Tech News Blog
4.15.05
More Bad News for ID Theft
As if we haven't digested enough bad news associated with ID theft, CNET has more fuel for the fire in regards to the loss of sensitive credit data to crackers. This round it is GM MasterCard and Visa credit card holders that have made charges at Polo Ralph Lauren.
Credit card data theft could grow in scale
Blog: Both MasterCard and Visa have confirmed a security breach at a U.S. based retailer that may have compromised the credit card... [CNET News.com] 

Attack of the Kelvir
The instant messaging system of Reuters news service was attacked by the Kelvir worm (learn more about Kelvir at Secunia) and the response from Reuters included shutting the system down:
Worm attack forces Reuters IM offline
The media company confirms that it shut down its instant messaging system after a new Kelvir worm attempted to spread over its network. [CNET News.com - Security]

Banks in Britain Have it Spot On
The banks in Britain are becoming pro-active in the battle against Internet crooks and providing their customers with a device to verify their identity, read more about this issue in CNET:
British banks to provide extra Web security
Customers to get hardware device to bolster authentication when banking online. [CNET News.com - Security]

Struggling With Taxes, You're Not the Lone Ranger
If you are still struggling with your taxes, take heart because you are not alone. In fact, the news is so slow, it almost seems that many of the tech news organizations are away filing their tax forms. See the story regarding this issue below or if you are in search of TurboTax advice, see the tips and extras from yesterday's news.
Last-minute tax filers hit the Web
Millions of people visit IRS.gov and other tax-related Web sites just days ahead of Friday deadline. [CNET News.com]

Leo Speaks Geek We Can All Understand
Leo Laporte is The Tech Guy on KFI and he is back from his trip to Europe and ready to answer your questions from 11am to 2 pm on AM640 in the Los Angeles area or you can listen on the Internet; just visit Leo’s web site and clink on the KFI logo. After help record the show notes for Leo the over the past two weekends, I’m looking forward to just ‘listening’ to Leo and not worrying about finding the link he’s referring to.

Does He Know Something We Don't?
The Register is featuring an interesting article on President George W. Bush; according to the article, the President is worries over Internet security and fears someone might read his 'personal stuff'. Does the President know something that the rest of us don't?
George Bush fears email privacy breach
'I don't want you reading my personal stuff', prez tells press [The Register]

Open Source Updates
Secunia has these updates for the open source user: Ubuntu (1, 2), Solaris, FreeBSD, Fedora, and SuSE.

Tip of the Day from Multiple Platforms: IRS Web Site URL?
(Re-published from yesterday) It is nice to know that I won’t need the URL of the Internal Revenue Service having already filed electronically with TurboTax, but in the event that you still need a last minute form (like an extension: Form 4868) here is the URL for the Tax Men and Women at the IRS: http://www.irs.gov/. Good Luck.

What is DEA?
Wikipedia has this explanation for DEA, “Disposable email addressing (DEA) is the name of an alternative way to share and manage email addresses. The idea behind DEA is to create a new, unique email address for every contact or recipient. This makes a point-to-point connection between the sender and the recipient.

Subsequently, if the address is compromised or abused in any way, it can be easily cancelled (or "disposed") without affecting any other contact. If an address is cancelled or replaced, no more than one person/contact has to be notified of the change.

By comparison, the traditional practice of giving the same email address to multiple recipients means that if that address is subsequently cancelled, many legitimate recipients will have to be notitified of the change and their records updated - a potentially tedious process.

The key element with DEA is that a different, unique disposable email address is created for every recipient, and that it is shared only once.

Most likely, but not always, a DEA is cancelled because the email address is being used in an illegitimate manner. This may occur because an email was accidentally released to a spam list, or because the recipient was purposely deceptive and unscrupulous. Whatever the cause, DEA allows the user to take unilateral action by simply canceling the address in question. Later, the user can determine whether to update the recipient or not.

For convenience sake, disposable email addresses typically forward to one or more real email mailboxes where the messages are received. The recipient of a DEA never needs to know the real email address of the user. If the DEA is managed in a database, it is also possible to quickly identify the expected sender of each message by retrieving the recipient of each unique DEA. Used properly, DEA can also help identify which recipients are handling email addresses in a careless or illegitimate manner. Moreover, it can be an effective tool for spotting counterfeit messages, or phishers.

DEA is most useful in situations where you suspect the email may be sold or released to spam lists or other unscrupulous entities. The most common situations are online registrations for things like discussion groups, bulletin boards, chat rooms, online shopping, and download websites.

At a time when email spam is an everyday nuisance, and identity theft is a real danger, DEA can be a convenient tool for keeping someone safe and sane.”

Tech News Blog
4.14.05
Windows Problem Serious
The Microsoft Windows flaw we reported on yesterday has earned a ‘highly critical’ rating from Secunia and elicited an acknowledgement from Microsoft according to a report from CNET. The hook to this open door to your PC uses a ‘.mdb’ file that opens in Microsoft Access.
Possible Unpatched Office Flaw Investigated
Vulnerability was not one of the eight patched by Microsoft on Tuesday. [PCWorld.com - Latest News Stories]

Comcast Users Can't
Comcast were without service for the second time in less than a week although this customer has yet to be impacted, the same can not be said for a portion of Comcast's seven million subscribers. CNET has this article:
Another broadband outage strikes Comcast
Three-hour outage comes after a similar domain name server issue downed the service for six hours last week. [CNET News.com] 

Thirty Dollars Off .Mac Account
Now you can get a .Mac account for $69 or try it out free for sixty-days by clicking on the link to the left or here.

Open Source Updates
Secunia announced these updates for open source systems: Gentoo (1, 2, 3), Mandrake (1, 2), Fedora, Ubuntu, and Debian (1, 2).

Tip of the Day from Multiple Platforms: IRS Web Site URL?
It is nice to know that I won’t need the URL of the Internal Revenue Service having already filed electronically with TurboTax, but in the event that you still need a last minute form (like an extension: Form 4868) here is the URL for the Tax Men and Women at the IRS: http://www.irs.gov/. Good Luck.

What is the IRS?
Today many of us are thinking of the IRS as the Internal Revenue Service, but those who spend time in the chat room have a different interpretation of IRS. For those chatting, IRS is shorthand for: ‘I Respect Someone’ according to Answers.com/.

Editors Note: I published the following tips and comments on April 4, 2005 and for the benefit of those who work best under pressure, here they are again:

Do You Have SP2?
If you haven’t installed Microsoft’s SP2, you might want to before you try and use TurboTax (see the items below: Multiple Platforms Tip of the Day) and if you are not sure if you have the update installed, follow this path to find out: Start/ Control Panel/ System. The system window will display the operating system installed and if you have installed the update, you will see the words Service Pack 2. Remember to completely clean you PC of spyware and viruses before attempting to update to SP2. A majority of those Windows users that experienced problems with the update had spyware or virus issues before the installation of the patch and these bugs created some serious problems. Those of us that installed the patch on a clean system experienced little or no disruption in normal operations.

Multiple Platforms Tip of the Day: What Version is This? TurboTax Cares!
Sometimes the difference between a successful update and a failed attempt comes down to the issue of compatibility, and in the case of TurboTax, the wrong version of Internet Explorer can produce migraines, profanity, and an oath to use another tax preparation software in the future. The version required for Windows users is IE 6 and if you are not using it, you won’t be able to update TurboTax. TurboTax also functions much better (only?) with Service Pack 2. I had no problems using the Mac version of the software (in fact it was a easier than ever), but I have included directions for Apple users to check their versions of IE too. Note to PC users: to see how easy things are in the Mac world compare these two operations.

PC Tip of the Day: What Version of Internet Explorer is Installed
Microsoft has a rather long and complicated way of determining which version of Internet Explorer you have installed; but I found a much easier path: Start/ Search/ then choose “All files and folders” and search for “Shdocvw.dll” (without the quotes). When the search is complete, right-click on any of the matching results and you will see a dialogue box and the first entry will display the version of IE you currently have installed. Click on the General tab and you can see exactly when the file was last modified and accessed.

Apple Tip of the Day: Check IE Version
Apple users really have it easy when checking a version of any software, just click on the name of the application in the toolbar and select “About (this program)”. That’s it; no searching, no reg edit searches and no stinking badges…

More About TurboTax Issues
Another bug-in-the-ointment for PC users trying to update TurboTax is the presence of a pop-up blocker. To disable your pop-up blocker using Internet Explorer choose Tools from the toolbar of IE, then select Pop-up Blocker and click on Turn Off Pop-up Blocker. Don’t forget to turn it back on when you are done updating TurboTax. This same feature keeps many of the students at our school from taking online quizzes and surveys. Pop-ups, can’t live with ‘em, and cannot live without ‘em.

Tech News Blog
4.13.05
New Critical Flaw Times Five for Microsoft
You'll will want to update your Windows products after Microsoft released their monthly security update and in doing so, spread the chum for phisher and crackers. According to PC World, Microsoft is recommending customers update immediately. I would wait five to seven days and most computer experts not affiliated with a software maker suggests the same; but don't procrastinate because the bad guys will take advantage of these open invitations.
Microsoft Discloses Five Critical Security Holes
Company's monthly report warns of flaws in Windows, IE, Word, and other programs. [PCWorld.com - Latest News Stories]

Five Plus One Equals Six
According to CNET, the flaws mentioned above aren’t the only problems for Windows users; another problem has been disclosed and this issue is not covered by the patches released Tuesday.
Unpatched flaw found in Microsoft software
Software maker investigates report of hole in Office and Access--and of published exploit code that could let attackers take control of PCs. [CNET News.com]

More on New Math: So We Left Off a Zero
What is with this new math anyway? Is it so-o-o complicated that it is becoming difficult for companies to estimate the number of people their latest security lapse has affected? All those zeros to account for and so little time. LexisNexis is an example of this difficulty with new math and accidentally left off a zero in their initial damage estimate. It seems that 310,000 individuals may have had their information compromised (a polite euphemism for stolen); the company first guesstimated the damage at 31,000. Remember, the identities being hijacked are not exclusively from those of us that use the Internet, and some of these companies are actually gathering this information at the request of the US Government as a counter measure to nefarious activities. Nevertheless, the latest flap has the US Congress interested and CNET has more:
LexisNexis flap draws outcry from Congress
It took mere hours for LexisNexis' latest embarrassing data leak revelation to spur cries of condemnation from Congress. [CNET News.com - Security]

Phishers and Scammers Use Death of Pope
Demonstrating that there truly is no honor amongst thieves and robbers, the bad guys of the Internet are using the death of Pope John Paul II according to CNET.


Screen Goes Away on Some iBooks
MacFixIt is reporting an that some iBook owners are reporting a problem with their display loosing the backlighting and the fix is to use an external light source to navigate back to the restart menu. This seems to be a problem for both the new G4s and the old G3s.
iBook brightness mechanism failing: In most cases, a software problem; other Macs affected
Yesterday we reported on a problem where the brightening mechanism (fluorescent tube) fails on various iBook models. Though this first appeared to be a hardware problem, it now appears to be softw [MacFixIt]

Will Tiger and Microsoft Get Along
Microsoft responded to the announced release of Tiger, Apple's new operating platform (10.3.4). Although you might expect a gap the release of the new operating system and full compatibility it appears that Microsoft has been busy working on their products for Mac and Word, Excel and other applications will be index capable to take advantage of Spotlight, Apple's new desktop search tool. You can read more from the following article from MacMinute:
Microsoft comments on Tiger compatibility
With today's announcement of Mac OS X 10.4 Tiger availability, Microsoft has provided an update on compatibility between the new operating system and the products of its Macintosh Business Unit... [MacMinute]

OpenOffice has Problems Now
Secunia and CNET have information on a new malady faced by users of OpenOffice and according to both sources, a patch is available at OpenOffice.org/.

Open Source Updates
Secunia released security bulletins for the following: Sun Solaris, Gentoo, and Red Hat (1, 2, 3).


Security Tip of the Day: What is Secunia?
We rely on Secunia to provide you with updates on security issues for Multiple Platforms, so what is Secunia? Wikipedia provides this definition, “Secunia is a computer security service provider best known for tracking vulnerabilities in more than 4500 pieces of software and operating systems.

Numbers of "unpatched" vulnerabilities in popular applications are frequently quoted in software comparisons. Secunia also tracks currently active computer viruses.”

Tip of the Day from Multiple Platforms: Get a Security Blanket
What is one of the most secure methods to protect your PC or Mac? A router will provide a great deal of protection and even eliminate the need for a firewall for your PC according to Leo Laporte, The Tech Guy on KFI. A router provides you and your favorite Multiple Platforms system from outside intrusion using a NAT technology (see definition below).

What is NAT?
According to the excellent resource tool Wikipedia, “In computer networking, network address translation (NAT, also known as network masquerading or IP-masquerading) is a technique in which the source and/or destination addresses of IP packets are rewritten as they pass through a router or firewall. It is most commonly used to enable multiple hosts on a private network to access the Internet using a single public IP address. According to specifications, routers should not act in this way, but it is a convenient and widely-used technique. Nonetheless, NAT can introduce complications in communication between hosts.”

Tech News Blog
4.12.05
Open Source on Mac Mini
Would you like to try out open source on a Mac? Then check out the following item from the MacMegasite regarding running BSD or Yellow Dog Linux on a Mac Mini:
Running Linux and BSD on the Mighty Mac Mini is a good thing
NetBSD and Yellow Dog Linux have both begun to support the Mac Mini. This article looks at the open source operating system options on this new contender in the embedded PowerPC platform space. The article provides the current state of Linux and NetBSD support on the Mini. If you need a stable kernel, a C compiler, and network support, the code is high-quality and the price is unbeatable. [MacMegasite]

Apple Chief on Time's Top 100 List
Apple boss Steve Jobs is on Time's list of the top 100 most influential people according to an article from MacMinute; read more about the issue by selecting the following link:
Apple's Jobs makes TIME 100 list
Apple CEO Steve Jobs was among those on this year's TIME 100 list of the world's most influential people... [MacMinute]

Microsoft Takes Offense Against Alleged Counterfeiting
Maybe they’re emboldened by Apple's latest string of court victories, whatever the motivation might be Microsoft is following the lead of Apple in using the courts to silence their annoyances. PC World reports that Microsoft has filed suits against eight computer builders accusing them of using counterfeit software and these are not unreliable knock-offs; the companies named are all from the USA, hopefully you do not own one.
Microsoft Files Eight Counterfeiting Lawsuits
Suits allege those sued used counterfeit software. [PCWorld.com - Latest News Stories]

Apple Announces Release Date for Tiger
Apple has set April 29th as the release date for their new operating system, Tiger OS X 10.4/. The Apple web site has the details on the new features, two hundred new tools according to Apple, and many of those are sure to appeal to Mac-heads, if you’re interested in a $35 savings on Tiger, check out the item below.

Tiger is a Top-Seller on Amazon.com
Apple’s new operating system OS X 10.4 (AKA Tiger) is the number one seller at Amazon.com/, and you still have time to save $35 off the retail cost by pre-ordering Tiger. It is no longer a rumor Apple will let go of the Tigers’ tail in 17 days and if you snooze you will loose on this deal. Please help support this web site and use the link below. Thanks!
Pre-order Tiger Save $35

Internet Explorer is Still Popular With Multiple Platforms Visitors
The month of March continued a trend I’ve observed at Multiple Platforms.com, a slight decrease in the percentage of users choosing Internet Explorer as their browser of choice, but it is still the number one browser used by visitors to this site and our other web site, www.californiafairsandfestivals.com/. Here are the statistics from Multiple Platforms for March:

MS Internet Explorer 53 %
Safari 13 %
Unknown 8.1 %
Mozilla 6.6 %
Firefox 6.2 %
NetNewsWire 4.9 %
Netscape 3.9 %
OmniWeb 2.3 %
Opera 0.7 %
Konqueror 0.2 %

Tip of the Day from Multiple Platforms: Free Music Download
Remember that you get at least one free download from the iTunes Music store every week. Last week I downloaded two great songs free! To get your free download click on the link on the left side of this page, and if you purchase any music or stories from iTunes, please use the same link found on the left side of this page. Every tune you purchase from iTunes earns this web site a small commission to offset the large cost I am going to be charging to my credit card to support this web site for one more year.

Open Source Updates
Secunia released the following updates for open source systems: Gentoo, KDE, and SuSE.

What is Phreaking?
According to Wikipedia, “Phreaking is a slang term for the action of making a telephone system do something that it normally should not allow—in the words of one former practitioner, "making the phone company bend over and grab its ankles". Sometimes, phreaking will be considered illegal, like in the act of toll fraud. Other reasons why many people attempted (or succeeded in) phone phreaking during the 1960s and 1970s included the (then) very high cost of long-distance telephone service, and a desire to rebel against the AT&T telephone monopoly.

A phreak or phreaker is a person who engages in the act of manipulating phones in this way. The tools of the phone phreak are electronic devices known as boxes, originally the blue box, but later the black box, red box, beige box and clear box and many others. However, phreaking does not necessarily mean that you are using a "color box" tool.

Most of the techniques formerly used in phreaking are no longer effective due to changes in the telephone system. Some of these changes were evolutionary, and some were designed specifically to disallow such access. Moreover, at least in the United States, the cost of telephone calls has diminished to the point where few would find it worthwhile to engage in toll fraud; and there are numerous competing providers of telephone service (except for most wired local service which remains controlled by regional Bell operating companies—remnants of the former AT&T telephony monopoly in the USA).”

Tech News Blog
4-11-05
Russia to World: Our Crackers are the Best
Russia is proclaiming that their crackers are the best in the world according to a report carried by CNET. What will be next, inclusion of cracking as an Olympic sport?
'Our hackers are the best'
The Russian police's cybercrime division has warned that Russian hackers are the best in the world. CNET News.com - Security

Pop-ups In Games Coming Soon
If you think that pop-up ads are a bother when you’re surfing away, how would you feel if they start popping up in your gaming time. CNET reports that this is the future and the future is closer than you might think. Read the following about the new torture to be inflicted on gamers everywhere. Sorry, you can’t frag the ads but I’ll bet many try!
'Start-up will launch in-game ad network with help from game publishers and mainstream advertisers. http://news.com.com/ CNET News.com

Troubleshooting iTunes Downloads
MacFixIt has advice for users of iTunes Music store that encounter trouble loading purchased tunes on their iPod. Check out the following story:
A growing number of MacFixIt readers are reporting an issue where tracks purchased through the iTunes Music Store do not automatically transfer to an iPod during the on-connect synchronization pro. Macfixit.com

Open Source Updates
Secunia has released update bulletins for SuSE and Ubuntu.

Tip of the Day from Multiple Platforms: Firefox Fix
Dr. W from Northern California is responsible for the inspiration behind the tip of the day from Multiple Platforms; she wants to stop Firefox from automatically filling in the URL in her toolbar. For Mac users like Dr. W, use these directions: from an open Firefox browser follow this path: View/ Toolbars and select Auto Form Toolbar; this will add the toolbar to your browser. Then click on ‘configure’ from the Auto Form toolbar and in the dialogue box that opens select ‘Disable Mozillas (SIC) Form Fill’ from the Automation section found on the General tabbed page. This will disable the annoying fill in option that's been bugging you. Now you can remove the Auto Form Toolbar from your browser by going to View/ Toolbars and then click on Auto Form Toolbar (uncheck it) and you are done. PC people must use a different method: from an open Firefox browser, choose Tools/ Options/ Privacy and click on Saved Form Information. Make sure the box that states ‘Save information I enter in web pages…’ is unchecked. I also used the opportunity to ‘Clear All’ the stored information by selecting that choice at the bottom of the Options Window. Now hit OK and close Firefox, when you re-open the browser auto fill will no longer annoy you. What’s that, auto fill is cool and you want it but don’t have it? Just reverse the directions above and you will be in auto fill nirvana.

What is Phishing?
According to Leo Laporte, The Tech Guy on KFI most computer users are confused by ‘geek speak’; that is the reason I include the ‘what is’ definition daily and further, the aforementioned story by The Tech Guy gives me reason to repeat items featured previously. For an explanation of phishing we turn to Wikipedia, “In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. It is a form of social engineering attack. (See an example.)

The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.”