I was reading 10 seriously annoying default configurations at TechRepublic today and was inspired to come up with my own.

1. Windows Update

I love the idea of Windows Update, but its implementation drives me crazy. First, every update seems to require a restart of the computer. Coming from a linux background that is extremely frustrating, especially on a Windows server. No I can’t restart the Exchange server 3 times a week, thank you very much. Second, some updates are only visible after prior updates are installed, which compounds the restart problem. Third, there’s no way for 3rd party software developers to latch into this update process. This makes keeping a machine secure much harder, forcing admins to rely on tools from vendors like Secunia to keep their systems up to date.

2. User Account Control (UAC)

Much has been written about UAC, a feature of Windows Vista and later that prompts the user performing risky actions – like installing software. Unfortunately it prompted so much that many simply disabled the messages. I personally feel that UAC was one of the “features” that prevented mass adoption of Windows Vista. Thankfully Windows 7 gives you more granular control of the messages UAC displays.

3. Internet Explorer on Windows Servers

I completely agree with the author of the TechRepublic article. Internet Explorer on a Windows 2003 or 2008 server is virtually useless. Yes, you shouldn’t use Windows server for general purpose browsing, but with nearly all reference guides and support online there are times when you must use a web browser on the server.

Say you are in the server room, working on an Exchange server that’s not working. You need to research an error message from the system log so you hop over to Google. Instead of showing you the website you are prompted to add Google to the Trusted sites list. Click on one of the relevant links, add the site to your Trusted sites. Repeat this a few times and tell me that you don’t want to throw the server through a wall.

4. “Are you sure you want to empty the Recycle Bin?”

The whole point of the recycle bin is to prevent accidental file deletion. You have to interact with the Recycle Bin in order to empty it. Why confirm again that these are files need to be deleted?

5. ActiveX component install process

I know that ActiveX is a major security risk, but do I really need to confirm 3 different dialogs before it will install an ActiveX component in Internet Explorer 7 or 8?

6. Menus that change based on frequency of use

This came into vogue after Office 2000 implemented “Personalized Menus.”  The basic idea was that the Office apps had too many options and the average user could not get to the options that they needed quickly. So if an option was not used often, the software auto-hides the option for you. Yeah – great idea. Try walking a friend through a configuration change, only to discover that the menu option is hidden. Here is an idea – if there are too many options in a program, perhaps it is too complex and should be streamlined.

7. Hiding File Extensions

Why design a file system that requires the use of an extension to determine its file type, then design a file browser that hides those extensions. This is the first setting I change on any Windows machine I manage.

8. Hiding System and Hidden Files

If #7 is the first change I make, this one is number two by a few seconds. This one is even cross platform as the Gnome file browser also tries to “help” you by hiding these files from view.

9. Errors cause Copy / Move operations to stop completely.

Ever try to move a bunch of folders from one drive to another – maybe you are backing up your photo collection, maybe you are moving documents from one computer to another. If one file cannot be copied the whole process just stops. Now you have to figure out why the file copy did not work and start all over again. To solve this one, install a 3rd party file copier like TeraCopy.

10. Desktop Cleanup

Everybody uses the desktop a little differently, I tend to use mine as a scratch pad. I keep files that I am currently working on the desktop, and move them to other locations when they are no longer needed. The Desktop Cleanup wizard is like a maid that comes in behind you and starts putting files into random cabinets.

I know it seems like I was picking on Windows with this list, I know there are just as many annoying system defaults on other platforms, but these are the first ten I could think of. Chime in with your list in the comments section.

Related posts:

1. Dealing with password fatigue How many passwords do you have? According to a study...
2. Ten Things To Do With an Old Computer Just because you purchased a new computer and your old...

It’s no wonder that many users resort to picking easily guessed words, put passwords on sticky notes, or use the same password for every service out there. A recent study even indicates that IT security professionals are suffering from password fatigue.

Password Managers

One solution to password fatigue is using a password manager. Many operating systems, like OSX and Windows 7 even include password management tools within. My personal favorite is KeePass, an Open-Source manager that was developed for Windows, but has been ported to OSX and Linux.

The main drawback with password managers is that they require extra effort to maintain. Every time you create a new account or change a password on an existing account you have to keep your password manager in sync. Over time it is easy to have the wrong password on file, or worse, not have the password you need on file.

Password Schemes

An alternative to password management tools is coming up with a consistant scheme for generating new passwords. The idea is that if you use the same rule for generating passwords, you can figure out what the password would be.  One scheme is to use a base password, then append something related to the service. So for example, your base might be ‘asdf’. So if you were creating an account on Yahoo you might use the password ‘asdfyahoo’ or ‘yahooasdf’.

The drawback with this approach is that each site has its own password guidelines. Some require alpha and numeric characters, some require a combination of upper case and lower case, and others require extended characters like ‘$’ or ‘&’. Coming up with a scheme that supports all the requirements is a challenge. And what about services that require your password to change regularly. Either you have to create multiple base passwords or multiple service keywords – and once you do that you are back to keeping track of individual passwords.

Choosing Memorable Passwords

A third option is picking passwords that are easy to remember. The challenge is in picking a password that is both easy to remember and secure. For example, while everyone can remember ‘password,’ it is not a very secure choice.

One trick is to pick a phrase that can be remembered such as ‘The fox jumped over the tall hedge’ and use the first or last characters from each word. So in our example phrase you might use the passwords ‘tfjotth’ or ‘exdrele.’

While this approach makes passwords easier to remember, you still should not use the same password for every service, so it makes sense to pick a few phrases that can be remembered and cycle through them.

How do you deal with the many passwords in your life?

No related posts.

• Heartland CEO: QSAs Let Us Down
  In the review of what led to the Heartland credit card breach, Heartland’s CEO Robert Carr points to the PCI compliance auditors that passed the company before the breach – “PCI compliance doesn’t mean secure. We and others were declared PCI compliant shortly before the intrusions.”
• Opinion: Heartland CEO Must Accept Responsiblity
  A counter point to the previous article. Mike Rothman asserts that by attempting to blame the QSAs for the data breach they are learning nothing, and not addressing the root issue – “To be clear, you cannot outsource thinking. You cannot outsource security.”
• 8 Dirty Secrets of the IT Security Industry
  Are IT Security vendors really interested in improving your network’s security? Joshua Corman from IBM’s Internet Security Systems division details 8 trends in the IT Security market that help undermine a network’s security.
• Social Engineers’ 9 Favorite Pick-Up Lines
  Social Engineers leverage the trust people have in the familiar to gain access to facilities and networks. These 9 examples illustrate how easy it is for that trust to be abused. How many would you (or your employees fall for)?
• Hackers have Social Networking sites in their crosshairs
  In a recent study Breach Security, hackers are attacking Social Networking sites with increased frequency, accounting for 19% of online attacks in 2009.
• Twitter used to control botnet
  It was a matter of time, but Jose Nazario of Arbor Networks discovered a botnet that used Twitter for its command and control infastructure. While the account in question is obviously not a person, how long before a botnet writer creates an account that looks legitimate at first glance?

Related posts:

1. Social Networking at Work Makes Employees MORE Productive A study conducted by Australian scientists found that employees who...
2. Quick Hits Here are a few quick computer and security news articles...
3. Stimulus Bill significantly modifies HIPAA regulations Buried within the huge American Recovery and Reinvestment Act (a.k.a,...

Included in these tax exempt back to school items are personal computers and computer peripherals. To enhance this tax holiday, EPC is opening our warehouse to the public for a huge sale. All items will be at least 15% off of our already low prices in addition to the discount from the exempted tax.

On Saturday, August 8th, from 8am to 2pm only, customers can browse through the thousands of laptops, desktops, servers, printers and every other computer-realted hardware and peripherals that can be found in our warehouse – a space that is about the size of two football fields.

For more information about the Missouri Sales Tax Holiday stipulations, you can check out the Department of Revenue’s website.

Related posts:

1. The DDRV is heading to Texas… YeeHaw! This Saturday, Josh & Dan are headed to Texas in...

“The School District of Philadelphia does not encourage or condone the illegal dumping of any school district property anywhere in the world,” read the statement issued by the district. “As a result… [we are] currently investigating the source and disposal record of the equipment found in Ghana.”

The computer was one of many visible in the Frontline report and illustrates the ongoing problem of e-waste dumping into developing countries. Millions of tons of e-waste are dumped into the West African country, China, and others.

The school district has maintained a “green” policy regarding the disposal of electronic equipment since 2006, and is unsure if this is an isolated incident or just one example from the hundreds of pounds disposed by the district each year. The district had partnered with a recycling company that provided pickup and recycling services at no charge to the district.

This report illustrates the trouble many companies have in identifying responsible computer recyclers for their end-of-life hardware.  You owe it to yourself to personally view a companies recycling processes, and ask about their export policies. While your at it, ask if they are a Basel Action Network e-steward. The BAN e-steward pledge is for a zero-landfill, zero-export approach to recycling.

Technically Philly: School District of Philadelphia launches probe into its computer recycling program

Related posts:

1. Computer Recycling: Old Notebook Gets New Life as Digital Frame Why settle for a digital photo frame that only shows...

The first requires access to a power outlet on the same circuit as the target computer. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical circuit. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds, they say. The attacker then filters out other ground signals and is left with the keystrokes entered.

The second attack points cheap lasers at shiny portions of a laptop, like its lid or even the surface of the table near the device and measures the vibration caused by hitting the various keys. The researchers claim that each key has a distinct vibration pattern and by knowing the language used by the typist, the keys entered can be determined. They found the attack works best when pointing at the lid of the laptop, either at a shiny logo or at a spot near the hinges.

The cost of the tools needed for the electrical outlet attack cost around $500 US and the cost of the laser attack cost around $100 US and took about a week to test. While the researchers admit that their tools are currently rudimentary, they feel that given their minimal time committment and relative cheapness of the tools illustrate the potential for expansion by a dedicated team or government entity.

CIO.com – How to Use Electrical Outlets and Cheap Lasers to Steal Data

Related posts:

1. Hacking the Dot-Matrix Printer It sounds like something out of a bad spy...
2. Build an under-the-cabinet kitchen PC Lifehacker is on a laptop recycling kick recently. Last...

It sounds like something out of a bad spy movie, but researchers at Saarland University have published a paper on a new hack targeted at those old trusty dot-matrix printers. These researchers discovered that by recording the sounds the printers made and running them through a speech-recognition algorithm, they were able to extract the words printed on the page.  They were even successful in running their tests inside an actual doctor’s office – with permission of course, so this is not something that only works in the lab.

So what? No one still uses these dinosaurs, right? Not so fast, in a survey conducted by the same university, 30% of the banks, and 58.4% of doctor’s clinics still use them. In many cases, these devices were used to print out semi-sensitive information like receipts and prescription information.

And why do businesses still use dot-matrix printers? Well, for fairly standard reasons – they cost less then more modern printers, are very durable, and work with older hardware and computer systems. One company I talked to about this study said that it was cheaper to keep these old printers working then to upgrade the systems and software that utilized them.

After reading the paper, it seems the attack would have to be tailored to a particular model of printer, but even with that limitation, some interesting possibilities are available. Will the next Mission Impossible movie include a scene with Tom Cruise planting a recording device in a bank to get account numbers of his target? And what will we find out next, that the contents of a CRT or LCD can be replayed by measuring the radiation output? Oh wait….

Original study: How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks On Printers

Related posts:

1. Use Electrical Outlets or Lasers to capture keystrokes? This has been a week of crazy hacking announcements. CIO.com...
2. Buy a used hard drive on eBay, get government secrets for free! Imagine it, you purchased a computer on eBay, plug it...

Apple is releasing their new OS for their phones, dubbed iPhone 3.0, that includes tethering – unless you live in the US because AT&T tethering support isn’t available yet. Earlier this spring, Google pulled all tethering apps from the Android app store at T-Mobile’s request. Palm has sent a polite cease and desist to the “Pre Dev Wiki” website asking for tethering instructions to be removed because they might upset Sprint, Palm’s exclusive service partner in the US. Given that tethering has been available on phones for several years now, why are cell providers suddenly so concerned? Are they worried that customers would cancel their land based internet connections in favor of cellular based ones? Or that tethering would cut into the USB data card market?

It is interesting that tethering is a bigger deal as the phones themselves become easier to use for standard computing tasks. Before switching to the iPhone, I had a Sprint PPC-6700 that supported tethering and loved using it for internet while traveling. I would never consider using that phone for normal web surfing tasks, yet with my iPhone, I can do exactly that. On my last trip, I didn’t bother hooking up my laptop, as I was able to do everything I needed to on my phone.

Cellular Data plans cost more today than they did 5 years ago – AT&T charges $30.00 for the data package on the iPhone, which is more than all but one of their DSL packages. Sprint requires customers to signup for their “Simply Everything” plans on premium phone contracts. Providers argue that users that tether consume more bandwith than their smartphone counterparts. And that is probably true.

As a user, I automatically chafe whenever seemingly arbitrary limits are put in front of me. If you are going to sell an “unlimited” data plan, then by golly, don’t put any limits on it. A bit is a bit is a bit, regardless if that bit is intended for the phone itself or a computer connected to that phone.

In order for Skype to be approved for the iPhone app store, it had to be limited to wifi only connections. Other software, like the SlingPlayer app, which streams recorded TV to your iPhone, have similar restrictions put on them. In light of these decisions, it seems that what the cell providers are really concerned with is loosing control of what services customers use over their network. If they allowed tethering, they’d have to deal with every network based application available, from network games, to VoIP, to Bittorrent.

Without getting on my soapbox, it sounds similar to the discussions surrounding Net Neutrality. Could the current smartphone internet landscape reflect what the internet could look like without neutrality?

Related posts:

1. Cell Phones Tell Secrets From The Grave! Recent research, from Regenersis, suggests that close to 100% of all...

Come shake some hands where smart business people come for their computer supplies and data security needs.

Enjoy Yellow-Tie networking with breakfast and coffee, and a back-store tour.

What could be better?

Hosted By….  EPC, Inc.

– http://www.epcusa.com

Host Contact. Frank Polston — 636-443-1999 x1013, frank@epcusa.com

Date……… Tuesday, June 23, 2009
Time……… 7:30 to 9 a.m.
Location….. EPC, Inc.
Address…… 3941 Harry S. Truman Blvd., St. Charles, MO 63301

Cost……… Free

Register now at: http://www.yellow-tie.org/events/stcharlesco/june2009handshakes

No related posts.

No related posts.

It was a 36”, gigantic Magnavox CRT (Cathode Ray Tube) television that was in the Electronics department at my local Walmart and had our family name written all over it.  As our first wedding anniversary eased into our crosshairs, along with my wife’s Walmart-based discount, we eventually pulled the trigger on our new, electronically-inclined family member and brought it home – heaved it home was probably more apt.  Going from a 20 inch television to an epic 36” motherload of black plastic and huge CRT tube was literally vision-changing in our house.  Everything was more crisp.  Colors POPPED out from our newly-cornered visual companion. Closed captions were like miniature billboards and life was good as we welcomed our tandem anniversary present and newfound family member home.

That was 1996.

While the picture has remained excellent, new technologies, wow factors and the want for something more have since creeped into our home.  We’ve since gone plasma in our home theater, but the old friend remained in our home, in another room, delivering the large, brilliant screen details over the years that have been the source of many smiles, tears, laughs, furrowed-eyebrows and more.

Recently, our friend’s technological run came to an end.

The once brilliant CRT picture flickered, faded and eventually popped once too many times and it was gone.  Where does one take a mammoth, once-like-a-family-member piece of electronics after it’s days have been measured and ended to be recycled responsibly?

EPC, Inc. recently participated in yet another great, one-of-a-kind recycling event with another local St. Louis-based company, The Sound Room, providing owners of televisions long past their prime the opportunity to not only get into a great new television, but to ensure that their old electronic friends are  recycled responsibly.  The Sound Room offered people the chance to bring in their old television at no charge, and receive a gift card that they could use to purchase one of the new, greener and featured-filled televisions available at both of their locations in Creve Coeur and Chesterfield, MO.

It was a resounding success.

More than 300 old, past-their-prime televisions were taken in, including one I’m more familiar with than others, and will be recycled at EPC, Inc’s Escrap Processing Center in Earth City, MO.  There each of the pieces will be parted out by one of the skilled Demanufacture Technicians.  From there the collected components and materials will be sent to US-based remanufacturers to create new electronic items, and the best part?  Nothing is put into any landfill as per EPC’s Zero Landfill Policy.

While I was very sad to have to say goodbye to a friend that delivered so much entertainment, information and memories to my family and I, it was great to know that The Sound Room and EPC, Inc. are paving the way for responsible, green, economic driving services to help everyone in our community and beyond.

No related posts.

This hard drive reportedly contained files from Lockheed Martin, a large US military contractor. The data recovered included: test launch procedures for the Terminal High Altitude Area Defense (THAAD) ground-to-air missile defense system, security policies, blueprints of facilities and social security numbers for individual employees.

A representative from Lockheed Martin is quoted in the article as saying:

Lockheed Martin is not aware of any compromise of data related to the Terminal High Altitude Area Defense program. Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source.

Fortunately, this drive as purchased as part of a controlled study to see what information could be recovered from used hard drives and did not fall into the wrong hands. The study also uncovered other sensitive information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions.

The drives were bought from the UK, America, Germany, France and Australia by BT’s Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US.

A spokesman for the project said they found 34 per cent of the hard disks scrutinized contained ‘information of either personal data that could be identified to an individual or commercial data identifying a company or organization.’

Even though the information in this case did not fall into the wrong hands, this story illustrates the importance of having a controlled data destruction process in every organization. Ask yourself this: can you track every computer, every hard drive after it is pulled from production? Do you know for a fact that every hard drive is wiped or destroyed? If you cannot answer yes to both questions, you owe it to yourself to work with a vendor that can fill this gap.

A hat tip to ExportLawBlog for their analysis of the incident.

Related posts:

1. Data Destruction: Is One Pass Overwriting Enough? There is some controversy regarding data destruction in the IT...
2. Stimulus Bill significantly modifies HIPAA regulations Buried within the huge American Recovery and Reinvestment Act (a.k.a,...
3. Hacking the Dot-Matrix Printer It sounds like something out of a bad spy...

If not removed, all those pictures from Cancun… all the music you’ve downloaded… and yes, all those text messages to your mother can be retrieved! So next time you upgrade to the latest and greatest smart phone, make sure you dust off the manual for the old one and take the time to run through the steps to perform a complete reset of the unit.

On the other hand, you could also take it to a company, such as EPC, who will completely shred the unit to help protect any overlooked data within.

No related posts.

House Democrats recently re-introduced a bill that would impose a $0.05 fee on all single-use plasic bags. The fee would take effect January 1st, 2010 and actually be increased to $0.25 in 2015.

This would really make reusable grocery bags an absolute no-brainer for everyone. You can pick them up at your local grocery store, or Wal-Mart, for about a buck, or even summon the Martha Stewart in you (pre chain gang) and make your own!

However, if you do end up using a plastic bag, please remember to drop them off at your local grocery. Almost all provide a recycling solution.

No related posts.

• Seesmic Desktop Beta available: Thanks to the great video podcast, Tekzilla, I found a great twitter client in the style of TweetDeck that improves on the original in several ways. You have to sign up for their mailing list to be added to the beta test, but it is completely worth it.
• Hack Twitter, Get a Job? The teenage hacker that recently published a few twitter worms was hired by exqSoft, a web application developer. Says the exqSoft CEO: “Any publicity is good publicity.”
• The Pirate Bay found guilty: In a decision that will likely have legal implications far outside their native Sweden, the admins of The Pirate Bay were found guilty of ‘assisting in making copyright content available’ and were fined $3.6 million and sentenced to 1 year in jail. Not so fast – this verdict will definitely be appealled.
• Stanford to offer free iPhone app development courses: If you have always wanted to learn how to make an app for the current hotness, Apple and Stanford want you!

Related posts:

1. Tech News – Internet Explorer 8 Edition Internet Explorer 8 Released. Improvements include: Smart Address Bar,...