Skip to content

AppleID (aka: iTunes Store) accounts finally get two step authentication

This is a much more secure, if a little more annoying, way to protect your AppleID. Since there is real money involved with your iTunes and App Store purchases now, I strongly recommend you set up two-step authentication on your own AppleID.

I recommend you go to appleid.apple.com and Manage your Account, then take 10 minutes and set up two-step authentication with a trusted device or two. Then you need your password AND the device to update your account security preferences (this makes it much harder to swipe your account and change your password).

Hat tip: The Verge

Taming iTunes 11

I am less than thrilled with iTunes 11, and am trying to figure out how to use it for all the same functions I enjoyed with earlier versions of iTunes. A lot of this is simply look and feel and slowly growing accustomed to new style and process, but in the interim I can make iTunes 11 look a lot like iTunes 10 by doing the following:

  • Get the sidebar back by clicking View > Show Sidebar (or hitting Alt+Cmd+S).
  • Get the status bar back by clicking View > Show Status Bar (or hit Command+/).
  • Click Songs in the top bar, and sort by Artist for the traditional list view.

Now, iTunes 11 should look about the same as iTunes 10.

I still miss the Album Art preview in the left hand side bar… and some of my Album Art may have vanished; though it is hard to tell without the sidebar preview, still analyzing my huge (~26,000 song) library.

The sharing options are important to me too; as I use iTunes extensively to share music and movies around the house, so this must work perfectly.

Damn! trojan horse link spammers are getting smarter with their targeting

I got an email today that pretended to be from shipping@new.itunes.com, which of course did not come from Apple at all, it came to my DreamHost account via vopmail.vopmail.willard-oh.com… It looked like a VERY GOOD copy of the emails that Apple does send out, complete with corporate logos and formatting; and claimed to be a Christmas gift card for someone I know (which was the first tell something was wrong – why would the gift card for my friend show up in my inbox?). Alleged gift card value was for a preposterous $500 (tell number two), and it was billed to someone I have never heard of (tell number three).

The three suspicious elements inspired me to right click the View\Download redemption link (aha – tell number four is the use of a backslash instead of a slash) and copy/paste the link into a text editor and really look at it… It was some unheard of ucoz.com address; a trojan horse address. I am sure they are trying to trick iTunes users into entering their AppleID and Password. Obviously we should never enter our usernames and passwords into websites that are NOT who they claim to be.

This is a scary attack attempt because it knows I am an iTunes user, it knows my friends (at least one of them) and it really knows how to format an email to look like an official iTunes Apple receipt.

Further down the email form were some other tells – some of the links do link to legitimate Apple websites, others to that bogus ucoz site; and the copyright notices are in a foreign font set, something Apple would not likely get wrong.

Be careful folks.

Want to run for Governor of Virginia?

I sense a golden opportunity for 3rd party candidates in Virginia this year; neither Cuccinelli nor McAuliffe excites people in a positive way, they are both reviled and exciting only negatively.

The turnout in Virginia’s off-cycle elections is always low, and at it’s lowest the year after a presidential election that has exhausted the voters; and the state’s built in advantages for only two parties means we rarely see third party candidates. Given that neither candidate is acceptable even to their own base; it could be a remarkably easy year to get elected Governor with very few votes and resources.

New form of Spam?

Looks like some firm is using digital Turk or some other work farming app/site to encourage blog spammers to rave about the Zune… my spam buckets are overflowing this week with pro-Zune comments from individuals who can’t write English, but don’t write alike either… Interesting development.

For what it’s worth; my own opinion of the Zune mp3 player is that it sucks so badly it richly deserves all the mocking it gets in public.

New SSH Keys on Your Server?

I just learned a nifty little trick for updating your SSH keys when a server has changed them on you and you are being warned by ssh of a “man-in-the-middle” attack possibility…

ssh-keyscan -t rsa YourDomain.Com >> ~/.ssh/known_hosts
vi ~/.ssh/known_hosts

Delete the older entry – keep the new one. I just had to use this with my Dreamhost domains.

UltraViolet, Vudu, Flixster

I am recently having a little fun playing with Vudu and Flixster interfaces into UltraViolet. The pleasant surprises this week are that the Vudu client is already built into both my LG 47LV5500-UA TV (Family Room) and my Panasonic DMP-BD85 Blu-Ray player (Basement Rec Room) – and that means we can play the few UltraViolet movies we have rights to in both rooms whenever we like. The Flixster and Vudo interfaces also both allow me to play these movies on any of our iOS devices (iPad, iPod Touch, iPhone) and on our Mac laptops pretty easily.

I tend to like my own media library to be physical, but I am beginning to see the appeal of a cloud based media library, especially for college students and military personnel who travel a lot.

Political Apathy is Shameful

If you find yourself tired of the political discussion held in public, remember that without the public discussion we no longer have a democracy nor even a republic. Participate, take responsibility, vote. Freedom is not a gift, it is a grave responsibility. Take it seriously people, and please do not become complacent nor subscribe to the error that apathy is fashionable; it proves you don’t appreciate your basic rights.

I know the pedantic arguing is frustrating and annoying. I know the voices of ordinary people get drowned out way too often by big money and large, organized lobbies, but the answer is not to stop talking.

Don’t enter your iOS UUID into a WebForm

This morning’s news reveals a story about how an FBI Agent’s Laptop was hacked into using a malicious java script exploit, and that a file of millions of iOS device users personal data was stolen from the hacked FBI laptop. Interestingly, perhaps even predictably, and irrationally; several websites have sprung up offering to compare the leaked list to your own UUID (which you are expected to enter into a webform) to let you know if your own information was part of the leaked set. I agree that it would be useful to know if your privacy is compromised, but publishing your private data to a website purporting to check for you is NOT the way to do this.

In fact, you are giving the private data away again; so please don’t do it.

We should instead be asking:
1) why was the laptop allowed to run javascript on an OS that is difficult to secure?
2) why was the FBI collecting this sort of data in the first place?
3) why was this sensitive data allowed to be on a laptop and not in a server that is harder to get to and can be audited?

If we feel we must check, it is better to download a leaked copy of the data yourself and then compare in the privacy of your own computer – of course that means you will have a copy of many other people’s private data too – and does that make you a criminal as well? I am not a lawyer – but the risks seem pretty high only to find out if your own data is in the leaked set.

The news I am talking about:
AntiSec hackers leak 1,000,001 Apple device IDs allegedly obtained from FBI breach

Hackers leak 1 million Apple device IDs

Update: Well, FBI is denying the allegations that their laptop was involved and that the data came from them; guess one needs to always verify the sources of the information. The basic advise not to submit your data to a webform still applies though.

Update 2: Wow! Turns out it was not initially the FBI at all, but an app developer that was the source of the leaked UUIDs – and this inquisitive person figured it out: Tracking Down the UDID Breach Source

Microsoft Messenger for Mac

I am trying to use Microsoft Messenger for Mac 6.0.3 talking only to the corporate accounts, and it frequently will only let me log in but appear offline… I can’t send nor get new messages until I can get it to report online, but clicking the menu items and buttons to go online does nothing. If I quit the app and restart it and log in – sometimes that eventually works.

Anyone know of a fix for this?

I have to be honest and say I hate Messenger, and only use it reluctantly because it is the only thing some folks at our company use even though Jabber is the company standard (Jabber works great in Adium).