Saturday, June 30, 2007

Hi, my name is Pop and I'm an addict

It all started yesterday when I read multiple reports that the iPhone was living up to the hype pretty much.

Then there were the pictures. iPhones being used everywhere, and the ultimate geek porn: iPhone dissection pictures!

How can one resist? Yet I did.

I thought it was safe to go up to the Apple store this morning. I thought they would be out of stock by now and that I would be able to safely handle a demonstration unit for a few minutes, being unable to buy one.

A quick fix, as we addicts refer to this sort of thing. Just some juice to get me going for a few more weeks.

No such luck. There were still some units in stock and I was in and out the store in 2 minutes, carrying with me a few ounces of the stuff.

So there you have it. I'm an addict.

They say admitting you have a problem is the first step towards a cure. I hope this keeps me from buying the 30 GB model as soon as it comes out.

Monday, June 18, 2007

Instant Karma

What I see when I go to instantkarma.org:

Instant Karma requires the Adobe Flash Player version 9.


Instant Karma indeed.

Wednesday, June 13, 2007

Phishing: companies don't care as much as they should

I got an e-mail pretending to be from Yahoo! security. It had a link to a page hosted overseas. In that page there's a link to a Windows executable (a virus, keylogger, or whatever it is). Doesn't bother me much because I'm on a Mac.

But I try to be a good guy so I forwarded that to Yahoo!, and I got this answer:

"Hello,

Thank you for writing to Yahoo! Customer Care.

Thank you for contacting us about your concerns regarding this
possible abuse of Yahoo! services.

Since the apparent instance of abuse is not hosted by Yahoo!, we are
not able to take direct action on this complaint. (...)"


Sounds reasonable, right? It's not. Here's one truth about phishers: they don't like to pay for bandwidth. And if they're using someone else's compromised system, they don't want the page to load slowly.

However, they still need to make their fake page look like the real thing, right? One thing they like to do is link (a lot) to the original website they are trying to forge. So Yahoo! may not host the page itself, but it does host many elements referenced in it. Images included.

So why doesn't Yahoo! replace this image file (which is linked directly in that forged page) with a phishing alert? That would tell users "Do not download the file. It's a virus!".

Of course it's not a perfect solution. For one, Yahoo! would have to stop using the image in their legitimate pages. And the phishers would get smart eventually. But it would save some people a lot of grief, and that makes it worth doing.

If you care, that is...