Datashield Online Backup - Is your Data safe?

Strong and weak passwords - What's the difference?

2010-11-01T22:29:00.000-07:00

That's a very good question and according to Andrew Dekraker it's not all in the numbers but in the numbers, letters and special characters! If you get mathematics like Andrew does, specifically exponentiation, then you'll understand this next segment about creating strong passwords.

Lets take a very simple 1 letter password and try to guess what it is. Sounds easy right? Well it is. There are 26 letters in the alphabet and 52 if we allow upper case letters in the password. It would probably take me 1 min 30 sec to try all combinations (because I'm a slow typist). A computer program, even the simplest, would take a few seconds to try all 52 possibilities.

Lets expand our password, using only 4 lower case letters (26 to the power of 4) we have 456,976 possible combinations. I'd be dirt before I manually deciphered a 4 digit password but a computer program can decipher a 4 digit alphabetical password in .046 seconds. If you include uppercase letters that number increases but not by much. So now lets add 1 windows special character from your keyboard (!@#$%^&*()~`?><), the time to crack now increases to 1.36 MINUTES! That's still not very long but a huge improvement from a 4 lowercase letter password.

We all know that no one uses a 4 digit password (at least not after reading this!) so lets look at a longer sequence of a combination of upper and lower case letters with characters compared to an equal length lowercase only password. You can see in the chart below how a password using a All Characters (a combination of letters [upper and lowercase], numbers and special characters) would make it virtually impossible to crack with today's affordable technology. Given time even these passwords will be hacked easily but by then controlled access will have evolved as well.

See the chart below:

Weak & Strong Passwords

Special thanks to Andrew Dekraker, an IT Service Tech at www.promediacom.net(that's us!) for helping me to bring to light the differences between weak and strong passwords.

Phishing for Bucks

2009-05-23T00:04:00.000-07:00

My last blog entry on Phacebook Phishing scams generated some questions about Phishing. Phishing is a scam where Internet fraudsters will send seemingly authentic spam or pop-up messages with the intent of luring personal and financial information from unsuspecting victims. Quite often the emails or pop up messages appear official and may contain exact fonts, graphics and other layout items to mimic a real website such as a bank, internet service provider, email account, etc. They typically prompt you to enter in your private information such as account number, password, address, SIN, credit card numbers etc.

Follow these basic steps to avoid getting 'hooked':

Use anti virus/spyware/malware software - remember that some are better than others and you typically get what you pay for! I use Vipre Antivirus from Sunbelt Software because its light, efficient and effective. Keep your subscription and definitions up to date and set an autoscan at a time when your computer is actually on! Malwarebytes is a great free program that has outshone many of the top level malware programs that one would pay good money for. The paid version offers real-time protection and supports the developers on their efforts. If you need asstance with diagnosing or removing an infection you can reach me here.
Use Phishing protection - the top level browsers (IE7, Firefox, Chrome, Safari) and email clients have built in Phishing protection but, to date, the results are inconsistent. An Anti Phishing protection toolbar recieving great praise is freeware from Netcraft. Anti Phishing programs basically exposes the website or links true internet address and in most cases a risk rating is also provided. For example the real facebook website is located here -> Facebook and this link -> 'Click to visit the real Facebook' suggests linking to Facebook but it doesn't. (Links to Datashield website) How would one know which, if either, is the real ink? Anti Phishing programs are designed to give you an added advantage over the internet scammers but, like any security risk/solution area it's constantly evolving and for most users waaaay to complicated. Here's a link to a Wiki on Phishing and other vulnerabilities which I found informative.
Don't email personal or financial information - email is easily read by almost anyone with some basic knowledge and one of many free packet scanners. There are a number of ways to encrypt your data including using Microsoft's Outlook, Mozilla's Thunderbird, PKzip, etc. There are also online secure email providers which provide a secure service. Never send your credit card, banking information or passwords via email!
Don't reply to email or pop-up messages that ask for personal or financial information. Do not click on links in the message even if it seems legit - links can take you to pages where malicious software can download to your system and open the flood gates to all sorts of mischief. Hackers can make links look like they go one place, but that actually send you to a different site. The best way to navigate to a site is by physically typing the address in the browser address bar. (I know...what fun is that!)
Use an aftermarket firewall that monitors both incoming and outgoing connections. Routers and Windows (XP and up) offer good quality firewalls but the default settings are less than informative as to what is coming and going from your system. Trojans can hide on your system quite easily as can key loggers. Trojans can provide access to your system remotely or even transmit personal information to an outside location. Key loggers will monitor your keystrokes and again send that info out to other people. I've had great results with Comodo's Free firewall. Comodo has packaged their highly configurable free firewall with an antivirus addon which can be disabled independently. A good product in my experience.
Don't open email attachments unless you are expecting it! Many scammers will try and gain your confidence by emulating someone you may know. Common email subjects are used such as "Hey, its me!" or "I have a question" or "UPS delivery confirmation - verification required". Recently the Phacebook Phishing scam did just that - they created a dummy facebook logon and grabbed as many facebook emails as possible to get their scam going. Once you attempt to logon to the dummy site the hackers then have access to your Facebook account, personal information and email contact list. Away they go....
Reviewing credit card and bank account statements as soon as you receive them is a good practice. Check for unauthorized charges and if your statement is late by more than a couple of days, call your bank/ credit card company and confirm your billing address. Once a scammer has enough of your personal information they can change billing addresses, increase amounts, apply for additional credit cards etc.

In spite of all the dark stuff, the internet remains a great place for access to information and other resources on almost anything. Unfortunately there are people who use technology to take advantage of the unsuspecting and the best thing anyone can do to keep the internet safe is to educate themselves on the types of risks out there and protect yourself in the event that you are infected with a virus, malware, scareware etc. Backup your data, report phishing attempts and don't pass on emails that are potentially unsafe.

Surf on Dudes!

Phacebook Phishing....

2009-05-21T11:26:00.000-07:00

There's a new threat to you and your friends personal information - courtesy of Facebook. I recieved a facebook email from a friend this morning and it said to check out 'kirgo.at' - so I did. It took me to a page that resembled a Facebook login page and fortunately I stopped there.

Thanks to the quick response of my facebook friend he notified all concerned that his account had been comprimised and an email was sent from his account. I immediately changed my password and passed the information to all my friends just in case. Electronic communication can spread a security breach quickly but it can also be minimized by quickly informing as many people as possible.

These types of attacks are known as 'Phishing'. The offending parties attempt to decieve users into giving up their logon credentials and can quickly change your password thereby locking you out of your own account. If you have personal information kept in your Facebook account it now also belongs to the hackers as well - a scary thought.

It's common sense really but even people in the know can be mislead. In this case the web addresses to avoid are:

areps.at
nutpic.at
bests.at
kirgo.at

It’s only a matter a time before similar scams pop-up. Facebook shuts these down as quickly as possible but could provide a better notification system simply by posting alerts on all users accounts. They have the ability to do pretty much anything they choose and this would be a good choice.

Data Security Risk - Mobile Phones are Easy to Hack

2009-04-20T08:52:00.000-07:00

Celphones and PDA's are now easily hacked by those in the know. In only a few minutes an experienced hacker can install spyware on your mobile phone and have the capability to listen to your telephone conversations live as well as recieve copies of your text messages as you send or recieve them. Datashield accesses Mobile phones with Windows Mobile or Blackberry Operating Systems to support our clients, if we can access a Mobile phone then so can other people. I think that this area of security really needs a good look and with all the recent publicity I'm sure we'll see some smaller developers entering the Mobile security market with early apps and the big guns to follow once the market takes shape. It's a good thing.

What does that mean to mobile workers and the self employed? Datashield Technologies is a small operation and we provide a host of services and products to clients who rely on us for support. We get calls for usernames and passwords, web addresses, and credentials for stuff I get paranoid about just knowing. Providing fast service is essential for our clients productivity and even though we have our information stored in secure locations with encrypted files and half the Canadian Armed Forces guarding it (ha ha - that was for the criminals reading this) nothing is absolutely hack free. To give you an idea of just what goes on in the world of data loss and hacking visit the Open Security Foundation's Website http://opensecurityfoundation.org/ .

This is a wake up call to anyone who thinks hackers aren't for real and organized. It was for me.

To prevent unauthorized access to your mobile there are a few simple steps to follow:

1) Always keep your mobile in sight, this includes when lending it to others to make calls.

2) Never download or install software unless it is from a reputable source.

3) There is Antivirus for Mobiles available - If you have the speed, its a good idea to scan on a regular basis.

4) Familiarize yourself with the programs/apps installed on your Mobile phone.

If you aren't sure about something contact us at http://www.datashield.biz/support and we can source it for you.

We are researching this area and will be posting information as it becomes available.

Russian hackers hold a casino site hostage!

2009-02-27T13:55:00.000-08:00

An Costa Rican internet service provider's servers were recently taken hostage by an organized group of hackers located somewhere in Russia. The servers hosted internet gambling sites and despite all the precautions taken by the ISP, their 5 servers were comprimised and the hard drives encrypted, preventing any further revenue and a guaranteed quick business failure.

The Hackers kindly offered to unencrypt the server hard drives for an undisclosed amount of money (surprise!) and after exploring a few other options (I would too) the Casino owner decided to meet the ne'er do well'rs demands. The hackers did their part with the exception to the fifth server which held all the credit card numbers for the casino members. Apparently the hackers didn't read the encryption software instructions carefully enough and overlooked the required amount of hard disk space needed to encrypt the data! Get this...the hackers even spent about 8 hours trying to fix the problem! I wonder if they called tech support? They couldn't restore the 5th servers drives and I'd put money on it that they didn't apologize or offer a refund.

CBL, a Toronto based data recovery firm, recovered the data and the owner was back on a plane within 72 hours. Here's the video provided by CBL

Frankly I am amazed that an operation earning $135,000.00 per day doesn't have a better disaster recovery plan than the one that didn't work. On the other hand I see thsi quite often and most of the requests we get for backup are after a critical data loss event occurs,

Again, any backup is better than no backup at all and in this case I'm sure the casino is revising their disaster recovery plan to include a secondary server site or at least offsite data backup.

Remember to play the scenario to the end...what do you stand to lose if your Data suddenly becomes unavailable?

Here's the Video:

Backup Speed and Hard Disk Fragmentation

2009-01-31T08:34:00.000-08:00

Recently a long term client called and asked a question about why the Datashield Online Backup seemed to taking longer to complete when the new data was not increasing respectively.

First I tested the server upload speed at http://www.speedtest.net/ and it was normal at 410 kilobytes per second. Then I created a 10 mb test file and initiated a manual backup - the time to backup was just over 40 seconds. Not a significant slowdown considering all the communication going on between the source and destination computers.

At this point I decided to look at the performance of the local server and discovered that the hard drive was significantly fragmented. File fragmentation occurs over time as additional data is written to the disk. The more data written to the disk, the more fragmentation occurs. As file fragmentation increases so does the time to access them. Online backup lives by the same rules - if your disk is fragmented it will take longer to access and upload your files.

Not only do tasks take longer when a disk is fragmented but a disk also has to work harder which increases the potential for early failure. There are a number of automated disk optimization utilities available for home and business. These resource saving utilities can be set to defrag disks on a scheduled basis or when a disk reaches a predefined performance level.

http://www.datashield.biz/

Protecting Your Data - The Basics!

2009-01-20T18:14:00.000-08:00

Being a father, business owner, outdoor enthusiast and general digital packrat I find that the information I save to my hard drive is steadily increasing. Some of it I need to keep for long periods of time (maybe even for close to ever) and other stuff is project or research based and can be deleted after a period of time.

Why backup? I usually get the call after a client has lost some or all of their important personal or business related data. Data loss can be from accidental deletion, to a hard drive failure, to the loss/theft of a computer system. Yes, data can be recovered from a failed hard disk but sometimes the disk can be scratched and the more difficult it is to recover data the more expensive it gets! Theft usually means that someone else has your information and the chances of recovering it are slim to none. The number one method for ensuring that this doesn't happen to you is to back up your information on a regular basis.

Backing up your information can be in the form of: a portable hard drive, memory stick, CD/DVD, email, tape backup and online data backup. I've tried them all and the number one reason for not backing up is that other things became more important and it simply wasn't done. The solution for me was an automated secure offsite backup solution. Online backup works for me because basically I just set it and forget it. As with any backup its critical to make sure that your data is backing up and that the files you want to backup are selected for backup.

My main categories for backup are : Business and Personal; which include email, documents, pictures and video's, websites (source and current files), client information, web resource information, financial information web resources, favorites and a few other user specific categories.

Get backed up today with Datashield!

A Data Recovery plan in action....

2008-05-21T12:34:00.000-07:00

Data can be lost due to many different reasons. Power spikes, Accidental reformatting, virus attacks and hardware malfunction are just some of the situations where you will find yourself looking for a data recovery solution.

This past weekend I was updating a Symantec Antivirus Corporate 10 installation to the new Symantec Endpoint product. Endpoint includes some client management tools that will reduce this clients concerns of unauthorized software installs and system changes. They are a medium sized financial firm with a Windows Server based network and 10 clients. This client previously used a tape backup system to do their data backup/restores and after taking over the I.T. management for this company I pursuaded them to go with Datashield Online backup and it has proven itself a number of times.

For some reason Dell shipped the new 160GB server with a 12GB system partition and we ran out of room there quickly. In the midst of extending a Windows Server 2003 hard drive partition for the Symantec End Point install, the process locked up. There was nothing I could do but reboot and upon rebooting the system would only do a partial boot and then reboot again ... and again ... and.

This is where the importance of a Data Recovery Plan shows up. At the end of tax season and with the potential for 8 employees billing at over $60.00 per hour the loss could be substantial! We kept the old Windows 2000 server and made minimal file and network changes. The data structure had not changed as soon as the partition extension failed I began to put contingency plans into effect. Within 15 minutes the Windows 2000 server was reconnected to the network and the Datashield Professional Data Restore was underway. If the recovery of the Windows 2003 system did not happen by Monday at 9am then the W2K Datashield data restore estimation put us on track to be live with the Windows 2000 server in 12 hours barring any network slowdowns or other 'stuff'. Plenty of time to be back online for Monday morning at 8:00 am. The first step in the recovery process was to determine the cause of the failure in order to apply the correct solution path. In this case it was not hardware and the hard drive partition tables (C:\ and D:\) were still visible and D:\ was recoverable. C:\ would not boot because the repartitioning software I chose rewrote a unique boot.ini file and the custom boot cd would not work either.

Having worked with data recovery I have some experience with partition corruption and data extraction and after investigating many promising partition/boot recovery programs I decided to go with an opensource program because they gave me the answers straight up, no double talk, no false promises, easy to order and delivered in 30 seconds. (oh..and it was free!)

I was able to recover both partitions on the Windows 2003 Server and went live at 9pm Sunday night. The data was intact and the Windows 2000 Server was at the ready in case there was some peripheral damage or other issues.

Remember that having your Data backed up is just part of the plan. Make sure you have a well thought thru contingency strategy in place. Document the details including usernames and passwords for critical resources, what data is stored where, what to do do 'IF" etc... Give the plan to 2 or more trustworthy people and make sure they understand the importance of your plan in terms of Business continuity and Security - the wrong information in the wrong hands can be a bad thing. More on Disaster Recovery at a later date....

OMG! and what to do after a data loss...

2008-05-16T17:54:00.000-07:00

Once the tranqulizers have kicked in and you realize that what just happened is really really bad, you can take some relief in knowing that all may not be lost.

ALL computer users experience, in some form or another, the loss of some important information from a variety of causes which I will address in a later Blog. For home users its usually email or contacts, passwords, home finance or investment information, family photos, downloads, home business information, etc. For business the losses can be catastrophic and the statistics indicate that a large amount of businesses (up to 75%) will go bankrupt, within 2 years, after a critical data loss.

Even though Data Recovery experts claim that in 80 percent of cases, lost data can be recovered, the costs can vary from a few hundred to a few thousand dollars. Add the cost of lost sales and productivity in a multiple employee organization and the costs rise again. If there is permanent data loss the rebuilding can take hundreds of hours and the cost skyrockets. The value of business data has been estimated by a number of sources to be $10,000.00 per megabyte. Consider this carefully when you are choosing your backup method.

Many backup experts would agree that the time and money spent investigating a backup method is an investment, not an expense.

If your computer was stolen, there's not much I can offer other than my condolences and hope that you get it back, data intact. There are computers designed for the mobile workforce and they have built in security features that prohibit access to the computer and hard drive. Live data encryption is readily available and can protect your clients or business from information falling into the wrong hands.

If you have Datashield Online Backup then your data is recoverable (to the point of your last backup) to any computer with an internet connection.

If your hard drive has failed the first thing you need to do is STOP TRYING TO GET IT GOING until reading this next paragraph!

Hard drives are mechanical. They have fast moving parts that WILL wear out. When these parts break loose they can come in contact with the disks that hold your information. If your disk(s) become damaged the data can be recovered but the more damage that happens to your disks the more expensive recovery becomes and the less likely that all your data can be recovered. The best thing to do if you hear a metallic tinkling or scratching sound coming from your harddrive is to shut it down and DO NOT attempt to start your computer until consulting with a qualified technician with experience in hard drive failures and data transfer/recovery.

Qualified Technicians can advise you on the next steps and potential costs involved. Again, the best practices here are to have a your critical information backed up on a regular reoccuring basis BEFORE a data loss occurs. I'll talk more about backup methods in a later module.

If your computer does not start there are a number of potential causes for this. With the outcome of keeping your data intact being paramount, best practices again suggest contacting a qualified tech.

If you have lost data to a virus or accidental deletion/format there is still hope. Again the first thing to do is STOP doing anything on your computer. Anything you do beyond this point may overwrite lost files and make them unrecoverable.

Self Recovery - If you have accidentally deleted a file don't loose all hope yet! There are a number of programs available that you can use to scan your drive for files that cannot be seen by the operating system or if there is no operating system. Read and follow the instructions carefully. If you are not comfortable with the process then contact your local tech. Keep in mind that different techs have different strengths and may or may not have the skills to recover your information. Ask as many questions as you can to determine the experience and approximate costs involved.

Most people contact me after they have lost some or all of their data. They all have the intentions of backing up regularly but life happens and we don't. Automated online backup is the best method available today and storage costs have come down considerably. Stay tuned for 'what to look for in a backup provider' in a later blog.

If you have any questions about data recovery or backup please feel free to contact me or visit Datashield.

"A thousand mile journey begins with one step"
Lao Tse

Has this ever happened to you?

2008-05-16T17:34:00.000-07:00

Let's face it, everyone loses their data at some point in their digital life. Whether its by theft, virus, accidental deletion, hardware failure or your little brothers squirt gun. I believe this is common knowledge and the solution is one or more of a number of backup options.

Fact: ALL HARD DRIVES FAIL.

10 years of experience tells me that this is 100% true! Most of the requests I receive are from clients needing assistance in recovering lost files/data and they just want to not have that happen again because it really freaked them out. So, I give my "Why you need to Backup your Data' sermon? People re-commit themselves to doing the same things they stopped doing the last time they re-commited themselves. And by re-swearing to: Getting out the DVD's, emailing yourself, sticking a reminder post-it-note on the coffee cup, buying a new flashdrive and hanging it from the car mirror, creating another outlook reminder, emailing yourself, emailing your friends, etc etc. (did i mention emailing yourself?) It's great to use any backup method as anything is better than nothing at all. In reality, manual backups are easily deferred by other more pressing tasks and at times there are a plethora of important tasks just waiting!

What do I do now? I no longer email nor write threatening notes to myself. My info backs up automatically every night at 7pm to a server somewhere on the internet. (I can't tell you where because, well...lets just not go there) I never have to worry about it. No more recommiting, no more waking at 3am wondering if I did back up, no more retracing my steps looking for my M.I.A. flashdrive. In my opinion, automated disk to disk backup (local or remote) is the best thing that ever happened to data integrity. (insert smilie face here).

"Take rest. A field that has rested gives a beautiful crop."

Ovid

Fine. I'll do it then...

2008-05-16T15:11:00.000-07:00

Numero uno bloggo...

First and foremost I had best introduce myself. My name is Chris Freelund and I am a chronic serial entrepreneur. I think i was around 17 when I discovered my passion of New Concept Development. Although the vim of youth is somewhat tempered I am still gripped by the same excitement that many of those obsessed by the words "Thar's GOLD in them thar hills!" must have felt.

Still to this day I am easily distracted by a great idea and I hope that I always will take the time to explore something new. My experience has been that I can't do it alone and anything I have accomplished is only due to those around me who motivate, inspire and drag me to the next phase of wherever I am going.

If you are on this path or are 'thinking' of following the path of todays cyber adventurer. The secret to success is to "Never, never, never, never, never, never, never, never....give up!

I was born here in Vancouver, B.C. Canada and have lived most of my life here. My career has many pieces ranging from Hospitality, Manufacturing, Construction, New Product Development, Sales and Marketing, Retail franchisee, Computer - Training, Web design/Hosting, IT Services Company, Support/Helpdesk Management, Software Development, Ecommerce, Data Security... (i'm sure there's more...)

My hobbies include Hiking, Long distance running, Technology, Volunteering, Music, Reading, Canoeing, Wellness, Family, Reading Where's Waldo with my son (who knows where everyone is!) again, Nature and, laying in the sun because I can.

Before I go on (and on, and on...) I want to give credit to a very talented individual by the name of Odette B. By an act of fate we collided on Facebook recently and have become not only friends but (IMHO) we also compliment each others strengths and direction. Without her wisdom, generosity and insight I would not be right here right now. You can find Odette here
http://www.versatilevisions.com/

"To know how to wait is the secret of success."
Joseph de Maistre