Skip to content

Year: 2008

Some CSS Resources

I found an excellent resource for Cascading Style Sheets (CSS), which has a list of great tutorials and examples for the beginner or intermediate CSS user. These are the basics when any developer or designer should have a handle on:

9 Top CSS Essential Skills That Every Web designer Should Learn

If you are looking for something a bit more advanced and on the bleeding edge, check out CSS Tricks, an excellent site with video tutorials and LOTS of other great CSS and design-related things. The author of the site is into jQuery too, so he has a lot of blog posts about tips and tricks related to that. Great stuff!

Apple Doesn’t Understand This “Secure” Thing

For years, people have loved Apples and Macs because of their relative security when compared to the likes of Microsoft, who are the target of tens of thousands of viruses, worms, trojans, and other types of malicious programming.

A large part of this has been because of the prevalence of Microsoft Windows, and the fact that Macs make up a tiny little percentage of the home or office computer realm.  However, ever since Apple released the iPhone, it would seem as if they have taken a step out into the world of the unknown, venturing into new territories where no one has gone before.

The problem is, many people have already been in these territories for many years, and Apple obviously has not been paying attention.  It’s like they never considered the thought that once they started venturing outside of the obscure marketshare into the eye of the general public, they too would become targeted by script kiddies, spammers, and all-around evildoers.

The fact of the matter is, Apple, Macs, iThings, and everything else they are doing IS being targeted more now than ever before, and unfortunately, Apple is sitting around wondering why instead of doing anything about it.

Take, for example, this new TechCrunch article explaining a simple way for spammers to harvest all the email addresses of MobileMe users.

From the article:

Apple knows about the problem but insists it isn’t an issue because no one has complained publicly. An Apple representative said to one of our readers: “We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry.”

Um…ok.  So if I use MobileMe, I can expect a lot of spam.  Maybe they think I’ll get used to it.

TechCrunch goes as far as suggesting that Apple is falling apart at the seams.  They suggest failures with customer service and security exploits as warning signs.  The sad part is, Apple seems to either not care about fixing things, or just not get it, both of which are starting to come off as being arrogant.

Look at the recent ‘patching’ Apple did with the widely-publicized DNS spoofing vulnerability last month.  While every other vendor quickly tackled the problem, Apple released a patch that fixed only their server products, leaving their entire desktop user base still vulnerable.  It took them two more weeks, but on August 15 they finally patched it for everyone.

The nature of being secure, in my opinion, relies upon being open, recognizing vulnerabilities, and taking them head-on.  That’s why there is such a large, active community of security-aware researchers, vendors, and system administrators out there.  Apple seems to be shying away from all of this, perhaps out of naivity, perhaps out of conceit.

Whatever the case, I sincerely hope they come to their senses before it is too late.

SSH Apps for iPhone

Just before the iPhone/iPod Touch 2.0 update, I restored my iPod Touch
after having had it jailbroken for a few months. One of the immediate
things I missed was the SSH client. Then I learned that recently, a few
SSH clients had popped up in the App Store, which pleased me to no end,
especially once I discovered the best one to use.

Thanks to Mr. Cooper, who had already done the research, I downloaded
Touch Term, which is a pretty slick little SSH application. There are
certainly a few things lacking, which is explained in this nice article about all the available
SSH apps
, but it certainly gets the job done.

And really, this was about the only reason I still considered
jailbreaking my 2.0 iTouch. Now, however, I don’t think I need to.

Big Foot Hoax

Last week there was a lot of buzz online regarding the discovery of a
dead sasquatch.
I’m sure you probably heard about it.

I watched the news conference led by the two guys in northern Georgia
(the state, not the country) who had allegedly discovered the
body
while out hiking. After the news conference, I had my doubts.
The ‘expert’ that these men had recruited started blinking really fast
when directly questioned about certain topics, and it led me to believe
he was lying. Then he showed some blurry photos and didn’t offer any
real proof that what they claimed happened actually did. If you have a
dead big foot sitting in your garage, even a yokel from Georgia could
take a decent picture with a digital camera.

Apparently the men who discovered the body sold it to some researchers.
This is where the impetus behind the hoax comes in. Once the
researchers decided to unfreeze it, the truth came out. A
doggone monkey suit!

But on the other hand, don’t you love monkey suits? I remember my
grandmother made me one as a halloween costume when I was about 10.
Actually, it was a gorilla suit, but it was still fun. It was the only
gorilla in the neighborhood who wore sneakers.

Resurrection: Geekamongus.com

I decided to resurrect my old Geekamongus.com site. Instead of filling this personal site with loads of technical blog posts no one cares about, I thought I’d dedicate a site to computers, the Internet, security, and anything else geeky. It made sense to use Geekamongus.com to do this.

So, look forward to more posts about personal things and whatever I’m thinking about here, and head to Geekamongus.com for the geeky stuff.

I intend to keep the new site on a ‘lay person’ level, providing articles to help people with computers and the Internet. I figure there are a lot of people who could use free advice, and it makes it fulfilling to think I might be helping someone.

So go tell your friends!

Practical Security: Secure Email on Public Wifi Spots

In my revised capacity at my current job, I’ve been handling a lot of
security issues: hardening of systems, software, and processes. I’ve
also been studying for the Security+ certification, so needless to say,
security has been at the top of my mind the last 5 months, and I wish it
would be at least a little closer to the tops of the general public’s
mind.

I’m going to start a new series of blog posts here called Practical
Security in which I will pass on some of the more relevant best
practices relating to the typical internet user, in hopes of helping to
raise awareness amongst anyone who happens to read this blog. (Yes, all
4 of you).

Using Email on Public Wifi
(and the high level of risks therein)

Question:
How often do you stop at a coffee shop to check your email with your
laptop, or leech that open ‘linksys’ network while sitting at a traffic
light with your PDA to shoot off a quick note to your boss? OK, maybe
I’m the only one who does that at traffic lights, but you get my point.

If you have a portable device that can access the Internet, my guess is
that your answer is “quite often”.

Question:
How many of you have configured your email to use some sort of
encryption? (Cue the crickets chirping).

As this excellent StopDesign article explains:

What you may not realize is how easy these low security settings
allow someone else on the same network to spy on the data passing around
on that network. Just because you’re the only person who can see your
laptop screen, doesn’t necessarily mean you’re the only one who can see
the email message you just got from a friend. Just as easily as someone
could sit near you in a quiet cafe or library and overhear your entire
verbal conversation with another person, so could they “listen in” on
all the usernames, passwords, and messages passing to and from your
computer. (And everyone else’s computer for that matter.)

Kinda scary, huh? If you think about it, once they have your email
account password, it’s not too hard to go to your bank and generate a
“lost password” request, which will get sent to your email address,
which they now have control of. Or they might simply decide to send a
breakup letter to your boyfriend on your behalf if they are not feeling
so malicious. Or maybe they thought it would be funny to email your
boss and tell him how good he looks when he gets out of the shower.

By default, email is not secure!

Yes, this includes you, Mac user. Yes, this includes you, Gmail/Yahoo/Hotmail/AOL user.

Make sure your email is on a secure connection!

The Lowdown
If you use a webmail service such as Hotmail, Yahoo Mail, Gmail, or the
like, make sure your web browser (Internet Explorer, Safari, Firefox,
etc) is in “secure” mode by looking for the lock icon. Alternately (or
additionally), look at the address bar of your web browser to make sure
the address showing starts with https and not just http.

If you use Outlook, Outlook Express, Thunderbird, Mac Mail, or any other
‘program’ on your computer to manage your email, there are ways to set
up these applications to run only on secure connections using SSL, TLS,
SSH, and other methods. You may need to consult your local IT guru or
read the rest of the StopDesign article, or this well-written article entitled “5 Steps to Make Your Email Secure“.

Whatever you do, stop checking your email at Starbucks unless you know
it is secure!