spam email from friends: hacked or spoofed

Orig­i­nally posted by Rich Pasco

Very often, I receive junk mail (spam) with a “From:” address of one of my con­tacts, for exam­ple a friend or fel­low team mem­ber. The mail might con­tain an adver­tise­ment for Via­gra or replica Rolex watches, a sad story about being robbed while on vaca­tion (and please wire money), or just a link to a web site which could down­load mali­cious soft­ware onto my com­puter. In such cases, I delete that e‑mail with­out click­ing on the poten­tially dan­ger­ous link.

Just as often, a friend or fel­low team mem­ber con­tacts me stat­ing that junk mail is going out in their name and ask­ing what to do about it. Here is what I reply:

Hacked or Spoofed?

It is impor­tant to know whether your mail is hacked or spoofed. Let’s define these terms:

HACKED — Mail is actu­ally being sent from your account by some­one logged in to your server as you.

SPOOFED — Mail is being sent from some­where else with your address being forged onto its “From:” line.

Con­tinue Read­ing at



SEO: image optimization with Shrink-O-Matic

Image opti­miza­tion is an SEO fac­tor. Google has stated in their Web­mas­ter Guide­lines that web­sites should be opti­mized to load quickly:

Mon­i­tor your site’s per­for­mance and opti­mize load times. Google’s goal is to give users with the most rel­e­vant results and a great user expe­ri­ence. Fast sites increase user sat­is­fac­tion and improve the over­all qual­ity of the web (espe­cially for those users with slow Inter­net con­nec­tions), and we hope that as web­mas­ters improve their sites, the over­all speed of the web will improve.

Shrink-O-Matic is a free (dona­tion) tool that can help with image opti­miza­tion. This is a very handy tool for resiz­ing images in bulk.  As part of this process it strips out unnec­es­sary infor­ma­tion result­ing in ‘lighter’ file sizes. The images aren’t as light as pos­si­ble, but gen­er­ally much improved.  The ease of use of this tool makes it ideal for bulk image opti­miz­ing.  Add resiz­ing, renam­ing, and water­mark­ing to the mix and you have a winner.

Shrink-O-Matic as an Adobe Air appli­ca­tion so it should work on all plat­forms, as long as you have Air installed. If you find it use­ful I encour­age you to make a dona­tion to sup­port author Quentin Thi­au­court’s work.

Get Shrink-O-Matic


local SEO: first steps to better Vancouver results

local seo search results vancouver

Local SEO (Search Engine Opti­miza­tion) refers to search opti­miza­tion with a regional focus, for instance tar­get­ing a city such as Van­cou­ver.  An exam­ple of local search engine opti­miza­tion would be my web­site, Blender Design, tar­get­ing searches orig­i­nat­ing in the Van­cou­ver met­ro­pol­i­tan area. For a local busi­ness this means focus­ing SEO efforts to com­pete for the searches that mat­ter most — poten­tial local clients.

I’m sure you’ve already noticed that search results are tai­lored to the searcher.  If a search engine, and by search engine I really mean Google, believes local search results would bet­ter answer a query, then local results will be pri­or­i­tized. For instance, if you do a Google search for “best restau­rant” you will likely see a cou­ple of web­sites fol­lowed by a list of local restau­rants.  For many obvi­ous local searches Google takes this a step fur­ther and includes an area map of results. (more…)

internet security: Yahoo email accounts hacked

security breached Yahoo emails hacked

In the past week I have received emails from 2 friend’s Yahoo email accounts — sent by hack­ers!  The emails con­tained a link which, had I clicked it, would have done who knows what.

The hack­ing attack which was used to take con­trol of my friends email accounts used a secu­rity vul­ner­a­bil­ity at Yahoo to copy an access cookie that had been issued from Yahoo.  This access cookie gave the hack­ers full access to the email account until the cookie expired. This attack did require my friends to click on a link, either in a web­site or in an email. (more…)

security alert: Twitter hacked

Twit­ter announced on Fri­day Feb­ru­ary 1st they had been hacked in a sophis­ti­cated attack.  Twit­ter said 250k accounts may be affected and have emailed those users.  The stolen data included accounts, emails, addresses, and pass­words. Whether or not Twit­ter con­tacted you it is prob­a­bly a good idea to change your pass­word, both for your Twit­ter account and for any other login that uses the same pass­word. It is not a dif­fi­cult mat­ter to find more logins asso­ci­ated with the same email address, espe­cially for pop­u­lar ser­vices like Google, Face­book, etc.

Wired — Twit­ter Hacked

Amazon Glacier cost calculator

Recently I sug­gested using the Ama­zon Glac­ier data stor­age ser­vice for cre­at­ing an online backup of your impor­tant data.  I said the ser­vice was inex­pen­sive cost­ing me under $10 after 50 days.  Wong Liang Zan cre­ated a cal­cu­la­tor through which you can fig­ure out var­i­ous costs you might incur if you use Ama­zon Glac­ier.

To use:

  • open the calculator
  • choose a data cen­ter (Ore­gon)
  • add a backup size in Giga­bytes (200GB — this is pretty huge, or look how much of your hard drive is used)
  • enter a dura­tion in days (365?)

You can also test some sce­nar­ios like a retrieval to see how much that would cost.  Using my sam­ple num­bers the cost for the year was $24, and the retrieval would be $30 for a 24hr transfer.

Glac­ier Cost Calculator

If you haven’t read them already you can learn more about Ama­zon Glac­ier in my blog posts off site backup with Ama­zon Glac­ier and 50 days with Ama­zon Glac­ier backup.

50 days with Amazon Glacier backup

Ama­zon Glac­ier and Arq 3 com­bined allow for off-site com­puter backup solu­tion. In Novem­ber I posted about my first impres­sions back­ing up with Ama­zon Glac­ier client Arq 3 .  Nearly 2 months in it seems like a good time for an update of my con­tin­u­ing thoughts on this off-site data backup solu­tion.  You can read more about the ser­vice and my ini­tial setup of the soft­ware in my pre­vi­ous post off-site backup with Ama­zon Glac­ier .

Glac­ier is just like it sounds: S‑L-O‑W.  The process of upload­ing my ini­tial com­plete backup is still in process and has been for 50 days, almost con­tin­u­ously.  There are of course lots of fac­tors includ­ing my house­hold inter­net upload speed.  And it is a lot of data, 165GB to date accord­ing to Arq.  Although I could have sim­ply pointed Arq at my hard drive to back it all up, I chose to pick and choose what I thought was most crit­i­cal and incre­men­tally add to my backup.  Based on the time it has taken I strongly rec­om­mend this approach — get the impor­tant data backed up first!

Test­ing your backup is crit­i­cal.  I ini­ti­ated a file restora­tion of a backed up 6MB file, which Arq reported I could expect the file to be deliv­ered in 4 hrs.  The file arrived as promised within min­utes of the 4 hours.

Glac­ier being slow can­not be fairly con­sid­ered a crit­i­cism as it is adver­tised as exactly that: Glac­ier.  What Ama­zon is offer­ing is low cost data stor­age.  To date I have spent less than $10 in fees, the major­ity being upload trans­fer charges. For instance for the month of Decem­ber while pop­u­lat­ing my backup:

81.266 GB $0.81 ($0.010 per GB / month)
76,613 Requests $3.83 ($0.050 per 1,000 requests)

All-in-all I am very happy with the Arq 3 and Ama­zon Glac­ier redun­dant cat­a­strophic backup solu­tion.  I’ll con­tinue to run Time Machine as a quick access local backup.

If you missed it I encour­age you to read my first post, off-site backup with Ama­zon Glac­ier , where you will find my ini­tial impres­sions dur­ing setup and the first few days with Arq 3 . (more…)

off-site backup with Amazon Glacier

Photo via Flickr by kaet44

An off site backup of your com­puter data is VERY impor­tant.  In the case of a fire or theft there is a good pos­si­bil­ity you will lose your com­puter and any backup hard drive you keep with your com­puter.  Off site means a backup your store in a dif­fer­ent loca­tion from your computer…or ide­ally a dif­fer­ent region — hint hint Van­cou­ver clients, we are over­due for a major earthquake.

To main­tain this backup your­self you must either cre­ate one on an exter­nal hard drive and take it some­where, or use a sys­tem to main­tain a backup stored off-site updated through the inter­net.  The inter­net solu­tion is the eas­i­est once it is set up, but until recently has been pro­hib­i­tively expen­sive for a large amount of data.

Ama­zon recently intro­duced a cloud stor­age sys­tem they have branded Glac­ier.  The price is very rea­son­able, a monthly fee of 1 cent per giga­byte, about $10/terabyte. You pay based on how much you store, trans­ac­tions, and for retrieval.  An aver­age per­son could store all their data for under $10/month, a heavy user such as a pho­tog­ra­pher maybe $20 or $30.  After 2 weeks I have 10G stored at a cost of 79 cents — 9 cents for stor­age and 70 cents to put it there.

One quirk — like the name implies Glac­ier is SLOW.  To cre­ate and retrieve items from your back will take hours or days. When retriev­ing data your fees are based on your selected retrieval speed.  This ser­vice is suit­able for emer­gency backup only, not for rou­tine storage.

To use Glac­ier you will need a client or ser­vice to upload your data.  Ama­zon does not pro­vide this.

For Mac I have been test­ing Arq 3 by Haystack Soft­ware, $29.  There is a free 30 day trial so you can test it out.  Instal­la­tion and setup was pretty straight­for­ward, but tech­ni­cal.  The soft­ware helped set up a Glac­ier account. Once run­ning all I had to do was tell it which fold­ers to keep backed up.  It should mon­i­tor those and update as needed even main­tain mul­ti­ple ver­sions of files.

Some details and thoughts:

  • you pay for stor­age, access, and retrieval cal­cu­lated based on the size and num­ber of files.  Prices are rea­son­able, and you will be happy to pay the retrieval fee if ever you have to use it
  • you may have to pay your inter­net provider for more band­width depend­ing on how much is included in your inter­net pack­age — that first upload could be big
  • you will want to check and test your backup to make sure you have pro­tected what is needed and can retrieve it

More info on Ama­zon Glacier

Down­load Arq 3

UPDATE: to read how my expe­ri­ence with Ama­zon Glac­ier ans Arq 3 have been going con­tinue on to my post 50 days with Ama­zon Glac­ier backup.

(image via Flickr by kaet44)

SECURITY: LinkedIn Passwords Compromised

A 6+ mil­lion pass­word list has been released to the wild which is strongly sus­pected to have orig­i­nated at LinkedIn.  The pass­words are not matched to any account names in this list, but it would be dan­ger­ous to assume some­one does not have them as well.  It is very impor­tant you change your pass­word at LinkedIn.  Since that account is asso­ci­ated with your email you will want to change that pass­word every­where you have used it.  LinkedIn is sus­pected as many of the pass­words in the list con­tained the a vari­a­tion of ‘linkedin’.

One part of this inci­dent that makes it inter­est­ing is that the pass­words were stored using a pro­tec­tion called hash­ing which con­verts the pass­word in a way which is sup­posed to be dif­fi­cult to reverse — but as of this writ­ing likely over 75% had been extracted.

To pro­tect you accounts you should:

  • choose long com­pli­cated pass­words includ­ing cap­i­tal let­ters, num­ber, and punctuation
  • avoid words
  • not use the same pass­words for dif­fer­ent accounts

You can read the entire story at arstech­nica

E-commerce On-Page Optimization

SEO­Moz has a help­ful arti­cle dis­cussing on web page opti­miza­tion for e‑commerce web­sites. The arti­cle is pretty in depth with­out being too tech­ni­cal — per­fect for my clients.  Hope you find it helpful!

Per­fect­ing On-Page Opti­miza­tion for Ecom­merce Websites