Saturday, May 28, 2005

More Phishing

Since the last blog I have had three more attempts at phishing information out of me. They have now escalated in that my Ebay account is now suspended. That is quite amusing as I don't have an Ebay account.

This week when I logged on the my bank account the bank had a note about phishing and the bank had an email id and a 1-888 number to report any phishing. Check your banks, insurance companies, telcos, etc for information on how to report phishing attempts.

The number of attempts are going up and the phishing notes quality is starting to improve (unfortunately). Remember any legit company you do business with will never ask you to retype any personal information again because of a fraud attempt, system upgrade, etc. If you want to verify go to the web site yourself, never use the attached link.



Update:

Make that four more attempts. I got one that purported to be from Wells Fargo. Very similar text to a few of the others, but, this had spelling errors. The attempt was forwarded to Wells Fargo. Keep this in mind, don't delete the note, forward it. If you do this we have a good chance that they can shut down the sites before too many people get hurt. Yes, they will go elsewhere and start again, but, why make it easy for them. These people are the cockroaches of the internet and deserve to be exposed and shut down fast and hard.

If you think that these attempts don't cost you anything, think again.
  1. It takes bandwith and disk space of your ISP for these notes.
  2. It takes your time & effort to delete these notes.
  3. Real people may actually fall for these type of mesages and their identity and money are stolen.
  4. The businesses affected have to incurr costs and these costs are passed on to you in one form or another.

Monday, May 23, 2005

Phishing season is now open

It seems that there are a large number of Phishing emails going around. I had five on the 21st and so far today (23rd) I have had six. Most of them were obviously bogus as I don't have an EBay, Paypal or SKY bank account. The others I did have an account with.

if you get one that looks to be from MSN go to http://safety.msn.com/phishing/ for more information.

I have a number of addresses you can use to report phishing attempts.
  • Antiphishing.org - reportphishing@antiphishing.org
  • EBAY.com - spoof@ebay.com
  • MSN.COM - abuse@msn.com
  • Paypal.com - spoof@paypal.com
  • phonebusters.com - wafl@phonebusters.com
You can always delete the messages without trying the above, but, the traffic will probably not decrease.

What are the warning signs ->
  1. Requests for personal information. Most of the messages are asking you to rekey in personal information.
  2. Alarmist. They will try to panic you into replying so that you don't lose your account.
  3. Spelling & Grammar. Many times there are obvious spelling and grammatical errors. Unfortunately the scammers are learning.
  4. Mis-spelled sites. Small changes in site names. Example yah00 instead of yahoo. See if you can easily see the differences in the two names.
  5. The link says one thing but when you move the mouse over the link the site name does not match or is a series of numbers (ie. yahoo.com vs 127.0.0.1).
  6. If it sounds too good to be true. Trust your feelings, paranoia is a good thing today.
If you have doubts about the message open your web browser and go to the site yourself, don't use the link provided.

Sunday, May 22, 2005

Wonder why I don't like Windows?

Today is why I don't like to use Windows unless I must. The family file/printer server is still using Windows98 as I use it to do my taxes. The tax software is still Windows based so I cannot migrate that machine to Linux (yet). This morning it took 10 (yes ten) boot attempts before it would launch. Most of the time it would lock just after I type in my password. I waited five minutes each time. It also reset the screen to 640x480 16 colour mode. When I tried to change it it would allow me to go to 1024x768 in 16 colour mode, when I tried 32 bit it reset the machine to 640x480. On the tenth time it booted up and then I could change the resolution to 1024x768 32 bit colour mode.

Nothing special about the hardware, it is a basic P700 with 512Mb of memory. No special attachments or settings. This machine didn't want to boot to Windows for some reason. Windows 2000 or XP is not an option as this is an older machine and the performance will be less than fast.

I will be doing my normal backups on the server to CD and make a decision on one of the following things:
  1. Migrate the server to Linux and forego using the tax software.
  2. Buy a newer machine for the server and have Windows and cannibalize the P700 for parts.
  3. Buy a newer machine for the server and have Linux and cannibalize the P700 for parts.
  4. Rebuild the machine (again) with Windows98.
Option 4 is a royal pain. I don't add/delete a lot of software on the machine. This is the configuration:
  1. Stock Windows 98, legit copy!
  2. Fully patched via Windows Update.
  3. Firewalled.
  4. No email.
  5. Browser is Firefox.
  6. Tax software.
  7. Only shared resources are the hard drive and the printer.
  8. No Games!
Rebuilding to Windows 98 with all of the patches takes a better part of a day. If I rebuild it as a server in Linux it takes me all of 2 hours (that includes patches). The linux boxes are rock solid and my wife has been using her Linux box without a crash for years now. I stopped counting the number of times the server has been rebuilt in Windows.

More Spoofing and Phising

This morning I checked my Yahoo email. As I normally get a lot of spam I was not too surprised that I have a lot of spam in my bulk email. I was surprised to see five emails claiming to be from EBay and one from Paypal. Two of the EBay claimed I had created an account. They all purported to be from those companies.

As always I am skeptical of emails asking me to go to a clickable link and retype all of my personal information. Also, I don't have an EBay account or Paypal account. I went to EBay.com and Paypal.com and found that they have spoof@ebay.com and spoof@paypal.com ids for this type of activity. If you get messages like this please forward them so they can help shutdown the phishers.

Saturday, May 21, 2005

Email & Etiquette

Email is a fact of life for most people today. You usually have to read and write Email at work and for many of us we read and write Email at home. The only problem is there are those who are not aware of how annoying their habits are, or, they just don't care. A few things to make your Emails a bit more readable and less annoying to the rest of the world.
  • Don't capitalize everything. This is the electronic version of shouting.

  • Try to avoid sending the complete email to everyone. Cut out the portions that are relevent to your reply. Remember not everyone has high speed internet.
  • Don't do a 'Reply All' if you don't need too. Too often I get a 'I agree' type of message when I don't really need to know that.
  • Fancy paper backgrounds are fine, but, it is sometimes hard for some of us to read the text. Remember the KISS principle.

  • When composing an email to someone who really pissed you off. Save the message as a draft and walk away from the machine for a while. When you come back review the note and ask youself... Can I say this to the face of the person I am sending this to rather than an email?

  • Double check the name(s) of the recipient(s). There is nothing more embarrasing than sending a less than nice email about someone and they are one of the recipients of that email.

  • Chain letters.... My favourite subject for going postal. After reading it I normally delete them. If you send a chain letter just think of this, after 6 generations if no one breaks the chain there will be 1,000,000 (one million) emails sent out (assuming 10 people).

  • If you have a large file to send, try to remember to ask the recipient before sending. Some ISPs put a limit on the size of a persons inbasket.

  • Remember your email is not private. It goes from network to network and if the admin wants to they can read your message. If you want privacy use the telephone or write a letter.

Thursday, May 12, 2005

Mandrake 2005 LE

Well it is finally out and the download sites are running at a respectable speed. Over the last few days I upgraded the box to 10.2. XMMS is still not in, but, Amarok seems to be a good alternative. The only thing negative is that GKRELLM needs some of the XMMS libraries for the plugin RPM to install.

KDE is stable and I think I will be standardizing on that at home to make supporting the machines easier for me. I have not seen any performance improvements with 10.2, and more importantly I didn't notice any slowdowns on the new release.

I will be leaving my main work machine running for at least a week and then if there are no problems I will be upgrading the other boxes to the same version.

Installation like always was a snap and after one hour I had a working machine with all of the packages I need to browse, read email, play music and burn CDs and many more packages.

Saturday, May 07, 2005

Can you do this in Windows?

For those who are running Windows let me know if you can do all of this at the same time.
  1. Download two files (590 Mb & 718 Mb) at 200 K/sec for each!
  2. Play streaming internet music without missing a beat.
  3. Burn a full CD without a problem.
  4. Browse the net in a browser session.
  5. Update a blog session and preview it in separate windows.
This is why I like Linux. Besides being free it allows me to do all of the above tasks at the same time without missing a beat or creating a bad CD. The hardware is a 1 Ghz machine, 512Mb of memory and 190 Gb of hard drive space. Video, sound & networking is integrated on the MOBO.

Friday, May 06, 2005

More Linux Distros

I read another review of a live Linux CD. Kanotix is the name. It appears to have all of the tools I use when helping people recover their machines after something happens in Windows. I will have to try this out on the server and see how it handles an older machine. Since a number of current distros had a problem with the servier the server is the perfect test machine. I prefer the live CD option first so I don't have to rebuild the server from scratch (again) before I put Linux permanently on the server. If it doesn't work I may just find a new home for the machine and pick up an inexpensive refurb and make a server out of the machine.

The functions I want the server for is:
  1. Backup of data from the other home machines in the network.
  2. Backup to CD of any critical files.
  3. Share the printers between machines in the network.
  4. Shared hard drive space for common files.

Sunday, May 01, 2005

Spam, spam and more spam

When will they learn. Today my yahoo account was flooded with 20+ pieces of obvious spam. They purport to be about a company trading in the stock DGCP.OB. The company appears to be traded (over the counter ... '.OB' is your clue), but, the mail is obviously trying to pump up the interest and get people to buy the stock.

If you get an email from anyone from the server 'sexy-email-online.com' it is probably less than legit. Who in their right mind would take the advice of a person who has an email with that type of domain name?

For me in Yahoo it is real simple. I scanned the Bulk mail folder to make sure that nothing legit was in it, I then clicked 'Empty'. However, the economics of bulk email is such that all they need is one or two people per 1,000 to make a profit.

Where did they get my Yahoo id? It is real simple. I routinely post in the SCOX forum and it is a simple matter to use a PERL script to harvest the messages and email ids. I know for a fact that this is possible as I have a script that I use to capture & archive my own forum messages. It takes me about 15 minutes to run. Am I worried that I get a lot of spam? No,
  1. The Yahoo id is a 'throw-away', if it gets too bad I will delete it and create another.
  2. Yahoo has a fairly good spam filter and obvious spam gets moved into the bulk folder.
  3. I use the yahoo id for registration cards. If the marketers use it for their spam my own personal email id won't get hit.
  4. I protect who gets my real email id so the spam in minimal there.
If you don't already have a Yahoo, Gmail or hotmail account I would recommend it and your home email should see a decrease in spam.