Thursday, May 30, 2013

Email From The IRS? No Way!

I am battling with uneasy feelings because of an obvious scam email although I know  that it is a scam. Needless to say but naturally I did not open the attached ZIP file.

I have problems imagining what some of my customers might feel and think if they received a scam email like this one (screen shot of how it looks in my email program, email addresses obscured):

This obviously is a scam. The clues to this are:
  1. No government agency will ever send you an email out of the blue; never ever!
  2. The open recipient address list in the top line of the picture is a gross violation of privacy and email etiquette; even the IRS would not do that I hope.
  3. "You have received" is bogus because according to the text of the email supposedly the IRS has received a complaint.
  4. "filled" instead of "filed"; typos of this kind are a dead giveaway.
The DELETE button was created for exactly this kind of email!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Wednesday, May 22, 2013

Dangerous PDF Files

Microsoft published a list of eight names of known virus infected PDF files that have been repeatedly seen as the carrier of virus infections:
  • pdf_new[1].pdf
  • auhtjseubpazbo5[1].pdf
  • avjudtcobzimxnj2[1].pdf
  • pricelist[1].pdf
  • couple_saying_lucky[1].pdf
  • 5661f[1].pdf 7927
  • 9fbe0[1].pdf 7065
  • pdf_old[1].pdf
What  does that mean for you? Beware of any email attachment with any of these or similar file names!

One easy security measure against only exactly this type of virus is to disable Javascript in your PDF reader.. This depends on having the latest up-to-date version of the PDF reader installed.

If you use Adobe Reader at the time of writing the latest version is 11.0.3. Open the Edit menu and click on Preferences (or type Ctrl+K).  In the Preferences window click in the left side bar on Javascript. Then remove first the check mark by  "Enable global object security policy" and then the one by "Enable Acrobat Javascript". Then click OK to close the Preferences window. This is what the window looks like (emphasis added):

If you still have Adobe Acrobat installed please remove it and replace it with PDF-XChange Viewer! Well, if you actually use Adobe Acrobat regularly to create PDF documents then keep it up-to date and use it at your own risk.

Update May 27 2013:

If you use PDF X-Change Viewer at the time of writing the latest version is 2.5.210.Open the Edit menu and click on Preferences, select JavaScript, uncheck Enable JavaScript Actions and click “OK”. This is what the window looks like (emphasis added):

If you use a different PDF reader you have to find out if this reader allows embedded Javascript to be executed. If so then find out how to disable it.

Again, this avoids only Javascript viruses embedded in PDF files.
If you run any version of Adobe Reader older then 11.0.3 please upgrade immediately! After an upgrade you have to check if there is another older version of Adobe Reader installed; if so remove it! 

Should you have any difficulties with any of the above I will be glad to help. For things like these I do not need to come to your house, they can be fixed remotely.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.

Thursday, May 9, 2013

Cloud Storage?

If you want to know what "cloud storage" is please read this explanation on Wikipedia.

I get asked quite often for my opinion on cloud storage including backup solutions "in the cloud". The following begins with a real life experience that some lady had with Google. 

I know from my own attempts to try cloud storage that other services are not that much different - and the legal underpinnings are the same for all anyway. Here we go:

One recent Thursday morning, a dedicated Google user logged into her email and made an alarming discovery. Instead of opening the Inbox, Google directed her to a notice:
[Your] Account has been disabled . . . . In most cases, accounts are disabled if we believe you have violated either the Google Terms of Service, product-specific Terms of Service . . . . or product-specific policies . . . . it might be possible to regain access to your account.
  • the terms and policies offered no clues
  • no phone numbers to call, no tickets to request help
Google -
  • - manages a whopping 343 million active Google+ accounts
  • - operates in 130 languages
  • - strategically avoids the crush of users by offering little direct customer service.
  • - reserves the right to “terminate your account at any time, for any reason, with or without notice.”
  • Phone calls to Mountain View [Google HQ] land in a labyrinth of recorded messages that inevitably lead to one of a man, sounding quite exasperated shutting the call down with a “Thank-you-goodbye”.
  • - is a company with $50 billion in revenues
  • - has the modest aim to “organize the world’s information
  • It seems implicit that in allowing Google to use one's data we should rely on Google to hold on to it and to give it back.
Reality -
  • - Google assumes no responsibility over user data
  • - Google is not required by law to do so 
  • - Google limits its total liability for stolen data, lost data, anything, “TO THE AMOUNT YOU PAID US TO USE THE SERVICES” (yes, in all caps), which might mean as much as nothing for the most commonly used free accounts.
  • - Google reserves the right to take away or vaporize our data for any reason
  • - Google also reserves the right to discontinue services, the means to prohibit any access to the data, whenever it wants.
  • users are easily discarded
  • Google’s priority is preventing data from falling into the wrong hands, not ensuring it is always available to the right hands
My personal conclusion: I don't use cloud storage.

Naturally your mileage may vary. But I recommend you really thoroughly and together with your lawyer work through the details of all applicable Terms Of Service, End User License Agreements and the like.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Click here for a categorized Table Of Contents.