Yahoo Account Password Change

Yahoo Account Password Change

So Yahoo!, are you saying that you let my account get hacked yet again? This despite my increasingly complex passwords that I now have to write down because I can’t remember them?

Yahoo Account Password Change

This is the fourth time this year I’ve seen this message. If this is part of some policy to force a password change every 90 days, then say so. Saying there was “unusual” account activity simply leads me to believe that you allowed someone to hack my account. Or worse yet, you’re somehow mistaking my own usage as “unusual.”

On the other hand it’s not like I really care too much anymore. As a user of your service since 1997 I have seen repeated changes for the worse, mostly removal of popular and useful services. Yahoo Groups? Useless and full of spammers. Yahoo Personals? Closed years ago. Yahoo Mail? Changed so many times it’s effectively useless.

Let’s take Yahoo Mail. When going into Yahoo Mail I now get a message stating that I need to upgrade my browsers. But they’re all upgraded to the latest already! You don’t need to tell me this every single time I login. Then there is the fact that clicking on messages in my inbox to open them may or may not work. Half the time nothing happens, a quarter of the time there is a time out error message, the rest of the time it works. If you delete an email it is a 50/50 chance that it takes you back to the inbox view or the next unread message. SPAM Emails get through on a constant basis, and then you’ve added an advertisers link to the top of my inbox that looks like an unread email. Yes it gets eyeballs and clicks – by accident. Yes I know you’re providing a free service, but this is beyond silly.

Then lets add in Yahoo’s penchant for Rollover ads, these are ads that go from itty bitty icons to huge “take over your screen” ads without any warning. Usually while you’re in the middle of reading something. Oh, and they’re also right on Yahoo News’ front page. A resource I used to use daily. Guess when the last time I looked at Yahoo! News was? I’ll give you a hint, it now numbers times per a year for about five minutes instead of daily for a couple of hours.

This problem is rampant across the entire Yahoo! platform. Look at what they did to Flickr. At first glance it LOOKS nice, even though they are blatantly copying other successful sites. But try using it for about 30 seconds and it becomes an exercise in frustration. The only good news is that the traffic has died down so much that the discussion groups are quiet.

Oh wait, that isn’t good news! I spent nearly five minutes trying to find my local photography group to find out when and where the next Meet-up and photoshoot was. The last post in a formerly busy group was the July 2013 Meetup notice. And nothing since then. A spot check of a variety of other formerly busy groups shows the exact same problem. So where is the improvement to service if people are having a hard time using it?

For an idea of other services that Yahoo has screwed up, er, I mean “closed due to a lack of popularity,” see the Yahoo! Wikipedia Article. Many of these were incredibly useful and popular services that Yahoo! closed in their infinite wisdom. Were they loosing money on any of these services? Doesn’t it make sense that even if it was only breaking even that they keep these services alive to bring people into the Yahoo.com “platform.” What’s really weird is how they purchased so many companies, and then ended up killing the companies within a couple of years.

Yahoo!, here is a wakeup call. I’m going to move totally away from your email service. I’m going to delete my flickr account and all my photos, and stop using your services. I know that this is only one set of eyeballs, and I probably don’t amount to much profit for you. But I’m also sure that I’m not the only one doing this.

How To Fix: H4ck3d by R3d Dr4GoN

How To Fix: H4ck3d by R3d Dr4GoN

This happened to me on both of my WordPress blogs, this one, and Pacific Northwest Photoblog. This could happen to any site though, not just WordPress sites.

How To Fix: H4ck3d by R3d Dr4GoN

First off, do not panic.

Either way clearing this up is pretty easy. In both cases there was a 301 Redirect in my .htaccess file on the very first line. I removed this and was able to get to sub pages. The main page continued to be a problem though. Looking closer I found that I had an index.php and index.html page. Since WordPress renders completely in PHP, the presence of Index.html was a bit strange. Taking a look at it I found:

HTML>

H4ck3d By R3d Dr4GoN






This Site Is

Very clearly this is incorrect. So I renamed Index.html to Index.hack, refreshed my main and everything was back to normal! After this be sure to change the password to your terminal/ftp user, create new SSH keys or create new ones if you don’t have any, and just to be safe, change your WordPress blog admin password.

While the actual hack was pretty amateurish, and was likely done by a script that exploited known security issues, it shows just how important proper security is in this day and age. And more importantly, it shows that no matter what you know, and how much you prepare – you will get hacked someday.

How To: Disable OS X Quick Look

How To: Disable OS X Quick Look

Quick Look in OS X is an awesome feature. I’m constantly using it to check out PDF files without needing to open them.

But in some environments, it doesn’t make sense or causes a huge amount of issues.

So to disable this, in the terminal type; (as root or admin user)

defaults write “$3/System/Library/LaunchAgents/com.apple.quicklook” Disabled -bool true

Restart the Finder, and you’re good to go!

This works in 10.6.x but apparently crashes 10.5.x (I’m not able to confirm the later as I don’t have 10.5)

How To: Force Safari to Download PDF Files

How To: Force Safari to Download PDF Files

I hate having my Internet Browser display PDF files when I click on them. I much prefer them to be downloaded. Here are two commands that changes this default behavior.

in terminal (as Admin or Root user) type:
defaults write com.apple.Safari
WebKitOmitPDFSupport -bool YES

Essentially you’re removing PDF Support from Safari so that it doesn’t know what to do with the files. Safari simply downloads the file to the /User/Downloads directory instead.

Keep in mind that updating Safari or Adobe Acrobat may change the PDF handling behavior back to the default. Yes, it is also possible to right click on a PDF and use “Download Linked File,” but this process is more automated.

Poking a hole in that pesky firewall.

Poking a hole in that pesky firewall.

There are more than a few ways to access a firewall.  I will be giving a brief tutorial for one of the more common methods. Called “poking a hole”, or professionally called an SSH back door.  Please, please be careful with this, any script kiddy with 30 lines of code can exploit an SSH server.

This is a great post by IBM detailing it pretty well. If you have any question feel free to leave a comment and I will assist you.

  1. SSH from ginger to blackbox.example.com with the -R flag. I’ll assume that you’re the root user on ginger and that tech will need the root user ID to help you with the system. With the -R flag, you’ll forward instructions of port 2222 on blackbox to port 22 on ginger. This is how you set up an SSH tunnel. Note that only SSH traffic can come into ginger: You’re not putting ginger out on the Internet naked.You can do this with the following syntax: ~# ssh -R 2222:localhost:22 thedude@blackbox.example.com

    Once you are into blackbox, you just need to stay logged in. I usually enter a command like:

    thedude@blackbox:~$ while [ 1 ]; do date; sleep 300; done

    to keep the machine busy. And minimize the window.

  2. Now instruct your friends at tech to SSH as thedude into blackbox without using any special SSH flags. You’ll have to give them your password: root@tech:~# ssh thedude@blackbox.example.com .
  3. Once tech is on the blackbox, they can SSH to ginger using the following command: thedude@blackbox:~$: ssh -p 2222 root@localhost
  4. Tech will then be prompted for a password. They should enter the root password of ginger.

Thanks IBM.