Protecting passwords

When I created accounts with Facebook and LinkedIn, both websites asked me for my email password to help me find people I know. The idea is that they can log into my email account, go through my address book, then search their own database for people with matching email addresses. That would certainly be convenient, and save me some time, but I think it’s a very bad idea.

Continue reading “Protecting passwords”

RAIDers of the lost sleep

Early in my career, I noticed an error when I rebooted a server, saying that one of the RAID drives had failed. The server was able to keep running, but the drive needed to be replaced, so one of my colleagues came over with a new one. The drive was hot-swappable, so he was quite cheerful about the fact that we wouldn’t need to shut the server down first. However, we disagreed about which drive had failed; the error message referred to drive 2, and there were 5 in total, but I thought that the numbering would start at 0 while he thought that it would start at 1. He outranked me, so he pulled out the second drive. Unfortunately, this turned out to be the wrong one (i.e. one of the working drives), so the entire server crashed, and we had to spend our Friday night re-installing Windows from scratch.

Continue reading “RAIDers of the lost sleep”

Fake virus warnings

Someone called me earlier, because she had a big virus warning on her screen. This was actually a hoax (a web page trying to install malware), and it’s useful to be aware of it so that you know what to recognise.

I identified the website which was responsible, but it’s now been taken down. So, the purpose of this post is to warn you about similar sites rather than this site in particular. I observed the same behaviour in IE8 and Firefox 3.6.12 (on Windows 7), but I haven’t tried any other OS/browser.

Continue reading “Fake virus warnings”

SSL: Adding a SAN to a UCC

“Hey, witch doctor, give us the magic words!”
(The Cartoons)

One of my servers has an SSL certificate from GoDaddy. More specifically, this is a Unified Communications Certificate (UCC), so it can have up to 5 domain names. I originally registered 3 names, and I recently needed to add a 4th. The good news is that GoDaddy let you specify extra names through their web interface and download the new certificate without charging any extra money. The bad news is that they don’t provide any documentation on installing the new certificate.

Continue reading “SSL: Adding a SAN to a UCC”

Disabling 16 bit applications in Windows

In January, someone at Google discovered a bug in Windows that had been there for 17 years. (This was reported at The Register, among other places.) Microsoft have now released a patch, as described in Security Bulletin MS10-015, so it’s no longer a problem. However, I think that the details are interesting, particularly if you intend to move to 64-bit Windows at some point.

Continue reading “Disabling 16 bit applications in Windows”

Online banking

In part 1 of my LUA series, I mentioned a virus that modified the HOSTS file on a PC. This meant that each time someone tried to connect to their banking website, they actually went to a fake website instead, even though they’d typed in the correct URL. This could also be a problem if your DNS server gets compromised, or if someone reconfigures your wireless router so that you use a rogue DNS server.

One way to protect yourself is to use https. If you know the correct address for the website, and you see a padlock in the address bar, you can be confident that this is the real site. This isn’t an absolute guarantee, e.g. if your PC is infected by a virus then it could add some self-signed certificates to your trusted store. However, it’s certainly a step in the right direction. Unfortunately, lots of banks haven’t quite grasped this concept.

Continue reading “Online banking”

BlackBerry vs Exchange 2007

Exchange 2007 has a few options for remote access to email: you can use Outlook Web Access, or ActiveSync with a smartphone. In particular, it only takes a couple of minutes to configure an iPhone. However, yesterday it took me all day to get a BlackBerry working.

Continue reading “BlackBerry vs Exchange 2007”

Ribbon Hero

Microsoft recently released Ribbon Hero. This is an add-in for Office 2007 and Office 2010, and the idea is to earn points by completing challenges (e.g. formatting a table). In the process, you’ll become familiar with the new user interface. The name is obviously inspired by “Guitar Hero”, but I think it’s unlikely that this will be quite so much fun at parties. It does sound rather Dilbert-esque… “The room is hushed. He puts the title in bold, and the crowd goes wild! Encore!”

Still, it sounds like an interesting idea. According to ZDNet: “It taps into social and adaptive learning paradigms and important research on motivation and learning.” I know that a lot of people are reluctant to use Office 2007 because it looks so different, so I’m willing to give this a go. Unfortunately, it has some pretty fundamental problems, which make it completely useless to me.

Continue reading “Ribbon Hero”