When Lightning Strikes

I’ve been thinking about the weather lately. Here in Buffalo, our spring so far has been sunny. Almost too sunny – not exactly an ordinary springtime here, but we’ll take it!

Other parts of the country haven’t been as lucky. Right now, many parts of the South and Midwest are battling floodwaters brought upon by violent storms. As these storms have made their way across the country a brief electrical storm passed over our way as well, which got me thinking; what is the one problem I have most frequently seen this time of year?

Power issues.

Spikes, sags, interruptions and cycle or frequency variations threaten the health of electrical components, computers, networks and the data they carry and store. A server or PC lost to a sudden, unexpected power issue can be devastating, and it doesn’t take much. A common static discharge, although harmless to a person, can be lethal to a circuit board.

Lightning generated in storms, which increase in frequency this time of year, can pose a larger problem. Lightning can create an enormous environmental disturbance, threatening any device that can carry electrical currents. Furthermore, it doesn’t take a direct lightning strike to cause damage. The electromagnetic fields created by lightning can be just as damaging. These electromagnetic fields can be strong enough to induce a current into any nearby conductive structure, including electrical infrastructure, telephone and coaxial cables.

A sudden change in voltage can cause a system failure, threatening data storage and consistency.

Protection from these environmental hazards is a must. But what is required?

We see a lot of people, in an attempt to keep costs down and increase the number of outlets available near equipment, purchase very inexpensive surge suppressors or even simple power strips. This is an inadequate solution to protect equipment from power issues and can even create other unexpected issues.

At a minimum, one should consider investing in a good surge suppressor. Our recommendation is nothing lower than a 1500 joule rating. A joule is the amount of energy the suppressor can absorb before it fails. The higher the rating, the better it will protect the equipment attached to it. Of course, nothing is fool-proof and even the best suppressor will fail given a large enough spike. Also, if you’re using traditional phone-line communications with a modem, look for a surge suppressor with a telephone line protection jack.

A good surge suppressor will protect your equipment from over-voltage events, but is not effective for other power events – under-voltage, interruptions, and other out-of-phase occurrences can still cause damage by creating instability in the electrical system your technology depends on. That is why at Aspire we always recommend an Uninterruptable Power Supply, or UPS, for every computer, printer, server and phone system we sell, service and/or install.

There are three basic types of UPS units:

1. Standby UPS – this is the most basic type of UPS. In a standby system, under normal A/C power, the attached equipment will be powered from the A/C source while the UPS unit maintains a constant charge to its battery. When a power event occurs, the UPS will switch to battery power. This switch-over can be as long as 25 milliseconds, but in most cases will keep your electronic equipment running smoothly. They also provide surge suppression against over-voltage situations. The benefits to these UPS units are their relative affordability and surge suppression. The drawback is they provide no line conditioning and even with a fast switchover it might not be fast enough at times to keep your attached equipment powered properly through the event.

2. Line-Interactive UPS – similar in design to a Standby UPS, but these devices can maintain a consistent energy flow to attached equipment using variable-voltage transformers to balance electrical output through over and under-voltage events. This is becoming a more common technology even in inexpensive UPS options.
3. On-Line UPS – Provides electrical isolation by powering attached equipment from the battery at all times. The battery power provided maintains a consistent cycle and flow regardless of the events on the electrical system. These tend to be larger and more expensive, used more commonly in data-center and enterprise environments

Of course when considering a UPS solution, other factors such as equipment voltage, amperage and desired run-time on battery power must be determined. Aspire Technology Solutions can help you find the UPS solution that will best fit your requirements!

And remember the only sure way to protect your equipment during a storm is to shut it down properly and unplug it from A/C power. And I can’t stress this enough; always make sure you do regular and frequent data backups to guarantee your data will be safe regardless of what Mother Nature surprises us with!

iPad: Anything But Leak Free

With the recent release of Apple’s new and anxiously awaited iPad, the channel and the consumer market are all buzzing over the features and possibilities of this device.  As well they should – the highly anticipated iPad is not only the latest and greatest offering by the gadget giant, but brings to the market a new and unique device to be considered by businesses, public entities and home users as well as an on-the-go technology solution.  As portable entertainment was revolutionized by Apple’s iPod, the iPad should have a similar affect on the mobile computing and communications market, in due time.

But with it come the inevitable problems and dangers of any new platform.  Problems that iPad users should keep in a mind and also consider while looking at the iPad as a solution.

For years part of Apple’s marketing campaign included the underlying message, “No Windows, no viruses.”  While this may be true to an extent, it doesn’t mean that there are no security flaws in their products.  And while the ultra-mobile iPad may not be vulnerable to such issues right now, that doesn’t mean that it never will be.

Part of Microsoft’s problem with security through the years is simply the breadth of their products usage in the business and government sector.  While approximately 98% of all desktops in these markets run a Windows O/S, the odds are good for the bad guys that they will find an open port or a vulnerable system somewhere.  As the iPad becomes more popular it too will become more frequently targeted, and more frequently hit by the bad guys.  Think of it as a numbers game; the more of them there are out there, the more attractive of a target it becomes.

Since it runs a very similar operating environment as the iPhone and the iPod Touch, distribution of malware that can exploit browser based vulnerabilities in these devices are equally effective, and all of these devices are currently vulnerable to numerous web kit attacks.

Along with that is Apple’s attempt to keep applications on these devices proprietary – meaning you have to go to Apple to get their officially licensed software for them.  Jailbreak attacks have grown in popularity as users and hackers alike attempt to open their iDevices to applications and software other than those sold by Apple.  As always with these applications it is, “buyer beware,” and you can bet not all of them are designed to be the user’s friend.

You might be asking, “So, some security software should cover these problems, right?”  Well, that would be the case, except there are no anti-virus or firewall options for the iPad.  With the ability to access public WiF and hotspots, the iPad is touted as a convenient mobile internet device.

But, would you consider doing internet banking on public network on a Windows laptop without having a firewall or encrypted connection?  I hope not – unfortunately without any built-in firewalls, that is exactly what you would be doing using an iPad for these purposes.  Lacking this feature will inevitably make for easy access for mobile hackers looking to steal personal information.

Compounding that is iPad’s lack of any comprehensive encryption and password protection.  A serious concern for a device designed to be used for mobile e-mail and internet capabilities.

Apple has marketed iPad as a robust media device, which also offers hackers a varied platform for attacks.  Just prior to the release of the iPad, Apple distributed patches to address 88 different vulnerabilities for Mac OS X, Quicktime and iTunes.  However, there are still security issues and known vulnerabilities in Quicktime, which is embedded as OS X’s default media player, as well as known exploits found in iTunes, CoreAudio and ImageIO. 

The media capabilities and security issues present can also allow malicious code to be embedded into media sent through e-mail via video CODECS or into phishing e-mails with fraudulent web links.

So with advancement and possibilities, the warnings should also be noted.  Identity theft continues to rise – and the best defense against it is being aware of where the threats can come from.  The iPad is a great device in concept, but my road-tested ThinkPad is still a durable platform and I’ll be waiting for the release of iPad 2.0 before jumping on this bandwagon!

Top 5 Haiti Scams

One thing that never fails to impress me about the human spirit is the out-pouring of support, assistance and over-all sympathy when tragedy strikes.  World wide, people come together and do or give whatever they can to help those in a time of crisis.  In the aftermath of the devastating earthquake that has stuck Haiti, humanity has once again come together to show how generous and supportive we can be.  And as the internet makes the world smaller, this assistance can be delivered faster than ever before.

Of course the opposite side of humanity often comes to light as well.  There are those who plan, scheme and seek to take full advantage of the outpouring of generosity for their own gains.  With internet technology at their disposal these schemes can be rolled out quicker and take more from unsuspecting victims; people looking to help those in need.

So what are these schemes?  What should we look for, be wary of and most importantly, how do people keep themselves and ultimately those who need help from becoming the victims of these scams?

1. Fake charity or malware sites.

Scammers know those who want to help but might not know where to go are likely to go to Internet search engines for advice.  Fake charitable organizations are springing up online faster than dandelions in a spring meadow.  These scammers use a technique known as Search Engine Poisoning to get their sites to the top of the search engines quickly.  Although they may not stay there, the majority of search engine users tend to trust the top search results as being the most relevant and therefore legitimate organizations.  This gives the scammers precious time at the top of the ranks to dupe as many users as possible.

Our suggestion – always go the extra step to verify the organization you’re looking to donate to is legitimate.  Nothing saves time, money and aggravation better than doing your homework and gathering all of the information before taking action.  Stick to charitable organizations you know such as the Red Cross (www.redcross.org) or contact your local government for information on any grass-root efforts in your area.

Also, a quality security application such as Trend Micro Internet Security will actually provide you with information as to which search engine results have been verified as legitimate, scams or those that have not been verified yet.  Please see the graphic in the article for a demonstration of this feature.  This will give you a good first indication if the site is for real or just out to make a buck.

Or something worse.

2. Twitter tweets and traps.

Many see Twitter as a reliable source for breaking news and information, but just as many legitimate companies use Twitter for marketing purposes, scammers use it to market their fake charities as well.  Using Twitter accounts, target links are spread in an effort to make them look like official charities or news sites related to the Haiti crisis.  This is exacerbated with the use of TinyURL’s that can easily hide a shady link.

Again, be sure to verify the source and destinations of these links.  If in doubt, don’t send the money.  Seek out a reputable organization that you know and trust.

3. Spam and Phishing galore.

Spammers know due to the outpouring of concern over the happenings in Haiti, e-mail users are more likely to open messages with “Haiti” in the subject line.  Many of these are messages designed to appear as though they are sent by not-for-profit or charitable outreach programs. Others use “Haiti” subject lines as a disguise for the usual online pharmaceutical sales, dating-sites or links to other malware infested websites.

As you know, malware sites containing rogue anti-virus programs, Trojans and key loggers are set up to steal user information and potentially damage computer data.  These nefarious attempts at identity and financial theft can be even more dangerous and damaging than fake charities.

It is important to remember that unless you have supplied your email address and signed up to receive newsletters from charity organizations online, they will not send you solicitations for donations.

And as always, keep a reliable and updated security application on your PC and use common sense.  Do not open emails or click links on emails without verifying the source first.

4. Haitian money scam.

Like the infamous Nigerian Money Scam or 419 scam, e-mails from supposed Haiti Earthquake victims that paint a grim picture of life and suffering in Haiti, begging for assistance are becoming more prevalent.  These e-mails generally include a very convenient link to send donations as well.  In most cases the link directs the user to a malware site that will infect the user’s computer with Trojans or key loggers.

As in all cases, common sense and a good mail filtering security program is still your best defense.

5. So-“phish”-tication.

Phishing attempts are becoming more sophisticated.  We’re all pretty used to seeing the horribly written phishing and spam emails, wrought with misspellings and grammatical errors.  New phishing attempts detected are sophisticated emails impersonating reputable charities such as the Red Cross.  These lengthy emails include data and statistics that compel the reader to donate immediately to help the victims of Haiti and other disasters.  However, the spoofed links in the email lead back to fake donation sites of profiteers or malware sites aiming to steal identity and personal information.

All the same suggestions apply here – charities such as the Red Cross will not send e-mails asking for donations unless you’re already on an e-mail list with them.  Keep your security software updated and avoid clicking links in unsolicited e-mails.

When in doubt Aspire Technology Solutions has security experts on staff that can answer your questions and even check on the legitimacy of e-mails and websites.  We also carry a wide range of security products for businesses and home PC’s that can be purchased on-line and downloaded for immediate use.

We are all concerned for the victims of the earthquake in Haiti, but our assistance needs to be directed to the organizations that can provide help to those that need it.