Author Archive

Hackers Gone Wild, Where’s the Security When You Need It?

Wednesday, June 15th, 2011

It’s hard to miss all of the news headlines about hacker groups and security intrusions. These attacks now seem to be unavoidable even for Government agencies. For weeks now the public has been following the Sony Incident, which now appears to have been only the tip of the iceberg. Even the State Senate computers have fallen victim to a group of hackers known as Lulze Security.

Anon Logo

Anonymous

In the past week both the Lulze Security group as well as the cyber group “Anonymous” have taken responsibility for several attacks. Lulze Security have claimed responsibility for the attacks on the Sony Picture’s website, PBS.com, Fox.com, and the DDoS attacks on game company Bethesda.  According to thier LulzSec Twitter Page they are now apparently taking hacking request through a messaging hotline. As for Anonymous they have claimed to be responsible for the Bank of America attack, the Spanish Police Department attack, and are thought to be behind the Sony PSN disaster. To prove their infiltration on the Senate network Lulze Security has posted a list of files online along side their other postings. However, it was said that none of the data taken from the Senate’s network contained sensitive information. Although it’s not completely clear whether or not sensitive files were actually obtained, the intrusion itself displays the group’s capabilities and malicious intent.

Compared to last couple months, it seems that these types of attacks have changed direction moving from the acquisition of personal information to the infiltration of high powered and influential organizations. Besides gaining access to personal or financial information, perhaps these attacks are based on retaliation, display of power, or reputation. Speculation aside what’s truly concerning is the lack of security or the effectiveness of our current security.

Where is the security? Granted, these hackers are extremely clever and well versed when it comes to bypassing security measures but shouldn’t the current security for most organizations be able to slow them down at the very least?

Traditionally hackers or crackers are people who illegally obtain access to computers or computer networks to gain a profit, to protest, to expose security flaws, to challenge themselves, or to become infamous through their actions. As the hacking community continues to outperform one another as well as the security protocols of major businesses it is often the innocent consumers that pay the price.

There are different types of hackers along with different level of hackers. Not all hackers have the same attributes, some are good, some are bad, and some operate in the shades of gray. The following are the categories and characteristics commonly used to classify hackers.

White Hat: Also known as an ethical hacker this type performs intrusions for non-malicious purposes either contractually or to test their own personal security. They perform penetration/vulnerability tests to access the level of security and to improve it.

Black Hat: Represents the complete extreme to white hat hackers, they use their knowledge and ability to illegally infiltrate systems with malicious intent or for personal gain. These computer criminals identify a target, research their target, find security gaps, and then access it illegally. They perform hacks to destroy data, collect data for monetary value, or to build their reputation amongst the hacking community.

Gray Hat: As the name implies, a gray hat hacker is a combination of black and white hat tactics. A gray hat hacker may use black hat techniques to infiltrate a network for the purpose of identifying security flaws. Once identified, some hackers will offer a service fee to fix the vulnerabilities. This type of hacker acts under white hat motives but operates with black hat methods. Although these attacks occur without malicious intent they are still violating the organizations and individual privacy which can cause a lot of problems.

Black, white, and gray hat hackers are only the most basic breakdown, hackers can also be further identified by skill level, reputation, and intent. The following are different terms associated with these hackers.

Blue hat: Like a white hat hacker the blue hat hacker typically works with security consulting firms and is contacted to perform operational and system security testing.

Neophyte: Neophyte is used to describe someone that is a beginner to hacking and possesses very little knowledge or skills required for hacking.

Script kiddie: This category is made up of hackers who are more experienced than Neophytes but is still unable to devise their own methods of gaining access. They often rely on pre-packaged automated tools that are created by other hackers.

Elite Hacker: Is a name reserved for the most skillful and recognized hackers. These individuals or groups have built a reputation among the community. They continue to gain credibility by gaining access to harder targets, causing devastation, and being publicized by the news following their attacks.

Hacktivist: Also known as a cyber terrorist, with these hackers there are clear and present goals in mind to express a social, ideological, religious, or political point of view.

A typical system or network hack occurs in three steps, network enumerating, vulnerability scanning, and exploitation. Network enumeration is where information and the vulnerabilities are obtained using network scanners or enumerators. These are programs that report back information like user names, networked services, and shared resources. White hat hackers will use these reports to resolve the discovered security gaps whereas a black hat hacker would use them to gain deeper access. Vulnerability Analysis is when an attacker seeks out system flaws. To be vulnerable a system has to meet three conditions, it must have a flaw, the hacker has to have access to that flaw, and the hacker must be skillful enough to exploit that flaw. Lastly exploitation occurs by attempting to compromise the system through the flaws found in the vulnerability scan.

Some of the techniques hackers frequently use to gain access to a computer system or network are vulnerability scanning tools, password cracking, packet sniffing, spoofing or phishing, rootkit, social engineering, intimidation, helpfulness, name-dropping, Trojan horses, viruses, worms and key loggers.

Although the recent attacks have caused a lot of disruption and concern, hopefully something good will come from them like stronger security. Companies and organizations should view these attacks as a warning and take the time to strengthen their protection and conduct their own vulnerability testing while they still can. Not only is it important for major companies and Government agencies to be prepared but the individual users should be prepared as well. Computer users should make sure that they have sufficient computer security and keep up to date with the latest security news.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Apple Introduces IOS 5 and All the New Features

Wednesday, June 8th, 2011

This week major companies have taken to the stage to introduce their new and future products. Having the E3 Expo and the Worldwide Developers Conference scheduled for the same week certainly provided a week full of exciting news and entertainment for customers. At E3 companies like Sony, Microsoft, and Nintendo all provided insight into their latest developments that included PlayStation Vita, Nintendo 3DS, and Nintendo Wii U. Apple was the first to publicly display their future software products at the Worldwide Developers Conference that took place on June 6, 2011.

Apple iOS5

from http://www.apple.com/ios/ios5/, June 2011

There had been a lot of talk leading up to Apple’s announcements, even more so than usual since this year they went so far as to provide an outline of key topics prior to the conference. Among the announcements made by Apple was the new iCloud, OS X Lion, and IOS 5. We have been hearing rumors for some time now about Apple’s new iCloud product which for the most part have all been confirmed. To learn more about iCloud you can visit our “Apple iCloud Rumors to Be Addressed at the 2011 WWDC” blog post and to learn more about OS X Lion check out 9 Things to Know about Apples latest OS. Bringing us back to IOS 5, like OS X Lion this software version introduces a ton of new features. Here is a round-up of some of the key features that IOS 5 will have to offer when it becomes available later this year.

IOS 5 will offer over 200 new features and is expected to be available in fall 2011 for the iPhone 4, iPhone 3GS, iPad 1, iPad 2, and the iPod touch. The following is some of the most prominent changes of IOS 5 from its previous versions.

  • Over the Air Updates

Users will no longer have to connect to a PC in order to activate and set up their device. Automatic updates will now download directly to the device. When combined with iCloud, file sharing, transfer, backup, and restore will also be expanded upon.

  • Incorporating Twitter

The new Twitter integration enables users to sign in, store their information, capture, and Share instantly from any application on your device. . Once the account information is saved, users will have the ability to Tweet from non-Twitter applications such as Maps, Safari, and YouTube.

  • Notification Center

No more in app disruptions, notifications will now appear quickly at the top of the screen and can be accessed in the new notification center. The notification center collects and categorizes all notifications until the user addresses them.

  • Safari Browsing

IOS 5 now offers tabbed browsing on the iPad and also adds a reading list for both the iPad and iPhone. The reading list saves article for later reading and with the use of iCloud the saved pages can be transferred across devices. The Safari Reader feature gives users the option to unclutter web pages. This option removes the unnecessary portions of the page and provides users with a cleaner reading experience.

  • iMessage

The iMessage feature is built into the messaging app and lets users send free unlimited text, videos, and pictures to other IOS 5 users. This feature also lets users know when someone is typing a response to their message and also enables them to switch devices while continuing the same conversation thread.

  • Location Aware Reminder

Reminders work the same as in previous versions but now they allow users to assign a location which activates the reminder. For example if you schedule a reminder to “pick up dinner on the way home from work” if you forget, when you are passing the restaurants address your phone will alert you.

  • New Mail

The mail app now offers rich text formatting (bold, indentation, underline), message flagging, draggable addresses, and improved security. Like most of the new features, email can also be synced over IOS 5 devices using iCloud.

  • Camera Shortcut

On IOS 5 the camera is also located on the lock screen making taking pictures easier than ever. No more missed photo opportunities because it took too long to type in your password. Camera options also enable users to take the picture using the volume up button, pinch to zoom, and perform simple editing like crop, rotate, redeye reduction, and simple click enhancement.

These are only some of the many new features that IOS 5 has to offer. Other features include split screen keyboard thumb typing for the iPad, a more social game center, newsstand, WiFi sync, multi-tasking hand gestures for the iPad, and Air-Play for the iPad 2. IOS 5 is expected sometime around September, until then you can learn more visit Apple IOS 5 Features.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Sony PSN Update: The PlayStation Store Is Now Up and Running but Will it Stick?

Thursday, June 2nd, 2011

It has been over a month since Sony announced that the reason for the shutdown of their PlayStation Network service on April 20, 2011 was due to an external intrusion. On May 4, 2011 Sony had confirmed that the PSN Attack was able to obtain the personal information from over 100 million users. Following the hack, Sony remained confident and projected a short downtime for the network. Although Sony initially stated that they would fully restore their services by the end of the week, the recovery process experienced unforeseen problems.

PlayStation Network Logo

from http://us.playstation.com/psn/, June 2011

After being disabled for approximately 23 days, on May 15, 2011 the Sony PlayStation Network began restoring parts of their service country by country. At this time the sign-in for the PSN/Qriocity services, online gameplay, rental content, third party services, friends list, and chat functionality were all restored. Missing from the services that were brought back online was the PlayStation Store. Once back online the network again faced an issue concerning the password reset page. It was discovered that the password reset process was enabling unauthorized users to change the passwords of other users provided that they had knowledge of their email address and date of birth. After the discovery of this exploit the network disabled the password reset pages and resumed working to restore the PlayStation Store.

Sony announced that they will be offering customers free content as a part of a “Welcome Back Program”. The free customer appreciation content will be available sometime shortly after full restoration. Sony has also stated that the cost of the network outages and restoration was $171 million which includes the costs of security enhancements, customer reimbursements, and loss of content sales.

Yesterday afternoon (June 1, 2011) the PlayStation Network posted on the PSN Blog that that the PlayStation Store was once again up and running. The PS Store is now offering new updates, downloadable games, demos, add-ons, themes, avatars, and videos. For now, Sony is still in the testing process for the welcome back program download and expects it to be available for users shortly. Another PSN update is currently scheduled for Friday June 3, 2011.

Sony executives have stated “no system is 100 percent secure”, having learned from this occurrence Sony has made several security improvements and created a new Chief Information Security Officer position. The PlayStation Network is not the only Sony service to suffer intrusion, in a separate incident Sony Ericsson was also hit. The Sony Ericsson Hack was said to have affected over 2,000 customers.  According to The Huffington Post the servers at SonyPictures.com were also attacked on Thursday June 1, 2011.  This hack obtain the the information of 1 million users which was later posted on a website by hacker group LulzSecurity. Other recent security breaches include the Lockheed Martin Cyber Attack, Google Gmail hack and the PBS hack, these hacks present a clear picture of how technology can be used to do harm and provide an even greater reason for companies to implement as many proactive security measures as possible.

Although Sony projected an $860 million profit in a February report the company is now projecting a $3.2 billion net loss for the year. The loss is a combined result of several network hacks, security upgrades, customer remuneration, tax credit write offs from the previous quarter, and disruption in production caused by the earthquake and tsunami in Japan.

Taking into consideration the hard times faced by Sony recently, will you continue to be a customer or have you lost all faith in them? Share your thoughts below.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

How to Avoid and Remove the MacDefender Malware

Friday, May 27th, 2011

Recently the MacDefender Malware has created a lot of concerns for Mac users all around the world. Quickly spreading, the MacDefender Malware is a phishing scheme that presents  a message that informs users that their system has been corrupted. The ploy goes on to tell Mac user that the only way to remove the viruses is to utilize the MacDefender app. The MacDefender malware can also appear as MacProtector and MacSecurity. The malware does not infect a user’s machines with viruses or monitor keystrokes. Their sole purpose is to frighten and persuade users to purchase the MacDefender application thus gaining access to the customer’s credit card information.

apple logo

from http://www.Apple.com, May 2011

Mac has estimated that between 60,000 and 125,000 Mac users have already been exposed to this malware. Most users have encountered this problem through poisoned Google images. When users access a poisoned link, a page will launch and display a virus scan. After being transferred to the infected webpage the software begins to download and informs users of an infection. Previously the malware required permission to install but despite the efforts made by Mac a newer version of the malware has been created, which no longer needs the user’s permission. This MacDefender version automatically installs on a machine during the fake scan process.

Mac has yet to take action against the initial malware but has stated they will have a resolution with their next OS X Update. Mac states that they will “deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. Mac however has not addressed the new version of the malware and has also informed their support staff Not to assist users with MacDefender removal. Although the support staff has been instructed not to assist with its removal, Mac has provided the following on how to prevent the malware from installing and how to remove once installed.

Avoiding Installation:

  • If users experience any notification concerning the mentioned security software, immediately exit the browser.
  • If the browser fails to quit, perform a Forced Quit. To perform a force quit go to the Apple menu and choose force quit. Alternatively you can Force Quit by pressing Command+Option+Esc, and then choose unresponsive program followed by clicking force quit.

Removing the Application:

  • In the event that the malware was automatically downloaded and launched, do not enter your administrator password.
  • Do not provide your credit card information.
  • Access your download folder and delete the application.
  • Once the application is deleted make sure that you also permanently delete is in your trash folder.
  • Close the Scan Window.
  • Go to the Utilities folder in the Applications folder and launch Activity Monitor.
  • Choose All Processes from the popup menu in the upper right corner of the window.
  • Under the Process Name column, look for the name of the app and click to select it.
  • Click the Quit Process button in the upper left corner of the window and select Quit.
  • Quit the Activity Monitor application.
  • Open the Applications folder, locate the app again, drag it to the trash, and permanently empty the Trash

In addition to the MacDefender app a login item is also placed in the user’s system preferences which can be removed by opening system preferences, selecting accounts, clicking login items, selecting remove and then clicking the minus button. Although it is not necessary it is advised that users to remove this login item.

Check back later as more details develop to learn more about the MacDefender malware and possible solutions.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Potential Government Regulation Means More Upsetting News for Facebook

Friday, May 20th, 2011

congressIn case it wasn’t bad enough that Facebook was discovered to be behind the recent Google smear campaign they now have to also deal with looming government regulations. Although it has only been a couple of days since it was announced that Facebook hired PR firm Burson-Marstellar to smear Google’s name, both companies have teamed up to take on the Social Networking Privacy Act (SB 242). Along with Google and Facebook, Twitter and Skype were also mentioned to have cosigned a letter strongly opposing the new bill.

This isn’t the first time that we have heard of the bill that was introduced by California Senate Majority Leader Ellen M. Corbett. The bill previously addressed the privacy and security for users under 13 but has since been amended to incorporate all users after initially facing heavy opposition. The motivation behind the legislation was to protect underage users, it’s estimated that although the Facebook age limit is set at 13, over 7.5 million users are under that age and 5 million of those users are even under the age of 10. The Polly Klaas Foundation found that over 42% of teens post personal identifiable information on social media sites which provides a solid foundation to Corbett’s concerns.

The Social Networking Privacy Act would require users to select and acknowledge their privacy settings before submitting their user registration. The default privacy setting would list only a user name and city of residence until that user decides to adjust their user settings. In Senate Majority Leader Corbett’s words “you shouldn’t have to sign in and give up your personal information before you get to the part where you say ‘please don’t share my personal information.”

Facebook CEO Mark Zuckerberg states that “making personal data public is the new social norm”. Currently Facebook requires users to provide their personal information prior to registering and once registered, users can then customize their privacy settings. Until adjusted the current default setting is to share the provided information with all other users. Since the option not to share your personal information is only available once the information is already out there, there is a strong argument for user privacy being at risk but does it warrant government regulation?

In addition to the legislation’s main goal of requiring social networking sites to provide a detailed privacy policy prior to registration the legislation also aims to provide parents with the ability to request the removal of their child’s personal information. The bill states that if these sites fail to comply within 48 hours of the request it will cost them $10,000 for each occurrence.

Given the Recent Headlines concerning Google and Facebook it is clear that the proposed legislation takes priority. Both companies feel that the bill is unnecessary and that government micro-management will likely cause more harm than good. Bills like this will suffocate the age of social networking and will often hinder the innovation of future technologies or businesses.

It’s understandable for government to feel the need to step in if there is a possibility of harm or danger but in this case there would seem to be better options. After all, users can still select the privacy option that they feel is adequate after they provide that information. As for the underage use aspect, if Facebook was to enact a default sharing option with only a user name and city, what is to stop the underage users from changing their privacy option to shared once they create the account?

Currently the Social Networking Privacy Act has passed a senate committee and is seeking a majority vote in the full senate. If passed there it will become full legislation and require final approval from the governor’s office.

How do you feel about government regulations on Facebook? Do Senator Majority Leader Corbett’s arguments justify these regulations?

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Major Security for Major Websites Does Not Always Prevent Vulnerabilities

Friday, May 13th, 2011

Online security threats and system vulnerabilities will always be an issue on the Internet regardless of the amount of security we implement. As the security for major online companies gets smarter the hackers and computer viruses get more inventive as well. This balance is unlikely to disappear because there will always some kind of benefit for people who perform these destructive actions. Whether it is for notoriety, money, or information the effects of these actions require companies to be forward thinking and remain focused on the protection of their users.

caution

Following the largely publicized PlayStation Network Hack a couple weeks ago, two other major websites experienced their own misfortune. For Google it was discovered that their images were replaced with malware and Facebook was also notified that their applications were unintentionally leaking information to third parties. Although these two incidents are completely different with one being pure mischief and the other being an oversight the two cases highlight severe vulnerabilities for major websites.

After weeks of user complaints Google identified that some of their Google Images search results were pointing users to webpages that forced misleading anti-virus scans and security alerts. The attackers apparently infiltrated high trending Google Image search results and planted their own PHP scripts to generate their own malicious content. Once their own PHP scripts were implemented the Google bots crawled and eventually displayed thumbnails for their bogus web pages. When clicked on, the image redirected users to a bad page. Google is currently working hard to remove all of the bad links. For more specific details on how and what was affected visit More on Google Image Poisoning.

Shortly after Google realized their security flaw, Facebook was notified by Symantec regarding their security issue. On Tuesday May 10, 2011 Symantec published that Facebook applications have been unintentionally leaking user information to third parties. Although it is impossible to pinpoint the exact number of affected users it is estimated that the information of hundreds of thousands of users could have been exposed. However Symantec and Facebook state that it is also possible that most of the third parties didn’t even realize the leaks.

The leaks occurred through access tokens which are basically authorization codes that are assigned once a user accepts or grants permission to a Facebook application. Once Facebook was notified of the leaks they implemented the necessary changes which are described in the Facebook Developers Blog. Concerned users can take their own actions to nullify any current access tokens by changing their account password. As mentioned although these leaks were accidental this incident provides a perfect example for the vulnerabilities that websites like Facebook still have even with good security.

Sometimes the bigger the company, the bigger the target. Security should always be a crucial aspect and top priority for any business.  It is not only up to the major websites to try to stay head of the relentless security threats and system vulnerabilities, the individual users should do their part as well by being educated about online risks and by taking the appropriate precautions to remain safe.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Maintenance Tips and Policies to Keep Your Small Business IT Running Smoothly

Friday, May 6th, 2011

As helpful as technology may be to businesses it can also present certain challenges. If poorly managed, business technology can often prove to be just as harmful as it is beneficial. This is why we have IT professionals or IT departments. Regardless of how much equipment a company may have the role of an IT department is a full time job especially when you consider the possible strain most companies place on their technology and their need to prevent any malfunctions.

please contact technical support

Whether it is a single computer and printer or ten networked computers running off of a server it is mostly the IT department that handles the purchasing, installation, updating, management, and repair of company technology. In order for an IT department to be successful and maintain the integrity of the technology it should possess the following characteristics.

  • Qualified and motivated staff
  • Appropriate IT resources
  • Effective department management
  • Proper IT procedures
  • Regular meeting, documentation, and review

It is the goal of an IT department to not only fix and manage the company equipment but to also ensure the security of information. To do so an IT department should be performing routine tasks, that includes establishing policies and procedures, updating equipment, and running diagnostics. The majority of work done by these departments should be preventive measures so that when problems do arise they already have procedures in place that detail immediate solutions. Now of course most IT departments cannot predict every incident that has the can occur however they should come pretty close to being able to recognize the most frequent or detrimental threats. Various simple but overlooked tips for a company and IT departments include,

  • Password Policies, many users choose to utilize a password that is easy to remember rather than one that is sufficient to protect critical information. A company or IT department should implement a password policy that details and enforces the use of Strong passwords.
  • Remote Access Policies, because many company employees need to be able to access company information from home or when traveling, a proper remote access policy should be drafted according to the specifications set by the IT department.
  • Appropriate Use Policies, detail what resources should be used and how to use them appropriately. Having an acceptable use policy, whether it is for the use of the equipment, email, or the Internet can potentially prevent equipment errors and system vulnerabilities.
  • Scheduled Backups, performing regular backup’s archives important information. In the event something does happen and wipes out your information you will still have the latest archived data to restore.
  • Scheduled Updates, establishing automatic updates or routinely checking for software updates manually keeps software like anti-virus, anti-spyware, and firewall protection working properly and aware of the latest security threats.
  • Routine System Checks, by running diagnostic tests you can see how your system is performing, document, and perform any necessary adjustments.
  • Equipment Checks, similar to routine system checks this entails testing the equipment and making sure it is performing properly.

  • Proper Training, to prevent the misuse of equipment all employees should be trained and well informed of the appropriate and inappropriate uses.
  • Think Proactive, one the biggest errors when is comes to IT is waiting till something happens. It is most important that you don’t wait till it is too late to create the policies, implement the procedures and protect your technology.

It is extremely important that these bare minimum IT requirements be utilized in order to protect your business’s information and equipment. Even if your company does not have an IT department, you yourself should be implementing some of these suggestions or hiring an IT professional to assist you in protecting your technology. Don’t wait until an IT disaster strikes before you take the appropriate actions.

Is your IT department doing their job? What do you think is the most important element for managing your IT?

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

PlayStation Network Attack, What You Should Be Doing To Protect Yourself

Thursday, April 28th, 2011

On Friday April 22, 2011 the Sony PlayStation Network stated that as of April 19 th they had become aware that PlayStation and Qriocity user accounts had been hacked. Prior to this notification they have made several announcements, none of which providing the exact details for the disruption in network services.

During the time leading up to the official hackerpublic disclosure Sony had disabled their system which left many PlayStation Network users in the dark about the true circumstances surrounding the event. It wasn’t until April 26, 2011 that Sony offered the full explanation that user account information and potentially their financial information had been unlawfully acquired during an intrusion. The unauthorized intrusion of the network accounts left over 70 million users as well as their personal and financial information at risk. For a full timeline visit PlayStation Network Hack Timeline.

Because Sony had waited a full 6 days after the time of discovery to present a fully detailed announcement most people are wondering why the delay with informing the public. Typically when a breach does occur it is not uncommon for some amount of time to pass before the public is fully informed, this is usually to confirm the facts, consider solutions and prevent public panic. However during this time users could have been taking their own preventative measures by informing their credit card companies, monitoring credit reports, and avoiding phishing scams. For a great article concerning the legality of informing the public in the event of a security breach visit PlayStation Network hacked, data stolen: how badly is Sony hurt?

The PlayStation Networks Official Website released a statement detailing what efforts are being made to rectify this unfortunate situation and promises that it is a temporary issue that will be cleared up as soon as possible. Currently the network connection is still deactivated. An outside security investigation company has also been contracted to investigate the security breach and Sony is currently developing new security features. With these new features they hope resolve the system’s vulnerability and provide more safety precautions to protect a user’s personal information in the event of future occurrences.

It is PlayStations fear that the unlawful invasion into user information exposed user names, addresses, email address, birthdays, passwords, logins, purchase history, and even billing information. The official statement goes on to state that even though there is no evidence that credit card information was obtained they are not ruling out the possibility. Although many Sony officials believe that the hack was to gain notoriety as opposed to financial information they cannot be certain. As Sony continues to work around the clock to regain the confidence of its customer’s users should be taking the following actions to ensure the security and protection of their information.

What you should do!

  • It is advised that if you have provided any credit card information that you contact the card company and inform them that your information may have been obtained during this event.
  • It is also urged that users be mindful of email, phone, and postal scams. Sony has said that they will never contact a user to acquire credit card numbers, social security numbers, or any personal identifiable information. Often hackers will take the portions of useless information and contact you pretending to be the organization in order to obtain the rest of the information that they require.

  • Sony also advises that once the network is secure and user connection is reestablished that a user should change their login information immediately.

It’s important to remember that these kinds of incidents happen all the time and unfortunately they are the reason why we need implement more and more secure practices every day. Any fraudulent charges that do result from this incident will of course be handled by Sony. One issue left un-answered is why Sony chose to wait so long to inform its users about the potential security threat?

What do you think? Should Sony have disclosed the full details and given customers the opportunity to protect themselves sooner, or were they right to gather all the information before causing panic?

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Harmful Electronic Waste, the Negative Component of Continuous Tech Production

Friday, April 22nd, 2011

computer recycling

As technology becomes ever more prevalent in our society so does the amount of electronic waste. Each year a number of new gadgets or devices are produced leaving the outdated models to be discarded. The production of new devices is not a bad thing especially since advancements in technology keep us moving forward and increases our productivity. However the same can not be said for how we handle the disposal of our old electronics. The short life span of electronic devices causes us to continuously dispose of more and more electronic waste each year.

Due to the amount of e-waste most states have already put in place standards against dumping electronic devices. Similarly in 2010 the Federal Government enacted the Electronics Recycling Act. This Act states that any organization that is found to be exporting their non-useful e-waste to developing countries will receive heavy penalties and fines. Many companies have recently begun to focus their efforts on establishing guidelines to reduce their amount of e-waste and ensure their compliance with green standards. Although these types of companies are providing the groundwork for a successful reduction in electronic waste it is really up to the individual consumers to follow through with this proposal by disposing of their old devices appropriately.

There are four main ways that we currently handle our electronic waste which is through landfills, recycling, reusing, and incineration. While certain methods may be more suitable than others each of them can still produce negative impacts on our health and environment. Approximately 14-20 million PC’s are discarded making up a huge portion of the 20-50 million tons of electronic waste that we produce annually. From that 20-50 million tons only around 14% of the old products are actually recycled which leaves the rest of the millions of electronics to accumulate and be disposed in a counterproductive manner.

Landfills:

The major problem associated with e-waste is the composition of toxic heavy metals (lead, mercury and cadmium, etc.) that can seep into our water, soil, or atmosphere depending on how it is disposed of. Toxic heavy metal from e-waste makes up 70% of all heavy metals in landfills. Using a landfill for e-waste is very dangerous because it contaminates essential aspect of our environment.

Incineration:

Like in landfills the incineration option releases massive amounts of hazardous waste into the atmosphere. Although incineration will reduce the amount of space used for e-waste the release of this hazardous material into the environment would not only affect the atmosphere but would eventually make its way into our water supply and soil when it rains.

Recycling and Reusing: (Most Viable)

It is extremely expensive to appropriately handle electronic waste. Due to the high cost of disposal many corporations were exporting their old products to developing countries and therefore resulted in several law and guidelines. Developing countries often have lower environmental policies and are not adequately equipped to handle the disposal of e-waste. The Responsible Electronics Recycling Act of 2010 was enacted to prevent the hazardous material from being exported to countries that are unable to properly deal with it. As for the equipment that is still working properly and meets the necessary guidelines it can still be recycled which can help the developing countries even though the majority of working exported devices are obsolete. In the past, hazardous electronic waste in developing countries had been linked to causing cancer, neurological and respiratory disorders, as well as birth defects hence the stronger environmental enforcement regulations.

In addition, these disturbing statistics have also urged companies to create “Take Back” or recycling policies. Take back policies and recycling programs let you trade in your working electronic devices, sometimes for cash, store credit, discounts, new models, or the satisfaction of helping your environment. Once traded in the company can either choose to use the device for parts (Recycle) or export it (Reuse).

What you can do to help:

Although the government is attempting to solve the problem of e-waste it is up to the customers of electronic devices to dispose of them properly and follow the regulations that the government sets forth. The following are some suggestions when dealing with and disposing of electronic waste.

  • Avoid throwing out electronics with your everyday garbage.
  • If you are getting an upgrade or newer model, donate or sell your old device.
  • Consider if you really need an upgrade or if you can utilize the same device.
  • Shop with companies that use a “Take Back” program.
  • Make it a priority to shop with companies with “Green Principals”
  • Try to purchase sustainable/upgradeable devices.
  • Don’t buy the latest technology right away because there will most likely be something better only a month or two away. Why upgrade twice and create twice the waste?
  • Contact your local representative regarding your state’s electronic waste policy. Does your state have an e-waste policy?
  • Locate local e-waste recycling and disposal centers.
  • Find useful information on Recycling procedures, Takeback programs, and Donation centers at the Environmental Protection Agency Waste Center Resource.

Additional information available at: Examples of Electronic Take Back Programs & Companies with the best Green Rank

Thanks for Reading and Have a Great Earth Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland

Using Google Page Speed to Improve Your Website’s Performance

Friday, April 15th, 2011

Recently we published an article on our internet marketing blog detailing various techniques for increasing the speed of a website.  In our posting “Simple Modifications That Produce a Faster Website and Boost Rankings!” we provided statistics on what qualifies as a fast website and several suggestions that could potentially increase a website’s loading time.  Some of these suggestions included website compression, image optimization, and properly structuring website code.

Each of these methods carries critical importance when attempting to enhance a website page speed.   Website compression groups information and sends it using packets of data which mean more information is sent at one time and does not continuously flow item by item.  Limiting and optimizing images avoids clutter and reduces the time the images take to display. Ensuring proper code layout also increase page speed because the page knows what elements to load first therefore keeping the visitor occupied and aware that the site is functioning properly until fully loaded.

It is important to first check the speed of your website using one of the many page testing tools found on the internet.  Some of the tools are Pingdom Load Time Test and GTmtrix, however recently Google has launched its very own tool called Page Speed Online.

Page Speed Online was released on March 31, 2011 and was previously available only as a browser add-on.  Google Labs newest launch now enables users to test the speed or load time of any website from any location.  Google Online Page Speed is simple and convenient to use and provides an immediate review of your site and its speed.  To use Google’s website speed assessment tool all a user has to do is as follows:

  1. Navigate to the Page Speed Online Test Screen.
  2. Enter the URL of the website and click “Analyze Performance”.
  3. Once the test initiates the result will appear in a few moments and will provide a score out of 100.
  4. Provided under the score are any problems that were found on your site. These problems will be broken down into priority categories of high, medium, and low.
  5. The problems listed in these categories are basic errors that have a negative effect on the speed of your site, for example it could say “Optimize Images”.  Each of the problems listed can be accessed for a more detail description of each individual error.  When a user clicks “Optimize Images” the results will identify each individual picture that needs to be optimized and provide the best solutions to do so.
  6. Follow the solutions provided to eliminate any problems that were found during the initial test and try re-testing your website once the solution has been implemented.

The good thing about using Google’s online page speed application as opposed to other online speed assessments is that Google’s test appears to be more accurate. Google provides the user with suggestions to fix the problems that were found during the screening process.  People who utilize other online speed testing programs might receive inaccurate result because they may be only testing the time that it takes for your websites HTML to transfer.  Google however not only tests the HTML transfer but also measures how long it takes for images to load and how long it takes to execute JavaScript.  The Google Page speed test incorporates all of these factors and more when screening your website and provides a fuller assessment of your site speed.

In conclusion with the Google online page speed test users can instantly assess their site speed from any computer or browser and clearly identify every aspect that they should improve.  The Google online page speed tool is simple to use and provides informative feedback that could assist you in drastically increasing the speed of your website.

You can try out this great tool at Google Page Speed Online!

Please share your opinion below about what you think of Google Page Speed. Will you be using it or do you already have another site speed tool that you think is better?

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland