Mike's Mostly Tech blog

LastPass Warns of Potential Breach, Ratchets Up Security

OK FOLKS, TAKE NOTE LAST PASS MAY HAVE BEEN HACKED!!

I don’t use them, but I know many people who do! CHANGE YOUR MASTER PASSWORD IMMEDIATELY!
It’s important to note that they have no evidence that anyone was actually compromised – YET.

Once you change your master password any breach that may have happened will be rendered moot. Their service is still good, I’m sure – just not good enough for me.

I have used KeePass for years and looks like I will continue to do so now for sure – it is open source and resides on YOUR system(s). It may not be as ‘slick’ and completely web based as LastPass but I trust it more. I guess I will NOT be migrating to that service after all.

As a systems administrator and IT guy, I have no less than 78 items in my main password safe! And I have a few smaller ‘safes’ for some of my clients. So it is necessary for me to have a place to keep them all and of course a flat file or piece of paper wouldn’t work.
I keep a KeePass safe on my machines that I sync and also on a usb drive. I have always believed in owning my information.

Be safe folks.

New Mac Trojan horse and Security tips from the NSA

There is a new Mac Trojan horse masquerades as virus scanner – read about that here . This is another example of social engineering – tricking users into making security mistakes.
Users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing this. Essentially this is ‘ransomware’. It requires payment to ‘stop’ the ‘infection’. AND the payment information is often then sold to other nefarious people.

Remember that NO operating system is immune to attack. And since every system is utilized by humans they remain the biggest weak link – humans that is.

Also in other security news the NSA has released some good advice and documents for better security practices with your home network, and Operating Systems (including Mac OSX).
Read about that here. [via PCMAG Security watch blog].

Nearly all of this contains information that I and other security people have been saying for years but is well worth reading.

Consolidating and Cleaning up iTunes library and files

After consolidating, merging and updating a bunch of separate iTunes libraries and directories I was annoyed at how messed up my iTunes library and directories had become. I tried moving and ‘consolidating’ my library as described here for PC here for Mac go here. This method should retain all your playlists and remove many duplicates. There is also an Apple script to help if you are on Mac.

If you are on a Mac you can probably get by with using the move/consolidate technique and some GREAT script/apps located here. Doug’s main site is here and worth checking out. I can’t say enough about the value of these tools – well worth the low price!

But sadly for me and many others nearly all my music is on (and managed) via Windows machines and *nix storage. So that still left me with loads of duplicates and entries with no actual files (file not found in iTunes). I also had come across loads of other music folders and libraries on old machines – many which had music that I didn’t in my current library but of course loads of duplicates.

So I was off to create a ‘clean’ iTunes library – No duplicates and all files correctly tagged. There are some applications that may do what I need for PC (as I’ll mention at the end) but I wanted to try and do it via freeware tools. [Take note that the following will eliminate your playlist and counts! So if you really need to have your playlist or play counts preserved don’t go further and try one of the paid options!]

Now, on to my adventure….

I deleted the original library. The location of your library files can be found here.

I then installed the latest greatest version of iTunes. After install, I set my directory options [in advanced preferences] to a new clean location on my HDD. I also set the option to ‘import new music to iTunes directory’.

I copied all my various music directories (from all machines and drives – both networked and external] to a temporary location; I ended up with about 7 different folders with loads of iTunes music directories.

I would then used that location to ‘import’ back into iTunes by selecting the ‘File’>Add Folder to Library’ option.

After all the importing was done I could see LOADS of doubles and garbage. So I set off to first remove the actual EXACT file duplicates.

Remember that many songs have the same Title, Artist and description tags (musically speaking) but may actually be different versions – live, acoustic, re-mastered etc., or from different albums such as compilations or soundtracks. So in iTunes you may see many doubles (if you go to File>Show Duplicates) that are really not actual duplicates!

My goal was to first delete the actual files that were exact file duplicates.

To do this I used the freeware tool Duplicate Cleaner download here. This looks for files based on their MD5 hash signature – so the file it finds are EXACTLY the same.

Download and install it and then run it. Select the location of your iTunes music folder and Choose scan.

When the scan is complete you should all your duplicate files.

Then you can highlight the ones you want to mark for deletion. Click on first item then the space bar and use the arrow key to move up or down to highlight next selections and press the space bar to ‘check’ the next and keep going till you have all your doubles or others you want removed highlighted.

Choose your delete or ‘move’ options. You may want to just move the items if you are really concerned about deleting files you might really want or need to keep.

Then I used the tool called iTunes Library Updater from here.

Download and install it.

Then open iTunes and minimize it.

Then open the iTunes Library Updater and run it.

Locate your iTunes music directory, as I mentioned, I put mine to a different location for easy sharing/backup/cleanup.

Select the folder

Here I chose the above options. Then ‘Start’

Then wait till done

Click close, close the application and then close iTunes.

Then reopen and check iTunes.

I actually did the above a few times and it made a HUGE difference in my library!

Real duplicates seem to be gone and my music tags appear to be much more in order too!

As I’ve mentioned, there are many other articles and some tools that are supposed to do all of this.

There are two highly rated applications – TuneUp is one and the other is Rinse, which may even do this even better, but they are not free (both run $39.00 I think). And I haven’t used either of them yet.

Here is Tune Up and over Here is Rinse.

Here is one such article with another tool.

But, I still haven’t found anything that has done as well a job as my above method for FREE.

I hope this helps some. Next time I might spring for the paid apps but I did learn something and maybe you will too! Good luck!

Your iPhone Is Secretly Tracking Everywhere You’ve Been

I am not sure how many have heard about or actually even care.
But, this does sound scary as sh*t to me! It’s time that we as consumers have more choice on what information we choose to ‘share’ with providers and vendors. Things like this should be disclosed to consumers.

“Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronized.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.” [from here]

So if someone were to get a hold of either your phone or gain access to your computer they could find out where you go often, what time and how often.

If you want to actually see what is there you can (and should!) check out this open source freeware application.

Gizmodo.com has a super article on this too, check it out here.

What if GW had done this?!

SOME OF YOU WILL APPRECIATE THIS AND SOME OF YOU MAY NOT. I DO NOT APOLOGIZE.

BECAUSE ALL OF IT IS TRUE…

If George W. Bush had doubled the national debt, which had taken more than two centuries to accumulate, in one year, would you have approved?

If George W. Bush had then proposed to double the debt again within 10 years, would you have approved?

If George W. Bush had criticized a state law that he admitted he never even read, would you think that he is just an ignorant hot head?

If George W. Bush joined the country of Mexico and sued a state in the United States to force that state to continue to allow illegal immigration, would you question his patriotism and wonder who’s side he was on?

If George W. Bush had put 87,000 workers out of work by arbitrarily placing a moratorium on offshore oil drilling on companies that have one of the best safety records of any industry because one company had an accident would you have agreed?

If George W. Bush had used a forged document as the basis of the moratorium that would render 87000 American workers unemployed would you support him?

If George W. Bush had been the first President to need a TelePrompTer installed to be able to get through a press conference, would you have laughed and said this is more proof of how inept he is on his own and is really controlled by smarter men behind the scenes?

If George W. Bush had spent hundreds of thousands of dollars to take Laura Bush to a play in NYC, would you have approved?
If George W. Bush had reduced your retirement plan’s holdings of GM stock by 90% and given the unions a majority stake in GM, would you have approved?

If George W. Bush had made a joke at the expense of the Special Olympics, would you have approved?

If George W. Bush had given Gordon Brown a set of inexpensive and incorrectly formatted DVDs, when Gordon Brown had given him a thoughtful and historically significant gift, would you have approved?

If George W. Bush had given the Queen of England an I-Pod containing videos of his speeches, would you have thought this embarrassingly narcissistic and tacky?

If George W. Bush had bowed to the King of Saudi Arabia , would you have approved?

If George W. Bush had visited Austria and made reference to the nonexistent "Austrian language," would you have brushed it off as a minor slip?

If George W. Bush had filled his cabinet and circle of advisers with people who cannot seem to keep current in their income taxes, would you have approved?

If George W. Bush had stated that there were 57 states in the United States , would you have said that he is clueless.

If George W. Bush would have flown all the way to Denmark to make a five minute speech about how the Olympics would benefit him walking out his front door in Texas , would you have thought he was a self important, conceited, egotistical jerk.

If George W. Bush had been so Spanish illiterate as to refer to "Cinco de Cuatro" in front of the Mexican ambassador when it was the 5th of May (Cinco de Mayo), and continued to flub it when he tried again, would you have winced in embarrassment?

If George W. Bush had misspelled the word "advice" would you have hammered him for it for years like Dan Quayle and potatoes as proof of what a dunce he is?

If George W. Bush had burned 9,000 gallons of jet fuel to go plant a single tree on Earth Day, would you have concluded he’s a hypocrite?

If George W. Bush’s administration had okayed Air Force One flying low over millions of people followed by a jet fighter in downtown Manhattan causing widespread panic, would you have wondered whether they actually get what happened on 9-11?

If George W. Bush had failed to send relief aid to flood victims throughout the Midwest with more people killed or made homeless than in New Orleans, would you want it made into a major ongoing political issue with claims of racism and incompetence?

If George W. Bush had created the position of 32 Czars who report directly to him, bypassing the House and Senate on much of what is happening in America , would you have approved.

If George W. Bush had ordered the firing of the CEO of a major corporation, even though he had no constitutional authority to do so, would you have approved?

If George W. Bush had pronounced the Marine Corps like Marine Corpse would you think him an idiot?

So, tell me again, what is it about Obama that makes him so brilliant and impressive? Can’t think of anything? Don’t worry. He’s done all this in 24 months — so you’ll have one year and ten months to come up with an answer.

Every statement is factual and directly attributable to Barack Hussein Obama. Every bumble is a matter of record and completely verifiable.

My only other question is why is the main stream media and press not in hysterics over these issues?!

Massive Data breach again – protect yourself

The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as College Board students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.

The list of companies is HUGE! TiVo, JP Morgan Chase, Capital One Financial, US Bank, the Kroger grocery chain, teleshopping company HSN Inc., Verizon Communications Inc, Blackstone Group LP’s Hilton Hotels, Kraft Foods Inc, and AstraZeneca and more.
According to the reports only email addresses and name information was stolen. So you may just get an extra does of spam. But you can never be sure.

You can read more about it HERE and HERE.

Update Even more news here!

My advice is to reset your account passwords if you use any of these merchants and as always, use extremely strong passwords – preferably using applications like LastPass or KeePass to create super strong passwords and manage all your accounts information.

Either of these apps should be used by EVERYONE anyways. LastPass being the easiest for most.

Keep safe folks!

Backup your Facebook Profile Information

I am going to show you two (2) methods of obtaining your Facebook contact information; Names and email account information. One via a browser extension/add-on and another via using an ‘intermediary’ email account – in this case Yahoo.

As I have written many times I love me my Firefox browser. With the add-ons/extensions and tweaks I use, I am able to make use of my Browser as my most important productivity tool. With Firefox extension/add-ons and Greasmonkey extensions I have been able to do just about everything I’ve ever needed to with a browser.

I do also use Internet Explorer for some of my Microsoft sites where it is needed and Google Chrome – though primarily a portable version and/or on my Linux builds. It is also good to check any site building/scripting in all these browsers for differences in behavior.

One reason I don’t use Chrome that often is that although I love many things Google (Gmail and Google Apps in particular), I don not like the fact that just about EVERYTHING you type into Chrome address bar gets sent back to Google! AND the ‘google updater’ is constantly running in the background.

For this reason I use Chrome portable. You can pick up the latest version here. [For a Standalone Installation – To install a portable app by itself, or manually, just browse to the location of the [AppName]_Portable_x.x.paf.exe file you downloaded. Double-click the file to start the installation. Follow the on-screen prompts and select the location you’d like to install to. Within the directory you select, an [AppName]Portable directory will be created containing the portable app.]

Method 1 – Chrome Extension:

Now for the fun! I just found a Chrome extension that is totally awesome but so far is not available or does not have a like kind for Firefox 4. Get a copy of Chrome and install this extension – It is called the "Facebook Friend Exporter", get it here.

This extension allows for exactly what it says. You can install this plugin, log into Facebook, go to your ‘Friends’ page and then export all of your friends profile information that is contained in YOUR Facebook profile page(s).
This extension will allow you to get your friends information that they shared to you:
– Name
– Emails
– Phone numbers
– Screen names
– Websites
– Address
– Birthdays

Two methods of exports
– CSV file (if you have many friends, greater than 500, it will be very slow)
– Gmail Contacts (It will place them into a folder called "Imported from Facebook")

Notes:
– An "Export" button will appear on Facebooks toolbar on the top.
– Click on it and it will open a screen to start processing.
– Depending how many friends you have, this may take a very very long time to complete.
– For example: Exporting 100 friends will take at least 30 minutes!!

Additionally I may upload a copy of my portable Chrome build with all the extension already packed in; but that will have to come later.

Method 2 – Via Yahoo:

Another simple method to get Facebook contact information is to use a Yahoo email account.

· Import Facebook Contacts into Yahoo Mail

Step 1

Create a free email account at Yahoo Mail if you don’t have one or a use a new one to keep your contacts separate. Make sure you can send a test email out – to ‘verify’ your account. Log out of the Yahoo Mail account, once created. Close all open browsers.

Step 2

Open a new instance of a web browser and enter the URL for Yahoo. Log into your ‘general’ yahoo account. [make sure if you have the ‘redirect remover’ Firefox add-on installed in your browser to disable it temporarily]

Step 3

Click the "Facebook" button usually down on the lower left hand side. A login prompt will appear requiring a valid Facebook user ID and password.

Step 4

Log into the Facebook account where the contacts reside you wish to get. Open a new ‘Tab’ in your browser and type in Yahoo.com (you should still be signed in there too.) As soon as you logged in through the Yahoo Address page, the Facebook contacts will be available in Yahoo Contacts. Open the Yahoo ‘Contacts’ and choose to ‘get/import’ your contacts. A Facebook icon will be displayed and you will be asked if you are sure you wish to import them. Say yes of course and in a few moments all your Facebook contacts (names and email addresses contained in Facebook address book) will now be in your Yahoo Contacts! That simple!!

Contacts that are in Yahoo can then be exported for use in many other email applications. You can choose to export in a few different ‘.csv’ file formats, a single Outlook file format or a zip file containing all the individual files in an ‘address book card’ files format (.vcf). .VCF files can be imported into many applications – Gmail being one, not just Outlook.

· Export Facebook/Yahoo Contacts as a CSV File

Step 1

Click on the "Address Book" tab in Yahoo Mail.

Step 2

Select "Address Options."

Step 3

Click "Import/Export." The Export dialog box will open.

Step 4

Click the button labeled "Export Now" next to the email client the export will be imported into. For example, if the exported CSV file will be imported into Outlook, select "Outlook."

Step 5

Type a file name for the CSV file into the input box, when prompted and click the "Save As" button. Save the CSV file. The file is now ready to be imported into the specified email client or utilized as data. Super simple!

More Rogue Antivirus/Spyware infecting many!

Users are being ‘Tricked’ into infecting themselves with trojans/virus’
This has been used on probably 1.5 million websites!
And it is increasing! UPDATE! Here is even more evidence that this is HUGE!

I have written about this type of attack before and how to avoid it and stop the ‘infection’.
Please Read Here on that process.

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. [called a social engineering hack] Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

For more information please read this too!!
Here is an excellent video showing how and what happens.

Get 20GB of Amazon Storage on the cheap

Right now Amazon is offering a killer promotion to up the adoption rate of their Cloud Player. If you buy a single MP3 album from Amazon between now and the end of the year you automatically get upgraded to the 20GB storage plan.

The HowToGeek.com has written a great article about how to get 20GB of storage for only $.89 for a year. You should read that article in detail here.

Basically if you purchase ANY album you can get this deal! Read the article above for how they did it. There are a number of ‘Albums’ for only 89 cents.

I, of course, chose to buy an album by my nephew’s band “World in Dreams”. Once purchased I simply chose to save it to the Amazon Cloud Player and was instantly upgraded to 20GB of storage!

Check out the article at the HowToGeek above for some more details. Below are some captures of my experience. Dead simple and quick! Simply logged into my regular Amazon account searched for music, used ‘one-click purchase’ and the album was added to ‘Cloud Player and storage jumped to 20GB.

So looking at my storage now, it is 20GB!!

When I come across these fantastic services I enjoy passing them on. I hope some will find it useful.

Updating to Firefox 4

I’ve written previously of my heavy reliance on Firefox and the many add-ons I use to make my time more productive and enjoyable while using the Internet.

Read here.

Now Mozilla has release the final version of Firefox 4.

Firefox 4 provides a MUCH faster and integrated browsing experience than version 3.x. The speed improvement will be noticed more on systems that allow for ‘hardware acceleration’ (more on that later) but it is still much faster on older systems.

Here is how I went about doing the upgrade.

1^st download and install the latest version of Mozbackup here:

Download location here

Information page here

This application is wonderful. It completely backs up your profile; bookmarks, settings and extensions.

Run Mozbackup and back up your profile(s) completely.

Download/install Add-on Compatibility Reporter. This requires a few Firefox restarts to be properly loaded.

This add-on will let extensions that are not explicitly ‘approved’ for version 4 to run.

And it will provide a nice interface to report those that don’t work correctly to Mozilla and/or the developer.

[If you use LogMeIn (and you should, if you need remote access to machines – Mac or PC!) here is the process to get the older add-on working in version 4:

Download by right-clicking and choosing to ‘save link as’ to your desktop or wherever this file: https://secure.logmein.com/activex/npRACtrl_ff3.xpi and then open the file with a zip extractor:  (this is zip-file, you can use Winzip, 7-Zip or Winrar. I use 7zip,)

extract the file:

install.rdf

modify it the part ‘3.6 – to read 4.6 here: <em:maxVersion>4.6.*</em:maxVersion>

Then save the file and ‘put it back into the xpi (zip file) overwriting the original.

In the xpi file (opened via 7zip or whatever) delete zigbert.rsa in /META-INF folder

Save all back to single xpi file.

Open Firefox then go to the menu bar on top and choose ‘File>Open File’ and select the xpi file and install it.]

OK so let’s get to it!

Download Firefox 4 here and install/upgrade.

I had very few issues with the upgrade on all my machines. So I’ll address them here.

Once installed there are a few things that may need adjusting. I had to do this on some machines and not others.

If your ‘Menu’ bar disappears it can be brought back very simply. Just right-click on free space in one of the toolbars and the selection of ‘Menu Bar’ switches back to the old layout. I also check the ‘Navigation Toolbar’, the ‘Add-on Bar’, and the ‘Bookmarks Toolbar’.

By choosing ‘Customize’ you can select more items to add to the toolbar and place them where you like.

If you have ‘blurry fonts’ you may have an issue with ‘hardware acceleration’.

Simply go to the Options section from the ‘Tools’ context menu. Then in the Advance then General tab you can ‘uncheck’ the ‘Use hardware acceleration when available’.

Tabs on top? The new version puts them there. I don’t like that, you may. Firefox displays tabs on top by default which is a big change for Firefox 3 users. The customize menu has an option to move tabs back down. The entry Tabs on top needs to be unselected to move them below the address bar again.

On my OS X Machines there was one peculiar thing during the installation. Once the dmg was downloaded and mounted I could not copy the install to the applications directory until I trashed the existing Firefox application. Once installed, most of the above still apply.

On Linux (at least on my Ubuntu installs) Firefox 4 is real fast too!

UPDATE:

Lifehacker.com has some great tips on ‘fixing’ some of the quirks with Firefox 4

Well I hope this help some.