Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Well WP-Poll served well for quite some time, although it occasionally had some quirks. It never really did like the sidebars on themes, or at least the 3 column themes seemed to confuse it too much. Worse, the fact that it is AJAX meant on a hardened site that a user that wasn’t logged in could not vote, so the combination of the two really just made it all confusing and frustrating. It looks like it is time for a replacement.
Partial “Recents” screen on iPhone displaying caller ID info
You get a call, and you see it is from your bank, so you naturally answer it. Or, maybe you just answer it, and they claim to be from your bank, so you whip out your credit card and look at the back of the card and notice that it matches the caller ID. Maybe the person on the other end even directs you to compare the numbers. ”There is a problem with your account,” they claim.
Here is the problem: They are not really your bank at all. They spoofed the phone number in the caller ID. The caller ID is such a convenience that we’ve come to rely upon it, but it isn’t foolproof by any stretch of the imagination. In fact, “phreaking” has been around a long time and includes all sorts of ways to work around the weaknesses of the traditional phone system in order to exploit them.
It appears that the WordPress Poll plugin requires a login in order to work correctly. It is odd, as I don’t remember it requiring it in the past. At any rate, the login process has changed, and the plugin does not redirect properly if you do not. There have been a few complaints about the poll plugin, but it wasn’t until this morning that someone (thanks!) gave me enough detail to work through what was going on.
I’m in the process of changing the titles to reflect that you must login prior to answering the poll or viewing the poll results. Meanwhile, I may have to roll up my sleeves and look at some code in order to get this to work the way it’s supposed to but not break the security in place. It’s funny because the login process was the last thing I wanted to change, and it is about the stupidest change there is, yet it has cut down bogus traffic to almost zero!
How a dumb business strategy turns unethical and makes Apple look stupid
In a rather scathingly toned article, TechEYE.net tells us that “Apple betrays its Snow Leopard users“. The problem I have with the article is that they seem to want to throw all sorts of things at Apple regardless of whether or not they contradict themselves.
For example, they subtitle the piece “Demands they change their spots”, but later on say, “But it is not as if Apple has actually told users that it wants them to upgrade.” So, if they told them nothing, they cannot “demand” anything either. You cannot have it both ways. Having said that, this doesn’t mean there isn’t a problem here that crosses the ethical line of not harming your customer.
Email tracking has now gotten creepy
I was actually sort of hoping to do a double Geek Friday to make up for one or two weeks I could not. However, there is a surprising trend in email that might alarm you. According to On the Media, “A Stranger Can Find Out Where You Are By Getting You To Open An Email“. It is about a new service called Streak, which can tell if an email was opened, when it was opened and (this is the disturbing part) where it was opened.
You need to read this through (or at least the cited articles) if you are not aware of how this work and, more importantly, how to stop it.
After some interesting turns with Dropbox when it suffered an outage (the only one I know about, BTW), I tried using Google Drive. As you are probably aware, Google does not have a native Ubuntu client, so I had to turn to some third party beta tools.
Yes, they are all very much beta. I tried SyncDrive (which has folded?) and Grive Tools, but they mostly seemed to only work one way. SynDrive in particular seemed very sparse on documentation, and there are limits to what even I will go to for information.
“Windows 7 Experience Bus”
Photo by Rico Shen, used under CCA-SA
All I can say is “Wow!”
In an extremely harshly titled article by PCWorld, “Windows 7, XP vulnerabilities doubled in 2013, but IE’s Flash made Windows 8 biggest loser“, we read (emphasis mine):
I was going to just post a link on g+ to Gizmodo‘s “Why Apple’s Recent Security Flaw Is So Scary“, but then I noticed this update after bookmarking it this morning:
Update, 2/25/14: Apple just released OS X 10.9.2, which patches the security flaw described below. Go download it from the App Store right now, preferably over a secure network.
One thing that the article points out is that this “happened” to occur right around the same time that Apple supposedly entered the PRISM program. It even gives a link (tinfoil hat optional) to someone who mapped out the timing. This is a conspiracy theorists dream!
Having made my fair share of programming mistakes, it is difficult to state that this was intentional. In fact, it borders on the absurd, for it is more like one of those “D’oh!” mistakes.
Would Apple intentionally open up all of its devices to be vulnerable in any unsecured open network? No, that would be (and even still could be) lawsuit fodder.
Did I mention that bitcoin cannot stay out of the news?
PCWorld yesterday ran “Bitcoins, other digital currencies stolen in massive ‘Pony’ botnet attack“. It appears that the Pony botnet’s main job is to gather personal information, but it has recently been used to target virtual wallets. Since bitcoin is a virtual currency, a virtual wallet is required for storage.
As it turns out, bitcoins are created with encryption, transferred with encryption, but many people do not bother encrypting their digital wallets. Thus, they are prime targets. It bothers me, though, that the article says “most” of the wallets broken into were not encrypted. Does that mean some of them were?
Look, the lure of making big bucks via bitcoin certainly sounds tempting. It has a good exchange rate. However, there have been enough shenanigans the past six months to give one pause. It is still an immature currency, and there are few safeguards.
It should be noted that Pony has been used to steal login and personal information from some social media websites as well.