The biggest growth area we have seen in the last few years both in IT and Forensic have been Smartphones. Not only are we connecting clients to their corporate systems and unchaining them from their desks, we are getting more and more cases where your personal technology is used against you. In this blog post Cameron talks about being smart with your Smartphone. -DE
The onset of smartphones has had both good and bad repercussions in today’s ever growing world of technology. These devices keep us in touch with the world around us in new and innovative ways, and in some cases even make us more productive. So, what happens when your phone is stolen? Even worse, what do you do when your phone becomes your enemy? Today’s smartphones are, in every way, computers that only differ from your PC/Mac in power and features. Be it a Blackberry, iPhone, or Windows Mobile device it has most, if not all, of your personal data. Furthermore, it goes everywhere you go. Would be hackers, and anyone else that can use Google, can find ways to get into your phone and not only get to the data, but also use it to monitor your whereabouts, text and phone calls, and even your conversations in person.
To be fair, the technology and methods of doing so are not new. However, the general public now has easy access to software and hardware that can make your life miserable without you even knowing what’s going on. So, what can you do to protect yourself? First and foremost, be aware of what’s out there. Would be hackers can get in via bluetooth, but more often they will email you a bad link or file that compromises your device when clicked/run. Also, there are software packages that can be installed on your phone to monitor everything about your phone, including GPS position, email and text messages, call logs, record your phone calls, and turn your phone into a microphone for monitoring your conversations.
To protect yourself from your phone during important/sensitive conversations, even if you don’t think it’s compromised, take the battery out during such conversations. Personal and business secrets alike have been leaked through a phone turned microphone, which is not a problem if the phone has no power. The GPS issue is a little more of a gray area. The GPS should be turned off when not in use. This keeps the average person from being able to track your whereabouts. However, higher level institutions such as law enforcement do have the ability to triangulate your position without using GPS. Again, the average person cannot do this, but if you have reason to be seriously concerned then take the battery out. Bluetooth is a wonderful way of universally connecting devices to transfer data and link devices for use with each other. However, few people realize that it is also one way your phone can be hacked. Data can be transferred and software can be loaded via bluetooth.
Bluetooth works in much the same way as Wi-Fi, with devices broadcasting over the air and connecting through the standards for communication. The best thing you can do to protect yourself is configure your device to be non-discoverable. Every bluetooth device has an option, typically labeled “Discoverable”, that can be turned off. Your device can still function via bluetooth with this turned off, but it will not show up on a scan of nearby devices. You will have to connect your phone manually to another device, but it’s a small price to pay to always know what device(s) your phone is connecting itself to. In regards to the spy software, it depends on your phone as to how you address this issue. RIM’s Blackberry is the only device that cannot be remotely compromised. The would be hacker must have physical access to your phone to load this software. Every other device I’ve studied currently CAN install software that is sent via an email or bluetooth. So, if you own a Blackberry make sure you never leave it alone. Also, make sure your device requires a password and never give that password out.
If you own another device, or think your Blackberry has been compromised, how do you catch this if and when it happens? The first thing to do is check the installed software for anything you can’t identify. Research this unknown software via Google (or other accepted search engine) to find out what it is. Also, enable your firewall. This isn’t effective every time, but can help identify questionable or unknown traffic in and out of your phone as it will prompt you when sending or receiving data.
Smartphones, being the little computers that they are, are also susceptible to viruses, malware, and spyware. This issue is just getting going in the real world, but is a growing concern. I have only found one antivirus package as of this writing. I have not tested it, so I cannot speak to it’s reliability. The reviews have been mixed, but expect it to slow your device down a bit as resources are used to run such software. As this problem grows, I expect this to be a growing field for software developers.
The best thing you can do is be diligent in what you click/run on your phone. As an example, the guy in Nigeria with $1M to get into this country isn’t any more legit because you got the email on your phone. You’re never going to get a free camera, TV, or computer because of some random email. These are the same rules that apply to larger computers, so if you own one and it stays clean then your phone should be alright as well. If not, start worrying and learn what you’re doing wrong.
The bottom line is this, your smartphone is a computer. Like the larger “dinosaurs” of the past and phones before that, these devices are capable of being compromised. It is important to understand, at least conceptually if not technically, how this can happen and what you can do to protect yourself. - CS
Friday, November 06, 2009
Thursday, June 25, 2009
Finding the help you need online.
Google is the obvious first choice when looking for help online; being sure of course to measure the information against the source. Example: While Wikipedia is a great source for information, don’t go into the classroom (or courtroom for that matter,) and list it as your source. This month Cameron talks about a couple of other good ways to find the information you need online.
The internet is often referred to as a great tool for learning, but in my experience it is highly underutilized in this capacity. I think the biggest cause of this is that it’s not always easy to find the information we need. There are tons of user groups and information databases out there. Some are free and some are not, but most require some form of membership to get full access. This usually means I have to join someone’s mailing list just to wade through tons of information just to get the answer I need, if it’s there at all. Of late, I’ve gotten to the point I’m fed up with user groups. They do have some merit but ultimately don’t work for me outside of software.
The first site to check out is Wolfram Alpha (http://www.wolframalpha.com/). It’s a new site with a great concept and design: You pose a question or subject and it returns more information than you’ll ever want. It was started by Stephen Wolfram for the purpose of making the knowledge of the entire planet computable. An example of this can be found in Douglas Adams’ The Hitchhiker’s Guide to the Galaxy. A computer was built to answer the meaning of life, and that answer is 42. If you watch the introduction video, you’ll see that the GDP of France compared to Italy returns the same kind of answer, but also includes nice graphs and related topics such as a breakdown of each country’s GDP. This website is a wealth of knowledge on everything from weather to politics to everything mathematical. It’s well worth keeping on your favorites list.
Wolframalpha is a great research tool, but what if you need instructions on how to perform a task? Say, for instance, that you need to install a transmission in a 1995 Saturn and you’ve never installed one before. YouTube (http://www.youtube.com/) is the place to go. You can get video tutorials, usually with commentary/instructions, for absolutely free. For all of the weird, crazy, and just plain dumb things you can find on YouTube, it has become my go to for tutorials on anything hands on. I’m a hobby musician and find it a great resource for using software or learning new techniques. You can also learn to solder a circuit board or renovate a house through this site. Many of these videos are posted to help sell more complete tutorials offered by their creators, but they’re useful nonetheless.
So, before you spend your hard-earned money buying books that will be used once try these two sites. Reading seems to be losing ground among my generation thanks to technology, but that doesn’t mean we have to stop learning.
The internet is often referred to as a great tool for learning, but in my experience it is highly underutilized in this capacity. I think the biggest cause of this is that it’s not always easy to find the information we need. There are tons of user groups and information databases out there. Some are free and some are not, but most require some form of membership to get full access. This usually means I have to join someone’s mailing list just to wade through tons of information just to get the answer I need, if it’s there at all. Of late, I’ve gotten to the point I’m fed up with user groups. They do have some merit but ultimately don’t work for me outside of software.
The first site to check out is Wolfram Alpha (http://www.wolframalpha.com/). It’s a new site with a great concept and design: You pose a question or subject and it returns more information than you’ll ever want. It was started by Stephen Wolfram for the purpose of making the knowledge of the entire planet computable. An example of this can be found in Douglas Adams’ The Hitchhiker’s Guide to the Galaxy. A computer was built to answer the meaning of life, and that answer is 42. If you watch the introduction video, you’ll see that the GDP of France compared to Italy returns the same kind of answer, but also includes nice graphs and related topics such as a breakdown of each country’s GDP. This website is a wealth of knowledge on everything from weather to politics to everything mathematical. It’s well worth keeping on your favorites list.
Wolframalpha is a great research tool, but what if you need instructions on how to perform a task? Say, for instance, that you need to install a transmission in a 1995 Saturn and you’ve never installed one before. YouTube (http://www.youtube.com/) is the place to go. You can get video tutorials, usually with commentary/instructions, for absolutely free. For all of the weird, crazy, and just plain dumb things you can find on YouTube, it has become my go to for tutorials on anything hands on. I’m a hobby musician and find it a great resource for using software or learning new techniques. You can also learn to solder a circuit board or renovate a house through this site. Many of these videos are posted to help sell more complete tutorials offered by their creators, but they’re useful nonetheless.
So, before you spend your hard-earned money buying books that will be used once try these two sites. Reading seems to be losing ground among my generation thanks to technology, but that doesn’t mean we have to stop learning.
Friday, March 20, 2009
The heartbreak of Vista.
Cameron Speed - Ellington I.T.
This is Cameron's first blog post. DE
I get a lot of questions about Vista, even now after two years after its release. The main question is whether I like it or not. The answer is NO. That’s not to say it’s all bad…I like the way the start menu is configured, having the folders work like the favorites window in IE 7. Certain small details of the interface almost feel like a MAC, but this doesn’t add up to a great product.
When I give my response to this question I’m invariably asked to explain why I don’t like Vista. My answer has three parts: I don’t like being forced into anything-much less an operating system, I like having the control of configuration, and the performance ultimately is not acceptable.
Microsoft has proven over the years that, as a company, it knows how to make money. The company started roughly 20 years ago, and has since become one of the largest companies in the software field. Not only that, it dominates and controls the software market in ways that no other company can. Think about this: It was estimated about five years ago that 95 percent of the world’s computers were running some form of Windows. Name one company that can touch this kind of real world user market share. With this kind of power to play with, Microsoft has essentially forced Vista upon consumers and businesses alike. It has gotten to the point that to get XP on a computer one must buy online with VERY limited selection, buy a system directly from a vendor and actually purchase a Vista license while having XP preinstalled, or build a system from scratch. Now, building a system from scratch is fine if I want a desktop but what if I want a laptop. My customers are buying laptops noticeably more than desktops, at rate of at least 3 to 1. Sure I can buy a Vista system and downgrade it, but I have no support from the manufacturer what so ever. I can’t even get reliable drivers for XP unless the system was sold with XP preloaded. This is essentially forcing Vista, albeit in an arguably passive manner. I can accept that the sky is blue and the grass is green, but do I really just have to accept this?
Also, think back to Windows 2000. Sure it was not widely accepted over 98 when it came out, but that was mainly a consumer issue. As a side note, NT came first but was not a consumer product. It was strictly a corporate setup. So back to Windows 2000: Businesses loved it, they just had to learn it. For the first time Windows really had security and it was amazingly versatile. Anything was adjustable. Granted, a lot of the adjustments were hard to find or just plain hidden but the internet was really spreading, making these tweaks and customizations easier to understand and perform. The internet was easy to lock down, files were easy to encrypt, RAM was easy to manage, and a console was even available for startup processes. User rights were even applied and maintained fairly easily, and they worked. Now, all of this was not unheard of on a corporate level using NT, but now consumer, e.g. parents had these options. XP heralded a new era, and with it the customization was still there but lessened. The internet was not as easy to lock down without third party software and user rights were simply determined by the choice of administrator or user, with little else to configure. Vista has not improved this situation. Instead it continues the trend of A or B with no in between.
Finally, performance has been a big topic regarding Vista. Additions such as ReadyBoot and SuperPrefetch are nice on paper, but in the real world it simply adds more to the system load and ultimately cancels out the boost that they are designed to give. I will concede that the hardware is not as equal as it once was. CPU’s, GPU’s, and motherboard throughput have continued to speed up at amazing rates while the speeds of hard drives and optical drives have not improved in performance at a similar rate. However, the additions aforementioned along with others in Vista are simply adding to the overall tax of the hardware and not improving it. Think of it like opening a door. If I want to open a door the first thing I do is turn the knob and push or pull. If the door is unlocked then it opens. This can be equated to older operating systems such as 98 and 2000. If the door is locked then I must find the key, insert the key and turn, pull the key out, and open the door. It’s the same door, it’s just locked. This is the effect of Vista, with all of its new features to deal with hardware (the door), and it doesn’t work. The field test for this is downgrading a Vista system to XP. It always seems to run faster. To further add to the performance issue are the security features built into Vista. Viruses, malware, and malicious code are outpacing the growth of any other type of software in existence. As such, Microsoft tried to lock down Vista better than XP had been. The end result is at least one message popping up asking me if I am sure I want to do that, followed by at least one more message asking me if I’m really sure I want to do that. This is not only annoying, but slows my work flow down. Not only that, but now I’m frustrated with my computer which means I’m more likely to get less work done. A happy employee is a productive one.
So, ultimately Vista has failed in my eyes. I watched it start out as Longhorn, which was scrapped, followed by multiple other projects that were scrapped. In the end, the final product was an amalgamation of scrapped projects that slowed my system down, frustrated me endlessly, and didn’t even have the decency to let me lock it down so that my kids could use it without spending more money to buy third party products that slowed my system down even more.
Friday, October 03, 2008
12 Things the computer guy does/does not want you to know.
Originally this post was to be titled, Top 12 things your computer guy wants you to know, but then we realized that these tips fell into two categories, the things that good computer guys wanted you to know, and bad computer guys don't want you to know. So here by request is our first edition list of things that we want you to know, but THEY may not.
Part 1: At home
1. Hard drives are terribly unreliable. BACKUP BACKUP BACKUP! There are many easy ways to protect your files. Get a Gmail account and email important documents to yourself. Burn family pictures to DVD and put them somewhere other than your house. Hard drives fail, sometimes for no reason and it is not always possible to get your data back even if money is no object. If you hear your drive making strange noises or clicking, get it to a computer guy immediately. They call it the Click O’ Death for a reason.
2. Never pay for a Spyware or Antivirus program that suddenly shows up, says you have an infection and demands money. It is already too late and paying them will not get your system fixed. Read dialog boxes before you click on them, know what you are agreeing to when one pops up.
3. Never put personal or compromising information on a MySpace or FaceBook page and always keep your profile private. ANYTHING that you put on Myspace, might as well be on CNN. Also, realize that most of the Spyware that people are getting now come from the code embedded in the free MySpace layouts that people put on their pages.
4. It is never legal to login to another person's email or MySpace page, etc without their explicit permission. Even if it is your spouse or boyfriend/girlfriend. It is a crime and those sites keep track of where people login from. Also, it is only legal to record/monitor in real time the computer activities of a person if they are your kid. You can monitor your employees but you have to warn them. It is the same as recording someones phone calls and can be a felony. Putting a keylogger or spy program on your own computer and letting someone use it without warning them is a crime as well.
5. Don’t be that guy. Before you forward any email virus warning/ unreported political bombshell or cute greeting card take a minute to go to http://snopes.com/ and check it out. Save yourself from spreading untruths and looking like a moron.
6. Realize when you call product tech support, Dell or whomever, their job is not to solve your problem. Their job is to get you off the phone as fast as possible. Phone support people (in India or wherever) get paid on how many calls they answer a day, NOT on how many problems they solve. This is why they will give you something to try and then rush you off the phone telling you to call back if that doesn't work. You will probably have to call back, but you will get a different support rep and they have now gotten credit for a call. Furthermore, they are penalized for allowing returns or warranty repairs even if those repairs are legitimate. Remember that many times the person you are talking to has never actually used or seen the product in question. They have a book in front of them that may contain only slightly more information than the user manual. Understanding this, the way to get things accomplished have a good idea of what the problem is, what you have already tried to do, what you need from them and be concise in your descriptions. Be firm and polite and don't be afraid to make the person stay on the phone while you do the steps that they have suggested. It is a good idea to check Google first to see if other people have reported the same problem as well. Many times a company will deny there is a problem with their products but you will find hundreds of complaints online if you check.
Part 2: In the Store
1. Retail computer sales people typically have absolutely no idea what they are talking about and will lie to you to make you think they do. If you do not have a tech you trust, pick up a PC magazine or spend some time on the web. Realize that sales guys will tell you anything to get you to buy something from them. Do your research, ask the questions and then do more research.
2. Vista is as bad or worse than you have heard and most of the troubles people are having can’t be fixed or worked around. You can still get Windows XP on systems, you just have to know where to go and how to ask.
3. Yes Macs are great, but the software is more expensive and harder to copy so borrowing your friend's copy of Photoshop isn’t going to work.
4. Buy Extend Warranties ONLY on laptops and ONLY if they cover accidental damage. Buyback/tech assurance plans like Tech Forward are rip-offs. Do the math and it doesn't make sense.
5. Rebates are like grocery store loyalty cards, often times they raise the prices to make you think the rebate constitutes a savings. Never buy a product based on the rebate price. Rebates should be considered a bonus, not a discount. It is often times very difficult to actually get your rebate, they are most often a scam. People don’t realize that vendors will only give you one rebate per address /receipt regardless of how many you buy. Thinking of getting a couple new monitors for the office because of a rebate price? You will only get the rebate on the first one, and pay full or higher prices on the rest of them. Oh, and the big reason why stores require you to cut out the UPC and send the original receipt with your rebate form is that once you send off for the rebate, it makes returning the product next to impossible.
6. Never take your computer to a tech shop (Geek Squad, Firedog etc.) if you have data that you are concerned may be lost or compromised. Just as you wouldn’t leave cash on your dashboard at Jiffy Lube, realize that combining personal files and bored computer techs is asking for trouble. Retail techs actually have website where they post the things they find on peoples computers. They will look through your data and they will justify it as an obligation to make sure there is no illegal activity. They will copy your music and steal your pictures. If there is any compromising images they will end up on the Internet. Find a tech you know personally and can trust.
Bonus 6b. Oh, and if you are doing illegal things and try to use special programs to securely delete files from your computer, the files may or may not be gone, but investigators will be able to tell you cleaned it. Everything leaves a trace, everything is recorded, everything is logged.
There you have our first list of 12 things the computer guy does/does not want you to know. Please email us with comments or use the comment feature of this Blog to let us know what you think, and as always, if you have any questions please feel free to email us. :)
Part 1: At home
1. Hard drives are terribly unreliable. BACKUP BACKUP BACKUP! There are many easy ways to protect your files. Get a Gmail account and email important documents to yourself. Burn family pictures to DVD and put them somewhere other than your house. Hard drives fail, sometimes for no reason and it is not always possible to get your data back even if money is no object. If you hear your drive making strange noises or clicking, get it to a computer guy immediately. They call it the Click O’ Death for a reason.
2. Never pay for a Spyware or Antivirus program that suddenly shows up, says you have an infection and demands money. It is already too late and paying them will not get your system fixed. Read dialog boxes before you click on them, know what you are agreeing to when one pops up.
3. Never put personal or compromising information on a MySpace or FaceBook page and always keep your profile private. ANYTHING that you put on Myspace, might as well be on CNN. Also, realize that most of the Spyware that people are getting now come from the code embedded in the free MySpace layouts that people put on their pages.
4. It is never legal to login to another person's email or MySpace page, etc without their explicit permission. Even if it is your spouse or boyfriend/girlfriend. It is a crime and those sites keep track of where people login from. Also, it is only legal to record/monitor in real time the computer activities of a person if they are your kid. You can monitor your employees but you have to warn them. It is the same as recording someones phone calls and can be a felony. Putting a keylogger or spy program on your own computer and letting someone use it without warning them is a crime as well.
5. Don’t be that guy. Before you forward any email virus warning/ unreported political bombshell or cute greeting card take a minute to go to http://snopes.com/ and check it out. Save yourself from spreading untruths and looking like a moron.
6. Realize when you call product tech support, Dell or whomever, their job is not to solve your problem. Their job is to get you off the phone as fast as possible. Phone support people (in India or wherever) get paid on how many calls they answer a day, NOT on how many problems they solve. This is why they will give you something to try and then rush you off the phone telling you to call back if that doesn't work. You will probably have to call back, but you will get a different support rep and they have now gotten credit for a call. Furthermore, they are penalized for allowing returns or warranty repairs even if those repairs are legitimate. Remember that many times the person you are talking to has never actually used or seen the product in question. They have a book in front of them that may contain only slightly more information than the user manual. Understanding this, the way to get things accomplished have a good idea of what the problem is, what you have already tried to do, what you need from them and be concise in your descriptions. Be firm and polite and don't be afraid to make the person stay on the phone while you do the steps that they have suggested. It is a good idea to check Google first to see if other people have reported the same problem as well. Many times a company will deny there is a problem with their products but you will find hundreds of complaints online if you check.
Part 2: In the Store
1. Retail computer sales people typically have absolutely no idea what they are talking about and will lie to you to make you think they do. If you do not have a tech you trust, pick up a PC magazine or spend some time on the web. Realize that sales guys will tell you anything to get you to buy something from them. Do your research, ask the questions and then do more research.
2. Vista is as bad or worse than you have heard and most of the troubles people are having can’t be fixed or worked around. You can still get Windows XP on systems, you just have to know where to go and how to ask.
3. Yes Macs are great, but the software is more expensive and harder to copy so borrowing your friend's copy of Photoshop isn’t going to work.
4. Buy Extend Warranties ONLY on laptops and ONLY if they cover accidental damage. Buyback/tech assurance plans like Tech Forward are rip-offs. Do the math and it doesn't make sense.
5. Rebates are like grocery store loyalty cards, often times they raise the prices to make you think the rebate constitutes a savings. Never buy a product based on the rebate price. Rebates should be considered a bonus, not a discount. It is often times very difficult to actually get your rebate, they are most often a scam. People don’t realize that vendors will only give you one rebate per address /receipt regardless of how many you buy. Thinking of getting a couple new monitors for the office because of a rebate price? You will only get the rebate on the first one, and pay full or higher prices on the rest of them. Oh, and the big reason why stores require you to cut out the UPC and send the original receipt with your rebate form is that once you send off for the rebate, it makes returning the product next to impossible.
6. Never take your computer to a tech shop (Geek Squad, Firedog etc.) if you have data that you are concerned may be lost or compromised. Just as you wouldn’t leave cash on your dashboard at Jiffy Lube, realize that combining personal files and bored computer techs is asking for trouble. Retail techs actually have website where they post the things they find on peoples computers. They will look through your data and they will justify it as an obligation to make sure there is no illegal activity. They will copy your music and steal your pictures. If there is any compromising images they will end up on the Internet. Find a tech you know personally and can trust.
Bonus 6b. Oh, and if you are doing illegal things and try to use special programs to securely delete files from your computer, the files may or may not be gone, but investigators will be able to tell you cleaned it. Everything leaves a trace, everything is recorded, everything is logged.
There you have our first list of 12 things the computer guy does/does not want you to know. Please email us with comments or use the comment feature of this Blog to let us know what you think, and as always, if you have any questions please feel free to email us. :)
