- Invisible Autoupdater: An App’s Best Feature — Gina Trapani quotes Ben Goodger on Chrome: The idea was to give people a blank window with an autoupdater. If they installed that, over time the blank window would grow into a browser.
- Crackpot Apocalypse — analyzing various historical pronouncements of the value of pi, paper author concludes “When πt is 1, the circumference of a circle will coincide with its diameter,” Dudley writes, “and thus all circles will collapse, as will all spheres (since they have circular cross-sections), in particular the earth and the sun. It will be, in fact, the end of the world, and it will occur in 4646 A.D., on August 9, at 4 minutes and 27 seconds before 9 p.m.” Clever commentary and a good example when you need to show people the folly of inappropriate curve-fitting and extrapolation.
- clang — C language family front-ends to LLVM. Development sponsored by Apple, as used in Snow Leopard. (via Nelson Minar)
- OmniAuth — authenticate against Twitter, GitHub, Facebook, Foursquare, and many many more. OmniAuth is built from the ground up on the philosophy that authentication is not the same as identity. (via Tony Stubblebine)
As phishing improves and spreads, the importance of two-factor authentication grows.
Maybe I’m the last person to know this, but phishing has spread beyond email. And it’s not really pretty.
Here’s the story: A few nights ago, I got a Twitter direct message (DM) from a friend saying that someone was saying nasty things about me, with a link. The link was a shortened (t.co) link, so it was hard to see exactly what it pointed to. I followed the link on my cell phone, and got to a website that certainly looked legit, and I was foolish enough to login. Pwnd. A few minutes later, my Twitter account was spewing tweetspam about the latest pseudo-scientific weight loss fad.
It’s all fairly classic, except for a couple of things:
- It happened via Twitter. I haven’t seen this before, but maybe I’m the last to know.
- On the small cell phone screen, it was harder to notice that the fake login screen wasn’t right.
- The guy who sent me the DM had exactly the same story: he was victim of a phish, didn’t notice because of the smaller cell phone screen, and evidently his account was used to forge the DM that was sent to me. So phishes are being chained.
- While we’re used to distrusting messages from companies, we aren’t used to distrusting messages from friends.
Yeah, I was being a bit clueless. And I ignored (though I noticed) the odd, atypical phrasing of the original DM from my “friend.” Changing technology doesn’t make the bad guys learn grammar. But still, wishing I had acted on my instincts is pointless. As a security researcher told me a couple of years ago, highly targeted phishing attacks are going to look so real that you really won’t be able to tell whether or not a message is legit. Read more…