spam email from friends: hacked or spoofed

Originally posted by Rich Pasco

Very often, I receive junk mail (spam) with a “From:” address of one of my contacts, for example a friend or fellow team member. The mail might contain an advertisement for Viagra or replica Rolex watches, a sad story about being robbed while on vacation (and please wire money), or just a link to a web site which could download malicious software onto my computer. In such cases, I delete that e-mail without clicking on the potentially dangerous link.

Just as often, a friend or fellow team member contacts me stating that junk mail is going out in their name and asking what to do about it. Here is what I reply:

Hacked or Spoofed?

It is important to know whether your mail is hacked or spoofed. Let’s define these terms:

HACKED – Mail is actually being sent from your account by someone logged in to your server as you.

SPOOFED – Mail is being sent from somewhere else with your address being forged onto its “From:” line.

Continue Reading at



SEO: image optimization with Shrink-O-Matic

Image optimization is an SEO factor. Google has stated in their Webmaster Guidelines that websites should be optimized to load quickly:

Monitor your site’s performance and optimize load times. Google’s goal is to give users with the most relevant results and a great user experience. Fast sites increase user satisfaction and improve the overall quality of the web (especially for those users with slow Internet connections), and we hope that as webmasters improve their sites, the overall speed of the web will improve.

Shrink-O-Matic is a free (donation) tool that can help with image optimization. This is a very handy tool for resizing images in bulk.  As part of this process it strips out unnecessary information resulting in ‘lighter’ file sizes. The images aren’t as light as possible, but generally much improved.  The ease of use of this tool makes it ideal for bulk image optimizing.  Add resizing, renaming, and watermarking to the mix and you have a winner.

Shrink-O-Matic as an Adobe Air application so it should work on all platforms, as long as you have Air installed. If you find it useful I encourage you to make a donation to support author Quentin Thiaucourt’s work.

Get Shrink-O-Matic


local SEO: first steps to better Vancouver results

local seo search results vancouver

Local SEO (Search Engine Optimization) refers to search optimization with a regional focus, for instance targeting a city such as Vancouver.  An example of local search engine optimization would be my website, Blender Design, targeting searches originating in the Vancouver metropolitan area. For a local business this means focusing SEO efforts to compete for the searches that matter most – potential local clients.

I’m sure you’ve already noticed that search results are tailored to the searcher.  If a search engine, and by search engine I really mean Google, believes local search results would better answer a query, then local results will be prioritized. For instance, if you do a Google search for “best restaurant” you will likely see a couple of websites followed by a list of local restaurants.  For many obvious local searches Google takes this a step further and includes an area map of results. (more…)

internet security: Yahoo email accounts hacked

security breached Yahoo emails hacked

In the past week I have received emails from 2 friend’s Yahoo email accounts – sent by hackers!  The emails contained a link which, had I clicked it, would have done who knows what.

The hacking attack which was used to take control of my friends email accounts used a security vulnerability at Yahoo to copy an access cookie that had been issued from Yahoo.  This access cookie gave the hackers full access to the email account until the cookie expired. This attack did require my friends to click on a link, either in a website or in an email. (more…)

security alert: Twitter hacked

Twitter announced on Friday February 1st they had been hacked in a sophisticated attack.  Twitter said 250k accounts may be affected and have emailed those users.  The stolen data included accounts, emails, addresses, and passwords. Whether or not Twitter contacted you it is probably a good idea to change your password, both for your Twitter account and for any other login that uses the same password. It is not a difficult matter to find more logins associated with the same email address, especially for popular services like Google, Facebook, etc.

Wired – Twitter Hacked

Amazon Glacier cost calculator

Recently I suggested using the Amazon Glacier data storage service for creating an online backup of your important data.  I said the service was inexpensive costing me under $10 after 50 days.  Wong Liang Zan created a calculator through which you can figure out various costs you might incur if you use Amazon Glacier.

To use:

  • open the calculator
  • choose a data center (Oregon)
  • add a backup size in Gigabytes (200GB – this is pretty huge, or look how much of your hard drive is used)
  • enter a duration in days (365?)

You can also test some scenarios like a retrieval to see how much that would cost.  Using my sample numbers the cost for the year was $24, and the retrieval would be $30 for a 24hr transfer.

Glacier Cost Calculator

If you haven’t read them already you can learn more about Amazon Glacier in my blog posts off site backup with Amazon Glacier and 50 days with Amazon Glacier backup.

50 days with Amazon Glacier backup

Amazon Glacier and Arq 3 combined allow for off-site computer backup solution. In November I posted about my first impressions backing up with Amazon Glacier client Arq 3 .  Nearly 2 months in it seems like a good time for an update of my continuing thoughts on this off-site data backup solution.  You can read more about the service and my initial setup of the software in my previous post off-site backup with Amazon Glacier .

Glacier is just like it sounds: S-L-O-W.  The process of uploading my initial complete backup is still in process and has been for 50 days, almost continuously.  There are of course lots of factors including my household internet upload speed.  And it is a lot of data, 165GB to date according to Arq.  Although I could have simply pointed Arq at my hard drive to back it all up, I chose to pick and choose what I thought was most critical and incrementally add to my backup.  Based on the time it has taken I strongly recommend this approach – get the important data backed up first!

Testing your backup is critical.  I initiated a file restoration of a backed up 6MB file, which Arq reported I could expect the file to be delivered in 4 hrs.  The file arrived as promised within minutes of the 4 hours.

Glacier being slow cannot be fairly considered a criticism as it is advertised as exactly that: Glacier.  What Amazon is offering is low cost data storage.  To date I have spent less than $10 in fees, the majority being upload transfer charges. For instance for the month of December while populating my backup:

81.266 GB $0.81 ($0.010 per GB / month)
76,613 Requests $3.83 ($0.050 per 1,000 requests)

All-in-all I am very happy with the Arq 3 and Amazon Glacier redundant catastrophic backup solution.  I’ll continue to run Time Machine as a quick access local backup.

If you missed it I encourage you to read my first post, off-site backup with Amazon Glacier , where you will find my initial impressions during setup and the first few days with Arq 3 . (more…)

off-site backup with Amazon Glacier

Photo via Flickr by kaet44

An off site backup of your computer data is VERY important.  In the case of a fire or theft there is a good possibility you will lose your computer and any backup hard drive you keep with your computer.  Off site means a backup your store in a different location from your computer…or ideally a different region – hint hint Vancouver clients, we are overdue for a major earthquake.

To maintain this backup yourself you must either create one on an external hard drive and take it somewhere, or use a system to maintain a backup stored off-site updated through the internet.  The internet solution is the easiest once it is set up, but until recently has been prohibitively expensive for a large amount of data.

Amazon recently introduced a cloud storage system they have branded Glacier.  The price is very reasonable, a monthly fee of 1 cent per gigabyte, about $10/terabyte. You pay based on how much you store, transactions, and for retrieval.  An average person could store all their data for under $10/month, a heavy user such as a photographer maybe $20 or $30.  After 2 weeks I have 10G stored at a cost of 79 cents – 9 cents for storage and 70 cents to put it there.

One quirk – like the name implies Glacier is SLOW.  To create and retrieve items from your back will take hours or days. When retrieving data your fees are based on your selected retrieval speed.  This service is suitable for emergency backup only, not for routine storage.

To use Glacier you will need a client or service to upload your data.  Amazon does not provide this.

For Mac I have been testing Arq 3 by Haystack Software, $29.  There is a free 30 day trial so you can test it out.  Installation and setup was pretty straightforward, but technical.  The software helped set up a Glacier account. Once running all I had to do was tell it which folders to keep backed up.  It should monitor those and update as needed even maintain multiple versions of files.

Some details and thoughts:

  • you pay for storage, access, and retrieval calculated based on the size and number of files.  Prices are reasonable, and you will be happy to pay the retrieval fee if ever you have to use it
  • you may have to pay your internet provider for more bandwidth depending on how much is included in your internet package – that first upload could be big
  • you will want to check and test your backup to make sure you have protected what is needed and can retrieve it

More info on Amazon Glacier

Download Arq 3

UPDATE: to read how my experience with Amazon Glacier ans Arq 3 have been going continue on to my post 50 days with Amazon Glacier backup.

(image via Flickr by kaet44)

SECURITY: LinkedIn Passwords Compromised

A 6+ million password list has been released to the wild which is strongly suspected to have originated at LinkedIn.  The passwords are not matched to any account names in this list, but it would be dangerous to assume someone does not have them as well.  It is very important you change your password at LinkedIn.  Since that account is associated with your email you will want to change that password everywhere you have used it.  LinkedIn is suspected as many of the passwords in the list contained the a variation of ‘linkedin’.

One part of this incident that makes it interesting is that the passwords were stored using a protection called hashing which converts the password in a way which is supposed to be difficult to reverse – but as of this writing likely over 75% had been extracted.

To protect you accounts you should:

  • choose long complicated passwords including capital letters, number, and punctuation
  • avoid words
  • not use the same passwords for different accounts

You can read the entire story at arstechnica

E-commerce On-Page Optimization

SEOMoz has a helpful article discussing on web page optimization for e-commerce websites. The article is pretty in depth without being too technical – perfect for my clients.  Hope you find it helpful!

Perfecting On-Page Optimization for Ecommerce Websites