Created properly, an extremely effective marketing tool.
It's a great concept, - and it has a 'cool factor' of 300%.
Many people will pop these into their drive just because of image appeal alone. What's really neat is when one is so well done, so informative, so interactive, that everybody wants one.
This type of viral marketing can be very effective and create residual traffic to your business. The point I would like to make here is, don't undertake these projects without specific goals in mind. Yes, they are cool, yes, they (themselves) are not that expensive, but without a well done message, or purpose, they lose the 'cool' effect very quickly. The point is to keep interest, no matter what your selling, or announcing, or rolling-out.
Anyone can get online and find a dozen CD replicating firms pretty quickly. What you really want to find is a pro- fessional consultant that can assist you in putting it all together, making it all work, and keeping it interesting.
This presentation is what will make the CD card become a success (sizzle!). Hyperformance Media is available for consultation on your project, contact us at your convenience. The CD cards are not your real expense (under $1), it's the chosen platform and presentation you care to deliver and how.
Let's look at some ideas...
One of the first things you should consider is that the presentation have live links to it's major content. In this way, we can constantly keep our site pages updated and the CD remains usable (not outdated). When loading, you can choose to have a permission based icon burned onto the user's Desktop that links directly to your website (and even ask permission).
You can make special offers that can be retrieved at your website. You can use them for your next huge Tradeshow, Product Announcement and Roll-out. How about your Corporate Year End Results?
These cards can hold different capacities (MB's), and come in many shapes. You can create a custom shape, but that adds heavily to the investment (there are plenty of shapes available).
You can fit audio, video, and most content within this form factor. The popular interface is currently Flash™ or other Macromedia™ applications. They are fast, allow complete creativity, and interface well on both PC and MAC platforms. If you have a Flash™ specialist in-house, then you can save money in the creation process.
Now you should take the major goals of the CD and layout a Storyboard that accomplishes those goals. We have a lot of flexibility here, we have audio, sounds, voices, music, and we have animation, video, and links to more information.
This should be your interactive TV commercial. Besides, the CD ROM's, we keep a copy of the commercial on our website for the benefit of the people who didn't receive a CD card. They can view our webmercial from online too! Use your logo prominently through-out your presentation (branding). Keep your messages and information focused, always restating the benefits. Know your audience! especially if this CD Project is directed at a specific market segment. Create the environment with that audience in mind, not what desk executives like.
The image on the cover of the CD is completely flexible as well. You can use a photograph, a screenshot, or a combination. The image resolution has improved dramatically in the past 3 years. Use or create some of your "best stuff" for these CD projects, it is worth it.
You also pay for plastic sleeves that each CD has been inserted in-to (you want these). It makes them very easy to mail.
Consider that image, you receive one in the mail with your Christmas card from the company. Maybe you ship one out with every order for a month..? It really depends on what you want to accomplish. We will spend the time with you to come up with the concepts necessary in having a successful campaign.
Sunday, April 30, 2006
Friday, April 28, 2006
How Do You Deal With Internet Fraud
Summary
Internet fraud should be addressed as two specific issues: fraud that uses Internet technology as an integral part of the fraud; fraud that is already taking place by other means and the Internet is merely another method of delivery.
Methods exist that stop fraudsters misusing the technology, which can be rapidly implemented, but factors such as industry acceptance and concerns over potential liability if previous security claims could be claimed to be inaccurate will delay introduction. Much effort is spent promoting logos and confusing self-regulation, and trying to catch fraudsters, whilst the adoption of formal standards and accreditation for security (such as ISO 17799) are only starting to take place.
New Internet environment crimes may exist, such as defrauding machines or causing business harm by denial of service or virus attacks, and these will require social and legal steps to address them. However, the Internet has provided the fraudster with access to a significantly bigger market than ever before and effort will be required to create an environment where fraud is resisted by design rather than by insurance.
Introduction
Internet fraud is said to be big business. But what is it, and does using the Internet create the fraud, or is the Internet just a different way of delivering ‘traditional’ fraud.
Fraud is essentially persuading someone of something with intent to deceive, perhaps with criminal intent. The deceit may be to persuade you to part with money, goods, services, rights or information.
For the purposes of this paper we are not going to examine methods of fraud, but look at the general techniques, how they are applied, and how, if at all, the Internet can be used to make those techniques easier for the criminal to use either to carry out a fraud or to escape detection.
General techniques of fraud
The key to fraud is to persuade you that something is real, when in fact it is not. Once you accept that the fake is real then the fraud can take place - whatever it is. Whether you are buying the Eiffel Tower in Paris or the Golden Gate bridge in San Francisco (both are real and have been seen by millions of people - and have been regularly ‘sold’) the essence is to believe the proposal that is put to you.
Other types of fraud essentially persuade you to do something in the (wrong) belief that it should be done, or to accept something in settlement that proves to be without the value you were led to believe. But they all come back to the same thing - the fraudster has to persuade you that his vision of the world is the correct one.
How do we normally counter fraud
In ordinary life there are many things set up to help avoid fraud. Mostly we rely upon physical things - buildings (such as banks) help to prove to us that we are dealing with something real - talking to people on the telephone on a number that is in a directory helps us believe that they are who we expect. At a more sophisticated level, businesses have to be registered and the directors names and addresses made public. There are also agencies with a duty to respond to complaints over the trading practices of businesses.
How does the Internet map to the real world
The Internet is rather different. The biggest problem for the Internet user is that there is no physical reference to use. You can’t go to a physical bookshop at www.amazon.com. You have to believe what the computer tells you, and that is the start of the problems.
We have many practical examples where people get the physical world wrong - they put their bank cards into fake ATMs and enter their PINs, they tell their friends and children their passwords (sometimes in public), they sign up to ‘get rich quick’ deals with people they don’t know - so how well are we set up to handle the Internet world, where web sites are just exactly as good as their designer intended?
The practical answer is just barely. The Internet is marketed as an anonymous zone. Information is free and users are anonymous. Now some of those features are desirable. When you go into a store it is the store that has to tell you who they are. If you pay with cash they will never know who you are and none of your legal rights are affected. They give you a receipt and you can check any of the details and get corrections made on the spot. If you want credit you have to tell them more about you, but not necessarily very much.
The Internet, by comparison, is anonymous whether you are the seller or the customer. For the seller it is as anonymous as they want to make it. This, of course, might be thought of as attractive to a fraudster.
Avoiding obvious frauds on the Internet
Some potential sources of fraud - misrepresenting a business as that of someone else - are being slowly dealt with. Domain name registration has almost reached the point where there is some certainty that www.harrods.com is the web version of a famous department store in Knightsbridge, London. But it is still very far from being fully resolved. It is still possible to register www.harrodds.com, www.harrodss.com. You can copy the real thing without too much difficulty, and with a bit of luck and some spelling mistakes a fraudster can still be in business.
But this type of fraud could be avoided by legislating to bring web site name registration into line with company registration rules, where similar names and “passing off “ are already dealt with. The methods for obtaining web site names that are primarily for ‘trade’ could also be addressed to ensure that they can only be obtained by registered businesses, and that the link between the domain name and the registered business is a matter of public record.
Some less obvious frauds
The Internet uses a technology called TCP/IP in order to send information between one point on the Internet and another. Unfortunately it was not designed to be secure, it was designed to be resilient. As a result it is possible to read information that travels around the Internet, and also to alter it. Therefore, it is possible both to read information that is not protected and copy information that has been protected using cryptography, (a technique that makes information unreadable to the unauthorized) and to change the unprotected information without being detected.
The effect of this is to create a situation where fraud can be carried out even when a genuine transaction is taking place. Fraud might include putting other recipient’s names on the distribution list to make you believe they are also involved or in agreement with what is going on. (This can happen in the physical world – processing a credit card transaction multiple times on paper and forging the signature from the valid bill.)
The fraud is subtle because it is impossible for either party to detect. It is effective because the fraudster may have gathered information that allows them to completely impersonate both parties in the future.
Solutions for technical problems
These frauds require a manipulation of the Internet technologies, and so can be resisted by technology. However, the technology being marketed to solve this problem Secure Sockets Layer (SSL), in the way in which it is usually implemented, has fundamental weaknesses, and has been shown to be capable of being defrauded. Many other schemes, based upon codes of practice and logos shown on web sites, although worthy in themselves, are equally capable of being defrauded. It seems strange that some advertising appears to suggest encryption technology using a 40 bit algorithm is perfectly secure for commerce, whilst also saying that 128 bit algorithms are essential.
Alternative technologies such as those from ArticSoft are being delivered now that allow end users to gain immediate validation of web site content itself. They require software to be present in the machines of the end users to act on behalf of the user to carry out checks that the user can be prevented for doing themselves by competent fraudsters.
They also require competent registration procedures for Internet traders to make it more difficult for a fraudster to enter the system and pretend to be genuine. Such registration procedures are claimed to be in place for SSL.
One of the most important international developments for defining security behaviour has been the adoption of the international standard ISO 17799 Code of Practice for Information Security Management. It is a comprehensive management standard for addressing the full range of issues for protecting information. Sensible adoption and application of the standard could provide significant benefits both to business and consumers. Self regulation schemes would do well to consider adopting it as a means of providing a common frame of reference for security and privacy claims.
Solutions to help user understanding
Web site design
The basic approaches to developing and designing Internet many web sites are based upon ease of implementation for the web site consistent with current ‘fashion’ for both appearance and implementing the latest technology. The user security experience is largely of unexplained transitions to web site addresses that do not relate to where they started. That contradicts the user’s real world experience and actually promotes fraud potential by forcing the user to either accept inconsistency or ignore it. Both positions mean the fraudster can insert his version of reality without ready detection.
The move to adding unexplained pop-up windows, unexplained other windows, moving information and other similar features have to be contrasted with the user confusion of the site he or she is dealing with and the fraud potential that brings. Also the introduction of monitoring software and similar programs can only increase the level of fundamental mistrust the user has in the Internet. From a domestic user point of view this is little short of hacking. So how do you know the good guys from the bad?
Re-making the presence of entire sites overnight contradicts the physical world where change has to be announced and is very evolutionary. It happens in slow time where regular customers build up acceptance and experience. Trying to educate users to live with rapid change is creating cultural change in Japan where new product take-up rates are reducing rapidly.
Security presentation
Security information needs to be proactive and tangible. Security solutions that rely upon static logos or that require the user to perform specific actions and then carry out manual checks of their own are flawed. Physical world checks do not work that way so there is no transfer of experience to the Internet.
Security information goes far beyond making claims about ’40 bit SSL’ technology. In the physical world you know where the store is and it can’t move rapidly. The location of an Internet site is less than clear. Provable information is needed to show the trading address of the business, real contact information, governing law and an effective link from that to any transaction being undertaken.
Security information must be considered when transactions fail to complete just as much as when they succeed. In the physical world the user can see when a transaction has not completed, but the Internet lacks that visual experience. Forms that re-set without explanation, or fail for reasons that are not explained fully on them, contribute to the inability of a user to detect fraud taking place. Such techniques are commonly used by fraudsters to gain information.
Does the law help users
Considerable efforts are being made by law enforcement agencies to prevent fraud (any many other criminal or civil wrongs) using the Internet and to prosecute wherever possible. Data protection, whether stemming from the European Directive, Human Rights, the US Health Information Portability and Accountability Act (HIPAA), seems to have enjoyed less visible action, although that information is needed in addition to credit card information in order to commit Internet frauds such as identity theft.
The problem the law faces is created by the non-national nature of the Internet, and the national nature of law. Even if there are suitable offences, being able to proceed successfully is difficult, and for the ordinary consumer rather daunting. For the consumer, producing available evidence long after a fraud has been detected is also problematic. The situation is further confused by the desire of valid industry to collect as much consumer information as possible - something the fraudster also wants, but for different reasons.
One also has to be careful that law is not used instead of industry action. Making something an offence does not mean that nothing need be done. The recent US Digital Millennium Act is perceived by some as preventing the exposing of inadequate security mechanisms. Given that the user is actually the one exposed by security inadequacies, careful consideration needs to be given over user reaction to such a situation.
Conclusions
Internet fraud has two distinct strands to it.
One results from the differences between doing business in the physical world and the dematerialized world of the Internet. This gap has been accentuated by the ‘world of the Internet’ to the point where the user has no conventional reference points. This leaves the user ill placed to make adequate judgments of any kind, not merely about security and the possibility of fraud.
The other results from technical inadequacies in the infrastructure used by the service providers. Lack of clear regulation has allowed registration practices to develop that are not acceptable anywhere else for doing business. Previously available security mechanisms have been implemented in ways that fail to protect the user and which require, if followed, unreasonable user effort and significant user education.
Mechanisms such as the law may be able to provide some assistance, but care needs to be taken that the law is not used as an excuse for inadequate business practices. It would be sensible to ensure that a duty of care to implement best practice is included in legislation to expose any who have failed to protect themselves, their shareholders or their customers. Self regulation is another essential approach, but it must avoid becoming all self and no regulation if it is to carry real conviction to a suspicious user community, and its practices must be clear, obvious and understandable to the ordinary man. The paper world has already done this so wheel re-inventing is not required.
The introduction of new technologies places responsibilities upon their implementers. The developers have a responsibility to get it technically right. The implementers have a responsibility to deal with its social and cultural dimensions, and cannot stand back and ignore these. Professional web site design carries a great deal more responsibility than merely sorting out key words, search terms and a site map.
References:
1. Web spoofing allows an attacker to create a "shadow copy" of the entire site. www.cs.princeton.edu/sip/pub/spoofing.html
2. Spoofing the Whole Web. www.bau2.uibk.ac.at/matic/spoofing.htm
3. What is web spoofing? www.nmrc.org/faqs/hackfaq/hackfaq-9.html
4. Dartmouth PKI Lab Web Spoofing Demonstration - www.cs.dartmouth.edu/~pkilab/demos/spoofing/index.shtml
5. Some Web spoofing may be noticeable, so it is helpful to keep these tips in mind: www.washington.edu/computing/windows/issue22/spoofing.html
6. Navigator and Microsoft Internet Explorer. Web spoofing allows an attacker to create a "shadow copy" of the entire World Wide Web. Accesses to the shadow Web www.secinf.net/info/www/security16.txt
7. The Digital Millennium Copyright Act (DMCA). The DMCA is being used to silence researchers, computer scientists and critics. www.anti-dmca.org
8. Provisions in Chapter 12 of the US Copyright Act, enacted in the Digital Millennium Copyright Act ("DMCA") must be repealed or struck down as unconstitutional - www.petitiononline.com/nixdmca/petition.html
9. The New York lawsuit appears to be the first to use the Digital Millennium Copyright Act (DMCA) to try to restrict a computer program - www.wired.com/news/politics
10. Authentication Who’s Site Is It Really? by ArticSoft www.articsoft.com/wp_authentication.htm
11. The Changing Face of Web Security by ArticSoft www.articsoft.com/wp_changingface.htm
12. Credit Card Fraud, Link to Top Ten Home Page. The Bait: Surf the Internet and view adult images www.ftc.gov/bcp/conline/edcams/dotcon/credit.htm
13. Credit card fraud hit 1 in 20 users. And identity theft hit 1 in 50 during past year, study shows. By Bob Sullivan MSNBC. www.msnbc.com/news/718115.asp
14. Around 900,000 victims across 22 countries. The biggest credit card fraud ever. Fraudulent credit card transactions generated using adult web site merchant. www.faughnan.com/ccfraud.html
15. 5.2 percent of respondents saying they'd been victimized by credit card fraud in 2001 -- and 1.9 percent said they'd been victimized by identity theft www.cnn.com/2002/TECH/internet/03/04/fraud.online.survey/
16. ISO 17799 (2000) references may be found at www.bsi-global.com and at www.xisec.comm
Internet fraud should be addressed as two specific issues: fraud that uses Internet technology as an integral part of the fraud; fraud that is already taking place by other means and the Internet is merely another method of delivery.
Methods exist that stop fraudsters misusing the technology, which can be rapidly implemented, but factors such as industry acceptance and concerns over potential liability if previous security claims could be claimed to be inaccurate will delay introduction. Much effort is spent promoting logos and confusing self-regulation, and trying to catch fraudsters, whilst the adoption of formal standards and accreditation for security (such as ISO 17799) are only starting to take place.
New Internet environment crimes may exist, such as defrauding machines or causing business harm by denial of service or virus attacks, and these will require social and legal steps to address them. However, the Internet has provided the fraudster with access to a significantly bigger market than ever before and effort will be required to create an environment where fraud is resisted by design rather than by insurance.
Introduction
Internet fraud is said to be big business. But what is it, and does using the Internet create the fraud, or is the Internet just a different way of delivering ‘traditional’ fraud.
Fraud is essentially persuading someone of something with intent to deceive, perhaps with criminal intent. The deceit may be to persuade you to part with money, goods, services, rights or information.
For the purposes of this paper we are not going to examine methods of fraud, but look at the general techniques, how they are applied, and how, if at all, the Internet can be used to make those techniques easier for the criminal to use either to carry out a fraud or to escape detection.
General techniques of fraud
The key to fraud is to persuade you that something is real, when in fact it is not. Once you accept that the fake is real then the fraud can take place - whatever it is. Whether you are buying the Eiffel Tower in Paris or the Golden Gate bridge in San Francisco (both are real and have been seen by millions of people - and have been regularly ‘sold’) the essence is to believe the proposal that is put to you.
Other types of fraud essentially persuade you to do something in the (wrong) belief that it should be done, or to accept something in settlement that proves to be without the value you were led to believe. But they all come back to the same thing - the fraudster has to persuade you that his vision of the world is the correct one.
How do we normally counter fraud
In ordinary life there are many things set up to help avoid fraud. Mostly we rely upon physical things - buildings (such as banks) help to prove to us that we are dealing with something real - talking to people on the telephone on a number that is in a directory helps us believe that they are who we expect. At a more sophisticated level, businesses have to be registered and the directors names and addresses made public. There are also agencies with a duty to respond to complaints over the trading practices of businesses.
How does the Internet map to the real world
The Internet is rather different. The biggest problem for the Internet user is that there is no physical reference to use. You can’t go to a physical bookshop at www.amazon.com. You have to believe what the computer tells you, and that is the start of the problems.
We have many practical examples where people get the physical world wrong - they put their bank cards into fake ATMs and enter their PINs, they tell their friends and children their passwords (sometimes in public), they sign up to ‘get rich quick’ deals with people they don’t know - so how well are we set up to handle the Internet world, where web sites are just exactly as good as their designer intended?
The practical answer is just barely. The Internet is marketed as an anonymous zone. Information is free and users are anonymous. Now some of those features are desirable. When you go into a store it is the store that has to tell you who they are. If you pay with cash they will never know who you are and none of your legal rights are affected. They give you a receipt and you can check any of the details and get corrections made on the spot. If you want credit you have to tell them more about you, but not necessarily very much.
The Internet, by comparison, is anonymous whether you are the seller or the customer. For the seller it is as anonymous as they want to make it. This, of course, might be thought of as attractive to a fraudster.
Avoiding obvious frauds on the Internet
Some potential sources of fraud - misrepresenting a business as that of someone else - are being slowly dealt with. Domain name registration has almost reached the point where there is some certainty that www.harrods.com is the web version of a famous department store in Knightsbridge, London. But it is still very far from being fully resolved. It is still possible to register www.harrodds.com, www.harrodss.com. You can copy the real thing without too much difficulty, and with a bit of luck and some spelling mistakes a fraudster can still be in business.
But this type of fraud could be avoided by legislating to bring web site name registration into line with company registration rules, where similar names and “passing off “ are already dealt with. The methods for obtaining web site names that are primarily for ‘trade’ could also be addressed to ensure that they can only be obtained by registered businesses, and that the link between the domain name and the registered business is a matter of public record.
Some less obvious frauds
The Internet uses a technology called TCP/IP in order to send information between one point on the Internet and another. Unfortunately it was not designed to be secure, it was designed to be resilient. As a result it is possible to read information that travels around the Internet, and also to alter it. Therefore, it is possible both to read information that is not protected and copy information that has been protected using cryptography, (a technique that makes information unreadable to the unauthorized) and to change the unprotected information without being detected.
The effect of this is to create a situation where fraud can be carried out even when a genuine transaction is taking place. Fraud might include putting other recipient’s names on the distribution list to make you believe they are also involved or in agreement with what is going on. (This can happen in the physical world – processing a credit card transaction multiple times on paper and forging the signature from the valid bill.)
The fraud is subtle because it is impossible for either party to detect. It is effective because the fraudster may have gathered information that allows them to completely impersonate both parties in the future.
Solutions for technical problems
These frauds require a manipulation of the Internet technologies, and so can be resisted by technology. However, the technology being marketed to solve this problem Secure Sockets Layer (SSL), in the way in which it is usually implemented, has fundamental weaknesses, and has been shown to be capable of being defrauded. Many other schemes, based upon codes of practice and logos shown on web sites, although worthy in themselves, are equally capable of being defrauded. It seems strange that some advertising appears to suggest encryption technology using a 40 bit algorithm is perfectly secure for commerce, whilst also saying that 128 bit algorithms are essential.
Alternative technologies such as those from ArticSoft are being delivered now that allow end users to gain immediate validation of web site content itself. They require software to be present in the machines of the end users to act on behalf of the user to carry out checks that the user can be prevented for doing themselves by competent fraudsters.
They also require competent registration procedures for Internet traders to make it more difficult for a fraudster to enter the system and pretend to be genuine. Such registration procedures are claimed to be in place for SSL.
One of the most important international developments for defining security behaviour has been the adoption of the international standard ISO 17799 Code of Practice for Information Security Management. It is a comprehensive management standard for addressing the full range of issues for protecting information. Sensible adoption and application of the standard could provide significant benefits both to business and consumers. Self regulation schemes would do well to consider adopting it as a means of providing a common frame of reference for security and privacy claims.
Solutions to help user understanding
Web site design
The basic approaches to developing and designing Internet many web sites are based upon ease of implementation for the web site consistent with current ‘fashion’ for both appearance and implementing the latest technology. The user security experience is largely of unexplained transitions to web site addresses that do not relate to where they started. That contradicts the user’s real world experience and actually promotes fraud potential by forcing the user to either accept inconsistency or ignore it. Both positions mean the fraudster can insert his version of reality without ready detection.
The move to adding unexplained pop-up windows, unexplained other windows, moving information and other similar features have to be contrasted with the user confusion of the site he or she is dealing with and the fraud potential that brings. Also the introduction of monitoring software and similar programs can only increase the level of fundamental mistrust the user has in the Internet. From a domestic user point of view this is little short of hacking. So how do you know the good guys from the bad?
Re-making the presence of entire sites overnight contradicts the physical world where change has to be announced and is very evolutionary. It happens in slow time where regular customers build up acceptance and experience. Trying to educate users to live with rapid change is creating cultural change in Japan where new product take-up rates are reducing rapidly.
Security presentation
Security information needs to be proactive and tangible. Security solutions that rely upon static logos or that require the user to perform specific actions and then carry out manual checks of their own are flawed. Physical world checks do not work that way so there is no transfer of experience to the Internet.
Security information goes far beyond making claims about ’40 bit SSL’ technology. In the physical world you know where the store is and it can’t move rapidly. The location of an Internet site is less than clear. Provable information is needed to show the trading address of the business, real contact information, governing law and an effective link from that to any transaction being undertaken.
Security information must be considered when transactions fail to complete just as much as when they succeed. In the physical world the user can see when a transaction has not completed, but the Internet lacks that visual experience. Forms that re-set without explanation, or fail for reasons that are not explained fully on them, contribute to the inability of a user to detect fraud taking place. Such techniques are commonly used by fraudsters to gain information.
Does the law help users
Considerable efforts are being made by law enforcement agencies to prevent fraud (any many other criminal or civil wrongs) using the Internet and to prosecute wherever possible. Data protection, whether stemming from the European Directive, Human Rights, the US Health Information Portability and Accountability Act (HIPAA), seems to have enjoyed less visible action, although that information is needed in addition to credit card information in order to commit Internet frauds such as identity theft.
The problem the law faces is created by the non-national nature of the Internet, and the national nature of law. Even if there are suitable offences, being able to proceed successfully is difficult, and for the ordinary consumer rather daunting. For the consumer, producing available evidence long after a fraud has been detected is also problematic. The situation is further confused by the desire of valid industry to collect as much consumer information as possible - something the fraudster also wants, but for different reasons.
One also has to be careful that law is not used instead of industry action. Making something an offence does not mean that nothing need be done. The recent US Digital Millennium Act is perceived by some as preventing the exposing of inadequate security mechanisms. Given that the user is actually the one exposed by security inadequacies, careful consideration needs to be given over user reaction to such a situation.
Conclusions
Internet fraud has two distinct strands to it.
One results from the differences between doing business in the physical world and the dematerialized world of the Internet. This gap has been accentuated by the ‘world of the Internet’ to the point where the user has no conventional reference points. This leaves the user ill placed to make adequate judgments of any kind, not merely about security and the possibility of fraud.
The other results from technical inadequacies in the infrastructure used by the service providers. Lack of clear regulation has allowed registration practices to develop that are not acceptable anywhere else for doing business. Previously available security mechanisms have been implemented in ways that fail to protect the user and which require, if followed, unreasonable user effort and significant user education.
Mechanisms such as the law may be able to provide some assistance, but care needs to be taken that the law is not used as an excuse for inadequate business practices. It would be sensible to ensure that a duty of care to implement best practice is included in legislation to expose any who have failed to protect themselves, their shareholders or their customers. Self regulation is another essential approach, but it must avoid becoming all self and no regulation if it is to carry real conviction to a suspicious user community, and its practices must be clear, obvious and understandable to the ordinary man. The paper world has already done this so wheel re-inventing is not required.
The introduction of new technologies places responsibilities upon their implementers. The developers have a responsibility to get it technically right. The implementers have a responsibility to deal with its social and cultural dimensions, and cannot stand back and ignore these. Professional web site design carries a great deal more responsibility than merely sorting out key words, search terms and a site map.
References:
1. Web spoofing allows an attacker to create a "shadow copy" of the entire site. www.cs.princeton.edu/sip/pub/spoofing.html
2. Spoofing the Whole Web. www.bau2.uibk.ac.at/matic/spoofing.htm
3. What is web spoofing? www.nmrc.org/faqs/hackfaq/hackfaq-9.html
4. Dartmouth PKI Lab Web Spoofing Demonstration - www.cs.dartmouth.edu/~pkilab/demos/spoofing/index.shtml
5. Some Web spoofing may be noticeable, so it is helpful to keep these tips in mind: www.washington.edu/computing/windows/issue22/spoofing.html
6. Navigator and Microsoft Internet Explorer. Web spoofing allows an attacker to create a "shadow copy" of the entire World Wide Web. Accesses to the shadow Web www.secinf.net/info/www/security16.txt
7. The Digital Millennium Copyright Act (DMCA). The DMCA is being used to silence researchers, computer scientists and critics. www.anti-dmca.org
8. Provisions in Chapter 12 of the US Copyright Act, enacted in the Digital Millennium Copyright Act ("DMCA") must be repealed or struck down as unconstitutional - www.petitiononline.com/nixdmca/petition.html
9. The New York lawsuit appears to be the first to use the Digital Millennium Copyright Act (DMCA) to try to restrict a computer program - www.wired.com/news/politics
10. Authentication Who’s Site Is It Really? by ArticSoft www.articsoft.com/wp_authentication.htm
11. The Changing Face of Web Security by ArticSoft www.articsoft.com/wp_changingface.htm
12. Credit Card Fraud, Link to Top Ten Home Page. The Bait: Surf the Internet and view adult images www.ftc.gov/bcp/conline/edcams/dotcon/credit.htm
13. Credit card fraud hit 1 in 20 users. And identity theft hit 1 in 50 during past year, study shows. By Bob Sullivan MSNBC. www.msnbc.com/news/718115.asp
14. Around 900,000 victims across 22 countries. The biggest credit card fraud ever. Fraudulent credit card transactions generated using adult web site merchant. www.faughnan.com/ccfraud.html
15. 5.2 percent of respondents saying they'd been victimized by credit card fraud in 2001 -- and 1.9 percent said they'd been victimized by identity theft www.cnn.com/2002/TECH/internet/03/04/fraud.online.survey/
16. ISO 17799 (2000) references may be found at www.bsi-global.com and at www.xisec.comm
Sunday, April 23, 2006
The security risks and ways to decrease vulnerabilities in a 802.11b wireless environment
Introduction
This document explains topics relating to wireless networks. The main topics discussed include, what type of vulnerabilities exist today in 802.11 networks and ways that you can help prevent these vulnerabilities from happening. Wireless networks have not been around for many years. Federal Express has been using a type of wireless networks, common to the 802.11 networks used today, but the general public has recently just started to use wireless networking technology. Because of weak security that exists in wireless networks, companies such as Best Buy have decided to postpone the roll-out of wireless technology. The United States Government has done likewise and is suspending the use of wireless until a more universal, secure solution is available.
Background
What is Wireless?
Wireless LANs or Wi-Fi is a technology used to connect computers and devices together. Wireless LANs give persons more mobility and flexibility by allowing workers to stay connected to the Internet and to the network as they roam from one coverage area to another. This increases efficiency by allowing data to be entered and accessed on site.
Besides being very simple to install, WLANs are easy to understand and use. With few exceptions, everything to do with wired LANs applies to wireless LANs. They function like, and are commonly connected to, wired Ethernet networks.
The Wireless Ethernet Compatibility Alliance [WECA] is the industry organization that certifies 802.11 products that are deemed to meet a base standard of interoperability. The first family of products to be certified by WECA is that based on the 802.11b standard. This set of products is what we will be studying. Also more standards exist such as 802.11a and 802.11g.
The original 802.11 standard was published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz, using either FHSS or DSSS. Since that time many task groups have been formed to create supplements and enhancements to the original 802.11 standard.
The 802.11b TG created a supplement to the original 802.11 standard, called 802.11b, which has become the industry standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps at 2.4 Ghz. 802.11b will eventually be replaced by standards which have better QoS features, and better security.
Network Topology
There are two main topologies in wireless networks which can be configured:
Peer-to-peer (ad hoc mode) – This configuration is identical to its wired counterpart, except without the wires. Two or more devices can talk to each other without an AP.
Client/Server (infrastructure networking) – This configuration is identical to its wired counterpart, except without the wires. This is the most common wireless network used today, and what most of the concepts in this paper apply to.
Benefits of Wireless LANs
* WLANs can be used to replace wired LANs, or as an extension of a wired infrastructure. It costs far less to deploy a wireless LAN than to deploy a wired one. A major cost of installing and modifying a wired network is the expense to run network and power cables, all in accordance with local building codes. Example of additional applications where the decision to deploy WLANs include:
* Additions or moves of computers.
* Installation of temporary networks
* Installation of hard-to-wire locations
Wireless LANs give you more mobility and flexibility by allowing you to stay connected to the Internet and to the network as you roam.
Cons of Wireless LANs
Wireless LANs are a relatively new technology which has only been around since 1999. With any new technology, standards are always improving, but in the beginning are unreliable and insecure. Wired networks send traffic over a dedicated line that is physically private; WLANs send their traffic over shared space, airwaves. This introduces interference from other traffic and the need for additional security. Besides interference from other wireless LAN devices, the 2.4 GHz is also used by cordless phones and microwaves.
Security Issues of WLANs
* War-driving
War-driving is a process in which an individual uses a wireless device such as a laptop or PDA to drive around looking for wireless networks. Some people do this as a hobby and map out different wireless networks which they find. Other people, who can be considered hackers, will look for wireless networks and then break into the networks. If a wireless is not secure, it can be fairly easy to break into the network and obtain confidential information. Even with security, hackers can break the security and hack. One of the most prevalent tools used on PDAs and Microsoft windows devices is, Network Stumbler, which can be downloaded at http://www.netstumbler.com. Equipped with the software and device, a person can map out wireless access points if a GPS unit is attached. Adding an antenna to the wireless card increases the capabilities of Wi-Fi. More information can be found at: http://www.wardriving.info and http://www.wardriving.com to name a few.
* War-chalking
War-chalking is a method of marking wireless networks by using chalk most commonly. War-driving is usually the method used to search for networks, and then the person will mark the network with chalk that gives information about the network. Some of the information would include, what the network name is, whether the network has security, and possibly the contact information of who owns the network. If your wireless network is War-chalked and you don't realize it, your network can be used and/or broken into faster, because of information shown about your network.
Eavesdropping & Espionage
Because wireless communication is broadcast over radio waves, eavesdroppers who just listen over the airwaves can easily pick up unencrypted messages. These intruders put businesses at risk of exposing sensitive information to corporate espionage. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Internal Vulnerabilities
Within an organization network security can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure Network Configuration, and Accidental Associations to name a few.
Rouge Access Points – An employee of an organization might hook up an access point without the permission or even knowledge of IT. This is simple to do, all a person has to do is plug an Access point or wireless router into an existing live LAN jack and they are on the network. One statistic in 2001 by Gartner said that, “at least 20 percent of enterprises already have rouge access points.” Another type of attack would be if, someone from outside the organization, enters into the workplace and adds an Access Point by means of Social Engineering.
Insecure Network Configurations- Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are mis-configured, the network can be compromised.
Accidental Associations – This can happen if a wireless network is setup using the same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on the neighboring network. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Social Engineering – Social Engineering is one of the most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters the workplace. The secretary sees his fake credentials and lets him get pass the front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into the network. At the same time he configures the Access Point to not broadcast its SSID and modifies a few other settings to make it hard for the IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from the access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if the secrets of the company were revealed to competitors.
Bruce Schneier came to my classroom and said the following about Social Engineering, “Someone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable.”
Securing Wireless Networks
According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control the damage which can be done if security is breached. One can try many different tools on the market which can help prevent security breaches.
WEP – WEP supports both 64 and 128-bit keys. Both are vulnerable, however, because the initialization vector is only 24-bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.
VPN and IPSec- IPSec VPNs let companies connect remote offices or wireless connections using the public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect the data as it crosses the public network, so companies don't have to sacrifice data privacy and integrity for lower costs. A lot of VPN's exist on the market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be the same brand as your clients most of the time. Some VPNs include:
* Borderware
* BroadConnex Networks
* CheckPoint
* Cisco
* Computer Associates
DMZ – Adding this to your network enables you to put your wireless network on an untrusted segment of your network.
Firewalls – Firewalls are all over the place. Firewalls range from hardware to software versions. By adding a firewall between the wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn't go into specifics about different firewalls and how to set them up, but there are many. Some of the firewalls include:
* ZoneAlarm (an inexpensive based software firewall) Zonelabs.com
* Symantec has many different firewalls depending what you require.
PKI - Public-key infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html
Site Surveys – Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.
Proactive Approaches
Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.
Honeypots – are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.
“ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap's decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.”
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157
Intrusion Detection – Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.
“Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.” http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1
Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.
Quick tips and tricks
* When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:
* Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.
* Change the default password – generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.
* Disable broadcasting SSID: By default AP's broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.
* Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.
* Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.
* Put your wireless access points in a hard to find and reach spot.
* Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.
* Read current press releases about emerging wireless news.
This document explains topics relating to wireless networks. The main topics discussed include, what type of vulnerabilities exist today in 802.11 networks and ways that you can help prevent these vulnerabilities from happening. Wireless networks have not been around for many years. Federal Express has been using a type of wireless networks, common to the 802.11 networks used today, but the general public has recently just started to use wireless networking technology. Because of weak security that exists in wireless networks, companies such as Best Buy have decided to postpone the roll-out of wireless technology. The United States Government has done likewise and is suspending the use of wireless until a more universal, secure solution is available.
Background
What is Wireless?
Wireless LANs or Wi-Fi is a technology used to connect computers and devices together. Wireless LANs give persons more mobility and flexibility by allowing workers to stay connected to the Internet and to the network as they roam from one coverage area to another. This increases efficiency by allowing data to be entered and accessed on site.
Besides being very simple to install, WLANs are easy to understand and use. With few exceptions, everything to do with wired LANs applies to wireless LANs. They function like, and are commonly connected to, wired Ethernet networks.
The Wireless Ethernet Compatibility Alliance [WECA] is the industry organization that certifies 802.11 products that are deemed to meet a base standard of interoperability. The first family of products to be certified by WECA is that based on the 802.11b standard. This set of products is what we will be studying. Also more standards exist such as 802.11a and 802.11g.
The original 802.11 standard was published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz, using either FHSS or DSSS. Since that time many task groups have been formed to create supplements and enhancements to the original 802.11 standard.
The 802.11b TG created a supplement to the original 802.11 standard, called 802.11b, which has become the industry standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps at 2.4 Ghz. 802.11b will eventually be replaced by standards which have better QoS features, and better security.
Network Topology
There are two main topologies in wireless networks which can be configured:
Peer-to-peer (ad hoc mode) – This configuration is identical to its wired counterpart, except without the wires. Two or more devices can talk to each other without an AP.
Client/Server (infrastructure networking) – This configuration is identical to its wired counterpart, except without the wires. This is the most common wireless network used today, and what most of the concepts in this paper apply to.
Benefits of Wireless LANs
* WLANs can be used to replace wired LANs, or as an extension of a wired infrastructure. It costs far less to deploy a wireless LAN than to deploy a wired one. A major cost of installing and modifying a wired network is the expense to run network and power cables, all in accordance with local building codes. Example of additional applications where the decision to deploy WLANs include:
* Additions or moves of computers.
* Installation of temporary networks
* Installation of hard-to-wire locations
Wireless LANs give you more mobility and flexibility by allowing you to stay connected to the Internet and to the network as you roam.
Cons of Wireless LANs
Wireless LANs are a relatively new technology which has only been around since 1999. With any new technology, standards are always improving, but in the beginning are unreliable and insecure. Wired networks send traffic over a dedicated line that is physically private; WLANs send their traffic over shared space, airwaves. This introduces interference from other traffic and the need for additional security. Besides interference from other wireless LAN devices, the 2.4 GHz is also used by cordless phones and microwaves.
Security Issues of WLANs
* War-driving
War-driving is a process in which an individual uses a wireless device such as a laptop or PDA to drive around looking for wireless networks. Some people do this as a hobby and map out different wireless networks which they find. Other people, who can be considered hackers, will look for wireless networks and then break into the networks. If a wireless is not secure, it can be fairly easy to break into the network and obtain confidential information. Even with security, hackers can break the security and hack. One of the most prevalent tools used on PDAs and Microsoft windows devices is, Network Stumbler, which can be downloaded at http://www.netstumbler.com. Equipped with the software and device, a person can map out wireless access points if a GPS unit is attached. Adding an antenna to the wireless card increases the capabilities of Wi-Fi. More information can be found at: http://www.wardriving.info and http://www.wardriving.com to name a few.
* War-chalking
War-chalking is a method of marking wireless networks by using chalk most commonly. War-driving is usually the method used to search for networks, and then the person will mark the network with chalk that gives information about the network. Some of the information would include, what the network name is, whether the network has security, and possibly the contact information of who owns the network. If your wireless network is War-chalked and you don't realize it, your network can be used and/or broken into faster, because of information shown about your network.
Eavesdropping & Espionage
Because wireless communication is broadcast over radio waves, eavesdroppers who just listen over the airwaves can easily pick up unencrypted messages. These intruders put businesses at risk of exposing sensitive information to corporate espionage. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Internal Vulnerabilities
Within an organization network security can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure Network Configuration, and Accidental Associations to name a few.
Rouge Access Points – An employee of an organization might hook up an access point without the permission or even knowledge of IT. This is simple to do, all a person has to do is plug an Access point or wireless router into an existing live LAN jack and they are on the network. One statistic in 2001 by Gartner said that, “at least 20 percent of enterprises already have rouge access points.” Another type of attack would be if, someone from outside the organization, enters into the workplace and adds an Access Point by means of Social Engineering.
Insecure Network Configurations- Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are mis-configured, the network can be compromised.
Accidental Associations – This can happen if a wireless network is setup using the same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on the neighboring network. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Social Engineering – Social Engineering is one of the most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters the workplace. The secretary sees his fake credentials and lets him get pass the front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into the network. At the same time he configures the Access Point to not broadcast its SSID and modifies a few other settings to make it hard for the IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from the access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if the secrets of the company were revealed to competitors.
Bruce Schneier came to my classroom and said the following about Social Engineering, “Someone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable.”
Securing Wireless Networks
According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control the damage which can be done if security is breached. One can try many different tools on the market which can help prevent security breaches.
WEP – WEP supports both 64 and 128-bit keys. Both are vulnerable, however, because the initialization vector is only 24-bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.
VPN and IPSec- IPSec VPNs let companies connect remote offices or wireless connections using the public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect the data as it crosses the public network, so companies don't have to sacrifice data privacy and integrity for lower costs. A lot of VPN's exist on the market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be the same brand as your clients most of the time. Some VPNs include:
* Borderware
* BroadConnex Networks
* CheckPoint
* Cisco
* Computer Associates
DMZ – Adding this to your network enables you to put your wireless network on an untrusted segment of your network.
Firewalls – Firewalls are all over the place. Firewalls range from hardware to software versions. By adding a firewall between the wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn't go into specifics about different firewalls and how to set them up, but there are many. Some of the firewalls include:
* ZoneAlarm (an inexpensive based software firewall) Zonelabs.com
* Symantec has many different firewalls depending what you require.
PKI - Public-key infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html
Site Surveys – Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.
Proactive Approaches
Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.
Honeypots – are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.
“ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap's decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.”
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157
Intrusion Detection – Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.
“Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.” http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1
Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.
Quick tips and tricks
* When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:
* Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.
* Change the default password – generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.
* Disable broadcasting SSID: By default AP's broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.
* Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.
* Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.
* Put your wireless access points in a hard to find and reach spot.
* Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.
* Read current press releases about emerging wireless news.
Wednesday, April 19, 2006
Are Autoresponders An Important Part Of Internet Marketing?
Setting up and using email autoresponders on your site is an easy way to make repeated contact with your visitors. Studies have shown that more than 60% of a site's visitors who eventually end up buying a product or service don't do it on their first visit. An E-mail autoresponder is one way to encourage your visitors to return and make that purchase!
It can be simple to set up and use an autoresponder, unless of course, like me, you set up a message when you're over tired, late at night, and forget to tell the autoresponder what message to start at and what message to stop at while running a "test". I actually did this and sent 491 blank email messages to our personal email account! Needless to say, I clogged up our account and had to delete each message individually. Very time consuming and frustrating to say the least but it never happened a second time. And, it has given us something to laugh about from time to time.
There are many advantages to having e-mail autoresponders such as:
* Give your visitors an easy way to receive a "printer friendly" version of your sites main sales messages.
* Send a several part e-mail course (the free email course can be a powerful incentive for your visitors to leave their email addresses which also builds your subscriber list.
* Send repeated messages to your visitors with reminders of what you sell and what its benefits are.
* Collects addresses for your e-mail ezine which will give you periodic access to your site's visitors. You can sell advertising in your ezine or just use it to promote your products and services.
There are two main types of autoresponders. They each have their pros and cons.
Autoresponder services:
Autoresponder services are web based services that allow you to send a series of emails to a visitor who has either requested the email through a web-based form on you site (the service provides the html code for your site to use) or who has sent an email to a specific address the service has provided you to use. The primary advantage of such services is that they are very easy to set up, and are very reliable. In addition, they are host independent. This means that your web host doesn't have to allow you to run any particular services on your site to have access to all that an e-mail autoresponder can provide.
Autoresponder programs (or scripts):
The other choice for an autoresponder is to purchase (or lease) a program or a script (usually written in perl, requiring CGI access on your server.) Several of these are available. They offer the potential for lower cost, especially if you have multiple web sites to support. (But be careful to check the license agreement. Some license agreements require an additional fee if you are going to use the program or script on more than one site at the same time. These types of autoresponders also allow, potentially at least, for increased flexibility. Some are quite powerful in their own right, while perl scripts can generally be modified to suit your needs for a fee.
Whatever your choice or needs Email Autoresponders most definately play an important role in your success as an internet marketer.
If you're in need of a Host with unlimited autoresponders or tired of bad service from your present one I highly recommend the following. It's only a dollar for a 2 week trial and provides Free leads & a business opportunity too!
It can be simple to set up and use an autoresponder, unless of course, like me, you set up a message when you're over tired, late at night, and forget to tell the autoresponder what message to start at and what message to stop at while running a "test". I actually did this and sent 491 blank email messages to our personal email account! Needless to say, I clogged up our account and had to delete each message individually. Very time consuming and frustrating to say the least but it never happened a second time. And, it has given us something to laugh about from time to time.
There are many advantages to having e-mail autoresponders such as:
* Give your visitors an easy way to receive a "printer friendly" version of your sites main sales messages.
* Send a several part e-mail course (the free email course can be a powerful incentive for your visitors to leave their email addresses which also builds your subscriber list.
* Send repeated messages to your visitors with reminders of what you sell and what its benefits are.
* Collects addresses for your e-mail ezine which will give you periodic access to your site's visitors. You can sell advertising in your ezine or just use it to promote your products and services.
There are two main types of autoresponders. They each have their pros and cons.
Autoresponder services:
Autoresponder services are web based services that allow you to send a series of emails to a visitor who has either requested the email through a web-based form on you site (the service provides the html code for your site to use) or who has sent an email to a specific address the service has provided you to use. The primary advantage of such services is that they are very easy to set up, and are very reliable. In addition, they are host independent. This means that your web host doesn't have to allow you to run any particular services on your site to have access to all that an e-mail autoresponder can provide.
Autoresponder programs (or scripts):
The other choice for an autoresponder is to purchase (or lease) a program or a script (usually written in perl, requiring CGI access on your server.) Several of these are available. They offer the potential for lower cost, especially if you have multiple web sites to support. (But be careful to check the license agreement. Some license agreements require an additional fee if you are going to use the program or script on more than one site at the same time. These types of autoresponders also allow, potentially at least, for increased flexibility. Some are quite powerful in their own right, while perl scripts can generally be modified to suit your needs for a fee.
Whatever your choice or needs Email Autoresponders most definately play an important role in your success as an internet marketer.
If you're in need of a Host with unlimited autoresponders or tired of bad service from your present one I highly recommend the following. It's only a dollar for a 2 week trial and provides Free leads & a business opportunity too!
Are Autoresponders An Important Part Of Internet Marketing?
Setting up and using email autoresponders on your site is an easy way to make repeated contact with your visitors. Studies have shown that more than 60% of a site's visitors who eventually end up buying a product or service don't do it on their first visit. An E-mail autoresponder is one way to encourage your visitors to return and make that purchase!
It can be simple to set up and use an autoresponder, unless of course, like me, you set up a message when you're over tired, late at night, and forget to tell the autoresponder what message to start at and what message to stop at while running a "test". I actually did this and sent 491 blank email messages to our personal email account! Needless to say, I clogged up our account and had to delete each message individually. Very time consuming and frustrating to say the least but it never happened a second time. And, it has given us something to laugh about from time to time.
There are many advantages to having e-mail autoresponders such as:
* Give your visitors an easy way to receive a "printer friendly" version of your sites main sales messages.
* Send a several part e-mail course (the free email course can be a powerful incentive for your visitors to leave their email addresses which also builds your subscriber list.
* Send repeated messages to your visitors with reminders of what you sell and what its benefits are.
* Collects addresses for your e-mail ezine which will give you periodic access to your site's visitors. You can sell advertising in your ezine or just use it to promote your products and services.
There are two main types of autoresponders. They each have their pros and cons.
Autoresponder services:
Autoresponder services are web based services that allow you to send a series of emails to a visitor who has either requested the email through a web-based form on you site (the service provides the html code for your site to use) or who has sent an email to a specific address the service has provided you to use. The primary advantage of such services is that they are very easy to set up, and are very reliable. In addition, they are host independent. This means that your web host doesn't have to allow you to run any particular services on your site to have access to all that an e-mail autoresponder can provide.
Autoresponder programs (or scripts):
The other choice for an autoresponder is to purchase (or lease) a program or a script (usually written in perl, requiring CGI access on your server.) Several of these are available. They offer the potential for lower cost, especially if you have multiple web sites to support. (But be careful to check the license agreement. Some license agreements require an additional fee if you are going to use the program or script on more than one site at the same time. These types of autoresponders also allow, potentially at least, for increased flexibility. Some are quite powerful in their own right, while perl scripts can generally be modified to suit your needs for a fee.
Whatever your choice or needs Email Autoresponders most definately play an important role in your success as an internet marketer.
If you're in need of a Host with unlimited autoresponders or tired of bad service from your present one I highly recommend the following. It's only a dollar for a 2 week trial and provides Free leads & a business opportunity too!
It can be simple to set up and use an autoresponder, unless of course, like me, you set up a message when you're over tired, late at night, and forget to tell the autoresponder what message to start at and what message to stop at while running a "test". I actually did this and sent 491 blank email messages to our personal email account! Needless to say, I clogged up our account and had to delete each message individually. Very time consuming and frustrating to say the least but it never happened a second time. And, it has given us something to laugh about from time to time.
There are many advantages to having e-mail autoresponders such as:
* Give your visitors an easy way to receive a "printer friendly" version of your sites main sales messages.
* Send a several part e-mail course (the free email course can be a powerful incentive for your visitors to leave their email addresses which also builds your subscriber list.
* Send repeated messages to your visitors with reminders of what you sell and what its benefits are.
* Collects addresses for your e-mail ezine which will give you periodic access to your site's visitors. You can sell advertising in your ezine or just use it to promote your products and services.
There are two main types of autoresponders. They each have their pros and cons.
Autoresponder services:
Autoresponder services are web based services that allow you to send a series of emails to a visitor who has either requested the email through a web-based form on you site (the service provides the html code for your site to use) or who has sent an email to a specific address the service has provided you to use. The primary advantage of such services is that they are very easy to set up, and are very reliable. In addition, they are host independent. This means that your web host doesn't have to allow you to run any particular services on your site to have access to all that an e-mail autoresponder can provide.
Autoresponder programs (or scripts):
The other choice for an autoresponder is to purchase (or lease) a program or a script (usually written in perl, requiring CGI access on your server.) Several of these are available. They offer the potential for lower cost, especially if you have multiple web sites to support. (But be careful to check the license agreement. Some license agreements require an additional fee if you are going to use the program or script on more than one site at the same time. These types of autoresponders also allow, potentially at least, for increased flexibility. Some are quite powerful in their own right, while perl scripts can generally be modified to suit your needs for a fee.
Whatever your choice or needs Email Autoresponders most definately play an important role in your success as an internet marketer.
If you're in need of a Host with unlimited autoresponders or tired of bad service from your present one I highly recommend the following. It's only a dollar for a 2 week trial and provides Free leads & a business opportunity too!
Monday, April 17, 2006
Selling Bookmarks for Profit
Everyone has passions and interests that they can cash in on, even if they don't have the time to write an ebook. Where is this gold mine hiding? In your bookmarks, in your favorites file. Whetever you call it, there is money hiding there, just waiting for you to cash in on it.
No matter how strange and unusual your interests are, there are others out there that share the same passions that you have and if you can get them to the information quicker they will pay you, not much, maybe $5 but find 1000 of these people and you have created a small fortune.
What you are betting on is they don't have the time or knowledge to do the massive amount of searching that you are willing to do. But they will pay you to find this free info for them.
I was skeptical when I started to try it. Why would someone buy a list of links? Because the search engines are becoming unruly. When is the last time that you typed a few search words in and actually found everything you were looking for on the first search page? When some search engines became pay-per-click, that was another sign that something better was needed. A site should be rated on content, not on how much money and advertiser pays or if you put all of the correct metatags in.
My first experiment was selling a list of links to wholesale performance automotive sites and articles that I found on the web. I timed it right, too. Right after "The Fast and the Furious" came out. Total profit $1000 in four weeks on eBay. Then I worried about feedback. Would my customers think I ripped them off. Guess what. I consistently get a higher percentage of customers that give good feedback quickly on my various link lists. This list was an example of using trends for profits. The trend is hot. There are millions of newbies. They want the info fast. Upside: quick money. Downside: short term.
My second one was to do the same thing, but for my favorite vintage motorcycle. One model, that was all. Not for all makes and models. I have consisently made about $40 a week on eBay for about 8 months now off of just this list. It always sells. This is an example of finding a niche. Upside: longterm, few or no competitors. Downside: no huge deposits.
So how do you start. First you need a desktop search program like Copernic, Webferret, or Arrow Search. There are probably others out there now, but these are my main three. I recommend Copernic because you can save your searches and customize everthing in the program. If you do, go for multiple "exact phrase" searches until you find everything you need.
You will also need to break your favorites into seperate file folders so you can organize them. Or get a bookmark program like AcqUrl. Do your searches and click the links. If a site looks promising, bookmark it to look at it later. Don't look to far into it at this point or you will get sidetracked into surfing. You can always surf later. How do you know when you have found enough? When you are near the end of your search and great sites are getting few and far between. But remember the more links you find, the more your customers will love you and the sites will the greatest contents do not always have the greatest search engine ranking.
When you are done looking, you can export you bookmarks from Internet Explorer or your bookmark manager. In Explorer, go to File and then Import/Export. It will create a html page with all of your bookmarks as links, but you are not done yet. Open the page in your html editor and as you browse through the sites, add a desciption and rating to each site and remove those sites which don't meet up to your standards. The page doesn't really have to look pretty, just informative and functional.
Now you can either sell your page as is or compile it into an ebook. The benefits of the first is that you can send the list in an email or as an attachment. The benfits of the second is that your cuctomers can't resell your ebook. Yes, there is such a thing as compilation copyright. Write a short intro to your list and it is your property, but with just the page, your customers can strip the links and sell them as their own. Either way you choose to go, you can use the process outlined in "Automated Ebay Sales" to create quick profits. The book is available for free at the website. www.profit-ware.com
No matter how strange and unusual your interests are, there are others out there that share the same passions that you have and if you can get them to the information quicker they will pay you, not much, maybe $5 but find 1000 of these people and you have created a small fortune.
What you are betting on is they don't have the time or knowledge to do the massive amount of searching that you are willing to do. But they will pay you to find this free info for them.
I was skeptical when I started to try it. Why would someone buy a list of links? Because the search engines are becoming unruly. When is the last time that you typed a few search words in and actually found everything you were looking for on the first search page? When some search engines became pay-per-click, that was another sign that something better was needed. A site should be rated on content, not on how much money and advertiser pays or if you put all of the correct metatags in.
My first experiment was selling a list of links to wholesale performance automotive sites and articles that I found on the web. I timed it right, too. Right after "The Fast and the Furious" came out. Total profit $1000 in four weeks on eBay. Then I worried about feedback. Would my customers think I ripped them off. Guess what. I consistently get a higher percentage of customers that give good feedback quickly on my various link lists. This list was an example of using trends for profits. The trend is hot. There are millions of newbies. They want the info fast. Upside: quick money. Downside: short term.
My second one was to do the same thing, but for my favorite vintage motorcycle. One model, that was all. Not for all makes and models. I have consisently made about $40 a week on eBay for about 8 months now off of just this list. It always sells. This is an example of finding a niche. Upside: longterm, few or no competitors. Downside: no huge deposits.
So how do you start. First you need a desktop search program like Copernic, Webferret, or Arrow Search. There are probably others out there now, but these are my main three. I recommend Copernic because you can save your searches and customize everthing in the program. If you do, go for multiple "exact phrase" searches until you find everything you need.
You will also need to break your favorites into seperate file folders so you can organize them. Or get a bookmark program like AcqUrl. Do your searches and click the links. If a site looks promising, bookmark it to look at it later. Don't look to far into it at this point or you will get sidetracked into surfing. You can always surf later. How do you know when you have found enough? When you are near the end of your search and great sites are getting few and far between. But remember the more links you find, the more your customers will love you and the sites will the greatest contents do not always have the greatest search engine ranking.
When you are done looking, you can export you bookmarks from Internet Explorer or your bookmark manager. In Explorer, go to File and then Import/Export. It will create a html page with all of your bookmarks as links, but you are not done yet. Open the page in your html editor and as you browse through the sites, add a desciption and rating to each site and remove those sites which don't meet up to your standards. The page doesn't really have to look pretty, just informative and functional.
Now you can either sell your page as is or compile it into an ebook. The benefits of the first is that you can send the list in an email or as an attachment. The benfits of the second is that your cuctomers can't resell your ebook. Yes, there is such a thing as compilation copyright. Write a short intro to your list and it is your property, but with just the page, your customers can strip the links and sell them as their own. Either way you choose to go, you can use the process outlined in "Automated Ebay Sales" to create quick profits. The book is available for free at the website. www.profit-ware.com
Saturday, April 15, 2006
Home Office Tip Part 2...Computer Health Hazards.
Home office stress related injuries are escalating. Along with carpal tunnel syndrome, eye strains, neck strains, back related problems. Let's face it, if you are behind the keys more than a few hours a week you will suffer one or more of the above problems.
* Neck Strains.
Have you noticed that your neck is stiff after a long day at the computer? Well, the trouble might be your monitor height. Your monitor should be eye level so you will not have to constantly lower, raise, and crook your neck to view the screen.
Exercise Tip:
Try rotating your your shoulders back several times and then forward for several more times to reduce stress. Then slowly turn your head side to side several times.
* Carpal Tunnel Syndrome
Also called repetitive motion injury is on the increase. Why? Because of the new technology, computers are faster than ever. This leads to more keystrokes which equals more injuries. That numbness in your wrist or hands might be a warning that you are suffering from this injury. Try purchasing one of the gel pads you can rest your hands on while at the keyboard. This will help tremendously.
Purchase ergonomically made wrist rest and mouse pads available at most office supply stores to help ease tension and chance of injury.
Correct posture will help too. Keep your feet flat on the floor, your knee's parallel to the floor, your back straight, your upper arms dropping straight down, with elbows to the side and at the same height as your keyboard.
Exercise Tip:
Try exercising at the computer. Rotate your wrist in circles for several minutes. Give them a brisk massage afterwards.
* Back Problems.
Make sure your desk chair is adjusted properly. It should fit the contours of your back and you should be able to move about easily. Many back problems are caused by badly structured chairs.
Exercise Tip:
Stand and stretch gently palms overhead to the sky. Hold for a few seconds and then relax. This will loosen up tense back muscles.
* Blurred Vision:
Make sure your light sources are not reflected off your monitor's screen. Glare and refection off the monitor can cause eye problems leading to blurred vision.
Exercise Tip:
Roll your eyes up and then look down. Blink and then close your eyes. Do this several times to relieve strain. Remember to look away from your monitor frequently and to take more breaks to rest your eyes
* Neck Strains.
Have you noticed that your neck is stiff after a long day at the computer? Well, the trouble might be your monitor height. Your monitor should be eye level so you will not have to constantly lower, raise, and crook your neck to view the screen.
Exercise Tip:
Try rotating your your shoulders back several times and then forward for several more times to reduce stress. Then slowly turn your head side to side several times.
* Carpal Tunnel Syndrome
Also called repetitive motion injury is on the increase. Why? Because of the new technology, computers are faster than ever. This leads to more keystrokes which equals more injuries. That numbness in your wrist or hands might be a warning that you are suffering from this injury. Try purchasing one of the gel pads you can rest your hands on while at the keyboard. This will help tremendously.
Purchase ergonomically made wrist rest and mouse pads available at most office supply stores to help ease tension and chance of injury.
Correct posture will help too. Keep your feet flat on the floor, your knee's parallel to the floor, your back straight, your upper arms dropping straight down, with elbows to the side and at the same height as your keyboard.
Exercise Tip:
Try exercising at the computer. Rotate your wrist in circles for several minutes. Give them a brisk massage afterwards.
* Back Problems.
Make sure your desk chair is adjusted properly. It should fit the contours of your back and you should be able to move about easily. Many back problems are caused by badly structured chairs.
Exercise Tip:
Stand and stretch gently palms overhead to the sky. Hold for a few seconds and then relax. This will loosen up tense back muscles.
* Blurred Vision:
Make sure your light sources are not reflected off your monitor's screen. Glare and refection off the monitor can cause eye problems leading to blurred vision.
Exercise Tip:
Roll your eyes up and then look down. Blink and then close your eyes. Do this several times to relieve strain. Remember to look away from your monitor frequently and to take more breaks to rest your eyes
Monday, April 10, 2006
Alternative E-Commerce Solutions
Over the past several years, the Internet has emerged as a breakthrough technology that has and will continue to transform the way we live and communicate, and especially the way we do business.
No matter if you are selling a product or a service, the Internet is a means of reaching markets that had otherwise been unreachable in the past. And, it also provides ease of purchasing and selling almost anything online…also known as E-Commerce.
But, for many businesses, especially start up and small to mid size businesses, having a website that includes the usual E-commerce capabilities is just not in their budgets. Setting up merchant accounts and secure servers can get quite costly.
So, if you are really wanting or needing to have e-commerce capabilities on your website to sell your products, but your budget just won’t allow it, there are a variety of alternatives to the expensive online route that you can consider.
Your first choice allows you to accept credit card payments but without a secure server. Some financial institutions, which offer credit cards, also offer Traditional Merchant Accounts. This allows you to manually verify credit card information from those that want to purchase from you. But, you should be aware, if you ask for credit card information from your website without the guarantee of a secure server, you may run into hesitation from potential customers.
Another alternative to the expensive merchant account is to accept cheque payments online. For this you will need to acquire software or a program that will allow you to print MicroPrint (the small numbers and characters at the bottom of a cheque… ie. routing #, account #, etc.). There are several cheque writing programs available, including those found at Checker.net and Checkman.com.
The procedures involved to use this payment method are to first set up a form on your website. You then send an invoice to your customer with direction to the cheque-form page, which they must fill out and submit, via your cgi program. You then verify the funds and information and then the software prints the cheque on special cheque paper, which you can purchase at most business supply stores.
You can also have the above type service online, via such sites as Paybycheck.com.
Another alternative, which is rapidly becoming the choice of many online product and service providers, is Online Payment Systems. There are several of these systems available but I have only found one that has features available to Canadians. Called PayPal.com, this service allows you to set up an account with them and they verify the credit information of those buying from you. Now, many features that this system has to offer are still limited for Canadian retailers but you are still able to set up an account, bill your clients, and receive payments into your Canadian bank account or credit card account with only minor service charges being applied.
Taking advantage of the expansive market of the World Wide Web does not mean that you have to go bankrupt. You can still get on the E-Commerce bandwagon and accept payments with the above listed services and other alternative payment systems that may be available. Actually, most of these services are all that the average small business, especially those in the service industry, really need. And they don’t cost a fortune
No matter if you are selling a product or a service, the Internet is a means of reaching markets that had otherwise been unreachable in the past. And, it also provides ease of purchasing and selling almost anything online…also known as E-Commerce.
But, for many businesses, especially start up and small to mid size businesses, having a website that includes the usual E-commerce capabilities is just not in their budgets. Setting up merchant accounts and secure servers can get quite costly.
So, if you are really wanting or needing to have e-commerce capabilities on your website to sell your products, but your budget just won’t allow it, there are a variety of alternatives to the expensive online route that you can consider.
Your first choice allows you to accept credit card payments but without a secure server. Some financial institutions, which offer credit cards, also offer Traditional Merchant Accounts. This allows you to manually verify credit card information from those that want to purchase from you. But, you should be aware, if you ask for credit card information from your website without the guarantee of a secure server, you may run into hesitation from potential customers.
Another alternative to the expensive merchant account is to accept cheque payments online. For this you will need to acquire software or a program that will allow you to print MicroPrint (the small numbers and characters at the bottom of a cheque… ie. routing #, account #, etc.). There are several cheque writing programs available, including those found at Checker.net and Checkman.com.
The procedures involved to use this payment method are to first set up a form on your website. You then send an invoice to your customer with direction to the cheque-form page, which they must fill out and submit, via your cgi program. You then verify the funds and information and then the software prints the cheque on special cheque paper, which you can purchase at most business supply stores.
You can also have the above type service online, via such sites as Paybycheck.com.
Another alternative, which is rapidly becoming the choice of many online product and service providers, is Online Payment Systems. There are several of these systems available but I have only found one that has features available to Canadians. Called PayPal.com, this service allows you to set up an account with them and they verify the credit information of those buying from you. Now, many features that this system has to offer are still limited for Canadian retailers but you are still able to set up an account, bill your clients, and receive payments into your Canadian bank account or credit card account with only minor service charges being applied.
Taking advantage of the expansive market of the World Wide Web does not mean that you have to go bankrupt. You can still get on the E-Commerce bandwagon and accept payments with the above listed services and other alternative payment systems that may be available. Actually, most of these services are all that the average small business, especially those in the service industry, really need. And they don’t cost a fortune
Friday, April 7, 2006
Freezing - Time To Warm Up Your PC
Freezing is also known as crashing or hanging. It's frustrating. The computer locks up and the mouse and keyboard do not respond. You may lose data and you certainly lose time and patience. Typically, you need to press Ctrl+Alt+Del to see the programs that are running and to try to close the program that is not responding, or you need to force a restart. So why does your computer freeze up?
Common causes of freezing:
* Low memory
* Low disk space
* Fragmented disk
* Too many programs open simultaneously
* Low CPU speed
* Corrupt files
* Software bugs
* Overheating - random lockups that start several minutes after you start up the PC are often the result of the processor cooling fan not working properly
* Some non-standard applications are suspect with freezing problems
* Memory chip problems
* Virus infection
Steps you can take to minimize freezing:
There are many things that you can do to help your computer do what you want without testing your patience...
* Do a disk cleanup (cache, temp files, old or unused files, recycle bin) .. click here for instructions.
* Do not run any more applications at one time than you need to.
* If the freezing happens consistently with one application, uninstall and reinstall it - files associated with the application may have become corrupted. Always use Control Panel/ Add Remove programs, or the uninstall program belonging to the program to uninstall a program.
* If the freezing has been occurring since you installed a new program, uninstall it.
* Uninstall any programs that you may have downloaded and installed in the past, but no longer use.
* Get the latest Windows update at http://windowsupdate.microsoft.com
* Get any available patches for your software - go to the manufacturer's websites to check for patches or updates to your programs.
* Free up resources - click on Run and type "msconfig" in the dialog box. Next, click on the "Startup" tab. All the programs listed here with check marks are running in the system memory. To free resources Windows 98 users may uncheck everything except "System Tray" . Windows ME users can uncheck everything except ScanRegistry, PCHealth, *StateMgr and System Tray. Leave your anti-virus software in the startup as well. You must restart the computer for these changes to take effect.
* Run ScanDisk (or Check Disk in Windows XP)
* Defragment your disk. Click here for instructions.
* If you have an older computer and are trying to run multiple applications, you may need to upgrade your computer... check the system specifications recommended for the applications you are running to see if your system is capable of doing what you are asking.
* Obtain the latest drivers for your hardware - go to the web sites of the hardware manufacturers and get the latest drivers for your video card, sound card etc
* Redetect your devices - remove the components from the Control Panel, System, Device Management screen. Reboot the system and let Windows redetect and add only those devices which are actually on your system.
* Make sure that you have anti-virus software installed. Set it to automatically update virus definitions, to scan all incoming files, and to do a full system check at regular intervals.
Disk Cleanup :
For Windows 98 & 2000
You have probably been downloading programs, creating and deleting files, and installing new software without thinking about the effect this has on your disk space. It's probably time to have a clean-up. Windows 98 and 2000 have a feature that cleans up your disks for you. It removes temporary files, the recycle bin and other files - giving you the option to delete or not to delete. It is simple to run.
Do this clean-up as follows:
Start: Programs: Accessories: System Tools: Disk Clean Up
When it opens up, select the C: Drive and start it. It will pop up and show you about four types of files, each with a check box. Check the boxes for files you would like deleted and proceed. It should run through pretty quickly and then you will have more space on your computer.
For Win 95
Windows Temporary Files
Firstly, get rid of your Windows Temporary files.
Go to Start> Find> Files & Folders. Then search for "*.tmp" (minus the quotes). The * allows you to look for any file that has a temporary file type. If you have done it right, only files that have a .tmp after them should appear in the search results. Now just click on the first one, hold shift, use the scroll bar to go all the way to the bottom, then click on the last one, and press delete.
Secondly, get rid of your Temporary Internet files
Go to the Temporary Internet Files folder in the Windows directory. It should be next to the Temp folder. There shouldn't be anything in here that can't be deleted, so you can go ahead and delete the files in this folder.
Thirdly, empty your recycle bin. Right click on the Recycle Bin icon, select Empty Recycle Bin. Many people have hundreds of files they "deleted" but they are still taking up space in the Recycle Bin.
Run the Disk Defragmenter
Editing and deleting files as you work leaves gaps on data storage media. Instead of each file being stored in one continuous block, it ends up in several locations, resulting in inefficient retrieval of your data. As you add more data to your hard drive, the gaps left by previous deletions are filled. Your file becomes split, or fragmented. This will slow down your system – when you try to retrieve a file, the process is slower than if it was stored in one block. To make your disk storage more efficient, a process called "defragmenting" is used.
Windows has a built in defragmenter, which is located at:
Start > Programs > Accessories > System Tools > Disk Defragmenter
It is a good idea to run this program once a month. When you run the defragmenter, close all programs including your screensaver. If programs are running it can cause data on your hard drive to be changed which makes the defragmenter start from the beginning... and never finish!
The more frequently you use defrag, the faster it will become.
Common causes of freezing:
* Low memory
* Low disk space
* Fragmented disk
* Too many programs open simultaneously
* Low CPU speed
* Corrupt files
* Software bugs
* Overheating - random lockups that start several minutes after you start up the PC are often the result of the processor cooling fan not working properly
* Some non-standard applications are suspect with freezing problems
* Memory chip problems
* Virus infection
Steps you can take to minimize freezing:
There are many things that you can do to help your computer do what you want without testing your patience...
* Do a disk cleanup (cache, temp files, old or unused files, recycle bin) .. click here for instructions.
* Do not run any more applications at one time than you need to.
* If the freezing happens consistently with one application, uninstall and reinstall it - files associated with the application may have become corrupted. Always use Control Panel/ Add Remove programs, or the uninstall program belonging to the program to uninstall a program.
* If the freezing has been occurring since you installed a new program, uninstall it.
* Uninstall any programs that you may have downloaded and installed in the past, but no longer use.
* Get the latest Windows update at http://windowsupdate.microsoft.com
* Get any available patches for your software - go to the manufacturer's websites to check for patches or updates to your programs.
* Free up resources - click on Run and type "msconfig" in the dialog box. Next, click on the "Startup" tab. All the programs listed here with check marks are running in the system memory. To free resources Windows 98 users may uncheck everything except "System Tray" . Windows ME users can uncheck everything except ScanRegistry, PCHealth, *StateMgr and System Tray. Leave your anti-virus software in the startup as well. You must restart the computer for these changes to take effect.
* Run ScanDisk (or Check Disk in Windows XP)
* Defragment your disk. Click here for instructions.
* If you have an older computer and are trying to run multiple applications, you may need to upgrade your computer... check the system specifications recommended for the applications you are running to see if your system is capable of doing what you are asking.
* Obtain the latest drivers for your hardware - go to the web sites of the hardware manufacturers and get the latest drivers for your video card, sound card etc
* Redetect your devices - remove the components from the Control Panel, System, Device Management screen. Reboot the system and let Windows redetect and add only those devices which are actually on your system.
* Make sure that you have anti-virus software installed. Set it to automatically update virus definitions, to scan all incoming files, and to do a full system check at regular intervals.
Disk Cleanup :
For Windows 98 & 2000
You have probably been downloading programs, creating and deleting files, and installing new software without thinking about the effect this has on your disk space. It's probably time to have a clean-up. Windows 98 and 2000 have a feature that cleans up your disks for you. It removes temporary files, the recycle bin and other files - giving you the option to delete or not to delete. It is simple to run.
Do this clean-up as follows:
Start: Programs: Accessories: System Tools: Disk Clean Up
When it opens up, select the C: Drive and start it. It will pop up and show you about four types of files, each with a check box. Check the boxes for files you would like deleted and proceed. It should run through pretty quickly and then you will have more space on your computer.
For Win 95
Windows Temporary Files
Firstly, get rid of your Windows Temporary files.
Go to Start> Find> Files & Folders. Then search for "*.tmp" (minus the quotes). The * allows you to look for any file that has a temporary file type. If you have done it right, only files that have a .tmp after them should appear in the search results. Now just click on the first one, hold shift, use the scroll bar to go all the way to the bottom, then click on the last one, and press delete.
Secondly, get rid of your Temporary Internet files
Go to the Temporary Internet Files folder in the Windows directory. It should be next to the Temp folder. There shouldn't be anything in here that can't be deleted, so you can go ahead and delete the files in this folder.
Thirdly, empty your recycle bin. Right click on the Recycle Bin icon, select Empty Recycle Bin. Many people have hundreds of files they "deleted" but they are still taking up space in the Recycle Bin.
Run the Disk Defragmenter
Editing and deleting files as you work leaves gaps on data storage media. Instead of each file being stored in one continuous block, it ends up in several locations, resulting in inefficient retrieval of your data. As you add more data to your hard drive, the gaps left by previous deletions are filled. Your file becomes split, or fragmented. This will slow down your system – when you try to retrieve a file, the process is slower than if it was stored in one block. To make your disk storage more efficient, a process called "defragmenting" is used.
Windows has a built in defragmenter, which is located at:
Start > Programs > Accessories > System Tools > Disk Defragmenter
It is a good idea to run this program once a month. When you run the defragmenter, close all programs including your screensaver. If programs are running it can cause data on your hard drive to be changed which makes the defragmenter start from the beginning... and never finish!
The more frequently you use defrag, the faster it will become.
Monday, April 3, 2006
Ezines, Ezines Everywhere!
There are literally thousands of ezines being published online these days. Sometimes it is hard to know which ones are best for advertising in, reading, subscribing to and so on.
How do we know which ones are good and which ones aren't? Which ones should we advertise in and what type of advertising is best? How do we know we can trust the publisher?
Answering these questions is not always easy, but there are signs we can look for in an ezine.
1. Quality Content - Quality ezines will contain lots of useful and helpful content. Links, articles, free downloads, marketing and promotion information, helpful tools, etc. are some examples of good content.
2. Publisher Interaction - One thing you want to be aware of is how the publisher interacts with his/her readers. Do they have a section where they "talk" to the readers? Are you able to get to know the publisher as well as them showing an interest in getting to know you? An ezine can be a labor of love, but if the publisher does not even take the time to bond with the readers, it might mean that the publisher just wants to make a fast buck!
3. Limited Ads - Look out for ezines that are just a long list of ads. This cheapens the ezine and the quality of advertising. If you are looking for an ezine to advertise in, stick with ezines that contain only about 5 (give or take one or two) ads per issue.
You also want to advertise with a publisher that offers solo ads. Statistically, solo ads are the type of ad that get the most response. Your second choice would be the top sponsor position, which is right at the top of the ezine.
4. Contact Info - I have already seen ezines where I could not even find the publisher's name, let alone an email address! If someone does not even want you to know their name or email, I hardly think they are going to be there when you need them or take the time to write a quality ezine.
5. Sales Letter - Some publishers will mistakenly use their ezine as just a means of selling their products. They fail to realize that they must build a trusting relationship with their readers rather than just using them to make a quick sale or two. An ezine should be used as a path between publisher and readers, a way to build a relationship of trust and respect.
6. Consistency - Watch for ezines that say published every week and then maybe you get one once or twice a month. If the publisher cannot even deliver an ezine when promised, how can he/she be believed about anything else. Of course, there will be times when we as publishers, for one reason or another cannot get an issue out. A good publisher will either let you know ahead of time or send an explanation as soon as possible. The one you have to watch out for is the one that will send an ezine whenever they feel like it with no consideration for the subscribers.
These are a few of the things to watch for when trying to decide which ezines to advertise in or to give your loyalty as a subscriber.
As you read and look over more ezines, you will see which ones suit your style or your taste, but always keep an eye out for the main points of a good ezine!
I like an ezine with a warm and friendly personality. This, of course would come from the publisher. If the publisher gives the ezine some personality, it makes for much better reading, advertising and enjoyment!
I would just like to recommend a few of my favorite ezines/publishers.
1. SimpleBiz Ezine - Publisher: Livvie Matthews Livvie is a wonderfully warm and funny lady who takes her business seriously and does a great job. She definitely has the personality for a great ezine! http://www.simplebizpublications.com
2. RIM Digest - Publisher: Jan Tallent-Dandridge I have known Jan for years and although she is very friendly and easy-going, she is a no-nonsense professional. She puts her "RIMMERS" above all else. http://www.rimdigest.com
3. Ideas By Post - Publisher: Alannah Moore I may not have known Alannah as long as some other publishers, but I know her ezine is loaded with tons of great information and resources. Alannah does a great job of putting together a professional ezine. It would be worth your while to take a look. http://www.ideasbypost.com
4. HomeBizJunction Herald - Publisher: Cathy Bryant Cathy has years of experience with ezine publishing and gives her readers what they are looking for, a clean & sharp ezine full of quality content! She is 100% a professional, but makes a great friend as well. http://www.homebizjunction.com
All of these ezines and publishers are an asset to the Internet marketing world and I strongly recommend them. Of course, I am partial to MOE, but the above ezines are excellent also! ;-)
How do we know which ones are good and which ones aren't? Which ones should we advertise in and what type of advertising is best? How do we know we can trust the publisher?
Answering these questions is not always easy, but there are signs we can look for in an ezine.
1. Quality Content - Quality ezines will contain lots of useful and helpful content. Links, articles, free downloads, marketing and promotion information, helpful tools, etc. are some examples of good content.
2. Publisher Interaction - One thing you want to be aware of is how the publisher interacts with his/her readers. Do they have a section where they "talk" to the readers? Are you able to get to know the publisher as well as them showing an interest in getting to know you? An ezine can be a labor of love, but if the publisher does not even take the time to bond with the readers, it might mean that the publisher just wants to make a fast buck!
3. Limited Ads - Look out for ezines that are just a long list of ads. This cheapens the ezine and the quality of advertising. If you are looking for an ezine to advertise in, stick with ezines that contain only about 5 (give or take one or two) ads per issue.
You also want to advertise with a publisher that offers solo ads. Statistically, solo ads are the type of ad that get the most response. Your second choice would be the top sponsor position, which is right at the top of the ezine.
4. Contact Info - I have already seen ezines where I could not even find the publisher's name, let alone an email address! If someone does not even want you to know their name or email, I hardly think they are going to be there when you need them or take the time to write a quality ezine.
5. Sales Letter - Some publishers will mistakenly use their ezine as just a means of selling their products. They fail to realize that they must build a trusting relationship with their readers rather than just using them to make a quick sale or two. An ezine should be used as a path between publisher and readers, a way to build a relationship of trust and respect.
6. Consistency - Watch for ezines that say published every week and then maybe you get one once or twice a month. If the publisher cannot even deliver an ezine when promised, how can he/she be believed about anything else. Of course, there will be times when we as publishers, for one reason or another cannot get an issue out. A good publisher will either let you know ahead of time or send an explanation as soon as possible. The one you have to watch out for is the one that will send an ezine whenever they feel like it with no consideration for the subscribers.
These are a few of the things to watch for when trying to decide which ezines to advertise in or to give your loyalty as a subscriber.
As you read and look over more ezines, you will see which ones suit your style or your taste, but always keep an eye out for the main points of a good ezine!
I like an ezine with a warm and friendly personality. This, of course would come from the publisher. If the publisher gives the ezine some personality, it makes for much better reading, advertising and enjoyment!
I would just like to recommend a few of my favorite ezines/publishers.
1. SimpleBiz Ezine - Publisher: Livvie Matthews Livvie is a wonderfully warm and funny lady who takes her business seriously and does a great job. She definitely has the personality for a great ezine! http://www.simplebizpublications.com
2. RIM Digest - Publisher: Jan Tallent-Dandridge I have known Jan for years and although she is very friendly and easy-going, she is a no-nonsense professional. She puts her "RIMMERS" above all else. http://www.rimdigest.com
3. Ideas By Post - Publisher: Alannah Moore I may not have known Alannah as long as some other publishers, but I know her ezine is loaded with tons of great information and resources. Alannah does a great job of putting together a professional ezine. It would be worth your while to take a look. http://www.ideasbypost.com
4. HomeBizJunction Herald - Publisher: Cathy Bryant Cathy has years of experience with ezine publishing and gives her readers what they are looking for, a clean & sharp ezine full of quality content! She is 100% a professional, but makes a great friend as well. http://www.homebizjunction.com
All of these ezines and publishers are an asset to the Internet marketing world and I strongly recommend them. Of course, I am partial to MOE, but the above ezines are excellent also! ;-)
Saturday, April 1, 2006
Is Your On-Line Business Customer Friendly?
Customer service is increasingly seen as one of the most valuable uses for a commercial World Wide Web site. Your Web site is available on a 24 hour, seven days a week basis. So it is well worth exploring ways in which your customers can virtually “serve themselves," without the need for overtime staff, or lengthy voice mail procedures.
James Feldman is President of JFA, Inc., an online business offering high quality and unique gift items including automatic watch winders, Grundig shortwave pocket radios, and nitroglycerine pill fobs. The JFA Web site has been online since 1997, and has doubled its income every year - it’s now a multi-million dollar e-commerce enterprise.
Jim, who’s also a professional speaker and expert on customer service, highlighted for me how the online buying experience differs from the bricks-and-mortar model.
Buying online eliminates the physical presence and personality of the salesperson from the process. This makes the Web site copy critical in creating a one-to-one relationship with the customer or prospect.
Which echoes one of my favorite mantras:
Every page of your site should be written from the visitor’s point of view, not yours.
A visitor should be able to look at your offerings, and immediately answer the questions:
* “Why me?” – that is, is your Web site the right place for me?
* “Why should I care?” – does this copy convince me that you can meet my needs?
It’s much easier and immediate to jump from Web site to Web site than to move between real-world stores. So the visitor has far more freedom of choice online. Jim says that the challenge for customer service is therefore very clearly to focus on one customer, one purchase at a time. E-customers expect great service, with little or no direct interaction. They will tolerate some mistakes, but not many.
Jim offers five rules for effective online customer service:
1. Be accessible. Show very clearly on your site all the ways that your customer can contact you – including e-mail, phone and fax numbers, and your office hours.
And, if it’s practical for your business, be personal – give your visitors a real person to call who has a name, as opposed to sales@mycompany.com
Of course, if you’re really upscale, you can include a “Call-me” button on your site.
2. Return every e-mail or phone call in the same day, as far as reasonably possible. This may sound simplistic, but a recent experiment with the top Fortune 100 companies showed that nearly a third failed to respond to e-mail sent through their Web site within one month! Some of these companies still don’t provide a usable e-mail address on their sites at all.
3. Acknowledge all orders. Send e-mail confirmations (this can be done very effectively with autoresponders), and if you’re shipping actual products, give tracking numbers and expected delivery dates.
4. Provide a clear return policy, honor it and learn from it. This may give you more information about what’s working and what’s not. Jim’s products are sometimes returned with no explanation, so his staff always call the customer to establish and resolve the problem.
5. Expect more phone calls. Jim says: “Customers can’t read or write!” If your Web site traffic and response rates grow (which is, of course, what we want), so will the volume of phone calls, whatever your business or industry.
Regardless of the site quality, clear returns and privacy policies, secure servers, etc., people still require human interaction. All of my clients report talking to customers on the phone, and walking them through the Web site, where their questions are clearly answered. Maybe these psychological barriers will lessen over the next few years, but right now, they are very much there.
If you can get the customer service aspects of your business working well, there’ll be a definite bottom line impact. Jim is quite clear that his business has grown substantially through repeat business and referrals from satisfied customers.
And in contrast, we can see the impact of poor customer service and fulfillment procedures in many of the dot.coms that are currently failing. Jim says that people buy things online in the expectation of getting something more valuable than the actual money they spend.
James Feldman is President of JFA, Inc., an online business offering high quality and unique gift items including automatic watch winders, Grundig shortwave pocket radios, and nitroglycerine pill fobs. The JFA Web site has been online since 1997, and has doubled its income every year - it’s now a multi-million dollar e-commerce enterprise.
Jim, who’s also a professional speaker and expert on customer service, highlighted for me how the online buying experience differs from the bricks-and-mortar model.
Buying online eliminates the physical presence and personality of the salesperson from the process. This makes the Web site copy critical in creating a one-to-one relationship with the customer or prospect.
Which echoes one of my favorite mantras:
Every page of your site should be written from the visitor’s point of view, not yours.
A visitor should be able to look at your offerings, and immediately answer the questions:
* “Why me?” – that is, is your Web site the right place for me?
* “Why should I care?” – does this copy convince me that you can meet my needs?
It’s much easier and immediate to jump from Web site to Web site than to move between real-world stores. So the visitor has far more freedom of choice online. Jim says that the challenge for customer service is therefore very clearly to focus on one customer, one purchase at a time. E-customers expect great service, with little or no direct interaction. They will tolerate some mistakes, but not many.
Jim offers five rules for effective online customer service:
1. Be accessible. Show very clearly on your site all the ways that your customer can contact you – including e-mail, phone and fax numbers, and your office hours.
And, if it’s practical for your business, be personal – give your visitors a real person to call who has a name, as opposed to sales@mycompany.com
Of course, if you’re really upscale, you can include a “Call-me” button on your site.
2. Return every e-mail or phone call in the same day, as far as reasonably possible. This may sound simplistic, but a recent experiment with the top Fortune 100 companies showed that nearly a third failed to respond to e-mail sent through their Web site within one month! Some of these companies still don’t provide a usable e-mail address on their sites at all.
3. Acknowledge all orders. Send e-mail confirmations (this can be done very effectively with autoresponders), and if you’re shipping actual products, give tracking numbers and expected delivery dates.
4. Provide a clear return policy, honor it and learn from it. This may give you more information about what’s working and what’s not. Jim’s products are sometimes returned with no explanation, so his staff always call the customer to establish and resolve the problem.
5. Expect more phone calls. Jim says: “Customers can’t read or write!” If your Web site traffic and response rates grow (which is, of course, what we want), so will the volume of phone calls, whatever your business or industry.
Regardless of the site quality, clear returns and privacy policies, secure servers, etc., people still require human interaction. All of my clients report talking to customers on the phone, and walking them through the Web site, where their questions are clearly answered. Maybe these psychological barriers will lessen over the next few years, but right now, they are very much there.
If you can get the customer service aspects of your business working well, there’ll be a definite bottom line impact. Jim is quite clear that his business has grown substantially through repeat business and referrals from satisfied customers.
And in contrast, we can see the impact of poor customer service and fulfillment procedures in many of the dot.coms that are currently failing. Jim says that people buy things online in the expectation of getting something more valuable than the actual money they spend.
Subscribe to:
Posts (Atom)
