Wednesday, December 31, 2008

Year end 2008

It is now the last day of 2008 and it has been some time since I talked about spam. This year marked a real drop in the number of spam messages that I have been tracking in Yahoo, but, all my other accounts now get regular spam emails. The troubling part is that they are looking much better that a few years ago and it appears that the spammers are targeting a more select group rather than doing a blanket spam.

Since I started tracking spam mail in June 2005 I have now received a total of 17,579 emails of which 11,589 were spam. That leaves me with 5,990 (34%) of the mails were legit that I asked for. The upside is that this year 69% of my mail was legit (1,529 emails).

A few things that I keep telling everyone and bears repeating here:
  1. If you get mail that purports to be from anyone asking you to re-enter or reverify your account information never click on the link provided. Go directly to their site yourself and check there.
  2. Keep your firewall up-to-date and active. If you don't have a firewall get one and install it. There are a number of good free firewall packages out there.
  3. Keep your anti-virus up-to-date and active. Again, if you don't have this software get one and install it. Like #2 there are a number of excellent packages out there for free that you can download.
  4. Keep your Operating System (O/S) up-to-date and apply all patches immediately. It does not matter what O/S you run, keep your system up-to-date.
  5. Keep a good set of backups. Even if you follow #2-4 hardware does fail at times and having a good current backup will go a long way to restoring all of your critical files.
  6. If you get an email that sounds to good to be true... it probably is.
  7. Never open up file attachments that you don't know who the sender is. Even if you know the sender, check the file first with a current virus scanner and then check with the person before trying to open the file. You are not paranoid, just prudent if you check before doing anything with that file.
  8. Enable viewing of the extension of the file name. Some of the nasty packages are really '.EXE', but, shows '.ZIP' at the end of the name hoping to trick you into trying to open the package.
  9. Change your passwords on a regular basis. Some people use passwords that have never changed in years, use post-it notes with the account and password or make an easily guessed password. You can make passwords that are hard to guess, but, easily remembered. If a cracker can guess your account password then they can use your identity for whatever purposes they want.

Sunday, October 19, 2008

New hardware

Two weeks ago I went out and purchased a new machine for my work at home. I needed a machine that could handle the workload on digital editing and needed the hardware to do this. I also wanted a machine that could handle the new graphics mode of Runescape which I play on a regular basis at home.

I ended up buying the Dell Inspiron 530. It has 3 gigabytes of memory, dual core processors and 500 gigabytes of disk space and a Hauppauge WinTv tuner. The only thing is that it came with Vista and I really don't want that on my machine. Before wiping the hard drive I loaded the PCLinusOS 2007 live CD into the machine and rebooted. The first indication that I had problems was the message 'No IDE channel' and the machine refused to boot with the CD. I went to the forums and read about the problems other people were having and tried all of the command line options, but, no luck in booting the machine is PCLinuxOS 2007.

I then tried to run a number of other live CDs that I have with various amounts of success:
  1. Mandriva 2008. It boots, but no Java and no ATI drivers. The tuner didn't work and the Palm M130 didn't show up on the USB bus.
  2. Mint. It has Java and the ATI drivers. No tuner recognition and the Palm M130 didn't show up also.
  3. Knoppix. It has Java and Firefox, but, no ATI drivers.
I tried a few other variants of PCLinuxOS, but, they either didn't recognize the SATA DVD drive, or, when installed didn't boot because of the SATA hard drive. I also tried a number of other Live CD distros, but, they either didn't boot or didn't have the same out-of-box experience I am accustomed to that PCLinuxOS delivers. They are all good distros, but, don't fit my needs:
  1. Kanotix
  2. Granular
  3. Vector
  4. Ultima
  5. Ubuntu, Kubunt, Xubuntu.
  6. Simple Mepis
  7. Fedora
  8. Vector
  9. Sabayon
  10. Berry
I ended up partitioning my machine and making it a dual-boot machine and installing Mint on the machine for now. I choose it as it is close enough to the look-and-feel of PCLinuxOS 2007 and it works with the hardware. The only thing I don't have for now is the TV tuner and the Palm M130 sync, but, those are minor issues for now. I can probably hack my way through those issues and the issues with the above distros have, but, I prefer PCLinuxOS. Mint is quite nice and auto detected everything else on my new system without a problem and the software update mechanism (adept) is almost as slick as the package manager in PCLinuxOS.

Today the PCLInuxOS development team announced PCLinuxOS 2009 Beta 1 and I am downloading that at this time and I will be giving it a try later on. No matter what I will be keeping dual-boot as there are some games that my daughter wants to play and they don't support Linux (yet).

The one lesson I learned is that when getting new hardware use the Live CD first and see how it works on the machine before doing the installation and totally hosing the system.

Another scam/spam

My wife received an email last week that purported to be from United Airlines. Even though we run Linux she didn't want to open it up until I had a chance to check it out.

The subject line was [Your Online Flight Ticket N 24097] and the contents of the message was as follows:
Good day,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:

Your login: **Removed**
Your password: **removed**

Your credit card has been charged for $947.90.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
United Airlines
The first thing I did was to check our credit card to make sure that we were not the victims of identity theft, fortunately we are not. I then checked the file attachment and it showed 'E-ticket.zip.exe'. I checked out via Google about this and found out that there is a scam for the last year with variants on the subject for other airlines. Fortunately we don't use windows so we are fairly safe from the payload. I forwared a note to United Airlines and to quote their reply:
Mr. Traynor, please know that the e-mail you have received is not legitimate as it is not sent by United Airlines.  I would request you to not to open any attachment and provide any personal information.  Rest assured that I have forwarded your concern to our Fraud Investigation Department for their review and investigation.

We truly value your business and always look forward to serving you again
Just a heads up for everyone when you receive something like this not to open the attached file if you are not sure that you are the correct recipient. I would assume that the people behind this are hoping that people are curious enough to open the package and then take over their machines. I also like the fact that United Airlines replied so quickly that the email was not legit and forwarded a copy to their fraud department.



Update - 2008/12/15

CERT has a security notice about this, you can learn more about this scam by clicking on airline ticket email scam.

Sunday, June 15, 2008

My first kernel update

I finally got up the nerve to do a kernel update of my PCLINUXOS system. I made sure I had a good backup of all of my files before starting. Actually I made two as I tend to be a bit paranoid about such things.






The process is very easy. I launched Synaptic and then did a search for 'Kernel'. I selected the kernel I wanted and then let it install. For the first several weeks I kept the default kernel and manually switched to the new one. Once I was happy I then used the Control centre to change what the default kernel was.










I selected the new kernel that I want to change the defaults on.




I then clicked on 'Default' to make this the new default.


















The image is what KDE shows. It took me about 15 minutes to add the kernel and then later to change the default kernel that the system boots to. Just remember to make a good set up backups before trying this.

Monday, April 14, 2008

OS & Browser stats

It has been a while where I posted my stats on what O/S and browsers people are using to see this blog and my gardening blog. It is not surprising that on this blog that Windows and IE are not very popular, but, the gardening blog does show that Windows and IE are not the only game in town. For the gardening blog 16% of people are not using Windows and 38% are not using IE.

One strange result in the gardening blog is that someone is using 'Google 5' as their browser.


Linux blog Gardening
O/S

Linux 31.3 2.0
Mac 2.0 11.0
OS/2 24.2
Unknown 2.0 3.0
Windows 41.3 84.0



Browser

Firefox 70.0 26.0
Google
1.0
IE 20.0 62.0
Konqueror 2.0
Mozilla 4.0 2.0
Netscape 1.0 2.0
Safari 3.0 7.0

Tuesday, April 01, 2008

Less spam more mail

I have noticed this year that the amount of spam has dropped dramatically. I have been keeping track of my mail from Yahoo for the legit/spam emails for the last 34 months. For 2005 and 2006 about 80% of my email was spam. Last year it started to improve as only 70% of my email was spam. This year over 50% of my mail is now legit and the volume of mail is down over the same period of 2006/2007. The work that the authorities have been taking in taking down the spammers seems to be working. Hopefully this is a continuing trend and the various spammers are taken out and the bot nets removed.

The only downside is my personal email ID is now getting semi-regular spam, but, I flag the message as spam for my provider and they update their mail filters.

A few reminders:
  • If you get an email from someone and you are not sure about the file attachment call the person, don't open the file.
  • Use your ISP's spam filter.
  • Use the spam filter in your email software.
  • If it is a phishing attempt find out the legit email of the company targeted and send them a short note so that they are aware. Never click on the link within the email. Never send confidential information by email, companies will never ask you for your password, account information!
  • When in doubt remove the email and contact the person. If it is legit they can resend the information.
  • Keep you system up-to-date. It does not matter what O/S you run, keep it up-to-date!
  • If you have anti-virus software, use it and keep it up-to-date!
  • If you have a firewall, use it and keep it up-to-date!
  • You can never be too paranoid, all it takes is one click and the crooks get information that they can use.
  • For your papers/documents/bills at home, shred them before trashing/recycling them. A shredder does not cost very much and personal information that crooks can use is harder to get if it is in very small pieces. Shredders that can handle CDs are not much more expensive than regular shredders and they can also handle credit cards.
  • If you get rid of your old PC make sure that you wipe the hard drive. It does not take a lot for someone to browse the drive and get personal information. If you are recycling the machine take out the drive (if possible) and take a hammer to the drive to really make sure no one can get the data on the drive. I had a neighbor who threw out their machine and I picked it up for spare parts. They actually didn't clean the drive at all and if I was less than honest I could have used that information. All I did was take a 5lb sledgehammer to the drive and then recycled it.

Monday, February 04, 2008

Linux Canadian Income Tax - Update 2

I am on a roll going through sites for Canadian Individual Income Tax Software. The next site I tried is TaxFreeway and it was very easy (one click) to see what is supported. On the down-side it is only Windows and Mac, but, I don't have to waste time trying to find that out. It is also only one click to find out an email address to send any questions to. This is a much easier site to navigate and keeps to the KISS principle of design.

The third site is Taxtron and like TaxFreeway it is a joy to navigate. The first page allows for individual or professional. The next page right up allows you to pick either Windows or Mac. I selected windows and went to the tech support option. They have a nice and short web based option to allow you to ask a questions. Again, this is a easily navigated site and in a few clicks I can find the information I am looking for.

The fourth (and last) site I looked at is UFile. Right at the bottom of the page is a contact option. When I go there I am presented with a online web form that will allow me to ask questions. Again, fast and easy to find how to ask them questions. Unfortunately it appears that they are Windows only, but, I could find that quickly and easily. In their FAQ area they are upfront in that they support only Windows at this time. This information took me only one minute to find. On the upside they do have an online version that appears to support Linux (using Mozilla based browsers).

Linux Canadian Income Tax - Update 1

Today I started to look to see if some of the makers of tax software support linux. I have spent the last 20 minutes trying to go through Intuit's site to see what O/S is supported. So far I have found absolutely nothing on what is supported, all of my links lead me in a circle and when I try to figure out how to send them a note asking a question I go into the same loop. Come on people, make it easy for us to send you a note asking a question and step firmly on the necks of the marketing people who seem to make the site into one huge advertisement.

When you have a clickable link for a contact give the person an option to at least fill in a web form with their question and how the company can reply back. If anyone is reading this from Intuit keep this in mind,
I write programs and online systems for a living and your site makes it impossible for an computer expert to find how to contact you.
If I have a problem with the site how is an average computer user going to navigate your site?

I finally found their online forums after 25 minutes of going in circles. I did a search for 'Linux' and the only thing I could find is that there is a QuickTaxWeb and not a native Linux version.

Saturday, February 02, 2008

Adding new hardware - Update

After posting all of the things I did for installing the new PCI soundcard I figured I should put up a few screen prints showing the system and the configuration settings I used to make it work in LInux.

The first image on the right is a high level shot showing the version of KDE in use and the Linux kernel version.


The second screen print shows the KDE settings that I used. I let the system autodetect the card as I was using ALSA.









The third screen shows the overall hardware of the system. It autodetected the card as a 'Vortex'.








When I select the 'Vortex' you will see the settings in screen print 4.








Running the config option on this will show the settings I used for that card in screen 5.

Sunday, January 27, 2008

Adding new hardware

My daughter's machine has an integrated sound card which works fine for most things. The only problem is for some of the Java based games where there is no sound. For the last year her choice was to live with no sound or if my wife was not using her machine then play on that machine.

When going through my spare part bin I found an old sound card from a Compaq machine I stripped down. It was a PCI card and I checked my daughter's machine to see if it had a spare slot. It did have a spare slot and I installed the card. I didn't completely close up the box just in case Linux didn't recognize the card. When I booted I did get a message that AUMIX was not found. I went into the control center and selected 'Hardware'. In hardware I went to the 'Configure Hardware' area and then I picked the soundcard area. All I had to do was pick the right driver for the card and then I shut down the machine. I probably didn't need to do that, but, I had to close up the box and reconnect the cables and that was the safest thing to do.

When the machine rebooted we had sound. The last thing I had to do was select the master channel in KMIX and the sound card worked perfectly. We now have complete sound in all of the Java based games.

Total time for doing this fix: 15 minutes.
Total cost: $0.00

If you are having problems with sound with an integrated system you can check out using a PCI sound card if you have a free PCI slot available. The cards go for around $30 for new, or, if you have spares then you can recycle an old card.

Tuesday, January 22, 2008

2008 - Linux Income tax Software - NOT!

It is that time of year again where I search for a Linux version of Canadian income tax preparation software. This year it is even more pressing as no one now supports Windows 98 which is on our dual-boot machine. The machine itself is great for Linux, but, there is no way I will pay to 'upgrade' the O/S to XP and it definitely will not run Vista. I started my search in the stores reading the boxes of tax preparation software and noted that Win98 was not supported and when I went to the web sites it was confirmed again.

I figured I would go to the Canadian Revenue Agency (CRA) to see what they had for certified software and if any company had a Linux version. You can see what is certified at the CRA. At this time no one supports Linux.

When I get some time I will probably send a short note to a couple of companies asking about Linux versions. I understand that they are a business, but, a sizable population is not being served and that in my less than humble opinion is a ripe market that would love to be able to prepare their taxes in Linux.

I looked at web based companies, but, I am unsure how much I should trust them with my personal information. It is a complete unknown to me on how they secure that information and what their backup/restore procedures are and how secure that is. Unlesss something comes up soon I will have to do my forms by hand or buy a refurbished machine with XP on it and dedicate that computer to just old legacy programs that are Windows based.