First a bit of a background on the environment.  Our photos have bounced among several computers over the past 13 years.  13 years, that is about how long we have been taking digital photos and have gone through a couple of generations of technology.  The majority of our photos are sitting on an aging server in our basement.  The C Drive, the drive the operating system is on is out of space.  All of our files, at least the ones we can move are on the D drive, there is still about 100 gigabytes of space on the D drive.

Why so much information on the space issue?  Well Picasa likes to use space under the users profile to store logs, a database of faces, and temporary files under the users profile directory.  By default this folder is on the same drive as the operating system – the C drive. This presents a bit of a problem when the drive is low, to the point it is out of space.  I free up a gig or three to make room, but it is filled up over a couple of hours.  I’ve turned of logging, but still the space disappears.  After of 24 hours of trying to move the pictures from the drive to Picasa web I’ve given up on doing it from this machine.

I have moved on to my laptop and mapped to the D drive where the files are stored.  Picasa has scanned the directory and found all of the albums and images and now I realize my next problem.  Although I am using Picasa Web and trying to use the online contact features to track people, Picasa on the first machine does not know anything of Picasa on the next machine.  I really did not expect them to, although it would be nice, especially since I am using the web account.  The bigger problem is not really the face matching though, it’s that the images that were successfully uploaded from the first machine are going to be uploaded again from the second machine.  I am going to have duplicate pictures  on Picasa Web.  It would be great if Picasa web could detect and eliminate duplicate images in my albums.  Since I have paid for 80 gigabytes of storage I will just shrug this off for now and try and deal with it later.

It took almost 5 days to get all the pictures uploaded and I have a bunch of duplicates. We’ll go through those over time. Now it’s on to making sure we make it a regular hair of putting the pictures on Picasa as soon as we connect the camera to the computer.

The new car, a 2012 Chevy Equinox, has a USB port that allows me to connect my iPhone to the car and will charge the phone as well as let me control the music on the phone using the vehicles radio.

Prior to signing up for Match I tried a couple of times to use the iPhone through the USB connection and frankly it’s not all that great. My main complaint is I like to listen to albums. When I listen to an album I want to hear it in the order it was meant to be played, not alphabetically. Once connected to the car there is no way to change this. I have to use the car controls as the iPhones music controls are locked out. I decided to abandon the USB port for listening to music and only use it if the phone needs a charge. I am hoping the Chevy will change this behavior at some point so I can charge my phone and listen to an album in its proper order at the same time.

After turning on iTunes Match I’ve encountered another little problem. I waned to listen to some music and charge my phone in he car. The music was playing fine when I was at home and figured I would just have to connect it when I was in the car. This did not work as planned. I got in the car, turned it on, and connected the iPhone to the USB port and on my screen appeared the message no content. No content? I was listening to music to the very moment I connected the USB port and now I have no content? I unplugged the USB cable and the music was still playing; plug it back in and again I have no content. This is a bit frustrating. Now It seems that I can’t charge my phone and listen to music in the car at the same time if I use iTunes Match.

I suspect there are a couple of glitches in effect here. First off I have played some music from the phone while connected via USB after turning on match, but in order to get the radio to recognize and play those songs I had to first download them otherwise the car would act as if they weren’t there. I would have to disconnect the phone from the car, download the tracks, then reconnect for them to play. If the tracks were not already downloaded when I selected them using the vehicles stereo I would hear nothing until a song that had been previously downloaded was found and then that one would play.

I’m hoping that there is a fix for all of these issues. It would be nice to be able to listen to my albums in order. Of course, now it would be nice if I could listen to anything at all after having turned on iTunes match!

Going digital, what does that really mean? I gave up on the Franklin Covey binder years ago when the Blackberry was completely synchronized with exchange. We got our first digital camera over 10 years ago and all the photos we’ve taken since are stored somewhere on a computer. Our music, music has been digital since CD’s came out. What I really mean is taking it online. I think now this digital thing can actually work with the right combination of cloud based services.

I’m not just talking about our photos and music. I also want to digitize all of the home videos, from the VHS-C tapes we have through the 8mm and whatever other formats we encountered along the way. All of the documents we have to keep and the ones yet to arrive, yes those too. Everything that we can digitize – paper, audio, video, and photos; I’m going to try and do it.

So why hasn’t someone who has embraced technology, whose very career is all about technology, done this yet? Primarily because desktops and laptops only last so long, I never wanted to invest in tape backup, and we have too much data to store on a single DVD. Our pictures have bounced between hard drives as I have tried to preserve the images from drives as they begin to fail. I’ve lost portions of my music collection that I spent days ripping from CDs several times when drives suddenly failed. I just don’t want to spend the time and money needed on backups and disaster recovery that is necessary to go completely digital.

Now, the time seems right; I’m going to put my trust in iTunes match and Googles services to be my repository for all things digital. The first step was turning on iTunes match. All my music was matched and those tunes that were not found moved online. I’ve decided to re-rip those CD’s that were lost in drive failures and device swap outs hoping that iTunes match will be around for a while.

For pictures I am going with Picasa. I have used Flickr for some time now, however I like the tagging features in Picasa and it seems to be a lot easier to upload the thousands of photos in hundreds of albums we have.

Next are the videos. These are going to take some time. I’m going to try and use a YouTube account and upload the videos. The first step is getting all of those old videos from tapes of various formats to a digital format.

Finally, will be the paper documents. Right now I’m thinking of scanning and uploading to Google docs the important documents we receive throughout the year and also archiving the ones we’ve had in storage for quite some time. While we won’t get away for paper entirely, I hope to reduce considerably the amount of paper we have around the house.

So this year I’m going to go digital. I hope to post more of this adventure as I move more information online – into the cloud. I will post on what seems to work, what doesn’t and what to watch out for. Please feel free to comment on any ideas, thoughts or experiences you have in moving your personal information online.

Happy New Year!

US-CERT encourages users to do the following to help mitigate the
risk:
* Review the alert posted by USAA regarding this issue.
* Do not open attachments in email messages from unknown sources.
* Refer to Recognizing and Avoiding Email Scams (pdf) document for
more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
* Install anti-virus software and keep virus signature files up to
date.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#

Know the risks

Your smart phone, tablet, or other internet-enabled device is a full-fledged
computer. It is susceptible to risks inherent in online transactions. When
shopping, banking, or sharing personal information online, take the same
precautions with your smart phone or other internet-enabled device that you
do with your personal computer — and then some. The mobile nature of these
devices means that you should also take precautions for the physical
security of your device (see Protecting Portable Devices: Physical Security
for more information) and consider the way you are accessing the internet.

Do not use public Wi-Fi networks

Avoid using open Wi-Fi networks to conduct personal business, bank, or shop
online. Open Wi-Fi networks at places such as airports, coffee shops, and
other public locations present an opportunity for attackers to intercept
sensitive information that you would provide to complete an online
transaction.

If you simply must check your bank balance or make an online purchase while
you are traveling, turn off your device’s Wi-Fi connection and use your
mobile device’s cellular data internet connection instead of making the
transaction over an unsecure Wi-Fi network.

Turn off Bluetooth when not in use

Bluetooth-enabled accessories can be helpful, such as earpieces for
hands-free talking and external keyboards for ease of typing. When these
devices are not in use, turn off the Bluetooth setting on your phone. Cyber
criminals have the capability to pair with your phone’s open Bluetooth
connection when you are not using it and steal personal information.

Be cautious when charging

Avoid connecting your mobile device to any computer or charging station that
you do not control, such as a charging station at an airport terminal or a
shared computer at a library. Connecting a mobile device to a computer using
a USB cable can allow software running on that computer to interact with the
phone in ways that a user may not anticipate. As a result, a malicious
computer could gain access to your sensitive data or install new software.
Don’t Fall Victim to Phishing Scams If you are in the shopping mode, an
email that appears to be from a legitimate retailer might be difficult to
resist. If the deal looks too good to be true, or the link in the email or
attachment to the text seems suspicious, do not click on it!

What to do if your accounts are compromised

If you notice that one of your online accounts has been hacked, call the
bank, store, or credit card company that owns your account. Reporting fraud
in a timely manner helps minimize the impact and lessens your personal
liability. You should also change your account passwords for any online
services associated with your mobile device using a different computer that
you control. If you are the victim of identity theft, additional information
is available from http://www.idtheft.gov/.

For even more information about keeping your devices safe, read
Cybersecurity for Electronic Devices.
________________________________________________________________

* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX
* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

Overview

Adobe has released Security Bulletin APSB11-30, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Bulletin APSB11-30 and Adobe Security Advisory
APSA11-04 describe a number of vulnerabilities affecting Adobe
Reader and Acrobat. These vulnerabilities affect Reader and Acrobat
9.4.6 and earlier 9.x versions. These vulnerabilities also affect
Reader X and Acrobat X 10.1.1 and earlier 10.x versions.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.

Adobe Reader X and Adobe Acrobat X will be patched in the next
quarterly update scheduled for January 10, 2012.

Additional details for the U3D memory corruption vulnerability can
be found in US-CERT Vulnerability Note VU#759307.

II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.

III. Solution

Update Reader

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB11-30 and update
vulnerable versions of Adobe Reader and Acrobat.

In addition to updating, please consider the following mitigations.

Disable Flash in Adobe Reader and Acrobat

Disabling Flash in Adobe Reader will mitigate attacks that rely on
Flash content embedded in a PDF file. Disabling 3D & Multimedia
support does not directly address the vulnerability, but it does
provide additional mitigation and results in a more user-friendly
error message instead of a crash. To disable Flash and 3D &
Multimedia support in Adobe Reader 9, delete, rename, or remove
access to these files:

Microsoft Windows
“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”
“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

Apple Mac OS X
“/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/AuthPlayLib.bundle”
“/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework”

GNU/Linux (locations may vary among distributions)
“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”
“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”

File locations may be different for Adobe Acrobat or other Adobe
products that include Flash and 3D & Multimedia support. Disabling
these plugins will reduce functionality and will not protect
against Flash content that is hosted on websites. Depending on the
update schedule for products other than Flash Player, consider
leaving Flash and 3D & Multimedia support disabled unless they are
absolutely required.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this framework may be useful when
specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF files

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
“EditFlags”=hex:00,00,00,00

Disable the display of PDF files in the web browser

Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.

To prevent PDF files from automatically being opened in a web
browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the “Display PDF in browser” checkbox.

Remove or restrict access to 3difr.x3d

By removing or restricting access to the 3difr.x3d file, Adobe
Reader and Acrobat will fail to render U3D content, which helps to
mitigate this vulnerability. PDF documents that use the PRC format
for 3D content will continue to function on Windows and Linux
platforms.

To disable U3D support in Adobe Reader 9 on Microsoft Windows,
delete or rename this file:

“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”

For Apple Mac OS X, delete or rename this directory:

“/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework”

For GNU/Linux, delete or rename this file (locations may vary among
distributions):

“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”

File locations may be different for Adobe Acrobat or other Adobe
products or versions.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.

IV. References

* Security update available for Adobe Reader and Acrobat -

* Adobe Reader and Acrobat JavaScript Blacklist Framework -

* Adobe Acrobat and Reader U3D memory corruption vulnerability -

* Security Advisory for Adobe Reader and Acrobat -

____________________________________________________________________

The most recent version of this document can be found at:

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with “TA11-350A Feedback VU#759307″ in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2011 by US-CERT, a government organization.

Terms of use:

____________________________________________________________________

Revision History

December 16, 2011: Initial release

Microsoft has indicated that it is aware of targeted attacks
exploiting this vulnerability. The Duqu malware may exploit this
vulnerability.

UPDATE: Microsoft has provided an update to address this vulnerability
in Microsoft Security Bulletin MS11-087.

US-CERT encourages users and administrators to take the following
actions to help mitigate the risks of this vulnerability and the Duqu
malware:
* Review Microsoft Security Advisory 2639658 and apply the patch
provided in Microsoft Security Bulletin MS11-087.
* Use caution when opening attachments in email messages.
* Maintain up-to-date antivirus software.

Relevant Url(s):

====
This entry is available at

http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory_for4

There are multiple vulnerabilities in Microsoft Windows, Office,
and Internet Explorer. Microsoft has released updates to address
these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for December 2011 describes
multiple vulnerabilities in Microsoft Windows. Microsoft has
released updates to address the vulnerabilities. Additional details
for MS11-091 can be found in US-CERT vulnerability note VU#361441.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for December 2011. That
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. In addition, administrators should
consider using an automated update distribution system such as
Windows Server Update Services (WSUS).

IV. References

* Microsoft Security Bulletin Summary for December 2011 -

* Microsoft Windows Server Update Services -

* US-CERT Vulnerability Note VU#361441 -