9/21/09

Be Careful With Those Firefox Extensions

People who know me from my consulting and teaching days, or who have read my web site from my consulting days, have read my blog. or have been in a class I taught, know that I am a pretty cautious guy when it comes to the Internet.

Today, via web mail, I was checking my personal (non-APL) email. I saw one of the messages was from Hallmark Postcards, saying I had a postcard from someone. Now, I already knew that it was spam, just from that information. What I should have done was just check the box next to it and click on "Report Spam." Instead I opened the message. No problem. I saw the URL for the card, so I "hovered" my mouse over it. It was "postcard.exe." Into the spam folder with you, sucker!

A few minutes later I got a call from someone in the IT department here at APL. One of our security devices indicated I tried to download that file. It blocked the download and reported it. Now, the Windows executable would have done nothing on my Mac, and recall I did not click on it to download it. What had happened?

I looked through the add-ons and extensions I had in Firefox. Sure enough, amidst the security-related add-ons, I also had added Interclue, "Your Personal Link Preview Multitool." It promises, "Before you click the link: Hover your mouse pointer over the link, and a Linkclue icon will appear. Rest your mouse on the icon, and up pops an enhanced summary of the linked page."

Hmmm. I don't think it actually tried (or tries) to download anything. I think that our security software saw this in the stream and triggered an alarm. (On the other hand, what does it mean to "preview" an executable? I'm not sure, and I didn't need Interclue enough to want to keep it. I uninstalled it and restarted Firefox.

Update
I heard from my co-worker in the IT department. He writes:
What our network systems saw is the following exchange between your host and the remote server
Request from your host:
GET /postcard.exe HTTP/1.1
Host: nn.nn.nn.nn
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Reply to the request:
HTTP/1.1 302 Moved Temporarily
Date: Mon, 21 Sep 2009 14:05:36 GMT
Connection: close
Via: HTTP/1.1 localhost.localdomain (Websense-Content_Gateway/7.1.2 [c s f
])
Location:
http://nn.nn.nn.nn/cgi-bin/blockpage.cgi?ws-session=3741857785
Content-Length: 0
This, of course, shows your host asking for postcard.exe and our Websense device referring your host to a block page thereby preventing the download. Your Firefox plug-in wants to provide a preview of the web page. To provide a preview, it apparently downloads the web page (or at least part of it). Otherwise, how would it know what the page looks like so it could provide a preview? It looks like a rather dangerous plug-in, one designed for a more friendly Internet.
I agree. Avoid this Firefox extension.

9/12/09

Safeguard your Notebook Computer

No matter how careful you are about physically protecting your small notebook computer, you need to plan for the worse. A few months ago, The Unofficial Apple Weblog (TUAW) had an article 9 things I learned from almost losing my MacBook Air. It is Mac-specific in the details, but no matter whether you have a MacBook, a Windows notebook, or something else, computers are getting smaller, disks are getting larger, and that raises the vulnerability to information loss. And no matter what you think, you have data on your computer that, in the wrong hands, could cost you money.

It reminded me of a few columns, not Mac-specific, I wrote years a few years back:

9/11/09

9/11 + 8



8:46, impact
9:03, impact
9:37, impact
9:59, collapse
10:03, crash
10:28, collapse

9/9/09

New Software: iTunes 9.0 and iPod touch 3.1 update

I'll make this short and sweet. I updated my iPod touch software to 3.1 and my iTunes to 9.0, both announced today (among other things you can find on the Apple Website. I installed iTunes thorough the iTunes program, checking for software update. It downloaded iTunes 9.0, Quicktime Player 7.6.4, and restarted my PowerBook.

I started iTunes. Anytime I accessed the iTunes store it crashed. So, I manually downloaded iTunes 9.0. It works fine now.

See 3.1 features and iTunes 9.0 features for more information.