• Use a “password manager” that enables you to use a different password for every website you visit, but store them securely. My favorite is LastPass. Although LastPass had a security issue last year, using a complex password for subsequent encryption of stored passwords overrides their data being compromised.
• Passwords should be a minimum of eight characters. The more characters you use, the harder it is to “brute force” crack your password. With processing power increasing, it has been possible in some cases to crack eight character passwords in short order by trying every possibility. The more characters you use, it gets exponentially harder to crack. A simple tactic to expand your password length is come up with a personal pattern for mixing words together, simply mixing words is not enough. So a bad password would be “chesscheeseeagle”, but this could be made into an excellent password with patterning “^^^^chess444CHEESE801eagle###”.
• Some say dictionary words should be avoided altogether, and a password manager can do a good job of coming up with completely random passwords. Using the mixed word strategy above should only be used for passwords you have to memorize. A random password like “NmX5WCpPQwjRpuyUIjm86R4T” is vastly more secure than one using words, but for those of us who lack superhuman memory, patterned words are easier.
• Two step verification like what Paypal and Google offer adds an additional layer of security upon well crafted passwords. Both of these services have smartphone “apps” which you can use to operate them.
• For system and website administrators, using an SSH Key is far more secure than a password. All SSH capable shell and file transfer programs can handle keys instead of passwords.  Use them!
• Remember that XMission and most professional websites will not ask you for your password in email. Any request is most likely an attempt by someone to gain access to your account and information. Lack of awareness and “social engineering” is a very common security hole. People’s good faith and trust is often the weakest part of computer security. Be aware and verify before giving out any personal information or passwords.

I hope these tips are helpful to keep your personal data secure and safe. Happy Change Your Password Day!

Today we focus on Distribution Lists and Contact Groups.

Distribution Lists can be created by Zimbra domain administrators to handle a bevy of needs such as email forwarding, team lists, customers lists and more.

Contact Groups allow Zimbra web interface and Zimbra Desktop users to create email groups specific to their needs from their address books.  End users with popular mail clients, such as Outlook, can still use this feature by logging in to the web interface and setting up the Group from the Mail tab.

Distribution Lists

Let’s tackle domain based Distribution Lists first. We are commonly asked by domain administrators if there is a way to forward Zimbra domain email addresses without requiring an additional Zimbra account. Luckily, with distribution lists you won’t require a separate account just to forward email. This simple feature is quick and easy to setup.

Here is how Zimbra domain administrators can setup a Distribution List:

Steps:

* Log in to the Admin Console as domain administrator. https://zimbraadmin.xmission.com

* Click on “New” then scroll down and select “Distrubution List” to create a new list. We will use this list to setup the desired email forward.

* Set the target email destination as a “Member” of the list. This would be the target email address, such as zimbra_tips@xmission.com or whatever you need.

* Now click on “Save”

Done! Proceed with your happy dance then get back to work.

Gotchas? Yep. You cannot set a distribution list with the same name as an existing account on the domain. You must rename or remove the Zimbra account first and then create the Distribution List. Renaming the account provides time to clear out any messages before deleting the account.

Contact Groups

Now we will cover Contact Groups for Zimbra end-user accounts. You do not need to be an administrator to access this feature. Here are the steps:

* To create lists, click on New and scroll down to Contact Groups from the pop-up menu.

* Enter a name for your list and then enter email addresses in the “Add Members to this Group” box. You can search your Contacts folder, the Global Address List, and your Personal and Shared Contacts folders for email addresses to add to your list or enter them manually in the form field located at the bottom of the “Add Members to this Group” box.

This is very slick. I use this to create custom invite lists for events and my other email broadcast needs. Distribution Lists have limitations of 1000 addresses allowed as large lists can unduly tax the mail server.

Etiquette Tip: It is an essential courtesy to always use BCC when sending to large email lists. Simply enter your email address in the To: field so they know it is from you. Sharing is caring, but not in the case of personal email addresses in group settings.

There you go, those are the basics of Distribution Lists and Contact Groups using the XMission Zimbra Suite.

I hope you had as much fun with this as I did. Zimbra is a great product with an ever expanding list of useful features that can save you time and effort. As always, please feel free to contact me directly with any questions or suggestions for future Zimbra Power Tips.

- John

Zimbra Product Manager for XMission

For more help click the Zimbra Help button within the web interface or Zimbra Desktop application, or visit XMission’s Zimbra Support page on the XMission Support Wiki. You may also email support@xmission.com or chat with a representative at https://livesupport.xmission.com.

Aside from being punished before ever proven guilty, this ignorance of technology is rife with unintended consequences. Since the passage of the DMCA in 1998, XMission has been forced to act as police, investigator, judge, and jury in copyright claims that are emailed to our abuse@xmission.com address. We have seen everything from recording company robots spewing notices based on textual matches to businesses trying to cause problems for their competition. Not to mention the number of lunatics that waste our time with their baseless accusations. The unintended consequences of the DMCA is that it had a direct effect on the cost of doing business that copyright claimers do not have to bear. If Sony was charged 10 cents for every email they sent us, they’d probably think twice before handing it the task off to a software robot.

PIPA/SOPA will do nothing to prevent copyright infringement on the Internet. Instead, they will fracture the legal use of the DNS system and drive criminals to more obscure methods that will be harder for investigators to track. This is the nature of censorship on the Internet. As John Parry Barlow said, “The Internet treats censorship as a malfunction and routes around it.”

The only way to control the Internet, as China, Saudi Arabia, Egypt, Libya, and Iran have learned, is to shut it down altogether. Even when you do that, it would have to be shut down world-wide before you really stop information from moving. I hate to see the USA follow the leads of these despots, but XMission will continue to fight for a free and unfettered Internet as it always has. Over the past 18 years of business, XMission has fought a number of bad Internet bills in Utah and nationally. We have advocated for Internet privacy rights as “papers and effects” under the 4th Amendment and turned away all requests for information that did not fit jurisdiction or the definition of a proper warrant.

In spite of my own office-seeking, I have tried to keep XMission and my representation of XMission as apolitical as possible. Yet when it comes to the question of keeping the Internet unrestricted and unregulated, XMission’s voice has been clear. When the U.S.S.R. fell in 1991, I read first-hand accounts on Usenet as it happened. The Internet then was an embryonic force that has matured to bring down despots through communication. Governmental attempts to control the Internet are not new, and neither is my nor XMission’s commitment to fight them.

In recent years, XMission has greatly expanded our focus on business products, including colocation, advanced web hosting (with our Stackable cloud product), hosted email (with Zimbra), and business telephony. As those products matured, it was only a matter of time before we saw the need to perform this audit, especially as enterprise clients started to look more seriously at XMission as a vendor. While we are a privately held company, and therefore have no Sarbanes Oxley compliancy concerns ourselves, we recognized that compliance sensitive companies often require SSAE 16 certification, which include publicly-traded enterprises, financial firms, and healthcare organizations.

Ultimately, I think that all of the work we did in preparation for the audit brought about many positive changes. While we have done many things related to IT security for years not only due to our own commitment to best practices but also to maintain PCI compliancy, we took this opportunity to review and refine our policies and procedures. We performed a new risk assessment and found better ways to mitigate, if not outright prevent, a few more potential issues. We had some productive conversations and better organized our documentation. All in all, the process brought renewed rigor and focus to things that warrant close scrutiny on an annual basis.

In order to complete the audit, XMission management developed rigorous internal control objectives to support first-class data center, hosting and networking management services. You can think of internal controls as the processes by which an organization manages its people and systems. It is how a business conducts business, day to day. These controls should be closely aligned with an entity’s goals and objectives. When an outside auditor comes in, they first review the organization’s control objectives to determine if they appear to be reasonable and then secondly test their processes and see if the entity reliably meets those objectives. Professing best practices isn’t enough; the proof is in the pudding. And since we chose a type 2 audit, we were required to prove the operating effectiveness of our internal controls throughout the audit period. Abiding by new requirements under SSAE 16, the report also contains a written assertion from management regarding the systems and a services auditor’s opinion letter.

An SSAE 16 audit report provides a framework for a service organization to have an outside entity examine their internal controls, which can then be provided to its enterprise clients. Therefore, an SSAE 16 certification assures new and existing customers that XMission’s policies and procedures are sound and that their critical Internet services and data are secure. Colocation and Stackable customers can request a copy of our audit report, which should make it easier for them to pass their own SSAE 16 audit. If anything is missing which could help them with their own audit, or better set them at ease regarding the products they purchase from XMission, we gladly welcome such requests. We have already started to evaluate how we will expand the scope in next year’s audit.

Our audit was conducted by CPA firm A-lign, who specializes in these audits for IT firms. SSAE 16 replaces the previous industry standard, SAS 70 and brings the US closer to the international standard, ISAE 3402.

For more information, please visit xmission.com/SSAE16.

Grant Sperry

XMission VP of Operations

For more than eleven years, XMission has proudly sponsored the Utah Arts Festival. This year’s festival kicks off today at Library Square (June 23-26) with XMission once again presenting the popular Sponsor Patio.

Our advanced hosting division, Stackable, now hosts the Utah Arts Festival website (designed by our good friends over at Third Sun Productions). If you require festival information, ticket information, or want to make a donation, their beautiful site has everything you need.

For the first time, our 400 S. window display features Utah Arts Festival graphics as well as digital art by local artists. Stop by (or drive by) and check out our colorful windows on your way to and from the festival!

XMission also provides free wireless access to the Salt Lake Main Library and Library Plaza. If you need to get out of the heat to check your email or update Facebook, we now have a very robust connection for you to use.

Enjoy the 2011 Utah Arts Festival!

It’s science fair season in Utah schools and XMission is again sponsoring the Salt Lake Valley Science & Engineering Fair on March 22-25 at the University of Utah. Each year, the Fair features the best young Utah scientists in grades 5 to 12. Students present their experiments and compete for a chance to represent Utah at the Intel International Science & Engineering Fair.

Local companies, including XMission, support the Fair by volunteering, donating needed funds, providing door prizes, and offering scholarships and grants. Last year, five Grand Award-winning seniors received $80,000 scholarships from Westminster College. Each year, our own Pete Ashdown judges the Fair and awards students the XMission Technology Award (including a fancy Newton’s Cradle) for best use of technology and the Internet.

Students who want to take their discoveries online may be interested in the Google Global Science Fair. Google accepts entries from any full-time students, ages 13 to 18. Students can submit entries starting from now until April 4. Prizes include National Geographic Expeditions and Google scholarships.

Your kids’ scary experiments in the fridge could pay off big! Good luck to all of the young scientists out there.

In addition, I have stood against attempts to censor or restrict the Internet by state and federal governments by advocating for the protection of the open Internet. In spite of my recent candidacy as a Democrat running for U.S. Senate, I have found overwhelming non-partisan support for keeping the fingers of government out of controlling, censoring, or monitoring the Internet.

Protecting American constitutional rights is not the same as harboring illegal activity. XMission has repeatedly cooperated with law-enforcement provided we are served with a proper warrant, signed by a judge, that is specific in demand. I do not support wholesale spying on my network, nor will I ever. I would rather shut down XMission than allow the government to use it as a tool for violating privacy otherwise guaranteed under the Fourth Amendment.

While some ISPs cower at threats, XMission stands against them. While some seek to control or censor the Internet, we fight to protect its freedom. Through transparency, there is accountability, and the Internet remains a unique technology for revealing despotic and despicable acts. It should be protected. As one of the few, if not the the only remaining American ISP that believes this, I ask you to consider our services and support XMission. If you are already an XMission customer, thank you.

Of course, XMission has always provided local support. All of our support technicians are based in Salt Lake City, Utah although some do work from home these days, for at least part of the week.

I echo Kaylynn’s experience (from the City Weekly article: Qwest Accused of Lying to Customers, Wholesale partners say company has ‘Qwestionable’ motives). My wife and I had XMission as an outstanding ISP from their early days with phone dialup modem forward to DSL more recently. When Qwest ran DSL into our area, we paid for the DSL service, stayed with XMission as ISP and e-mail provider, and enjoyed great speeds in the 1.5 Mbps realm. During this time, we’ve had terrible intermittent noise on our voice phone line, and Qwest still cannot reliably eliminate it.

It appears that the 800-lb gorilla wins, while decent companies like XMission are edged out. Qwest could have done a deal with XMission about sharing its fiber-optics resources with XMission for a fee, giving the consumer choice again while allowing Qwest to make money with its infrastructure. It seems that the FCC and Washington must be utterly asleep at the switch. Monopoly without apology abounds. Big corporate lobbies must be alive and well. The killer mentality – of bigger and central and consolidated are better – will doom us. Some day the big telecoms that don’t know how to work with each other will bring the system to its knees, by the sheer weight of system complexity that nobody fully understands.

I fully admit to being a technophile by hobby as well as trade, and so my house is filled with the latest in digital distribution devices:  every television receiver has a DVR, and half of those have Internet video streaming devices like the Roku or Playstation 3, and they relay Hulu Plus and Netflix and Amazon on Demand in HD.  I have Blu-ray players and DVD players and the digital movies stored on my iPhone and computer hard drives can fly between devices over my wifi network. Every desktop and laptop has immediate access to an Internet full of streaming media, and my main HDTV can now stream video directly off any number of these services with its own internal apps.  And as of last week, even my iPhone has a client for Hulu Plus and Netflix video that means I can stream almost anything over 3G for the children in the back seat of my car while driving down I-80.

So, perhaps it is no surprise when my boy points to a laptop and asks, “Caillou?” He assumes its there for the watching at his whim.

And he’s right.  It is. If I were to say, “Caillou doesn’t start for an hour, son” he would just blink at me absently and wonder what I was talking about.

Now, think about that.  These children, at the youngest age, have already rejected the traditional concept of broadcast television, and, more importantly, have already fully embraced the future of content delivery over the Internet.

Now think what long term effect that will have on our communications systems.

Nine years ago when I bought my first TiVo, my friends and family looked at it dumbly and asked me, what’s the point?  Isn’t it just an expensive video recorder?  You aren’t getting it, I said.  This little machine changes television into an experience that you fully control.  You can now watch anything you want at any time,  no longer bound to the scheduling fancies of the network executives and the little interruptions that always made you miss critical moments.

My retired 75 year old parents just got their first DVR, and I think that pretty much means the entire western civilization has finally figured this out.  In fact, Comcast just released a survey that showed 62% of Americans regularly use “time-shifting technology” (which means watching TV at something other than the broadcast schedule in real time).

But I submit to you, DVR was just a stepping stone, a gateway drug, if you will. All it did is whet the appetite for people to have control over their media and informational consumption.

Now we have pay-TV providing shows on demand over  their own Internet portals.  We have devices relaying broadcast quality HD through the Internet to large screen HD televisions.  We have TV On Demand on both the cable and the Internet.  People are getting used to consuming their own content on their own schedule, and the Internet is making it possible.

This summer I will be attending the annual US Telecom Research Summit in Washington DC, a gathering of telecommunication carriers for the purpose of sharing data on the direction the industry is going.  This year, two-thirds of the presentations are about “Over-the-Top” video (OTT).  Two years ago, OTT meant YouTube and thumbnail sized video talks over Skype.  Today, it means HBO and Comedy Central and CNN and primetime shows off of CBS/ABC/FOX/NBC and pre-released Hollywood films, and, well, everything else you have ever watched on your TV or online.

What does this all mean?  It means that the boundaries between the Internet and TV and movies are disappearing, new demands have arisen that can only be satisfied by data networks.  It means that some day in the very near future you will sit down before your TV and have the entire history of film and television at your fingertips for you to pick through.

It also means that, as data and broadcast converge, that desktop boxes will converge as well.  Just as the iPad and smartphones have made the first real chink in the armor of the desktop PC and laptop, the drive to centralize broadcast and data will stretch into Internet enabled devices that do all of these things.

Already technology exists that allows a set top console to not only see you walk into the room, but to recognize you and welcome you, and understand you when you talk to it (“Computer on!” is finally reality, folks).  It can access, via Internet, an endless supply of new and old TV, movies, news, magazines, web sites, messaging clients and video phones, and just about anything else that can be done on a desktop computer.

Just imagine what we will do with this convergence of information technology in the coming decade, and then imagine what will happen in the next when our children, who will grow up consuming any media or informational content ever created on demand, start developing their own vision of the future.

The common denominator in all of these scenarios is the Internet.  Internet on phones, on computers, on TVs, in cars, in planes… Internet everywhere.  The Internet is not only the largest and most capable communications infrastructure ever created by man, but we have only begun to experiment with the totality of its  potential.

I work in an exciting field in a historic moment, and the best part of my job is keeping XMission a step ahead of the future.  XMission remains committed to providing the Internet in all its forms for all of its uses to all of our subscribers, and its thrilling to see where that commitment may take us.

(Warren Woodward has developed and managed many of XMission’s residential broadband services on DSL and fiber for over 10 years, including data, VoIP and IPTV.)