(security) protecting yourself against phishing

[feel free to pass this on to whoever you wish to. This is written at a "user" level]

SImple rules to avoid phishing and such scams, as much as possible:

(1) Do not ever click on any links sent via email. Ever. No respectable bank or money related site will do that anymore. If they do, stick to paper dealings with those banks -- don't do anything online with them!

(2) Typing in the URL yourself everytime is good, but beware of "typo-squatters", who register domains with similar spellings to the legitimate site in the hope that someone will mis-type the URL and come there.

(3) The best method is to type in the full URL once and bookmark it. From then on, use the book mark.

(4) Do not use IE. Even if you are forced to use Windows for whatever reason, at least install Firefox. Get the latest firefox and keep it updated. Firefox does this automatically anyway.

(5) Do not browse to any unknown sites while logged in to the bank site. In fact the best way to access your bank site is to do this:

- close all tabs
- click on "tools", then "clear private data" (or use the Ctrl-Shift-Del shortcut keys)
- in the prompt that comes up, select ALL the boxes except the first one ("Browsing History")
- open the bank site using your bookmark, complete your work, and log out of bank site when done
- (do not open other tabs with any other sites while logged into the bank site)
- once again "clear private data" as above
- surf other sites normally

This will protect you against any (unintentional) Javascript vulnerability in the bank site or malicious (intentional) Javascript in other sites.

Caveats:

All this will still not protect you from any viruses or trojans, or key loggers that may have been installed in your computer without your knowledge, if you're running Windows. A lot of programs that are supposedly "free" (but not open source) and "useful" are actually spyware, and in many cases the user himself has installed it without knowing there is something bad. Such software can track your keystrokes, and mouse movements. Coupled with tracking your web accesses, this kind of software can get your password regardless of what precautions you take. Some examples of spyware are here.

great day for me...

A few days ago a friend of mine managed to install, after a couple of false starts, Mandriva 2008 on his desktop all by himself.  Which means he is more techie than he claims to be, or Linux really is getting easier :-)

And today, he managed to get a PCI wireless card (WG311) working using ndiswrapper.  Without using the command line!  And my only contribution was to give him the names of the files that constitute the Windows drivers.

In other words, Mandriva has become that easy to use :-)  This is so totally awesome, because if a device needs ndiswrapper, it means the manufacturer has not released enough specs for the open source folks to write a driver for it, so you are forced to use the Windows drivers somehow.  This sort of stuff does not always work as expected, plus we were using the Mandriva Free DVD (the "priced" one would have done all this automatically anyway).

---------------------------

I am so glad it was not possible for me to go to his home and install it my way :-)  If I'd been able to do that, we'd never have known how easy the GUI really is, which is really, really, important for evangelism!

(funny) What If Gmail Had Been Designed by Microsoft?

Great stuff -- makes you realise what life will *really* be like if the
borg takes over the whole world :-)

http://blogoscoped.com/archive/2007-11-20-n35.html

more drool maal...

yep -- that's a whole PC with a 40GB hard disk.  Just add monitor, USB keyboard, and USB mouse.  No fan, so extremely quiet.  Runs on a 5V adaptor, consumes only 3-5W of power.

http://www.fit-pc.com/new/images/stories/fit_pc_images/fit-pc-with-cd.jpg

Ideal for a simple home PC for non-geeks or a good second PC for geeks...

(photography) 15 Spectacular Lightning Images

Brilliant, in more ways than one!

http://digital-photography-school.com/blog/15-spectacular-lightning-images/

(criminal,malware) Linux Today - Lessons from Africa: How to Kill Your Own FUD

As someone said on slashdot, you know you're really really corrupt when the government of Nigeria steps in to stop your scam :-)

"in a world where Windows is supposed to be so much better than Linux on every platform, how come Microsoft has to pay people to get them to use it instead of Linux?"

http://www.linuxtoday.com/news_story.php3?ltsn=2007-11-09-030-26-OP-MD-MS

(funny) ASUS Eee PC: Exclusive Inside Look! :: TweakTown

Very funny. Beat me at my own game (see previous post about Kubuntu and Mandriva)

http://www.tweaktown.com/articles/1213/2

(security) IndiaTimes website 'attacks visitors' | The Register

http://www.theregister.co.uk/2007/11/10/india_times_under_attack/

The article doesn't mention if using FF makes a difference, but I suspect it will.

This also puts paid to the "I trust this website, since they are so well-known" logic. NOTHING can be trusted.

my brief flirtation...

So, I had some fun with Kubuntu for about a month, but have now gone back to my old flame Mandriva.

What can I say? Kubuntu was definitely younger and arguably prettier, but I finally decided she didn't have enough "experience" for a man who knows his way around like I do. Mandriva has plenty of that, and I think she's actually looking younger in her brand new 2008 wardrobe.

Of course, if I could figure out a way of being with both of them simultaneously, that would be awesome. Guys dream about stuff like that...

[yeah, I know, you're expecting more details. Sorry, this is a family-friendly blog ;-) But see http://lwn.net/Articles/256038/ for more juicy details and behind the scenes gossip ;-)

(photography) How to Photograph a Rainbow

Gorgeous!

http://digital-photography-school.com/blog/how-to-photograph-a-rainbow/

(criminal,malware) Mandriva Blog » An open letter to Steve Ballmer

http://blog.mandriva.com/2007/10/31/an-open-letter-to-steve-ballmer/

Money talks indeed.

You can always tell the techie-turned-CEO -- they'll look human, and they'll have this passion and fire and lose-my-cool-if-you-provoke-me-enough attitude. In contrast, the typical manager-turned-CEO looks soulless in comparison. The best they can do is dance like a monkey... but I suppose they're still evolving so we will have to wait :-)

--------------------

A personal note: Francois Bancillhon has a PhD in Object Relational Databases (IIRC), and was CEO of a small but very techie OODB company called O2, which was acquired by the company I worked for in days long past. So technically we were colleagues for a few years, and one of his top techies (hi TC, if you ever read this!) and I were quite pally during my Denver days. Of course, this has nothing to do with my Mandriva loyalty -- I started using Mandrake long before Francois became the CEO.

--------------------

PS: to people who read the "Why ubuntu" post recently: despite intending to, I did not switch from Mandriva to Kubuntu on my work machine, and I now see no reason to do so. The reasons are here: http://lwn.net/Articles/256038/

(funny,security theater) Schneier on Security: House of Lords on the Liquid Ban

http://www.schneier.com/blog/archives/2007/10/house_of_lords.html

Another zinger from my favourite security expert. This is short enough that I'm reproducing it here in its entirety; I'm sure Bruce will forgive me the minor plagiarism!

From the UK:

"We continuously monitor the effectiveness of, in particular, the liquid security measures..."

How, one might ask? But hold on:

"The fact that there has not been a serious incident involving liquid explosives indicates, I would have thought, that the measures that we have put in place so far have been very effective."

Ah, that's how. On which basis the measures against asteroid strike, alien invasion and unexplained nationwide floods of deadly boiling custard have also been remarkably effective.

[Also see http://members.tripod.com/Tiny_Dancer/erniebanana.html ]