Cover Your Butt - But You're A Girl - Endlessly Enthusiastic Technology Evangelist

Category: Cover Your Butt

WordPress Security: How To Fix Your Hacked WordPress Site – East Bay WordPress Meetup

Posted on December 20, 2011

Yesterday I presented to the Security Revisited event put on by the East Bay WordPress Meetup group on how to get your WordPress website back on it’s feet after it’s been hacked or infected with malware.

Last year I helped Patrice who runs Afrobella.com recover from a seriously nasty malware hack to her blog after Google told her she had been blacklisted. It was frustrating for Patrice, her fans and advertisers but I got the site cleaned up and hack free. Back in June I saw there was a call for WordPress security topics so I jumped in and said I’d share my experience as a case study for the group.

I covered:

How to tell if your WordPress site was hacked
Why people hack WordPress sites (popularity, infect other computers, steal data)
First steps to start investigating the problem
How to backup your WordPress files and database
How to scan your WordPress files for infection using Avira
How to scan your WordPress site using Sucuri
Tools and plugins to use to monitor your site for changes
How I recovered the site of a popular blogger using this system
and much more!

Here’s the presentation from the meetup:

People asked several questions during the presentation and I’m listing the resources I mentioned here as well as the recorded WordPress training at Udemy I’m teaching and the San Francisco WordPress workshop in February at Parisoma:

What hosting company do you recommend and why?

Rochenhost (affiliate link) – They do backups twice a day, respond to support tickets in 8 – 14 minutes, have Red Hat certified technicians and proactively monitor their shared hosting servers. Fast, responsive and solid.

What WordPress theme provider do you recommend and why?

Woothemes (affiliate link) - They keep all their themes up to date on a regular basis, they have great support and and active community of users, their framework supports patching security issues in their themes and they have a wide variety of flexible themes to fit nearly any WordPress site

What are the security / protection plugins you named?

What was the link to the blog post you did last year on hacked WordPress sites?

http://freshworkshops.com/2010/12/20-ways-to-find-your-wordpress-hacking-problem/

Where can I read more about the TimThumb vulnerability?

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

Where can I get WordPress training online?

You can head over to Udemy which is now hosting my Build Your Own WordPress Website training for just $29. You get 8 hours of solid, step-by-step training on how to set up your very own WordPress website. Remember, the best part about using WordPress is that it is SEO optimized out of the box!

I just received a really nice quote from a previous client I setup on WordPress in 2008 because I asked him to share his story with a new prospective client who is still riding the fence on WordPress:

“I know that WordPress has been the best thing. Many changes I do myself which keeps the site fresh. It also keeps me interested in routinely updating since I instantly see the changes.”

Joseph L. Rapacki, Rapacki & Co Accounting (yes, that’s a WordPress site)

Where can I get WordPress training in person?

Glad you asked! I’m teaching a four week WordPress workshop in San Francisco this February at Parisoma called, Becoming A WordPress Master, and it’s going to cover all the essentials of WordPress. Great for people just getting started with WordPress as well as people who want to better understand how to leverage SEO, themes and plugins. We’ll cover new features in WordPress 3.3 like the HTML 5 drag and drop image upload option.

The cost is $120 for all four sessions and you can register here.

WordPress Setup 101: Wed, Feb 1
WordPress Tour: Wed, Feb 8
WordPress Themes and Plugins: Wed, Feb 15
WordPress Content Strategy and SEO: Wed, Feb 22

Thank you to Sallie Goetsch for asking me to speak at the meetup event and thank you to Anca of Techliminal for hosting the meetup! It was great to meet everyone and hear people’s questions about WordPress security!

4 Comments - Posted in blogging, Cover Your Butt, How I Work, Security, Wordpress, Wordpress Training

Gmail Undo: When You Realize Your Mistake After Clicking Send

Posted on September 8, 2011

How many times have you wished you could undo an email you sent to someone? Maybe you shared a bit too much or sent it to the wrong person.

Gmail has a solution for that known as Undo Send. Originally listed in Gmail Labs back in 2009, this feature allows you to quickly fix your trigger happy mouse finger by letting you undo a sent email.

Today a friend sent me an email by accident that contained some personal information; including a secret he planned to disclose to someone else. I got a good laugh out of it because I already knew the information but it was a sharp reminder how easy it is these days to accidentally send sensitive information to the wrong people via email as our address books fill up with countless people named Bob, Chris, Sarah and the always gender neutral Pat.

Undo Email Sending Mistakes

Gmail’s “Undo” feature works for both Gmail and Google Apps domains. Once enabled, you’ll be able to click the yellow highlighted link titled, “Undo” and exhale with relief.

To get started, navigat to your Gmail’s “Mail Settings” under the gear icon in the upper right-hand corner. Then go to “Labs” and scroll down until you see “Undo Send” and enable that. Make sure to click “Save” so your changes take effect.

Then they added the feature to allow you to specify the number of seconds you’d like to undo the email within. Of course, I went with the maximum of 30 seconds although I have noticed when I attached invitations to my Gmail messages, the undo has not worked in the past.

You will find this under “Settings” once you click the gear icon in the upper right-hand corner of your Gmail.

Thankfully, my friend’s secret is safe with me. Last week, a business acquaintance accidentally included me on an email where she was talking about me. I replied to acknowledge I’d recieved it and we all had a good laugh.

Mobile Gmail Undo

This year, with the ongoing popularity of the Android platform on a growing number of smartphones, the introduction of several Android Honeycomb tablets and the updates to Gmail email navigation on these devices, Google released a gmail undo version for mobile as well.

Photo credit: Google Gmail Blog

Summary

It’s nice to be able to take a step back your email with undo. Of course, some argue that Gmail doesn’t have an undo feature but a delayed sending option.

Have you ever been embarassed after sending an email to someone? Share your story!

0 Comments - Posted in Cover Your Butt, email, gmail, Google

Mozy Backup Dropped The Ball On Customer Support Today [VIDEO]

Posted on June 6, 2011

After being both a Mozy Home and MozyPro customer since 2007, I’m sorry to say that Mozy has gone down the slippery slope of low quality support and outsourcing, the same as Dell did a few years back.

If you remember the Dell Hell post Jeff Jarvis did a few years back, it was about his horrible experience of Dell passing the buck.

Well, welcome to the club Mozy. #fail

How To Communicate With Your Customers During Downtime In The Cloud

Posted on April 22, 2011

photo credit: sandburchick

What about keeping customers updated during the downtime?

With Amazon’s recent crashing of the cloud, I thought it would be an idea time to share tips I’ve come up with as an active power user of cloud apps for the last six years, having developer friends and being passionate about making customers happy:

Plan your communication channels ahead of time. Will you update your customers via a blog? Twitter? An email newsletter? Have a company policy on how you will communicate updates so when all heck breaks loose, you’re not scrambling to put together a 19,000 email list. Get your customer base used to this channel by introducing them to it when they sign up, change plans, contact you for support and have problems. This will make them feel more comfortable and remove some of the fear, uncertainty and doubt (FUD).

Have a status page. Remind your customers every quarter or so that they can visit the status page to find out about updates, downtime and changes to the service. Have this page on a separate subdomain so if you have DNS outages, you can still communicate. Some companies use Tumbler or WordPress.com as a platform for the status page. Share this status page on the footer of your website, on the sidebar of your email newsletters and on your social networks so people have a chance to become familiar with it. You will find over time people will check the status page first before tweeting a complaint or sending in a support ticket.

Thank your customers for being part of the solution. During an outage, it’s a perfect time to show your appreciation for your customers. They’ve helped you build your company and spread the word. Remind them of how grateful you all are by including blog posts and tweets your customers share about you during the outage. Leave replies on their posts, retweet their ideas and reach out via email if you see a good idea.

0 Comments - Posted in Cloud Saas, Cover Your Butt, Customer Service, Status #Fail

Preparing For Success: Zendesk Demo Setup At Dreamforce 2010 Conference

Posted on December 15, 2010

Last week I was at the Moscone center in San Francisco for Dreamforce.

I wasn’t going as an attendee but to “wo”man the expo booth for Zendesk and demo their new integration with Salesforce. This was my first time working a show but felt confident things would go well!

Say No Target Credit Card Offers When Checking Out

Posted on April 3, 2010

I was at Target today and was asked if I wanted to save 10% by signing up for a Target credit card. I explained that I did not want to incur debt today and then end up losing my home to failed mortgage payments and lose my business like so many of the closed shops in St. Paul. The guy didn’t like my answer and rolled his eyes.

With credit card companies and banks having to change their tune, now is the time to stand up and say no to the debt frenzy!

3 Comments - Posted in Cover Your Butt, Videos I made

Five Zendesk Webinars Left!

Posted on March 22, 2010

With a slight interruption in the webinar schedule due to SXSW (Did you make it to the Small Business Web cloud party?), there are just four more webinars I’m doing in the month of March. After this, I’ll be relocating to San Francisco so get in your live webinar time now! There will be a short webinar break as I settle into my new digs in SF.

I’ll also be doing a guest webinar with Groundwork. They provide network monitoring tools (think Nagios) and you can escalate issues right into Zendesk. That’s on Thursday and I’ll be blogging about it tomorrow so I guess that makes FIVE webinars!

photo credit: Laughing Squid Read More…

0 Comments - Posted in Adventures in Consulting, Cover Your Butt, Customer Service, Tech Tasty, technical support, Webinars, Zendesk

It’s Conference Time Again! Don’t Arrive Empty-handed at SXSW

Posted on February 23, 2010

I just saw this cool email newsletter from Moo.com saying that they will hand deliver your business cards to SXSW if you order before March 1st. Use coupon code: sxswpickup at checkout and then pick your cards up Saturday, March 13th from 12 noon until 3pm in the exhibition hall.
moo business cards Read More…

0 Comments - Posted in Business Essentials, Cover Your Butt

Dell Discontinues XPS 8000 After Christmas Delivery Delays [VIDEO]

Posted on January 2, 2010

I noticed a lot of traffic to my Dell XPS 8000 post in the last few days and it looks like Dell has discontinued the XPS 8000 and a rumored 8100 will be released soon

But why?

Why is Dell so far behind in system builds?
Is there a problem with these computers?
Are systems being returned by angry consumers?
or…

Audio Up! Start A Geek Biz With Co-host @chrispirillo

Posted on September 26, 2009

Audio has been posted from the webinar I did with Chris Pirillo, What Every Geek Needs To Start a Company

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

direct mp3 link

We had a great time discussing all the basics of starting a geek business and the audience had great questions!

Good and bad logos
What if your client always pays late?
What makes you uniquely geeky?
Great business cards bring great business
Letters of Agreement as informal contracts
GTD ways to digitalize receipts
Why you need an accountant
How to get better at networking in a crowd
and much more!

To get notified of the next one, sign up for the newsletter which goes out once a month.

3 Comments - Posted in Audio, Business Essentials, Cover Your Butt, Employment, Freshworkshops, geek notes, How I Got Started, How I Work, Social Networking, Tech Tasty, The Big Picture Tagged with: Adria Richards, Chris Pirillo, podcast, Webinar

Techsmith Delivers Best Tools for Creating Screenshots and Video Tutorials

Posted on July 17, 2009

Did you ever want to show someone an error message on your computer or how you fixed something? Techsmith has a suite of amazing tools that make taking screenshots and doing video tutorials easy!

Read More…

4 Comments - Posted in Cover Your Butt, Customer Service, GTD Moments, How I Got Started, How I Work, Screen Capture, Screencast, screenshot, Tech Tasty, technical support, Tools I Use, Troubleshooting, Videos I made, YouTube

Norm Coleman Website Crash Exposes Database and Email Lists

Posted on January 28, 2009

Post Updated: 3/29/2009

First off, I would like to thank to everyone.

I’ve decided to write a summary to give you my perspective two months after putting up this blog post. I have continued to add to it in hopes of making the big picture more clear for people who want to understand what happened.

I talk about why I put up the post, the political power struggle I didn’t want to be a part of, how the media took what I said and turned it into what they wanted and what I’m working on to bring about actual change so personal and financial data will be safer in the future.

Continue reading the summary

How ironic is this? I was on Lifehacker today looking for the article about Eraser (program that securely wipes out files) and saw that January 28th is Data Privacy Day! What are the chances of a security breach regarding data privacy being discovered on the very day that has been selected to raise awareness of data privacy? Geeze!

Did interview with PJTV, conservative focused online media site (PajamasTV)

Article at ChannelWeb, Serious Security Flaw Discovered In Less Than 2 Minutes On U.S. Senator’s Web Site

Excerpt from resume of website developer who created Colemanforsenate.com website:

ColemanForSenate.com
* Developed a custom content management system from the ground up in PHP

New Video is up! Live: Coleman Question and Answer after The Rachel Maddow Show 3/14/2009 12:45am CST

Interview with Rachel Maddow Friday evening 3/13/2009 MSNBC
[youtube width="550" height="420"]http://www.youtube.com/watch?v=DC-xqVeFMwY[/youtube]

Interview with MPR Coleman warns donors after data breach (audio of me from the radio)

Blog Post MN Independent Coleman donors express ‘extreme anger,’ fear, worry after breach

YouTube video: How I Found Norm Coleman’s Website Database in 2 Minutes

Best quote to me on the phone: “I just hung on the secret service to talk to you” — unnamed reporter

Lifestream video : I explain what went wrong and answer questions about the Norm Coleman’s website

Interview with MN Independent Coleman’s site wasn’t ‘hacked,’ says IT pro who discovered donor breach

Blog Post at MN Independent Breaking: Coleman’s unsecured donor database revealed on Wikileaks

Blog Post Here Who is Searching Google for Norm Coleman’s Database?

So, it sounds like Wikileaks.org is putting Norm Coleman’s business out on the Internet.

What’s worse than losing a Minnesota Senate race?

Losing your website’s entire database, that’s what. As if claiming your website was brought down by too much traffic wasn’t bad enough, Norm Coleman’s website received a second round of criticism when I found a database file sitting in a directory that anyone could download…

I first picked up this story from @Chuckumentary on Twitter about Norm Coleman’s office saying their website had been “inundated by tens of thousands of hits today – temporarily crashing the website.” Of course that got me curious as an IT consultant and I went to check it out. Aaron Landry broke this story because previous website traffic reports and the location of the domain name didn’t match up. Paul Schmelzer at the Minnesota Independent picked up the story which is where I first saw it.

Norm Coleman’s website crash revealing a database full of supporters is now known as Crashgate.

Curious, I wanted to see where the domain was currently pointing. I used OpenDNS.com’s cache check to identify the current ip address of 208.42.168.251 and then loaded that address into my web browser.

I had to see what all the fuss was about. Was there really an attempt to bring down the website due to political unrest with these ballots in my state? Were the allegations of a poorly coded website true?

What I got instead was a plain text listing of directories…

The Database of Norm Coleman

Wowza. As I was tooling around in the directories, I saw a database file. I thought, “That’s not right.” I began taking screenshots and uploading them to Flickr. I didn’t know what the database contained but hoped there wasn’t financial information in that database. I figured it was a list of email addresses for Norm Coleman supporters and staff but I did not download it find out. Did you download the database?

[youtube width="550" height="410"]http://www.youtube.com/watch?v=9qknKAz9LUU[/youtube]

There is a term known as “Google Hacking” where you can actually search for files that people have on sites and ftp areas that have names like “passwords.txt”, “backup.tar.gz”. Eeek! Backups should be stored above the “root” folder that is shared out to the internet. This is showing up because the server located at http://208.42.168.251 was not told to restrict directories from the web.

All photos are licensed under Creative Commons.
Norm Coleman database photos on Flickr

I began posting links to the photos on the blogs of the Minnesota Independent and Minpublius to bring awareness to what I had found. Would I have done the same if this were a democrat? Probably. For me, it’s about computer security and data privacy, not about political affliation.

You can become Norm Coleman’s Website Admin

I will give them the benefit of the doubt and assume I was only able to get here because the website is not functioning. Below you can see that I could enter an email address, name and password and if this site was working, it would create an administrator in the database. I found similar files to edit and delete records as well. Being able to write to the database like this from a form should require an authenticated and active session but I can’t see the code so I don’t know.

Indexing of directories is turned on

This is a security risk. I would hope they have .htaccess files in place to restrict access to the admin directory and that index listings are turned off for the current site.

Website errors show you configuration file locations

You see errors like this a lot on Joomla websites when there is a problem connecting to the database, there is a permissions issue on a file or when files are missing.

Missing log files

This directory is empty. It doesn’t mean there are no log files (deleted?)

Site is down again

So, the site is being reported by OpenDNS.com as down again and I am getting the same info at DNSStuff.com too.

The moral of the story is that you should hire computer and website professionals who understand technology. You should plan and develop a strategy for downtime and problems. Don’t put all your eggs into one basket with one website programmer. If he or she is hit by a truck (or something goes wrong on the website and they have no recourse to help you.

Resources to protect your data

Minnesota Law on Data Security Breach Notification, Statute 325E.61 – This describes what needs to be lost for a company to notify you and how they must go about doing it. Unfortunately, it seems a company can lose your full name, address, income, number of children and previous purchases BUT not be required to tell you. (Disclaimer: I am not a lawyer)

Data Security Breaches in the US 2005, 2006, 2007, 2008, 2009 – Check to see if a school you attended, a doctor you saw, an employer, your local Veterans office, your bank, your utility company, your library or even a hotel you stayed at is listed here.

Resources for website security

The Importance of Web Application Scanning – Acunetix makes an application that can scan websites for vulnerabilities. There is a free version that will check for XSS (Think back to when Barack Obama’s website redirected to Hillary Clinton’s).

3 Common Website Security Problems – This article from Georgetown University summarizes how issues on Norm Coleman’s site could have been addressed before “Crashgate”, especially this one on unsecured files and databases:

Unsecured files and databases
When setting up your web site or application, make sure that any files that contain data that is not intended to be public (such as information about people) are not located in public web folders. Do not place such files in folders with the belief that because you are not linking to them, a user cannot find them.
Files (such as Access databases) that are datasources for your application must be located in a non-web-accessible folder (the web_datasources folder in your hosting account).
Other files that contain data used by the application should also be located in a non-web-accessible folder.
Other files that contain non-public information should be placed in a folder that is access restricted using a .htaccess file or other web server access restriction.

Update 12:12am 1/29/2009

Folks, the directory listing for colemanforsenator.com has been replaced with a login box. But…we know what’s behind the curtain now.

Update 5:40pm 1/29/2009

Stay tuned for video posting from the 1/29/2009 lifestream:

“Norm Coleman’s Database”

why the database was available
what it contained
how website developers and companies can work to prevent this from happening
and take questions from viewers

Update 11:11pm 1/29/2009

Number of hits to the post 54

Photo stats for the post
I wonder how much user information is in this database at colemanforsenate.com? 1,458 views
You can become Norm Coleman’s Website Administrator at colemanforsenate.com 290 views

Current rumors
The database contains social security numbers
The database contains credit card information (POST data)

Update 6:54pm 1/30/2009

Number of hits to the post 610
In-Progress Video of “Norm Coleman’s Database: What Happened and Why”

Post picked up on:
Politics in Minnesota – Epic recount website fail: One Dot One Dot One Dot One

Thanks to Ben for picking out the incorrect use of “then” when I should have used “than” in the header “What’s worse than losing a Minnesota Sentate race?”

FYI: If you enter a fake looking email address with your comment, I will probably not approve it. If you want to share something with me offline, use the contact page. Thanks!

Question from Dennis
What does “Awaiting Moderation Mean? Where’s my comment?

Answer
I did not publish your comment because there was NOTHING technical in it. I have published comments that:

If you just want to harp on Democrats vs Republicans and Norm Coleman vs Al Franken, you should go to a political blog and do that.

93 Comments - Posted in Cover Your Butt, Politics, Security, Tech Tasty, Troubleshooting, YouTube Tagged with: norm coleman, Security

3 Ways to Easily Generate Secure Passwords

Posted on September 14, 2008

1. Online

GRC’s Ultra High Security Password Generator is a good choice when you’re out at a client site and need something random and secure. There is also a specific area for generating secure WPA passwords. You may recognized the domain as it’s the brainchild of Steve Gibson who is well known for his hard drive recovery product Spinrite and weekly co-hosted computer security podcast, “Security Now!”

2. On your computer

Use Keepass which also securely stores and manages your passwords. I highly recommend this tool. Watch my video screencast featuring Keepass’ Auto-Type feature which saves you from entering passwords in manually each time. Very nice piece of software.

3. In your browser

With this Firefox Extension, Password Hasher. I haven’t used this extension in a long time since I use the first two in tandem but Lifehacker reviewed it last year and gave it a thumbs up. It could be a great solution for you if you were running a portable version of Firefox and didn’t have access to the internet.
(Supports FF versions 1.5 – 3.0, updated September 1st, 2008).

0 Comments - Posted in Cover Your Butt, Passwords, Security Tagged with: firefox extensions, grc, keepass

Business Servers: 5 Tips On Where to Store Them

Posted on August 11, 2008

Photo Credit adria.richards

Away from water and possible spills
Away from clients and locked if possible in a cabinet or closet
Connected to a surge protector. Belkin models for less than $30 on Amazon.com
A location that does not get too hot or cold
A location with minimal vibration

0 Comments - Posted in Business Essentials, Cover Your Butt, Protect Your Computer, Your Data Tagged with: Security, server

How to Use Kaizen To Build Better Website Content

Posted on August 8, 2008

The nice thing about helping clients build websites using Joomla is that it removes pressure.

Building websites the old way with html created stress and frustration. Web designers of the past would give the client deadlines to submit content. The client would rush around gathering up anything with words on it to “publish” to the site. Any changes after the website launch required lengthy wait times because only the website designers could do the updates.

Now, it’s no big deal to sign in and modify a word, paragraph, photo or video. Updates are easy like using Word.

The concept to keep in mind is the website can be built gradually over time. This is know Kaizen. No more one shot deals. The ability to edit text combined with monitoring visitor traffic allows clients to see what’s working and make adjustments. Companies of every size and shape can benefit. It’s been initially applied in the manufacturing sector. It’s a valuable approach to everyday business processes.

My opportunity is to communicate this new form of empowerment. I will use an example from my own website to illustrate this process in action:

Challenge – I have not taught any computer classes this year
Kaizen - I modified my page about computer classes to list current resources
Result - Page still provides value to the visitor

Photo Credit Joi

1 Comment - Posted in Adventures in Consulting, Cover Your Butt, Reflections Tagged with: development, kaizen, project, SEO, website

3 Tips For New Paypal Accounts

Posted on August 5, 2008

Everyday, more business owners are trying Paypal. It’s popularity has grown since it was acquired by eBay and it is accepted by more retailers each day.

Here are three tips I share with all my clients when they ask about doing business online. Following these will help to keep your money and your Paypal account safe from phishing scams:

1. Open a separate checking account to attach to Paypal With so many email scams out there, don’t risk the headache of having your primary checking account overdrawn. Most national banks and credit unions are more than happy to do so.

2. Use a password that is different than your email password Don’t set yourself up like a stack of dominos that collapse in a chain reaction. Your Paypal password should be different; just like your house key that won’t start your car.

3. When asked for secret questions, provide something that is not actually the real answer Companies are trying to offer safeguards by asking these questions but really, anyone who has already stolen your identity, accessed your computer or chatted you up at the bar can find these out:

Who was your childhood friend?
What is your favorite restaurant?
What was the name of your first pet?
Who is your favorite author?
Who was your favorite teacher?
Who was your first roommate?
Who was your first boss?
Who is your favorite historical person?

And I’ve also seen from Paypal and other websites:

The city you were born in?
Mother’s Maiden name?
What are the last 4 digits of your social security number?

photo credit: evanllama18

0 Comments - Posted in Adventures in Consulting, Cover Your Butt, Protect Your Computer, Your Data Tagged with: password, paypal, Security

Could Your Dentist Be Swapping Your Personal Information For Free Music?

Posted on August 4, 2008

Data theft is creeping closer to your door each day. If you’ve ever:

Worked for Pfizer
Stayed at a Super 8 Motel
Attended Columbia University
Had insurance with The Dental Network
Filed with the Minnesota Dept of Commerce
Received care at the Minneapolis Veterans Home

you could be one of the millions in the last 5 years to have your data tossed, lost, stolen, improperly shredded or plainly posted to the web.

Both theft and loss can be blamed as accidents but what about when a business puts your data at risk by installing unsafe applications on business computers? Could your dentist be downloading songs over the lunch hour while someone is uploading your data off his computer?

Most people would never think to ask their accountant or HMO about their data protection practices. Frankly, it’s not just the big companies. They make the headlines because of numbers. With more people working remotely from home, It makes you wonder if we’re chasing the wrong leaks.

Item: Limewire P2P software

Purpose: File sharing for downloading movies, music, images, software, etc.

Why this is an issue: P2P applications are not safe for business because they increase the risk for data theft, virus and spyware infections.

Solution: Uninstall Limewire or hire me to fix things

Reference: Article from Information Week – Our P2P Investigation Turns Up Business Data Galore

Are peer-to-peer networks really filled with sensitive corporate data just waiting to be plucked and abused? It seems unlikely–surely people wouldn’t be that sloppy. Like a 19th century prospector, I decided to dip my pan into the stream to see what I could find.
The results were shocking and scary–loads of confidential business documents and enough personal information to ruin any number of lives and create PR nightmares for quite a few companies. Among the business documents were spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes, all found in a quick expedition, using simple tools.
It’s doubtful that so many people were sharing such sensitive files on purpose. More likely, the users, or even their children, had installed a P2P program to download music or a TV show, and clicked “OK” to all the questions during the install process. One of those questions is which folder to share files from, and often the default is the Windows My Documents folder. The result was plain–and in many ways worse than the lost laptops that have made so much news, because the files are available to the entire world and leave no trace when they’re taken.

0 Comments - Posted in Adventures in Consulting, Cover Your Butt, Protect Your Computer, Your Data Tagged with: data theft, identity theft, minneapolis, p2p, Security, spyware, virus