At my vacation house this year the owner provided a free wireless internet connection that anyone in our house (and probably a few surrounding houses) could use while they were staying there.

I mentioned to my niece who also brought her laptop along that it was possible (but not likely where we were) when using an unencrypted network that someone else could be intercepting and reading anything that she sent out over the network. She’s young and didn’t realize such things were even possible, but even for someone who knows it’s pretty easy to take security for granted, especially when you’re on vacation.

Today I read on Fox news that there are many shady folks setting up free open wireless networks at vacation spots like hotels, airports and many others just to “listen in” and steal your valuable personal information.

If you have a network yourself, you know that you can name it anything you want, so criminals are picking names to look like they are a legitimate service provided by someone that you trust. Since the bad guys control the network it makes it even easier for them to see everything that you send and receive. Worse yet it’s possible for them to get into your machine.

My advice to anyone using an open network connection on their computer or phone is to use a good firewall and to always assume that someone is listening in. Don’t give them anything to steal. While I was away I did have a few important errands that required a secure connection and for those few times I turned the Wi-Fi off on my phone and used the phone’s much more secure network.

Read more about this and pick up some more good security tips on the Fox News site

Wireless Cybercriminals Target Clueless Vacationers

Last week Adobe announced that there was a serious security flaw in it almost universally used Reader and Acrobat software. Their recommendation is to turn off JavaScript in the program. I didn’t even know that Acrobat could run JavaScript and I tried to think of one reason that it would need to have it for me and I couldn’t think of any. Who needs JavaScript in a PDF? I’m sure there a few cases, but I’ll bet not many.

I found where it was and turned it off and now anytime I close a PDF I get an annoying error message that says I have JavaScript turned off and that my documents may not behave correctly and that I should turn it on. Not once has a document that I’ve used not worked correctly.

With Acrobat, Flash and all of their other very popular software Adobe is going to find itself a bigger and bigger target of these scum. I don’t think they have ever had to think about security like this before, but they will now.

Hey Adobe, here’s a start, turn off JavaScript by default. Why have something turned on automatically that can be a huge security hole if it’s not used much? When it’s (rarely) needed make it easily (and temporarily by default) turned on.

Adobe confirms new flaw, recommends turning off JavaScript

I recently got in touch with a high school classmate of mine. Barb Girson is an International Direct Selling expert, trainer and coach who recently set sail with her own business called mysalestactics.com. We had a few emails back and forth and an interesting conversation about where we have been and what works in promoting out businesses.

I mentioned to her that Craigslist has been one of the best tools that I use to find new customers. Barb asked me about how I get it to work for me and also asked me an interesting question, “Would you consider this a networking strategy?”

My first thought that no it was not, but after pondering the question for a while I have decided that it is. I’ve met new people through the use of it and have used my networking rule of trying to offer something of value (free information) without expecting anything in return, so I guess it could be called networking.

Her next request was for me to describe the process that I used for this. I decided to write this post about it because I believe what Scott Ginsberg says “Writing is the key to all wealth“.

There are two methods that I use to promote my business on Craigslist:

First, I have written a series of advertisements that I rotate through several cities in my region in the “computer services” section. It is important to follow Craiglist’s rules by not posting too often and only posting these ads in the appropriate section.

I have seen many ads for different services posted in the “web design jobs” or “computer gigs” sections. Since these sections are for people looking to buy web services these ads usually get flagged and removed pretty quickly, but more importantly they are not read by the people who are actually in the market for their services. I know that personally I would never hire someone who didn’t understand or care that this was not the correct section to post their ads.

Second,  the “web design jobs” and “computer gigs” sections are the ones that I need to be reading to find people advertising jobs that I can do. To read those I use RSS. Every Craigslist page has it’s own RSS feed and I can subscribe to those just like any blog and get these ads almost as soon as they appear in my feedreader. For that I use Thunderbird another great free Open Source tool. Not only do I get my email, Thunderbird brings all of my RSS feeds into it as well and I can read them just like my regular email.

Even though there is quite a bit of Spam on Craigslist using Thunderbird I can still monitor many Craigslist cities, have all the post sent to one folder and go through 30 or 40 posts in a couple of minutes. I currently subscribe to two feeds in well over 30 Craigslist cities and still only spend about ten to fifteen minutes a day working on it. I probably actually answer five to six ads a day and I have a general outline that I use for this. I try to personalize each reply to the individual city and request, but here’s the basic outline:

Hello,
My name is Jim Lillicotch and I am replying to your Craigslist ad.
I live in Pittsburgh PA and have customers in (local city) and many other areas that are very satisfied.

For information about my business, I invite you to tour my blog:

• seo
• promotion
• email
• viral
• management
• security
• do it yourself

Feel free to comment on any posts that strike your interest and contact me with any questions

Thank you for your consideration.

Jim Lillicotch
Lillicotch.com

I have found that people posting these jobs on Craigslist tend to be bombarded with responses to their ads, but if I get a reply I try to find out exactly what their job entails and offer to be as helpful as I can. I have foud several customers this way and also a few good friends.

It’s finally going to happen. As I wrote in my post Pittsburgh Happenings – The ‘Burgh Sees All, Pittsburgh PA is going to install cameras everywhere.

The manufacturers claim that they help solve and prevent crimes. Well, of course they say they do, they’d be foolish to say anything else, they want to sell these systems, but prevent crimes? I’m not so sure. I am sure that as in the past whenever something good comes from this the cameras will get the credit even if it was just traditional investigation that got the job done.

“You can zoom three blocks away and read a business card or a license plate,” said Darrin Lipscomb, president of Avrio Group, a Maryland firm that won a competition to be the city’s surveillance camera vendor. “We’re going to have very sophisticated viewing stations that will allow any number of people to view these cameras in any number of ways.”

I want to know who is watching the watchers? and what is going to happen to the data? Even though the City assures me the data will go away I know that these days data never truly goes away. It’s much too easy and cheap to save, store and move around.

I keep reading that crime has gone down (but it’s too early to tell for sure). The studies that I have seen haven’t shown any real drop, the crime just moves to where the cameras aren’t. In the end I think that this money would be better spent on something that will really make me more secure everyday, like more detectives or fixing the potholes and making the roads that I drive every day safer.

City to go high-tech with security cameras soon

In addition to designing websites, I am getting requests lately to just manage data for clients.
For example, shopping cart databases, Google or Open Office Documents. Some password protected and some not.

• I have found that the simplest solution is probably the best one.
• The htaccess file is simple to use and has good security.
• Of course, the level of security depends on how good of a password that you choose.

Because I like to also host my customers sites I know where to go to manage these files
I use cPanel which is free and open source. They make it pretty easy to do.

Here’s something just for some fun on a Friday. (Not responsible if you get caught playing at work)

A game of airport (in)security. So true to life it’s very funny.
There are many games on this site, but this is one of my favorites.

Play Airport Security

.

I use Verizon for phone and DSL and have for years. I have been very satisfied with them, but I recently got an email from them that bothers me.

Dear Verizon.com customer,
Thank you for taking the time to update security components of your verizon online account. Because security is a top priority at Verizon, we’ll need you to validate your email address at this time. To do this for your Online Account with User ID ######, you will need the following three digit code:###

Follow this link to input the above three digit code and your User ID and Password: Click Here (link removed)

I am almost certain that this email came from Verizon because I had logged into my account to pay my bill and they wanted to update my security information and then let me know that this email would be coming.

Even though I believe this email to be legitimate it bothers me for several reasons:

• Even though I am 99.9% certain that this email came from Verizon there is still that 0.1%. I couldn’t find anywhere on their site where I could go to this page from a link, before or after I logged in.
• They told me that this email would be coming, but it took several days to actually arrive.
• Most every company that I deal with on the web tells me to never click on a link in an email asking for my personal information.
• What happened to all of the previous communication from Verizon where they told me that they would NEVER ask for my password in an email? I guess they were just kidding.

It seems to me that even if this is a legitimate email, Verizon is making their security worse by actually inviting Phishing Scams from people copying this format.

I live in Pittsburgh PA and have all of my life.

This morning I heard news that The ‘Burgh wants to install cameras everywhere.

Then this afternoon I check the blogs that I like and see Bruce Schneier has posted London’s Security Cameras Don’t Help. There is always lively discussion on his blog.

I hate to see this camera thing coming to be, but they are already on the highways, at traffic lights and I suppose it’s inevitable in this age.
Maybe I’m just nostalgic.

In the end it’s probably going to be Google that does a better job with the technology. They already have Street View.

I believe that there are more proven methods of crime prevention which would make better use of the money.
Although it may be one of those deals where you have to spend the money on this project or lose it, I’m not sure.

I wonder about things like…
What would happen if the system was hacked without detection, from outside or inside and used to commit crimes?
Good movie plot, no?

In case anyone doesn’t know the 404 Error page is the page you get when a visitor types in an address or clicks a link that is not there. It could be a page that’s been moved, deleted or was never there in the first place.

Most sites still have a generic error message that is assigned by their server that just says “404 Error: File Not Found”. Many people don’t realize that you can have any page be the one that shows up when your visitors gets a 404 Error. I have a simple custom 404 Error page.

On Apache servers this process is controlled by a file called htaccess.
Note: There is a “.” before the htaccess, but Word Press won’t allow this word on my blog.

This is a file which controls security and all error messages, but this post is about the 404 Error.

To make a Custom Error Page you first create your HTML error page. I recommend that you have a link to or search for all of your other pages.

Create a plain text file and name it *htaccess (replace* with .) The text in your document will be…
ErrorDocument 404 /Error.html

where Error.html is the name of your error page and it is in the same directory as htaccess.

If you place these files in your root directory they will work for your entire site or they will also work on a folder by folder basis.

You can also have a cool, funny, or beautiful error page. There’s a post on Smashing Magazine called “404,Design,Error,inspiration,Navigation,Design Showcase.” There are some really great 404 Error Pages here.

More…

I was searching for an easy way for my customer to manage the email addresses for their newsletter campaign and I came across OpenNewsletter and it seemed to be just what I needed.
” A free, simple, and beautiful open source newsletter solution aimed at small-medium scale. Very easy installation. Just upload and its working. No database needed.”

I found it simple and easy to use, but he had all of the main files in one folder and I had some security concerns about leaving the password and the customer’s email addresses in an place where anyone could look at them. I moved those two files into another folder and made it so no one except the program could access it. Now it works well and is much more secure.

I’m going to tell the author, Sohail Abid from Pakistan ,what I did so he can offer it to all of his visitors. Drop me a note if you want to know yourself.

More…