Monthly Archive for April, 2005

Aer Lingus sending spam?

Published
by
Tom Raftery
on 19/4/2005
in Community Interest
. Comments

Anyone else the recipient of a spam mail sent out on behalf of Aer Lingus this evening?

I received one and when I went to reply (to complain) the from address (aerlingus@aerlingus.com.r.12hs.com) was, of course, invalid. There was an unsubscribe link in the mail but no way I was clicking that!

Now, I’m pretty rabid about spam - I never opt-in to any mailing options when I’m buying something and always look for an opt-out to check. Aer Lingus, being an Irish company is bound by the current law on spam in this country, which says you can only send a marketing email to someone who has opted to be sent spam. Not me.

I reported it to SpamCop.

I forwarded a copy to the offices of the Data Protection Commissioner.

I sent a complaint to the only email address I could find on the Aer Lingus website (groups@aerlingus.com).

A whois lookup on the domain name 12hs.com (the originating email address domain) yields the following info:
Registrant:
Twelve Horses
10315 Professional Circle
Suite #100
Reno, NV 89521
us
Administrative Contact:
Master, Host hostmaster@twelvehorses.com
10315 Professional Circle
Suite #100
Reno, NV 89521
us
+1.7753323000 Fax: +1.7753323007

Technical Contact:
Master, Tech hostmaster@twelvehorses.com
10315 Professional Cir, Ste 100
Reno, NV 89521
us
+1.7753323000 Fax: +1.7753323007

Registration Service Provider:
Twelve Horses, hostmaster@twelvehorses.com
775-332-3000
775-332-3007 (fax)
http://www.twelvehorses.com

The twelvehorses.com website says they are “a leading provider of email and web-based marketing and business automation solutions” - what it doesn’t say is where they buy their email databases.

make sure you have permission to write to /tmp/501/TemporaryItems/com.apple.SoftwareUpdate

Published
by
Tom Raftery
on 19/4/2005
in Mac
. Comments

I had a problem updating my wife’s Mac recently using Software Update. I wanted to update it from OS X 10.3.8 to 10.3.9 but every time I tried I received the following error message:
“make sure you have permission to write to /tmp/501/TemporaryItems/com.apple.SoftwareUpdate, then try again”

I was logged in as administrator and giving the admin password when prompted, so I was a little stumped until I came accross an article which gave me the answer.

What I did was:

  1. Opened up the Terminal app - Applications -> Utilities -> Terminal
  2. logged on as Root using the command “sudo su” (without the “”)
  3. typed in “CD /” to get to the root folder
  4. entered “ls -l” to see all the files and symlinks in the root folder
  5. the path to the tmp folder was incorrect so I keyed in “rm tmp” to delete the file
  6. I then created the correct symbolic link by entering the command “ln -s /private/tmp tmp”

Having created the correct path to the tmp folder, I went back to Software update, and this time the update downloaded and installed without any problems.

Firefox is less secure than Internet Explorer?

Published
by
Tom Raftery
on 18/4/2005
in Malware, Open Source and Spyware
. 12 Comments

Fred Langa has written one of the most misleading and ill-informed articles I have read on the web in quite some time.

In this misleading and ill-informed article, Fred posits that

changing to Firefox–or Mozilla, or any similar software–because “it’s more secure” is a dangerous misconception; and demonstrably false

Incredibly, Fred is trying to tell us that Firefox is not more secure than Internet Explorer!

To back up his claims, Fred very carefully chooses quotes from the US-CERT site

In most cases in the more recent issues, you’ll see the list of IE’s vulnerabilities are fewer than those for Firefox, Mozilla, and the other alternate browsers

and from the Symantec Internet Security Threat Report

Between July 1 and Dec. 31, 2004, Symantec documented 13 vulnerabilities affecting Microsoft Internet Explorer. This is notably lower than the 21 vulnerabilities affecting each of the Mozilla browsers that were documented during the same period

All sounds pretty damning, right? Yes, until you do a little bit of research.

Firstly, Fred conveniently neglects to mention what classification the vulnerabilities have (high/medium/low) i.e. how potentially risky they are for your computer.

Compare the two graphs below (from Secunia) to see that for Internet Explorer 6.x - 42% of its bugs are highly dangerous or above whereas only 7% of Firefox bugs are highly dangerous.

Microsoft IE 6 criticalities from 2003 - 2005

Mozilla Firefox 1.x criticalities from 2003 - 2005

Secondly, US-CERT - the site Mr. Langa choses to take some of his information from, explicitly advise people not to use Internet Explorer

IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system. It is possible to reduce exposure to these vulnerabilities by using a different web browser

For an unbiased review of vulnerabilities in both browsers, see the Vulnerability Reports on the Secunia website for IE 6.x and Firefox 1.x. Scroll down on these pages to see that Internet Explorer currently has 19 unpatched (some of which are highly critical and have been unpatched for more than a year) and 10 partially fixed vulnerabilities whereas Firefox has 4 unpatched (none of which are even moderately critical).

Finally and from a purely personal perspective - I frequently get support calls from clients infected by spyware and malware of all sorts. I have never had one of these calls from a client I have migrated to Firefox - it is always the IE users who get infected.

With this level of inaccuracy in his piece, you have to wonder about the motivation behind writing such a dangerous and misleading article…

Apple roll out OS X 10.3.9

Published
by
Tom Raftery
on 16/4/2005
in Mac
. Comments

Apple today rolled out OS X 10.3.9 - a free update to previous versions of its 10.3.x versions of OS X. The update is available through the Software Update panel or can be downloaded as a file from here.

The update addresses issues in Stickies, Safari and Finder as well as other misc. issues as outlined in the About the Mac OS X 10.3.9 Update document.

Of course, this is a noteworthy rollout because this is the final update of 10.3 before the release of OS X 10.4 (Tiger).

A browser standards compliance test

Published
by
Tom Raftery
on 15/4/2005
in Web Standards
. Comments

I note, from a post in James’ site, that The Web Standards Project have released a test (called Acid2) to help browser vendors ensure proper support for web standards in their products.

This test supersedes the original Acid test.

According to the Web Standards Project website -
“Acid2 is a brand new test designed to push the limits of HTML, CSS, and PNG support in browsers and authoring tools. By testing against Acid2, flaws in support for common web standards are quickly and easily exposed”

Hopefully to be “quickly and easily” fixed by the developers!

There’s a detailed technical guide in case you are curious as to how the test was developed and what it is testing.

Blogs used to infect PCs with spyware and malware

Published
by
Tom Raftery
on 14/4/2005
in Blogging, Malware and Spyware
. Comments

I note a story on the BBC Technology site which says Spyware and Malware authors have copped on to the popularity of blogs and are now using them as vectors to host spyware and malware to infect people lured to the blog.

I’m surprised it took so long for them to come up with this.

Of course I can be smug - I use a Mac so I don’t have to worry about Spyware and Malware!

Tom Raftery’s Social Media is Digg proof thanks to caching by WP Super Cache!