Jul

24

Fear. Uncertainty. Doubt. Hyped DNS Exploit reporting helping or hurting?

Filed Under Uncategorized | Leave a Comment

Welcome! You appear to be new here (or you've reset your cookies recently). If you're new here, you may want to browse around a bit and find out what the site is about. I encourage you to register for the RSS feed or to receive updates through email. Thanks for visiting!


That's interesting
Creative Commons License photo credit: kevindooley

Headline: Researchers unleash DNS attack code
Headline: Vulnerable to a DNS cache poisoning at home?
Headline: Attack Code Released for New DNS Attack

First off. This is a serious issue, make no doubt about it. But is the reporting hype surrounding this exploit appropriate? Here’s some quotes of that hype:

Yesterday’s exploit, explained Storms, lets an attacker poison a DNS server’s cache with a single malicious entry, but today’s attack code allows a hacker to poison large quantities of domains with one fell swoop. “This second exploit has the potential for a much larger impact,” said Storms, “and could result in potentially thousands of fake addresses inserted into a DNS server’s cache.

There is a risk on the horizon, according to experts that work
with and computer networks, and it is a sizable one.

A DNS Checklist would have sufficed.

  1. Become better informed about this issue. Here’s an overview of the exploit and what it means to you.
  2. Test your DNS service from your (Home & Work).
  3. If you fail the test, check with your Provider to ensure their DNS servers are going to be patched.
  4. Consider using OpenDNS if you aren’t convinced your is handling things correctly.
  5. Use a ‘phishing aware’ browser such as FireFox3.

That’s it. Peace-of-mind can return.

Or can it? What do you think? Have you tested your DNS? Post your thoughts or results in the comments below.

Jul

23

The things you see outside a Mens club

Filed Under Photography | 3 Comments


The things you see outside a Mens club (image: 2697799688_a623d83db0_m)I caught this shot as we were driving by Diamond’s in . Snapshot was heavily colour corrected as the shot was totally over-exposed.

Jul

22

Bag Open. Cat Out. Internet in danger! OpenDNS to the rescue?

Filed Under Blogging, Doing, How to, In the life, News, Web | Leave a Comment


PDP-11/45 lock
Creative Commons License photo credit: Jef Poskanzer

One little secret that your ( Provider) has likely been involved with is the -wide patching of the Multi-vendor DNS Issue.

Simply, this issue could allow malicious evil-doers to redirect your surfing to that they control, intercepting important and private information (such as passwords, banking info, etc).

Frequent Black Hat Speaker Dan Kaminsky today announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. Kaminsky also announced that he had been working for months with a large number of major vendors to create and coordinate today’s release of a patch to deal with the vulnerability.

of this industry-wide vulnerability and the collaboration (to fix the flaw) was originally scheduled to be announced at the Black Hat Security Conference in August, but due to the vulnerability being published elsewhere, the presenter thought it best to release the information so that people can take the appropriate actions.

What can you do?
Basically, this is a complex issue, but it boils down to a test and a very fix.

The test:
To find out if you are vulnerable to this issue, you can use the DNS checker link on Kaminsky’s webpage here (in the upper right corner).

The fix:
If you are vulnurable, then you can either A) wait until your fixes their DNS servers, or B) set your own computer’s DNS strings to point to OpenDNS servers.

I highly recommend option B.

The OpenDNS website has friendly, easy to implement instructions on converting your DNS settings and also offer a whole host of additional features your current may not have:

Features

I’ve written about OpenDNS before, so feel to check out these previous articles and then help save the .

And if you do test your using Dan’s page, please post your results in the comment section! I’ll start things off by adding mine.

Technorati Tags: , , , , , ,

Jul

18

Merging domains — important things to consider when you feel the urge to merge

Filed Under Blogging, Doing, How to, Web | 4 Comments


pet doctor | bicycle mad scientist
Creative Commons License photo credit: Kevin Steele

A friend recently asked me for a bit of advice regarding merging two corporate domains. Two organizations, with similar or complimentary lines of are now one. What to do about the left-over . A quandary.

Below I’ve outlined 6 areas to consider, but I’m getting ahead of myself.

I guess the only reasonable quick-answer is to first understand the goal for the merged . Once you understand that, you can begin to ask questions about the goals for the new website.

Let me create a fictional example to help illustrate the situation, then dive into the six points, and then I’ll outline a couple of things to think about for each of these points.

Obviously there are many more things to consider, but this is a blog post and not a downloadable eBook :)

Please leave your thoughts on what I’ve missed! I want to learn from you…now on to the example:

Ben’s Bikes (a local mountain bike retailer) has merged with Sammy’s ski and sports shop. Ben’s Bikes is a market leader in this region, with over 40% of the annual sales volume in new mountain bikes. They also have exclusive dealership agreements with a number of the premier mountain bike manufacturers in Europe. They have a very loyal and select clientele and are considered the ‘go-to’ shop for all regional mountain biking aficionados.

Sammy’s cycle shop is a general bicycle retailer. They don’t really specialize, but they do have a wide selection of mid-priced bikes in all categories (road, mountain, touring, cruising, kids, etc). They also have multiple locations in the local geographic region.

The businesses have merged and are operating as Ben & Sammy’s cycle therapy. They have a small internal team tasked to manage the website integration.

Now that we understand the landscape, we go back to the quandary of the website. Let’s get to some important questions:

broken bike
Creative Commons License photo credit: casey atchley


These are the visitors to your site; your potential or past customers. Questions you should be asking your team include:

  • Who are you servicing and what are their goals for using your website? This is basic and should be asked before any website is designed (or redesigned).
  • What’s the purpose? Is your website there to appointments, to take orders, or to provide a catalogue of information? Your new site will depend on how well you answer that questions, and how well your understands that purpose.
Nou web de Brompton
Creative Commons License photo credit: marcbel


This is what your is looking for. Audiences conduct research and order .

  • Inventory — both sites likely have similar , so which do you keep and which do you ditch? You can’t make decisions until you’ve evaluated all the assets.
  • What about unique to one …is it still relevant in the new landscape?
  • Keep only that supports the ’s ability to fulfill the goals of the site. Everything else is distraction.
Blog Juice Calculator
Creative Commons License photo credit: inju

Juice
Both sites have some engine pagerank value. This is the value of
the page to a particular set of keywords or term. It determines how high the page appears in the Search Engine Results Page (SERP) when a particular phrase or keywords are searched upon.

  • Determine if pagerank is really important to your needs, or not, and consider appropriate Search Engine Optimization (SEO) techniques in your merge process.
  • 301 Redirects — if you’re creating a new , you’ll need to set these up to ensure that the engines know that the previous businesses haven’t vanished, just merged. Setting them up can be a bit technical but is very important to ensure that visitors who’ve bookmarked the old pages are appropriately redirected to the new site.
Shop
Creative Commons License photo credit: perreira

Ancillary touchpoints
Over the development of the two previous , you’ll find that there may be some touchpoints including RSS feeds, tag feeds or even
regular email newsletters. You’re going to have to consider migrating
all these to the new site.

  • Now’s a good time to evaluate the integration of your entire process. Where does fit? How about feeds of particular streams…or newsletters? This is where your marketing team will have some valuable input too…really!
  • If you’ve had a website, you’ve likely been measuring traffic to that site. Well, since you’re merging sites, now is the perfect time to re-evaluate your website measurement strategy. Will you continue using the or consider purchasing a contract with a provider? What kind of reporting do you need? What kind of decisions are you going to be making based on what kind of data?
New Orleans Annual Bicycle Beauty Pageant
Creative Commons License photo credit: robholland

Changing external linking
Both have been around for a while, and have a fair number of inbound links from other sites and articles.

  • These help build pagerank ( Juice). Yes, they’ll automagically flow through when they hit the 301 redirects, but it’s also good to contact the sites directly and ask them to update their links. This is a great time to (re)establish with your website network…work the side of the medium :)
Bright Orange
Creative Commons License photo credit: alq666

Promotion on your old sites
Regardless of all the work you do, your old will still be bookmarked or linked in old email etc. If, perchance, that someone does click on an old link, help them find your new location.

  • Keep your old sites live for a year or two. names are pretty cheap these days. After you’ve merged them into the new site, kill the old on the old sites (to reduce the size of the sites you’ll need to maintain) and leave helpful messages on the appropriate landing pages. Use your analytics and server logs to determine heavily visited pages.

I’m not the expert…what do you think!
As I mentioned, this is not a , just a blog post. So, there are many more things to consder in the merge process. I’ve listed a few above, but what do you think? What have I missed that I shouldn’t have? Leave your thoughts below.

Jul

17

Wordpress 2.6 is out — and you’re using it now.

Filed Under Blogging, Doing, News, Social Media, Web | Leave a Comment


Wordpress Plugin for iPhone/iPod touch
Creative Commons License photo credit: purplelime

It was a fairly painless update (thanks to the Wordpress Automatic Upgrade plugin), but there were a few quirks I’ve had to address:

  • Avatars. WP 2.6 has much better support for Avatars (images used to identify authors of comments). But, my theme doesn’t natively support them so I’ve had to maintain use of the Easy Gravatars plugin.
  • Turbo mode. This is an admin. function, but basically it lets you
    speed up some admin functions with Gears integration. Gears behind my firewall is messy, but I will be trying this from more open connections in the future.

If you’re interested in seeing more of the 2.6 features in action, check out this .

Technorati Tags: , , , , ,

Jul

2

LinkedIn explained for the common folk!

Filed Under Doing, How to, In the life, Social Media | 3 Comments


LinkedIn explained for the common folk! (image: 256)Every time someone asks me to explain why I use and promote LinkedIn, it seems I have a good 15 or 20 minute conversation coming. Then they invariably want to check out my profile and see who I’m LinkedIn to.

Now I’ll just point them to this excellent CommonCraft video. , easy to understand, and entertaining. And they can easily get their own LinkedIn account.

Technorati Tags: , , , , , , , ,