[this post was inspired from an email from Nerd Talia Johnson]

Today I received this in an email from a client:
“Thanks again for all the hard work you two have dedicated to our office. Everyone in our office is appreciative of the improvements and efficiencies we’ve gained so far.”

Two weeks ago Talia and Himanshu configured and installed a new server for a client. They replaced two old servers with a new Dell PowerEdge server, which significantly increased performance, and memory (RAM), and VMWare to allow for multiple virtual instances of operating systems and software to be running on the same physical machine.

Talia and Himanshu installed three Windows Server virtual machines, 2 running Windows Server 2008, and one running Windows Server 2003. Moving forward they are likely going to be adding a Remote Desktop Services Virtual Machine.

Astaro is also implemented as a Virtual Machine to provide VPN, web security and web filtering.

For more information on virtualized servers and software and how they can help your business save time and money, please contact us to get in touch with a local Nerd.

We are asking people to help Nerds On Site paint the town RED with our own version of Punch Buggie. Each time you spot one of our cute NerdMobiles driving around (anywhere in the world), take a picture, upload it to our fan page and tag Nerds On Site. Every photo uploaded will give you another chance to win an Apple iPad! The winner will be randomly chosen from all photos entered on September 30th, 2010.

Nerds from around the …world will be gathering for their annual NerdFest, hosted this year in Ottawa, from July 29-August 1 so this will be a great opportunity to catch sight of those NerdMobiles.

This is an open event so pass this along to your friends! All they have to do is become a fan of this official Nerds On Site fan page.

The more often you tag those Bugs the better your chances will be! So, get out there and start your search!

UPDATE:

TO POST YOUR PHOTO

1.       Go to our fan page http://facebook.com/nerdsonsite and become a fan.

2.       On our wall, beside “Attach”, click the photo option and upload your photo there.

3.       Then, tag the photo with “Nerds On Site”, without the quotes.

4.       That’s it, your submission is done.

97% of emails attempted to be delivered today are unwanted. SPAM.
97%!

Think of each mail server as a Mailman or Mailwoman or Mailperson. One of the methods of fighting SPAM is to assign each Mailperson a reputation. This is done through third parties, often referred to as Blacklists. There are many of them.

Today in Ontario, Canada we have a major national Internet Service Provider having difficulty with delivery of email because one of their outgoing mail servers has gained a negative reputation. To check up-to-date status, you can view this link safely:

http://mxtoolbox.com/SuperTool.aspx?action=blacklist:65.55.116.96

If you are one of the affected customers of Sympatico (or other ISPs with similar experiences today), we know there are highly-specialized folks working on getting de-listed, which will get the reputation back to a positive standing. If it’s the only source you can email from, all you can do is wait, unfortunately.

An additional important note, we noticed a few years ago that major ISPs outsourced mail delivery to larger mail server companies such as Microsoft Hotmail. In this case, it is likely to be out of Sympatico’s control anyway, and they require the support and help of Microsoft Hotmail in order for outgoing email delivery to become reliable once again.

[This post comes to us from Nerd Dennis Houseknecht...]

One of the wonderful things about the internet and social networking sites is the ability to share photos with friends and family – or with everyone, if we choose. There have been many warnings about posting photos of a personal nature, and it is unwise to post ANY image that you would not want anyone or everyone to be able to view. When it comes to privacy on the internet, it is best to assume that there is NONE. Period.

There can be real risks, though, to posting photos on the internet which go beyond privacy concerns. Many people are not aware that when photos are taken with cell phones, some digital cameras, or other devices that contain GPS receivers, these photos may contain “geotags”. Geotags are hidden pieces of “meta-data” embedded in the picture files that reveal the location where the photo was taken. These geotags are very useful to photographers to help catalog photo locations and even to casual users to help remember where a picture was taken. These geotags are not readily visible in the photos, but can easily be extracted from the image files.

When geotags are included in publicly available photos, they can provide information that the photographer would not want to have revealed. Take the example of Adam Savage, of Mythbusters fame. He posted a twitpic of his Toyota Land Cruiser parked in front of his house which contained an embedded geotag. Now his home address has potentially become public knowledge.

You may think that only public figures would worry about such things, but social networking sites often contain LOTS of other information, such as travel or vacation plans, information about other family members or roommates, etc. Photos may show expensive cars or jewelry. The combination of these details and the exact location where the photo was taken can easily give a would-be criminals more information than you would want them to have.

I don’t want to promote paranoia, but everyone should at least be aware of just how much information they are publishing on the internet when they upload photos. It is possible, of course, to disable geotagging in any device that has that capability. You can find information on disabling geotagging on smart phones at http://icanstalku.com/. And…when all else fails – RTM (Read The Manual).

A big trend in the virus and spyware industry in recent months has been seemingly trustworthy ads for free spyware and virus removal that is in fact malware itself. Trouble is, it looks legitimate to those that don’t know any better, and when the software is downloaded and installed, it ends up finding a lot of critical infections and offers to remove them…for a price. This is what is known as rogue software, and chances are if you’re paid for it, you’re out that money and should consider canceling your credit card.

If the software doesn’t sound familiar, don’t download it, or at the very least, do a quick Google search and find out if it’s legitimate or not.

In a lot of cases, the rogue software won’t show up in the installed programs list in the Control Panel, and often takes anti-malware software like Malware Bytes or Super AntiSpyware to remove it, which can be a huge pain, especially if it can only remove the malicious software in Safe Mode.

So why do websites have ads for malicious software? Well, in a lot of cases, they may not be even aware of it. The websites may be partnered with advertising providers that have their own partners, who may not all be legitimate, and are simply displaying ads based on keywords on a web page.

In the end, it really comes down to the website visitor to be alert and investigate what software is safe to use and what isn’t. If you aren’t sure, do a quick Google search, or ask a Nerd!

A woman in Britain has been fined after reading her previous employer’s email after they failed to change the passwords to the accounts she once had access to for work purposes.

These days, we must all keep track of our online passwords for work and personal use of everything from email to Facebook. Many people use the same passwords for all of their accounts, and it’s often something that’s easy to remember. In some cases, users will go months (or years) without changing their passwords. There are many excellent reasons to change your password. If your computer is infected with viruses or spyware, they be monitoring your online activity. After the computer has been cleaned, it’s a good idea to change your passwords.

Some employees  use sticky notes or saved files on the computer to remind them of passwords. The problem with that is they are easy to lose, and allow any nosey person walking by to read your passwords. If you must write down your passwords, make sure to put that documentation somewhere out of sight, or in a place no one would think to look.

The best way to manage passwords nowadays is through services like LastPass, which is free and installs a small add-on to your internet browser that allows a one-click login to your secure password vault. When you open your internet browser, you will be prompted for the master password, and for each website you want to log into, LastPass will automatically fill in the information for you, and even log you in automatically if you want it to. Very handy, and very secure.

The coolest part about it is you can use the same LastPass login and master password on multiple computers, since the information is stored on their secure servers and not stored locally on the computers. LastPass even includes a strong password generator, so you don’t have to struggle to think of any.

There are other programs that work in a similar fashion, but they store the information locally on the computer, so if the computer crashes and it’s not backed up, you lose all of your passwords.

Please change your passwords on a monthly basis to reduce risk of having accounts compromised.

Dian Smit just sent this to us from The Big Time Out event in Cumberland, B.C., Canada. More information on the event can be be found here.

Nerds On Site and Shaw Cable are providing free Wireless internet to attendees at the event! If you’re there, email us at socialmedia@nerdsonsite.com, comment on our Facebook fan page, or send us a tweet (@nerdsonsite)!

Thanks to Nerd Dennis Houseknecht for this post…

We do not want to be purveyors of FUD (Fear, Uncertainty and Doubt), but here are a few facts and statistics that we should make sure everyone is aware of:

- In 2009, more than 25 million unique malware programs were identified – more than all the malware programs created all previous years. Malicious computer programs outnumber legitimate ones (by orders of magnitude).
- The world’s largest cloud computing user is not Google, or Amazon, or Microsoft – the ringleaders who control the 4.6 million computers in the Conficker botnet are the largest by far.
- The Mariposa botnet, which once controlled 13 million computers in 190 contries was not built by ultra-skilled hackers, but rather by 3 people who bought a “botnet kit” on the internet for $300.
- Antimalware Vendor Panda Security claims to have found some sort of malware infection on 48% of 21.5 million computers scanned in the fourth quarter of 2009.
- 53% of data breaches could have been avoided through control measures that are simple and cheap.
- 33% of data breaches involved companies with less than 100 employees.
- 74% of data breaches came from external sources, but the number or records compromised was much higher when the breach came from an internal source.
- Business partners, vendors, and contractors were responsible for 32% of data breaches.
- IT administrators were responsible for 50% of internal data breaches. Other employees were responsible for 41%.
- 90% of data breaches resulted from exploiting a vulnerability for which a patch had been available for 6 months or more.
- Only 5% of the breaches involved attacks that required a high skill level.
- 42% of data breaches were the result of attacks against remote access and control channels. Another 54% were the result of attacks against web applications or intetnet-facing systems.
- 81% of breaches were not discovered for weeks or months
- 69% of breaches were discovered by a third party
- 66% of the breached involoved data the the organization did not even know was on their systems
(These are selected statistics from 2008 and 2009)

Each of these has implications for for everyone, but especially small and medium enterprises.

Sources:
http://www.pandasecurity.com/img/enc/Annual_Report_PandaLabs_2009.pdf
http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf
http://securityblog.verizonbusiness.com/2008/06/10/2008-data-breach-investigations-report/
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
http://www.computerworld.com/s/article/9180183/Fighting_today_s_malware?taxonomyId=142&pageNumber=1

As briefly described in the last post, Microsoft released a record number of patches and updates for Windows yesterday on it’s monthly Patch Tuesday release cycle. In total, 14 patches addressing 34 vulnerabilities, only a few of which are critical, but all should be downloaded and installed via Windows Update. Waiting to update could potentially mean leaving Windows at risk to be infected by viruses specifically designed to take advantage of the flaws in Windows at some point.

More information on this month’s Patch Tuesday can be found on this CNET article.

One of our Nerds, Talia Johnson sent us this good news…

“This morning David R. asked me if Astaro protected from this type of infection.

I contacted Astaro for confirmation and was informed that Astaro has had protection from this infection for a number of weeks now. If your clients have the Astaro Security Gateway with web and mail filtering they do not need to worry about being infected by this online.

This does not, of course, protect from USB Keys being inserted into the computer with the infection infecting the computer.”

That said, Microsoft did release a patch last week for the LNK (desktop shortcut) vulnerability. They also released a record amount of patches and updates yesterday – their monthly Patch Tuesday. Visit Windows Update to make sure your computer is up to date.