regular basis. You’re sure to have a successful summer!

As usual if there is anything we can do to help you with your business, website, email, or even to just chat about improving your storefront - we are just a phone call or email away!

 

 

Last month I explained 5 things I feel you should never have on your website, this month I want to explain the importance of making a first impression.

I've noticed a disturbing trend – small companies using a free email service instead of their business name as their email address. Just because your company may be small or just starting out on your own, you don’t have to look like a fly-by-night operation.

Some say Image is everything. Certainly Image is very important in business, particularly for those who are considering doing business with you.

When I consult with clients about improving their business one of the first things I notice is whether their email address is with AOL, yahoo, gmail, hotmail, ATT or something similar. By using a "free" email service you are telling your potential customers something about you, and it may not be good!

Professionalism is important to every business whether you are a large corporation or a sole proprietor, a management consultant or a house cleaner. If you hand out cards, brochures, or any other material, even if you don’t have a website, (which you should) you need to have an email address that represents your company name.

When I get an email from [email protected] offering to redo my office sign I don't exactly feel that it's a real business, nor do I believe they are "licensed and insured".

In addition to sacrificing professionalism, did you know those "free" services come at an additional price? The "free" services monitor your email and use information they obtain from reading your emails to send you and your contacts targeted offers for products they match to you based on the content of your emails.

My advice: cancel the free email services and invest a small amount of money in your own email address, along with a domain name. Or get what EVERY business SHOULD have at the very minimum - their own email address AND a one page web site. Then you'll be able to put your best foot forward, even if you aren’t quite there yet.

Yes, your own .com with web based email that works with outlook and your smartphone is cheaper than you think. If you still have people sending to that old address simply forward it to your new one or keep it for what it is - personal mail. You can also add several email addresses for staff or bump the storage limits to a higher level if you send or receive large files.

As usual, if you have questions or if there is anything we can do to help you with your business, website, email, or even to help you with choosing your business' email name - we are just a phone call or click away!

Slow running PC- If I had a nickel for every time a friend, client, or family member has asked "why is my PC running slowly" I'd have a ton of coin! Now before I shed some light it's important to note that everyone’s computer is a little different, brand, software, operation system, and all different hardware.

However, most slowdowns will fall into one of a few likely issues:

  1. Defective Hardware - is a faulty fan causing your computer to run hotter than normal? Is your hard drive clicking and making twice the rotations for every data call? Has a memory chip gone bad reducing your 4gigs to only 2? Each of those issues will result in your machine running a lot slower or at least making some noise!
  2. Software Updates - do you have a habit of putting off those nagging update notices? Are your antivirus programs old and not updated? Do you have the latest virus programs? If not get it - it's free, take out your old ones first (read my post from last year on Microsoft Security Essentials). Windows service packs come out all the time, get them - they help protect you and fix things that will help your computer run faster!
  3. Old Outdated Computer - Although 1 or 2 present the most on a slow computer you must consider simply buying a new machine every 3-5 years. Do you have a 5 year old machine? Has it been patched to death, upgraded beyond its limits? Maybe it's time!

There you have it - the 3 most likely causes of a slow running computer. Let me know which one your machine fell into and as usual if there is anything we can do to help you with your business, website, email, or even to help to trade in that old outdated computer - we are just a phone call or email away!

Last month we went over Windows 8 and what was the future for Windows.  This month I have 5 things you should never do on your website!

1. Autosound. Okay this has to be the most annoying of them all. Ihate going to a site that instantly bombards you with a music or sounds, whether it be on the actual website or from one of the adverts that is on the site. Don’t… I know you love that 9th symphony - your vistitors won't. For me, I'll likely hit the BACK button!

2. Pop-ups. Again, if I go to a site that starts bombarding me with pop-up,s I’m going to leave quickly. Pop ups are distracting and cause the visitor to look and think about something other than what they originally came to your site for.

3. Slow load times. Now, I pay a lot for my high speed internet and your slow loading pages are not helping my patience - Ummm, I'm outa here!  What should you not do that causes this???

4. Too much ‘stuff’ happening. Back to the web design… Make it clean and crisp, as well as the navigation. Things like flaming logos, 360 degree twirling globes, animated GIF advertising in all colors… I have no idea where to look first so I look for the BACK button fast!

5. Poor navigation. This has to one of the worst errors you can make. Navigation needs to be intuitive, descriptive and straightforward. It has to be said at this stage that Flash-based sites tend to be among the worst for this as they don't work on all browsers - so, if you can't layout your navigation I'm not going to figure it out - another visitor bites the dust!

Oh, anotherone that should topthe list ....For those of you who work with Pam as our copywriter,her worst one would be:

Typos.Attention to detail, if you can’t be bothered to check for typos and use poor grammar, you really aren’t sending the right signals to your customersthat you care. There are no excusesfor spelling mistakes on a website. What kind of message does that give out?Unprofessional, fly-by-night, and the like come to mind!

Alittleeffort goes a long way.Ifkeeping your visitors on your siteis your goal, then avoid my top 6 things never to do on YOUR web site!

As usual, if you have questions or if there is anything we can do to help you with your business, website, email, or even to help you with changing or proofing your web site - we are just a phone call or email away!