AVG 8 and Mozilla Thunderbird

Something I ran into on a system of a relative.

When running AVG 8’s outbound mail scanner and your ISP does not require you to provide a username and password when connecting for an outbound SMTP session…

Make sure that you do NOT check the checkbox in the SMTP settings dialog near the username and password field in ThunderBird. If you do, you probably have trouble sending email.

This seems to only happen with AVG 8 or later when you check the scan outgoing messages option in AVG system tray application.

Near miss with phishing mail

Recently I came back from a snowboarding vacation. Only half an hour home after a 12 hour drive I had to check my e-mail.

Too bad I missed the sender and recipient address on an e-mail message. I f-ed up and clicked a link leading me to a PayPal phishing site. I logged in and the site asked for my credit card details straight up. WTF!?! PayPal wouldn’t do that.

I immediately changed my password for PayPal. They didn’t have time to harvest my account. But they sure tried, because PayPal has blocked my account and has me jumping through the usual hoops to let me prove I’m still in control of my PayPal account.

Sigh! Just when I was about to purchase MarsEdit. I never thought I would fall for one of those phising e-mails. But finally I almost missed one, I never thought I would be so stupid.

Moral of this story:

Always double check the links you click in e-mails.

TrueCrypt released for MacOSX, using MacFuse

Yesterday TrueCrypt version 5.0 has been released. Nothing special you might say, but then again, you might not be running Mac OSX. TrueCrypt has been released for the Mac as well. The cool thing about it is that it uses MacFuse.

Download TrueCrypt here.
You will find several options suitable for your system.

MacFuse is a kernel extension for the OSX operating system allowing mounting of file systems in user space. With MacFuse a user can mount a file system dynamically without needing super user privileges. MacFuse is based on the original Fuse kernel extension for Linux based operating systems. With MacFuse/Fuse you can do cool things like an mounting a remote file system over SSH, a screenshot file system dynamically generating screen shots of all active windows on your desktop or just about any other piece of data that can be mashed in to a hierarchical layout or read/write NTFS file systems. You probably think this is boring. But the thing is, it’s all dynamic. Without MacFuse I guess implementing TrueCrypt for Mac would have been a whole lot harder.

With the release of the latest TrueCrypt using a secure portable drive is finally a decent option for me. Sure OS X already has the concept of secure DMG files. But those are kinda Mac only. And I have to be able to carry stuff between my Mac and several Windows machines.

One word of caution though, remember that you do need to make some form of back-up of all your encrypted data. Back-up the individual files or the entire encrypted disk image. Because if only one bit falls over in your encrypted disk, the entire disk will be corrupted. Correction supplied by Honza in the comments. The behaviour of TrueCrypt is more like a real hard drive. If a bit falls over, only the file containing the tainted section will fail.

Why won’t people use PGP/GPG?

GPG logoIt seems that in my web of trust everybody just trust each-other. I poked around a bit here and there, but it seems nobody is using a tool like Gnu Privacy Guard.

Everybody seems so concerned with data theft, yet nobody seems to act against it. Also, wouldn’t you like to be able to verify to some degree if someone is actually who they claiming to be when receiving an important e-mail? I would, but it just seems nobody cares. In fact today I’ve read a news bulletin stating that Dutch teenagers throw any reservations out the window when there’s a chance to have something for free. To me that is just shocking. Yes I am aware that certain information about me is readily available through this weblog. But that is a choice I have made while fully understanding the implications involved.

Not to mention this new beta system Google is about to release. Something involving a private storage space where you can store/backup your files. Of-course all linked into your GMail account. Sure the service Google provides is great, and I in fact wouldn’t really mind that Google indexes my some of my stuff. But the entire package where my e-mail, back-ups, search terms and what not are all indexed and possibly tied together. Now that sounds like power play to me.

Because of the above and other reasons, I’d like to ask people to start thinking about the “safety” of your data. No problem in not encrypting and signing your stuff. But make sure you do so after good deliberation. Also after you set things up, the pain is over. Your mail application can help you sign, decrypt, encrypt and validate messages with ease. Just look around a bit and most likely your favourite client can be extended with a plug-in of some sort with ease.