Dropbox, Cloud Storage and Encryption by Jeff Krause
My friend and Lawtopia partner, Craig Bayer, has written an extensive post on Dropbox and similar services that store documents in the cloud. Recently, people have questioned the security of such services.
Craig’s post discusses the various options you have to secure your data and concludes that encrypting your files before you upload them is the answer. Interesting read.
Cloud Computing and Metadata Webinar by Jeff Krause
I had the pleasure of doing a webinar yesterday on Cloud Computing and Metadata. The presentation was an introduction to both topics and sponsored by the Wisconsin Association of Legal Administrators and hosted by the State Bar of Wisconsin. Thanks to both.
The materials can be downloaded from the Presentation Downloads page on my website. The session was recorded and State Bar of Wisconsin members may be able to view it via CLE on Demand assuming it is posted there.
If You Comment, Don’t Use the Word Insurance! by Jeff Krause
For the last three months, I have been battling comment spam. Comment spam is incredibly irritating. In most cases, it takes the form of a stupid meaningless comment like “Great site!” followed by a list of links to sites all over the Internet. The spammer is hoping that his comment will get through the blog’s moderation process and get posted. Once it is, the links get read by search engine bots and causes the linked sites to have higher ranks at Google and other search sites. Comment spam is automated. Once a spammer finds your blog they will continue to send comment spam to you forever. Whoever, thought of it is pretty ingenious but I would really like to kick him you know where.
WordPress allows me to flag words or IP addresses as sources of spam. This works great for the majority of comment spam. Most often it is pornography or gambling related. Putting a few key words in my list took care of those. However, the one that is driving me crazy now is insurance. Last week I had 47 comments come in trying to link to insurance related sites. The prior week there were perhaps 35. I just don’t have time update my exclusion list for all of them.
Obviously, I can turn commenting off entirely but I do enjoy reading your comments and posting them. One of the purposes of this blog is to be a place where people can exchange ideas and comment on legal technology. However, from now on, if you comment on this post or any other, don’t use the word “insurance.” WordPress will see it as spam and not allow it through. Thanks a lot comment spammers!
UPS Virus Making the Rounds by Jeff Krause
It seems that a new virus is going around. This one masquerades as an email from UPS claiming that a UPS shipment could not be delivered. Readers are asked to click on the attached waybill. Of course, the attachment contains a virus.
This one must have some unusual characteristics as the signatures of many anti-virus programs missed it. I received calls from two of my clients who forgot to renew Trend Micro last month. The month old signatures did not catch the virus, although a manual update to the new signatures did the trick.
Lessons to be learned. Suspicious emails look suspicious for a reason and update your anti-virus. There are a lot of bad guys out there.
Is Online Backup Right for a Law Firm? by Jeff Krause
During yesterday’s Hanging Out a Shingle CLE in Madison, the topic of backup came ups serveral times. While I certainly recognize the benefits, I have never really been a fan of online backup for my law firm clients. I have always been wary of not only placing but also transmitting confidential client information on the Internet.
Nerino Petro commented that this is really no different than placing critical documents in the hands of a courier or storing paper files at an offsite location. In each case, you are entrusting confidiential information in the hands of another party with the reasonable expetation of security. Both of those statements are true but I would point out that there are millions of really smart technology bad guys all over the world that are always looking for something to hack into. They would never break into your storage warehouse in West Allis, Wisconsin or mug your bicycle courier in downtown Chicago, but they may very well hack into your online backup provider just to say they did it.
Another point brought up by Nerino, that I do agree with, is the fact that most office servers are probably not all that secure. You need to make sure your server is as secure as possible. Check with your technology consultant if you are not sure.
I suppose online backup really comes down to reasonable expectations. This means you should carefully read and understand the security procedures and policies of your online backup provider. If you have a reasonable expectation that your data is secure, a court will probably agree with you if it ever comes to that.
Your Crazy Password — Make it Easier to Remember by Jeff Krause
We all hate to keep changing our password or even having a password at all, but it’s the price we pay for having our systems on the Internet 24/7 for e-mail and remote access. A password is the most basic measure everyone can take to prevent a variety of unpleasant things from happening to you and your business, including identity theft, spam going out in your name, destruction of business databases, etc. Your firewall and anti-virus are virtually useless if a random hacker gets or guesses your password and targets your systems.
We used to constantly encounter administrator passwords that were statements of the vast power of that user, such as “yourtheman”, “masterpassword” or “bossman”. Then some genius invented forcing you to change your password every 45 days, so we had “yourtheman1″ in January, “yourtheman2″ in February, etc. Often people resorted to taping their frequently changing password to their monitors. When we take off the forced change and insist on a “strong” password, horrible misspellings of common words began to be used, like Studl@wy3r or l0g1n2s3rver. When your office manager types everybody’s password into a Word document and saved it on the desktop without protecting it with a password (bad thing to do!), now you are compromising the security of the entire office, regardless of your crazed strong passwords.
So here is my suggestion — make your password a phrase. Passwords have no case or spacing restrictions (though Windows 2003 networks by default do make you put at least one capital letter and number and/or non-alpha character, such as #, this can be turned off), so you could make your password “Jeff Krause made Billing Matters so easy for us to use properly!” or “Bruce’s blog is boring” or “My husband is so stupid!” Put a little thought into it, make it memorable — but only for you.
Vista User Account Control and Time Matters by Jeff Krause
Thanks to Corey Smith of Master the Business, who pointed me to TweakUAC, an app that places User Account Control into ”Quiet” mode. In a few short hours it has saved me from a bunch of annoying popups. See my earlier post on pop-ups in GoToMeeting.
However, it does nothing to help me with the current headache I am experiencing with UAC. This is a post I originally made to the CIC Solutions Forum. It has gone unanswered for awhile, so I thought I would try posting it here.
Vista security is driving me crazy these days. I am running Time Matters 8 Enterprise on a Vista Ultimate machine with SQL Server 2005 Express. The data is shared and accessed by a Win XP desktop and a Vista Business laptop.
First issue, I had to turn the Windows Firewall completely off on the host machine before the others could access the data. They could see the folders but received an SQL error when trying to access the data. No huge deal here, I have a firewall on my router, but it was a real pain until I figured it out.
The bigger issue I have now relates to User Account Control. On the host machine, if UAC is turned ON and I try to run bills or create a PDF from the TM Document List, I receive a “printer not activated” error. I can print the bills normally. I can even create PDF by selecting Adobe PDF as my printer. However, it does not create an automatic PDF copy of the invoices from Time Matters like it is supposed to do and which, of course, I want. So, I turn UAC OFF – it’s only me accessing the machine anyway – and reboot. Now, PDFs can be created but the TM QB server will not run until I turn UAC back on and reboot again. That’s a lot of screwing around to create a bill.
Anyone else on the bleeding edge? I am beginning to think I need to bite the bullet and get a server rather than my existing PtP setup but am hoping someone has an idea.
Spammers and Scammers by Jeff Krause
Isn’t it bad enough that spammers feel the need to overwhelm our email inbox with offer after offer for everything from financial services to other “services.” Now they have decided to target blogs as well. I am probably pretty fortunate that I only have to clear out a half dozen comment spam items each day. Comment spam is where spammers automatically post a comment that is nothing but a series of links to their sites. Argh! Give me a break. Luckily, the WordPress blogging tool is pretty good at weeding them out. I simply have to delete them – but what a hassle.
Scammers are even worse. Several times during the last year, my office has received a solicitation in the mail from someplace called Listingcorp.com. Listingcorp purports to be a service that enhances your search engine ranking – something I have long considered a scam, as true search engine optimization comes from good website coding not some magical listing service. The scammers at Listingcorp put them all to shame. Not only is their line of business a scam – their “solicitation” looks a lot like a bill for $65.00. So much so that it was passed on to my bookkeeper who entered it as a bill to be paid. Others have reported the same thing and many have paid the fake bill. Fortunately, I discovered it before it was paid.
Recent Increase in Spam by Jeff Krause
I read with interest the recent thread on the Wisconsin Bar Association’s Practice 411 list regarding the recent outbreak of spam. I have noticed it recently as well. The latest round of spam uses lots of unrelated words in a single sentence for the subject. The body is composed of a graphic with random noise in the image to help it avoid detection by spam filters. I have what I consider to be a fantastic spam filter (MXLogic) and some of these are still getting through to me.
Argh! As I was writing this post I just got another one! The subject of this one “This way, of hosts call for beryl, the rough valley.” Same stupid black graphic I have seen 15 times during the last week. Who do they think will be fooled by this? This post might turn into a rant if another one comes in.
Tonight, I downloaded a “Delete as Spam” toolbar button from MXLogic for Outlook. The nature of this new round of spam is very hard for filters to catch but at least now I will have the satisfaction of flagging it as such.
New PhishTank Site Helps Monitor Phishing by Jeff Krause
OpenDNS has created a new site to help users and web developers fight phishing attacks. PhishTank allows users to report suspected phishing emails and URLs, track the progress of their submission, or investigate a suspicious link. The site provides web developers with a free database of phishing data. OpenDNS also plans to release Outlook and Thunderbird plug-ins based on the PhishTank database. In addition, a free API will be made available for developers who want to interface with the new site.