| 
Web Development
How to fight the "Mugged overseas" email scam PDF Print E-mail
User Rating: / 19
PoorBest 
News - Web Development
Written by Tim Black   
Wednesday, 17 August 2011 13:17

Has one of your friends apparently sent an email like this?

My sincere regrets for this sudden request, things actually got out of control on my trip to London. I was mugged,all my belongings including cellphone and credit card were all stolen at gun point. I need your help flying back home and paying my Hotel bills. Am cash strapped at the moment. I've made contact with my bank but the best they could do was to send me a new card in the mail which will take 3-5 working days to arrive here.

I need you to lend me some quick funds to sort my self out of this predicament, i will remit the funds as soon as i return. Western Union or Money-Gram is the fastest option to wire funds to me. Let me know if you need my details(Full names/location) to effect a transfer. You can reach me via my email because the hotel has internet access in the lobby I'm sorry for all the inconveniences. I just didn't know how else to contact you quickly.

Thanks

It's a scam.  Here's what I do in response:  I send my friend the following email (I sent this today to an OPC missionary in Uganda whose GMail account was hacked), and / or call him on the phone:

----------------------

You should know that this email went out impersonating you using your email address.

I'm somewhat familiar with the scam below, because a number of my friends have been victimized by it.  Most of my friends don't travel out of the country very often, but you do(!) so the email below might fool more recipients than normal.  Normally the way the scam begins is by a hacker hacking into your real email account and sending false emails from your email account to people in your address book.  Because it begins that way, the two key steps to fixing the problem are:

1) to change your email account's password, and

2) to double-check that email account's backup email address--the email address (like one on Yahoo or some other domain name) which in this case GMail will use to communicate with you in case they cannot contact you through your GMail email address--GMail will send your password to you at that backup address if you ask GMail to remind you of your password.  Scammers sometimes change that backup email address to one they have access to, so they can request your password if you change your password to keep the scammer out of your email.

Another thing you should do, if you believe the email below went to others in your address book (the "To" header of the email I received said "undisclosed-recipients:;" which means my email address was in its BCC (blind carbon copy) list, so I can't tell how many people received the scam email) is

3)  notify everyone in your email address book that the email below is a scam.

How did the scammer hack into your email account?  I've heard of several ways:

  • they can run a program that tries millions of passwords out on your account's login form,
  • or they can do "packet sniffing" on wireless networks that are not secure (they require no passphrase or encryption key) or use weak encryption (WEP encryption is weak encryption and software is readily available to break through its encryption quickly),
  • or if they have access to the router / wireless access point (like they own the coffee shop), they can do "packet sniffing" too, which is where they examine the "packets" of HTTP traffic between your computer and the router and find your password in that traffic,
  • or they can create a JavaScript link in (or just a script that runs in the HTML of) an email that steals your email account's password from a cookie in your web browser (this only works when you're viewing email in the same email account that is being hacked)
  • or they can put JavaScript code in a web page that exploits a security flaw in your browser and thereby steals a cookie or your password directly from your email provider's page in ANOTHER TAB in the same browser window or perhaps in another browser window.
I mention all this detail because you're in Uganda, and it would be wise to take several further measures to prevent this from happening again:

4)  Beware that on unsecured, or on WEP-encrypted networks, you should avoid logging into accounts you don't want hackers to get into.

5)  Even at strongly-secured (WPA encryption) wireless and wired networks in public locations, be aware that you cannot always trust the owner of the network.  Decide whether you trust the owner before using a password over the network.

6)  Upgrade your web browser to its most recent version.

7)  To deal with the first JavaScript hack method mentioned above, don't click on links in your email, and consider (depending on how paranoid you want to be) not opening other web browser tabs or windows where you'll enter a password while reading your email.  Instead, if you want to be as secure as possible, you can open just one tab in one window, enter the password, do your work, then log out, (optionally clear your cookies, but I wouldn't do that), then close the browser window.

8)  To deal with the second JavaScript hack method, don't enter passwords in one browser window or tab when you have another browser window or tab open.  Especially avoid the situation where one tab has your bank account open, and the other tab has an untrustworthy (maybe local Ugandan) site open, because that is the sort of situation the second JavaScript attack exploits.

I know some of the above practices may be more restrictive than what you need to do in your situation, but I want you to be aware of the best recommendations I've read to deal with this sort of problem, and you can decide what you think best to do.  I also have in mind, as you are more aware than I am, that sometimes criminals can get away with more in third world countries than they do here in the US.
Last Updated on Wednesday, 17 August 2011 13:30
 
Spam emails from the "International Charity Company" PDF Print E-mail
User Rating: / 24
PoorBest 
News - Web Development
Written by Tim Black   
Friday, 29 July 2011 20:05

This evening I received lots (128+) of backscatter spam emails from someone who is forging the emails' "From" header using my This e-mail address is being protected from spambots. You need JavaScript enabled to view it email address.  Because it's backscatter spam I can't view the original emails' full headers and take any action to report the sender's IP address or ISP to the FBI or complain to the originating ISP.  So, after warning the sender via email that I would do so if he did not stop, I'm resorting to using public shame.

I'm writing this post to publicly defame "Bill Braun" and the "International Charity Company," whose German name is "Internationale Wohltätigkeits Gesellschaft," and to attempt to preserve my good name.  If you received an email purporting to be from this company, please know this is a spam email, and I did not send the email to you.  I recommend you do not do business with the "Internationale Wohltätigkeits Gesellschaft," if it is a real company.  Its name does not appear on the internet, so I doubt the company even exists.  The only place I could find it mentioned is on this native German-speaker's blog, who says the email is spam, and notes that it uses incorrect grammar, so is a good example of bad German someone fished out of the "Babelfish-Aquarium." Smile

The HTML version of the spam email is below.  At the bottom of the email, I've included several of the email addresses I've found in the backscatter spam I've received, to help you be sure you received the same email I'm describing.

 
 
Charity Company
Internationale Wohltätigkeits Gesellschaft sucht, dringend, Teilzeit Kräfte in Festanstellung im gesamten Umkreis des Vereinigten Königreiche von Germany. Wir suchen Mitarbeiter, im Alter zwischen 18 bis 75 Jahren, für wirklich einfache anfallende Aufgaben und die Durchführung einfacher organisatorischer Aufträge.

Sie benötigen hierfür weder eine berufliche Qualifikation noch eine besondere Ausbildung. Es wird auch keine Berufserfahrung in dieser Sparte, erwartet.

Alles was Sie, für diese Tätigkeit benötigen, ist:
  • einen Internet Anschluss
  • die Fähigkeit, täglich, E-Mails und Telefonanrufe, zu beantworten
  • Verstehen der Englischen Sprache
ENGLISH VERISON



International Charity Company is urgently looking for part time permanent representatives within the whole territory of the Germany. We need people at the age of 18 to 75 for rather easy work on processing of the incoming tasks and performancing of simple management duties.

You don't need to be a specialized professional or to have special training. We also do not require the working experience in this field. You can earn - Over 1500 Euro monthly which highly depends on your results.

Basic requirements for this job are:
  • Internet access
  • Ability to answer emails and phone calls every day
  • Understanding English
To apply:
Please send your contact details to This e-mail address is being protected from spambots. You need JavaScript enabled to view it

- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
- OR - This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
Last Updated on Friday, 29 July 2011 20:47
 
Which Linux Distribution Should I Install? PDF Print E-mail
News - Web Development
Written by Tim Black   
Friday, 03 December 2010 23:22
A friend asked,

I am trying to put a Linux OS on a [friend's] computer, and I have found that there are 3 different versions: Linux Mint, Ubuntu, and Fedora. Which one are you running, and what do you like about it?

There are many (600?) versions ("distributions") of Linux. I'm using Ubuntu, and recommend it highly. This site can help you pick a distribution that is right for you: http://www.zegeniestudios.net/ldc. I tried Redhat, which became Fedora, from 1999 to about 2006, and always found it either wasn't compatible with my hardware, or I had problems configuring it correctly. Then I tried Ubuntu, and found it installed easily without as many hardware/configuration problems, and I was able to be productive on it. Ubuntu is the most popular distribution (which means better stability & features, and more support from other users), it focuses on being easy to use, and it's known for its broad hardware support. Though I've never tried it, Mint appears to be Ubuntu plus some media codecs and a few other niceties to improve the user experience, so it might be easier to use than Ubuntu. I've installed some of those media codecs myself along the way (by adding the Medibuntu & proprietary hardware drivers repositories), so it might be nice to get them from the outset in Mint. However, I've found that Ubuntu makes it very easy to install those extras when you need them--it prompts you with a popup asking if you want to install what you need. So it's a minor judgment call for you to decide between Ubuntu & Mint; I'd just install Ubuntu since I've had such a good experience with it. As a more major judgment call, I recommend you don't try Fedora, since I only had trouble with it.

I have to say, the design of linuxmint.com (ads, blog layout) vs. ubuntu.com makes me think Mint doesn't have nearly as many users as Ubuntu.

One key way to avoid hardware driver problems is to buy computer hardware that is already known to work fine with Ubuntu (or whatever distribution you're planning to use.) Another way around hardware driver problems is to try out your sound, high screen resolutions, bluetooth, wifi, etc., with your preferred distribution's "Live CD"--just run Linux directly from the CD (or flash drive, which is a bit more convenient).

Another issue in comparing Ubuntu & Fedora is that Fedora's emphasis is on bringing out new versions quickly to push new application features out quickly, and so it leans toward being unstable--things might break when you upgrade, and you might have to fix them. New features are fun, but broken computers aren't. Ubuntu's emphasis is on making Linux easy to use on the desktop, so it's devoted to guaranteeing new versions are stable, and its new versions are more stable than Fedora's. Both Fedora & Ubuntu are on a 6 month release cycle, but the difference is Fedora only maintains old versions for 13 months, while Ubuntu distinguishes some releases (every 2 years) as "Long Term Support" (LTS) versions which are especially stable and supported for 3 years. The underlying reason for this is that Ubuntu is based on Debian, which has a 2 year release cycle, and is divided into three distributions: stable, testing, and unstable (named "sid" after the destructive boy in Toy Story! sid will break your toys.) Regular 6 month Ubuntu versions are based on the previous Ubuntu version and Debian unstable, with enough stability, security, and usability fixes to make it stable. Ubuntu LTS versions are based on the previous version and Debian testing. This creates a blend of new features and stability that I've come to like very much. By way of contrast, Fedora's new features slowly find their way into Redhat Enterprise Linux (RHEL/CentOS), which is released less frequently, is very stable, but also ends up giving you out of date software. Some other distributions (e.g., SUSE, I think) focus on stability & the enterprise users who want it, and I'd avoid that kind of distribution, because I do want new features too. But more than that, I want it to "just work," and normally Ubuntu does just work for me.

Why I like Linux in general--it provides me all the software I need, for free, and automatically updates it all in one shot.

 
3 Simple Rules that Will Make You A 'Superstar' Developer PDF Print E-mail
User Rating: / 7
PoorBest 
News - Web Development
Written by Tim Black   
Monday, 01 February 2010 14:23

This is hilarious:

http://coderoom.wordpress.com/2010/01/28/3-simple-rules-that-will-make-you-a-superstar-developer

Last Updated on Monday, 01 February 2010 14:28
 
Why I integrate Google Calendars into clients' sites PDF Print E-mail
User Rating: / 9
PoorBest 
News - Web Development
Written by Tim Black   
Friday, 10 October 2008 12:46

I integrate Google Calendars into my clients' websites because Google Calendars are free, allow group sharing & editing, integrate multiple calendars into one, and are very easy to syndicate.

Let me explain by way of an example. I have a lot of calendar events to keep track of--my wife and my schedules, anniversaries & birthdays for family & friends, events at church, at my business, clients' calendars, and as a pastor, various community calendars scattered throughout multiple websites and printed publications. I really don't want to compare multiple calendars with each other every time I add an event to my own personal calendar.

Too many calendars!

So I've grouped all the events I can control in separate calendar files under one Google Calendar user account. I open my Google Calendar and all my different events display in one unified view. My wife and I share some calendar files so we can both edit them, even simultaneously from different locations.

Ahh, one calendar

But the events I can't control still live in websites & newsletters where I have to manually enter them into my calendar if I can find the time. What's more, if I install a calendar for my clients that can't easily be syndicated via RSS and thereby integrated into another calendar, too often the client simply doesn't use the calendar. Disconnected calendars are an evil; even a result of the Fall and probably of Babel. But there is a solution.

Not integrated!

Normally I'm not real excited about retyping someone else's calendar events. But in one case I did type them in: I want to go to my local high school's sports events to get to know people in the community, so I added all the high school's sports events to my calendar, in its own calendar file. Google makes it easy to put that calendar into any web page by inserting a little code Google provides, which results in a calendar like the one below.


New and improved!

Works great! So now I know what's going down at the football stadium. And what's cool is all my friends can add these events to their own calendar by clicking the "+ Google Calendar" button at the bottom. But I don't want to add the high school's events to this calendar every time the high school's own calendar changes. Nor do I want to be promoted to the "Calendar editor" position at the high school. They already pay someone to do that.

So I shared the calendar with her and gave her editing privileges. She can give editing privileges to anyone else she needs to in the school, and create and integrate different calendars for other kinds of school events (PTA, School Board, clubs, etc.) Now all that needs to happen for me, my friends, and any parent in the school district to have a perfectly up-to-date calendar is:

  • for the right school administrator to approve replacing the school's current calendar with a Google Calendar,
  • for them to approve posting the little bit of code above into their calendar page on their website,
  • and for people who visit the calendar to add it to their own personal calendar.
Last Updated on Monday, 13 October 2008 13:51
 
<< Start < Prev 1 2 3 4 5 Next > End >>

Page 2 of 5