Posts

Posted on

Backing Up Tons of Email

MailStore HomeI have about a dozen email accounts I try to manage locally with Thunderbird.  By and large, things run pretty smoothly until I need to move it all, as I did recently when upgrading from XP to Vista.

I have been a big fan of MozBackup in the past, but as my email accounts grew and I had more and more email stored in folders, MozBackup started taking a long time to process it all.  After my move to Vista, I realized I had over 2GB of mail backed up, and restoring it from Mozbackup didn’t work.  It recreated all my accounts and folders, but all the folders were empty.

After the initial panic faded, I found some forum threads discussing the manual opening of MozBackup archives and restoration of email.  I finally got it all back, but it wasn’t without more than a few sweat bullets hitting the keyboard.

Since this episode, I have been looking for something to put my mind at ease in regards to email storage, backup, and even reduction. I don’t know why I had never heard of it, but I stumbled across MailStore, which offers a free home version called, get this, MailStore Home.

MailStore Home will back up and archive email from many different clients, including Outlook, Thunderbird, Exchange, GMail, Yahoo mail, and others. At first I thought it was too good to be true, but after installing it I was quickly impressed with the simplicity and ease of use.

I had soon archived my two biggest email accounts, and even burned them to DVD through the MailStore application itself. Knowing DVD’s aren’t indestructible, I also backed up the archive using Carbonite (another of my favorite apps).

Going back into a MailStore archive is very easy, and it lets you read email, open, and even search mail and contents of attachments.

Once I was convinced that I had succesfully archived and backed up all my email, I was able to go through my Inboxes and delete over 1GB of email.  Hopefully, this will allow MozBackup to run more smoothly, if I ever really need it again in the first place.

If you find yourself with an unweildy inbox and a nagging feeling that you haven’t done anything to back it  up, go grab MailStore Home now.

mailStore Home: http://www.mailstore.com/en/mailstore-home.aspx

Posted on

OpenJDK6 – Java 1.6.x on CentOS 5.x

Just a quick tip that might help out the folks needing something better than gcj and still using an open version of Java.

On CentOS 5.2 :

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm
yum install -y java-1.6.0-openjdk-plugin java-1.6.0-openjdk-devel java-1.6.0-openjdk

😉

Hope that makes someone’s life easier!

Posted on

I’m Back!

As you may have noticed, I ditched my blog here at www.www.willchatham.com back in October in favor of trying out  Tumblr. I ended up enjoying the Tumblr service, and I will probably still use it occasionally.

However, WordPress 2.7 came out, and after trying it on some of my other blog sites, I soon realized I really wanted THIS site to have it again.

So, here I am, with a brand new theme to boot!

I have a few things I plan on doing to spruce this place up, including a brand new message board.  That’s right–it’s the return of the Gangsta Haiku Repository!

Stay tuned…

Posted on

Google Notebook Is Being Ditched

Move Your Web Clippings Out of Google Notebook.  Now.  The free service has already stopped allowing new registrations, and will no longer be updated.

I can’t express the grief I have over this, as I have been a hardcore Notebook user since I discovered it about 9 months ago.

In case you haven’t heard of it, Google Notebook is a tool which allows you to save clippings, notes, and bookmarks which you run across while cruising around the information highway.  It’s easy to save parts of web pages using the Notebook plugin for Firefox, and you can add bookmarks, pictures, and notes, and to boot.

There are alternative services offered, the most popular of which seems to be Evernote, but being forced to switch services is just not cool, not matter how good they might be.

I have had an Evernote account for quite a while, but I never used it because I preferred Google Notebook’s ease of use and simplicity.  The worst part is that in order to import half of what I have saved in Google Notebook, I will have to purchase Evernote’s premium service and do it all by hand.

So, check back soon for an Evernote review!

Posted on

Sim City for iPhone Cheats

With the recent release of Sim City for the iPhone and iPod Touch, there has been a scurry to hunt for working cheat codes. Anyone who has played any of the original Sim City series knows that at least half the fun of the game is in the building of the city, and many times it’s nice not to have to worry about the budget management side of the game. Thus, cheat codes became desirable.

In the Sim City for the iPod game, which you should definitely purchase if you haven’t yet, cheat codes are equally important.

To enter cheat codes, you simply shake your device to trigger a box that will show up for entering the code.

So far, there are only two known working codes, and they are case sensitive:

  • i am weak – makes it free to build anything.
  • pay tribute to your king – bestows all gifts  (city hall, statue, spaceport, science research centers, etc).

So far, those are the only known working cheat codes, even though other folks have tried all of the codes from previous version of the game. If you know of any more, post them in the comments, and I’ll update this post once they are verified to work.

Posted on

Practical Security: Web Browser Vulnerabilities

Secunia, a computing security clearinghouse, has issued a warning regarding a new, zero day vulnerability in the Internet Explorer web browser.  This includes Internet Explorer 5, Internet Explorer 6, and Internet Explorer 7 on fully patched Windows XP systems.

Attackers can craft web pages in such a way to use this vulnerability to issue commands on your computer.  There are active exploits currently being used on the Internet to do this.

Your safest immediate course of action is to not use Internet Explorer until a patch is issued by Microsoft.  Instead, use Firefox, Safari, or Chrome.  Unless you are using version 9.3 of Opera, you should quit using it as well.

On another note, there was an article in the news recently which named Firefox as the most insecure application of 2008.  The article is highly biased, however, and the criteria for defining insecure applications ruled out the inclusion of Internet Explorer.  Still, it’s worth a read to help raise awareness about the vulnerabilities of computing on the Internet these days.

Whatever browser you use, you should know that exploits are found in all of them.  As exploits are discovered, they are usually patched as soon as possible, and it’s well worth checking for and installing the latest versions often.  Until patches are released, however, it’s a good plan to switch browsers.

Posted on

Apple Attacks On The Rise?

We here at Geekamongus are by no means partial to one operating system over another.  We love Macs, we love Linux, we love Solaris, and we love those other guys.  Seriously, in no way do we ever intend on taking sides, and articles such as this one are not to be mistaken as an attack upon a particular vendor, nor should they be misconstrued as a statement proclaiming that we prefer other platforms.

That said, some news items of late have raised a few eyebrows upon the foreheads of the security-minded regarding Apple and their operating system, OS X.  For example, there seems to be a new variant of an OS X trojan out there, according to the folks at macnn.com.

Judging by the responses from the opinionated users at the bottom of that article, the Mac fan base may be smart enough to avoid such malicious software.  Cynicism aside, it is clear there is an entirely untapped user base upon which Phishing attacks may be starting to prey.  One must consider the fact that people who have used Macs their whole lives may not be as familiar with such vulnerabilities, where web sites attempt to trick you into downloading a plugin with ulterior motives in mind, and that they could be more easily fooled into taking the bait.  Heck, it would seem the folks at Apple could use some tutelage about Microsoft viruses too.

Seeing as Apple still considers themselves to be rather impervious to viruses, trojans, worms, and their ilk, I don’t forsee this getting better any time soon, even though they did briefly post a note about using antivirus software on their website.  One thing Microsoft users have going for them is that they are by-and-large more aware of common Internet vulnerabilities because they run into them more often, and they must take steps to avoid them.  Some may even have received training in the workplace or from a geeky neice or nephew.

Granted, OS X is based upon a relatively secure Unix kernel and the Apple marketshare is much smaller than that of Microsoft.  That can certainly help when talking about the prevention of spreading traditional viruses, trojans, and worms.  However, when a user is unaware and clicks “OK” to download and install seemingly legitimate plugin, all bets are off.  And who know what evil is brewing in the basements of evildoing jerkfaces to target OS X itself in ways which Windows users are unfamiliar with.

Posted on

PCI Compliance

The other day I had an old client forward me an email from their credit card processing company, saying that the server upon which their website was hosted failed their PCI Compliance security check.  I had never heard of this and was wary that it might be a service they were being tricked into adding on, but upon further investigation, I learned that many credit card processing companies are now instituting this new security policy, which is designed to tighten up security on web servers in order to decrease the chances of credit card theft.

This sounded all well and good, and I figured that with my background in securing servers to meet Department of Defense standards it ought to be a breeze.  Little did I know that the server in question would put up quite a battle for the lone reason that it was running Plesk, the web host management tool.  I had written off Plesk long ago, having ditched the server I had it running on after many issues with it, and I thought I would never have to work with it again, but alas…

I started Googling, of course, and found some great resources out there which cover the tightening up of Plesk in order to meet PCI compliance.

One of the best articles I found was at linux-advocay.org, which explains how to fix issues with Courier, Qmail, Apache, SSL, and iptables in case you don’t have Plesk’s Firewall add-on.

Also, a fellow by the name of DrJermy writes of his solutions about dealing with Plesk and PCI Compliance.

For some general information about what PCI compliance is all about, check out pcicomplianceguide.org.

My Take

As I worked through the PCI issues with the client who contacted me, I started realizing that the standards by which the server was being scanned were presumptuous in that they didn’t take into account back porting, as implemented by RedHat, and that they were making me fix issues which seemed rather trivial in regards to credit card processing security.

If they really wanted to do something that mattered, they should have a look at the NSA’s hardening guides.

Posted on

Google Responds to GMail Vulnerability Allegations

Google says the recent GMail account breeches were due to typical phishing scams, not a vulnerability in GMail itself.

With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords.

They don’t say exactly how the usernames and passwords were harvested, however.  Were people just dumb/gullible enough to type their Google usernames and passwords into some other web site?  Or was there a way for these phishing sites to grab the authentication info from the user’s browser?  Is this the fault of the web browser or a faulty plugin?

While the fingers continue to be pointed, the specific methodology for adding malicious filters to a GMail account by way of a phishing attack remains a threat.

clicky