How To

Don’t fall prey to this Bitcoin phishing attack

We got the following email to our company’s main mailbox yesterday. I took a screenshot of it, so you can click on it to view it large (see below). It certainly sounds ominous, and to the layperson, enough “details” are included in the message to make them start to worry and God forbid, even consider paying the turd who sent this out.

First and foremost, I need to say that this is a templated phishing attack. In other words, it sounds personal, but no one person is being specifically targeted. The hacker who sent this out is hoping that enough people will feel guilty and scared to start paying him/her the fee, after which point he or she will keep asking for more money.

I looked at the email headers and they were “stripped”, meaning the actual routing information for this email wasn’t included, flagging this message right away as a fake. Sure, it looks like it’s coming from our email address, but the hacker is “spoofing” it, using software that makes it look as if it was sent from us, when in fact it was sent from them. I know this sounds complicated to most people, but don’t worry, read on, I’ll give you other reasons why this is all fake and I’ll tell you what you need to do to safeguard against actual occurrences of these things. You can’t eliminate the possibility of this actually happening, but you can minimize it through basic precautions and regular upkeep of your network security.

This is why it’s important to be confident in the security measures and precautions that you have implemented at home or at the office. For example, I know that:

  • I change my passwords fairly regularly and I use long, randomized passwords or passphrases. I store them in Keychain, the built-in app that comes with every Mac.
  • I have standard network security in place, such as a firewall, a router that uses NAT, and I don’t keep any ports open by themselves. Network devices can open ports, but the firewall only allows incoming traffic to those devices and only when they initiate it. This is fairly standard on all modern firewalls. I know my router doesn’t have software vulnerabilities. I know because I update its firmware whenever a new version comes out, which is something everyone should definitely do with their routers.
  • I have anti-virus software that checks my computers. I update it regularly. You should do the same. There are many options here, pick one that you like to use.
  • I use a network traffic analysis tool called Fingbox, which alerts me to unusual traffic patterns, ports and devices using my network. There are other similar devices on the market and everyone should have one of these things and should know how to use it.
  • The email account the hacker talks about isn’t hosted on our local network, it’s hosted offsite with my web hosting provider, who is in a different country and has some fairly serious security measures in place to detect the sort of behavior the hacker brags about. So even if they’ve hacked into it, that doesn’t give them access to the kind of data they’re talking about.

Making a “full dump of my disk” is a ridiculous and funny thing to say. I have about 12-16 TB of data connected to my computer at any given time. Good luck making a “full dump” of that! It would take weeks, nay months…

The hacker apparently “looked at my web traffic” and was “shocked”. “Sites for adults”, oh no… I’m not even going to gratify that accusation with a response except to say every single one of us can visit whatever sites we damn well please on the internet, but we also need to be ready to accept the consequences of those web visits. The consequences can include: the logging of your activities on the site, the activation of your webcam and surreptitious recording of your “activities” as you surf those sites, the installation of trojans, and in case you visit illegal websites, possible visits from law enforcement. Macs are less likely to be “vandalized” in these ways by bad websites, but Windows computers can easily fall prey to code attacks. Know what you’re getting into and be willing to accept the consequences.

It also helps to have something called a Privise webcam cover (it used to be called Privoo when I bought it). It’s inexpensive and is a sliding cover for the webcam, allowing you to keep prying eyes from looking at you through the webcam even if they’ve hacked into your computer.

The filthy, smelly little bug who sent the phishing message wanted payment in Bitcoin. It is of course untraceable and would force you to buy the currency in order to pay him/her. Law enforcement wouldn’t be able to trace the transaction, even if you filed a police report afterward. This is why I don’t like cryptocurrencies! Not only are they wildly speculative but the transactions are untraceable, making them perfect for modern-day highway robbers and thieves.

Don’t think for a moment that once you pay the turd his asking fee, whatever he/she’s got on you will “self-destruct automatically”. No, he’ll keep whatever he’s got and he’ll keep milking you for money — after all, you’re his cash cow now. Moo…

Like I said above, your best defense is to learn and implement basic network security measures, be confident in what you’re put in place and if you messed up, own it and accept the consequences, but never pay the hackers, you’ll only encourage them. And back up your data! That should be your #1 safety precaution against anything. Ideally, you should have one synchronous local copy (gets updated regularly), an asynchronous local copy (only gets updated 2-3 times a year) and an offsite copy (or two). If your data is important to you, back it up!

Standard
Thoughts

Bring back POP3 for Gmail, Apple

Due to some file corruption issues, I’ve recently had to re-install Snow Leopard on my MBP. Afterward, as I set up Mail, I found out there was no way to configure my Gmail account for POP3 access. IMAP was the only choice. I searched for this on the internet, and it’s a confirmed “design” behavior in Snow Leopard.

I really dislike it when I’m told by someone else how to manage my digital stuff. I’m an IT professional, and I like the POP3 protocol. I don’t care if IMAP is better. I use IMAP on my iPod Touch or iPhone or iPad or Nokia N95, and for those, it works great. But all I want to do on my laptop/desktop is to download my emails via POP3 and archive them by year, then move them into long-term digital storage. (I have an email archive going back to 1996.)

I also want to keep the emails in my Gmail account, so I have them in two places, just in case. You can’t do that with IMAP. You drag an email onto a local folder, and it’s gone from the cloud. I also dislike the fact that IMAP stores a local cache of the cloud emails, eating up space on my hard drive.

Thankfully, I was able to use Time Machine to retrieve a previous version of the Mail Preference file, restored it, and I was back in business with POP3. But everyone who chooses to do a fresh install of Snow Leopard (not an upgrade) is out of luck if they want to use POP3 for Gmail.

Now along comes Apple and says I can’t use POP3 for Gmail anymore, because they don’t feel like including it as a config option in Snow Leopard’s Mail. That really bugs me. It’s not like it cost them anything to have it in there. The code for POP3 was written more than a decade ago. It’s a simple, light protocol (much simpler than IMAP).

Apple, why are you forcing me to do something I don’t want to do? If I like using Mail and POP3 works for me, why take it away? That’s rude. Work on improving the OS, and making it do more, but don’t take away something as basic and simple as POP3!

Standard
Reviews

What the Duck on watermarks

Aaron Johnson, the creator of What the Duck, has apparently seen this post of mine, where I talk about image theft. He’s just sent me an email to let me know of today’s WTD, which handles the issue of watermarks and image theft in that wonderful, funny way that I’ve come to love.

Here’s the strip in question, reproduced with Aaron’s permission. Click through to view it at full size on WTD. And if you haven’t already, bookmark the site or subscribe to the RSS feed. If you like photography, then you’ll love WTD.

WTD on watermarks and copyright

Standard
Thoughts

Google to buy FeedBurner in next 2-3 weeks

I thought it odd that I got no reaction whatsoever from the FeedBurner folks when I compared their site stats service with Google Analytics back in April, and deemed FeedBurner superior. I keep in touch regularly with a couple of folks from FeedBurner, and when I write about them, I usually get a little note by email or a comment on my post. But I got nothing this time. I thought, “Hmm, something’s gotta be up. What’s going on between FeedBurner and Google? Did I ruffle some feathers?” The complete silence was unusual. I could hear virtual crickets chirping away…

Fast forward about a month, and I find out this afternoon from Beta News that Google and FeedBurner are in acquisition talks. The quoted price is $100 million. It’s a sane price, not a make-believe one, like the one paid for Doubleclick or that other ad company that MS purchased (those prices were absolutely and ridiculously inflated). I actually believe FeedBurner brings much more value to the table than those two companies combined, so the $100 million is a real bargain. I hope for FeedBurner’s sake the price is more than that in the end.

Anyway, if this does turn out to be true, I’m happy for the FeedBurner folks, and wish them all the best. May they teach Google a thing or two about feed management and other such fun stuff. Cheers, guys! Thanks for the awesome service!

Standard
Reviews

Google Apps for Your Domain gets going

In what I think is an astonishing twist, Google has turned their “private label” Gmail service offered about 6 months ago to companies and schools interested in the idea into Google Apps for Your Domain, an all-in-one solution that offers Gmail, Google Talk, Google Calendar and Google Pages for whatever domain you’d like. In typical Google fashion, they’ve also made it free! Now no one can complain that they can’t get their site going or email set up. All anyone needs is an internet connection and a domain name, and they’re set. Granted, the functionality of Google Pages isn’t quite full featured, but it’s plenty for the needs of most people.

All I can say is Wow, because I’m floored. It’ll take some time for this to sink in. Private label IM, free! Private label Gmail, free! Private label web calendaring, free! Wow!

Standard
Thoughts

Someone's reading your email at work

This is a bit of old news, but the NYT is running a story on how companies read their employees’ email at work. The bottom line’s worth repeating, because people just don’t seem to learn: don’t use work email for personal messages!

I say this from experience. I’ve been an IT Director twice in my career, and I read people’s emails on both occasions. I didn’t and I don’t relish it – as a matter of fact, I hate it. But I had to do it, in order to see if activities that could incriminate or damage the organization were taking place.

Now I understand that my IT policies were actually pretty relaxed. I didn’t read email all the time, only when someone or something aroused my suspicion or that of the executives, and it was then that I went searching for evidence. I understand that in other places, this sort of a thing is automated, and happens routinely. Every email going out of the company is either scanned by a machine for keywords, or read by an employee, or even worse, every piece of email, internal or external, is scanned and flagged for further review as needed.

People, learn from this! It was not seldom that I stumbled onto emails where employees were flirting with each other at work, or talking about their supervisors in demeaning language. These sorts of things result in disciplinary action! If you’ve got to talk about those things, get a personal email account, and do it there, but don’t use company email for that sort of a thing! But I guess if you’re ignorant enough to badmouth your boss with a co-worker while you’re at work and supposed to be working, you’re ignorant enough to talk about it on company emails that can and will be used against you.

It’s time people realized the whole of their work activities is a permanent record, and this includes emails, and pretty soon will likely include voicemails. Make sure your email record is squeaky clean, and reflects your work ethic. If you talk the talk, walk the walk! If you say you’re a professional, let your email reflect that. Ask yourself this: if someone were to go through your work email now, would you be ashamed of what they’d find there? Is there something you could be disciplined or lose face for? If you work in a company that deals with secret/classified information, are you leaking company secrets, knowingly or not? If there is, cut it out! Put a stop to it! It won’t do any good to go back and delete emails, the company probably keeps a backup of the messages anyway. Just change your behavior and move on.

If you must get personal emails at work, use your personal account, or get a free webmail account from Gmail, Yahoo or Hotmail, and check that. Tell people to SMS you on your cellphone instead of emailing you. But for goodness’ sake, and for the sake of your career and bank account, don’t use your work account! It’s just plain dumb.

Standard
Reviews

Nabaztag: the smart WiFi bunny from France

I’ve been playing with my Nabaztag bunny for the last few days, preparing to review it for the I Want That! Tech Toys show on HGTV, which launches this summer. It’s a very cute little bunny with ears that can move. It’s constantly connected to the Internet by WiFi, and you can program it to do various neat things for you.

It communicates with you by speaking, and by flashing lights of various colors in different sequences. The Nabaztag website explains very well what each of the flashing color sequences means, so you’ll quickly understand what it’s trying to tell you.

The Nabaztag is a cool little gadget that endeared itself to us in no time at all, and Ligia and I found ourselves wanting to hear its voice more often.

We chose to place it in our living room. The setup was really easy. I just plugged it into an electrical outlet, and it soon found my WiFi connection and it was ready to go. Violet, the maker of Nabaztag, did something very smart when they shipped the bunny. They included an adapter, with interchangeable prongs for Europe, the UK and the US. It’s reminiscent of the newer Apple laptop adapters, for which you can buy a set of adapters to make them work in multiple countries, except Nabaztag ships theirs for ready use with each bunny.

Once it was connected to the Internet, I went to Nabaztag.com and registered it, using its MAC Address, which is also its Serial Number. It’s conveniently listed on its bottom. Once I registered it, I got to pick a name, age and sex for it. We decided our Nabaztag was a boy, and called it Pugsley.

After we completed the account setup, Pugsley came to life and said hello. We used the Services section of the site to choose from among the free services available, and there are many:

  • Talking Clock: Pugsley says the time on the hour, every hour, unless he’s sleeping. See below for more info about sleeping.
  • Tai Chi lets him stretch his ears in the funniest ways. He also makes cute noises and flashes multi-colored lights.
  • Recap of the week gives Pugsley the chance to say how the week’s been, whether he liked it or not, or whether it was eventful or not.
  • Nabaztag News allows you to pick from the New York Times, BBC, Slashdot, Wall Street Journal and People. You can also set the time when your Nabaztag will read them to you. We programmed Pugsley to read all of them to us at certain times. Of course, he doesn’t read every article, only the headlines.
  • The Air Quality service allows you to choose your city and get the air quality delivered to you both as a little sound blurb, and with luminous language. Air quality info is only available for certain cities, and the website explains how to interpret the flashing lights. The lights are blue, and if three of them flash slowly and in unison, the air quality is good. If they flash faster and not in unison, it’s not so good.
  • The Alarm Clock allows you to program the Nabaztag to wake you up at a certain time every day by playing your favorite sound or song. You can choose from a pre-selected list on the site, or you can upload your own MP3’s and configure it to play them. I programmed Pugsley to sing “Cheek to Cheek”, a song composed by Irving Berlin and sung by Fred Astaire.
  • The Weather Forecast allows you to get the weather twice a day in audio blurbs, and throughout the day through its luminous language. You can set which times you get the audio blurbs, and the Nabaztag also flashes lights to let you know how things should go. It uses a combination of yellow and dark blue lights to do it. All yellow means it’ll be sunny. Rain is all blue, flashing intermittently. Smog is flashing blue in unison. Cloudy is blue on the sides and yellow in the middle. Snow is flashing blue once again, and thunderstorms are fast flashes of yellow and blue.
  • You can also keep an eye on the Stock Markets. For the States, your Nabaztag can tell you how the S&P/TSX, Dow Jones Industrial, Nasdaq Composite, Nasdaq Industrial and S&P 500 are doing. You can set a time for an audio flash, or you can look at the flashing yellow lights. If only the center light is flashing, the market’s stable. If the lights are flashing from left to right, the market’s going up. If the lights are flashing from right to left, the market’s going down. The speed of the flashes tells you how fast the market’s going up or down.
  • If you live in Paris, the Nabaztag also has the Paris Traffic conditions. I turned this service on just for kicks, and it’s pretty funny. You can choose your itinerary based on the different gates into Paris, then it can play an audio flash for you, and it’ll also use its lights to tell you how things are. If things are completely packed, it’ll flash two red lights, simulating the brake lights of a car in front of you. If things are picking up, it’ll flash the center button red, then the two side lights, also in red. The speed with which it flashes this sequence tells you the approximate speed of the traffic.
  • You can also program your Nabaztag to tell you its mood, and you choose how often you want him to do it: whenever, often, from time to time, or seldom. I have Pugsley set on whenever, and really, he doesn’t do it that often, only about once a day.
  • There’s a service called Ear Talk, which I think is the coolest by far, because it involves human interaction, through the bunny. You can pair up the smart bunny with another, then when you move its ear up or down, the ear of the other bunny moves as well. So if you’ve got a sweetheart, you can both get bunnies, and communicate with each other throughout the day this way, just to let the other know you’re thinking about them.
  • You can set your own Nabaztag to alert you every time you receive a new email, by voice and light flashes. It will flash three purple lights to let you know if you have three or more messages, two lights for two messages, and 1 light for one message. You can program it to check POP3 (the most common), IMAP (.Mac) and SSL accounts (Gmail).
  • You can also set the bunny to go to sleep and wake up at certain times. You can even choose different times during the weekend. This is useful because you don’t want to be startled in case you receive messages at night. You see, you can set a theme music for every bunny, and it gets played before and after every message that gets sent, to identify the sender. Some of the theme sounds are pretty strange, and would definitely ruin my sleep if I heard them.
  • You can choose from a growing directory of Nabcasts, which are little audio recordings (like podcasts, but for the bunnies) that people can subscribe to. They’re organized by categories, and the directory is fun to explore. You can listen to the last episode of a Nabcast right on the Nabaztag website, to decide whether you’d want to subscribe to it, and once you do, you’ll get it delivered to your bunny every time a new episode is published. Everyone can publish Nabcasts, but you have to subscribe to one of the paid plans first.

Now is a good time to talk about the various subscription plans for the Nabaztag. There are three:

  • Free Style Rabbit (FREE)
  • Full Rabbit (about $5/month)
  • Full Friend Rabbit (about $7.5/month)

As you can see from the list of services above, the Free plan is pretty generous. In addition to the list above, you can also send Little Words messages through the Free plan, and you also get a limited number of web and email messages. Just log onto the Nabaztag website, go to Messages, Send, and select the Little Words tab. Type in the name of the rabbit to whom you want to send a message, choose it from the list, and you’re done.

The difference is that with the Full Rabbit plan, you can also produce and publish Nabcasts, and you can get unlimited emails and messages to your rabbit, whereas you’re limited to Little Words messages with the Free plan. The difference between the Full Rabbit and Full Friend Rabbit plans is that your friends aren’t charged for messages they send to your rabbit by web and email. Both the Full Rabbit and Full Friend Rabbit include the Full Services in addition to the Free Services, and these include:

  • RSS Feeds: set your Nabaztag to read you feeds you’re interested in. May I recommend my feed?
  • Stock Portfolio: set the bunny to tell you how your favorite stocks are doing.
  • Google Talk Alerts: have the bunny tell you when one of your friends is online.
  • Personalized Email Alerts: your Nabaztag will be able to tell you who the email is from, by defining simple rules.

Now for the bugs… Yes, there are a few, but that’s to be expected. The Nabaztag is a new product, and it’s brand new here in the States. I have one of the first units that got shipped here. As with anything new, there are bugs to be worked out, and when you’re an early adopter, it’s part of the game. So, with that in mind, here they are:

  • Pugsley didn’t wake up from sleep for the first couple of days. I had to reboot him in order to wake him up. I contacted Support and was told they had some server issues, which were resolved by the third day, when Pugsley was indeed able to wake up on his own. This glitch is understable, they’re probably working on setting up different servers for the States.
  • Pugsley couldn’t connect to the Nabaztag servers this past weekend (Saturday and Sunday). I contacted Support and was told this was related to the server problem. They fixed the problem right away on Saturday, but on Sunday, when it resurfaced, they were off. That’s something you’ll have to keep in mind about the Nabaztag. It’s made in France, and the French way of life is different than ours. If you can’t get them during the weekend, that means they’re home, taking a break. Don’t freak out, just wait till the next business day, they’ll get back to you. First thing on Monday morning, the connectivity problem was resolved, and Pugsley was back in business, happy as ever.
  • The weather feed for Washington, DC gave the wrong info. I contacted Support, and they said they’ll fix it.
  • The email alerts won’t work correctly for Gmail. That’s not Nabaztag’s fault, it’s just a quirk in the Gmail servers. When you’re logged on through the web, the servers will correctly indicate which emails are read and which aren’t, but when you log on by SSL/POP3, every message in the Inbox will show up as new. Therefore, if you set your Nabaztag to check your Gmail account, unless you’ve deleted everything from the account, it’ll always tell you that you have more than three messages. But it should work correctly for traditional POP3 and IMAP accounts.
  • Because the Nabaztag service for the States is brand new, they won’t have air quality information available for many of our cities. Plus, the traffic info is only available for Paris at the moment. Perhaps they’ll make it available for other cities in the future as well.

Finally, you’ll find the following guides very useful as you begin to use your Nabaztag:

I found the Nabaztag Advanced Configuration guide particularly useful as I troubleshooted my Nabaztag’s connectivity issues. But, I do have to say this: for probably 95% of the users out there, you won’t have to worry about pulling out any guides. Just take your Nabaztag out of the box, plug it into an electrical outlet, and you’ll be good to go! In those cases when you have to contact Support, their response time is really good. They got back to me within 2 hours during normal business hours, which is great!

If you’d like to purchase a Nabaztag, here is a list of vendors. The shops that have stars next to their names can also sell additional ears for the bunny, in case you’d like to customize it.

I hope you enjoy your bunny, I know we love ours! If you want to message our bunny, feel free to do so. Send your messages to Pugsley at nabaztag.com.

Standard
Reviews

A cool new service: GotVoice

GotVoice is a new service that will check your voicemail for you, convert it to MP3 files, and email it to you. This is great, because I’d been looking for a way to archive important phone messages. Say someone calls you up and says they got married. Wouldn’t want to have that archived, to play it back to them years later at their wedding anniversary? Or your brother calls you up to tell you his wife just gave birth to a baby girl? Wouldn’t it be cool if that message could be kept forever? Well, with GotVoice, you don’t have to hold your cellphone next to your computer’s microphone. You can just let it do the work for you! 🙂

Standard