ReCellular Launches Phones for Haiti Program
ReCellular, the company that previously sponsored the Phones for Soldiers Program, announced on January 14, 2010 that it was launching a new program designed to help support Haitian recovery efforts. The donation process could not be any easier. Simply visit Phones for Haiti to download a printable mailing label. (Yes, the shipping is even paid for by ReCellular.) Then, dig through your closet, junk drawer, and kid’s toybox to recover the cell phones you replaced each time a newer, cooler gadget was released. Finally, throw them in a bag, slap on the label, and start helping those who really need it.
What will ReCellular do with it? Haitians don’t need cell phones, right now. Well, you’re right. Once they receive your phone, they’ll handle it like they normally would, with the exception that the 100% of the profits made from refurbishing and selling them will go to the American Red Cross.
So, if you made an SMS donation, donated some more online, and dropped off non-perishable items and medicine at a local donation collection center but still feel like you could do more, here is your chance. Visit the website today and pass on the opportunity to others via Twitter, Facebook, and email, so that other can get in on the giving, too. You won’t make any money or be any more popular, but you will be a step closer to achieving Geek Shui.
Source: ReCellular Press Release – 01/14/2010
Would you buy a house (or a browser) prone to break-ins?
Yesterday, we wrote about the China- Google debacle and McAfee’s announcement that they had pinpointed the attack vector used. It seemed Microsoft’s Internet Explorer, specifically IE 6.0, was the point of ingress. While an official Microsoft blog reported IE 6.0 to be specifically vulnerable to the attack, they also stated that IE 7.0 and 8.0 could also be vulnerable, if not correctly an securely configured.
This last statement from Microsoft does not reflect good Geek Shui, at all. When a software company makes something new, they are supposed to plan security into the process and, above all, test it. We’re talking about a software that has been in production for, at least, the entire last decade. This being the case, any mistakes in the version 6.0 coding would surely have been identified in versions 7.0 or 8.0. If they haven’t, then we’re dealing with, as we alluded to yesterday, a really bad software development process.
It is obvious (or at least should be) that Microsoft is not too concerned about security. The statement that other versions should be okay does not provide a real assurance of anything. Is this where we call for a mass migration to Apple Mac or Ubuntu Linux? No, it is simply where we recommend that users find another browser. It isn’t because any browser is necessarily better than any other. It is, though, because other browsers are less targeted that Internet Explorer. FireFox, Safari, Flock, and countless others provide the same functionality and are often faster and less prone to locking up.
Look at it this way. If you are buying a house, do you look for the neighborhood with the most break-ins? No, you don’t. You actually want to buy the farthest away from it. So why should your computer use be any different. Pick the software (or in this case the browser) that works and provides a reasonable degree of security. In this case, the choice is obviously not Internet Explorer.
Proudly display your geekosity with Geek Shui Living wallpaper…
So you say you’re a geek, who is technical and spiritual. How do you let the world (or at least the people who see your computer) know it? Well, here’s your chance. Download and apply this Geek Shui Living wallpaper. While anyone can appreciate the design and colors, only a real geek will be able to read the encrypted message it displays! Know someone else who might appreciate it? Send them a link via the Tweet This link or Share button at the bottom of the post!
Geek Shui Binary Background 1920x1200
GeekShui_Binary_Background_1024x768
McAfee’s Operation Aurora Pinpoints Internet Explorer Attack Vector
According to an article published today on The Washington Post’s website, computer security giant McAfee is claiming responsibility for the identification of the specific vector used in China’s alleged attack, albeit a passive one, on Google.
Where was the vulnerability? As has often been the case, Internet Explorer apparently provided the point of ingress, through it less than perfect coding. Additionally, it appears it may be the same attack vector used in other recent high profile attacks. According to McAfee, the discovery was made as part of the company’s Project Aurora.
While McAfee’s efforts and Microsoft’s reported cllaboration is a step in the right direction, the question remains. When will software giants like Microsoft and Adobe realize that their popularity and proliferance is a double-edged sword. Ease of use and aesthetics must be tempered with security that’s part of the software development process. Until it is, computer security professionals will always be one step behind.
Sources:
The Washington Post
http://www.washingtonpost.com/wp-dyn/content/article/2010/01/17/AR2010011700562.html
Microsoft Security Blog:
http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx
McAfee Operation Aurora:
http://www.mcafee.com/us/threat_center/operation_aurora.html
Geek Shui Living “Green IT” article on MWD.com
Geek Shui Living is proud to announce that we’ve been featured on the well-respected, technology website, http://www.mwd.com. The article entitled Becoming A Geek Super Hero by Evolving from Thinking Green to Acting Green calls geeks to action to practice “Green IT,” while making a valuable contribution back to the community and those less fortunate.
Read the full article by visiting the MWD website: http://bit.ly/GeekShuiOnMWD
Thanks to @JoeHobot for taking the time to share what we consider to be a valuable concept with the world. We hope it is just one more step toward the world realizing that everyone needs a little Geek Shui to bring balance between their real and virtual lives!
*
Being charitable without becoming vulnerable…
By now, only a recluse would be unaware of the devastating earthquake that occurred in Haiti. Television, radio, and the internet sources are inundated with both news about the quake and, more importantly, how people can help through charitable donations of money, non-perishable goods, medical supplies, and more. As a Twitterer myself, I have to say how proud I am to be part of something that has helped raised awareness and record donations, for people truly in need. In the midst of it all, though, all personnel cautioned that monetary donations should not be given to any organization, until you have verified that it is legitimate. In the short time since the disaster occurred, numerous reports have already surfaced on how bogus organizations are targeting people, via telephone and email scams.
They say monetary donations are the best way to help. They encourage contributing via SMS (text messaging) and charitable websites. With the prevalence of cybercrime and associated scams, how can you help others without compromising your own personal information and finances? Below we detail a few ways that will allow you to ensure that your are doing both.
How you can avoid scams or malicious infection:
1. Do not respond to, click on links, or open attachments in unsolicited email messages sent directly to you.
2. If you are registered to receive emails from charitable organizations, such as the American Red Cross, and you receive solicitations for donations, go directly to the website by typing in the link on your web-browser.
3. Do not respond or provide any information to unsolicited, direct telephone calls received at work, your residence, or via cellular telephone.
Ways to help others and ensure your protection:
1. If you receive a request you believe may be legitimate, verify that the organization is registered as a charity via government-sponsored websites. The U.S. Internal Revenue Service maintains a searchable registry of certified charities at: http://www.irs.gov/app/pub-78/. The U.S. Better Business Bureau also maintains a list of registered charities at: http://www.bbb.org/us/Charity-Reviews/
2. As previously stated, do not click on links in email messages or attachments. Visit the website directly and only after you have verified the organization via the links provided above.
3. Before entering personal information, credit cards numbers, etc. verify that the website begins with “https://” and that (after double-clicking on the padlock symbol in your browser) the certificate issued contains the same name as the website/organization and is not expired. This will prevent you from providing your information to a bogus organization and sending your information in an unencrypted manner, through the internet.
Last night, I sat down with my 7-year old son, explained the importance of give of ourselves to help others, and, via the Red Cross website, donated on behalf of our family. In the process, I showed him the https://, the “little padlock”, and the basic certificate information. He may not understand cryptographic algorithms, but he does understand that if the three don’t match, providing personal information is a “No-Go”! Ultimately, Hatians receive help and my son learns two valuable lessons…a real-life one and a virtual one. None of the above information is new or ground-breaking, but, sometimes, the most simple things are overlooked. On that thought, look out for yourself, your family, and your friends by passing on this information to them. In the end, it will help us all get a little closer to achieving “Geek Shui”.
Justin E. Gehrke is the founder of Geek Shui Living. As a right and left-brained geek, he is available for consulting in the areas of Information Technology, Network Security, and creative web design and development. You can contact him via the Geek Shui Living Contact page. Alternatively, you can follow him, via twitter, and be voraciously consume his technology news commentary and random geek ramblings: http://twitter.com/GeekShui
Happy New Year! Is your resolution to get a Botnet?
Today, I received an email. “So, what,” you say, “Don’t you get emails everyday?” Yes, in fact, I do. I receive many emails, of varying importance, at numerous email addresses. Is this because I’m important? No, just like the rest of you, I have too many email accounts and receive too much junk. I, too, am trying to reach the Geek Shui balance, but, unfortunately, I’m not quite there yet! I digress, though. Today’s particular email promised me 250,000 GBP (approximately $403,500 US Dollars). Yes, 2010 started off, right! All I had to do was give all my information, via email, to an alleged UPS representative in London. They, in turn, would make sure I got it, within 48 hours. While they may have been honest about “getting something”, I’m sure it wasn’t going to be money. The attached .pdf was reportedly virus-free, which leads me to speculate it is a maliciously encoded .pdf file designed to exploit the latest Adobe Zero Day Vulnerability, reported in December 2009 and for which a patch has, as of today, been released. If it isn’t that one, it is probably something equally heinous, or, in fact, it may just be an attempt to get my information, in order to harass me personally, via telephone, email, or snail mail. In any case, I’m obviously not going to find out!
Click on the image to become a Phish-spotting expert!
*
My initial chuckle over the email’s obvious, bogus nature quickly turned to curiosity. How many people actually fall victim to this type of thing? While there are no exact numbers (or anyone to keep track of them), it must run in the millions. As an IT and Network Security professional, I could easily spot the signs, view the source, examine the headers, etc, etc. How does my knowledge help the normal computer user to avoid the threat? On this thought, Geek Shui Living put together and has now posted an in-depth (albeit, a bit sarcastic) analysis of an “Official Phishing Email”. Hopefully, it will help those, who don’t know, learn to spot the signs of a phishing email and avoid falling victim to the very real criminals who use cyberspace to conduct their sinister endeavors. If you find it useful, someone else probably will, too. So please feel free to pass on the link. In the end, it won’t save the world, but it will get you a little closer to achieving Geek Shui!
