By popular request - how not to get phished on facebook

And what to do about it if you, or someone you follow is:

I want to touch it - but I shouldn't - but I want to.... Private browsing for beginners

We've all seen it - a friend posts a salacious or silly picture or video, with a comment meant to entice us into clicking - and the next thing you know you've got some obnoxious page posting links all over your wall, without your control. And your friends are all over you because they clicked it too and it's on THEIR wall. This form of Facebook spam is really out of control lately - I see more and more reasonably careful people being attacked by it - heck I even fell for one the other day. But what is a person to do? That link is SO TEMPTING - surely your friend wouldn't post something noxious?

So here's how to safely find out if the link is legit or not - without having to subject yourself to the embarrassment of the links being propagated on your page:

In IE8/9, Chrome and Firefox there is a concept known as "private browsing". Private browsing disables all your normal cookies, and every time you use it, it empties the cache. This way there is nothing left behind by the private browsing experience, and the browsing doesn't have access to your normal cookies (like the one Facebook uses to help applications track what your personal information is). If you do create a cookie within a private browsing session that cookie is deleted when you get out.

In Chrome this is known as an "incognito window" and a new private browsing session is opened from the "wrench" in the upper right by selecting "New Incognito Window". In IE8/9 it is known as InPrivate browsing, and is selected by clicking on the Shield in IE8/9 and selecting "InPrivate Browsing" or on the Gear in IE8/9 and selecting Safety/InPrivate Browsing. In Firefox you go to Tools and select "Start Private Browsing".

Ok so now that we know how to do Private Browsing how do we use it to check those suspcious links? First thing to do is to create your window using the methods above. Then go back to your original window with FACEBOOK in it - in that window RIGHT CLICK on the link you want to check and choose "Copy Shortcut". Then go to the private browsing window address bar and choose PASTE to paste the address into the address bar. Press enter to bring up the content. HERE IS THE IMPORTANT PART: NEVER EVER enter any facebook information into this window. If you are prompted to login to facebook to see the contents, or are asked to "SHARE" your facebook information for a better browsing experience or ANY prompt for ANY personal date whatsoever, including asking you to press a facebook like button - just close the window. Don't respond to the request, and cease viewing the information because it's link bait. A legit link will not ask you for this stuff.

Private Browsing does NOT protect you from viruses, or from behavior like clicking on a link and installing malware software. You still have to be reasonably careful about what you do in that private window.

Oh no. I clicked it. It phished me - now what......

Now that you've foolishly clicked the link and it phished you and posted to your wall unwillingly - you need to remove trace of it from your wall so as not to infect others. Click the X next to the post and remove it (or choose remove app if available). This doesn't get rid of everything though. You also want to "unauthorize" that app/page from accessing your personal data:

• go to Account (upper right), privacy settings, lower left is apps and websites, click edit settings for using apps,
• next to "apps you use", click edit settings,
• click the X next to the app that phished you (And next to any other apps you don't really want rummaging around in your personal details)....
• While you're there go back up a level in privacy settings and click on the edit settings next to "Info accessible through your friends" and uncheck everything there. You don't need to share any of that with friends of friends.
• If you use apps have pity on your friends walls and choose Only Me next to game and app activity unless it's really a social game and you want to spam your wall with notices
• Click through on instant personalization and uncheck it - you don't want random websites you might surf onto to drive-by your personal info and snag it.
• One of the things that the new sites do is tag your friends in a photo that has a link back to the site. A truly annyoing additional bit of spam. You can easily avoid this however. Go to account/PRivacy settings, app settings, choose info accessible through your friends and (my recommendation) uncheck everything, or at least uncheck photos and videos I'm tagged in and your wall. Apps other people sign up for shouldn't have access to your information.
• Courtesy of (Lin Daniel): Not a bad idea to check and be sure they haven't added a page too... It's a tad more complex than editing Apps. In the upper left corner, click Profile. On the right side, under your Profile picture, click Info. Scroll on down to the section labeled Activities and Interests. Click the Edit button. Click "Show Other Pages". Go to the bottom, since most new items are put there, and delete any pages you don't recognize. Scroll on up, and make sure there aren't any other pages hiding in the middle. You might want to check the other "Likes" as well, just to make sure. Yup, it's tedious and time consuming, but it'll bite you if you don't.

If you feel you really NEED to visit the site - heed the warning in my other note about how to check links for phishing first.

Has your friend/acquaintance been Phished and posted something they didn't mean to on their wall...

If so - do them a favor. LET THEM KNOW. The most important part of fixing a phishing incident is education so that the person knows what happened, knows how to fix it and can hide the post off their wall as quickly as possible. This way the post doesn't spread to others who curiously click it. But did you know that you too can play a role in suppressing the objectionable material?
While the person has posted it and not yet removed it from their wall it still shows up on YOUR wall. If someone is browsing your wall - there's the link to click - they trust it because they trust you and your friends. Now you can't control your friends posts, but you CAN control what shows up on your wall. After informing your friend (I usually do it as a separate post) simple click the X next to the post (it's hidden but if you hover your cursor over the post it will show up). Select delete post from wall, and then - to help Facebook identify it as a phishing post select "Advanced" from the menu that comes up and identify the post as SPAM/SCAM - this will hopefully help Facebook block all posts from that source at some point in the future.
Feel free to pass this note alont to your friends. You could save someone from from an embarassing episode.

Spicy thai noodles with thai chicken sausage

Spicy thai noodles with thai chicken sausage

by Lee Drake on Sunday, May 30, 2010 at 10:40pm

Tonights successful dinner recipe:

Stir fried in butter:
- Spicy Thai chicken sausage from the market
- Garlic, lemongrass, diced fresh plum tomatoes, chopped fresh coriander, salt and pepper to taste, juice of 1/2 lime
- Peppardellas Spicy Thai whole wheat noodles prepared al dente (boil about 6-7 minutes)

A side of fresh seedless watermelon

Melt 1.5-2TBS of butter over medium high heat, stir fry the garlic and lemongrass until the garlic begins to brown, add the thai sausage broken into small chunks, cook until the caramel color starts to come out on the surface

Add the diced plum tomatoes and stirfry until they get soft, add the coriander and salt and pepper to taste - cook for about a minute more until the coriander turns a dark green and is a bit limp.  Remove from heat and add the lime juice.

Serve with wedges of lime over the spicy thai noodles.

Microsoft updates major security flaw

As you know I am loathe to run around about the latest security releases saying “the sky is falling”. Last night, however, Microsoft released an extremely important security patch – out of band from their normal Tuesday security patch release. The security hole this patch addresses would allow an attacker to potentially drop files on a server or workstation that could be run simply by viewing them in file explorer. This would allow a hacker to potentially take over a machine without anyone ever clicking on a file or running it. Files could arrive by USB Drive, email, hacks, web uploads – any of a number of vectors. This is an extremely dangerous issue, which is actively being exploited by criminals trying to interfere with US operations by taking over manufacturing sites and control systems, stealing retail credit cards and identities, and a variety of other activities. It is imperative that your servers and workstations be updated as soon as possible to avoid allowing this vulnerability to spread. Once a system is infected with this problem it becomes very difficult to remove it since you cannot view files without re-running the virus. In addition, it spreads by so many different vectors that we can’t just rely on something like an email filter to remove all possible sources of contamination. The very best way to avoid this problem is to run Windows Updates AS SOON AS POSSIBLE on all your servers and workstations. It’s especially critical to protect workstations, but you should VERIFY that all servers and workstations have been updated – even if you believe them to be set on automatic updates. Each server or workstation will need to be rebooted after the patch is applied to fully implement the patch.

If you are running Windows XP SP2 – you need to update to SP3 before you can patch for this vulnerability. Service packs MUST BE DONE MANUALLY – automatic updates does not apply service packs, and must be done logged in as an administrator. Be sure you verify that your XP system is at least service pack 3, then update all the patches that are recommended after the service pack is applied. Microsoft no longer support XP SP2 with new security releases.

If you are running Windows 7 be sure to patch BOTH your core Win7 operating system and any virtual XP instances that you run.

If you need assistance with any tasks related to this issue, please call Jim Rock at the office at 585-756-2444 and he can help you (on a ticket basis) to update and verify that your systems are no longer vulnerable either remotely or by going onsite. We would rather you spent a little bit up front to be sure this is patched – then to pay us a lot later if there is a problem. This update needs to be applied ASAP, which is why Microsoft released it quickly. Even if you have automatic updates on, we recommend that you force the update through Internet Explorer (on windows xp machines or virtual machines) by going to updates.microsoft.com, or for Vista and Win7 machines by choosing Windows updates from your start menu.

To read more about the problem and its impact see the following Microsoft Knowledgebase article: http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx  If you do NOT use us for your IT support and you didn’t get a warning this morning from your current IT support – consider using us in the future. This is the kind of proactive service we provide for all our technical support customers.