St. Petersburg Web Design Blog

Archive for the ‘Client News’ Category

This guy makes some great points about competing in the local search market. Remember, it is a competition, not an automatic thing. You’re not going to be automatically listed #1 on Google for Florida Web Design just because you submitted your web site to Google and you are actually in Florida. On a smaller scale it’s the same for St. Petersburg Web Design. just because you are in St. Petersburg and you tell Google doesn’t mean that the national companies aren’t fighting hard for your spot.

He doesn’t really give away a lot of tips but he does highlight the challenges that most small businesses don’t understand.

This video helps explain what a firewall is. (By request)

A two way firewall is absolutely necessary.

Zonelabs has the best on in the business and it’s free.

I always knew that click fraud was way more prevalent than what Google says it is (and they admit it’s above 30%!). But now we have evidence that Google themselves is defrauding their own advertisers by teaming with adware companies to redirect directly typed addresses into searches.
That’s a mouthful, what’s that mean?

That means Google, in certain cases, is taking a directly typed domain name and turning it into a search and then a click on and advertisement so they can charge the advertiser for something they wouldn’t normally have to pay for. This is called click fraud, even by Google’s own definition which states:

Invalid clicks are clicks generated by prohibited methods. Examples of invalid clicks may include repeated manual clicking or the use of robots, automated clicking tools, or other deceptive software. Invalid clicks are sometimes intended to artificially and/or maliciously drive up an advertiser’s clicks and or a publisher’s earnings. Sources of invalid clicks may include:

* Manual clicks intended to increase your advertising costs or to increase profits for website owners hosting your ads.
* Clicks by automated tools, robots, or other deceptive software.

The evidence is long and tangled, but here’s another article that explains this better (LINK). Techy version
Here’s a link to the evidence and original report (LINK). Very techy version

There is a growing business practice in my industry that I must reluctantly speak on. With the economy doing so poorly and this practice working so well, it’s becoming more prevalent. Underbidding. There are two types of underbids, Intentional and unintentional. Today I’ll speak on:

Intentionally Underbidding.
This is when a company makes a bid on a project that is less than what they can do it for and less than what they actually intend on charging you.
Continue reading “Beware of the Low Bidders” »

Microsoft announced a big security hole in Microsoft Excel 2007.
(Update - the tech specs on this alert have broadened greatly, including almost all versions of MS Excel now)
There is also new info on this , I’ve add it to the bottom of this post.

If users download a malicious Excel file and open it, a Trojan Horse is installed on their computers which can allow the attacker who created the Excel file to completely take over the computer in question.

Most of the few remaining clients I have that haven’t went under yet use Excel on a daily basis and even send / receive them via e-mail or over a corporate network.

If this is you, please have your Network technicians promptly block e-mail delivery of all excel files via e-mail. I mean now. If one person on your corporate network receives one and opens it, it could quickly infect every computer on the network.

This is rapidly infecting corporate networks around the world.

There is NO patch for this as of yet.

Most anti-virus software won’t catch or do anything about this yet.

Microsoft probably will release something to fix this vulnerability in Excel, but it’ll be week in coming, not hours.

If you’re one of the smaller businesses and can’t get your network specialist to lock this down promptly, then call me and I’ll talk you through how to do it on your own.

Also tell your network technicians the symantec article on this subject is erroneous at the time of this writing.

Here’s a tech alert about this.

UPDATE:
The first trojan it installs is called:
Trojan.Mdropper.AC.
UPDATE 2
Not the old trojan with the same name from 2006 that effected MS Word.

03-01-2009:
Microsoft finally acknowledges it’s existence, but still doesn’t have a fix, here’s their tech bulletin.

We’ve learned the exploit won’t work on machines running Windows Vista.

Microsoft has also issued a “workaround”:

1 – Turn on MOICE. MOICE converts the XLS to XSLX before opening. Again, the new XML file format is not susceptible to this vulnerability.

2 – Turn on FileBlock. This option is a little more disruptive to most environments. With FileBlock enabled, Excel will only open the new XML-based file format that is safer. It will not open the legacy binary file format. If your organization has switched over to using the new file format exclusively, this might be a great option, even just long enough for us to get a security update out to address the vulnerability.

- Jonathan Ness and Bruce Dang, MSRC Engineering

So what is MOICE? It stands for “Microsoft Office Isolated Conversion Environment.” It’s an update for MS Office. It’s hard to find, hard to use and converts your office files to MS Office’s “Open XML” format. what MS won’t tell you is that often destroys the file making it permanently unusable or only usable after an expert “fixes” all the info in it by hand.

I’ve got my own work around going:
Open it on a Vista Machine, convert the file to a simpler format, like .csv, and then send it back. This is only if your really need the file. If it’s a case of curiousity, as in I got this excel file in the e-mail and I don’t know what it is, then just don’t open it, the odds are it’s infected.

here’s more.

The FCC has privacy guideines, not laws concerning privacy policies on web sites. Recently they’ve made a few changes to the guideines:

• Extended these privacy guidelines to include ISP’s and mobile phone service providers
• Now urges websites to tell consumers that data is being collected during their searches and to allow them to opt out
• Recommends that mobile companies and Internet service providers also inform customers about data collection and allow users to decline

Pretty lame if you ask me. Especially since there is no reason for companies to comply. Currently internet privacy laws state that yo can basically do whatever you want with data collected from users if you vaguely describe what you are doing with it and how you are protecting the data. The only time you can get in trouble with the law is if you fail to follow your own vague privacy statement, or if you don’t have one and share this data.

At Dream designs we strive to go way beyond these guidelines. One way we do this is by not storing this kind of information. Then it can’t be shared. In some instances we do have to store this information temporarily. For instance if you fill out a contact form, the information you submit is stored until we view it and do something with it, like respond to your question. Then this information is deleted. If you become a client is another example. Obviously we have to store your name and contact info so I can communicate with you about the services you’ve purchased (“Your web site is done early and under budget sir”). Hard to do business without doing this, wouldn’t you say?
That why we have a great privacy policy.
In the future we are going to draft the perfect privacy policy and try ot gain industry wide support for it. It’s a bigger task than you would think. Look for it in the near future.