Tuesday, December 12, 2006

Spam milestone

It has been a while since I wrote about spam. I keep track of all my Yahoo mail as it is the worst. As of today I received 1,600 legit emails. The only problem is that I received 5,628 spams in that same period of time. For every legit email I get in excess of four spams. This is constant for every month, the only exception was in May when 92% of the email was spam.

My GMail account gets about 30+ spams per week and my personal email account gets one or two per month. One suggestion to those who are trying to 'regulate' spam. Why go after just the spammers? Why don't you go after those who buy the services at the same time? If you make it almost impossible for the ones who buy the service to make a profit then the volume will probably drop to a level that is not as annoying for all.

The upside is that Yahoo is very good at recognizing spam. Over 95% is correctly labelled. Only recently has spam gotten into my inbox. The only thing I did was to click on 'spam' to help them recognize future mails that are similar. If your ISP has spam filters I highly recommend that you make use of the facility. You still have to check your spam folder, but, most of the time you can delete them without reading and save yourself a lot of clicking on the delete key. If your ISP does not offer this then use the junk mail tools that your mail package has to make your life easier.

Saturday, December 09, 2006

Upgrade to PCLinux V0.93a - Part 2

Today I upgraded my wife's machine from Mandriva to PCLinuxOS 0.93a in less than one hour. I learned from all of my problems when I installed to my machine. I spent another 45 minutes applying the patches and adding the various packages my wife wanted on her machine. So far she is quite happy with the machine and it feels more reponsive when running her applications.

Since she does not need SANE I removed all of the packages and disabled the PCMCIA options. I tweaked the system so that only services she needs runs. The major bonus is that her Canon IP3000 worked smoothly this time around. I used the BJC7000 driver. Profile one is in 300x300 dpi mode and profile two is in 600x600 dpi mode. The last time I configured it in Mandriva it took me almost one hour to get the configuration down, PCLinuxOS did it in less than five minutes.

My daughter is also quite pleased with the upgrade. She plays online games on my machine, but, has a friend over and it was a real pain for them to share the machine. Now both machines can play the same game networked together.

My last task is now to take the CD and run it on my daughter's machine and let her play with it there. Her machine is not connected to the Net and I want to make sure that the packages that are on the CD is all that she needs. We don't allow her direct access, she must use either my machine or my wife's machine while we are present.

Tuesday, November 28, 2006

PCLinux V0.93a and XSANE

It looks like I may have spoke too soon about XSANE. I did a reboot of the system and when I launched XSANE it wanted to run in root mode. I remember that in V0.92 that when I had the same problem I deleted all of the sane modules and re-installed and it worked so I figured I would try the same for V0.93a.

I launched the PCLINUXOS Control Center and clicked on the System Icon. I then picked the add/update/delete packages option (Synaptic). I then did a search on SANE in 'Names and descriptions'. When it came back I deleted the following packages:
  • libsane1
  • sane-backends
  • sane-frontends
  • saned
  • xsane
After that was finished I then re-installed all of the packages. When I ran XSANE it then did not bring up the warning about running in root.

Upgrade to PCLinux V0.93a

After the 'fun' I had on the V0.93 upgrade I was a lot more cautious on this upgrade. I let a bit of time pass for the V0.93a pass before trying to install. The first thing I did was boot the CD and log in as guest and work through the XSANE and K3B before installing on my box. The distro worked without a problem so I figured it is now safe to upgrade my main box. The boot from the CD is almost as fast as from the hard drive. All of the screens here are 320x256 and was captured on my digital camera to give you an idea of a few screens during the installation and upgrading. The quality is low and you can see the horizontal refresh lines.

Once the system was up I was presented with the logon screen. This time around I selected root as I was going to do the installation. I also remembered to set one of my partitions to '/mnt/pclinuxos' and let the installation start. The partition option is almost idiot proof. I selected custom as I wanted to see if I can install and keep my old 'home' directory intact so I don't have to do a restore from backup. The installation went very smooth and within 30 minutes I had a working installation.

When the installation was done I rebooted the machine and logged in. The nice part is that all of my settings and files are still there. I didn't have to do a restore which is nice.

I then verified that XSANE and K3B worked I started to do the patching. So far the system seems to be stable and it has a good number of games that my wife is interested in playing. I will let her look and play and she likes this I will then migrate her from Mandriva to PCLINUX. The only one I won't probably upgrade is my daughter as the default distro does not have all of the games, I have to download them and her machine is not linked to the internet.

Saturday, November 18, 2006

Another Kernel panic problem.

Today my daughter was using my machine for her online games when she came down to me in a panic. She kept saying that she didn't do anything, but, the screen turned black. I came and saw some messages about the kernel. Not a problem, just reboot and let the system fix any file errors. When I did that the system would start fixing the error and then lock up or randomly reboot. I remember that this happened earlier this summer so I figured bad memory or a hard drive problem.

My next task was to pull out my bootable CDs and work with them. Each one would give either a kernel panic or VFS error and lock up. I tried again with the SLAX USB key that is bootable and I got the same problem. I then downloaded a current copy of PCLINUX OS V0.93A and fired that up. Again it locked so I tried the 'MEMTEST' option. When that started it generated hundreds of errors when it was checking the RAM. I shut down the system and opened it up. There was a bit of dust so I cleaned out the system and tried again. The next run of MEMTEST still picked up memory errors. It looks like the 512M memory stick is fried. I will be going out on Sunday to pick up a new 512M and try that. The first thing I will be doing when the system is back up is to do a full backup as it has been a month since my last backup.

If you don't have a copy of PCLINUX OS I highly recommend that you do. The MEMTEST option by itself is worth the time to download and burn a CD. INSERT also has MEMTEST if you want to use that distro.

Update 2006/11/21:
I installed a new 512M memory module in the system. When I booted up I let the system fix the file areas and Linux is now up and running without a problem. In the future if you get kernel panic or VFS errors you may want to check the memory first before any other problem.

Sunday, November 05, 2006

It has been quiet

The nice part about Linux is that it just runs. No worrying about viruses, trojans or other nasties getting in the system like I do with my Windows laptop for work. Not that I don't patch and secure my Linux boxes, I do keep them up-to-date. I do get people trying to hack in to my Linux FTP server, but, they have not got passed the security to-date. I keep the Linux virus scanner up-to-date so I can scan the USB memory sticks that I use on the Windows machine. It does not hurt to have multiple ways of verifying that your files are clean.

My wife is now starting to use Scribus more and more and she is starting to like the package. There is a learning curve there and we needed to 'unlearn' what we do in MS Publisher. She is now starting to push the machine and is doing things that I wasn't sure how to do in Linux. She is comfortable enough to explore and play knowing that she won't totally hose her system like she can do in Windows.

Now that Mandriva 2007 is out I will let it 'mature' a bit more before seeing about upgrading my wife's machine. I figure a couple of months will allow Mandriva to find and fix any of the quirks before I upgrade.

Wednesday, October 18, 2006

Interesting Browser and OS statistics

If you look at the bottom of this blog you will see a counter for the visitors to this blog. The counter does more than count the number of visitors it also keeps track of where the ISP is, OS used and browser used along with other bits and pieces. When I review the log I was struck by the OS and browser stats. Of course being a Linux blog I would expect to see high percentages of anything but Microsoft products. However, I have another blog on gardening and the numbers even though they are small are startling.

As of 2006/10/18 for this blog I had 57 visits.

  • Windows 63.15%
  • Linux 33.34%
  • OS X 1.75%
  • Other 1.75%
  • IE 28.57%
  • Firefox 58.93%
  • Konqueror 10.75%
  • Opera 1.79%
  • Netscape 0%
  • Mozilla 0%
  • Safari 0%

For my blog on gardening the stats are for 70 visits.

  • Windows 69.99%
  • Linux 15.71%
  • OS X 12.86%
  • Other 1.43%
  • IE 54.29%
  • Firefox 30.00%
  • Konqueror 0%
  • Opera 0%
  • Netscape 1.43%
  • Mozilla 2.86%
  • Safari 10.00%

Those numbers are quite startling for me especially on the gardening site. While the absolute numbers are small they should be troubling for Microsoft as more and more people are not using Microsoft products. I have more numbers for my Google home page, but, those numbers are skewed in favour of Linux and Firefox as only family members use that page and we tend to use Linux and Firefox.

Friday, October 06, 2006


The spam bots are still working overtime. The volume is down a bit, but, all of my accounts are now getting spammed. The Yahoo account is the one that gets most of the crap (4,800 spams so far this year). My GMAIL and Sympatico are getting spammed. Fortunately the Sympatico is only one or two spam messages a month, but, it is still a pain. Fortunately I have an option to let Sympatico know it is spam if I read it using the web interface. The GMAIL so far has detected all spam messages correctly and all I do is empty the spam folder every several days.

I know that there are laws in the U.S . and other countries that purports to minimize spamming, but, how about the various government LEAs look at who is buying the spammers services and go after them rather than the spammers themselves as a start. FOLLOW the money people and nail the ones using the services and spam may drop to tolerable levels. SPAM will never go away, but, will go down to a level where 80% of my email is legit rather than 80% spam as it now stands.

A good number of messages now are for stock promotions. For a while I forwarded them to the SEC, but, most of them now are repeats of the same companies so I have stopped for a while. When I find something new I pass it on.

For everyone who are using Windows (or Linux or Mac OS for some of the below):
  • Are you using a firewall?
  • Are you using an anti-virus canner package?
  • Are you using a spyware scanner package?
  • Are you keeping your software up-to-date?
  • Are you keeping Windows up-to-date using Windows update?
If you do the above you can help by making sure that your machine has not been taken over and made into a 'bot' that spammers can use for routing the mail or DDOS attacks or to steal your personal information. We also have to do our part in securing our machines and networks too. Patching and scanning does take time, but, you can schedule it when you are not using the machine and help do your part.

Friday, September 29, 2006

I love hackers... NOT!

One of the things I run on my Linux box is a FTP server so that friends and family can drop off and pick up photos or movies. This relieves the mail servers of the multi-meg file downloads as part of my family still has only dial up, but, they have large digital photos and movies that they want to share.

The only problem is that there were a number of hackers who probed my system and found that my system was available. Not a problem in that I don't have default IDs or passwords, but, I did leave an anonymous account available to make it easier for family to get on. The hackers did use that to try to put up warez, but, didn't have the access authority to do much else . It was a real pain as I needed to clear out the upload area every several days from their 1 meg test files and clear out my security log for the password attempts. A few sites did respond back to me when I sent a copy of my log and hopefully they will cancel their accounts, the rest didn't send me a reply.

I did make a few changes on the FTP server.
  1. FXP is now off (default is on). FXP stands for File eXchange Protocol and it lets you copy files from one FTP-server to another using a FXP-client. Normally you transfer files using the FTP protocol between your machine and a FTP-server, and the maximum transfer speed depends on the speed of your Internet connection (e.g. 56k, cable or T1). When transferring files between two remote hosts using a FXP client, the maximum transfer speed does not depend on your connection but only on the connection between the two host, which is usually much faster than your own connection. Because it is a direct connection you will not be able to see the progress or the transfer speed of the files. I guess the hackers took advantage of this.
  2. There is a prompt for userid and password now.
  3. I deleted the ability to download from the upload area. They can put files up, but, no one can download from that area until I vet the files and move them to the download area.
  4. I updated the router firewall to block out the offending sites that didn't reply back on the hack attempts.
I will be watching the security and file transfer logs for the next week on a daily basis to see if that works. My lesson is that I should have checked all of the default settings and read up on what they were before letting the FTP server loose.

Update 2006/10/06: Another site has replied back that they are looking at the problem. I believe them as I have not had a hack attack for almost a week from their IP ranges. It helped that I wrote a short, but, nice note and then attached the log showing the full attack for them. Their reply was just as polite and very professional. The change I made to turn off FXP seemed to have stopped the hackers from dropping files on my server as I have not seen any activity there for the last week.

Back to PCLinux OS 0.92

I had to go back a couple of weeks ago to version 0.92 as I couldn't get the DVD burner to work properly. There was also a problem with XSANE wanting permission to run as root. Uninstalling and reinstalling the packages didn't work and I needed to scan and burn and it was a real pain. Fortunately going back only took about 2 hours which includes the time for reinstalling all of the patches and restoring my settings from backup that I had made earlier.

The machine is running smoothly and when 0.94 comes out (or a major patch to 0.93) I will be doing another upgrade (after backups of course).

Monday, September 04, 2006

Upgrade to PCLinuxOS 0.93

Yesterday I upgraded my main machine from PCLinuxOS V0.92 to V0.93. As I thought I knew it all and quickly read the instructions I tried to follow the steps from memory and missed one of the steps. There is a step where you need to create a partition and mount it as /mnt/pclinuxos and I missed that. Everytime I finished the custom partition and it started to install it crashed. I finally read the docs and realized that I missed a step and it installed without a hitch.

Once I got the install going it took only about 10 minutes for the software to install and the machine was back up and running. It took longer for me to restore my backups for my profile, the FTP profile and my daughter's profile on this machine than to install the software.

I modified a few things from the default install:
  • Changed the sound from the Intel option (ALSA) to the OSS version. It seems to skip a bit less.
  • GPROFTPD installed so I can run the ftp server.
  • GAIM. I prefer this IM client.
  • SCRIBUS. We are playing with this as a replacement for MS Publisher which is running on a partition on the wife's machine.
  • JPilot. I prefer this over the KDE, personal preference and it is a simple clean interface for me.
  • Games. Installed a large chunk of the games as I will be sharing my machine with my daughter. She has her own machine, but, it is in her room and we will not allow her unsupervised net access so she has an id set up in the office and we can watch her while working.
I like the new transparent options on the desktop and I am using them right now. The task bar at the bottom is not as 'intrusive' visually. There are a lot more games that you can install and the wife is now seriously looking at this distribution over the Mandriva that she is running.

Saturday, August 26, 2006

New PCLinuxOS Version

Texstar at PCLinuxOS has released V0.93 of the distribution that I run here at home for my machine/server. I have downloaded the ISO image of this and I will be burning the CD in the next few days.

I will be playing with the live CD before installing to see how it works on the system. I have no doubts that it is as solid as V0.92, but, I think it would be prudent to test first as this is my main machine.

There are other versions available if you don't want to download and check out the complete version. You can go to PCLinuxOS to get more information on this excellent distribution.

In a related topic Mandriva has released a beta version of Mandriva Linux 2007. My wife and daughter are using that distribution on their machines as they like the selection of games. You can go to Mandriva for the news release.

Tuesday, August 15, 2006

Linux, FTP & hackers

I normally have a FTP server running on my Linux box so that family members can upload or download files instead of clogging our email. It has a very basic setup, an anonymous ID that will allow basic upload or download and that is all that ID can do. I have a 'power' ID that can move files, delete files, create or delete directories. The first thing I did was make sure that there was no default IDs or passwords for the server. The server is PROFTPD and I use GPROFTPD as the front end.

Now and then I get a person who thinks they can crack the system and they fail, every time. Last night was different in that I had two separate simultaneous attacks. The short attack lasted for almost 290 password combinations over two different IDs. The main one was much more determined in that he/she used over 1,100 passwords over two different IDs. The beauty of it was that every attack was logged and earlier this evening two emails went out the attackers ISPs. The ISP of the main attack politely asked me for a copy of the log and I was more than happy to send them a copy of the security log.

I am very certain that the hackers didn't get anything as I don't have any default IDs on this system. I also enforce password changes every 90 days and yes that is overkill for a personal system, but, it is a good habit to get into. The last thing is that ROOT never accesses the FTP server and the 'power' ID does not have root priviliges, just enough to maintain the FTP directories.

If you do decide to run a FTP server (Windows or Linux) here are a few things to keep in mind:
  1. Have and use a firewall.
  2. Have and use a virus scanner (Windows only, not really necessary for Linux).
  3. Kill all default IDs and passwords.
  4. Enforce regular password changes. Minimum for me is 6 characters with 1 character that is not A-Z.
  5. Turn on the FTP security and log everything.
  6. The ID that services the FTP area does not have root capabilities.
  7. Grant only the bare minimum of authority to any ID.
  8. Backup your data on a regular basis.
  9. Apply all patches ASAP.
  10. Review your FTP and firewall logs regularly.
  11. Log and trace all intrusion attempts. You can trace back the attacker to their ISP by using WHOIS and then send a short note to the admin or abuse email ID.

Monday, August 07, 2006

12 months of spam

It has been a few postings since I complained about spam. For over the last year I have been tracking the messages I receive in my Yahoo account. During that time my GMail and personal accounts have started to receive spam, but, Yahoo endures an ongoing flood. Here is a summary (June 2005 to May 2006):

Legit = 1,716 messages
Spam = 3,365 messages

Of the spam 223 were obvious scams and another 118 were phishing attemps. The worst month was May when I endured a flood of 1,767 spam messages while receiving only 141 legit emails.

For those who get spam:
  1. Don't 'unsubscribe'. When you reply with the 'unsubscribe' spammers know that they got a live account and your inbasket will probably be flooded.
  2. If your ISP provides spam filtering use it!
  3. For phishing attempts forward them to the financial institution for them to handle. Don't ignore them as this gives the spammer time to hurt some one else.
  4. Create a 'throw-away' account in Yahoo, Hotmail or GMail. When you fill in those registration cards use that account and not your personal.
  5. If it is an obvious spam don't read the message. Discard it. There are ways for the spammer to know the message was read. The easiest is to embed a graphic link so that when you open the mail it send a request to send the picture and the spammer knows it is a live account.

Here is a quick list of a number of email addresses to forward those phishing attempts to:
  • Bank of America - abuse@bankofamerica.com
  • Barklays - internetsecurity@barclays.co.uk
  • Chase - abuse@chase.com
  • EBay - spoof@ebay.com
  • MSN - abuse@msn.com
  • PayPal - spoof@paypal.com
  • VISA - askvisacorporate@visa.com

A few more things you should be doing:
  • Keep your anti-virus up-to-date.
  • Keep your firewall up-to-date.
  • Keep your system patched. If you are using Windows use 'Windows Update'.
  • Backup all of your critical data to CDs (or DVD) on a regular basis.

Thursday, July 20, 2006

Google problems still

My page still hasn't updated. If you need access to my server uses dynamic IP. An anonymous account will allow you to view the files and limited uploading. If you are family and having a problem let me know. This is only temporary until Google pages allows updates again.

2006/07/25 - Google is now updating. You can see the current IP at http://thomas.traynor.googlepages.com/home

Sunday, July 16, 2006

Yahoo message board changes

Yesterday Yahoo changed over their message board formats to the new format. It was quite a surprise in that I didn't see any announcements that this would be happening any time soon. Many users of the board that I follow are less than impressed with the new layout. The old layout was easy to follow if you wanted to see what was posted in chronological order. The new board by default shows the messages by topic group sorted by date.

The other change is from 'recs' to 'ratings' and this is not too much of a change to handle. I normal prioritize the rating of the messages as what to read first, then who writes the message as the second criteria so going from 'recs' to 'ratings' is not too bad.

One thing I would like back is the old layout for quickly seeing the postings. The work-around right now is using the search capability and don't enter anything for a criteria.

A number of people said that they won't be back and that is sad. It is going to take us a while to get used to the new format, but, I am willing to wait-and-see how it works out.

Monday, July 10, 2006

Google page problem?

I have been using Google pages to create a simple web page that allows me to consolidate my blogs, email addresses, calendar and favourite links into one page. I also have my home FTP site there. The problem is that the IP address changes from time-to-time and I update the site. The problem is that I update with the new IP address and I can see it on my main machine, but, no one else sees the update.

Sunday, June 18, 2006

Hardware problems

It has been hot here in Ottawa, but, I didn't think about it with my new box as it appeared to have adequate ventilation. I was wrong, the ram overheated and totally hosed the system. It screwed up the file system and the computer would not boot. It kept giving me kernel panics and VFS errors. It thought that it was either the HD or MOBO giving me problems. Disconnecting the HD and the system still wouldn't boot. I though 'oh great a new MOBO again'. I turned the system off and let it cool down. I tried a number of different CD distros, but, nothing would boot. Kernel panic for everything. I turned the system off for a couple of hours and then tried the Insert distro as I remembered it had memtest. I ran it and it generated about 800 errors on the first pass. I noted that the machine was at almost 100F so I turned it off again. Next reboot the machine was running at 80F and no memory errors. However, the file system was completely hosed, not a problem as I make a regular backup of all critical files.

Today I rebuilt the O/S from scratch and it is working without a problem. File restore worked without a hitch and the machine is working fine. Moral of this story is to do regular backups. Also, if you don't change your system and you get a kernal panic on startup check the temperature of the machine, the memory may be overheated and your system won't boot. I also mounted an additional fan on the front of the machine to help keep the system cooler. It was positioned at the same height of the memory stick to help there.

BTW the two messages I got were ->

Kernel panic: VFS: Unable to mount root fs on unknown-block(1,3)


Kernel panic: VFS: Unable to mount root fs on unknown-block(3,3)

Friday, June 09, 2006

Windows 98 supports ending soon

This is for those of you who are still using Windows 98, Windows 98 SE or Windows ME. On July 11, 2006 Microsoft will be ending the support for those products. You can read more about this on Microsoft's own site.

You do have a few options.
  • You can move up to a more recent version of Microsofts OS offerings.
  • You can keep your version of Windows, but, no bug fixes or upgrade.
  • You can look at a Linux distribution (see Distrowatch on the right hand side).

Friday, May 26, 2006

SPAM flood

Another posting on spam. This is getting crazy, my Yahoo account is continually flooded by spam for the month of May. At last count (May 26) I received 1,498 emails of which only 128 were legit mail. A total of 91.5% of all mail coming in was porn, UCE, phishing or out-and-out scams. To keep this in perspective I have received a total of 3,083 mails of which 686 were legit for 2006. For the last seven months of 2005 only 2,029 emails of which 1,017 were legit. I am averaging 50-125 emails a day now.

For those who keep saying that CANSPAM works... It does not. Not all of the spammers are in the US and they have more than made up for the drop from last year. What is the solution, I am not totally sure. It may help if people secure their machines better and check to see if their machine is clean from all of the Mal-ware. Next the ISPs should be looking at the volume of email coming from people to see if they are really a business or a machine that has been hacked.

I will try to remember to update these numbers at the end of May.

Update 2006/05/29 - 1689 mails, 1533 spams, 136 legit. Spammers do your worst, Yahoo filters are working over 99% of the time and all legit mail was received.

Sunday, May 14, 2006

Canadian census and Linux

I was originally going to write a short rant about the Federal government supporting only Windows based computers with JVM (Java Virtual Machine) for online entry of our 2006 census. When I first saw the notes on the web I thought that they were kidding. My machine is up-to-date and has Java running without a problem on a number of sites. This is a fully secured computer and the hack attempts so far have not succeeded. The banks and insurance companies don't have any problems with Linux hosts accessing their systems. All they are looking for is a browser with the proper encryption, O/S is not relevant to them.

On Saturday I tried to enter the census system and it told me that the environment was not supported, which from my viewpoint was total bullshit. The government, when they allow their citizens access to services should not dictate the O/S in any way. If they were concerned about security then they should be banning the use of Windows as it is the O/S of choice for viruses, trojans and spyware.

On Sunday I saw a short note on the Yahoo SCOG forum that the Feds updated the system to allow access for Linux based systems and when I tried it the site worked! One more small victory for Linux. I hope that the Federal government realizes that they would be better off designing systems that meets standards (not Microsoft's version) that are O/S independent. I realize that it makes testing more difficult, but, it will allow anyone with the proper secure protocols access to the system.

Sunday, April 30, 2006

Spam flood

This evening I checked my Yahoo account like normal. I normally have five to twenty email messages a day with about three-quarters of them being spam. Well this evening I had eighty-three messages with only one, yes one, being legit. As I am running Linux I am fairly certain that I didn't get a trojan or virus, but, I am scanning my system anyways. It appears that the bot nets are in full flood spamming and that has me wondering what new and disgusting exploit are they trying to use to add to their nets?

Update 2006-05-01:

In the last three days I have one hundred and forty-five emails and only two were legit. There must be something going on in the bot world. One hundred and twenty of them were for porn and I automatically delete them without even reading them. They may be hoping that the curious will eventually click on the message.

If your ISP offers spam filters make use of them! The filters may accidentally classify legit email as spam, but, you should be able to redefine it as legit later on. If you are on dial-up, using the filter will allow you to keep your mail pickup times to a minimum. You can then use the web mail interface (the ISP has one doesn't it?) to review the subject line of the mail and the sender of the mail flagged as spam so you can pick out the ones you actually want to receive.

Friday, April 28, 2006

Current state of SPAM

Last year they trumpted that the CANSPAM act in the U.S. will improve the state of email. The number of unsolicited commercial emails (UCE), porn spam, scams and such would decrease. Well they were wrong, for a month or so after the act went in the mail did improve, but, now I am getting even more crap deposited in my inbox. Not only my Yahoo is spammed, but, my Goggle mail and my Sympatico account is spammed on a regular basis (though not as much as Yahoo).

I have been keeping track of the Yahoo account and here is a short summary of legit email:

January - 42.7%
February - 49.6%
March - 38.3%
April - 27.6%

So far out of 1455 messages only 553 were legit. There were 50 phishing attempts and the rest were UCE, porn and scams. In my not very humble opinion the law is almost completely useless. Spammers just moved their operations to where U.S. law does not apply, fired up their bot nets and let fly with their spam like usual.

Thursday, April 20, 2006

New spam/scam

In the last three days I have received nine emails that I would classify as a scam. It is about a stock and it is probably too good to be true. I can't even copy the message as it is a graphic image and not a standard text message. There is a 'removal' option that they specify at the bottom, but, it probably just confirms that they sent the mail to a live account and really start the spam stream.

If you want stock information don't take unsolicited notes, talk to a real financial planner or stock broker. They will do a fair bit of work identify what level of risk you can handle and make recommendations on what you should invest in. You also should do your own homework and research the companies before investing.

For the last 10 days the email in Yahoo has been approximately 2 spam for every legit email. One question for the legislators in the U.S. How effective do you think the CANSPAM act is because just the same amount of crap is migrating into my mailbox now?

Saturday, April 08, 2006

More phishing

For the last week I have been getting a number (seven) phishing attempts that claim to be from CHASE. Again, don't respond to requests from any company that asks you to re-enter your personal information by clicking on the link provided no matter what the story is. Go straight to the site yourself or better yet call them up on the phone and check.

Here is a copy of the email and I will highlight all of the errors in red that they made in the message.

Dear Chase Member,

This email is to inform you, that we are upgrading our ways of security and your account may have been compromised by other parties.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some
unusual activity in our research due upgrading related that your account indicates that other parties may have access and or control of your details in your account.

These parties have been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations.

Your will need to re-enter some imformations about your account for advanced verification and to let us know that your are aware of this violation and due this way we can stop the outside parties.

We won't require your ATM PIN number for this operation!

Please follow this link to complete your security verification and protect your account :

Update your account now.

Please be aware, if you don't upgrade your account this will lead to money loss and we will have no other liability for your account or any transactions that may have occurred lately.

Thank you for your time and consideration in this matter .

© 2006 JPMorgan Chase & Co.

I removed the link on 'Update your account now'. When you get such a message check the address that the link leads to you will notice that it will not be to the site that the message claims to be from.

Saturday, March 25, 2006

Main machine back to PCLINUXOS

For the last two weeks I have been back using PCLINUXOS on my main machine/server. The other two machines are still Mandriva. I moved back as the distro is more responsive in my opinion and has more up-to-date packages. My wife and daughter stayed with Mandriva as there are more games that they like to play. It all comes down to personal tastes.

I liked PCLINUXOS enough to put my money down and support the package. If you are using Linux yourself think about supporting the distro that you are using. This will allow the person(s) who are putting a huge amount of time a bit of cash to help keep working on the product.

I may eventually migrate the other two machines. I don't like the fact of how they treated Gael Duval when he was let go from Mandriva. He was in my not humble opinion the reason that Mandriva got to be so popular. I hope that his new enterprise Ulteo does take off. That and IMNSHO Mandriva is getting too big and bloated. It is a wonderful distro and is a snap to install and administer, but, it has way too much and suffers for that.

Friday, March 10, 2006

I hate trojans and spyware

My step-son Matthew brought over his girlfriends laptop for cleaning up. It seemed to have a large number of windows popping up and mading her life impossible when using the computer. Scanning showed no viruses (yay), however using Ad-Aware it had 377 trojans and spyware. I purged and rebooted and it went down to 159. I used Spybot and got the number down a bit. Unfortunately the pieces left were very nasty (about 37). They hooked so tight into the OS that it was impossible to remove with anything that I could use. As fast as I removed pieces they re-appeared. Some of them denied me access and I was using the admin id! Part of them hid from the system somehow and didn't show up on the list of active tasks. Safe mode is absolutely useless. The spyware (SSK.EXE was one) still runs. What use is safe mode when crap is allowed to run. I went to command line mode and when I tried to delete the programs it told me that it was running... in safe mode! I want a mode that goes line by line and asks me permission to run!

I got desperate and tried a few Linux distros that had HPFS support. Unfortunately I could not get the RW option to work on her drive. It looks like she will have to use Knoppix to backup her data to CD and then wipe the drive and do a clean install.

The only thing she did was to click on one of the files Matthew downloaded before they scanned it. It took over her machine so fast and thoroughly that it is not funny.

Microsoft why do you allow your OS to do this? Why can't you set things up that a normal user cannot totally screw up the OS? I understand that users don't want to have an 'admin' id and a normal one, but, at least force a few more screens asking if they are sure and then ensure that it is a real person keying in the reply and not a program.

Upside is that I now have two people who may now listen to me about Linux. They can keep windows for the stuff that isn't on Linux, but, use Linux for everything else and they won't get screwed over as bad by the next Windows virus/trojan.

As for the trojan and spyware makers, YOU ARE SCUM! Any moron can wreak havoc on a machine and own it. Try something difficult, make a useful program that the user can uninstall when they don't want it.

Update: 2006-03-12

Matthew is backing up the laptop and will be re-imaging the machine again. This time he plans on turning up the security to a higher level. Namely dis-allowing a normal id admin functions, up-to-date virus scanner and several free sypware scanners. I also gave them a copy of Knoppix just in case.

Wednesday, March 08, 2006

New Phishing variant

I received another phishing email claiming to be from Paypal. I forwarded the note to Paypal for review. There was a small spelling error for 'Wednesday' the note spelled it 'Wensday'. Also, it had a link to download a 'driver'. Why would you need to download and install a driver to access a web page?

The link itself was 'http://______.ro/PayPal.exe' (I deleted most of the link so you cannot accidentally go there). Note the '.ro', that is Romania if I remember correctly. Remember, never click on the links in the notes. Go to the site yourself if you are not sure send them an email first. I run Linux at home so I felt safe to try to download the program and see what little nasties were in it. Fortunately it appears that the link was not valid. I was disappointed in that I could not try out CLAMAV on this.

Here is the complete text of the message. I highlighted all of the spelling and grammar errors.

While performing it's regular scheduled monthly billing address check our system found incompatible information which seams to be no longer the same with your current credit card information that we have on file. If you changed your billing information or if you moved from you previous address please follow up the link bellow and update your billing information: If you didn't change any of this information you still need to follow up the previous link and update your existing billing information because it means that our database regular scheduled update wasn't made correctly. Choosing to ignore this message will result in to a temporary suspension of your account within 24 hours, until you will choose to solve this unpleasant situation.

We apologies for any inconvinience this may caused you and we strongly advise you to update your information you have on file with us. Clicking Click here for download PayPal Driver_ you will avoid any possible futuring billing problems with your account.

This is not one of the better phishing attempts going around. The thing that makes it different is that they are looking at getting you to click, download and run a program.

Two links that you can go to:

Monday, February 27, 2006

FTP server - oops

When I set up the FTP server I had a series of ids and passwords, not a problem. I recently used my main id to create a directory and files for a birthday, again not a problem. I used another machine and then used the admin id to verify that the files and again not a problem. Sister-in-law pointed out that she could see the file names but not the contents. Oops, I forgot to change the owner and permission flags to allow the various users and groups access to the files. It didn't show up as the admin id was the owner and only admin group could see the files, everyone was denied access.

That is a handy thing. I now know how to set up password protected files that only certain people can access even if everyone else can see the names of the files. I also learned how to set up an anonymous id with only read access to the files.

Sunday, February 26, 2006

New printer and Linux

I finally got a new laser printer. Staples had a sale on with an 'instant' rebate and a mail-in rebate. There were two things that also influenced my decision on purchasing the machine:
  1. Replacement cartridge is about $80;
  2. It actually mentioned on the packaging that it is Linux compatible.
The printer itself is a Samsung 2010. It has both parallel and USB connections. I went with USB when I connected it into the computer. It was a breeze installing and configuring. I used Mandrakes control center, picked the hardware tab, clicked on set up printer. It detected the type of machine without a problem. The only thing I had to do was define the model of the printer. It didn't have the exact model so I went through the list looking for the model number closest to mine and tried them. The ML-1750 didn't work correctly, but, the 1710 worked perfectly. I didn't have to insert an install CD or reboot the machine, Linux recognized the printer and in about five minutes I was done and printing again.

The test pages came out very quickly and the graphics were great. I then set up Samba to share the printer throughout the house for myself and the family. That took all of 30 seconds to do.

One little feature on the printer I like is the off/on button. Most manufacturers think leaving this out and trumpeting 'sleep mode' is great. Personally if I am not using the printer I want it off and not in sleep mode. Sleep mode still uses hydro and I am paying for that.

Last note, Staples has an online site where you can fill in for the rebate. I did that this morning and I will see how that process goes. It beats filling in a paper form and then use a stamp to get money back. There is also a web site so you can monitor the status of the rebate. More on how this worked later on.

Saturday, February 18, 2006

Fried printer

It looks like my HP4L is fried. I got the machine about ten years ago and it has served the family well until today. The machine was showing its age and new cartridges are expensive for the printer ($125 Cdn). Yesterday during the snow storm we lost hydro several times. I have all of my equipment plugged into surge protectors, but, the printer still does not work.

I will try the printer on another computer later to verify that it is the printer and not the server that has problems. This gives me another excuse to look at a newer model printer for our home network. The price of cartridges also is a factor. The only upside is the last time I replaced the cartridge was August 2002.

Time to do my homework. I prefer laser, but, if it is not fully supported in Linux I will use an injet. Cost is another factor. A new printer is actually cheaper to buy than replacing a cartridge many times.

FTP Server

My wife was talking to her brother earlier this week. He was looking for a way to send pictures and home movies to us without using email. He has a number of files that would go past the limit that most ISPs would allow. He wanted to know if he could do a direct connect to our machine and send the files and then we would be able to distribute the files locally.

I thought about using SSH, but, had a thought. Why not set up a FTP server and he can dump his files here and then send an email to everyone else that new files are there for anyone in the family to look at. This is a good way of putting up the files as a number of people are on dial up and it won't take hours to download their email with photos/movies, they can go to the server and download only the files that are of interest to them.

I did a quick look through the Mandriva CDs for what FTP packages are available. I finally settled on GPROFTPD. It was small and simple. It took me all of five minutes to set up and the server. A generic account with read-only access was quickly created for family members. My brother-in-law had his id created quickly along with myself. Setting up the software, configuring and playing with the settings and options took one day. I tested the link from work and it didn't work. When I got home I found the problem in that I set it up as an XINET daemon rather than a stand-alone application. Once that was fixed it worked without a problem.

Sunday, February 05, 2006

Computer Viruses - Naming and confusion

With the fizzling out of the latest over-hyped virus and all of the different names for the same virus I was thinking out how these critters are named. It seems that each and every company will define their own name and standard. This to me causes a huge amount of confusion in the user community about what virus is being discussed. As an example the last virus had the following names:
  • Mywife
  • Blackmal
  • Kama Sutra
  • Nyxem version D
  • Nyxem version E
  • Kapser
  • KillAV
  • Grew
  • Blackworm
The actual official name was CME-24. Everyone wants to be credited with the discovery of a new virus and be the first to have the fix but enough, all you are doing is confusing the public and the media.

As a suggestion how about a central reposititory of discovered viruses, how it works, etc? The security community can then define a standard naming convention so that the short name is meaningful, but, allow the first to discover it to give it a 'common name'. In other words a 'Taxonomy' for computer mal-ware. This is good enough for the scientific community for identifying and naming organisms so why not for security software companies to define mal-ware? I use the phrase mal-ware so that viruses, trojans, spyware can all be classified, not just viruses, and the results are available to the public and media. Just enough information should be available to the general public to inform themselves on the risks and how to clean up the mal-ware.

The other benefit is that the massive list of viruses and trojans will be cut down and companies will find it harder to trumpet the number of mal-ware items they scan for as a marketing tool and not as a consumer information tool. In my opinion a lot of the counts are inflated with minor and meaningless variants on the same virus. It would also make it easier for the consumer to compare products to see which package fits their needs. At this time you almost have to be a computer security expert to determine the package that truly fits your security needs.

Linux and Canadian tax preparation software

Another tax season will soon be upon us and with that personal income taxes. Every year I keep checking to see if there will be any Linux bases tax software and every year I come away disappointed. My personal belief is that the tax companies think that there is not a large enough market and as a result are ignoring a completely untapped market.

They should be looking at this as an opportunity to take their software and break the Windows® dependecy. What sections of the code does not require windows and what does. From what I figure there are three very basic sections for the software. First if the database where you store the data, second is the calculation engine and the third is the presentation (and printing) engine. If you modularize the code so that only small specific sections in the modules are operating system specific then developing a package that will run on different operating systems is simplified.

The last thing you should think about. Linux runs on IBM mainframes and Windows® does not. Is there an opportunity to offer the software to corporations who can then offer the chance to do their taxes at work as a corporate benefit? Just a thought.

Sunday, January 29, 2006

SPAM - it is not getting better

I thought for a brief moment that the spam situation would be getting better. For a short period in 2005 it did. June and July 33% to 44% of my Yahoo mail was legit, the rest was spam. Towards the end of 2005 it was 54% to 61% legit. However, in January it went into the spam mail hell. Only 44% of my Yahoo mail is legit and the rest is spam. My Google Mail account is getting semi-regular spam several times a week and my Sympatico id is now getting spam. In the last two days I had received only 1 legit message, but, 40 spams.

To those who think spam is a legit way of getting your message out I have a message for you:
  1. Your spam does not work. Most of us now have spam filters and your spams are consigned into the electronic trash heap. Personally I check the sender name and if I don't recognize it I delete it without opening the message.
  2. If I recognize your name as a local operation I make it a point NEVER to patronize your business.
  3. If I am interested in your product and/or service I will go to your web page myself and do my research and compare you against your competitors. No amount of spam will interest me (see #2).

For those of you who are flooded with spam you can do a few things.
  1. If your email package has a spam filter, use it!
  2. If your ISP offers spam protection, use it! If your ISP does not have one ask them why?
  3. If you use HOTMAIL, GMAIL or YAHOO use their spam filters!
  4. If your account is totally flooded look at creating a new email id and only a few friends and family members get that id. Leave the old account as spam bait.
  5. For all of those warranty forms that ask you for your email account, don't use your main id. Create a disposable account. When it gets spammed you can ignore those messages. We do this at home. My Yahoo account is the id used for all warranties and registrations. That is also why I get so much spam.

Wednesday, January 18, 2006

Gmail spam

It finally happened. My gmail account has been spammed. It is quite interesting in that there are only two people who know and send mail to that account. My Sympatico account is now getting the rare spam. When will they learn, I won't buy whatever they are selling. From my point of view it is like having a telemarketer walk into my house and inflict me with their sales pitch and I can't do anything about it.

Tuesday, January 17, 2006

New year, old spam

After a break of two weeks the Paypal Phishing expedition is back. Three very obvious scams in my Yahoo inbox. That and the variations of the Nigerian scam is back in full force with six today. Again a few tips:
  • Never click on a link in a note that purports to be from your bank, insurance company, ISP or just about anyone else asking you to re-enter your personal information again. These companies won't ask you do do this and even if they do it is much safer for you to open your browser and go to the site yourself.
  • If a 'financial opportunity' sounds too good to be true it probably is. Many of these people are playing on our greed.
  • If a company is asking for your email address to register use a throw-away id and never use your main personal email address. I use Hotmail and Yahoo for this and my personal box does not get the volume of spam that I used to get.
If you use Windows:
  • Make sure that your system is up-to-date. Use the Windows update facility.
  • Get a router with a basic firewall. Make the job of the crackers difficult.
  • Get firewall software and keep it up-to-date.
  • Get virus scan software and kep it up-to-date.
If you use Linux:
  • Make sure that your system is up-to-date. Use whatever facility your distro has to install updates. Just because we are using Linux does not mean you don't have to patch your system.
  • Get a router with a basic firewall. Same as windows.
  • If your distro comes with IPTABLES or firewall software use it. Why make the job of a cracker any easier.
  • As for virus scanner that is up to you. I run one as my SAMBA share is used by the kids and they use Windows. This allows me to check the directory even if I am not affected by the virus/trojan.

Sunday, January 01, 2006

New phishing variant

There is a new phishing attack that may catch some people by surprise. It purports to be from an E-Bay member looking for a payment for an item. There is a box at the right hand side at the start of the message with 'Respond to this question in My Messages.'. The link does not go to E-Bay, but, to 'all-design.com.tw' which is in Taiwan. When you get messages that purport to be from someplace like E-Bay, Paypal, Microsoft or your financial institution do not use the embedded link. Go to your browser and go to the site yourself.

I have received a reply from E-Bay and I will quote the first paragraph of their note:

We have reviewed your report and have found that the message you received was made to appear as if it had been sent by an eBay user; however, it was not. All email sent to you from other members through eBay's email system will also appear in the My Messages portion of My eBay. If you get an email to your registered eBay email address that looks like it's from eBay or another eBay member asking a question, check My Messages first. If it's not there, it's a fake email.

2005 spam in review

Now that the year is over we can review the mail that was sent to my Yahoo account. From June to December I received 2,029 emails. Of those 1,017 were legit and 59 were phishing attempts. Of the spam 651 were porn messages. In December there was a resurgence of spams with 13 phishing emails in the four days before Christmas. Did the U.S. Can-spam act work? To some extent it may have, but, a full 50% of my messages are still spam.