Monday, December 22, 2008

Forget the antivirus on your OS, make sure your Internet browser is protected!

Lately there have been some industry recommendations to not use IE due to the recent security hole involving ALL versions of IE.

The latest exploit
The XML-based attack involves nested SPANs in a cross-site scripting attack using XML Data Islands to cause a heap overflow. After the heap corruption occurs, a payload can be executed on the browser's system. A payload is basically an encoded call to the operating system. A payload can be something as harmless as launching the desktop utility, or as dangerous as formatting or removing data from your hard drive. On the web, a hacker has posted sample code to launch the calculator on a user's system. Complete instructions also show how to create any payload to replace the sample calculator code.

Microsoft has posted workarounds and has issued a security update for IE 7, but the fact remains that this was a very big hole in IE. Approximately 80% of all documented security vulnerabilities are cross-site scripting attacks. This exploit was a specialized cross-site attack, known as a cross-zone scripting attack, which means that code can be executed outside the normal permissions that are available.

Why browsers are vulnerable
At a high-level, when you enter a web page server address and hit enter, the web server returns a text file to your browser. The text file contains two types of data:

1. Data and formatting instructions (HTML), and
2. Script code and/or references to plugin content (Javascript, VBScript, Flash) to execute functionality from your web browser.

Exploits can occur when the user navigates to a bad web site that returns infected script code/plugin content back to the user's browser. Most of the time, script code is beneficial to running a web application, an example is Gmail.

Two normal security techniques to stop threats are blacklisting and whitelisting.


Blacklisting began years ago by providing surfers a place to list bad sites within the browser preferences. If a user attempted to navigate to one of the listed sites, it would not be displayed in the user's web browser. The problem is that most users do not know which sites to list, and for the most part, this option has not been used.

Blacklisting has evolved into web site lists provided by third parties. Firefox anti-malware preferences and Opera anti-malware preferences are available in the browsers to check against downloaded lists by default. IE 7 uses a phishing filter that checks web sites against a remote database, but this technique has been known to cause performance issues.

Another option is to change your network settings to use OpenDNS. OpenDNS has been recommended by FaceBook and is a great way to provide a solid level of third party blacklist protection, regardless of the web browser used.

Whitelisting takes extreme measures, and considers all web sites unsafe by default. The U.S. government recommends this approach, and has listed instructions on how to configure popular browsers. Basically this technique involves first disabling script code and then using browser preferences to allow script code on specific sites that the user considers safe. Opera "Site Preferences" or the Firefox NoScript add-on allow a user-friendly way to do this. IE "Internet Zones" can also be configured, but it requires a greater learning curve.

Don't forget to scan

Although the title of this article says to forget the antivirus software, it is still advised to perform a virus scan on any file that is downloaded prior to opening, especially from an unfamiliar website. Free virus scanners are listed on the FaceBook security page. Mac users should get by using the blacklisting technique, but Windows users should seriously consider moving to using a whitelisting strategy, since most threats target Windows users.

Monday, December 15, 2008

Change or somebody else will!

A recent article in U.S. News notes how the unions are the reason that the big 3 are failing.  Back in the 80s, I remember reading a book in one of my business classes about the Japanese work ethic, focusing on quality and automation.  Many friends that I talk to equte Toyota and Honda with cars that will last for 200K miles.  How any U.S. cars can you say the same thing?

My wife's first car was a Ford Probe, her second a Ford Explorer.  Both cars had electrical problems and we had to trade-in the Explorer due to a cracked engine block.  My last 2 cars have been Saturns, and I have been impressed with better overall quality.  One thing I noticed with Saturns is that around 100K miles the cars started drinking more oil.  The folks at the Saturn dealership told me this is normal.  Normal???  When my wife's Explorer was traded-in last year, we decided to go with a Toyota FJ Cruiser.  The SUV is of VERY high quality and I can tell it will last us many years.  Not a single problem yet, the thing is SOLID.

Toyota built a non-union Tundra plant in San Antonio.  Yes, the plant hit tough times this year with pickup sales, and decided to shut-down for 3 months.  This is the same thing any other company in America does when times get tough.  How many companies still give pensions?  American automakers apparently still do.

When I worked for EDS, I was able to take part in a high-yield GMAC Money Market that I have been using as a savings account for the past 16 years.  I called GMAC today and they reminded me that my account is not FDIC-insured, it is considered an investment.  An article from a few days ago mentions that many GM employees are tied into GMAC benefits, causing risk to GMAC, should GM go under.  I haven't yet decided what I am going to do, but I do not think I am going to wait to see if the dominoes fall or not.

Sunday, November 30, 2008

Christmas Picture Card Price Comparisons



photo paper
premium paper
20 cards 75¢ per card $1.25 per card
40-60 cards 55¢ per card 99¢ per card
80-160 cards 45¢ per card 75¢ per card
180-220 cards 39¢ per card 65¢ per card
240+ cards 29¢ per card 55¢ per card

Snapfish pick-up at Walgreens is 50 cents/picture.


4x8 Photo card pricing
Sold in sets as shown below.
Envelopes are included.
Cards Price (per card)
12 $0.69
25 $0.67
50 $0.65
75 $0.62
100 $0.55
125 $0.50
150 $0.50
175 $0.50
200+ $0.45



  • size 4 x 6
  • 1-24 cards USD $1.49 ea.
  • 25-49 cards USD $1.29 ea.
  • 50+ cards USD $0.99 ea.

CVS Pharmacy

Greeting Cards


Wednesday, November 26, 2008

Why you should *NOT* buy a cheap laptop this Christmas

A friend of mine tried to just buy a cheapie computer. This is why you SHOULDN'T do it:

1. Windows 7 (the NEXT version of Windows scheduled for release next year) "will have the same hardware requirements as Vista". Don't believe this statement, it has never happened with Microsoft. If this is true, then you will probably be running an extremely crippled version of Windows 7.

2. Vista requires a LOT of disk space compared to XP, and Windows 7 will probably also. Be prepared to upgrade your hard drive, but the good thing is that hard disk space is cheap. 1TB drives are now under $100..

3. In Windows Vista, Microsoft introduced some great features via Windows Aero to become more user-friendly like the Mac. The problem is that Aero requires more system resources, and a higher-grade 3D video card. During the initial release of Vista, "Vista-capable" hardware only included hardware that could support Aero. The requirements for "Vista-capable" computers were later lightened to not include the Aero interface.

4. If you purchase a computer with Windows-XP INSTEAD of Windows Vista, your support was scheduled to end 4/2009. Microsoft extended support for XP, but you can bet that this will probably end soon.

What does this mean?

If the computer you are looking at cannot run Aero at acceptable performance, then you can probably bet that Windows 7 will be a dog. The MINIMUM Windows Aero requirements follow. Generally, minimum requirements from Microsoft do not equate to a fast computer:
* a 1 GHz 32-bit (x86) or 64-bit (x64) processor
* 1 GB of system memory
* a DirectX 9 compatible graphics processor with a Windows Display Driver Model (WDDM) driver, Pixel Shader 2.0 in hardware, and a minimum of 128 MB of Video RAM
* 40 GB hard drive with 15 GB free space
* DVD-ROM Drive
* audio output and Internet access
Also, a minimum of Vista Home Premium is required to run Aero. Dell recommends more power than the above minimum requirements for Vista. Using Dell as an example, Dell recommends an Intel T-8 or T-9 processor for:

"The ability to run simultaneous bandwidth-intensive applications and background tasks like virus scans and file downloads at high speeds."

Dell recommends at least 2GB dual channel memory and a 256MB video card to "optimize the Aero user experience".

Buy a computer with Vista included and make sure Vista Aero will run with acceptable performance. Just because Microsoft lightened their Aero requirements now, does not mean they will in the future.

Following is a configuration for a mid-level laptop I configured from the Dell website starting with their basic $500 laptop model and applying the above recommendations:
PROCESSOR Intel® Core™ 2 Duo T8100 (2.1GHz, 3MB L2 Cache, 800MHz FSB) edit
OPERATING SYSTEM Genuine Windows Vista® Home Premium, Service Pack 1 edit
PRODUCTIVITY SOFTWARE No Productivity Software edit
WARRANTY & SERVICE 1 Year Basic Limited Warranty and 1 Year NBD On-Site Service edit
LCD PANEL 15.4 inch Widescreen WXGA LCD Anti-Glare Display edit
MEMORY 3GB Shared Dual Channel DDR2 SDRAM at 667MHz, 2 DIMM edit
OPTICAL DRIVE 8X DVD+/-RW with double-layer DVD+/-R write capability, with Roxio Creator edit
VIDEO CARD 256MB NVIDIA® GeForce™ 8400M GS edit
HARD DRIVE 320GB 5400RPM SATA Hard Drive edit
WI-FI WIRELESS CARD Dell Wireless 1505 Wireless-N Internal card edit
BLUETOOTH WIRELESS Dell Wireless 360 Bluetooth Internal for Vista edit
WEBCAM Integrated 1.3 mega pixel Web Camera and Digital Microphone edit

Total cost for this is $1087.

Apple's entry-level macbook is exactly the same price (from with the following specs:
* 2.4 GHz Intel Core 2 Duo processor with 3 MB shared L2 Cache
* 2 GB (two SO-DIMM) 667 MHz DDR2 SDRAM; 250 GB 5400 rpm Serial ATA hard drive; 8x Double-Layer SuperDrive
* One FireWire 400, two USB 2.0 ports, DVI, VGA, S-video, and composite video (requires adapters, sold separately)
* Built-in 10/100/1000BASE-T (Gigabit) Ethernet; Built-in AirPort Extreme Wi-Fi (IEEE 802.11n); built-in Bluetooth 2.0+EDR (Enhanced Data Rate) module
* 13.3-inch (diagonal) glossy TFT widescreen display, 1280 x 800 resolution; Mac OS X v10.5 Leopard
* Built-in microphone and camera
The bottom line is, if you want to buy a laptop good for 1-2 years, get a bargain-basement $400/$500 model. It is acceptable right now for light use. For the Aero interface, real-time virus scanning, HD movies, upgrading next year to Windows 7, etc, I would recommend looking to a mid-range Windows model or a switch to a base model Mac and not worry about Windows issues.


Tuesday, May 13, 2008

Residential VOIP

VOIP companies like Vonage have been around for awhile, but friends have told me horror stories such as incurring long distance charges to call a neighbor or being forced to use a new phone number.  Also, I have had VOIP at my workplace and the quality had been horrendous at times.  Worst of all, local 911 service is not included!

My local phone company just began offering residential VOIP as a "digital phone service".  It consists of a Linksys Internet Phone adapter that plugs into my wireless router.  Although the adapter also includes 2 phone jacks, only one jack is live; the second is reserved for a second line.

The phone wire coming into my house consists of three colored wire pairs, which normally are used for a first line (blue-white pairs), second line (green pairs), and an alarm system priority line (orange pairs).  The phone company rewired my green pairs to handle the DSL line, disconnected the blue-white pairs from the phone company, and also disconnected the orange pair from the alarm system.

Inside the house where I have the DSL modem, wireless router and VOIP adapter, I have 2 phone jacks in the wall.  The first jack is connected to the green pairs, which connect to the DSL line outside.  The second jack is just like every other jack in the house -- it is connected to the blue-white pairs.

The green-pair jack is connected to the DSL modem input.  The modem output goes into my wireless router's input, and the VOIP adapter is connected to a network connection on the router.  The phone jack on the VOIP adapter is fed back into the blue-white jack to distribute the phone signal throughout the house.

Although the VOIP adapter pulls it's own IP address from the router, after initial setup, the VOIP adapter does not need to be accessible on the public Internet.  No public ports need to be forwarded through my router to the VOIP adapter.

The Alarm System
Old home alarm systems and fax machines can be tricky. The VOIP voltage output may not be strong enough to receive faxes or to make a priority call from the alarm system. In fact, many experts do not recommend connecting alarm systems to VOIP lines.

In regards to my printer/fax machine, I am one of the lucky ones. My printer can still receive faxes after hooking it into the VOIP line.

Before I had my house rewired as described above, I tried going the "single jack" route and not use any of the house jacks, since my phone is a cordless model with multiple handsets. The next day, the trouble light was lit on my alarm keypad because the alarm system could not find a dial tone. I cleared the trouble light, but the light came back on again later. Although I canceled my alarm monitoring service years ago, the alarm system continues to periodically checks for a dial tone and notes a problem if one is not found. After feeding the VOIP output back into the house jacks as described above, the dial tone check passes and the trouble light no longer comes on.

Note that if I still had a monitoring service, the orange wires would need to be reconnected and I would need to perform additional tests:
"The thing to do is to take a phone off the hook and leave it off for at least one minute (if you still hear dial tone, press the # key on the phone to make it stop, but leave the phone off the hook while you make the following test). THEN test the alarm to see if it can 'phone home.'"
Another thing to think about with a monitoring service connected to VOIP is that even if you make it past the tests, what do you plan to do in the case of a power outage?  The alarm will continue to function for awhile due to the battery that is connected to it.  Unless the DSL modem, router, and VOIP adapter are all connected to a UPS (uninterruptible power supply), the alarm trouble light will come back on again.

Many of the newer alarm systems connect to monitoring services via satellite, cellular, or broadband, so telephone connectivity is not necessary.  Again, you may need a UPS for broadband-based monitoring.

Voice Quality
Bandwidth congestion is noted as the reason for voice quality issues.  If your call is choppy to the person you are talking to, this indicates upstream bandwidth congestion.  If your call is choppy to you, this indicates downstream bandwidth congestion.  P2P programs, viruses, worms, and Spyware can all contribute to bandwidth congestion.

If I use a P2P/torrent downloader, even on a fast 6mbps connection, the VOIP connection may become choppy and/or the alarm system will show the trouble light since it cannot get a clear dial-tone.  Enabling VOIP as your bandwidth's highest priority in the router's QoS (Quality of Service) settings (and P2P as the lowest priority) has fixed this for the most part.

Long distance is free, I get to keep my old phone number, most of the time the quality is great, and the VOIP service includes voice mail (superior to any phone answering machine) and a web interface to view call logs and change VOIP settings.  The web interface is also used to configure local 911 access.

Best of all, I previously paid $74 a month for 3mbps DSL and an enhanced local telephone (POTS) service.  I also paid a $7 monthly fee and 7-cents-per-minute for Sprint long distance.  I now pay $67 a month for 6mbps DSL and VOIP with long distance included.

Wednesday, March 5, 2008

Car Rental coverage

Car Rental Insurance Items to worry about:

1.  CDW: Collision damage waiver, covers "any damage to the car you are driving". CDW at the rental counter is not consistent. Always include your home insurance company in the event of any accident.

2.  Liability: covers "damage you do to someone else". You should never have to supplement what is carried on your home insurance policy.

3.  Belongings: "check your homeowners or contents insurance".

Most credit card companies will supplement your auto insurance when you rent a car, your home insurance being primary. Research this if you have reduced coverage on an older car and rent a newer one. Limitations may apply.

Ask your insurance agent what kind of car rental insurance you have and what the limits are. Long rental periods, driving overseas and long towing distances may not be covered.

Some care rental companies offer extended services covering towing and roadside emergencies.  These are known by names such as TripSaver, and Roadside Plus.

Monday, December 24, 2007

The 15 Biggest Tech Disappointments of 2007,140583-page,1-c,techindustrytrends/article.html

#15. Box Unpopuli: Amazon Unbox

#14. Screwed up to the Max: Municipal WiMax

#13. Web 2 Woe: Social Networks

#12. Just Another Oxymoron: Internet Security

#11. Singing an Old Familiar Zune: Microsoft Zune

#10. Is Anyone Listening?: Wireless Carriers

#9. Sorry, We Already Gave: Office 2007

#8. Needs To Change Its Spots: Apple "Leopard" OS 10.5

#7. Cannot be Completed as Dialed: Voice Over IP

#6. Un-Neutral: The Broadband Industry

#5. The Great, The Bad, The Ugly: Apple iPhone

  • 3G will be faster, but wifi is a plus.
  • Apple found a cheaper supplier. I have no sympathy for those who want to be on the bleeding edge.
  • People hacked their phones, again, no sympathy, warranty is voided.
  • Not sure, but I am thinking Apple will have many more problems once they open it to 3rd party apps.

#4. In a Sorry State: Yahoo

#3. The Anti-Social Network: Facebook Beacon

#2. What Is It Good For: The High-Def Format War

#1. No Wow, No How: Windows Vista

  • Ok, so my mother-in-law loaded an old XP printer driver that caused the printer to not work. There was NO WAY to get rid of the driver or to reinstall it. We had to use the system restore DVD. Is this an improvement???
  • Maybe someone has to figure-out the hard way that repeated prompts are not good!