Here is the reality if your social media or email accounts get hacked there is a 99.99% chance that you somehow started the chain of events that made it happen.  Now a lot of people will dismiss that idea right away.  The reality though is if you really think about it having that information means you have the power to be almost 99.99% sure that you won’t be hacked again.

First let’s talk about the 99.99% I use that term because there are only really two kinds of hacks.  The first kind of hack is targeted which means the bad guy is specifically trying to get your account information…he doesn’t want everyone’s account information he wants to target you specifically.  The second kind of hack is completely untargeted and just meant to get a hold of as many accounts, emails and computers as it can to use for some malicious purpose, usually a scammy marketing campaign.

99.99% of what we see on facebook and twitter and in emails is the 2nd kind of hack.  No one is targeted you or wants your specific account they just want to use your account for a little while and send their spam messages.  That is why I use the 99.99% because if someone is targeting you and really wants your info that can be difficult for you to stop but if they are just grabbing up accounts in mass frenzy you can avoid them.

To understand how to avoid them it is important to understand how they get to you in the first place.  The first and most prevalent way is through phishing.  Phishing means that they set up a dummy page that looks like the login for the site you are signing into and you fill in the account and password box hit the login key and you have successfully added yourself to their database to be used as a spam bot.

I have found that people just do not believe that anyone could have phished their account.  They believe someone hacked into their computer or they got it because they are friend with John on facebook or I have even seen people on facebook blame the new timeline on being hacked.  Reality is statistics say the most likey scenario is they were phished.  You have to really pay attention to make sure you do not get phished.

The best rule of thumb for avoiding phishing is to never log into anything where you did not initiate login.  For example…you get on your computer and you decide you are going to visit Twitter.  You go to Twitter.com and see the login screen and login in.  You can feel safe doing this because you typed Twitter.com into your own address bar and you are 100% sure what site you are logging into.

So you go to your feed and you are reading what your friends have to say and you click on a link that a friend posted and click on it.  All of a sudden you are back at the login page.  You may think something funny happened with the computer and you got logged out and you type in your account and password and hit the button and once again you have successfully submitted your information to be used for spam.  You should never log in unless you specifically typed the URL in the browser and are 100% sure you are on the main site.  Pages will look exactly the same, the url in the address bar may even say the right site…none of this is an indication you are somewhere you should be logging in.  Don’t log in anywhere unless you initiate it.

Another way to get your password stolen is when some random company gets hacked that you happen to be a member of.  Recently Walgreens.com got hacked and all of their user data was stolen.  Now you may think why does a scammer want with my Walgreens.com login?  They don’t…but they are hoping it’s going to work on facebook, twitter and get them access to your email account.

Most of the time that bet pays off for them.  You cannot use the same password out on the internet as you do for your most important accounts.  If you want to use a dummy password on 3rd party sites that you use everywhere that is ok but that CANNOT be the same password as what you use for important stuff such as banking, email or social media sites.  Any password used for banking or anything tied to a credit card or bank account should always have a unique password you do not use anywhere else.

The next way that people get access to your accounts is through apps.  People think they should get an app for everything without once considering that each app they join gives someone somewhere very intimate access to their accounts.  Apps are very useful and many legitimate companies use them but there are a lot of crap apps out there.  You have to ask yourself do I want to know my indian name bad enough to give some stranger access to my account.  The answer is probably no.

Once an app has access to your account it does until you revoke it.  So if you get your indian name today and never think about it again those people still have access to your account forever.  Everytime you get a dialog asking you if you want to install the app think are these people I trust with access to my account?  If the answer is not yes just don’t install it….live your whole life without knowing your indian name but knowing your accounts are safe.

You should also check through and delete any unused apps often. Use MyPermission.org at least once a month and go through each of your accounts and get rid of any unwanted apps.  So let’s review what we have covered:

1) If you got hacked there is a 99.99% chance it’s your fault.

2) Never login when you have not initiated the login.

3) Don’t use your banking, email or social media passwords anywhere else on the internet.

4) Don’t install strange apps.  Delete unused apps frequently.

If you follow these steps and are vigilant about them you can decrease your chance of having your email or social media accounts hacked tremendously.

This letter comes as a culmination of years of frustration with your company and services. I have been a customer for over 3 years now in the same house and have intermittent internet issues basically the whole time. I probably report 10% of the time when my internet is down and if you look at my account you will see I have called a whole lot of times. Many times the outages are only a few minutes at a time and I let it slide because I already know how pointless it will be to ask for your help.

Sometimes however the outages go much longer like yesterday so I decided to be a glutton for punishment and make a call to you. I had about 10 min of internet total between 2pm and 11pm yesterday. As someone who does all their work on the internet this is a really big deal for me. So I called…and it started as it always does. I explain the problem I am having and explain this has been going on forever. They automatically move along to questioning me about my router. I try to cut them off at the pass because it seems Brighthouse phone techs have been given hours and hours of extensive training on how to blame any problem no matter what it may be on the fact that you have your own router.

I try really hard to explain to them the problem is not my router as I have no internet coming into the modem to which they tell me it couldn’t hurt to reset my router. This is about the time my eye starts to twitch and I think why did I even bother. Usually once I go off on my tirade about how it is not my router most level 1 techs are happy to move me on the next person higher up the food chain. So next I get someone a little more knowledgeable who isn’t forcing me to reboot my router. These people do their diagnostics on the my connection and promptly come back and tell me there are no problems and have not been for 87 days or however long it has been since my modem was not online.

I explain how that is not the case my internet was just out 20 minutes ago. So feeling out of options they schedule a technician. Now having had probably 30 technicians to my home over time I know this is fruitless but schedule it anyway because I am desperate to get it fixed. So then a technician comes to my house out of the probably 30 visits I have had from them the internet NEVER goes down when they are here. It is afterall an intermittent problem so catching it is luck of the draw.

The minute their little machine doesn’t show any errors they can’t/won’t look into my problem any longer. They tell me there is no problem and leave. Some humor me long enough to replace a modem or re-run a wire but most check it with their little machine and go away. They have almost all explained to me that your policies prevent them from doing anything further if they can’t physically see the problem. It’s almost like the people who I pay for a service are calling me a liar as to if it really works or not. If you can’t see the problem then it doesn’t exist. However, if there is no problem then why am I on the phone with you and having people out here all the time.

Seems to me is if just one person really could look beyond their diagnostic tools and think about customer service they could clearly see there is in fact a problem with my connection that is not related to my equipment and that it’s time to fix it. It seems that brighthouse employees however are not allowed any out of the box thinking that can actually solve customer problems.

Here is the real kicker, it’s not just me. While your phone techs and service techs try to blame it on my router or tell me how the problem doesn’t exist…EVERY SINGLE one of my neighbors who has brighthouse experiences these same issues. If that should not be a glaring light in the eyes of brighthouse that there is a problem out here than I don’t know what is. I have grown frustrated with this back and forth I have gone through for years and the reality is the internet is super important to me so I have to start making some hard choices.

FIOS has started selling hard in my neighborhood and to be honest I have never used FIOS and it could be great or it could be terrible. So without the annoyance I have been through I would honestly not even consider changing over to them. That said I am very close to taking them up on their offer to see if I can get better service that is more reliable.

So this is my last time asking you Brighthouse….will you please diagnose and fix the intermittent internet issues I have been experiencing for years? If you do I will continue to be a loyal customer but I can’t wait forever. Yesterday missing 9 hours of being able to accomplish anything really just put me over the edge on patience. So if you are reading this and you think you can actually do something about it I would welcome it just please don’t contact me and ask me about my router because I just can’t take that anymore.

Your incredibly frustrated customer,
Suzanne

Ever since I wrote this blog post a long time ago everytime Bank of America goes down it gets a ton of pageviews.  So I figured since most of you are coming here seeking information I would share what I know about today’s outage.  3/1/11.  The first reports of Bank of America being down started to surface last night.  Some people had no access others were just getting really slow response times.

I have yet to be able to sign into my account successfully today but the last time I tried I got this message:

We are currently experiencing problems that may cause Online Banking to operate more slowly than normal, or to otherwise interfere with your Online Banking session.

We apologize for this inconvenience and are working to restore full Online Banking service as quickly as possible.

Just as an FYI many people are also seeing problems with ATM’s so plan ahead.

I will keep my eyes peeled and if I see anything else of interest I will update this page.

*****************************************************************************

Today I tried to log into my Bank of America Online Banking Center to find I could not access the site.  At first I assumed the internet was down because certainly Bank of America was not down.  But alas it was.  I waited a few minutes and tried again.  Nothing same error.  So I turned to Twitter.

Many others on Twitter were reporting outages of the online banking center as well as issues with ATM machines either not working at all or not crediting deposits made.  In addition to that there was much news about the Bank of America employee bonuses handed out today.  To be honest this all makes me a little nervous.  I am wondering is Bank of America so inept it can’t keep it’s web server running or is one of the biggest banks in the country being attacked?

Well Bank of America is very active on twitter and tries to deal with customer service issues through it’s @BofA-Help handle so I decided to check there.  Nothing except a page full of the customary “@UNHAPPYCUSTOMER I work for Bank of America. Please let me know if you would like to discuss any account concerns.^nc”  Now maybe Bank of America Tweet staff is unaware but this tool can also be used to convey information and not just try to stop people from bad mouthing your brand.  A simple tweet saying “We know there is a problem we are working to resolve it” would go a long way.

So as of this moment, the site is still not up no one knows if Bank of America is being attacked or have left the building permanently.  And apparently they are in no hurry to tell us.

I will update this post throughout the day if I find more information through Twitter which is the only place there seems to be any information circulating at this time.  I have sent a message directly to Bank of America on Twitter as of yet no response.

****UPDATE****

Got the following Tweet from BofA_help:  The weird thing is now all the standard replies have changed to this reply…starting to wonder if BofA_help are bots!  (Either way, hope it is resolved quickly)

@postsalot We are aware of the issue and working to have it resolved as quickly as possible. Thank you for your patience.

****UPDATE****

Comment #6 may be of help to many of you.  I was able to login it took about  5 minutes for my account data to show up but it did.  And I was able to confirm I do still have a balance at Bank of America

****3:19 CST, site still down.  A blog post with a more technical analysis of what might be going on here.

****8:26 CST site is back up.  Bank of America issued the following statement.

“Bank of America spokesman TJ Crawford said the company had ruled out a cyber attack, but was still trying to identify the cause. “Some customers are having intermittent issues accessing the site,” Crawford said.

Many Bank of America customers were unable to access their accounts online Friday when the bank suffered a major Internet outage. The main web site of the country’s largest bank was only available to about 20 percent of customers in cities across the country as of 5 pm., according to a prominent Internet monitoring firm.”

Hmmm, so since when is 80% of your customers “some customers” 80% seems high to say some I think I would use the word most.  It will be interesting to see the fall out in the next few days twitter, blogs and other places on the net were filled today with people saying they were moving their money to other banks.  I think if Bank of America continues to take the stance that nothing happened and not make some statement more than they have they are going to have a hard time keeping their cusomters willing to trust them enough with their money.

Personally, I have banked with Bank of America for 10 years and even before today lately I have considered moving to a local bank or credit union.  For me at least today’s events have sealed the deal.

We will probably never be told the truth about what happened today but what I think we can be confident about is that whatever it was it wasn’t something simple.  It was not a simple hardware failure I don’t even think it was a simple as a DDOS attack it was something that stopped what is probably a very well staffed and educated IT team dead in their tracks for almost 7 hours.  Bank of America has a big infastructure so to believe they don’t have all the random run of the day issues covered over and over by redudancy would be naive.    So the thing that caused the outage today was something not normal.

Anyway, thanks to all of you who followed my blog during the day it was nice to get so many comments and personal messages from you guys!  I am done with what was the great Bank of America outage of 2010!

Timothy Taylor is the owner of DeatosLabs.com and has over 10 year of experience with computer security. So we picked his brain a bit about what companies can do to protect themselves and mitigate the damage if an attack does occur. Here is what he had to say.

Question: What exactly is a DDOS attack and what kind of damage can it cause to a website?

Answer: There are two kinds of DDOS attacks. One is meant to kill CPU (computer power) and the other is meant to kill bandwidth. A DDOS attack is more than one computer that is set up to attack your site by consuming one of these resources of the end user to take your site offline.

The damage to the victim of this attack can range greatly depending on your website and how much your site would have made in the time it was down. The other cost can be in bandwidth consumption if you don’t have unlimited bandwidth. Costs could be as high as $20 per second with some hosting contracts. The other issue is that many DDOS attacks will take other sites down on the network as well as the target. So everyone loses.

Question: Is there anyway a company can plan ahead and stop a DDOS from happening technology wise? And if so what?

Answer: There is no guaranteed 100% way to know that your site will stay live during a DDOS bandwidth attack because once your out of bandwidth it’s just gone there is no way to get more the pipes are only so big.

Question: That answer is not very comforting to many business owners…so are there any steps you can suggest that they could take?

Answer: Reality is standard hosting gives you one pipe to your website even if you own your own dedicated server you only have one pipe going to your server. To thwart DDOS attacks you need to have your site hosted across multiple upstream providers. That way if one pipe is saturated you have the ability to take that pipe off your host and traffic going to your site will no longer use this pipe hence no longer being attacked.

Question: So how does the regular website owner or business owner go about setting up a system that does this?

Answer: You will need to have a hosting provider that is set up with this kind of distributed content structure already. Currently DeatosLabs.com does offer this type of hosting.

Question: What does hosting like that cost? Is it comparable to what people are currently paying?

Answer: For most websites the cost is really not that much different maybe a few bucks a month. This hosting is sold a little differently however than regular hosting. It is sold per location. Each location is another pipe your website is attached to.

So a standard package for a small website could run as low as $10/month with 2 locations mirroring it. We can do packages for big businesses or businesses that are highly susceptible to an attack mirroring up to 432 locations.

Question: Are there any other benefits to this type of hosting for a website owner beyond being able to withstand a DDOS attack?

Answer: Yes basically a set up like this creates your own content distribution network. Which means that end users would get their content from the closest server to them which could dramatically increase page time loads and general latency issues from what a user sees on a standard web host.

Question: If someone is interested in finding out about how to set up hosting like this through your company what should they do?

Answer: Go to the website DeatosLabs.com and use the contact form to contact us. If you tell us how many domains you have and database in that contact we will send you back a customized quote and ordering information. If anyone has general questions about the service they can use this form as well.

Question: Aside from trying to mitigate attacks what other things security wise should website owners be aware of?

Answer: The most important thing I can tell any website owner is to know everything about any script or other objects you use on your website. These are often the reason someone has the ability to hack into your site because you have a piece of code on your site that gives them a backdoor. Shopping carts are highly susceptible to this because people want to be able to get a hold of credit card information.

For the do it yourselfer sites like securityfocus.com can help you make sure the product you are going to use is really safe. If you aren’t that technically savvy than you should hire a security company to do a review of what you are using and make sure it’s all safe for your users.

So that about covers it. I guess the short answer to our original question is you can’t stop someone from attacking you but if you are using the right kind of host and plan ahead you will be able to deal with it if happens.

If you are interested in learning more about distributed hosting or checking the security on your site you can reach Timothy at DeatosLabs.com

Passing the test is much easier if you take the time to get proper training before the big test. To get a head start visit ITIllumine.com to find out things like what are the best textbooks, the benefits of getting certified and everything else you need to know to successfully get ITIL certified.

To learn more visit http://www.itillumine.com/

Whenever I see these lawsuits I have to wonder what the point is.  Now I understand that downloading a movie is against the law and that when you do it you are committing a crime essentially but these people who are sued are rarely charged with crimes just  civil suits.  Civil suits are expensive and are a long and hard process so usually a positive end result is necessary to want to endure it.  These cases in the past end in huge judgments that the defendants would never have the means to pay in a lifetime.  So I have to wonder the point?!?

Even in the very best scenario, which is them winning a large monetary judgment from each defendant as well as having all their legal fees covered, how many of the people who they sue actually make that kind of money in a lifetime?  So they get a big judgement but they likely see a small fraction of it ever come back and they still have very real legal fees that have to be paid.  So even if they win big they actually lose.

I guess it could be said that it makes an example out of the people and will scare some people “straight” into not downloading illegal media anymore.   However, that theory totally disregards the fact that people download movies and music from these sites because it’s the only place it’s available in the format that people want.  There is nothing the movie or music industry can do to drive us back in droves to the movie theater or standing around the corner of a music shop all night waiting for a CD to come out.  Those days are gone…these industries have chose not to keep up with what their consumers want and the best answer they have is to go to war with their customers.

Up until now the movie and music industries have given us nothing to get media the way we want it.  We get tiny little teasers such as hulu.com (which I love) which offers limited choices of the last 4-5 episodes of television shows and mostly made for TV movies and documentary’s.  There is iTunes which requires you are tied to apple products to use so there is no choice in that.  iTunes also doesn’t let you really own your music, they own it and are nice enough to let you listen to it after paying them for it.  There is Netflix.com which offers more movies and entire TV seasons but the movie industry won’t let us watch anything on there until almost 6 months after it’s initially released.  So every choice we are given has a hold back to truly just being able to buy and watch what you want to when you want to and until they do that illegal downloading is going no where.

Another point to be made is these lawsuits do nothing to stop the actual distribution of movies, these movies will always be available illegally and there will always be ways you can mask yourself from ever being seen from downloading them.  The more people learn about encryption and other ways to protect their privacy on the internet the harder it will become for the RIAA or the US Copyright Group to even try to figure out who is downloading what.  Not to mention with the amount of computers in the world that are infected as bots someone could be using your connection right now to download a few movies and it looks like it’s coming straight from your house.  Some experts claim as much as 60% of computers in the US are infected with bots.  Which means that 60% of the computers can be used by other people to connect to the internet and it’s services.

So I just fail to see how the music and movie industry think investing money in a lawsuit is a better idea than investing money in the proper technology to serve us music and movies they way we want.  Blockbuster.com can manage to give me a movie let me watch it for 24 hours and give it back to them…..so why can’t all these highly paid executives at the record and movie industries come together and create a system that works in the world they live in today and not the world 20 years ago they are hoping to bully us into going back to.

Facebook in an effort to make it’s systems faster and easier to use has been doing a lot of upgrades lately.  I think overall the changes Facebook made were positive however they have just killed the game applications on their site.

If you play any of these games you have no doubt noticed the last week that the games are SOOOO slow and many people are reporting they won’t even load at all on the various fan pages.  All of the games have a disclaimer that based on the lag with the facebook systems they have turned off the various elements of these time management games such as crops withering or food spoiling to compensate for their users having such a hard time.  While being reactionary to players needs is nice this is certainly not a long term answer because the bigger problem is that these downtime issues are happening far more often and for longer periods of time.

So the reality is Facebook and Zynga have outgrown each other.  Facebook can no longer continue to use its resources wisely for its core product because so much is sucked up by applications and Zynga can no longer continue to offer its very large user base sub standard game play or it risks losing its audience.  While Facebook and Farmville were an amazing combination that boosted each companies popularity beyond anything they could have imagined the truth is each has out grown each other and it’s time for Zynga to move out and get its own place!

Let me just take a minute to explain why this is a win/win for both companies.

For Facebook they get so many resources back that will give their users a better experience and be able to keep up with their massive growth.

For Zynga it means taking back control of it’s applications and being able to give it’s user the best experience not to mention I would imagine a HUGE revenue boost since it would also have its own ad space as well as be able to market to its customers as it sees fit not whatever Facebook decides is the rule of  the week.

I would also like to mention that I think these are both really great and innovative companies and neither one has done anything “wrong” to create this problem in fact it’s just the opposite they both did so much right which led to their current inability to keep up.  So I hope they both come to the table shake hands thank each other for what each did for their own companies and break up to bring each audience a better user experience otherwise they both run the risk of their brand being tarnished if things are kept the way they are.

If you agree, post a comment…even if you don’t agree post a comment!  But I would love to hear more about other people’s experiences using these games recently.

To get a better understanding of what is different and why it’s different this blog article does a good job of breaking it down.

So now that you understand the types of attacks happening let me explain what you can do to make your computer secure so that it can’t be used to attack a company or steal credit cards or any of the other things scammers are up to.

1)  Good Antivirus – A good anti-virus program is your first line of defense it will find and detect common worms, trojans and other run of the mill viruses.  Personally I think it’s a good idea to have more than one anti-virus program since different programs seem to detect different things.  You should have one that is fully functioning and has a full time protection mode.  You should use your 2nd or 3rd for scanning only.  Doing a scan with a few different anti-viruses gives you a better chance of success in finding and deleting malicious code.  One word of advice, don’t have more than one anti-virus running in full protect mode or you will have conflicts.  If you don’t have an anti-virus program and are looking for one that is good and free I recommend Avast which has a personal version that is completely free.

2) Spyware Protection – In addition to having good anti-virus you also want a separate program that is specifically for spyware and adware.  These programs will go through your registry, cookies and other key areas to look at the files placed on your computer by websites while browsing.   Most cookies are perfectly legitimate and used by websites to keep track of your login information however others may compromise your personal information.  A good program for removing adware and spyware that is free is Ad-Aware.

3) Registry Analysis – You should also have a registry analysis tool such as HiJack This.  I cannot tell you the number of times that both my anti-virus and spyware programs found nothing and by running this program I was able to identify and clean the malware with this.  This program will give you a list of everything that happens in your registry.  This is where you will find viruses that continue to re-install themselves as well as people hijacking your browser and a lot of other nasty stuff.  The only warning I have with this program is to be sure you know what you are deleting before you do so….deleted needed registry files can really cause you problems.  If you are unsure if something is malicious or legitimate google the file name you should be able to find information on the file and it will tell you if it is legitimate or not.

4) Keep Windows Updated – Windows updates are essential to keeping your computer patched with the latest security updates.  Window is VERY vulnerable and can allow attacks and infections from a ton of different angles.  These security breaches are found all the time and patched so make sure you have window update set to automatically download and install patches.  If you would prefer to see what windows is installing first then have it automatically download the updates and then ask you to install them.  This will also avoid your computer being rebooted while it may be working on a task.

So those are the basics.  Nothing is 100% but keeping up with these steps as part of your computer maintenance routine will give you the best possible chance of your computer not being used in a cyber attack.

The reason is simple.  Big media has still yet to accept their business model will stop failing when they give us what we want the way we want it.  Television, Radio and Newspapers have all been hit with huge losses in the last few years.  The reason for each is the same the internet.  Audiences have diminished and ad revenues and jobs have been lost right along with it.  But I think what has really happened to big media is they have failed to seize a huge opportunity by being scared of change.

When Newsday launched this big plan to charge for news Rupert Murdoch went so far as to say that he was going to shut down Google from taking their content for free when speaking about Google indexing his content in their search results.  The problem with this kind of short sightedness is that he failed to recognize that if Google doesn’t know you exist….you basically don’t.  No matter how people feel about Google it has become home base for basically anything we do in our lives.  So if you choose to stop Google from indexing you, you have just told a large part of the population I have no interest in you knowing about my business and with so many choices out there it’s an easier choice for the consumer to just say next.

The other thing I think they failed to really think through is exactly what their product is it is essentially just information.  Information is available everywhere these days in fact it’s to the point where we are on information overload.  We have news sites, cable shows, network news, local news, bloggers, i-reporters, John Stewart and 800 other ways we get the news shoved at us daily.  So the reality is there is just nothing in this day and age that Newsday.com will cover that a ton of other people won’t as well.  For any given subject there are tons of articles out there that give any point of view so why would anyone pay Newsday.com $5 a week just to hear another one?

The moral of the story is big media has to give up the fight at somepoint if they want their audience back.  They have to start providing content the way we choose to receive it and the sooner they do the sooner they can get back to making money.  Big media has lived in a world of little to no competition for a long time and they have to change a lot of things in a big way to compete it is still yet to be seen if that will happen or if our grand kids will be asking what TV was and what a newspaper is.