Life is a State of Mind : ideas, thoughts, rants

Damn! trojan horse link spammers are getting smarter with their targeting

I got an email today that pretended to be from shipping@new.itunes.com, which of course did not come from Apple at all, it came to my DreamHost account via vopmail.vopmail.willard-oh.com… It looked like a VERY GOOD copy of the emails that Apple does send out, complete with corporate logos and formatting; and claimed to be a Christmas gift card for someone I know (which was the first tell something was wrong – why would the gift card for my friend show up in my inbox?). Alleged gift card value was for a preposterous $500 (tell number two), and it was billed to someone I have never heard of (tell number three).

The three suspicious elements inspired me to right click the View\Download redemption link (aha – tell number four is the use of a backslash instead of a slash) and copy/paste the link into a text editor and really look at it… It was some unheard of ucoz.com address; a trojan horse address. I am sure they are trying to trick iTunes users into entering their AppleID and Password. Obviously we should never enter our usernames and passwords into websites that are NOT who they claim to be.

This is a scary attack attempt because it knows I am an iTunes user, it knows my friends (at least one of them) and it really knows how to format an email to look like an official iTunes Apple receipt.

Further down the email form were some other tells – some of the links do link to legitimate Apple websites, others to that bogus ucoz site; and the copyright notices are in a foreign font set, something Apple would not likely get wrong.

Be careful folks.

2012 12 11 snolan Personal Comments (0) Permalink

Want to run for Governor of Virginia?

I sense a golden opportunity for 3rd party candidates in Virginia this year; neither Cuccinelli nor McAuliffe excites people in a positive way, they are both reviled and exciting only negatively.

The turnout in Virginia’s off-cycle elections is always low, and at it’s lowest the year after a presidential election that has exhausted the voters; and the state’s built in advantages for only two parties means we rarely see third party candidates. Given that neither candidate is acceptable even to their own base; it could be a remarkably easy year to get elected Governor with very few votes and resources.

New form of Spam?

Looks like some firm is using digital Turk or some other work farming app/site to encourage blog spammers to rave about the Zuneâ€¦ my spam buckets are overflowing this week with pro-Zune comments from individuals who can’t write English, but don’t write alike eitherâ€¦ Interesting development.

For what it’s worth; my own opinion of the Zune mp3 player is that it sucks so badly it richly deserves all the mocking it gets in public.

2012 12 04 snolan Blogging
Personal
Web Hosting Comments (0) Permalink

New SSH Keys on Your Server?

I just learned a nifty little trick for updating your SSH keys when a server has changed them on you and you are being warned by ssh of a “man-in-the-middle” attack possibility…

ssh-keyscan -t rsa YourDomain.Com>> ~/.ssh/known_hosts vi ~/.ssh/known_hosts

Delete the older entry – keep the new one. I just had to use this with my Dreamhost domains.

2012 10 25 snolan Computer Security Comments (0) Permalink

UltraViolet, Vudu, Flixster

I am recently having a little fun playing with Vudu and Flixster interfaces into UltraViolet. The pleasant surprises this week are that the Vudu client is already built into both my LG 47LV5500-UA TV (Family Room) and my Panasonic DMP-BD85 Blu-Ray player (Basement Rec Room) – and that means we can play the few UltraViolet movies we have rights to in both rooms whenever we like. The Flixster and Vudo interfaces also both allow me to play these movies on any of our iOS devices (iPad, iPod Touch, iPhone) and on our Mac laptops pretty easily.

I tend to like my own media library to be physical, but I am beginning to see the appeal of a cloud based media library, especially for college students and military personnel who travel a lot.

2012 10 23 snolan Fun
Movies Comments (0) Permalink

Political Apathy is Shameful

If you find yourself tired of the political discussion held in public, remember that without the public discussion we no longer have a democracy nor even a republic. Participate, take responsibility, vote. Freedom is not a gift, it is a grave responsibility. Take it seriously people, and please do not become complacent nor subscribe to the error that apathy is fashionable; it proves you don’t appreciate your basic rights.

I know the pedantic arguing is frustrating and annoying. I know the voices of ordinary people get drowned out way too often by big money and large, organized lobbies, but the answer is not to stop talking.

2012 10 23 snolan Personal Comments (0) Permalink

Don’t enter your iOS UUID into a WebForm

This morning’s news reveals a story about how an FBI Agent’s Laptop was hacked into using a malicious java script exploit, and that a file of millions of iOS device users personal data was stolen from the hacked FBI laptop. Interestingly, perhaps even predictably, and irrationally; several websites have sprung up offering to compare the leaked list to your own UUID (which you are expected to enter into a webform) to let you know if your own information was part of the leaked set. I agree that it would be useful to know if your privacy is compromised, but publishing your private data to a website purporting to check for you is NOT the way to do this.

In fact, you are giving the private data away again; so please don’t do it.

We should instead be asking:
1) why was the laptop allowed to run javascript on an OS that is difficult to secure?
2) why was the FBI collecting this sort of data in the first place?
3) why was this sensitive data allowed to be on a laptop and not in a server that is harder to get to and can be audited?

If we feel we must check, it is better to download a leaked copy of the data yourself and then compare in the privacy of your own computer – of course that means you will have a copy of many other people’s private data too – and does that make you a criminal as well? I am not a lawyer – but the risks seem pretty high only to find out if your own data is in the leaked set.

The news I am talking about:
AntiSec hackers leak 1,000,001 Apple device IDs allegedly obtained from FBI breach

Hackers leak 1 million Apple device IDs

Update: Well, FBI is denying the allegations that their laptop was involved and that the data came from them; guess one needs to always verify the sources of the information. The basic advise not to submit your data to a webform still applies though.

Update 2: Wow! Turns out it was not initially the FBI at all, but an app developer that was the source of the leaked UUIDs – and this inquisitive person figured it out: Tracking Down the UDID Breach Source

2012 09 04 snolan Computer Security
News Comments (2) Permalink

Microsoft Messenger for Mac

I am trying to use Microsoft Messenger for Mac 6.0.3 talking only to the corporate accounts, and it frequently will only let me log in but appear offlineâ€¦ I can’t send nor get new messages until I can get it to report online, but clicking the menu items and buttons to go online does nothing. If I quit the app and restart it and log in – sometimes that eventually works.

Anyone know of a fix for this?

I have to be honest and say I hate Messenger, and only use it reluctantly because it is the only thing some folks at our company use even though Jabber is the company standard (Jabber works great in Adium).

2012 05 31 snolan Computers Comments (0) Permalink

Frustrations with unneeded iOS app upgrades

Most of the time the iOS application ecosystem works exactly the way you want it to. I back up my iPhone daily and my iPad weekly by plugging them into my laptop and frequently update all Apps that I have already “purchased” (mostly they are free) and everything is pretty current and generally works great.

There are a few vendors who insist on releasing new versions with new features almost weekly and the new version actually break features that I had come to rely on… so I have found that it is helpful NOT to empty the trash quite so often and yank the IPA file back out of the trash for an older version of an app and re-install it to the iOS device, effectively downgrading it to a working version. The two apps I am doing this with right now are Skype and the Junos Pulse VPN client.

Skype is annoying, because I have been preserving and re-installing older versions of their software for two years now on both computers and mobiles. They keep releasing new junk and failing to get the interface right. Skype 3.7.40 is my favorite as the 4 series on iOS is buggy, and on the computer I still use Skype 2.8.0.866.

Junos Pulse is critical for my work and the newer version is simply broken with our VPN, so 3.0.3.17311 is the version I am using.

With both, when iTunes updates you to the new version of an application, the old version goes into your trashcan. If you are careful, you can capture the old version, and drag it into a folder called “Preserved iOS Apps” or something like that. Then if you find a version you hate, you can drag the most recent version of the same app that you liked from your Preserved folder back to iTunes. You will need to manually halt the process on iOS and then delete it, and then sync the new copy of the older version back again.

To manually halt a process on iOS, quickly double tap the home button to bring up a list of all running apps, then find your running Skype and Junos Pulse apps, press and hold them until the red minus sign appears and then tap that red minus sign. The app is no longer running.

To manually delete an app in iOS, press and hold the icon for the app until the “jigglies” and the black X markers appear, tap the black X to delete the app and all of it’s data.

Then you can safely re-sync the app from iTunes on your computer, which roles you back to the most recent version you dragged into iTunes library from your Preserved folder or your Trashcan.

What other iOS apps were better in previous versions?

Tagged apps, iOS, ipad, iPhone, iPod Touch, Junos Pulse, Skype, software versions

2012 05 14 snolan Computers
Personal Comments (0) Permalink

Pretty video, hauntingly beaufitul song

Please take a few minutes to enjoy this, it just might make your day a little happier…

http://youtu.be/HCNfQ_HOlDc

2012 05 09 snolan Fun Comments (0) Permalink

Life is a State of Mind