Blog

TechRepublic recently released a top ten list of items required for computer literacy. I have to confess to laughing while reading the list. Many of the items listed are ones I’ve bemoaned during my interactions with friends, family members, or co-workers.

TechRepublic began its list by pointing to search engines. Some people don’t know how to use them. They type website addresses into the search box. They forget about the advanced search options. They don’t think about keywords, and the results of their searches are inevitable: millions of search results that may or may not be related to what they are trying to find.

Another item was word processing. TechRepublic listed it as an individual item, but I’ll bundle it with the Microsoft Office or Pages suite and other applications. No person needs to know all the ins and outs of every program being used, but a person should have a fundamental understanding of most programs. That person needs to know why he or she is using a particular program and what purpose it has. Without knowing that purpose, who is to say that the person is using the right tool for the job?

TechRepublic also pointed to basic hardware knowledge. It is essential. I know this fact is true after spending some time talking with tech support for my router as well as with tech support from my internet service provider. Knowing some of the cables and terminology can help to expedite troubleshooting.

Some of the other items on the list included scanning one’s computer for viruses as well as taking security precautions and knowing some basic hotkeys. I know that I probably would include those items on my own computer literacy list. Would you? What would you add or subtract? Share your thoughts in the comments.

The landscape in the IT world shifts quickly. In many ways, the landscape consists of sand dunes. A wind blows, and the dunes shift. The landscape looks entirely different within a few minutes or hours.

It can be difficult to stay on top or ahead of trends in the shifting IT landscape, but it is possible. IT professionals who pay attention to the trends and learn to forecast will be able to plan a response and to work with that shifting landscape. What shifts might occur or already occurring? Three areas come to mind:

• Mobile. This trend probably is the most obvious, but IT professionals are looking at it even more closely. Some web designers now are proposing that they focus on building for mobile devices first and developing desktop experiences second.
• Touch. Touch technology continues to grow. It may be well-known to people with smartphones or tablets, but the technology isn’t limited to those devices. IT professionals who are looking forward to new trends this year are going to be following the developments in touch technology, particularly multi-touch and sensors, closely.
• Programming languages. More dynamic programming languages, such as Ruby and Python, are coming to the fore. Other dynamic languages exist, and they should be used when needed. IT professionals are focusing on using the right language for the project, not making the project fit to a particular language.

What trends are you following? How are you preparing for them? Let us know in the comments.

A few weeks ago, I received a direct message from a friend on Twitter. The message and the link it contained seemed more than a little sketchy; however, the message was from a friend. I should be able to trust a message from a friend even if it isn’t written in her usual style, right?

The answer is “no.” Even if a message comes from a friend, it’s a good idea to be wary. If something seems amiss with the message’s style, proceed with caution. Don’t blindly click on links. Instead, consider the following options before clicking on a link:

• Preview the link. Some browsers allow you to preview a link before clicking on it. Some applications allow you to do the same thing.
• Contact your friend. Ask if the message came from your friend. Your friend may not know that his or her account has been compromised and that it’s sending spam messages to followers. 

The question is what to do if you click on the link. Once you do so, the message usually goes viral. What do you do then? It’s not as though you can retract your message. You can, though, do the following:

• Change your password. If you clicked on the link, and the message has gone viral, you need to change your password.
• Contact your followers. Let your followers know what happened. Tell them not to click any links that you supposedly sent. 

What do you do when you receive a sketchy message, whether it be via Twitter or email? What do you do when your account is the one sending the messages? Let us know in the comments.

Signcryption is the merging of digital signatures and encryption. The two things - the signatures and the encryption - often are disparate components. Signcryption seeks to unite the two. Although it’s a relatively new concept, it’s receiving notice from Homeland Security and other entities. If it were to gain traction - which it appears to be doing - it could help with maintaining the confidentiality and integrity of systems.

It is gaining traction and attention because of Yuliang Zheng’s work with signcryption. His efforts have been formally recognized by the International Organization of Standardization (ISO). The technology could impact anything from online banking to cloud computing.

In essence, signcryption prevents a person’s username and password from being viewed by unauthorized individuals while simultaneously confirming the person’s identity with the authorized viewer. Zheng believes that signcryption could affect smaller devices, such as smartphones and wireless sensor networks. The technology itself could impact productivity. By combining digital signatures and encryption, time, energy, and resources could be saved.

It’s not clear when signcryption will become an everyday household term. The recognition by the ISO is a step in the right direction, though. The technology, too, should help in the war against cyber crime.

QR codes are championed by many marketers. It’s no surprise; one can fit a large amount of information within a small space. Bar codes come with a twenty-character limit, but QR codes can use upward of 1,000 characters depending on the characters and the codes’ data capacity. QR codes also are easier to scan, and they have a built-in error correction. When space is at a premium or the space itself is awkward, such as the spaces found on subway stations or bus terminals, it makes sense to invest in the QR code.

The problem is that QR codes can be hacked. They can send people to malicious websites. They can install viruses, especially if a person has unchecked some of the security features that come with his or her smartphone. They can masquerade as legitimate applications. If the person scanning a QR code isn’t careful and doesn’t pay attention, he or she could have welcomed trouble ranging from malware to identity theft.

Fortunately, people can take pre-emptive actions. They don't have to be the victims of devious QR codes just as they don't have to be the victims of phishing schemes. When it comes to QR codes, people should:

• Use a QR-code scanner. To be more specific, use a QR-code scanner that provides a preview of a scanned link before taking action. Both Google Goggles and ZXing Barcode Scanner offer such previews.
• Turn off the “Unknown sources” option on smartphones. If it's enabled, the phone will download anything and everything. It’s better to turn it off or to remember to be extra vigilant when scanning QR codes or downloading applications.
• Pay attention to the “spidy” sense. If anything seems wrong or fishy during the process of scanning a QR code, exit the scan as quickly as possible.
• Stay informed. Spammers and scammers exploit what people know about QR codes. The more a person knows and the more familiar he or she is with real QR codes, the less likely it is that that person will fall for the fakes.

Do you use QR codes? Tell us your thoughts about them in the comments.

The beginning of the new year often is a time of reflection. We remember the past year. If we’re business owners, we evaluate what worked and what didn’t. We revise our plans for the upcoming year. We determine what steps we need to take in order to make our businesses more successful this year than in the last.

For those of us in the IT industry, we also decide which trends to follow. We consider new software, particularly software as a service (SAAS). We contemplate Application Programming Interfaces (APIs). Some of us may be beating those trends and already are using things like Salesforce or NetSuite in our day-to-day business.

We also follow what the giants are doing. How will Google impact our businesses? What will Apple and Microsoft introduce this year? We already know that Microsoft will launch Windows 8, and we expect certain things from it. How will other leaders in the tech industry respond to it?

We have to consider the gadgets, too. iPads remain the number one choice of many corporations, but we could see some competition from other entities. The Kindle isn’t necessarily a contender with the iPad, but it does skew the results for Microsoft, especially when it comes to consumer purchases.

Finally, we’ll be measuring. We’ll see analytics take even more precedence this year. It is the age of the consumer, and we have to be trying new things and measuring the results so that we can meet the needs of those consumers.

How are you getting ready for the new year? What trends are you watching or implementing?

As stated last week, using the internet is a lot like driving. You have to pay attention. You have to be prepared. You have to buckle up prior to getting on the road. You must use your indicators when choosing to turn or to exit the freeway. All those measures help to keep you safe on the road; similar measures can be taken in order to keep you safe when online.

Of course, neither the measures you take while driving or online can prevent all vulnerabilities. They simply can help to mitigate some of them. They can increase your chances of arriving safely at your destination, whether that destination be someone’s house or someone’s website.

• Use authentication tools. Authentication tools are opt-in features. Google, E*Trade, and other companies allow you to augment your password with your cell phone or other security token.
• Prepare adequately. Most email providers and social networks ask you to provide other identification measures in order to safeguard your security. Most of those measures include alternative email addresses, cell phone numbers, or security questions. Such measures must be enabled prior to your account being compromised; they offer no help to you if your account already has been hacked.
• Set alerts. Some social networks will alert you if your account is accessed from a different browser. Such alerts can help you to monitor who is accessing your account. 
• Use multiple accounts. You probably don’t have a single email account. You probably have the one you use regularly, and the one to which you direct spam from retailers and other entities. If one of those accounts is hacked, you at least have the other one. Remember, though, that you need to keep a record of your contacts in both. If you lose one account to a hack and haven’t saved a copy of your contacts, you will have to start from scratch.
• Go offline. Keep offline copies of your data. Download the data to a disk or a disconnected hard drive.

How do you stay safe in the danger zones? Share your thoughts in the comments.

Using the internet is a lot like driving. You have to be aware. You have to be on the defense and prepare an offense. If you don't have a defensive or offensive strategy, you’re likely to wreck your computer. You might have to pay for the damages yourself. You might not be able to recover from those damages or injuries, and, no matter what the television says, getting someone to pay for your bills when you’ve been injured in an accident is not easy.

Some people could become afraid of the risks and refuse to use the internet. Others use the internet without considering any of the dangers until they’ve been injured. Still others weigh the risks and watch for the danger zones:

1. Malware. Malware continues to invade people’s computers in a variety of ways. Anti-spam and anti-virus software helps, but it doesn’t provide a guarantee against infection. You have to pay attention and ensure that you’re visiting the right sites. You have to refuse to open email attachments from sketchy email addresses. You have to keep your anti-spam and anti-malware software up to date.
2. Windows XP. Windows XP has gaping holes in its security, and they aren’t going to be repaired. Your best - and really only - option is to upgrade to Windows 7.
3. Computer kiosks. Public computers always are a risk. You can’t be certain they’re free of malware. If you choose to use them, make sure you’re not visiting sites that require you to enter your email address, username, or password.
4. Public Wi-Fi. Public Wi-Fi means unsecured connections. It has the same dangers associated with it that computer kiosks do. If you’re planning to access sensitive information, it’s best to wait until you can use a secure connection.
5. Man-in-the-middle attacks. Man-in-the-middle attacks often occur in public Wi-Fi settings. You enter your information at a website, and the information is sent to both the wrong website - the “man in the middle” - and the correct one. You’ll never notice the attack until you receive a “surprise” bill in your email or mailbox.
6. Phishing. Phishing scams usually are found in the emails from the rich uncle in Nigeria or the stranded woman in London. The scams are becoming more sophisticated and targeted; therefore, you should use caution when deciding to click on any sort of link purportedly shared by one of your friends via email or a social network.
7. Passwords. The advice cannot be given enough: do not use the same password at multiple sites. If you’re concerned about remembering passwords, you can invest in password software.

What danger zones would you add? Let us know in the comments.

Accuvant recently released a study touting the benefits of Google Chrome. According to Accuvant, Chrome has the most and the best security measures. The problem? Accuvant’s study was funded by Google. The study, therefore, is biased at best. Accuvant isn’t upfront about the conflict of interest, either. It says the study was an objective and independent assessment.

The study itself did focus on four important browser concerns: URL blacklisting, IT hardening, plug-in security, and sandboxing. URL blacklisting is meant to protect against bad URLs. Browsers are supposed to detect bad URLs, then blacklist them. IT hardening is a process in which a computer’s system is “hardened” toward security vulnerabilities. The process eliminates as many security risks as possible, usually by removing all non-essential programs and utilities from the computer. Plug-in security refers to the safety of the add-ons that come with browsers, such as plug-ins for email or other applications. Sandboxing is a security mechanism that separates running programs. For instance, if an anti-virus doesn’t recognize a particular program, the anti-virus may “sandbox” it in order to prevent it from corrupting the computer’s system.

All three main browsers of choice - Chrome, Firefox, and Internet Explorer - failed in the area of URL blacklisting. The browsers’ performance varied in the other three categories. Based on those four areas, Accuvant ranked Chrome first, Internet Explorer second, and Mozilla Firefox third.

Of course, Accuvant’s ranking is questionable due to the conflict of interest. What should be remembered is that browsers will need to continue to improve in the areas of URL blacklisting, IT hardening, plug-in security, and sandboxing. Browsers also will need to be kept up-to-date; if they aren’t, their abilities in those four areas decrease significantly and open a computer’s system to potential threats.

With the advent of the holidays, it should come as no surprise that spammers and scammers are trying to lure in unsuspecting customers with fake websites and emails. A recent attempt, as reported by Sophos, includes emails supposedly sent by Amazon. The emails themselves contain typos. Most users are wary of such things, but they might not be as suspecting of the attachment the emails contain. When opened, the attachment directs people to a web form requesting their address, date of birth, and other identifying information.

The attachment is yet another version of a phishing scheme. Phishing schemes usually involve links but not necessarily. It seems that spammers and scammers are investigating new options as people become more aware of spam warning signs. The signs include:

• Misspellings. The authors of spam and scams usually aren’t writers and editors. They don’t proofread their work.
• Incorrect grammar. Many spam emails use obviously incorrect grammar. The subject and verb don’t agree, or the sentence structure is awkward.
• Incorrect addresses. If the address is wrong, it’s probably spam or a scam. At best, it means that the person didn’t take the time to determine your gender. Unless you have a name that is common to both sexes, you should be addressed correctly almost all the time.
• No security protocols. If you are redirected to a form requesting personal identifying information, that form should have HTTPS enabled. If it doesn’t, you should refrain from entering any information.
• Requests for money transfers. Money transfers are the most obvious form of spam and scams. They usually come from your rich uncle or aunt in Nigeria; however, some schemes employ one of your contacts’ email addresses and says that your contact is stranded overseas and needs money.

If you still aren’t sure you’ve received a spam email, you should call the company or person who purportedly sent it. Confirm that you need to submit your information. See if your friend actually  is stranded and in need of assistance. You never know; you might rekindle a friendship or customer relationship with the simple act of a phone call.

How do you identify spam emails? What do you do when you receive one?