Author: Walt Stoneburner

Seven Phishing Warning Signs

Got a very well done phishing email today, but I’m more impressed with Bank of America’s abuse response letter — they distilled down seven simple warning signs to tell that you’re being Phished. This is something useful to pass on to the less email-savvy people in your life.

This morning I received an email from “Bank of America” asking me to click on the link included to verify some information that’s been changed with my banking details.

Well, given that I was addressed as “Dear Reliable Customer,” and that I don’t have an account with Bank of America, I was pretty sure this was a phishing attack. Viewing the raw form of the message, which exposes the HTML, further confirmed that the email was not from Bank of America, nor was the link for verification destined for Bank of America’s servers.

Normally, I put such stuff in my spam folders, but this one impressed me. It was good. Very good. The email actually used what look like an old banner from Bank of America’s site to produce quite an authentic branded email. It did so by making an image tag to a real Bank of America server.

As such, I felt it was worth the time to gather all the server information I could and pass it along to Bank of America, with the hopes that either their technicians or lawyers would be able to have a field day with the sender.

Not only did I get a nice reply back from Bank of America, but I have to say they really have their act together!

Check out this simple 7-point list they passed on that concisely helps customers identify when they might be defrauded by a scammer.

Source: Bank of America’s email

The main goal of a phishing email is to get you to a site where you will provide your personal information. With these basic, but powerful, clues, you can easily recognize the threat and ensure the safety of your identity and finances.

1. Does the email ask you to go to a website and verify personal information? We won’t ask you to verify your personal information in response to an email.
2. What is the tone of the mail? Most phish emails convey a sense of urgency by threatening discontinued service or information loss if you don’t take immediate action.
3. What is the quality of the email? Many phish emails have misspellings, bad grammar, or poor punctuation.
4. Are the links in the email valid? Deceptive links in phishing emails look like they are to a valid site, but deliver you to a fraudulent one. Many times you can see if the link is legitimate by just moving your mouse over the link.
5. Is the email personalized with your name and applicable account information? Many phish emails use generic salutations and generic information (e.g. “Dear Customer” or “Dear Account Holder”) instead of your name.
6. What is the sender’s email address? Many phish emails come from an email address not from the company represented in the email.
7. When in doubt, type it out. If you suspect an email to be phishing, don’t click on any links in the email. Type the valid address directly into your web browser.

Wonderful advice. And it applies to more than just banking emails.

Thank you, Bank of America. It’s something simple I can pass along to friends and family.

Photographers a Threat? Uh, no.

Bruce Schneier talks about The War on Photographer, where photographers are presumed to be terrorists. This stuck a chord with me, as I’m a photographer, and I have been stopped in the manner Bruce describes.

In Bruce Schneier‘s CRYPTO-GRAM, he includes a reprint of a fantastic article entitled The War on Photography.

Excerpt:

Since 9/11, there has been an increasing war on photography. Photographers have been harassed, questioned, detained, arrested or worse, and declared to be unwelcome. We’ve been repeatedly told to watch out for photographers, especially suspicious ones. Clearly any terrorist is going to first photograph his target, so vigilance is required.

Except that it’s nonsense. The 9/11 terrorists didn’t photograph anything. Nor did the London transport bombers, the Madrid subway bombers, or the liquid bombers arrested in 2006. Timothy McVeigh didn’t photograph the Oklahoma City Federal Building. The Unabomber didn’t photograph anything; neither did shoe-bomber…

As a photographer, I have been stopped by security guards, questioned why I was photographing a building, and probed who I was working for. Bruce explains while not only is this nonsense, but a waste of resources and money.

The article’s short. Take a moment to read it. It brings common sense back to the equation.

I’m a photographer, and if I take a picture of something, it’s because I like it and want to preserve it for others to enjoy too.

Beyond.com: don’t trust it.

Would you trust a service that scrapes dated resumes, creates profiles without your permission, and make it difficult to get rid of them? Didn’t think so. Then in my personal opinion, you wouldn’t trust beyond.com — find out what unsolicited content was waiting in my inbox.

This morning I woke up to an email, it basically read this:

You received this email because you have created an account on Beyond.com. This is a one-time mailer. If you have any questions, please contact us.

I’m thinking to myself, “what?!?” Actually, I’m thinking something quite a bit more colorful.

Then there’s another message from Customer Service.

Then there’s another message with my username and password.

…right.

After deciding it isn’t some email spammer trying to get me to some foreign national site, I login. And what do I find? Someone had screen scraped an old copy of my resume and contact information and made an account for me.

At this point, I figure that anyone with any common sense should completely discount beyond.com’s credibility completely. Here’s why.

First, if any arbitrary user is able to make up accounts for someone else, then clearly the database of provided by beyond.com can’t be trusted. I know my information was wrong, so clearly any potential employer looking for candidates would actually be wasting their time — it isn’t an accurate representation out there. But more over, this represents bad business and security practice if someone other than the actual person can create an account.

Second, let’s assume that such a thing isn’t possible. The alternate conclusion is that beyond.com is scraping the web, making accounts, in an attempt to build a database to give the appearance they are more than they really are. Will some suckers sign on and “correct” the information? Perhaps. But I suspect many others will ignore it. Again, this is really not helpful for anyone trying to use beyond.com for candidates.

Bottom line, either side of the coin — something is wrong. Very wrong.

And, of course, removing that profile is painful and obscure. The help files toss around words like ‘deactivate’ rather than ‘delete’. Such things should make users of beyond.com question the marketing metrics of beyond.com as well.

To me, and in my personal opinion, beyond.com isn’t worth the pixels its printed on. In fact, it sucks.

REVIEW: Walt gives Beyond.com two thumbs down.

Canon Powershot SD890 IS

The Canon SD890 IS is a capable camera, but the one thing I’m not too fond of is the physical interface, and if I had to gripe about anything in particular, it’d have to be the on/off switch.

I love my Canon Powershot A570. Apparently, so does my wife. I know, because I don’t get to play with it very much anymore. That’s why I got the SD890 IS.

So, why would a photographer with a Canon EOS 5D that can produce images that look like these need with a point-and-shoot camera, you may wonder?

Turns out it isn’t always convenient to pull out a full sized digital SLR. Especially if you’re driving down the road, sitting at work, or floating down a river. What’s ideal is a camera that takes good enough pictures, and if it gets destroyed you won’t be mad at yourself. Well, not for long, that is.

As such, I found my self eyeing the Canon Powershot SD890 IS. It’s a small, 10 megapixel camera, with reasonable 5x optical zoom, image stabilizer, and face detection. The feature list is pretty neat, in that it an do sound recordings, movies, stop motion, high ISOs, macros, panoramic stitching, spot color, color substitution, and has all the manual goodies you’d expect from a real camera. USB connectivity, and even weirder, video out that looks like a USB connector.

However, what I’m not thrilled with is the physical interface to the camera. In an effort to be stream lined, it “feels cheaper” than my other power shots. And I’m not just talking the small 32MB SD card that comes with it.

To start with, the on/off button is plastic and needs to be pressed in a considerable way in order to turn the camera on and off. Not only does it need to be pressed in, but it has to be at a particular angle or nothing happens.

Originally I thought I had received a defective model and actually ended up returning it to the store, which incidentally was not BestBuy for good reason. The returns person was unable to turn on the camera. When it was turned on for her, she was unable to turn it off.

While I appreciate the need to not have the camera activate while in one’s pocket, it’s still imperative that the camera can be activated upon demand.

Canon SD890 IS Interface Problems

The zoom in/out ring on top feels rugged enough to hold up to use, but the mode selector for automatic/manual/scene/movie is so sleek in design, it’s uncomfortable to change modes. Instead of turning the side of a wheel, with most Powershot models, it requires more thumb torque than you’d initially expect.

I’m not thrilled with the review mode being a button instead of a setting on that dial, but I also have to admit that it makes the review process very easy. That, I assume will just take some getting used to.

The only other real complaint is the lower wheel-like interface for changing sub-modes and selecting menu items. It’s a rotating shuttle, that’s also a N/S/E/W rocker switch, that also has a button in the middle; all slightly smaller than the size of a dime. Navigation is difficult, and not for the reasons you’d think.

While the ring-wheel for selection is a nice way to change modes, you have to exaggerate the amount you turn it to change to the next selection. Thus the perceived required turn amount in the GUI is far less than what is actually required, making you think it isn’t working, when if fact it is. It’s not overly sensitive, but the exact opposite. I’ve yet to be able to find a way to adjust the spin sensitivity on the control dial.

There is tactile feedback which feels like little stops as the wheel turns, but it’s clear the GUI is not looking for how many of those pass by (distance), but rather speed. Slowly turning the wheel does nothing, no matter how many increments it literally feels like you’ve passed.

Luckily, since it also acts as a rocker switch, the GUI responds to this, so it’s not as big of a deal as one might think. It just feels awkward, though the GUI is totally usable.

Aside from that, the LCD is large and bright. The display shows all the settings you’d need for information, and it’s easy to find settings. In particular, I’m impressed that it’s possible to overlay a grid and 2:3 shading, which makes composition all the easier, especially with face recognition properly focusing.

The camera doesn’t have as many models as it’s smaller predecessor, but then again, it’s got better optical resources and a slightly smaller footprint, which scores high in the portability scale.

The one thing I wish it did have was the ability to use standard AA batteries. Normally, I use rechargeable AAs, but it’s nice to know in a pinch you can use a standard household battery. Nope, for this camera you need a special Canon NB-5L 3.7V 1120mAh(Li-ion) battery. Small, light, compact, charges quickly, lasts a while, but still — if it goes dead, you’re out of commission.

All in all, though, if I have to judge it based on the quality of pictures, I’d have to say it’s a very capable camera. Handy to carry, easy to use.

REVIEW: Walt gives the Canon Powershot SD890 IS a rating of 4 out of 5 stars.

UPDATE: The camera does not have a Aperture or Shutter Priority mode.

REVIEW: Walt downgrades the Canon Powershot SD890 IS a rating to 3.5 out of 5 stars.

Remember those split-books?

After ranking over 10,000 items in Amazon, I’m seeing interesting stuff from time to time. However, none as amusing as this.

A while ago, I thought it might be fun to conduct an experiment and rank anything and everything that Amazon showed me. In fact, the rank wasn’t necessarily even important, I just wanted to see what would happen as recommendation after recommendation was ticked off. Would Amazon’s suggestions get better? Would it run out of suggestions? Would it result in an overflow message?

Well, I ranked over 10,000 items over the course of several months, ranging from computer books to perfume. What I found was that in the short term you could get Amazon to run out of things to recommend you. In the longer term, it got a little better recommending things, though the categories get broader, and if you stumble into a new kind of category, it leaps at the chance to have options again to show you. And, finally, nothing spectacular happened numerically when I crossed five digits.

That said, every so often, Amazon makes some amusing recommendations choices. However, this time it was the presentation that was amusing unto itself that I took a snapshot.

Know those split-books you had as a kid, where the page was divided? You’d get half an animal on top, and half an animal on the bottom. Allowing you to make a giraf-o-potamous, an elepha-gator, or a kanga-mander.

Amazon selected two products and presented them split-book fashion. Order, it turned out, was important:

Amazon Split-Book

It’s the top of a woman from 2002, and the bottom of another from 2007, put together it looks like one woman standing behind two cut outs on the product recommendation page. I couldn’t help but give each half five stars for creativity.

Macbook Pro Screen Goes Dark on Wakeup

My MacBook Pro should have woken up when I lifted the lid, but all was dark. However, while checking the battery level, I noticed it had woken up. The problem was the backlight wasn’t coming on. Here’s the solution. It isn’t the brightness button either.

Today I learned that there’s a nifty little utility called Maintenance 3.8 out on Apple’s site. You can find it by going to Apple / Mac OS X Software…, and when the web page pops up, type Maintenance in the search box.

It’s an automator script to repair permissions, verify preferences, updating prebindings, do cleanup, update databased, rebuild indexes, empty Trash, and so forth. My guess is it’s much like Onyx.

Deciding to give it a try, I downloaded it, opened the .DMG file, and double clicked the automator icon, selecting Restart when done. And while I got a very little in the confirmation department that things were working, I saw a lot of CPU activity running utilities I was familiar with.

So, with the laptop plugged in, I left to to chug away. I heard the restart sound several minutes later. And, I ignored it.

Later, I picked up my laptop and went to login.

Nothing.

The “breathing LED” on the front was off, and nothing was responding keyboard or mouse wise. The screen was black.

So, I decided to check the battery. Full power.

But then I noticed something. At the steep angle, in the near pitch black of my LCD screen, I saw the login window. What was happening: the backlight wasn’t coming on. Fiddling with the brightness control didn’t help either.

Sure enough, I could make out the cursor once I located where it was.

I tried opening and closing the lid. Nope. Backlight still off.

So, I restarted (as I mentioned, it was operational, I could barely make out the GUI).

The machine sprang to life, showed me the blue background, and right before it went to the login screen, the backlight cut out again, leaving me in pitch black.

Titling the screen back again (with the keyboard sticking up in the air and the screen flat on the table), again I could make out the login box and mouse. I did a restart again.

This time I held down Command-V as it booted. And I watched as it came up, lots of normal diagnostic messages, and then the blue background, and right as the login screen appeared, back to pitch black.

Annoying. But now I’m wondering if all the times I’ve ever woken my laptop after a case where the lid didn’t quite clasp perfectly, was this what was happening — could the machine be up, but the backlight off?

So, one last time, I restarted. Only I held down Command-Option-P-R (four fingers) to reset the power management settings. Several chimes later, I let go, and the machine booted perfectly, and the login box appeared, backlight and all.

I’m hoping that my experience may lead to an additional piece of the puzzle about the Mac waking up funny. I would have never have noticed anything on the screen if I looked at it dead on, as I always do.

It’s fairly well known that if you close the Mac’s lid, but down engage it fully, the lid will pop back up, but not after putting the machine to sleep. At that point, it becomes a little dance with the lid, trying to get the lid back down, so that the machine can see it re-open, and that usually wakes it. But sometimes the screen is still dark, and you have to play with the power button (and if frustrated, hold it down to restart).

Sometimes this same problem manifests when you wake the machine, enter your password, and suddenly everything goes dark. You wiggle the cursor and hit the keys and nothing happens. Caps Lock toggles, but it feels like it’s gone back to sleep.

Well no more. From now on, I’m going to tilt my screen back and see if I’m operational. That way I won’t lose data from an unnecessary restart.

Now that’s fast!

From WebMD – “Victims usually die seven to 10 days after infection, although symptoms may not appear for up to 14 days.”

Was reading on WebMD about the Brain Eating Amoeba:

And it happens fast: Victims usually die seven to 10 days after infection, although symptoms may not appear for up to 14 days.

Initial symptoms include headache, fever, nausea, vomiting, and stiff neck.

I’m trying to picture how a corpse has a fever or complains of a headache.

BestBuy Teaches Me A Lesson

Single handedly, he’s more than doubled the amount I was planning on spending on an impulse buy. It’s not cheap, either.

And you know what? I’m happy. I’m genuine, truly, on top of the world, happy.

It was at this point I made my fatal flaw: I went to leave the store.

It’s memorial day, and BestBuy had sent me some coupons. Not amazing coupons, but 10% off this or that, should I happen to be in their store this weekend.

BustBuySo, I’m hanging out around the house and come to the conclusion that having a second digital camera would be a really good idea. And shortly later, I’m standing in BestBuy in Sterling, VA.

Mind you, I’ve already decided upon the camera I want. It’s oh so niiiiiice. And, Noah, our helpful sales person, quickly has it in my hands, so I can grope the box with anticipation.

He’s also, it appears, is the master of up-sales, because I’m now also holding the fastest 8GB card they’ve got, a really slick HD card reader, a nice carrying case, and I’ve just signed up for the 4 year warranty plan …with accidental coverage as well. Single handedly, he’s more than doubled the amount I was planning on spending on an impulse buy. It’s not cheap, either.

And you know what? I’m happy. I’m genuine, truly, on top of the world, happy.

We pay in full, and not on credit, mind you. And Noah packs everything in to a big, convenient, transparent plastic carrying bag with handles that’s labeled BestBuy on the side; and just so I know I got everything, he packs my warranty information and receipt against the side so I, and the world, can see it.

It was at this point I made my fatal flaw: I went to leave the store.

Despite having just come from the registers with everything I was carrying dangling visible by my side, as I attempted to leave the store, I was detained to have my receipt and purchases examined. Not peered at. I mean, hands going through your stuff, as in it’s-not-in-your-possession-any-more kind of examination.

Understand what this feels like to the honest, repeat customer. It conveys you, personally, are doing something illegal or untrustworthy.

Understand what message this conveys from a store to its patrons. It says we don’t want you to shop here.

Yes, a lot of people are willing to bend to the hassle of an over zealous or bored employee. That doesn’t mean I am, or should. Store policy and personal whim isn’t the law. I have no contract with BestBuy, as I do with Costco or Sams, in which I happily comply to go over purchases as previously agreed.

The moment the sale is concluded, it’s my legal property. And BestBuy knows this. That’s why when they ask to rifle through my personal belongings when I leave, I can say “no thanks” and keep on walking. Legally.

I simply don’t trust store personnel to be properly trained that they are not the police, and they don’t have the same rights and authority as sworn officers of the law. That said, no one touched me today. But today’s exit was still more intrusive than I prefer.

It was also clear they didn’t think I was a shoplifter, they just wanted to assert whatever authority they thought they had. No big burly man asked me to step aside or go visit the back room; that, incidentally, would have been just fine if they suspected something. This wasn’t even a security guard. It was a regular employee and the greeter.

And so after they were done searching and returned my bag, without leaving the store, I went straight to customer service to return everything.

It was pretty evident, the store did not want me leaving with any purchases today. While my transaction had just been validated by going through my possessions, without my consent, somehow the situation appeared to require further escalation after my change of direction to remain in the store. Looking back, security folks were arriving at the exit.

Mind you, I had neither resisted nor engaged in any verbal exchange back there. It was now turning into a show, and I wasn’t even party to it. Four to five people where watching me talking with customer service from where I’d been stopped.

I got my full refund, and with the smile and friendly service that the camera was sold to me with. It’s clear where the problem area was, because it wasn’t on sales and it isn’t on returns. And, from my brief discussion with customer service, it was quite clear I wasn’t the first to go through this.

Not only did BestBuy lose this sale, but it also gives pause to future purchases I’d make.

It’s a story I’ll be sharing frequently this holiday weekend and coming week.

And, the weekly business purchases that I do for our office will most likely be done online or at the local Staples now, even if that means driving a little further.

BestBuy didn’t prevent theft, it lost business. More than just the camera.

Checking the receipts at the exit is bad policy, and it doesn’t stop theft. I understand BestBuy’s motive for this behavior, but it’s hurting them in the longer run. Far trivial solutions exist which would be far more effective and not cut into profitability or produce lost sales. Short term thinking and the illusion of security is a negative.

But it’s worse than that. I learned something BestBuy didn’t want me to know.

With my return receipt in hand, back at home, I signed on to Amazon and started looking up the products. Mind you, I had purchased the camera and equipment with coupons, so I was using that as my base price.

Even so, through Amazon, the camera was still 83% cheaper. Carrying case, 74% cheaper. Memory, 54% cheaper. And at those prices, I don’t need the extra warranty.

BestBuy had been so convenient that it just hadn’t been worth the second thought to go comparison shop.

Now, since they made me look at my relationship with their store good and hard, since this incident will remain in the forethought of my mind for quite a while, BestBuy has turned itself into SecondBuy.

BestBuy Taught Me A Lesson: Look Elsewhere.

It’s not just cheaper. It’s much cheaper.

Loathing Dell, Hating Symantec

A password to uninstall Symantec Antivirus…?

In trying to repair a Windows laptop which was acting really slow and appeared to be riddled with problems, I discovered it was running Norton / Symantec Anti-Virus.

Ugh.

It’s been shown with benchmarks that this software kills PC performance. And, in other tests, AVG, which costs less, catches more, without being a resource hog.

So, I go to uninstall Symantec, which can be a chore unto itself. But this time I was greeted with a new source of irritation.

I got a dialog box which said “Please enter the uninstall password”. Great. Just great.

So, given that this OEM laptop had paid support by Dell, I figured I’d ask.

The answer I got back was “I wasn’t aware there was a password to uninstall.”

While Dell was dodging the support question, I found this very helpful article:

http://www.mydigitallife.info/2007/05/05/hack-to-removeuninstall-symantec-norton-antivirus-sav-client-without-password/

In it, it said change the value of this registry key, HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\, from 1 to 0 with RegEdit.

I tried it. It worked. No problems. Problem solved.

So, I tell the Dell Support person the point is moot, I got past it, and shared the link with him so that future customers with the same problem could have the problem solved. Isn’t that how it’s supposed to be? Learn something, and share — that way others don’t waste time down the path you traveled?

Dell’s tone instantly changed, they didn’t seem happy I got past it. And, then he tells me that Dell support doesn’t give passwords, or tell how to override them, even for OEM installed stuff; they would not be sharing the information, no matter how useful.

So, did they know about the password and just feed me a line? I was certainly left with that impression.

Incidentally, I’ve been told by an IT person, the next time I encounter the password box, enter: symantec

You’ve got to be kidding me.

Long Trip To The Playground

Just for fun I’ll give her a word problem that will bug her all week: “So, how many days is 200 hours?”

My visiting niece expresses she wants to go to one of her favorite playgrounds, so we hop in the car and I take a new route so she won’t recognize the place since we’re approaching it differently. I want to see how long it takes before she catches on.

Turns out, I was the one that got the surprise.

I park the car, and we get out and start walking along a black path towards the playground.

“How looooooong to do have to walk?” she asks.

At my height, I can see it. “About a minute.”

“What if it’s two minutes?” she asks.

“What if it’s an hour?” I retort.

“What if it’s two hours?” she counters.

“What if it’s one hundred hours?” I escalate.

“What if it’s two hundred hours?” she throws back.

We’re almost to the playground, so I figure, just for fun I’ll give her a word problem that will bug her all week.

“So, how many days is 200 hours?”

She pauses, looks up at me. “Good question.” She puts her finger on her chin, and immediately answers “Eight days and eight hours?”

I do a double take. “Uh, that sounds about right.”

And at that point she sees the playground, screams “Come on!” and breaks into a full run.

I take a more leisurely pace to cover my thought process. “Let’s see 24 into 20, nope gotta do the whole thing, 24 into 200, wait, 10 is too much, 9? That still feels high. She said 8, let’s go with that, 8 times 24, ok, ok, 8 times 4, that’s 32, okay, carry the 3, 8 times what was it, yes, 2, ok, 14, no 16, dumb Walt, dumb, ok, 16 plus, what was it before, 24, no, 32, wait, carry the 3, 16 plus 3, that’s 19, what was in the last one’s column, 32, ok, 2, alright 192, then I need to what, subtract that from…”

At this point I’m concerned because this little girl just did lightning math in her head without preparation, and I don’t know if she’s going to be able to understand the concept of explaining the thought process that happens in one’s own head. Figuring out how she did this is going to bug me all week.