Storing files or messages in your trash/deleted items is akin to storing real documents in the waste basket. I don’t know about you, but that is not the first place I go when I want to keep something safe! The reasons are simple.

• You may, accidentally or purposefully, clean out the trash, and when it’s gone, so are all the files that were in it.
• Your system administrator (think “janitor” in this case) may clean out your deleted items for you.
• Your backup solution may not automatically back up the contents of deleted items folders. After all, you deleted them, so how important could they be?

If you want to keep files or emails around, fine – just don’t keep them in the trash.

Passware Password Kit Forensic 11.5

This month, I obtained a review copy of Passware’s “Passware Password Kit Forensic 11.5″. For brevity’s sake, I’ll refer to it as “Passware” for the rest of this review. Passware is a password recovery/cracking system which has the ability to work on multiple file types. The Forensic Kit version adds more features, such as cracking of filesystem passwords and resetting Windows user account passwords.

My test system was a 2.33GHz Intel Core2Duo with 4GB of RAM, running Windows 7 Professional (32-bit).

To evaluate the software, I attempted to crack passwords on several files, some of which I knew, others I did not, as I’d forgotten them. What better test could you ask for?

Recover File Passwords
My first test was a Quickbooks 2009 data file for one of my companies. I ran Passware, chose “recovery file password” from the start page, and browsed to my .QBW file. Passware took less than one second to remove the passwords of all of the accounts in the Quickbooks file, and created a copy in the same directory as the original, leaving the original file unmodified. I was successfully able to open the unprotected file normally and, indeed no password was required.

My next test case was to open some password-protected PDF document – my 2009 tax return which I’d obtained from an accounting firm that I no longer want to deal with. However, I need to access the file as part of a loan for which I am applying. What to do? Enter Passware. From the Start Page, I again chose “Recover File Password,” and browsed to the PDF. Passware automatically recognized a PDF document as the target and offered me a choice of running a wizard, using predefined settings, or an “advanced custom settings” option. I chose to use the wizard, which gave me a variety of choices to describe the password, such as “a dictionary word,” “more than one dictionary word,” “one of more dictionary words combined with letters, numbers, symbols,” “non-dictionary but similar to English” words, “other,” and finally, “I know nothing about the password.” To put Passware through its paces, I said I knew nothing about the password and clicked “Finish” to start the process. Passware launched a variety of attacks, including brute force. Passware was able to successfully brute force the relatively simple (all numeric) password in 4 minutes 37 seconds.

Recover Internet and Network Passwords
Next, I decided to try Passware’s ability to crack passwords in RDP (Remote Desktop Protocol) saved profiles. I pointed Passware at a saved .RDP file and, to my horror, my saved password was revealed to me on screen in under one second.

I also used Passware’s ability to recover website passwords. To do this, Passware scanned my Internet Explorer, Firefox, and Chrome passwords and was able to completely crack all of the saved passwords in each of these browsers in about 10 seconds.

When testing Passware’s ability to crack “Network Connections” passwords, for instance, VPN connections to remote networks, Passware failed in my single test case, erroneously reporting that no password was set on a connection when there indeed was one set.

Search for Protected Files

Another feature that would be quite useful for forensics work is the ability to scan a filesystem for protected files. This option digs through the specified drive or folder and, if it finds a file that is protected or encrypted, reveals that fact to you. My scan of my own home directory revealed several protected files, including Microsoft Outlook OST files, protected Microsoft Office documents and Quickbooks data files. Passware also listed many Adobe PDF files, even though they were not protected.

Analyze Memory and Hard Disk
This is advanced forensics stuff that most ordinary users will never even think about, let alone undertake on their own. Still, if you need to do forensics analysis on a Macintosh RAM or disk image, Passware now has this ability, as well as the ability to brute-force TrueCrypt-protected images, and analyze memory dumps for BitLocker keys.

After 42 minutes, Passware was able to successfully pull my Macintosh user password from an 8GB memory dump I pulled from my MacBook Pro.

Passware also has the ability to analyze Windows registry files that you’ve obtained from another system. However, it does not have the ability to analyze raw Windows memory dumps for miscellaneous info and passwords, such as you can do with AccessData’s FTK.

Miscellaneous Features
Passware allows you to launch multiple copies of the software at the same time. This is great, as the main app itself is apparently not written to allow it to work on multiple cracking processes at the same time. I found this useful, for instance, when my machine was busy cracking the PDF file, which took a relatively long time when compared to opening Quickbooks data files, which it could crack almost instantly. What I would do is start on the long processes and let them go in the background while I could then focus on easier cracking processes.

Passware is clever, and remembers previously-seen passwords and prioritizes them when trying subsequent attacks. For example, I was again horrified to see my Windows password, previously extracted from a saved RDP profile, show up as one of the passwords attempted to use to crack my MS Word document. It didn’t work, as I did not recycle the password, but it was still scary.

After I rebooted my computer for maintenance while in the middle of a filesystem crack attempt, Passware resumed normal operations when I re-opened the application. This is a must-have feature, as some brute force attacks can take weeks, months, or longer.

Passware has several other features which I did not have time to test in my evaluation, such as distributed password cracking, which allows multiple computers to work on cracking the same file simultaneously, and even includes an Amazon S3 acceleration feature, which allows you to stand up S3 virtual computers to really speed up the brute force attempts. Also part of Passware’s Swiss Army Knife product is the ability to create a boot disc that can be used to reset a Windows password, similar to a Linux tool I’ve used for this purpose for several years. However, since I did not have access to my Windows boot media while doing this review, I could not create the disc to test this feature. Passware can also crack Microsoft Outlook and Outlook Express passwords, which it did in my tests in a very short time.

Passware Inc.’s Passware Password Kit Forensic 11.5 retails for $995 and is available, along with several other recovery programs, at lostpassword.com.

Here are the reasons why you do not want to keep all of your mail in your inbox:

1. It is hard to find things.
On several occasions, I have observed people who leave everything in their inbox because “that way I can find everything.” When I have observed these people trying to find things, it’s almost always painful to watch because in general, they “find” things manually, by scrolling through their inbox. They often fail to do even basic things to help their manual search, like sorting by sender, subject, or date. Clearly, a human should not be wading through thousands of messages trying to find a specific one. (The words “needle” and “haystack” come to mind). By moving messages into separate folders which you pick in advance, you can more easily find things when you need them.

If you ever spend time scrolling up and down through your inbox, looking for a message that you misplaced, you’re wasting time and money.

2. It slows your system down.

Just imagine that every time you look for a piece of paper on your desk, you need to sift through thousands of other pieces of paper to get to it. How inefficient is that? Regardless of how fast your computer is, you are putting an extra load on it by constantly making it process all of these documents. Even if you are not looking at your inbox, it is being accessed every time you send and receive mail from your server. This will slow down your mail client and system overall. Recently I have had several clients complaining of slowness, and the cause has frequently been that MS Outlook is open, and they have thousands of messages in the inbox. Simply moving everything to another folder, like Inbox2, addresses this problem.

If you ever spend time staring at your email client while it sits and “thinks” for long periods of time, seemingly doing nothing, while it’s actually processing your inbox trying to sort things out, you’re wasting time and money.

3. It is sloppy.

I can’t think of anybody whose real inbox (on their desk) or their mailbox (outside their house, at the post office, etc.) is the final repository for all of their mail, and their e-mail inbox shouldn’t be either. Gmail encourages you to just forget about filing things, and leaving everything in the inbox. That may work for Gmail, but don’t do this on other mail systems.

4. You’re keeping all of your proverbial eggs (messages) in one basket (inbox).

Just yesterday I had a client call and inform me that Outlook Express had stopped downloading his mail. It turned out that he had hard drive corruption, and his inbox (which contained emails going back over three years, and over 3,000 messages in it) was one of the affected files. Ouch. With a local email store on a notebook, and only a backup from two years ago, the chances for recovery look slim. Note that unless you are archiving files into separate PST stores, MS Outlook does keep everything in a single file, so additional steps are required to make it more fault tolerant.

If your email is all in one, monolithic file, and something goes wrong with that file, it can be very difficult to recover your messages.

Although we don’t see as much of this as we did several years back, what’s often happening is that someone else, with whom the client has corresponded, has a virus-infected computer, and that machine is sending out junk email (or viruses), purporting to be our client.

Forging an email, purporting to be someone whom you are not, is trivial, and unless you and/or your email provider have taken steps to secure your systems and your domain, anyone with a little know-how can easily send email as anyone, including you.

In the following graphic, we see an example, where Joe@example.com corresponds with Sally@example.net. An Evil Badguy manages to insert a virus onto Sally’s computer, and it starts to send out spam and viruses. But, this virus is smart! It doesn’t send the emails as Sally – it sends them emails as some random recipient in Sally’s address book, in this case, Joe. When Bob receives “Joe’s” email, he emails Joe to complain, but Joe has no idea what’s going on. He’s even scanned his computer for viruses and found no sign. In an effort to prevent this, Joe could set up an SPF record on his domain, example.com, so that only authorized computers could send emails claiming to be example.com, which could help cut down this sort of behavior.

3rd party virus emails

If you think you are the victim of such a charade, contact us to see how Paradigm can help shield your domain from these attacks.

1. Hosting Email Yourself (in-house)

Properly maintaining an email server, like maintaining any piece of critical IT infrastructure, is not a simple task. Too many companies choose to run their own internal email server because it’s “cheaper” than outsourcing. Nothing could be further from the truth! There is more to maintaining a mail server than just turning it on and forgetting it. Servers need frequent regular attention, often on a daily, if not more frequent basis. They need to patched, upgraded, backed up, and monitored to make sure they are up, stable, and secure. On several occasions we have come across client systems which have been compromised, in one form or another, for months, and nobody knew! If you choose to host your email in house, be sure that your IT staff (or outsourced providers) are doing regular, frequent maintenance on your mail servers.

2. Using Your ISP for Email

Most ISPs don’t want to host your email. They want to be in the business of providing Internet access. Email came along because users demanded it, and many ISPs added this feature in as an afterthought. Your ISP’s mail server is often overloaded, slow, and will have prohibitively low storage and attachment limits.

In 2008, Charter Communications (accidentally) deleted 14,000 users’ mailboxes with no option to restore any of the deleted mail. Does that sounds like a company that takes email seriously?

Also, many ISPs will not host your domain, example.com, and force you to use their domain name in your email address, so instead of you being able to send email as you@yourcompanyname.com, it has to be something like yourcompany@yourISP.com, which looks very unprofessional and fly-by-night. Nothing screams “unprofessional” like an email address with @aol.com, @gmail.com, or @comcast.net in it for your business.

Finally, if your ISP gets acquired or goes out of business, or you change your ISP, your email address need to change, and you are almost certain to lose emails because people will have an old email address for you in their address book.

3. Falling for the Promise of “24x7x365 Support”

Large email providers love to tell you about their 24x7x365 support. What they don’t tell you is that, while you may actually get to speak to a human to request support, the real engineers and technicians who do the hard work to get problems fixed work a 9-5 schedule, so if you do have a problem after hours, you may end up waiting until the next morning anyway! Having a relationship with a trusted provider is much more valuable than playing the game of 24×7 roulette.

4. Not understanding Your SLA (Service Level Agreement)

Does your email provider offer you a 99.9999% uptime guarantee? What happens when they go down for a few hours? Do they pay you back? No. SLAs vary from vendor to vendor, so be sure to understand what yours promises, what you will get when they go down, and what you won’t. What you will get is a portion of your bill cut, depending on the SLA, but you’ll have to apply to your provider’s billing department and request this credit.

5. Choosing the Bells and Whistles (you’ll never use)

Many hosted email providers will boast features are overkill for small businesses. Most small businesses do not need to be compliant with HIPAA, PCI, and SOX, but many email providers will boast their compliance packages and try to sell you on them. Granted, most organizations we work with could benefit from a lot of additional features that never occurred to them. Just because you don’t have a feature now doesn’t mean you can’t benefit from them, but don’t be sold on the promise of something without making sure it is really a benefit, not just an extra monthly charge on your account.

6. Looking at price first, features and benefits second (or never)

Price matters, but meeting your needs matters more. Yes, you could choose to host your email for free with your ISP, but it’s worth a few dollars per month to have your own domain name, larger message attachment sizes, collaboration and other features that you will actually use. Before making a decision, make sure that you are comparing identical or at least very similar features, and then come down to price, but not before.

As one of my colleagues says, “it’s not about the content, it’s about the consent.” Quite simply, it doesn’t matter how important your email is, or how important you think it is. If it wasn’t requested by the recipient, or they did not ask for your marketing emails, it can be considered spam or junk mail.

When people receive any email, they normally have the option to report messages as spam back to their ISP or email provider. These reports get collected and sent to spam reporting companies who compile lists of email servers, IP addresses, and domains which are generating spam. If your server, IP address, or domain gets flagged as a spammer, you can be blacklisted, which can result in your emails being rejected, even by people and businesses you deal with regularly, for days or even weeks!

So how can you avoid being a spammer? There are several steps, most of them relatively simple, to ensure this.

1. Use a legitimate email list. By this, I mean one that you assembled yourself, not something you bought, and not something you assembled out of various correspondences or subterfuge, such as automatically adding people to a list when they contact you, or buy one of your products. This behavior is a violation of the 2003 CAN-SPAM act. In other words, it’s illegal and you can be fined for it.
2. Be legitimate. If you’re trying to sell something, say you’re trying to sell something. Although you can be subtle about it, don’t mask the fact, and don’t pretend to be selling something you’re not.
3. Send your email in plain text. Most marketing departments will nix this immediately, so if you are going to send HTML (pretty pictures and colors) email, be sure that it is standards-compliant and well-formed. Be sure whomever is creating your HTML emails knows what this means and can verify this if you don’t.
4. Display your domain name’s registration information publicly. Don’t hide behind a proxy domain name registrar to keep your information private, as it makes you look like you’re a spammer who is trying to hide something.
5. Use consistent “from” email addresses, e.g., “announcements@example.com.”
6. Set Sender Policy Framework (SPF) records for your domain. SPF is a system which defines what email servers are allowed to send email on your behalf, which helps prevent unauthorized mail servers forge your addresses (which would allow spammers to pretend to be you, and make you look bad).

If any of these sound too technical for you to handle on your own, contact us today and request a free audit of your bulk mailing practices so that we can assist you further to be compliant and, more importantly, to avoid an unplanned outage of your email system.

References:

• The CAN-SPAM Act: A Compliance Guide for Business
• Google’s Bulk Senders Guidelines

Evernote Web

Evernote is a cloud-based service for taking notes and storing all kinds of data. I use it mostly for text and photo snapshots, but will also store documents and audio files from time to time. Without a doubt, it is one of my favorite applications, which I use on Windows, Macintosh, iOS and (sort of) Linux.

Evernote is available for several platforms, including Microsoft Windows, Apple Macintosh, iOS, Windows Phone, and Android. They also make their service available via a rich web interface. A free, open-source clone of Evernote, known as NeverNote, is available for the Linux operating system. The program allows you to type text notes, audio notes, and photo notes on devices that have cameras, such as Apple Macbook computers or iPhones.

Evernote also publishes several add-ons and applications which integrate into their services. One add-on is the Evernote Web Clipper extension, available for several popular browsers.

Evernote iOS

This extension allows you to clip and save an entire web page, or selected text, right into a new note in Evernote, which you can then read and edit later. Evernote recently released Clearly, another add-on for Mozilla Firefox, which clears up a lot of clutter on web pages and boils a page down to its main content, making it both easier to read and easier to save info to Evernote.

Evernote has similarities to other online storage systems, such as Dropbox, but it differs in its user interface. I see Evernote primarily as a note taking application with a storage backend, while Dropbox is a storage engine that integrates into your operating system’s filesystem. Also, Dropbox restricts you not on uploads, but the amount of information you can store on their servers, as opposed to Evernote, who limits you on how much you can upload.

Sample Blog Post

Evernote uses the “freemium” business model, giving away their core service offering and charging for an enhanced version, which costs $5/mo. The free service limits you in the type of files you can upload (PDF, images, plain and rich text), and the amount of data you can upload (60MB/mo at the time of this writing). The premium service expands this to allow you to upload a wider variety of files, e.g., MS Word and Excel documents and MP3 audio files, and increases the monthly upload limit to 1GB. You are effectively not charged or restricted by the amount of data you can store on their servers, just how much you can upload. In other words, with a premium account, you could conceivably store 12GB of data on their servers after one year, or 720MB of data with a free account.

Evernote’s CEO, Technical Guy, and Marketing Guy host a semi-monthly podcast on their products, and regularly feature listener feedback on how they use Evernote. The podcast is a great way to get new ideas for using their service.

Blog Post, with Clearly applied

The uses for Evernote are numerous. I use it every day for:

• Diary/journal entries
• Clipping web pages to read later
• Drafting blog posts
• Drafting long emails when working offline
• Drafting letters and proposals
• Documenting work as I go through a project
• Inventorying things via snapshots
• Storing e-books
• Taking snapshots of noteworthy passages in books
• Storing and retrieving recipes
• Managing todo lists

Do you use Evernote? If so, leave a comment and tell us how!

You can find out more about Evernote at www.evernote.com.

This is where we enter the picture. The client called us on Friday evening to convey the story. After some troubleshooting we confirmed the bizarre report that emails were being blocked because of the content of his marketing messages. Somehow, his emails were being silently dropped by email service providers who subscribe to a third-party spam filtering solution, e.g., Spamhaus.org, Postini, etc. While I can appreciate dropping spam, as I hate spam as much as, no, more than the next guy, silently dropping something with no indication of the problem is, well, a problem. Why? Read on and find out.

What was happening is that emails sent to several large email hosting providers, including GoDaddy, Microsoft, Yahoo, and Google, were being dropped for merely mentioning the blacklisted domain name. This made it impossible to send an email referencing the blacklisted domain to any of these providers, and more. Simply mentioning the domain in an email, regardless of who sent it or to whom, as long as the recipient’s mail server was using the aforementioned blacklist, was enough to get the email rejected, and neither the sender nor the recipient would receive any notification of this non-delivery.

Fortunately, we were able to contact the email hosting provider and explain the problem, and they were able to de-blacklist the domain in question. Unfortunately, while I advised my client on several steps he could take to attempt to avoid this in the future, there is no surefire way to prevent this from happening again, as the blacklisting could have originated as a result of his email marketing company, his website hosting company, or his email hosting company.

Are you having trouble ensuring reliable delivery of your email? If so, visit our website and click the “get info” link to find out how we can help.

Associate in Info Tech or equivalent experience required. A+, Network+, Security+, MCSA, MCSE, or GIAC certs (GSEC) desirable.

Strong customer service skills and outstanding written and verbal communications skills are a must. If you love providing end-users with the solutions to their technical problems, this may be the job for you. This job can be fast-paced, so applicants must be able to very quickly adapt to new situations and learn new skills. Applicants must be able to very quickly adapt to new circumstances and surroundings, to provide quick responses to client issues. As part of a small company, you’ll be expected to work closely as part of a strong team, so prepare to exercise and develop those mental muscles!

Local travel within central Vermont required. Occasional overtime/after hours work required.

 

Hello

 

i would like you to know that it is still very much available for rent, i am only willing to give it out to a Good and Responsible person. Its indeed a lovely and comfortable home and available to move in as soon as possible May the Peace of the Good Lord be with you for considering my home. 

 

Fees:

Per Month : $800 ( Including Utilities )

Management Security / Deposit : $300. ( REFUNDABLE )

1 Bedrooms

1.5 Bath

# Central Air Conditioning

 

APARTMENT FEATURES:

** True 1 Bedroom **

** Hardwood Floors **

** BIG Living Room Shared W/ Kitchen **

** Brand New Cabinets-Stove & Refrigerator**

 

The followings are included in the monthly rent:

-Heat

-Hot Water

-Electric

-Separate private entrance

-Homeowner in Charge

-Brandnew stove, refrigerator, cabinets, countertops

-Own Thermostat

-Parking space

-Washer & Dryer on premises

 

I would like you to know that i am giving this home out to you because i just relocated to West Africa , Nigeria for the Missionary work and have a 4 years course.. so my family and i have decided that we would be moving to our other home when we get back.

I would like you to send me the below details:

 

Full name :

Present address :

Occupation :

Age :

Phone Number :

When you are planning on moving in :

Credit Statues :

Period of time you are planning to stay, cos i wont be moving back to it:

There is no Registration fee and agency fee, since you are dealing directly with me the Landlord. The Security Deposit would be needed as a Security Bond in order for the keys and paperwork along side with Lease Contract agreement to be sent to you… Electric Bills and water bills have been paid for, so i would also need to send the receipts to you, would in case it would be needed. 

 

I would like you to know that you are free to contact me at any time. After i receive this details, i would get back to you soonest and then let you know my terms. Pets are allowed. I hope to hear from you soonest.

God Bless

Rev Mark Wilson

Call Me: 0112348094431350 OR +2348094431350