Author: Lee Aase

A Wave of Malware

In the last few days I have had an interesting (and frustrating) experience with malware, which provides further proof of human depravity (as if I needed it after the case of our van windows.)

Malware is malicious software and apparently there is virtual crime spree going on right now related to programs like WordPress, which I use to publish SMUG. Similarly, after I did the post about our broken van windows, I learned that ours was one of 19 such crime reports from that night of terror.

I guess in some sense we took some comfort in that we weren’t alone in being victimized, but it didn’t make it less costly to fix.

In the case of the malware attacks, however, the scale of the attacks means others are mobilizing to help.

On Tuesday night, after having gotten notice that I had a malware infestation, I had upgraded my WordPress to the latest version, 2.9.2, and had followed the instructions from WordPress.org and my hosting provider, GoDaddy.

But the problem still didn’t go away; when my wife Lisa was viewing SMUG on my iPad (yes, I will have some posts about my iPad impressions soon), I saw the malware for myself. So it told me I may have helped to prevent further infection, but there was still some malicious code to remove from the site.

This evening I got a note from GoDaddy offering help in removing the malicious javascript, which I authorized them to do.

But they said I still needed to take steps to prevent the problem from recurring, such as changing my Web hosting passwords.

I’m fairly certain that I have it all disinfected now. The last step was to change my server permissions as recommended by the author of my WP Super Cache plug-in so that the virtual ruffians can’t deposit their code on the SMUG server.

A few observations:

  1. One of the benefits of WordPress.com is that in its restrictive environment, which strips out javascript from any posts, it prevents malware attacks. If you can get by with only using YouTube videos (instead of other players that use javascript), you can save yourself some muss and fuss by sticking with WordPress.com.
  2. This does create some limitations, however, so by going to self-hosted you can get ability to embed widgets and video players. You need to be careful in what you install to make sure you’re not bringing malware along for the ride.
  3. The GoDaddy community site has a couple of good posts on identifying, removing and preventing malware on your hosting server and how to fix a compromised WordPress site.

Thanks to those who brought this situation to my attention. I believe the malware was hiding in some cached pages on SMUG (pages that are pre-loaded, so to speak, to make the site perform better.) Since I wasn’t getting those cached pages served to me, I wasn’t seeing the malware.

Please let me know if you see anything malicious happening here.

I often say that I started my blog, back in the day when it was called Lines from Lee, as a way to learn and make my mistakes on my own account, so that by the time we launched blogs for my employer I would have worked out all the kinks. Having our Mayo Clinic blogs hosted on WordPress.com has been a safe solution to date. As we consider moving to self-hosted WordPress, this episode highlights for me the need to have someone technically adept and able to make sure all of the security is kept updated.

In that sense, I guess I’m glad the malware attack happened at SMUG. It was inconvenient for a week or so, and responsible for the fact that I haven’t posted for several days. But I would rather learn here, and let the SMUGgles learn along with me, so that we can prevent attacks on our work-related sites.

Meet me in Paris?

This would ordinarily be the place where I would insert a punch line like, “Yes, I’m speaking in Paris, Texas” or one of the other 22 cities in the U.S. named “Paris.”

Or maybe I’d be referring to a convention at the casino in Las Vegas with a miniature (though still very large) version of this:

But this time it’s no joke: two weeks from today I will be in the original Paris for a three-day conference called the Health Executive Summit, where I will be on a Thursday panel.

I just found out from the organizers that I can offer guest passes to up to five of my contacts to also attend for free.

So…

If you can get to Paris, FRANCE in a couple of weeks and would like to attend the Health Executive Summit, send me a tweet (@LeeAase) or send me a note via email via my contact form. I will send you the discount code to use in registration.

Given that we have a few SMUGgles on the Continent, maybe we’ll be able to use those passes. If you know someone who might be interested, please send them my way.

A Philosophy for Starting with Social Media

I was in Boston a couple of weeks ago for a presentation to the Massachusetts Hospital Association, and afterward had a chance to talk with Dan Carter (@DanRPG) about social media in healthcare. Dan posted the edited video yesterday on his Health Care 3.0 Ning site:

Cooperstown Memories

Last week I had the pleasure of speaking to a meeting of human resources leaders from the Hospital Association of New York State (HANYS) at the Otesaga Resort Hotel in Cooperstown, New York. It’s a beautiful and historic facility (I have posted some pictures below), and I enjoyed getting to interact with the HANYS group.

But one reason I was really looking forward to the trip was the chance it gave me to visit a place I had dreamed of for about 40 years, the Baseball Hall of Fame. I unfortunately only had about an hour to case the place, but here’s my video report:

It isn’t exactly the SPAM museum, the tourist attraction in my hometown of Austin, Minn. (located just 4 blocks from “Old Main”), but still is definitely worth the trip. Below are some photos, first of the Otesaga, and then the baseball shrine (click to enlarge):

The Otesaga at night
Golf hole view from the Otesaga dining room

Jason Werth’s spikes from the 2008 World Series. For more about why this was cool for me, see here, here and here.

Jayson Werth's World Series Spikes

Harmon Killebrew was my first boyhood sports hero, so it was neat to see the plaque immortalizing him:

Harmon Killebrew's Hall of Fame Plaque

And finally, here is a picture of me with Kirby Puckett’s plaque. I’m thinking this will be my new Twitter avatar:

Kirby and Me

Hoping for an Augustinian Turnabout

It seems a gang of rampaging ruffians has brought Trouble (with a capital T) SMUG’s global headquarters. Don’t let the chirping birds fool you:

When I spoke with the police officer who arrived on the scene, he told me this had been the fifth report of such vandalism overnight in Northwest Austin. It seems a group of young lads had been out joyriding with a pellet gun, and shooting out windows in vehicles parked on the street.

Not that we know who they are…or that they are even lads. Maybe they’re lasses.

I realized after shooting this video that our situation was worse than I thought, because it wasn’t just the one window that was affected. Two other windows had been shot, but just hadn’t shattered. So I guess the hoodlums kept going until they got satisfaction.

These two would actually be interesting looking, if they weren’t dangerous…and if they didn’t cost several hundred dollars to fix. Click to enlarge:

St. Augustine said he discovered the evil in his heart when he stole his neighbor’s pears, even though he didn’t like pears. He just stole for the sake of stealing. He became the greatest theologian in the first millennium of the Christian church.

For their sake, I hope these young lads will come to a similar realization and turnabout.