Hit Man Spam

Spam has evolved over the years. By now most of us are familiar with the Nigerian Email scams of some one needing to funnel several "miloins of doll ares" out of their country, and give you a percentage, just by letting them use your bank account. On Monday Martin McKeay blogged about a Spam scam on being Sued by the Federal government. Now today I see an article in the local paper about a person being targeted by a hit man via email. Tcpalm.com reports A local Jensen Beach claims he being sought hitman. Something needs to be done to help educate people on spam, and scams in general.

The major difference I have seen between scams and online scams seems to be the amount of scams online, the number of people that can be targeted at once, and the emergence of scams that have more or less been squashed in real life.

-- Tim Krabec
Kracomp.com

Failing to Plan is not Planning to Fail

The topic of planning has come up recently in some of the podcasts, that I listen to,
http://www.securitycatalyst.com/ and http://www.mckeay.net/ There are basic options when it comes to planning:
1 Fail to Plan, Wing it and hope things go well.
2 Plan to Fail, Plan knowing things will go wrong, while trying to come up with where and when they can fail.

When failing to plan you need to have people who can react to a situation rationally, have lots of experience. Then depending on the type and severity of the failure you can make it out of the problem relatively unscathed. I speculate that we do not even notice failures, they just manifest them selves as slowdowns to the project.

While planning to fail, in contrast means that you realize that failure can and probably will occur, but during you meeting(s) you try to mitigate the affects of failure. The act of planning causes you to think about the project and can help you to work in the group. Even if nothing in your plan or contingency is used, you have at least though about the project and have more open communication with the group.

-- Tim Krabec
Kracomp.com

Support Networks

Sunday night, just as bath time was finishing up, one of our children slipped and busted his chin on the tub. After some 1st aid, the decision was made to go to the hospital for stitches. We made one phone call to a member of our support network and about 20 minutes later our support had arrived, a grandmother.

While this was a family emergency I got to thinking about how blessed we are to have a good local support network, I got to thinking about my computer support network. What happens if I get multiple emergency calls at the same time? Where do I turn if I'm out of ideas? Who do I talk to about the latest threats, the latest projects, new ideas?

If you do not have a network, start building one. Your local chapters of ISSA, Infragard, ASIS, a 2600 meeting group, SecurityCatalysts.org, technibble.com, league of professional system administartors.org, citysec.org, technical IRC channels, a local LUG, a SAGE chapter, a local computer club. I highly recommend working on an nurturing a support network, there is nothing like being owed a favor or 2 when you really need it. Earning favors is easy, just share your experience. If the groups are local join, give of your time, a few hours here and there can really add up. Share how you manage your updates, talk about scripts you've written to handle this or that, ask questions about how some one else accomplished another feat.

-- Tim Krabec
Kracomp.com

G-Archiver, it's been nearly a month, what is thy status?

Nearly a month ago a story broke about g-archiver, a program to back up your Gmail emails. I wrote about it here. There was a piece of "debug" code left in the author(s) suggested it was an innocent mistake and it would be corrected quickly (here). But nearly a month later there is still no patch, no fix, and it appears no further response from the author(s). Shortly after the story broke I searched for different versions of the software, and all I could find was only the 1 version. At this point I'm going to assume that the author(s) were not serious about the product and more or less released a totally immature product written for personal use, or don't really care about the people using their product.

-- Tim Krabec

Disaster recovery

How would you like to get a call from anyone in your organization to hear your server room is getting flooded http://video.google.com? Proper placement of your critical infrastructure is imperative. A disaster recovery plan and a business continuity plan are essential for a business to survive a disaster, and remain open. Ready.gov has a some good resources to help you get started developing your Disaster plans.

Believe it or not the video you just saw (hopefully) could have been a carefully planned server room placement in an area where problems above ground ie tornadoes occur more frequently than floods. After watching the video I doubt that that was the case.

-- Tim Krabec
kracomp.com

Sunk Cost

Many businesses deal with slow computers on a daily basis, which sap productivity, and increase the cost of maintenance. There are many reasons for slow computers but a very common, and typically easy fix is the amount of ram in a computer. When you use more ram than your computer physically has your computer starts to use virtual memory, which is simply space on your hard drive used to emulate ram. This keeps the computer from crashing, but can slow it down considerably. The speed of memory is on the order of Nanoseconds, 0.000000001 second. While the speed of a hard drive is measured in Milliseconds, 0.001 Second. You can get approximately 10,000,000 reads from memory in the time it takes to make 1 read from the hard drive (assuming your hard drive can produce a read in about 10 milliseconds and your memory in 1 nano second ). A few reads from the hard drive instead of ram can really slow down your machine. Now imagine your computer has 256 Megabytes of ram but you are using 300, 400 or even 500 Megabytes of ram, your machine's speed will be reduced to a crawl.

Removing programs from your machine such, disabling services and running fewer programs at a time can help breath life into an older machine. Changing your antivirus from an expensive suite to a program that has less of a foot print, can boost performance. "I already paid for it" is not a good reason to keep using something that slows your performance to a crawl. Would you keep an employee that you trained if they constantly made mistakes and they were slower than everyone else in your company, even after repeated training? Would you keep a printer that only prints 4 pages per minute when you can replace it for $150 and get more than triple the performance? We tend to replace and upgrade devices where we see the performance in a tangible way, pages from a printer, copies per minute from the copier, etc. But we overlook things as the speed of computers, the impact of a program on the performance of an employee.

Upgrading the amount of ram in your computer can generally be done for about $100, but stopping services from running, replacing memory hogs with smaller foot print programs, running 1 or 2 applications at a time and closing down Instant messengers, and other items down by the clock (on windows) can increase the performance of your machine for next to nothing. In short keeping a program, or using it simply because you already paid for it does not always make sense, talk to a computer professional, if you have questions about the performance of your machines.

-- Tim Krabec
Kracomp.com