Thinking about Complacency with Security

Apple's "Down for Maintenance" message

Apple’s developer pages have actively been down for maintenance for quite a few days now.  Yesterday I received an email that apparently went out to everyone with a dev account which read:

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then. (more…)

Read More…

Update: Quick Way to Identify Phishing/Spam/Fake emails

You can view the original tip here.

I’ve recently noticed a new trend from a lot of the phishing emails I’ve been receiving; they’re looking a lot more professional.

In recent weeks I’ve received emails claiming to be from FedEx, UPS, USPS, Bank of America and Chase.  Each of these emails not only had a picture of the company’s logo in the email, but also mimicked quite closely what an “official” email from the company would look like.  The links contained in the email were a bit more savvy than I’ve seen in the past as well.  It wasn’t so much the text as it was the URL that the links were sending people to.

In the past, most of the websites that the phishing emails linked to would be jibberish; something like egwi1nae.com/23yff.html.  This isn’t always the case any more.  Unfortunately as of late I’ve seen a large increase in the amount of near legitimate looking domains.  All of the emails I’ve received in the last few weeks have ended with the name of the company that was the subject of the email to begin with such as fedex.html or ups.html.  This could make it harder to distinguish the fake from the real.

When clicking on links in your email from unsolicited sources make sure that the first part of the address that it’s sending you to is correct.  UPS should link to ups.com, Bank of America should link to bankofamerica.com and so on.

Taking a moment to review these simple things could potentially save you a ton of time and money in the future!

Read More…

Can’t Connect Self Hosted WordPress Blog to Klout? Disable Better WP Security

When I first started with Klout, one of the first things that I became excited about was the ability to connect my self hosted blog.  Unfortunately at the time it was just a pipe dream and the feature was only supported for WordPress.com blogs.  Recently I decided to try again and to my surprise I was getting better results.

The first error I encountered when attempting to connect my site using Klout was an error stating that Jetpack looked to be missing.  After a bit of searching on Google it looked like the first step in basic troubleshooting was to uninstall and reinstall Jetpack.  After re-linking Jetpack with my WordPress.com account and attempting to link Klout with my site again I was simply presented with a blank page.  After a few refreshes and scratching my head for a few minutes I popped on Chrome’s developer tools and took to looking at what was going on when I attempted the link.  The error I received when looking at the request that was being sent was “Error 414 Request URI too long.”  Almost instantly I knew what was wrong.

(more…)

Read More…