Blogs

Daylight Saving Time

R.I.P. 2am... We'll miss you ;)

Rating: 
Tags: 

Securing your online identity

Within the past month or so, I find it odd that the occurrence of friends who have had their Hotmail, Gmail, Facebook or other online accounts hijacked has roughly tripled... Probably some new social engineering technique or malware is behind it, but I took the time to write this up since preventing account hijacking from happening to you is easy and probably won't take more than 5 minutes to make the changes to your online accounts.

Choose secure passwords

Part of basic online security is choosing a good password. Remember that many password crackers are loaded with dictionary words and common variations thereof (replacing a letter with a number, adding numbers after a word) - choosing a simple password makes your account is an easy target. Any secure password should be at least 8 characters in length, include letters (upper and lower case), numbers and even punctuation when possible. Below is a quick 5-step process for choosing a secure and memorable password:

  • Choose any word
  • Add two numbers to the end of the word at random
  • After the two numbers, add a punctuation mark or symbol such as: ! @ # $ % & * ( ) _ + - = [ ] \ { } | ; ' : " , . / ?
  • After the punctation mark, add another word related to the first
  • Choose one or more letters in your password and make them uppercase

For example, I like chocolate ice cream. I choose the number 38 at random, used an exclamation mark and made any letter "c" my password uppercase. The end result is ChoColate38!iCeCeam. It isn't very difficult to remember, but that would be extremely tricky to guess!

Do not answer any "secret question" with the correct answer.

Many websites (and even some banks) employ the "secret question" technique to verify your identity. Often, you can also reset your password by giving the answer to one of your secret questions. If you have a secret question that's easy to guess, having a secure password is moot; the secret question bypasses it completely. Even worse, the attacker could change your password once they break into your account locking you out!

The answer to this problem is to choose something unrelated to the question and use that for the answer. Make it obscure enough so that you can use the same answer all the time so you don't have to remember which nonsensical answer you choose for which question... For example:
What is your best friend's name? Spoon43.
What is your favourite food? Spoon43.
What was the name of the first street you lived on? Spoon43.
What is your mother's maiden name? Spoon43.

Be conscious of what you post publicly

Be careful of what you post online. Nobody thinks identity theft could ever happen to them, but happens much more often than you would expect. As well, with the rise in popularity of social networks it has become easier and easier to track people down and lift information from profiles.

  • Tighten down your privacy settings. Is there really a need to let everyone know about your personal life? Hide information that you don't want the world to see - your cell phone and home address are good examples. In Facebook's case, you also want to set all privacy settings to "Friends only".
  • Think about what you publish before you hit the button. As a general rule, don't publish to social networking sites or your blog what you wouldn't want everybody to know about you.

Do not store sensitive information without encryption

Encryption is a technique that turns information unreadable to anyone without a the key or passphrase. You should only store your sensitive data if it is encrypted as it will make it much more difficult for hackers to get at:

  • Mac OS X: All the tools you need are preinstalled. Open Disk Utility (in Applications > Utilities) and then select File > New > Blank disk image... from the menu. In the dialog that appears, select either the 128-bit (faster, less secure) or 256-bit (slower, more secure) AES methods.
  • Windows: Not all version of Windows support file encryption (Windows XP Home Edition doesn't, for example). However, you can download TrueCrypt for free. As of writing this, it supports Windows XP to Windows 7, both x32 and x64.

Additional information: How do the hackers get in?

There are many ways for them to break into your account. I've explained some of the common methods below:

Keyloggers

Keyloggers are a type of computer malware that people often call "a virus," but it is very different from your ordinary virus. Keyloggers infect your computer and show no symptoms; they will not make your computer slower, delete your document or crash programs. Instead, they record what you type on the keyboard and send it to the hacker who wrote the keylogger. For hackers, this is a very appealing method since it has the potential to not only catch your passwords, but also your credit card numbers, online banking PINs and more.

Malwarebytes Anti-Malware is a free tool that is extremely effective at removing malicious software from your computer. The scan only takes 10 or 15 minutes, so I recommend running a scan at least once a week. Remember to update (click the "Update" tab) before running a scan!

Social engineering

To quote Wikipedia, social engineering is "the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques." The spam messages you get from a fake "PayPal" or "Your online bank" asking you to visit some random site and enter your credit card and password to confirm your account are a good example of very basic social engineering. Since social engineering is based on sneaky and dirty tricks, it is also the hardest to prevent since there is no real solution other than keeping a watchful eye.

Brute force attacks

Brute force attacks break passwords by trying different combinations over and over again until it finds the right one. This is why having simple passwords based on dictionary words are bad, since it would be a trivial task to find by brute force.

Rating: 
Tags: 

v1 blog offline

My "v1" Joomla 1.0.15 blog is almost a year old now and support for 1.x has been phased out, so for security reasons I think it's a good idea to finally take it offline. I've been able to import the old content here and I've also setup URL remaps, so you shouldn't notice a thing. Although if you are having trouble with a specific URL, please leave a comment and I'll fix the hole in the regex remapping rules.

Rating: 

Some new features

My trial enabling node comments went pretty well, I did have to handle the inevitable comment spam but there was nothing outrageous - only about one bogus comment a day. With comments being published only after approval they're extremely easy to spot as well, since typically the spammer will post the same comment twice or more once they realize "hey, it hasn't appeared on the page yet!"

So because of comments are functioning well I've just enabled some new features for my blog - namely, you can now leave your name & homepage when you leave a comment, although due to homepage spamming I've disabled all homepage links in the site theme until I find a better solution. As well, you'll notice the new rating widget (thanks to VotingAPI and Fivestar) on every node - feel free to leave any feedback or ratings on any of the blog or tutorial posts. Thanks!

Rating: 

Coffee commercial

I was joking around with a friend today and remembered an old commercial from a few years ago that (I think?) was for Maxwell House... Somebody opens a sealed can of powdered coffee and music comes on: Smells fresh, fresh! Exciting... It's so exiting to me!"

I found the original song (by Kool & the Gang) that the commercial spoofs but I can't seem to find a video of the commercial anywhere. If you happen to find it, please drop a link in a comment!

Rating: 

What I've been up to

It's been a while since I last posted, school has kept me busy and away from leisure programming, so of course I have nothing to blog about now! ;)

I recently bought Parallels Desktop 5 - while I won't go into a full review now, it's worth mentioning that I was very impressed and if you're looking for a decent virtualization product, I highly recommend it. There are a few glitches when using Crystal or Coherence mode with Windows, but I prefer Windowed or Fullscreen mode anyways so I haven't had any problems at all really. It's been great to be able to boot up multiple OSs at once without ever leaving OS X and rebooting, and that's not to mention that testing software on various Linux distros became a whole lot easier too.

Anyways, after exams I'm planning on posting a tutorial on setting up a hosting server (including web, mail, awstats, webmail, cacti) from scratch. Check back during the holidays if you're interested!

Rating: 
Tags: 

Who really is your cell phone service provider?

Although I haven't had any problems with my LG Rumor (aka LX260), I know it is one of the more troublesome phones so I've been expecting it to die soon. I currently have a texting plan with Virgin Mobile which has been working out great for me, but because it's a texting plan, it's short on minutes so for the past few months I've been paying overuse fees.

I've been looking around for other options, and this list from Wikipedia has been very handy: List of Canadian mobile phone companies.

Although I do realize that the Rogers has excellent coverage, I'm not going near them with a 10 foot pole... I'm going to compare my alternatives with the help of cellphones.ca.

Rating: 

The Yes Men - "Special Edition" New York Post

I came across the Yes Men's latest antics today: they have written their own New York Post fake all about climate change. The funny part is that even though the paper is a fake, the contents are completely factual. I think it's great! Check out the video below to see what people thought about the prank.

"SPECIAL EDITION" NEW YORK POST from The Yes Men on Vimeo.

Rating: 

Installing PHP 5.2.10 on OS X 10.6 Snow Leopard

Since my update to Snow Leopard, I was pleasantly surprised to find that Apple has updated PHP to version 5.3 and also included the GD extension. While I no longer have to rebuild the extension manually like on Leopard, these changes to PHP brought around a different problem: Drupal is currently not compatible with PHP 5.3 (#360605).

I've been trying to get my local Drupal installations working, and although the patch from post #84 works pretty well (when applied to a D6 CVS checkout), Ubercart is still nonfunctional. Since I am currently building and testing Ubercart-enabled sites, my only remaining option was to downgrade to PHP 5.2.10. I wanted to have the same extensions and options that Apple's PHP 5.3 build had, so I started by viewing the output of phpinfo() and copying the configure command. To compile PHP, locally installed copies of libpng, libjpeg and pcre are required so let's started with that:

  1. (Like in the Leopard tutorial, I assume you have installed the Xcode & related developer utilities and that all downloads are saved in the "Downloads" folder in your home). Visit the libpng, libjpeg and PCRE homepages and download the latest release available for both. As of writing, the most recent releases are libjpeg 7, libpng 1.2.39 and PCRE 7.9.
  2. Compile libpng and libjpeg statically:
    cd ~/Downloads && tar xfz libpng-1.2.39.tar.gz
    cd libpng-1.2.39
    ./configure --disable-shared --enable-static
    make && make install DESTDIR=`pwd`/localinstall

    cd ~/Downloads && tar xfz jpegsrc.v7.tar.gz
    cd jpeg-7
    ./configure --disable-shared --enable-static
    make && make install DESTDIR=`pwd`/localinstall

    cd ~/Downloads && tar xfj pcre-7.9.tar.bz2
    cd pcre-7.9
    ./configure --disable-shared --enable-static
    make && make install DESTDIR=`pwd`/localinstall
  3. Since PHP will be built with MySQL support, download and install MySQL x86_64 for OS X. As of writing, the latest version is 5.1.38.
  4. Download PHP 5.2.10, available here
  5. Next, PHP needs to be prepared for compilation. As detailed in PHP bug #49267, a small change is required to get PHP to compile on Snow Leopard:
    1. Type in the terminal:
      cd ~/Downloads && tar xfj php-5.2.10.tar.bz2
      cd php-5.2.10
      nano ext/iconv/iconv.c
    2. Skip down to line 185 (Tip: <ctrl+c> shows current line)
    3. Remove the lib on #define iconv libiconv so that the code reads like this:
      #ifdef HAVE_LIBICONV
      #define iconv iconv
      #endif
    4. Hit <ctrl+o> and to save the file
    5. Hit <ctrl+x> to quit nano
  6. Now, PHP is ready for compilation. We will use a configure command relatively similar to the command extracted from phpinfo() earlier:
    ./configure '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--sysconfdir=/private/etc' '--with-apxs2=/usr/sbin/apxs' '--enable-cli' '--with-config-file-path=/etc' '--with-libxml-dir=/usr' '--with-openssl=/usr' '--with-kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-calendar' '--with-curl=/usr' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/Users/shortname/Downloads/jpeg-7/localinstall/usr/local' '--with-png-dir=/Users/shortname/Downloads/libpng-1.2.39/localinstall/usr/local' '--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--enable-mbstring' '--enable-mbregex' '--with-mysql=/usr/local/mysql/' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-mysql-sock=/tmp/mysql.sock' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-xmlrpc' '--with-xsl=/usr' '--with-pcre-regex=/Users/shortname/Downloads/pcre-7.9/localinstall/usr/local'

    EXTRA_CFLAGS="-lresolv" make -j2
    Remember to replace shortname in /Users/shortname to your system account's shortname. If you're not sure what that is, type whoami in a terminal to find out.
  7. Finally, backup Snow Leopard's PHP extension so that PHP 5.3 can be restored later, and copy the PHP 5.2.10 extension in its place:
    sudo mv /usr/libexec/apache2/libphp5.so /usr/libexec/apache2/libphp5.so.orig106
    sudo cp libs/libphp5.so /usr/libexec/apache2/libphp5.so
  8. The final step is to restart Apache - this can be done by toggling Web Sharing in System Preferences, or alternatively via the apachectl command:
    sudo apachectl restart
  9. That's all! Now run phpinfo() and verify that PHP 5.2.10 is up & running. While I was trying to get this working, I stumbled accross two compile errors - for the sake of completeness, I've listed them below along with the failure cause:

    1. This error occurs if EXTRA_CFLAGS="-lresolv" is not used while compiling PHP:
      Undefined symbols:
        "_res_9_dn_expand", referenced from:
            _zif_dns_get_mx in dns.o
        "_res_9_search", referenced from:
            _zif_dns_get_mx in dns.o
            _zif_dns_check_record in dns.o
        "_res_9_dn_skipname", referenced from:
            _zif_dns_get_mx in dns.o
            _zif_dns_get_mx in dns.o
      ld: symbol(s) not found
      symbols:
        "_res_9_dn_expand", referenced from:
            _zif_dns_get_mx in dns.o
        "_res_9_search", referenced from:
            _zif_dns_get_mx in dns.o
            _zif_dns_check_record in dns.o
        "_res_9_dn_skipname"collect2: , referenced from:
            ld returned 1 exit status_zif_dns_get_mx
      in dns.o
            _zif_dns_get_mx in dns.o
      ld: symbol(s) not found
      collect2: ld returned 1 exit status
    2. This error occurs if the #define iconv libiconv is not changed to #define iconv iconv
      Undefined symbols:
        "_libiconv", referenced from:
            __php_iconv_strlen in iconv.o
            _php_iconv_string in iconv.o
            _php_iconv_string in iconv.o
            __php_iconv_strpos in iconv.o
            __php_iconv_appendl in iconv.o
            __php_iconv_appendl in iconv.o
            _zif_iconv_substr in iconv.o
            _zif_iconv_mime_encode in iconv.o
            _zif_iconv_mime_encode in iconv.o
            _zif_iconv_mime_encode in iconv.o
            _zif_iconv_mime_encode in iconv.o
            _zif_iconv_mime_encode in iconv.o
            _zif_iconv_mime_encode in iconv.o
            _php_iconv_stream_filter_append_bucket in iconv.o
            _php_iconv_stream_filter_append_bucket in iconv.o
      ld: symbol(s) not found
      collect2: ld returned 1 exit status
Rating: 

Boot Camp 3.0 + Windows XP Service Pack 3 = installation error

Seeing as I completely reformatted my MacBook Pro's hard disk, I also had to reinstall Windows via Boot Camp 3.0 today. Everything went well, however when the time came to install Service Pack 3 (my copy of XP is an SP2 OEM disc), I received an odd error I had never seen before:

An error occured while copying file osloader.ntd.  Cannot copy file to destination directory.  Click Retry to retry the operation or click Cancel.

A Google revealed that this error is caused by an Apple's new HFS+ drivers for Windows, as detailed here. Simply following the instructions and renaming the driver fixes the problem. After installing SP3, I restored the HFS+ driver to it's original state and all is well.

Rating: