Don't Click "Yes"

The following is not meant as a fearmongering message. It is just important to know for your own safety and internet enjoyment.

We Mac users tend to get a bit complacent when it comes to security. I say this simply as a point of humility, because I haven't been bitten by this yet. One thing that I've told all my friends who have since switched to Mac, as well as those who haven't, is that you will be less vulnerable to malware than you would on the Windows side. This is still true. It is HIGHLY unlikely that a Mac user will contract some random piece of bad program just by doing their everyday normal stuff.

But one thing that we as computer users in general on all platforms need to remember is that there is more than one way to attack one's computer. Something becoming more and more common these days is "social engineering." In essence, this is the act of tricking someone into either providing personal information or downloading and running something they didn't ask for.

The former is known as a "phishing scam." This is one of those things that I would hope by now that everyone is aware of. Sadly, they're not. If you're one of them, read carefully. You may get phone calls or emails telling you something like "there has been a problem with your account and we urgently need you to log on right now and verify your username and password." It will link to a page that looks like an authentic eBay page or your banking website. Again, I would hope that by now no one should fall for this, but the fact that people still do things like this means that it still works, and that you (hopefully not you but someone else who's reading this) could be a victim.

Just remember one thing. Reputable institutions will NEVER e-mail or call asking for your passwords or personal information, i.e. social security number. If someone asks you, he or she is a bad guy. Delete the e-mail.

The latter method of social engineering I mentioned is a fake warning that pops up on your computer screen. If you EVER get a message telling you that

a) you have virus "xyz" on your computer and you can click here to download "abc" antivirus 2009 or
b) you are missing some plugin so the browser can't play some video,

be very, very wary. If you get a), you should NEVER click on any of the links or buttons. Just close the window. It will likely say you have xx number of viruses, but it's lying. The message that pops up IS a virus, and if you comply with what it says you will be destroyed. As of now, stuff like this has no effect on a Mac because it downloads a Windows EXE file.

If you get b) it could be genuine, since browsers by default can display only very basic content, and so some things will need extra plugins like Shockwave, Flash, Quicktime, etc. On the other hand, it could also very well be a fake, and you're letting malware into your computer. By the way, there's no such thing as "ActiveX" on the Mac so if you're a Mac and you see a message saying you need to download it, please kill it.

No matter what platform (that's our term for operating system, really - Mac OSX, Windows, Linux, Unix, BeOS, Solaris, VAX/VMS, CHASM, Silly Dog OS) you're on, if you click on these malicious messages, you're giving permission for them to jump in. Don't click "yes". Just say no, and close the window.

Post #50!

This is my 50th post on this blog! Hooray for me! Anyway, the now-famously babyfaced Stephen Curry scored 44 points for his University of Davidson Wildcats. This is the college where they will wash and fold your laundry for a fee. And I thought dorm housekeeping services were nice.

Unfortunately, neither full-service laundry nor his own 44 points allowed Curry to win the game, for the final score was Oklahoma 82, Davidson 78. That's right, the score was Curry 44, Rest Of Team 34. Sigh...

http://msn.foxsports.com/cbk/gameTrax?gameId=200811180444

Quantum Of Solace

I'll be honest. I went to see 007: Quantum of Solace opening night in the US primarily to see the brand-new trailer for May 2009's "Star Trek XI" that the Internets promised us. As the last of the trailers rolled by (Will Smith's "Seven Pounds") I thought "what the hell, man?" That's right. No Trek trailer.

Sigh. Well, at least I'd be entertained for the next couple hours. Or would I? Now, since I hadn't read any reviews of QoS I didn't know what to expect besides the customary Bond action scenes. If that was all I cared about I think I would have enjoyed the movie a lot more than I did. As it was, the story was a bit hard to follow(or was I overthinking it?) and Bond's motivations seemed a bit cloudy when they should have been quite clear.

I did like the pacing of the movie, despite being unsure why certain people were doing what they were doing at times. I also liked the gratuitous use of large touch-screen computers and Bond's networked digital camera.

Overall there were some good bond moments but I wouldn't say it's as good as Casino Royale. Olga Kurylenko as the main Bond girl was pretty good but the English girl was pretty forgettable.

Watch it if you're looking for some decent escapist fare but if you want a dramatic story that chronicles a man's quest for vengeance, which is what QoS is billed as, you might be better off reading Moby Dick.

I mean, seriously, where did they misplace the Star Trek trailer?

Posted with LifeCast

Offline Test

This is a test of LifeCast's ability to save a post created offline for uploading later. Woof woof.

Posted with LifeCast

Edit: success!

Testing LifeCast

So I got this app for my iPod touch called LifeCast. Apparently it lets me post entries to my blog on the go. Well, at least it lets me do so without using my computer. I'm not really "on the go" because there's no freaking wifi anywhere except my house darnit. Anyway, just wanted to try out this app and see how well it works.

So apparently I'm not allowed to make edits via LifeCast but oh well. Maybe they'll add it into a future version. One good thing I just realized though is that even though I need to wait for a wifi signal to upload an entry, I don't necessarily need a connection to create an entry. So I can write it whenever it feel like it and then upload it later. This is provided that LifeCast even runs without a connection. I'll test that out now.



Posted with LifeCast

Using wifi? Don't use WEP, careful with WPA!

If you use wi-fi at home for your computer or other wireless-enabled device, you probably have a router providing you with that signal. You also probably have a password to secure your router and prevent other people from getting into your access point and using your connection. You may be safe from casual bandwidth-stealers, but anyone who has a few minutes of spare time and the appropriate program installed can bypass your supposed security in mere moments. Then they can use your connection. It can be as innocuous as borrowing your wifi to check their mail, but it's likely that if they are sneaky and clever enough to get in in the first place, they probably have more malicious intentions for your network.

For those who don't want to know the details, just at least read this part. Whether you're tech-savvy or not, you need to pay attention because this affects you. Whoever is in charge of the network at your house or apartment must make the appropriate changes to your settings. Instructions for configuring your router vary between makes and models, so check your particular one and look online for instructions. Generally, though, your router can be accessed through any web browser (Safari, Firefox, Internet Explorer (shudder!)) at the address http://192.168.0.1 or some variation. You're on your own for the login and password.

The bottom line is that you want to get to the "Wireless" settings and change your security to "WPA2-PSK" if it's available. This is the most secure, and is (as yet) not susceptible to easy cracking. You may have to reconfigure your wireless devices as well, but it's for your own good.

Why? Well, WEP, which is what people most commonly use, was, frighteningly, NOT created by security experts. Those who designed it took a great security method and implemented it incorrectly, so it's never been secure. The method it uses relies on randomness to prevent bad guys from guessing the password. But the way WEP is implemented, there are occasional repetitions, and with repetitions come patterns. And with enough patterns and enough data to go by, the bad guys can solve the "puzzle" easily. It needs to be completely random, with no repetition!

I'm not too sure why WPA isn't safe anymore, but it's apparently been cracked in the past week or so.

UCLA 2008-2009 Schedule!

Yeah, I know, the schedule's been set for a while now, but as I have been doing for the past three years, I've created a neat, easily readable printable version of it. I don't have a file hosting service at the moment, so if you want a copy of it, give me an email or IM and I'll send it. I'm also working on a printable roster, for those who want one for whatever reason.