Scareware is normally just a minor nuisance, assuming that you know how to get rid of it without paying any money. However, I’ve now come across a new wrinkle: it can get you blacklisted, so that you can’t send email.
I’ve been looking at a server that has Progress OpenEdge installed (10.1C). I’ve found a bug in this recently, and it’s useful to be aware of this if you use the same software. More generally, it’s something to be aware of if you write any computer programs, so that you won’t make the same mistake.
I’ve come across a few Word documents that have got corrupted, so I get an error message when I try to open them:
When I created accounts with Facebook and LinkedIn, both websites asked me for my email password to help me find people I know. The idea is that they can log into my email account, go through my address book, then search their own database for people with matching email addresses. That would certainly be convenient, and save me some time, but I think it’s a very bad idea.
Early in my career, I noticed an error when I rebooted a server, saying that one of the RAID drives had failed. The server was able to keep running, but the drive needed to be replaced, so one of my colleagues came over with a new one. The drive was hot-swappable, so he was quite cheerful about the fact that we wouldn’t need to shut the server down first. However, we disagreed about which drive had failed; the error message referred to drive 2, and there were 5 in total, but I thought that the numbering would start at 0 while he thought that it would start at 1. He outranked me, so he pulled out the second drive. Unfortunately, this turned out to be the wrong one (i.e. one of the working drives), so the entire server crashed, and we had to spend our Friday night re-installing Windows from scratch.
Someone called me earlier, because she had a big virus warning on her screen. This was actually a hoax (a web page trying to install malware), and it’s useful to be aware of it so that you know what to recognise.
I identified the website which was responsible, but it’s now been taken down. So, the purpose of this post is to warn you about similar sites rather than this site in particular. I observed the same behaviour in IE8 and Firefox 3.6.12 (on Windows 7), but I haven’t tried any other OS/browser.
“Hey, witch doctor, give us the magic words!”
One of my servers has an SSL certificate from GoDaddy. More specifically, this is a Unified Communications Certificate (UCC), so it can have up to 5 domain names. I originally registered 3 names, and I recently needed to add a 4th. The good news is that GoDaddy let you specify extra names through their web interface and download the new certificate without charging any extra money. The bad news is that they don’t provide any documentation on installing the new certificate.
In January, someone at Google discovered a bug in Windows that had been there for 17 years. (This was reported at The Register, among other places.) Microsoft have now released a patch, as described in Security Bulletin MS10-015, so it’s no longer a problem. However, I think that the details are interesting, particularly if you intend to move to 64-bit Windows at some point.
In part 1 of my LUA series, I mentioned a virus that modified the HOSTS file on a PC. This meant that each time someone tried to connect to their banking website, they actually went to a fake website instead, even though they’d typed in the correct URL. This could also be a problem if your DNS server gets compromised, or if someone reconfigures your wireless router so that you use a rogue DNS server.
One way to protect yourself is to use https. If you know the correct address for the website, and you see a padlock in the address bar, you can be confident that this is the real site. This isn’t an absolute guarantee, e.g. if your PC is infected by a virus then it could add some self-signed certificates to your trusted store. However, it’s certainly a step in the right direction. Unfortunately, lots of banks haven’t quite grasped this concept.