Comment Spam

I’ve always kept comments switched off on my online ramblings due to the threat of abuse. Now, it appears, Six Apart (writers of Movable Type which powers my blog and TypePad, the hosted blog service) have introduced TypeKey. TypeKey is an online identity specifically designed for commenting on blogs and is integrated with Movable Type.

Great – now I just have to work out how to install it and how to edit all the comment templates to make them fruity.

Perspective

I’m gonna take some stick for this for being a heartless man. But it’s not going to stop me saying it. But before I do let me just say that I am not heartless. Far from it. I have been deeply touched by the South East Asian earthquake. I watched the children swept away. I watched the mother run into the sea trying to save her children. On News 24, safely on my sofa – just like you.

It made me cry.

Then I watched the Vicar of Dibley on New Year’s Day. It made me cry. Richard Curtis is a writer of enormous talent.

For those who missed it, a good description can be found on the BBC’s site.

Follow the link at the bottom to Make Poverty History and read up:

Over the next 12 months a series of landmark meetings are taking place where world leaders can finally stop 30,000 people dying needlessly every day, just because they?re poor.

30,000 people dying needlessly every day

If 150,000 people die as a result of the Tsunami, that’s just 5 average days of death due to Poverty. Poverty that we can stop; that we can change. Death that is so routine, so mundane, that it fails to make the news any more. That’s why we had Break The Chains back in 2000, Band Aid too many years ago and Band Aid 20 this year.

This is mad and we must stop it.

Spyware, OSX and Themes

Apple’s have been more secure than PCs for about as long as I can remember. It’s generally acknowledged, though, that a main reason for that is the lack of value in attacking one.

Seriously, writing a virus, some spyware or other piece of trojan software for the Mac would be pretty pointless with the market penetration they currently have. That’s not a dig – I’m a big Mac fan. I drool over the 17″ Powerbook whenever I pass one and if virtual pc for the mac were just that bit faster then I would seriuously consider it. But if you want market penetration for a piece of malignant code it’s not the platform to exploit.

With corporate and even home machines getting slowly more secure, the use of social engineering attacks, such as the email phishing scams for bank details, become more and more prevalent. One such misrepresentation attack that’s been around for ages, but appears to be on the increase is the use of flash, DHTML and other dynamic web content designed specifically to look like system dialogs. FUIs – Fake User Interface dialogs.

If you’ve spent any time at all on less reputable sites, for whatever reason, you’ll have seen them. Big exclamation icons with phrases like “you computer is infected with spyware, click here to disinfect”. Which should really read “this is an advert from a malicious spyware writer, click here to have your machine hijacked and/or infected”. If you want to see what I mean, look at examples of what was probably the first major campiagn of this type, by Bonzi. Oh, and the subsequent settlement to a class action lawsuit filed in Washington.

So, apart from the obvious benefit that a Mac isn’t vulnerable to the same exploits as a PC (a benefit you can get most of by browsing with Firefox instead of IE) there is another benefit. Everything on the Mac looks different. The window frames, the maximize, minimize and close buttons, the grey bevel buttons all look very different to a PC. This make it obvious to anyone using a Mac that the little dialog is an imposter and not part of the system.

As a poster on MetaFilter says so eloquently:

Of course, we Mac users are nothing but amused by those bogus “error” messages because, well… they don’t look like error messages to us, they look like cheap attempts to trick bumbling PC users into clicking through someplace they wouldn’t otherwise want to go…

You can achieve this effect on your PC, making it easier to recognise threats visually, by installing a skinning tool such as WindowBlinds. Making your windows look different to Windows could make the difference between clicking a dialog and not for many users.

Other, more traditional, tips & tricks can be found on Bruce Schnier’s blog.