Category: Security

Posted on

USB Flash- Don’t leave home without it, and leave one at a friends

Pink Tokidoki Flash DriveFlash drives – cheap and easy backup can save on Vacation Stress

They fit in your pocket, on your key chain and just look cool. With all the phones and portable devices we carry these days, we forget about these flash drives at the bottom of our desk drawers. The USB drive still has a couple of great features for traveling. Even if you are settled in for a nice staycation, add this little packing and preparedness tip to your travel plans or todo list. Snag a USB drive on sale in a multi-pack as the prices continue to fall on these little jewels. Or, pick up one of Happy Katies favorite designer Flash drives by MimoBot. Now, get ready for some scanning.

Files, documents and every important document you would ever need, all in your pocket. Scan personal documents and records in case you lose your wallet or passport and you will have a digital image of all your registrations. But, but… WAIT! What if the wrong person finds it when it drops out of the pocket of your shorts? No worries, you should encrypt the contents with TrueCrypt or your favorite security feature.

These little tech toys have some crazy cool options besides just a backup. Don’t want to carry a laptop or computer with you? Portable Apps Platform ScreenshotCan’t spring for the iPad yet? You can save all your bookmarks, favorite email settings, and doc settings on a FlashDrive and launch your profile from any public computer without fear of leaving your crumbs all over the desktop. Portable Apps is an open source software platform you install on your flashdrive or other backup device, adjust your settings, then plug it into a computer and run your programs from your own drive. You have access to all your software and personal data just like on your own PC.

What to save on your USB Drive

Losing important documents can ruin what should be a happy vacation. A little safety and planning can eliminate much of the stress. Before you pack up and leave, take the time to scan copies of important documents and save the files on to a secure area of the flash drive. Here are some examples of important documents:

  • Vacation Plans: Itinerary, Maps and receipts of deposits for reservations.
  • Personal documents: Drivers license, passport, birth certificate, Insurance cards (health and auto), Credit Cards and CC phone numbers for lost cards.
  • Home Documents: Home Insurance, Auto Titles, Registrations, photos of big purchase items for insurance documentation, and documents that would be hard to replace if you came back home and they weren’t there. Yikes! My next plan is to scan old family photos for safekeeping before they detoriate or get wet in the next hurricane.
  • Medical Records: List of medications for each family member, immunizations, List of family doctor and dentist contacts.
  • School and Work Records: Nice to have everything in one place while you are at it. Include copies of your transcripts, diplomas, Resume, licenses, permits, Wills, and any other items you may want to keep all organized.

Now, your life is basically in one place if you ever have to recreate your history or need to hide it Bourne style. This is a cheap and easy way to travel light, backup photos off the camera while on vacation for processing later, and use software programs securely when on public machines. In fact, buy a couple of the drives, make copies of the drive and give one to a friend to put in their safe deposit box or mail one to a family member in another part of the country in case of emergency.

Enjoy your trip, be safe, and tell us how you use your Flash Drive for your vacation!

Posted on

It Takes a Village – Protect your privacy on Facebook

There has been a LOT of discussion about Facebook’s policies regarding your personal information on the web. The web site ReclaimPrivacy.org has launched a privacy scanner for you to use to see if any of your personal information is vulnerable on the web.

These directions on how to scan your profile are also available on the website:

  1. Drag this link to your bookmark bar.
  2. Log into facebook.com and click on the bookmark.
  3. A series of six scans will be run on your profile.
  4. Anything that rates below Good (green) will be flagged and will provide you links to those relevant privacy settings to change.

I initially received two Cautions (yellow) that I was able to tweak to attain Good ratings across the board. It is advisable you make the same tweaks to your settings to maintain the same level of security. We also recommend you encourage all of your friends to scan their own profiles.

Facebook, for right or for wrong, has taken a lot of flack for not protecting users’ personal information. However, all of these issues can be resolved if users take personal responsibility for their privacy settings. If you fail to take proper care of your privacy settings, you are leaving you and your friends’ personal information vulnerable on the web.

Posted on

Facebook as a phone book? #FBFAIL

Facebook_3screenshot

A recent (and much heralded) update to the Facebook iPhone 3.0 app brought some much needed functionality to the Facebook junkie on the go – access to Facebook events, the ability to ‘like’ content, notes and zoom in on photos.   Yay!

What many did NOT anticipate, however, was the contact update that allows you to call your Facebook friends that list their phone number(s) directly from the updated app.   That’s right, if you have your phone number(s) posted in your profile accessible to your friends/contacts, they can CALL you all easy-like.

Last night, scrolling through the updated Facebook contacts on my iPhone and saw a blue phone icon next to a very famous publisher’s contact info. Assuming it would just go to an office line and an answering machine, I gave it a call – and what do you know…. it was his cell phone. And we chatted. He was a little surprised, as was I.

Facebook_contactphone

Lesson learned here – Facebook privacy settings are your friend.   This morning, as you surf the Web, take a look at your ‘Contact Information’ settings and double check who sees what.   Want to share all of your contact info with close friends or family only?   Select the appropriate Friend List and you’re done.

Don’t want anyone seeing your information at all? Keep your settings to private or hey, just keep them blank… unless you’d like a late night phone call from one of the Schipulites too. Talk to you soon?

Facebook_mobilephoneedit

Facebook_blankcontactinfo

Posted on

(UPDATED!) Schipul Blogs potentially compromised – we’re working on it

UPDATE: A virus was found that scripted the insertion of hidden links for black hat SEO purposes.   It did not compromise any data and everything is back to normal.   Questions, concerns?   Give us a call!   (281) 497.6567, ext. 411.

This morning, the Schipul team was alerted of a potential security compromise for our Webfaction hosted client Blogs. We are addressing these issues promptly and thoroughly.

Real English explanation: A hacker has been attacking some Blogs, attempting to install content that neither Schipul nor our clients placed there.   As far as our research has been able to determine at this point, they were not successful in compromising any data.

Our entire staff is dedicated to researching this matter and are all on high alert.   As a client, you do not need to do anything at this point.   If you notice anything out of the ordinary on your Blog, contact us immediately at (281) 497.6567, ext. 411 or via email at support AT schipul DOT com.

 

We will have more information from Webfaction and will update you promptly.

Your security is our top priority – thank you for your trust and your business.

Posted on

Facebook privacy and YOU – watch those apps!

privacyhand

While concerns of privacy and content ownership are old news for Facebook users, a recent mix up with Facebook advertisers has gotten more than a few Facebook fans on their heels.

A scenario:   Imagine being a loving husband who is going about his day, sipping his coffee, checking his Facebook updates and then… pow!!!… up pops a photo of his wife on a dating site ad.   Unhappy much?   Yes, we think so.

Long story short, (some) Facebook advertisers stepped out of line with Facebook advertising policy and used photos of users (without their permission) in their ads – happily married or not, this poor couple had no say in how their images were used on the network.   YIKES!!!

The good news is that Facebook has just announced a new ad policy which will keep your private user data out of the hands of scheming 3rd party networks.   Nice to see Facebook taking a stronger stance, we certainly hope they maintain this aggressive approach – privacy is beyond important and maintaining their users’ trust should be the utmost thought in any software developer and Community builder’s mind.

  • http://latimesblogs.latimes.com/technology/2009/07/facebook-ads.html
  • http://www.allfacebook.com/2009/07/facebook-advertising-policy/

In a post on his Public Relations and Web Marketing blog, our fearless CEO, Ed Schipul, made a further interesting recommendation for Facebook users – UFAID! :

We propose September 1st 2009 as Uninstall Facebook Applications Internationally Day (UFAID).

Not all applications mind you, just the ones you don’t trust or recognize.

To uninstall your Facebook Applications follow these steps:

  1. Login to Facebook
  2. Click on your ‘Profile” link at the top of the page.
  3. Scroll down to the ‘Applications” link on the lower left. Click it.
  4. Click ‘Edit Apps” link which should take you to a page like this: https://www.facebook.com/editapps.php
  5. IMPORTANT Change ‘Show” from ‘Recently Used” to ‘Authorized”!
  6. Click the ‘X” next to the applications you want to remove.
  7. Confirm.
  8. Repeat until all cruft and untrustworthy applications are removed.

Find any applications you did not realize were installed? Yup, thought you would. Put them in the comments below so we can see the sneaky ones?

Photo thanks to Flickr user Cortnie.dee

Posted on

Ready for Hurricane Season? We’ve got a Free Webinar for you!!

HurricanIkeHurricane Season is here and with Ike fresh on our minds, we want to make sure all of our Schipul friends are storm ready with a FREE Webinar on Hurrican Preparedness this Monday, July 13th from 2 -3 PM CST.

You’ll walk away with some great, actionable information to get you in the know and ready to go:

  • Basic disaster preparedness knowledge
  • How to create an emergency plan for your family
  • What supplies to be stockpiling before any storms strike
  • What you need to build a ‘go-bag’ for your family

Featured Webinar speakers are:

Gen. Honorè has dedicated his life post-military to creating a “Culture of Preparedness” here in America and he will be offering personal insights and stories during the Webinar. He cites a lack of a awareness to our personal responsibilty to prepare as one of the leading issues during a crises. He’ll remnd us the the besr first responder is YOU.

Sign up soon as space is limited and you don’t want to miss out on all the rockin’ brain candy these preparedness pros have to offer so register for this free webinar soon!!

Posted on

Google spelling bee – why your spelling matters to online Security

spellingbee
Photo blogged from bksecretphoto's Flickr stream

While this post might give you 2nd grade flashbacks to spelling quizzes and vocab sheets, we wanted to give you a heads up on a Google Analytics malicious code notice that’s been flying around online.

Sounds crazy-scary right?   So what does it mean?

Thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites.

No Schipul clients have had their sites affected by this malicious code (Security is our first and middle name, we work hard to keep you safe and sound), but as a Web surfer this is good information for you to be aware of.

If you do visit an infected site, you might be asked to download some software.   Exploited computers run the risk of having malicious viruses installed – read more about code injection here.

Here are our tips for you:

  1. Spelling bee time!!   Don’t click on links to unauthorized Google Analytics sites with misspellings in the name.   This goes for ANY link that wants you to log in or go someplace – in an email or on a site.   Pay special attention to bank, Paypal and EBay-type email ‘notifications’ and never, ever, ever give your password to ANYONE.
  2. The real actual Google Analytics doesn’t want to install software on your machine.   So don’t do it, plain and simple.
  3. As always, keep your virus scanning software up to date and your passwords secure.
  4. Paranoia is a good thing – if something feels a little ‘off’ to you, it just might be – so err on the side of caution.

Still have concerns or want to double check on a virus scan notice you’ve received or a site you have questions on?   Give our rocking   Search Engine Marketing team a call to calm those nerves.   We’re here for you, even if you just need some help with your spelling homework.   (281) 497.6567, ext. 533

Posted on

Happy Safety Month from Schipul!

eaglescout
Photo thanks to Tuttletree

The arrival of June kicks off National Safety Month and, if you live near the Gulf as we do, it also marks the first day of Hurricane Season.   A pretty good combo if you ask us!

Given that our CEO, Ed Schipul, is an Eagle Scout and that we have a crazy culture of Security and preparedness, we’ve decided to make June our very own Schipul Month of Safety!!

Stick around for the next month as we feature some great guest Blog posts, great tips and tricks on safety, security and preparedness.   Whether surfing on the Web, in your office or around your house we’ll be sharing useful tidbits to keep you and your’s safe and sound.

In the meantime, here are some handy safety-focused links to check out:

Posted on

Cross Site Scripting

We wanted our clients to know that security researchers discovered cross site scripting vulnerabilities in numerous Tendenci modules  yesterday. Specifically a munged URL could be used in spam creating a link that looked legitimate. When a user clicked that link it would have then redirected them to a different site as intended by the bad guy.

The vulnerabilities have been patched and our programming team is continuing to test our security functions.

The timeline was we were contacted by security researcher Russ and Secunia yesterday morning. The patches were posted live on the server farm within hours.

Our biggest take away is a sense of gratitude for security researchers who help us keep our products and the Internet secure. It can be a thankless task so to be clear our position is THANK YOU!

FAQ:

Q: Did we lose any data?

A: No.

Q: Did any of our secure content get accessed?

A: No.

Q: Did any spammers take advantage of the cross site scripting vulnerabilities to redirect users?

A: We are researching this. So far we have only seen the safe tests run by the security researchers.

Q: What else do I need to do?

A: Nothing at this time. We have security as our top priority and will continue to do so.

Thanks,

Jennifer Brooks

UPDATE:
We are very pleased to read Russ’ post about our quick response to the Cross Site Scripting vulnerability, entitled ‘Fastest Fix in the West:  a vendor’s excellent response’.  We are amazingly passionate about Security, our software and our amazing Clients – so this recognition means a lot. Here’s an excerpt of his post:

Rare is the occasion when one who researches and responsibly reports
web application vulnerabilities is met with an open, immediate,
consumer oriented response from a vendor. But so it was when I let the
folks who develop Tendenci, a Schipul offering, know about a few XSS
issues…  To Schipul I say well done, extremely well done, and thank you…. (read the rest of the post)