Impact Smart Hard Drives

OK… it’s a Friday night and I (like my fellow geeks) are at home watching The Big Bang Theory.

A commercial comes on… a computer maker is going insure the security of the world by making sure their laptops have (get this) “Impact Smart Hard Drives”.

I started wondering if they meant that the hard drive was smart enough to know when it had encountered an impact or if it just knew the definition of the word “impact”.

I would hope that technology companies would refrain from misleading the public about (of all things) the capabilities of the technologies they sell.

Why don’t they say “shock resistant” or something like that.

Save the world… don’t drop your laptop

Veterans | LinkedIn

This is perhaps the best job searching avenue I’ve ever seen for veterans.

When I got out we had the opportunity to go through some transition classes and stuff, interview with potential employers. But the opportunities were fairly limited to blue-collar jobs like truck driver or janitorial services. Not that there is anything wrong with those jobs, but after 20 years or so in the Signal Corps working with digital communications equipment my skill set didn’t exactly match the ready made employment opportunities.

This opportunity on LinkedIn is perfect.

I encourage all individuals who served our country to take advantage of the great search tool LinkedIn has provided for us.

It has monster or any other job search engine beat.

Veterans | LinkedIn

Wisconsin Senate Passes Bill to Regulate Attorney Fees » Controlling Legal Costs

This is an interesting article.

The fees have to be limited based on the ‘factors’ listed below. I don’t see how this is really limited legal fees unless it was to spend some money on legislation that really doesn’t do anything.

• Time and labor required by the attorney
• Novelty and difficulty of the questions involved in the action
• Skill requisite to perform the legal service properly
• Likelihood that the acceptance of the particular case precluded other employment by the attorney
• Fee customarily charged in the locality for similar legal services
• Amount of damages involved in the action
• Results obtained in the action
• Time limitations imposed by the client or by the circumstances of the action
• Nature and length of the attorney’s professional relationship with his or her client
• Experience, reputation and ability of the attorney
• Whether the fee is fixed or contingent
• Complexity of the case
• Awards of costs and fees in similar cases
• Legitimacy or strength of any defenses or affirmative defenses asserted in the action
• Other factors

Wisconsin Senate Passes Bill to Regulate Attorney Fees » Controlling Legal Costs

Another Example of Bad Journalism

This is yet another example of publications, in this cast MarketWatch, takes press releases directly from the internet and redistributes them as ‘news’.

The results of this New York Law Journal’s Reader Rankings Survey is misleading (to say the least).

First off, they had less than fifty respondents.

Second, the survey was sponsored by the company in question, so of course the questions were skewed to provide results they were looking for so the could put this press release out.

For a news source to consider itself main-stream it must first stop reprinting press releases, they are nothing more than marketing tools and have no real news.

If it does want to use press releases for story ideas that’s fine, but it must take a few minutes to check the facts and then rewrite the release interjecting its own findings.

Be careful of what is being published as ‘news’… question everything, especially self-serving news stories which are really just marketing tools.

Mitratech TeamConnect Receives Top Honors for Both Matter Management and Entity Management in New York Law Journal's Reader Rankings Survey - MarketWatch

Google Millionaire: Obama: 'Raise My Taxes, Please!'

I find it very odd that a millionaire who received is education because it was paid for with Pell Grants and (his words) “job training programs that made it possible for me to get to where I am” would want to rely on the federal government to take his money and do the right thing like replenish what his education and job training cost.

Why doesn’t Doug Edwards use what monies he believes should be given in taxes directly back to grant systems and or job training systems that helped him out, that way they would not be so reliant on the federal government to sustain them?

Better yet Mr. Obama, introduce a new tax rule that states if you file a return showing over “X” dollars in income and you are the beneficiary of education grants and job training programs that you have to pay the money back just as if it were a student loan?

I think the best retort President Obama could have given to the group was encouragement to support programs that they feel are worthy directly. Kind of a pep-talk to get them to do good deeds directly rather than indirectly. After all, the odds of raising taxes on millionaires (and Doug knows this) is at best 50/50 right now.

We need to stop relying on lawmakers to be all knowledgeable with regards to taxation and paying for a civilization. They aren’t good at it.

I wonder if Doug Edwards would feel that way if he was living pay-check to pay-check like most Americans do.

Google Millionaire Tells Obama: 'Raise My Taxes, Please!' - DailyFinance

Another Example of the Media Misleading the Public About Internet Security

This is a perfect example of how the media uses the trust the public puts in them as a way to keep them scared and mistrust the Internet.

In this article by The Register (United Kingdom) it explains that the encryption method used by sites like PayPal and others has been compromised in a way that hackers can ‘catch’ your purchase and payment information as it is being transmitted.

While it may be true that SSL 1.0 has been cracked – it was cracked some fifteen years ago in the 1980s.

Modern browsers don’t even allow it as an option in their security settings. Bottom line – NOBODY uses it any more.

TLS encryption isn’t even even turned on by default – so (you guessed it) nobody uses it unless it is with their corporation intranet or other specialty internet service.

The article is hype for some security group in Buenos Aires and some paper they are going to present to the Ekoparty Security Conference.

Don’t be mislead by the media – they only publish stuff they get on emails and never take the time to verify the information themselves.

Hackers break SSL encryption used by millions of sites • The Register

Scientists: New Alloy Could Produce Hydrogen Fuel From Sunlight - International Business Times

If this is accurate it is the “the answer” to the next century energy use in this country and around the world.

Don’t let this story die… share it, friend it, like it, whatever it. Don’t let some large power or oil company squash it.

Scientists: New Alloy Could Produce Hydrogen Fuel From Sunlight - International Business Times

WikiLeaks springs leak: Sources revealed

This is great… I mean it’s the BEST.

First you’ll need to understand that WikiLeaks justifies their quest to reveal government and business secrets as one of ‘open information’. Meaning that they believe that nothing should be secret, all knowledge belongs to everyone on the planet.

Now that their own systems have been cracked, I wonder what they will justify their actions with next.

Consider the fact that the files themselves (link below) were encrypted goes against the very principals by which they say they were founded.

Face it Julian Assange, you do WikiLeaks to make money from the Google Ad Space.

WikiLeaks springs leak: Sources revealed - Tim Mak - POLITICO.com

LDAP flaw opens major authentication security hole

I never have been a big fan of LDAP. A protocol who’s acronym starts with “Light Duty” is sure to raise eyebrows.

First, the functionality was never initially meant to be a security crutch for corporate IT departments, it was meant to be an easy way to provide lists and verify access to areas of a network, not the network itself.

In the latest release the Mac LDAP has such HUGE problems that one can access anything on a network by simply leaving the user name blank.

Yes, you read that correctly: BLANK

My primary concern with using LDAP for access to a corporation’s most sensitive information is not the technology itself, but the humans running it.

90 plus percent of all security breaches can be traced back to an internal corporate employee either not following instructions or purposefully giving away access to corporate security network.

With LDAP, you just make it easier for that kind of insider destruction.

The full story to the problem with MAC’s LDAP can be found at CNET via the link below.

LDAP flaw in OS X Lion opens major authentication security hole | MacFixIt - CNET Reviews

Conference Keynote Announced

Lawtrac User Conference Keynote Announced

Exciting News! We are pleased to announce that the keynote speaker for the 2011 Lawtrac User Conference is Steven B. Levy, author of the bestselling Legal Project Management: Control Costs, Meet Schedules, Manage Risks, and Maintain Sanity.

Mr. Levy previously headed the legal technology/operations team at Microsoft and he has more than a decade of experience training attorneys and legal professionals in project management.

He will speak to this year's theme: Streamlining Your Legal Department: Maximizing Output from Limited Resources.

Don't miss this outstanding opportunity to hear one of the leaders in legal operations and technology show how to use Legal Project Management techniques to increase efficiency and provide more value. We guarantee you will leave the conference with ideas you can immediately implement to benefit your law department and company.

The agenda can be reviewed here.

The Lawtrac User Conference will take place at the prestigious Marriott Sawgrass Resort near Jacksonville, Florida on October 13 and 14, with a welcome cocktail party on October 12 at 6pm. The registration fee is $975.

Ukraine: Most Dangerous Networks

According to CountryIPBlocks.net 99.99% of unwanted internet traffic comes from the Ukraine.

Unwanted traffic includes all that spam email you get and hackers scanning sites for email addresses or cracks in the website security.

If you would like to know how to block individuals from this or another country from your website let me know, I have a few tricks up my sleeve.

Country IP Blocks™ » Ukraine: Most Dangerous Networks

iPhone, Android apps store sensitive user info

This really should be a ‘standard’ but if we can get our friends, family and coworkers to follow this one simple rule then this ‘problem’ will be reduced greatly.

Don’t store user names and passwords on your mobile devices.

Sounds simple enough, but how many of you hit the ‘yes’ button every time you are prompted with the question “Do you want to save your log-in information"?”

Get in the habit of saying NO.

Here are the findings of a recent CNET study. The link to their findings is below.

Study: iPhone, Android apps store sensitive user info | iPhone Atlas - CNET Reviews

Garage Sales of America

OK... so I stepped in it again. A female friend used a 'service' to register and host a number of URLs, one of which is GarageSalesofAmerica.com.

When she first approached me to reprogram the site I did a look-up on Network Solutions WHOIS and found that she was not the registered owner of the URL and tried to explain to her that these "Dollar-A-Month" services retain ownership of the URL.

She differed and pleaded with me so I did my thing, programmed a complete application with the database, intergration with Google Maps - well, a lot of bells and whistles.

I did the programming over the fourth of July weekend.

She has yet to move the URL to the new DNS.

An just a month later (as of August 6th, last Saturday) she wants to move in another direction.

All that code and effort for nothing.

Looking For

I'm currently looking for an 'Air' developer who can create a plug-in for Blackberry or other handheld device that will execute an FTP function to move the email and any attachments to an FTP server.

If you or anyone you know feel you are up to the challenge please feel free to contact me at Development@LAWTRAC.com

Misleading Information from Forbes about ColdFusion

The link at the end of my Soapbox rant will take you to a short blog entry by Stephen Wunker, a writer for Forbes.com who’s apparent area of expertise is “New Markets”.

In this essay he proclaims that the second (of four) reason that MySpace.com is faltering is because it was written in ColdFusion which (as he puts it) is not an open source tool.

OMG (to put it in today’s vernacular).

According to Richard Buckingham, VP of Technical Operations at MySpace from 2005 to 2010 the site was launched in PHP but switched to ColdFusion for the sole purpose of allowing a more open platform. The API allows individuals to write in .NET, C#, ColdFusion, Ruby, and yes, even PHP.

Now there is no way to contact Mr. Wunker through his Forbes blog entry so I can attempt to set the record straight with him. As far as I can tell from his bio his major claim to fame is he was a “colleague” of some Harvard Business School professor.

Not sure what this guy’s agenda is, he has truly done Forbes a disservice by publishing an outright lie and the Internet programming community by misleading people into believing the ColdFusion is neither open source or flexible.

Who is this guy?

4 Morals from MySpace’s Fall - Stephen Wunker - New Markets - Forbes

ColdFusion Programmer Wanted

We are looking to add to our development team. A link to the job announcement is below.

Send your resumes to Development@LAWTRAC.com

LT Online Corp Web Log

Anonymous: Heroes or Villains?

There has been a lot of talk lately about this group that calls themselves “Anonymous” has been cracking the security of corporate and government entities and releasing the information they find as proof of abilities to hack these networks.

The IT community is watching this with absolute silence. They don’t want to say anything that would put their networks in the crosshairs of these network hooligans.

Their justification for not stepping up:

“The bottom line for the IT security community is that it needs to protect systems and data, regardless of the motivation of the assailant.”

Everyone, in my opinion, is missing the point. If these hooligans were really doing a ‘service’ to the IT community they would tell us what networks they could not penetrate.

They would also recognize the fact that obtaining a low-level PDF file from NATO (that wasn’t classified in the first place) and publishing it as proof that the network security is poor only extends the public’s misunderstanding of what they are doing.  Folks…. the document was not located in a security network. The security classification of the document meant it shouldn’t be published in a newspaper, but they really didn’t care who had access (it was a budget).

The denial of service attack against the CIA’s website should have been classified as a “prank” because that is what it was.

All other major network hacks have turned out to be inside-jobs. Individuals who the corporation trusted turned over the keys to the networks to these knuckleheads.

I’m going to post a plan this week which if everyone follows on their personal computer to insure their own security. So keep checking back.

Anonymous, LulzSec: Heroes or Villains?

Free isn’t “Free”

So many people are happy to give up their personal information in exchange for something they have been told is ‘free’.

Even institutions like Major League Baseball promote one game every day telling you that you can watch the game live from their website for ‘free’.

Not true – you have to purchase the plug-in to watch the game.

Then there is my favorite, “Free Credit Report.com”. First the site was created as a result of a lawsuit whereby the credit reporting agencies had to provide free credit reports to the citizens of the U.S.

After the period of time passed that they had to provide the information for free they changed the structure of the website so that they would provide the information for free (after a two-day waiting period) but you had to “enroll” in a service that (for a fee) would watch your credit transactions.

So that too isn’t FREE.

If I were in charge (like that is ever going to happen) any company who requires you provide any personal information in exchange for goods and services or requires an additional “bridge” purchase in order to obtain the item for “free” cannot use the word “FREE” in their advertising, product announcements or any other enticement.

Maybe our lawmakers will take this issue on once they get done spending all the money we don’t have.

Jim's Soapbox

FBI arrests Twelve Hackers

I thought when all was said and done that the FBI would find that the hacker group ‘Anonymous’ would be kids from a far-away land.

But no….

These knuckleheads are US citizens.

I do understand their reasoning behind their defense; to show what computer systems are not being run in a secure manner.

But this group can’t use that defense.

First, if they were really out to expose unsecure networks then they should be ready to share with the programming community which systems they couldn’t get into so we could see what those companies are doing right and learn from that.

Second, they should have never published user names, passwords, whatever to the rest of the world.

Finally, we need to know the techniques they used to access the networks that they did.

More info from ComputerWorld at the link below.

Update: FBI arrests 12 in 'Anonymous' hackers probe - Computerworld

Legal Directions

The redesign of LegalDirections.info is 80% complete. Still needs some of the RSS feeds plugged back in.

The site pulls together a number of RSS feeds from legal information sites including product recall information and more.

Check it out 

Legal Directions 

– if you have any suggestions feel free to pass them along.

Garage Sales of America

Going into Beta testing with a target ‘go live’ date of August 1st.

You are more than welcome to check the site out and even test how easy it is to post and edit your entries.

The site makes full use of Google Maps to show individuals where yard sales, garage sales, church bazars, fairs, flea markets and more are in proximity to their zip code.

Your thoughts on the lay-out and functionality would really be appreciated.

For you programmers out there, this site uses some of the new ColdFusion 9 infused JQuery tools.

Garage Sales of America

Today's Pix

Add a caption: This Ranger from the All American Division readies for a jump.

Hackers Hit Our Defenders

This is a little troublesome; hackers have hit the publishers of the defense newspapers. You know, those publications like The Army Times where I use to go look up the cut-off scores every month to see if I had been promoted.

With information like that, these publications get a lot of readers.

The hackers hit on June 7th. They took their subscriber information; things like user name and password, first and last name, email address, and service information (like rank, branch, duty status, etc.)

What may happen next is our defenders are going to start receiving emails that look like they are coming from the publisher. Of course these will be fake and if the soldier, sailor, air man or marine click on a link in that email their computer will become infected with some kind of Trojan or other malicious software.

This is a case where our government needs to get involved. Find whoever stole this information and send them to boot camp for retraining.

I don’t care if hackers hit the CIA’s site with such force that it takes their public website off line for a few hours. I don’t really care that account holders had money taken from their Chase accounts. I do take offense when they target the men and women standing the wall.

http://ohmygov.com/blogs/general_news/archive/2011/06/30/recent-hacker-attack-on-gannett-websites-targeted-military-personnel.aspx

Do We Really Need a U.S. Fire Administration?

So I’m on the internet studying information about current Internet security tid-bits, looking for something of value to pass along and I run across this website for the United States Fire Administration.

I was not aware that we had a national office of fire prevention.

And I wonder if we really need one.

So I poked around, found where we have a National Fire Chief. They must have a great budget because they have a fantastic website (link below) and they appear to be fully staffed.

There must be a bunch of money available because right from the home screen you can read all about Federal Grants that are available and if you follow that link you can even attend free classes on how to complete the grant process.

Now I ask you… do we need a division of Homeland Security in order to show us that when there is a fire we should put it out?

Do we need FEDERAL officials to teach us that fire is dangerous and we should put one out if it is burning something we don’t want burnt-up?

I believe this is one area of our federal bureaucracy that can simply be shut down. We don’t need it – it’s overkill to have this kind of division of the federal government.

U.S. Fire Administration Home Page

Document Collaboration

In January of this year Legal Technology Today published that Enterprise Collaboration (a.k.a. Document Sharing) was at the top of the organizational priorities for 2011.

And no wonder, just last Friday (June 17^th, 2011) a court imposed monetary sanctions against a corporate plaintiff (yes … plaintiff) for “delay and inadequate production and failure to search for documents in a timely manner.”

The corporation in question is moot (Google “No. C09-1769 MJP” if you really need to know). The bottom line is that the company did have a corporate document management system in place and even hired a consultant (outside counsel) to assist in the discovery process.

What happened was the individual in the CFO position neglected to instruct the consulting group to run a search to find the necessary documentation.

Even though the plaintiff dropped the case, the company still has to pay the fine that the court mandated.

Getting back to Legal Technologies published priorities for 2011. Collaboration about documentation and electronic discovery practices of the Legal Department transcend the relationship between the IT department and the legal staff.

Everyone who is in a position of responsibility needs to be aware of certain (not all) activities currently being managed by the legal department and should have the ability to participate in providing documentation and other information that pertain to the legal matter.

The CEO down to the plant management or store managers need to be able to participate in the efforts of the legal department. The most valued and prized asset of the corporation, the individuals themselves, need to be made aware of how important document and information management is at the enterprise level of any given company.

This fall LT Online will introduce an enhanced module for facilitating this collaboration. If you would like to get a sneak-peek make sure you are at out user conference.

Until then below are some informative links, other blog entries that highlight the capabilities of LAWTRAC’s document management system.

1.	How Hidden Email Data Increases Corporate Risk
2.	You've Already Gone Green
3.	LAWTRAC Docsave 2.0 Released
4.	Documents You Have Checked Out
5.	Top Ten Signs You Need LAWTRAC's Document Management
6.	Document Size Guidelines
7.	Need OCR Services? Flag The Document First
8.	Reports Created via SQL Statements
9.	List Documents by Author
10.	Question from Customer: File Not Found
11.	Question from Customer: Document Drag-n-Drop
12.	Pointing Matters to Document on the Network
13.	Type Of Document Restrictions
14.	Documents by Business Categories
15.	Interfacing with Document Retention Policies
16.	Drag-N-Drop: Advanced Function Made Easy
17.	Organizing Documents
18.	Outside Counsel Document Types
19.	Documents Provided by Outside Counsel
20.	Routing Slips Management Screen
21.	Email Document - Make A Note
22.	Save As Dialog Box
23.	Document Overview Information
24.	Document Calendars
25.	Sending a Document via Email
26.	Evaluating your Document Management System
27.	Boolean Search Operators and the Document Bank
28.	Searching: Document Meta Data
29.	Routing Slips

LT Online Corp Web Log

Internet is a “pact with the Devil”

I really don’t care for the great media hype that is reflective of the security problems popping up.

Here is a guy that associates the Internet to the Devil, but at the end of his 120 word essay he provides a link to his website. Compounded his two-faced irony is a request that you click on one of the ads so he can make a little money from the tool he proclaims belongs to the Devil.

Yes, there are hackers out there exploiting the soft underbellies of big corporations; but look towards the end of the tunnel – five years from now the lessons we are learning today will only serve to make the internet stronger. A better tool for education, commerce, and communication.

Take the time to review your own practices. Is your password the same thing you’ve been using for years and years? Is the wireless network you’ve set-up in your home secured?

Consider this as a simple practice. Obtain a pre-paid debit card; there are tons of services out there you can use. Transfer only the monies you intend to spend online to that card and use it to order your pizza from PapaJohns.com or bit on that broken laser pointer on eBay. This way if anyone does hack into Papa Johns or eBay all they are going to get is a few dollars and not access to your next car payment.

Contrary to what this hype-artists says via the Huffington Post the Internet is not of the Devil. The Internet is “of man” and therefor will always have flaws, but will always have room for improvement.

Andrew Reinbach: Computer "Security"

For Veterans and the General Public - National Center for PTSD

Those of you who know me personally understand why I’m recommending this for a reason.

Know someone who was in the military for twenty days or twenty years, or a friend who suffered an assault of any kind give this site a look over.

You may be the person who helps another just by passing on this blog entry and link.

For Veterans and the General Public - National Center for PTSD

Hackers: When the money is gone; it’s gone

Bank Not Responsible for Letting Hackers Steal $300K From Customer

I for one don’t have $300,000 lying around in a bank account for hackers to steal; no, the point of this story is that the financial intuition is not responsible for this theft.

In this particular case I agree. (see link below)

Had this been a case where the hackers attacked the bank’s infrastructure without having any user’s credentials then the bank should be held liable.

This particular case the company’s own employees fell for one of those emails designed to steal user names and passwords.

Everyone should be aware that companies are not going to send you an email asking you to log-in and check something for no real reason. FedEx and UPS don’t have your email address and are going to email you when they can’t deliver a package.

This is an example of when those emails work – and when the money is gone, it’s gone.

Bank Not Responsible for Letting Hackers Steal $300K From Customer | Threat Level | Wired.com

Brits Love Gossip, Regardless of the Subject

Is it just me? Why would a newspaper (orwebsitee) in the UK want to report on what is nothing more than gossip when it comes to the presidential elections here in the US?

Especially when it involves the war where we kicked their ass.

The image may be a little fuzzy - so see what I mean click HERE.

How Hidden Email Data Increases Corporate Risk

Source: Sys-Con via MarketWire

An interesting observation by corporate risk managers, the size of your employee's mailboxes lead to leaks in information security in your corporation.

After reading the article it became very clear, employees move emails with attachments to shared folders on the network in order to make room in their mailbox.

The concept is almost too simple I'm not sure why it has not been discussed no a large scale before.

I would encourage all of our LAWTRAC customers to tell their outside counsel NOT to send documents as attachments to emails, but to upload them into their respective matter record in LAWTRAC.

Why? Two Reasons:

1. Email should never be considered secure. Even if your company has employed a method of encrypting them, they can still be captured in transit and the attachments stripped.
2. Once you copy emails (and their attachments) to a folder the security becomes even less than if you had left it in your in box. You never know who has access to whatever folder you recorded it on.

Just another reason to use LAWTRAC for managing your legal documents.

Want to know who is hacking your network? Look to the left–then the right.

One single thread you’ll see when you read about all the major data breaches during the recent past is the lax of internal security at these large companies.

Seriously… Sony is getting beat-up because of nothing more than compliancy of their own IT staff. Not only did they not keep their infrastructure up-to-date, but apparently they never tested it.

Google’s Gmail is a target because of a temporary employee was allowed to either put code on their networks he/she could use later or they didn’t remove the individual’s credentials when the person moved on.

RSA’s technologies of a number key changing every thirty-seconds was hacked with a twenty-year old hack. This hack has allowed access to networks belonging to major defense contractors and even your government representatives.

Of course, the hackers shouldn’t be doing this; but at a certain level aren’t the IT professionals at these companies bear some level of responsibility?

If your doctor is complacent and does not sterilize his / her needles before they give you your annual flu shot and you come down with Hepatitis don’t the other medical professionals also responsible?

Don’t blame the hackers… blame the six-figure employees who are there to make sure everything is as it should be.

Data Breach Digest

Beeni Baby Hat: Asphyxiation Hazard

OK… who in their right mind thought this was a good idea?

Never mind the 'idea' guy… no one in the development, production, sales and distribution of this 'object' spoke up to express concern? Yes, it is made in the U.S.A.

Gee Whiz

The link to the recall information is below the photo.

Kahn Enterprises Recalls Beeni Baby Hats Due to Asphyxiation Hazard

HP Expands Recall of Notebook Computer Batteries Due to Fire Hazard

No, you are not reading a headline from a couple of years ago.

Last time it was Dell computers. Now I guess it’s HP’s turn.

The question I have; where was this in the mainstream new headlines?

This recall is for 162,000 batteries. That is on top of the 124,000 batteries they recalled in 2009 and 2010.

The Models involved with this recall are listed below. At the bottom of this post is a link to an official notice.

Notebook Model Number
HP Pavilion	dv2000, dv2500, dv2700, dv6000, dv6500, dv6700,dx6000, dx6500, dx6700
	dv9000, dv9500, dv9700
Compaq Presario	A900 C700 F500, F700 V3000, V3500, V3700, V6000, V6500, V6700
HP	G6000, G7000
HP Compaq	6510b, 6515b, 6710b, 6710s, 6715b, 6715s
	6520s
	6720s

HP Expands Recall of Notebook Computer Batteries Due to Fire Hazard

Web Color Pallet

Today I would like to share with my fellow web programming enthusiasts a page I put together that I use a lot, but published it so everyone can tap into is and use it as a resource when needed.

This single page lists all the HEX color values, but also their Java names. It has a complete list along with examples of how they will appear.

It is complete and comprehensive. There is even a portion that shows how the changing values work to create the differences in the shades.

Please feel free to not only use the resource, but take a moment and share it with others. Feel free to suggest any improvements.

Web Color Pallet

Today’s Caption

Take a moment and enter a caption for the picture in the comments area.

Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs - FoxNews.com

This is a fantastic story; but I bet most would miss why this group (whoever it was) was able to post individual’s passwords for all the world to see.

Apparently the bigger the company, the more relaxed they are about cyber security and following the very basic of rules.

Had these companies followed “Security 101” procedures they would have known to (at the very least) store passwords in either a HASH or some other encryption so that even if their database of user names and passwords is stolen they can’t be used; or at the very least be posted online somewhere for the whole world to see.

I know in my little corner of the world where I help write software applications for these big companies I have to undergo security questionnaires (sometimes over 100 pages of questions) and audits where they actually try to hack my code. The sad thing is that they are companies the size of the ones in the Fox News story (link below).

If you are about to purchase software for business or pleasure ask “Do you encrypt stored passwords?”

If you are a developer don’t think for a second that the guys doing the networking and managing the firewall and intrusion detection are doing their jobs. Follow the basics, and step one is only store passwords in their encrypted format.

Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs - FoxNews.com

LAWTRAC 2011 User Conference

The Corporate Legal Department maintains the most sensitive information a corporation can have.

Just to give you an idea on some of the things they may work on:

• Employment agreements
• Civil matters of senior officers
• R&D Work (patent and trademarks)
• Litigation

If a person can get to the data and documents maintained by the legal department they can ascertain trade secrets and more.

For example:

A national retail chain store will experience mishaps by shoppers who will in-turn file a lawsuit. Nine times out of ten the parties will settle out of court. The store wants to insure the person recovers from any injuries while preserving their reputation as a safe place to shop.

If a person were to obtain a copy of the last 50 or so settlements, they can then make a determination as to what the company will automatically settle for. A person goes into the store, fakes a mishap and asks for just less than what the store will fight over.

If your company has a legal department, you need to attend this conference.

LAWTRAC 2011 User Conference | Agenda | powered by RegOnline

Today's Caption

Put your caption in the comments.

ColdFusion Functions Reference

ColdFusion programmers: New information about CFZIP and CFFile have been posted in my CF-ToolBox.

Take a peak.

And don’t forget if you  would like to see some information about some of the new stuff in CF 9 just drop me a note: Jim@CF-ToolBox.com

Jim's ColdFusion Functions Reference

Google Gmail Accounts Hacked From China

The Great Wall isn’t going to protect your gmail account; this time the hackers are hiding behind it.

According to the San Jose Mercury News Google verified that individual email accounts were the target of these attacks. Accounts belonging to US Officials, Journalists, Businessmen and women, just about anyone who uses their Gmail account to talk about work.

The attack they used is called “Spear Phishing”.

In this kind of attack the gmail user ( YOU ) receives an email from someone they may know with an attachment. When you click it it takes you to a screen where you believe you must authenticate your gmail user name and password…. BUT IT ISN’T GOOGLE – IT IS THE HACKERS.

You fill out the user name and password and then it redirects you back to your regular gmail email interface.

You think your computer just forgot it was already on Google for a second… opps.

Advice / How To Avoid This

Look at the address of the website asking you to fill-out the authentication form. If you think you are on Google, but the address does not have “Google.com” anywhere in the address STOP.

Close your browser (to delete any non-persist ant cookies) and the next time you are on your google mail account delete the message. No need to forward it to Google – they and the FBI are already aware of the problem.

Google Gmail accounts hacked from China - San Jose Mercury News

PLEASE post this to your Facebook account and forward to any of your friends who have a Gmail account.

Two security firms hacked.

Hackers are getting bold. After groups saw that they could get a lot of publicity taking on Sony they are now going after security companies themselves.

I used RSA secure ID’s for years to gain access to servers. I’m aware of at least two businesses that use these ever-changing numeric code methods to do their business banking.

The hackers are trying to gain access to certain pieces of code that would allow them to replicate the numeric code.

If they are successful, this breach will effect more than double the number of accounts that were effected by the Sony breach of security.

So let’s take that to the next level.

It’s not just RSA and your business banking accounts they are after. The other major firm being attacked is L-3 Communications; the company that provides Secure ID authentications for the White House, The Pentagon and others.

And these attacks will be successful one day.

What Can You Do?

Those accounts you have that use a changing number key; you’ll need to change your passwords on a more regular basis. If they ever are able to steal the code that replicates the number key and download the customer’s users accounts then they will have access to your accounts.

• By changing your password on these kinds of accounts more often then you normally would you can add an extra level of protection for yourself.
• Make sure you are in communication with your bank. If you notice odd activity in your account let them know right away.

Cyber threat debate: Two security firms hacked - International Business Times

Today's Caption

Add your caption in the comments.

Trivia Question

Known for his current role as Spencer Reid on TV's Criminal Minds, Matthew Gray Gubler is also known as the voice of this animated creature (put your answer in the comments).

After your guess click HERE

Cold War Story

So here is a little story for you. No, it is not as dramatic as some of those you will see this weekend on AME or The History Channel, but it does have to do with a menace the US had to deal with in the 1980's called The Red Army Faction.

It's 1987... the Red Army Faction had promised additional attacks against US concerns in Germany; threats you had to take as serious after they set bombs at PX and Commissary facilities.

So it is the holidays.... of course all the married sergeants and officers got to go be with their families. Those of us who were not married or had children got to set-up a defensive perimeter around Coleman Barracks Mannheim, Germany.

We didn't take it too serious; after all - our location didn't have women and children. I was the Non Commissioned Officer in charge. Which means I have to be the one to keep everyone on their toes. Count the three-rounds everyone was issued while on patrol at the end of their shift and make sure they didn't fall asleep. (The three-rounds thing is another story).

I'm out checking everyone and making sure they are in their correct locations and being vigilant. I find one soldier sleeping. I'm reading him the riot-act... standing above his fighting position with one hand on the chain-length fence when a shot rang out.

It nicked the the fence and went through my hand.

Another half-inch to the right... into the side of my head.

Half-inch to the left ... into my sholder.

As it was it went into my hand... right through it. The scar isn't so much today but that night it was a big deal.

It went right through an artery and "squirted" in rhythm with my heart.

By the time I got through the aid station and into an ambulance on my way to a hospital did I loose consensus, but luckily I'm here today to relay the story.

Don't dismiss any of the "cold war" soldiers who gave their all during this Memorial Day weekend. The demise of the USSR and fall of the Berlin Wall are just some of the examples of what we accomplished.

If you know someone who served during 'peace time' thank them too. It wasn't a walk-in-the-park.

Sony hasn't identified its hackers - NYPOST.com

Sorry folks…. their focus should not be “who” but “how”.

Who cares who hacked their systems, but what actions have they taken not to let it happen again.

Sony hasn't identified its hackers - NYPOST.com

Computer security breach sends Honda scrambling | CanadianBusiness.com

Will the day come that some hacker is so smart that they can bring the entire US to a halt because we networked our automobiles?

Computer security breach sends Honda scrambling | CanadianBusiness.com

Report: Major weapons makers see networks breached by hackers | Security - CNET News

Your kidding me.

As a stupid retired knucklehead from the US Army Signal Corps this is totally unacceptable.

Report: Major weapons makers see networks breached by hackers | Security - CNET News

It The I.T. World - Timing Is Everything

In 2006 Microsoft introduced the Ultra PC to the world.

The hand held device had a touch screen, ran Windows XP, was under two pounds and would accommodate a 60 GB hard drive.

It had a ton of other features.

The downside was the battery life and the price.

Cybersecurity and the Federal Government

According to article on The Hill our House of Representatives will begin debating the pros and cons of a Cybersecurity law.

It will be aninterestingg debate. Just how much power (or responsibility) does the federal government want to give the Department of Homeland Security?

There is a wide variety of considerations:

• Intellectual Property inside private-sector networks
• Considerations for online poker players
• Home Networks
• Enforcementt

Having been in the business of programming Internett applications for over twenty years now I have witnessed a number of attacks. I can tell you from this experience that the attacks come from places where our federal government has no jurisdiction.

I personally believe that although their hearts are in the right place, there is really little if anything the federal government can to to protect our technical infrastructure by just passing a law.

It is up to network engineers to secure their networks and programmers to write code to ward-off attacks.

Add A Caption

Use the comments area to share what you would put as a caption for the picture.

Creating a WSDL Service

I’ve done my best to put a step-by-step method for building a Web Service using ColdFusion.

This will allow other websites to make queries against the data you have and display it on their website as their own.

This is the technology web based companies like eBay can display items for sale on their website and have it appear on your web page.

If your web application manages data that can be used by others take a look at the guidelines  I’ve written.

Creating a WSDL Service

IBM Worth More Than Microsoft

According to the Business Insider website IBM has surpassed Microsoft as far as their market cap is concerned.

Those in the know say that the reason is directly reflected in the move of bringing in Lou Gerstner as their CEO and are wondering if Microsoft should consider changing Steve Ballmer.

Personally, I think a lot of it had to do with a game show called Jeopardy and the inclusion of the Watson computer. I think that one week of television coupled with the fact that IBM did a wonderful job of making sure everyone knew about it that it returned to the thoughts of decision makers.

BOOM: IBM Is Now Worth More Than Microsoft

New Malware Simulates Hard Drive Failure

This is not new, regardless of what the article says.

Please folks, any time you open a webpage and it starts acting like it is checking your ‘system’ stop… believe me it can’t be reading your hard drive – it’s a trick to get you to give them permission to install something (like an ActiveX control) onto your computer so they can look at your system.

If ever you click on a web link and the next web page that opens says something like….

Windows Security Center Alert!

Stop… don’t fall for it …. close your  browser.

It isn’t really running a security scan… it is just some images that make you think they are  reading your computer’s hard drives and such.

Any company that needs to resort to something like tricking you so you’ll buy something from them does not deserve your money.

People fall for this all the time.

Ask anyone who repairs buggy systems – if you computer is running slow and not responding don’t install multiple virus protection programs, that is just going to make it run even buggier and slower (but that is a subject for another day).

New Malware Simulates Hard Drive Failure

How I Got Into Cold Fusion

I’ve been programming applications for the Internet for over 25 years now. I know that seems like an exaggeration to some but it’s true.

I put together a ‘how I got into ColdFusion’ story on my “I love me” site: www.cf-toolbox.com  .

Oh the picture? It’s from the page, thought I’d use it here too.

I was so “cute” then… wonder what happened.

How I Got Into Cold Fusion

The Best Web Color Pallet

This is perhaps the most comprehensive web color pallet you’ll see. I put it together not as a simple list or graphic showing all the colors and their codes, but I wanted to also show how the progression of the alpha-numeric values could be used by those who are programming web sites to ‘tweak’ the look of their designs.

Click the link below and bookmark the page.

Web Color Pallet

The End Of The World... Am I The Last To Know?

OK... so I'm watching the news and apparently tomorrow the world will end.

So I'm going to watch the Mets v. Yankees, have an adult beverage and relax.

What is Your Personal Password Policy?

With all the information about password managers being hacked over the past few weeks I thought I would take a moment and and ask my friends and neighbors if they have a personal password policy.

A personal policy you ask?

Of course....

Think about all the things you have passwords for - email, your company intranet, your computer sign-in, and many, many more.

• Last Pass Possible Hack
• Corporate Passwords Exposed

So what are your password policies? Here are a few thoughts:

1. Don't use the same password on everything. If a person cracks just the one then they will have everything.
   
2. Figure out a way to make thefamiliarar to you. For example all your gmail email account could be something like "PostalG123" and your Yahoemailal "PostalY456".



3. Think of a sentence like My Cat's Name IWhiskersrs and turn it into a password: "CatIsCalledWiskers". This way you aren't using justWhiskersrs" which someone may guess.

I realize that some of these are simple, but the purpose of this post is not to suggest how you make-up your passwords, but to encourage you to create your own system, one that is yours. Decide what parts should capitalizedzed and where you are going to put a number or two (beginning, middle or end).

So if you have an idea for others take a moment and comment on this blog entry. Maybe your idea will help others.

Symantec spends $390M for Clearwell, discovery - Storage Soup

I realize that not a lot of people who read this blog know what eDiscovery is, but I thought some of you might find it interesting why all the big data companies are buying software that does something called “eDiscovery”.

Those of you who work in large corporations will hear this term more and more.

“eDiscovery” uses technologies that are constantly crawling all the computers on your company network and indexing all the documents, emails, databases, everything.

Think of it as Google for your company.

This gives those who manage your company the ability to search for anything.

• Who worked on that project three years ago?
• Did that person work for a particular supervisor during a certain time frame?
• What were the details of the contract negotiations and final agreement?

The ability to index all this stuff is a result of lawsuits (believe it or not). During these court procedures the person or persons suing your company has the ability to do what is called “discovery”.

So let’s say it is a '”wrongful termination” suite.

The lawyers representing the person suing has the right to ask for their employment agreement, all the employee reviews, emails between the person, their supervisor(s) and co-workers.

The ability to use the technologies used to pull all that information together quickly is called “eDiscovery”.

So all these large data companies are buying the technologies so they can sell the services of not only the software to do the searching, but the data storage stuff to. Or to reverse that, companies who use their data storage services will want to buy the eDiscovery software as an add-on product.

I’ve seen this consolidation first had.

Two years ago the number of eDiscovery vendors at the New York LegalTech were too numerous to count. Last year the consolidation of this space alone was a part of the reason the amount of space for all the vendor booths went from three floors to two.

Anyway, a link about one of the big software companies buying an eDiscovery company is below.

Symantec spends $390M for Clearwell, discovery - Storage Soup

Legal Directions

Just an introduction to a bit of programming some might find interesting, at least those of you in the legal industry.

A while back the owners of my company were approached and were offered a ‘service’ to have live news headlines appear on the LAWTRAC.com website and inside the LAWTRAC application.

I thought the cost was something that was really out of this world, so I threw this together over a weekend to show them that the technologies that were being offered for something that was over $200 a month could be done for free.

This site brings in news targeting the legal industry from many sources around the internet and taps into government news and regulations information releases.

Check it out… perhaps you can suggest an improvement or two.

Legal Directions

Progress

Easy Contract Management. It has the power of the contract management module in the LAWTRAC application used by major corporations to record their contracts and send out reminders to key individuals when the contract needs attention.

If you have any ideas on what features you think should be included please feel free to drop me a note.

Easy Contract Management

I'm putting the final touches on a new web application - EasyContractManagement.com.

The URL isn't active yet, but when it is your small company will be able to leverage the same tools that the large corporations use to manage their contracts.

Companys like FedEx, United Technologies, major defense manufacturers, even Oprah.

What does your small company look for in contract management? Web access for everyone to remind themselves of the contract details? Email notifications when the contract needs to be reviewed or is about to expire?

Do you need to retain licensing agreements or non disclosure contracts?

Let me know what tools you need and I'll do my best to incorporate them intapplicationpplicaiton.

Is this really a problem?

Yes, I'm confused.

Why the New Guy Can't Code

Jon Evans wrote on May 7th an interesting piece for TechCrunch essentially talking about hireing practices by large companies.

I must say that I appreciate his observations and his advise to only hire coders who can point to their past accomplishments as proof that they can in-fact write code.

Give his article a read.

I also like his observation about women who write code... I too have never meet a female programmer who wasn't a very productive employee.

Game Time

For those of you who watch the Yankees game tonight, keep your eyes open for the good-looking one catching all the home-run balls.

LT Online (a.k.a. LAWTRAC) Corporate Locations

Corporate Locations Map

Anyone Else Wonder This?

I'm curious if anyone else has considered this.

Why was Hilary Clinton in the situation room during an active operation?

Is she not the Secretary of State? Our number one person in charge of diplomacy? Should she have been in the room?