PennyWise Consulting LLC

Digital Credibility and Phishing, Part I – Domain Names

By penny | Published: 2012/05/18

This post follows up on the two-minute tech tip I recorded for Episode 252 of the Just the Books podcast. This is the first post in series that covers digital credibility and phishing.

Domain Names
A website is known by its domain name. This is the friendly version of its internet address. There are a few parts to the name, however, for this tip, I am focusing on the end.

At the end is the TLD, the top level domain name. Generically this is the .com, .net, .org, etc. Registration of some of these is restricted, for example .mil, .gov, and edu. Each country has its own TLD, these are known as ccTLDs and are two letters. This is why there is .co.uk exists.

In general there are two more parts to domain names, working from the right, the next part is what you get when you purchase a domain name. For the Just the Books podcast, it’s the just-the-books part. The last part is the part that the domain holder can generally set themselves. It’s often the www but could be anything; if desired we could make a name directly to the show notes as shownotes.just-the-books.com (note: I’ve not done this).

How can you check a link in a webpage?
Below, I explain one quick way to test. Please note that while I made these screen shots on my Mac, it’s worded similarly on Windows.

For simplicity, let’s use a page from The New York Times. We want to make sure that links to the full articles are still within The New York Times website, nytimes.com.

Right click on the link and select “Copy Link Address”. If you have a one-button mouse, hold down control as you click to bring up the menu.

Next, paste into a plain text editor. For Macs, the default is TextEdit, Windows machines have Note Pad. You want to use a plain text editor and not your word processing program of choice because plain text strips away the webpage programming (“HTML”) and will display the actual URL.

It should look something like this.

Let’s evaluate what you see:

Ignore the http:// It’s mostly for the computer, not humans.
The www. isn’t important for this either.
nytimes. looks right. So far so good.
.com Great!
Now we see the most important part. Next comes a /. For the computer, and for you, that means the domain name is done and we get to the webpage specific parts.

Congratulations, it is a link that looks right.

Using this method to test from the results you get from a search engine is trickier because the search engines what to know what websites are successfully clicked and they do this by passing you through their domain first. If we searched Google for the New York Times and copy-and-pasted the resulting link, it will by default in most web browsers return this massive block of … stuff:

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CI8 BEBYwAA&url=http%3A%2F%2Fwww.nytimes.com%2F&ei=uV62T4XnC8bM6QGAuZzFCg& usg=AFQjCNEtLodOdxWZSGdJpL7WJaEeUJVlnw&sig2=B5xbatumCielOdBT8trDNA

How do you parse that?

Start with the chunk http://www.google.com/ This is helpful because it’s google’s domain and because we see the / we know we’re now going to some webpage specific stuff.

Next we find the geeky bits. Let’s take it slow and scan through what we see. We know that we want to find nytimes.com in there, so take it slow… do you see it?

Great! But there’s lots of weirdness around it and no slash, so you aren’t sure if it’s done and going onto the website stuff. The www.nytimes.com is surrounded by encoding of special characters. Computers don’t really like spaces and different characters might also have special meaning for programs, so they are often encoded. %2F means a /. We see that surrounding the text we’re looking for: %2F%2Fwww.nytimes.com%2F which really means //www.nytimes.com/. That’s a good sign.

In this case we shouldn’t ignore http://, which we find to the left of URL. How? the %3A means a : so now we have all the parts. I don’t expect you to remember that but please note the similarity in length and format for each of the chunks of special encoding. So we see &url=http://www.nytimes.com/ Congrats! That’s what we’re looking for and this link so going where we expect.

You are probably wondering how to prevent this and just get directly to your links without your search engine tracking extra information about what you clicked. Don’t worry, personal privacy will be covered in the future. If you are concerned now, please ask and let me know you want to know sooner. Next week I plan to continue with digital credibility and phishing by discussing security certificates and SSL.

Posted in two-min-tips | Leave a comment

What’s a computer virus?

By penny | Published: 2012/05/11

This post follows up on the two-minute tech tip I recorded for Episode 251 of the Just the Books podcast.

Viruses differ from bugs because they can spread. They copy themselves and then move on to infect a new computer, while they once spread through physical media such as floppy disks, they now tend to piggy-back on emails and hide in website links.

There are a few more terms you should know:

Malware is the generic term for all malicious software.
A Trojan horse pretends to be a nice program while really it is malicious. Those popup ads that say “Your computer may be infected, click here to install our security check now!” are often Trojan horses.
A worm is different from a virus because it doesn’t need the user to do something to infect others, such as forward an email. Worms most often take advantage of known bugs in computers to spread.

There are more, but this is only an introduction!

The Flashback virus that recently infected lots of Macs came from WordPress sites that were themselves not updated. There are two layers to this problem:

Self-hosted WordPress sites (not wordpress.com sites) were running out-dated versions of WordPress. There are many reasons why this happens that I’ll cover in future posts, but by not having the most secure and up-to-date installation it allowed the virus to pretend to be an Adobe software update (it was a Trojan).
A vulnerability (a bug) in Java on Macs allowed the virus to run. Apple released a software update to fix Java.

Could this have been prevented? I think by keeping every computer, including those running wordpress up-to-date would have definitely reduced the reach of the infection. Learning about how to take care and use technology would have reduced it further. Is there a possible world without virus attacks causing widespread infection? Yes, but it requires time and education.

Three steps to keep your devices healthy:

Keep your computer up-to-date.
Install virus protection software. There are some small trades-offs to doing this. To be more secure the software has to run all the time and that will mean your computer will run just a tiny bit slower. Will you notice? Probably not. Keep this virus protect up-to-date. Do not schedule these updates monthly, do them daily.
- Microsoft has Security Essentials.
- Macs have their own Security tools.
  
  Can these be your only line of defense? Yes, but I like a two-layered approach.
- Choose and install your software from a reputable source. Who is a reputable source? The big names such as Norton, McAfee (note: it only has one F!), and F-Secure. There are free options too, Avira, Avast, and AVG come to mind.
  Please do not click ads while you are web surfing that say “You’re computer is infected click here for a free security scan.” I’ll cover phishing soon.
  Does installing and keeping this software updated mean you definitely will not be infected? No, but they will reduce the likelihood by a significant amount.
Be smart with what you do. Don’t click every link and open every attachment, especially if you aren’t expecting a file and the context doesn’t seem to indicate there should be an attachment. Do not install software from unknown sources. Who’s an unknown source? I’ll cover digital credibility and expand upon safe surfing in future posts.

Here’s a bonus fourth step:
Backup, Backup, Backup. How? Everyway you can. I will cover data organization/backup/archiving in the future but there is a concept called LOCKSS, Lots of Copies Keeps Stuff Safe. While this concept is generally geared toward large institutions, I’ve scaled it down for individuals for years. Of course this doesn’t work if the copies themselves are infected but there are a few ways around it. I’ll cover this in more detail in the future but my quick method is:
- Copy/Duplicate the file. Paste it right in the same spot.
- Convert it to another format, for example, it’s a word processing document, print it to PDF.
- Email it to a spare email account or a trusted friend. I’ve been accepting friend’s final thesis papers and dissertations for years.
- Make CD/DVD/USB key copies of the files.
- If it is that critical and important to your future (or past) print it out! You can always scan it and while it might not be the perfect original (in the case of a photograph, for instance), wouldn’t you rather a paper copy and a later scan of that image instead of no copy?

You can read more at the following websites:

Microsoft what is a virus?
Virus basics from the United States Computer Emergency Readiness Team
Apple’s security guides for older versions of Mac OS X

Posted in two-min-tips | Leave a comment

The Why of Software Updates

By penny | Published: 2012/05/04

Question: I just bought a new computer, why do I have to run software update? Why are there so many updates?

Computers are complex. They include many different components hardware (the physical computer), operating system (mac or windows, which is really just big fancy software), and programs (web browsers, word processing, games). Not only are there many different components, in general they come from many different places and companies. Since there is a desire to release new products frequently, deadlines are tight to develop and release new parts for a new computer. It’s not surprising that a bug can sneak in.

Bugs? But the computer was just turned on.. How could that happen?!

First, rest assured, while bugs can be quite problematic, a bug is not the same as a virus. I’ll cover viruses next week!

A bug occurs when there is an unexpected outcome from the software. For example, the alphabet is generally sorted as a, b, c, d, e. If there was a bug in the sort program, the result would instead be a, b, d, c, e!

Patches, or software updates are released to fix bugs.

When did the term bug come about? It’s credited back to when there were vacuum tubes running computers. A bug (moth) literally crawled into the hardware and died causing the electrical circuit not to close properly. The term is credited to Grace Hopper.

You should run software update as soon as the computer is set up and connected to the internet. Why? In the weeks and months from when the programs where installed at the factory to the moment you turned it on, there is a very good chance modern bugs were found and there are updates to fix them. Run the software update until it says “no more updates at this time”. You can schedule this to automatically check, please do this at least monthly, I prefer weekly. You should also check for software updates of the applications you use, such as word processing programs in the same way.

Why do we still get bugs?

The modern bugs are different, but because so many parts of the computer are coming from different places and there are many different variables, sometimes the programmers don’t get everything right the first time. Should they? I’ll leave that debate for some other time and place, but given the complexity it’s not surprising that bugs sneak in and cause havoc. We just hope that they are patched in a timely manner.

One more thing:

Updates and upgrades aren’t quite the same thing. An update will fix small problems in the things that are currently installed and may introduce small new features. Upgrades are bigger changes and often require paying for the new features (and their unintended bugs).

Sometimes even a small regular update can introduce new bugs. Each computer becomes different with use and different programs installed on it so it’s not easy to say if any update will work as expected. Some people wait a day or two when new updates are announced just incase they introduce problems. Understanding what the updates fix can sometimes be quite complex, so if you are wondering if you should update, please do not hesitate to ask.

Basics of running software update:

Mac
Windows
If you are running Linux please contact me as there are many different ways to do it depending what flavour of Linux you have installed and how the applications were initially installed.

Posted in two-min-tips | Leave a comment

Tech Management Series: First Questions for a Non-Profit Web Project

By penny | Published: 2011/07/21

Figuring out where to begin is one of the greatest challenges when starting or revising a website.

Non-Profit organizations often feel this more strongly than others that I work with for many reasons, such as volunteers coming and going, limited budgets, and the issue that faces all of us, not enough time in the day.

To that end, I’m releasing a FREE 2 page PDF worksheet that will start to guide non-profit organizations in organizing their thoughts as they sit down to plan a new website or revise an existing one.

This worksheet includes some of the questions I ask my non-profit clients. I don’t ask millions of questions in a long drawn out planning meeting. I find those are rarely useful. We’ll circle back to these questions again.

The first page is for the Big Picture. Why do you want a website? What does your ideal website do? What are a three sites you like?

The second page delves a bit deeper into specifics that are useful to know about early on in the planning process.

If you aren’t a non-profit organization, I think you will find this PDF useful. I will be releasing one tweaked for small crafts businesses in the near future.

Free Non-Profit Website Questionnaire — November 2011 update: Please contact me if you are interested in a copy of this Questionnaire. I’m changing how I manage the delivery of this. Thank you.

Posted in Tech Management Series | Comments closed

Some Recent News Items and Links of Interest

By penny | Published: 2011/07/14

Warning — a new phishing email is trying to get LinkedIn usernames and passwords is going around. Your account has most likely not been locked due to inactivity. Please delete that e-mail if you are unlucky enough to get it.

WordPress 3.2.1 is out. This is more a cleanup the loose ends release than with one of security fixes. Please stay updated. Related – WordPress Now Powers More Than 50 Million Sites.

Interesting and Potentially Useful Links:

Lifehacker’s Cheatsheets quick simple guides, the newest one is for Google+.
Lifehacker’s guide: How to Upload and Share Photos on Flickr, Picasa, or Facebook. Clients keep asking me how to do this. It’s not a complete guide but maybe it’ll help get you going on your own. If you have questions, please do not hesitate to ask.

A beautiful photo of Atlantis the night before her final launch.

Posted in Tech Thoughts | Comments closed

Info & Tech Literacy: It’s New!

By penny | Published: 2011/07/12

My clients are sometimes surprised when we start to work together on something and I utter the phrase they must dread to hear, “Oh that’s new. I wonder how it works.”

This is a challenge of today’s new social media and web driven world. Websites can change quickly and I sometimes blink and find something new. This recently happened to me with LinkedIn. Until I sat down to work with my client, I missed that a user’s profile can now show a website’s name, instead of a generic category. It’s more meaningful for everyone and aids in what the branding gurus say is brand recognition. I like it because I feel it helps bring trust to the links.

How do you do it?

In the additional information area of your profile select other for the website type. An extra box will appear and you can type the site title in it. This is how my LinkedIn profile looks when edited:

The finished section looks like this:

If you need further assistance, please do not hesitate to ask.

Learning the new: Google+
I’ve been taking small bits of my day to familiarize myself with Google+, the new social service that’s still in testing.

I haven’t had much time to work with it yet and I sometimes feel overwhelmed when I do stop in. I find myself wondering if I am using it in the intended manner or if I doing things how I intend to do them.

There’s a new lingo to learn and a way to do things that is familiar (for example to facebook or twitter) but slightly different.

Thankfully others have been spending time compiling lists and helpful tips.

Yesterday afternoon I was thankful to find this list of tips by Robert Scoble and an in-progress ebook Google+ A Collaborative Document: (or how 120+ people wrote a book at the same time).

These are both useful now in July 2011. Will they be useful a month or a year from now? Time will tell. I do look forward to what new there is to learn and to teach you.

Posted in IT Literacy Series | Tagged google+, linkedin | Comments closed

dealing with the deluge, email edition

By penny | Published: 2011/07/07

How do I manage all the data and information that crosses in front of me each and every day?

I do not check email first thing in the morning if I can avoid it, nor do I check email as I am closing up for the night (unless there is a need such as confirming a morning meeting).

I do try to get the most important thing I need to do that day started, if not completed, before I check email. It is very useful way to help me gain momentum on my to-do list.

I do not check email every twenty seconds.

I do have my email programs set to check for new messages every two hours but in reality that means I manually refresh it every 15-30 minutes.

I do not have any notifications on my phone or computer that alert me to new mail.

I do always have new email. That’s a given. Why let announcement of its arrival eat at me and distract from what needs to be done?

I do not let everything go into my inbox.

I do sort and filter aggressively so that much of the routine stuff gets processed together.

Mailing lists, store announcements, the stuff that doesn’t need to be acted on immediately because fifteen years ago it probably would have come as a paper mailing and not be read immediately. This sort of email gets automagically filtered away and pass go (the inbox).

I do not leave everything in the inbox for eternity.

I do try to process through my inbox daily, weekly, and monthly to make sure that closed items are stored properly, emails that can be deleted are, and that I hopefully haven’t missed anything important.

Is it a perfect system? No. When things become too overwhelming from the flood of messages pouring in over my multiple email accounts I either head out for a trail run or pick up my knitting needles for a few short bit. I do not currently work with EMS or doctors or hospitals. Nothing is a super critical life or death situation. It can wait thirty minutes.

Do you feel overwhelmed by your email?

Do you have a friend who constantly floods your inbox with those silly forwards that you never read? If you would like guidance on configuring your specific setup to sort through everything, please do not hesitate to contact me.

Do you want help figuring out the best way to sort, categorize, and store your emails for your small or solo business? I can assist you in drafting a plan, implementing it, and if you want scheduling audits to make sure you are doing what you set up. Again, please do not hesitate to contact me.

If you want more ideas on how to deal with this I’ve found that there are many many sites and articles to help.

Lifehacker is probably the most recognized at this point.

Inbox zero is the concept of getting your inbox down to zero items. My record is somewhere in the double-digits …

There are also the gurus such as David Allen’s Getting Things Done (aka GTD)

I recommend searching for life hacks or getting things done. Will the above sites come up? Yes, but so will many others interpretations and implementations and tweaks. Maybe you’ll find an idea that works with you.

Will these work for you? Do you need to subscribe to the completely? No. Find what works best for you and don’t feel that you have to change your way completely overnight. If you want advice or some help getting it started I can help.

Posted in Tech Thoughts, Tips | Comments closed

In the Spotlight- A Crafts Business

By penny | Published: 2011/07/05

The second business in the spotlight is near and dear to my heart. It suffers, however, from cobbler’s child syndrome as it is my own!

Little Acorn Creations is the result of lots of knitting and stitching. It is a solo part-time operation. It’s run out of my home on the most shoe-string of budgets. It exists because I love to create and make things, mostly through knitting but I also embroider and crochet. Sites such as Etsy and ArtFire have made it much easier for someone to have an online business selling handmade items (I never thought of eBay as a good route for this though it was a successful option for many).

It was also the business I had in mind when I completed my Master’s Project a few years ago. My project was a technology guide for the accidental crafts business owner, that is the working outline for many of my current writing series here.

For Little Acorn, I need to figure out my technology needs. How do I plan to track invoices and emails? Do I need a website? How do I integrate it with Etsy? How do I plan to keep it updated? Will I schedule other social media outlets? I need to set up QuickBooks and make sure the proper files are backed up. I need to work on digital files, mostly photos, and make sure I include them in my backup plan. Not to mention making sure I keep sales receipt records for the period required by my state.

There are lots of little technology and data management things I need to spell out to make it so that I don’t have to spend all my allotted Little Acorn time on business stuff.

This series will focus on

How I choose the tools that work right for this business, and for me
How I write a data management plan
How I backup my important files and non-electronic items
How I plan for the unknown … the future.

Posted in Client Spotlight | Tagged crafts business | Comments closed

Recent Tech Stories of Interest

By penny | Published: 2011/06/30

WordPress 3.1.4 was released yesterday. Please update as this is a security and hardening release. If you aren’t sure how to do this, please do not hesitate to contact me. If you use wordpress.com hosting, you do not have to worry at all about these updates!

Google announced Google+ ~~No, I don’t have an invite yet and can’t speculate at all if this will or won’t be a Facebook killer.~~ I received an invite at 10pm last night. I haven’t done very much with my account yet and do not yet feel comfortable speculating further.

Microsoft Office 365 is out of beta. I didn’t have a chance to work with it much while it was in beta, but it’s definitely something to consider…

Google (again) is refreshing the UI– the design of the site … if you suddenly see a black bar at the top do not be afraid.

Google (again the second) now allows you to “free” some of your data easily and download it via Google TakeOut. The biggest benefit for most of my clients is that it will allow you to download some of your Picasa photos in a somewhat simple step. I expect that this service will evolve as Google+ comes further online.

Amazing trains that were never built (found via boing boing)

Posted in Uncategorized | Comments closed

Info & Tech Literacy Series: Security & Privacy Basics – links

By penny | Published: 2011/06/28

Yes, you know how to use the computer.

Your three year old is showing you how to use the iPad.
You successfully create presentation slides for seminars you give and your tween has a webpage she designed for a class.
Your wife set up and secured your wifi network.. and unplugged the blinking VCR since you now have a NetFlix account as well as a TiVo.

Why do you need to check in on Literacy?

There is a gap in knowledge. My clients very often teach me specific new features of the software they use every day. What they show me often makes my life much easier.

But they still get duped by the phishing email.
They still have the same three passwords they first generated back in 1997.

They wonder what’s the best way to fill in their LinkedIn profile. I’ve seen some list their home phone number just because there is a box for it. What information do they need? What can be left out? What if they’re not comfortable filling it out truthfully?

Why should you care?

Identity Theft. It’s a royal pain in the butt to fix everything and git it all back right. I don’t think you should be paranoid and not use any of these services, because your information is being shared to a degree anyway. That doesn’t mean it’s good to put every last detail online either.

There are tons of resources out there to help you.

The State of Ohio published an extensive list of links listing resources to help you learn about Privacy Basics, Identity Theft, Safe E-mail and Web Browsing Habits.

Wait, how do I know this? Why did I include the two links above?

They are Government websites and I am putting a degree of trust in the Government to provide educational resources that do not mislead its citizens.

How do I know these are from the government? Below is what my Google search results screen looked like.

What do you see?

The first line is the title of the page. This might have a meaningful name, or it might not. This is generated from the code* of the page. The two icons are specific to google and we can ignore them for now.
The next line is part of the content, the meat, of the web page. Think of it as a sort of preview. Is it useful? Sometimes. This is where all that talk on SEO optimization comes in.
The last line is what I want you to focus on. This is the URL of the page. Will it always lead you to the most trustworthy site? No, but understanding some basics of this will help you begin to make some decisions.

Did I loose you on that Wikipedia page? I thought so.

Here’s what to keep in mind, then I’m going to throw you a hard curveball**:

Your mailing address is similar to a hostname. For example, let’s pretend my business address is 123 Main Street. That’s not easy to remember, so I tell you that PennyWise Consulting LLC is at 123 Main Street.

I’m a business so I have a .com.

URLs for my business start with http://www.pennywiseconsulting.com

If I was a government agency I’d probably be a .gov

Schools can have .edu

However, beyond schools and the government, there really isn’t anyone checking if a .org is really a non-profit or a .com is a real business. If you pay the fees to buy this easier to remember name, it’s yours. (note: this is highly highly simplified)

However, the second, (here’s your curve ball) the Agency that decides what the last bit of the hostname, the dot com, dot org, etc are has declared that there will be more options and that almost anything goes.

What does that mean to you as a user of various websites? How will you protect yourself form phishing? I’m not sure I have the answers.

* it’s not technically code, it’s scripting. I will explain the difference in the future if there is enough interest.

** I run. I cannot throw balls nor hit them with any degree of skill or accuracy.

Posted in IT Literacy Series | Tagged privacy, security, Social Media | Comments closed

Search
Twitter Updates
- Digital Credibility and Phishing, Part I – Domain Names goo.gl/fb/NK1J6 1 day ago
- RT @knitgrrl: If your job is web-and-social-media-dependent yet you don't use bcc: on emails, I am going to have a hard time taking you... 2 days ago
- this week's two min tech tip could easily be 2 hours! editing down to smaller chunks, this will take several weeks to cover. #amteaching 2 days ago
Follow @pennywseconsult
Subscribe to our mailing list

Search