5/22/2013

[macsupport] Digest Number 9553

15 New Messages

Digest #9553
2c
Re: OT: UPS for battery back up and surge protection by "Randy B. Singer" randybrucesinger
3a
Re: ATT-Yahoo Phishing attack by "Bob Cook" cookrd1
3c
Re: ATT-Yahoo Phishing attack by "Bob Cook" cookrd1
4a
Re: New iMac hard drive by "Otto Nikolaus" nikyzf
5a
Can I email videos from an iMac? by "Carol" floridabouvs
5b
5d
Re: Can I email videos from an iMac? by "Otto Nikolaus" nikyzf

Messages

Tue May 21, 2013 1:32 pm (PDT) . Posted by:

"HAL9000" jrswebhome

Have you tried a complete shut down by holding Home and Top Button. Move the red screen button to right. After shut down, restart by clicking top button.

If no solution, restoring the iPhone from an iTunes or iCloud backup solves some issues. But this is time consuming, but worth a try.

As a last resort, but a long process, you can completely wipe the iPhone, and restore to default, then manually add back all your data from iTunes or iCloud.

--- In macsupportcentral@yahoogroups.com, "Joan B. Sax, Ph.D." <jsax@...> wrote:
>
> I have looked on line and been referred to various sites from the macsupport listserv and I haven't found any real solution. My iPhone 5 lately has been quirky sound-wise. I have missed calls and my Yocto alarm sound has not been playing. I checked the mute button on the left side of the phone and it was not turned on. Also, it doesn't happen consistently or with every call. Anyone have any ideas?
>
> Joan
>

Tue May 21, 2013 2:37 pm (PDT) . Posted by:

"Jim Saklad" jimdoc01

> Brand names mean nothing. I have had 4 APC UPS fail on me, and I don't mean the batteries died. I am in an area that is not known for power problems and 3 of these were defective out of the box. Thankfully they were warranty replacements with shipping paid by APC.
>
> Buy from a reputable brand, but use the specs as your guideline. Yes, it gets a little technical, and you have to read through the smoke that is thrown up.
>
> Brent

I agree, and I do NOT consider APC to be a "reputable brand".

Try CyberPower <http://www.cyberpowersystems.com/index.html?region=US>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Saklad mailto:jimdoc@icloud.com

Tue May 21, 2013 5:00 pm (PDT) . Posted by:

"Donna Ells" dellis551

I appreciate the feedback. It is normal for us to be blasted at least once a
year. It is a high lightning area, despite all the grounding and
precautions, we still get zapped regularly.
Thanks for letting me ask the question to knowledgeable people, AND for the
link below, Jim.
Donna

From: Jim Saklad <jimdoc@icloud.com>
Reply-To: Mac Support Central <macsupportcentral@yahoogroups.com>
Date: Tuesday, May 21, 2013 5:37 PM
To: Mac Support Central <macsupportcentral@yahoogroups.com>
Subject: Re: [macsupport] OT: UPS for battery back up and surge protection

>
>
>
>
>
>> > Brand names mean nothing. I have had 4 APC UPS fail on me, and I don't mean
>> the batteries died. I am in an area that is not known for power problems and
>> 3 of these were defective out of the box. Thankfully they were warranty
>> replacements with shipping paid by APC.
>> >
>> > Buy from a reputable brand, but use the specs as your guideline. Yes, it
>> gets a little technical, and you have to read through the smoke that is
>> thrown up.
>> >
>> > Brent
>
> I agree, and I do NOT consider APC to be a "reputable brand".
>
> Try CyberPower <http://www.cyberpowersystems.com/index.html?region=US>
>
>

[Non-text portions of this message have been removed]

Tue May 21, 2013 7:47 pm (PDT) . Posted by:

"Randy B. Singer" randybrucesinger


On May 21, 2013, at 8:04 AM, Donna Ells wrote:

> May I ask what UPS you all use for your larger items like TV/Satellite? And
> are you satisfied?

I used to (many years ago) exclusively use and recommend APC UPS's. Since then their quality and company integrity has fallen precipitously, while at the same time their prices have risen compared to the competition. (I really hate overpaying for lower quality.) Worse, many of their consumer class models (around $100) don't include automatic voltage regulation anymore, which I consider an absolute necessity.

Since then I've been recommending CyberPower APS's. This is the model that I most often recommend:

CyberPower 1000AVR ($109 with free shipping)
http://www.amazon.com/CyberPower-CP1000AVRLCD-9-Outlet-Intelligent-1000VA/dp/B000QZ3UG0
or
http://is.gd/iaxI4
(Note that this UPS's battery is user replaceable. A big plus.)

___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________

[Non-text portions of this message have been removed]

Wed May 22, 2013 12:59 am (PDT) . Posted by:

"Dave C" davec2468

Randy,
I might suggest -- for applications other than computers -- a sine-wave output model like this one:

<http://www.amazon.com/CyberPower-CP1500PFCLCD-Sinewave-Compatible-Mini-Tower/dp/B00429N19W/ref=pd_cp_e_0>

For those unfamiliar with electronics ;-) the electrical voltage supplied by the utility company that runs al equipment in your home & business is sinewave voltage. Inexpensive UPS models generate psuedo-sinewave voltage, and the higher-cost models output sinewave voltage. Psuedo-sinewave voltage may, at a minimum, cause audio and video noise in consumer products; a worst-case might be higher operating temperatures of your appliances or catastrophic failure.

I say "may" because it depends on the design of the equipment you've plugged into the UPS. Best ask the appliance manufacturer whether or not pure sinewave power is required.

Best,
Dave

-=-=-=-

On May 21, 2013, at 7:45 PM, Randy B. Singer wrote:

> Since then I've been recommending CyberPower APS's. This is the model that I most often recommend:
>
> CyberPower 1000AVR ($109 with free shipping)
> http://www.amazon.com/CyberPower-CP1000AVRLCD-9-Outlet-Intelligent-1000VA/dp/B000QZ3UG0
> or
> http://is.gd/iaxI4
> (Note that this UPS's battery is user replaceable. A big plus.)

[Non-text portions of this message have been removed]

Wed May 22, 2013 1:41 am (PDT) . Posted by:

"Dave C" davec2468


On May 21, 2013, at 8:04 AM, Donna Ells wrote:

> If we unplug the APC 1000 XS AFTER a power outage (even immediately), then
> the APC begins losing its charge and never fully charges again, even though
> it will indicate 75% - 100% charge, when the daily power surge occurs from
> our rural electric co-op, the TV and Satellite will black out and reboot.

Donna,
The reason for never fully recharging -- how old are these UPSes? Old batteries will not reach full charge -- it's the normal result of aging.

Dave

[Non-text portions of this message have been removed]

Tue May 21, 2013 2:58 pm (PDT) . Posted by:

"Bob Cook" cookrd1

Brent,
Have you never heard of a MTM attack? Have you never heard of server side
compromises that send you to the capture site for your credentials? No
need to click on a link, you chose to go to the site, not knowing of these
scenarios. Under these scenarios, you will gladly give up your
credentials and not know anything happened. Now I have your cutsey "secure"
password that you likely reused on other sites (or perhaps I got it from
hacking the ow database of a site you use). Using a good PW Manager
program is imperative for novices and pros alike. A good one is not just a
form filler.

You are concerned about your email address being "confirmed&quot;. Your email
address is already known good since it was likely harvested from someone's
address book. And, if I wanted to make up email addresses, it is easy to
design a program or purchase a cheap hacker toolkit to do this and validate
them automatically.

Last, by having your PW Manager create secure, unique passwords, you are
not vulnerable to a key logger, which most AV programs will not catch, by
design.

Most of us enjoy the Mac because it is not vulnerable to most Windows
problems. However, everything discussed above pertains to any OS.

On Tuesday, May 21, 2013, N.A. Nada wrote:

> **
>
>
> I am not aware that any did that, and if you have gone to the bad site,
> then you have already confirmed the e-ddress is good and have possibly just
> visited a "drive-by" malware site.
>
> Too little, too late.
>
> That is also why I will not use a PW manager that will auto-fill.
>
> It is better to recognize that the phishing was just that, and not respond
> or react to the attempt.
>
> Brent
>
> On May 21, 2013, at 11:09 AM, Bob Cook wrote:
>
> Brent,
>
> A good PW manager, such as LastPass, will recognize you are not on the
> correct site based on its IP address. The fact that LastPass did not fill
> out your login credentials is your warning that you are not on the legit
> site. And, if you let LastPass use gibberish for passwords, you won't be
> able to fill in from memory.
>
> Bob
>
> On Tuesday, May 21, 2013, N.A. Nada wrote:
>
> > **
> >
> >
> > Bob, phising is social engineering to get you to reveal your password, so
> > a password manager will not help in this case.
> >
> > For phising, or spoofing, when the sender is pretending to be one of your
> > accounts, the best thing to do is not to use any links on the _any_
> email.
> > If you have an account with the supposed company, either type in the
> normal
> > URL you use or use one of your existing bookmarks and check out the
> > information.
> >
> > Remember, nothing has to happen immediately. But do check it out shortly
> > if you are uncertain, just by other means.
> >
> > Now can we get back on topic, Apple devices and software?
> >
> > Brent
> >
> > On May 21, 2013, at 6:20 AM, Bob Cook wrote:
> >
> > If you use a good password manager, you will never be the victim of an
> > attack like this...because the IP address does not match.
> >
> > -Bob
> >
> > On Mon, May 20, 2013 at 3:14 PM, HAL9000 <jrswebhome@yahoo.com<javascript:_e({}, 'cvml', 'jrswebhome%40yahoo.com&#39;);><javascript:_e({},
> 'cvml', 'jrswebhome%40yahoo.com&#39;);>>
> > wrote:
> >
> >> **
> >>
> >>
> >> Be warned, this looked official as it used the ATT & Yahoo Logos:
> >>
> >> Dear Mail User,
> >>
> >> Ensuring the safety and security of your data is important to us.
> >>
> >> This is an important update to inform you that your E-mail account has
> >> exceeded its limit and needs to be validated. If not validated within 24
> >> hours, Your account shall be suspended. Click HERE to update your e-mail
> >> account now.
> >>
> >> We strive to give you the best email experience possible and regret any
> >> inconvenience this might have caused.
> >>
> >> Kind regards,
> >>
> >> The att.net Mail team
> >>
> >> Please do not reply to this message. This is a service email related to
> >> your use of att.net Mail.
> >>
> >>
> >>
> >
> > [Non-text portions of this message have been removed]
> >
> > ------------------------------------
> >
> > Group FAQ:
> > <http://www.macsupportcentral.com/policies/>
> >
> > Yahoo! Groups Links
> >
> >
> >
>
> --
> -Bob
>
> [Non-text portions of this message have been removed]
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

--
-Bob

[Non-text portions of this message have been removed]

Tue May 21, 2013 6:58 pm (PDT) . Posted by:

"N.A. Nada"

To be truthful, I have not heard of a MTM, man-in-the-middle, attack used on the internet.

But the reason I don't use a pw manager, or pw vault, that auto-fills is for just that reason. I use the human as the disconnect between password and the entry of the pw. AFTER, the human goes to the URL, and checks the URL arrived at and the web page. If anything is wrong, I stop.

That is why I don't use links in email, even from what I think to be from the proper source.

A few seconds of pause by the human, and a firm belief that the internet is not a safe and cuddly place. It is only trustworthy if you are always on your guard.

You're wrong about your assumption of my passwords, they are randomly generated alpha-numeric with symbols as allowed. I have over 450 unique entries in my password vault.

Why are you bringing up Windows vulnerability? We are talking about phishing, a form of social engineering, not malware.

Brent

On May 21, 2013, at 2:58 PM, Bob Cook wrote:

Brent,
Have you never heard of a MTM attack? Have you never heard of server side
compromises that send you to the capture site for your credentials? No
need to click on a link, you chose to go to the site, not knowing of these
scenarios. Under these scenarios, you will gladly give up your
credentials and not know anything happened. Now I have your cutsey "secure"
password that you likely reused on other sites (or perhaps I got it from
hacking the ow database of a site you use). Using a good PW Manager
program is imperative for novices and pros alike. A good one is not just a
form filler.

You are concerned about your email address being "confirmed&quot;. Your email
address is already known good since it was likely harvested from someone's
address book. And, if I wanted to make up email addresses, it is easy to
design a program or purchase a cheap hacker toolkit to do this and validate
them automatically.

Last, by having your PW Manager create secure, unique passwords, you are
not vulnerable to a key logger, which most AV programs will not catch, by
design.

Most of us enjoy the Mac because it is not vulnerable to most Windows
problems. However, everything discussed above pertains to any OS.

On Tuesday, May 21, 2013, N.A. Nada wrote:

> **
>
>
> I am not aware that any did that, and if you have gone to the bad site,
> then you have already confirmed the e-ddress is good and have possibly just
> visited a "drive-by" malware site.
>
> Too little, too late.
>
> That is also why I will not use a PW manager that will auto-fill.
>
> It is better to recognize that the phishing was just that, and not respond
> or react to the attempt.
>
> Brent
>
> On May 21, 2013, at 11:09 AM, Bob Cook wrote:
>
> Brent,
>
> A good PW manager, such as LastPass, will recognize you are not on the
> correct site based on its IP address. The fact that LastPass did not fill
> out your login credentials is your warning that you are not on the legit
> site. And, if you let LastPass use gibberish for passwords, you won't be
> able to fill in from memory.
>
> Bob
>
> On Tuesday, May 21, 2013, N.A. Nada wrote:
>
>> **
>>
>>
>> Bob, phising is social engineering to get you to reveal your password, so
>> a password manager will not help in this case.
>>
>> For phising, or spoofing, when the sender is pretending to be one of your
>> accounts, the best thing to do is not to use any links on the _any_
> email.
>> If you have an account with the supposed company, either type in the
> normal
>> URL you use or use one of your existing bookmarks and check out the
>> information.
>>
>> Remember, nothing has to happen immediately. But do check it out shortly
>> if you are uncertain, just by other means.
>>
>> Now can we get back on topic, Apple devices and software?
>>
>> Brent
>>
>> On May 21, 2013, at 6:20 AM, Bob Cook wrote:
>>
>> If you use a good password manager, you will never be the victim of an
>> attack like this...because the IP address does not match.
>>
>> -Bob
>>
>> On Mon, May 20, 2013 at 3:14 PM, HAL9000 <jrswebhome@yahoo.com<javascript:_e({}, 'cvml', 'jrswebhome%40yahoo.com&#39;);><javascript:_e({},
> 'cvml', 'jrswebhome%40yahoo.com&#39;);>>
>> wrote:
>>
>>> **
>>>
>>>
>>> Be warned, this looked official as it used the ATT & Yahoo Logos:
>>>
>>> Dear Mail User,
>>>
>>> Ensuring the safety and security of your data is important to us.
>>>
>>> This is an important update to inform you that your E-mail account has
>>> exceeded its limit and needs to be validated. If not validated within 24
>>> hours, Your account shall be suspended. Click HERE to update your e-mail
>>> account now.
>>>
>>> We strive to give you the best email experience possible and regret any
>>> inconvenience this might have caused.
>>>
>>> Kind regards,
>>>
>>> The att.net Mail team
>>>
>>> Please do not reply to this message. This is a service email related to
>>> your use of att.net Mail.
>>>
>>>
>>>
>>
>> [Non-text portions of this message have been removed]
>>
>> ------------------------------------
>>
>> Group FAQ:
>> <http://www.macsupportcentral.com/policies/>
>>
>> Yahoo! Groups Links
>>
>>
>>
>
> --
> -Bob
>
> [Non-text portions of this message have been removed]
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

--
-Bob

[Non-text portions of this message have been removed]

------------------------------------

Group FAQ:
<http://www.macsupportcentral.com/policies/>

Yahoo! Groups Links

Tue May 21, 2013 9:36 pm (PDT) . Posted by:

"Bob Cook" cookrd1

Brent,
It is not my job to educate you. I can send you to a web page that is not
the real site and you would have no idea from your address bar, especially
since you thought you were on the proper site in the first place. The
fallacy of not knowing the IP address of the page you are viewing before
you type in the password. A good PW manager would know this and that would
be your warning, your only warning.

BTW, unless your passwords are 14 characters, or the hash isn't properly
salted or encrypted, an $800 box can crack them in a matter of hours. Did
you properly encrypt and salt the password hashes in your "vault"?

Kudos to you for doing what you are doing as this is a lot better than a
large percentage of people. But, if you think you are not prone to a social
engineering attack, you are sadly mistaken. The other thing in your favor
is that no one, except maybe the IRS, really cares enough to attack you,
and they are evidently above the law and don't need hacker tactics.

Anyone reading this, just use a good password manager. Many Apple users use
1Password, but I prefer LastPass because I need one that works across OS
X/Windows/Linux/iOS/Android and doesn't rely on Dropbox or iCloud.

On Tuesday, May 21, 2013, N.A. Nada wrote:

> **
>
>
> To be truthful, I have not heard of a MTM, man-in-the-middle, attack used
> on the internet.
>
> But the reason I don't use a pw manager, or pw vault, that auto-fills is
> for just that reason. I use the human as the disconnect between password
> and the entry of the pw. AFTER, the human goes to the URL, and checks the
> URL arrived at and the web page. If anything is wrong, I stop.
>
> That is why I don't use links in email, even from what I think to be from
> the proper source.
>
> A few seconds of pause by the human, and a firm belief that the internet
> is not a safe and cuddly place. It is only trustworthy if you are always on
> your guard.
>
> You're wrong about your assumption of my passwords, they are randomly
> generated alpha-numeric with symbols as allowed. I have over 450 unique
> entries in my password vault.
>
> Why are you bringing up Windows vulnerability? We are talking about
> phishing, a form of social engineering, not malware.
>
> Brent
>
> On May 21, 2013, at 2:58 PM, Bob Cook wrote:
>
> Brent,
> Have you never heard of a MTM attack? Have you never heard of server side
> compromises that send you to the capture site for your credentials? No
> need to click on a link, you chose to go to the site, not knowing of these
> scenarios. Under these scenarios, you will gladly give up your
> credentials and not know anything happened. Now I have your cutsey "secure"
> password that you likely reused on other sites (or perhaps I got it from
> hacking the ow database of a site you use). Using a good PW Manager
> program is imperative for novices and pros alike. A good one is not just a
> form filler.
>
> You are concerned about your email address being "confirmed&quot;. Your email
> address is already known good since it was likely harvested from someone's
> address book. And, if I wanted to make up email addresses, it is easy to
> design a program or purchase a cheap hacker toolkit to do this and validate
> them automatically.
>
> Last, by having your PW Manager create secure, unique passwords, you are
> not vulnerable to a key logger, which most AV programs will not catch, by
> design.
>
> Most of us enjoy the Mac because it is not vulnerable to most Windows
> problems. However, everything discussed above pertains to any OS.
>
> On Tuesday, May 21, 2013, N.A. Nada wrote:
>
> > **
> >
> >
> > I am not aware that any did that, and if you have gone to the bad site,
> > then you have already confirmed the e-ddress is good and have possibly
> just
> > visited a "drive-by" malware site.
> >
> > Too little, too late.
> >
> > That is also why I will not use a PW manager that will auto-fill.
> >
> > It is better to recognize that the phishing was just that, and not
> respond
> > or react to the attempt.
> >
> > Brent
> >
> > On May 21, 2013, at 11:09 AM, Bob Cook wrote:
> >
> > Brent,
> >
> > A good PW manager, such as LastPass, will recognize you are not on the
> > correct site based on its IP address. The fact that LastPass did not fill
> > out your login credentials is your warning that you are not on the legit
> > site. And, if you let LastPass use gibberish for passwords, you won't be
> > able to fill in from memory.
> >
> > Bob
> >
> > On Tuesday, May 21, 2013, N.A. Nada wrote:
> >
> >> **
> >>
> >>
> >> Bob, phising is social engineering to get you to reveal your password,
> so
> >> a password manager will not help in this case.
> >>
> >> For phising, or spoofing, when the sender is pretending to be one of
> your
> >> accounts, the best thing to do is not to use any links on the _any_
> > email.
> >> If you have an account with the supposed company, either type in the
> > normal
> >> URL you use or use one of your existing bookmarks and check out the
> >> information.
> >>
> >> Remember, nothing has to happen immediately. But do check it out shortly
> >> if you are uncertain, just by other means.
> >>
> >> Now can we get back on topic, Apple devices and software?
> >>
> >> Brent
> >>
> >> On May 21, 2013, at 6:20 AM, Bob Cook wrote:
> >>
> >> If you use a good password manager, you will never be the victim of an
> >> attack like this...because the IP address does not match.
> >>
> >> -Bob
> >>
> >> On Mon, May 20, 2013 at 3:14 PM, HAL9000 <jrswebhome@yahoo.com<javascript:_e({}, 'cvml', 'jrswebhome%40yahoo.com&#39;);><javascript:_e({},
> 'cvml', 'jrswebhome%40yahoo.com&#39;);><javascript:_e({},
> > 'cvml', 'jrswebhome%40yahoo.com&#39;);>>
> >> wrote:
> >>
> >>> **
> >>>
> >>>
> >>> Be warned, this looked official as it used the ATT & Yahoo Logos:
> >>>
> >>> Dear Mail User,
> >>>
> >>> Ensuring the safety and security of your data is important to us.
> >>>
> >>> This is an important update to inform you that your E-mail account has
> >>> exceeded its limit and needs to be validated. If not validated within
> 24
> >>> hours, Your account shall be suspended. Click HERE to update your
> e-mail
> >>> account now.
> >>>
> >>> We strive to give you the best email experience possible and regret any
> >>> inconvenience this might have caused.
> >>>
> >>> Kind regards,
> >>>
> >>> The att.net Mail team
> >>>
> >>> Please do not reply to this message. This is a service email related to
> >>> your use of att.net Mail.
> >>>
> >>>
> >>>
> >>
> >> [Non-text portions of this message have been removed]
> >>
> >> ------------------------------------
> >>
> >> Group FAQ:
> >> <http://www.macsupportcentral.com/policies/>
> >>
> >> Yahoo! Groups Links
> >>
> >>
> >>
> >
> > --
> > -Bob
> >
> > [Non-text portions of this message have been removed]
> >
> > ------------------------------------
> >
> > Group FAQ:
> > <http://www.macsupportcentral.com/policies/>
> >
> > Yahoo! Groups Links
> >
> >
> >
>
> --
> -Bob
>
> [Non-text portions of this message have been removed]
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

--
-Bob

[Non-text portions of this message have been removed]

Tue May 21, 2013 11:21 pm (PDT) . Posted by:

"N.A. Nada"

Bob,

No one said you had to educate me.

You're getting further from the topic of the subject line.

I have yet to hear of a spoofed web site where the URL is exactly like the authentic site. DNS servers, to my knowledge would not allow two IP addresses to use the same URL. Spoofed site URLs are similar but not the same.

If the URL is spoofed, then it is not a known site to me and I would not be going there from an email. Like I said, I would either use one of my bookmarks or type in the URL myself. Yes, I have mis-typed and gone to similar sites, but quickly realized the mistake.

You're right, I am not a big target, even from the IRS. Sorry, that sounds like paranoia, and even further off topic.

I believe that I am less prone to social engineering than most. Infallible, no, just above average.

Other than Linux, I believe 1Password, Password Plus and Keeper handle all the of the other OS, including iOS and several other mobile device OS. I don't even store my passwords or private information or documents on work computers or devices.

I'm glad you brought up Dropbox and iCloud. I don't use cloud servers, other than to keep a few collaborated or public documents. I definitely don't keep passwords or private documents on someone else's server. I don't even keep music on a cloud server. But then again that is not the topic of this thread.

Brent

On May 21, 2013, at 9:36 PM, Bob Cook wrote:

Brent,
It is not my job to educate you. I can send you to a web page that is not
the real site and you would have no idea from your address bar, especially
since you thought you were on the proper site in the first place. The
fallacy of not knowing the IP address of the page you are viewing before
you type in the password. A good PW manager would know this and that would
be your warning, your only warning.

BTW, unless your passwords are 14 characters, or the hash isn't properly
salted or encrypted, an $800 box can crack them in a matter of hours. Did
you properly encrypt and salt the password hashes in your "vault"?

Kudos to you for doing what you are doing as this is a lot better than a
large percentage of people. But, if you think you are not prone to a social
engineering attack, you are sadly mistaken. The other thing in your favor
is that no one, except maybe the IRS, really cares enough to attack you,
and they are evidently above the law and don't need hacker tactics.

Anyone reading this, just use a good password manager. Many Apple users use
1Password, but I prefer LastPass because I need one that works across OS
X/Windows/Linux/iOS/Android and doesn't rely on Dropbox or iCloud.

On Tuesday, May 21, 2013, N.A. Nada wrote:

> **
>
>
> To be truthful, I have not heard of a MTM, man-in-the-middle, attack used
> on the internet.
>
> But the reason I don't use a pw manager, or pw vault, that auto-fills is
> for just that reason. I use the human as the disconnect between password
> and the entry of the pw. AFTER, the human goes to the URL, and checks the
> URL arrived at and the web page. If anything is wrong, I stop.
>
> That is why I don't use links in email, even from what I think to be from
> the proper source.
>
> A few seconds of pause by the human, and a firm belief that the internet
> is not a safe and cuddly place. It is only trustworthy if you are always on
> your guard.
>
> You're wrong about your assumption of my passwords, they are randomly
> generated alpha-numeric with symbols as allowed. I have over 450 unique
> entries in my password vault.
>
> Why are you bringing up Windows vulnerability? We are talking about
> phishing, a form of social engineering, not malware.
>
> Brent
>
> On May 21, 2013, at 2:58 PM, Bob Cook wrote:
>
> Brent,
> Have you never heard of a MTM attack? Have you never heard of server side
> compromises that send you to the capture site for your credentials? No
> need to click on a link, you chose to go to the site, not knowing of these
> scenarios. Under these scenarios, you will gladly give up your
> credentials and not know anything happened. Now I have your cutsey "secure"
> password that you likely reused on other sites (or perhaps I got it from
> hacking the ow database of a site you use). Using a good PW Manager
> program is imperative for novices and pros alike. A good one is not just a
> form filler.
>
> You are concerned about your email address being "confirmed&quot;. Your email
> address is already known good since it was likely harvested from someone's
> address book. And, if I wanted to make up email addresses, it is easy to
> design a program or purchase a cheap hacker toolkit to do this and validate
> them automatically.
>
> Last, by having your PW Manager create secure, unique passwords, you are
> not vulnerable to a key logger, which most AV programs will not catch, by
> design.
>
> Most of us enjoy the Mac because it is not vulnerable to most Windows
> problems. However, everything discussed above pertains to any OS.
>
> On Tuesday, May 21, 2013, N.A. Nada wrote:
>
>> **
>>
>>
>> I am not aware that any did that, and if you have gone to the bad site,
>> then you have already confirmed the e-ddress is good and have possibly
> just
>> visited a "drive-by" malware site.
>>
>> Too little, too late.
>>
>> That is also why I will not use a PW manager that will auto-fill.
>>
>> It is better to recognize that the phishing was just that, and not
> respond
>> or react to the attempt.
>>
>> Brent
>>
>> On May 21, 2013, at 11:09 AM, Bob Cook wrote:
>>
>> Brent,
>>
>> A good PW manager, such as LastPass, will recognize you are not on the
>> correct site based on its IP address. The fact that LastPass did not fill
>> out your login credentials is your warning that you are not on the legit
>> site. And, if you let LastPass use gibberish for passwords, you won't be
>> able to fill in from memory.
>>
>> Bob
>>
>> On Tuesday, May 21, 2013, N.A. Nada wrote:
>>
>>> **
>>>
>>>
>>> Bob, phising is social engineering to get you to reveal your password,
> so
>>> a password manager will not help in this case.
>>>
>>> For phising, or spoofing, when the sender is pretending to be one of
> your
>>> accounts, the best thing to do is not to use any links on the _any_
>> email.
>>> If you have an account with the supposed company, either type in the
>> normal
>>> URL you use or use one of your existing bookmarks and check out the
>>> information.
>>>
>>> Remember, nothing has to happen immediately. But do check it out shortly
>>> if you are uncertain, just by other means.
>>>
>>> Now can we get back on topic, Apple devices and software?
>>>
>>> Brent
>>>
>>> On May 21, 2013, at 6:20 AM, Bob Cook wrote:
>>>
>>> If you use a good password manager, you will never be the victim of an
>>> attack like this...because the IP address does not match.
>>>
>>> -Bob
>>>
>>> On Mon, May 20, 2013 at 3:14 PM, HAL9000 <jrswebhome@yahoo.com<javascript:_e({}, 'cvml', 'jrswebhome%40yahoo.com&#39;);><javascript:_e({},
> 'cvml', 'jrswebhome%40yahoo.com&#39;);><javascript:_e({},
>> 'cvml', 'jrswebhome%40yahoo.com&#39;);>>
>>> wrote:
>>>
>>>> **
>>>>
>>>>
>>>> Be warned, this looked official as it used the ATT & Yahoo Logos:
>>>>
>>>> Dear Mail User,
>>>>
>>>> Ensuring the safety and security of your data is important to us.
>>>>
>>>> This is an important update to inform you that your E-mail account has
>>>> exceeded its limit and needs to be validated. If not validated within
> 24
>>>> hours, Your account shall be suspended. Click HERE to update your
> e-mail
>>>> account now.
>>>>
>>>> We strive to give you the best email experience possible and regret any
>>>> inconvenience this might have caused.
>>>>
>>>> Kind regards,
>>>>
>>>> The att.net Mail team
>>>>
>>>> Please do not reply to this message. This is a service email related to
>>>> your use of att.net Mail.
>>>>
>>>>
>>>>
>>>
>>> [Non-text portions of this message have been removed]
>>>
>>> ------------------------------------
>>>
>>> Group FAQ:
>>> <http://www.macsupportcentral.com/policies/>
>>>
>>> Yahoo! Groups Links
>>>
>>>
>>>
>>
>> --
>> -Bob
>>
>> [Non-text portions of this message have been removed]
>>
>> ------------------------------------
>>
>> Group FAQ:
>> <http://www.macsupportcentral.com/policies/>
>>
>> Yahoo! Groups Links
>>
>>
>>
>
> --
> -Bob
>
> [Non-text portions of this message have been removed]
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

--
-Bob

[Non-text portions of this message have been removed]

------------------------------------

Group FAQ:
<http://www.macsupportcentral.com/policies/>

Yahoo! Groups Links

Wed May 22, 2013 4:23 am (PDT) . Posted by:

"Otto Nikolaus" nikyzf

It's actually very easy.

Buy an enclosure for the new drive. These usually come with all the cables
you need. Prices vary a lot so don't buy the first you see.

Fit the drive and connect it to the Mac using a FireWire or USB cable.

Format the new drive using Disk Utility. There's a thorough description
here.
<
http://help.bombich.com/kb/overview/preparing-your-backup-disk-for-a-backup-of-mac-os-x
>

You now have some options so report back when you get this far.

Otto

On 21 May 2013 20:58, Noel Vetter <crankigeezer@gmail.com> wrote:

> Thank you Jim, Otto and Daly for your information and assistance. Since I
> purchased this iMac close to 6 years ago nothing as really malfunctioned
> with it, unlike my old MS loaded PC, hence, I have a steep learning curve
> ahead of me regarding this matter. It will be a challenge and I will learn
> much more about this in the next few days or more. Will do much more
> research and figure out how to get this done. I'm an old geezer but rest
> assured I am not so old that I can't learn this....we all start
> somewhere....I just got a very late start when it comes to the Mac.
>
> Again THANK YOU all very much for your input. I will let you know how this
> works out in the future. Doubt it will be over the counter at a Genius
> bar!!
>

[Non-text portions of this message have been removed]

Wed May 22, 2013 8:12 am (PDT) . Posted by:

"Carol" floridabouvs

I took a couple of 2-minute videos and wifi transferred them to the Mac, then put them in iPhoto. I would like to email them to family, but apparently can't with iPhoto.
So is there a way to email videos from a Mac?
Thanks, I'm still a fairly new user.
Carol

Wed May 22, 2013 8:30 am (PDT) . Posted by:

"Jim Saklad" jimdoc01

> I took a couple of 2-minute videos and wifi transferred them to the Mac, then put them in iPhoto. I would like to email them to family, but apparently can't with iPhoto.
> So is there a way to email videos from a Mac?
> Thanks, I'm still a fairly new user.
> Carol

If you use Apple's Mail, there is a paperclip icon in the top right of the "compose a message" window, that will let you navigate to the file you need (or search for it by name), then insert it into the mail message you are creating. I'm sure other Mail software has something similar.

Also, you can navigate to the file(s) in question in the Finder, then drag'n&#39;drop them into an open compose window in Mail.

That said, some mail servers have size limits that may stop you from sending videos. Then you would have to upload them to a site and direct your correspondent to that site.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Saklad mailto:jimdoc@icloud.com

Wed May 22, 2013 8:48 am (PDT) . Posted by:

"Dave C" davec2468

Carol,
For example, Gmail & Yahoo have 25 MB & 20 MB file size limitations.

If your videos are larger, consider using Dropbox:

https://www.dropbox.com/

Your friends can retrieve the files directly from your Mac (or so appears, for simplicity).

Dave

Sent from my iPod

On 22 May 2013, at 08:30 AM, Jim Saklad <jimdoc@icloud.com> wrote:

That said, some mail servers have size limits that may stop you from sending videos. Then you would have to upload them to a site and direct your correspondent to that site.

[Non-text portions of this message have been removed]

Wed May 22, 2013 9:35 am (PDT) . Posted by:

"Otto Nikolaus" nikyzf

I would say that 10 MB is probably a safer assumption for most email
providers.

Dropbox is good, and you can use it on your iPhone/iPad too.

Otto

On 22 May 2013 16:48, Dave C <davec2468@yahoo.com> wrote:

> Carol,
> For example, Gmail & Yahoo have 25 MB & 20 MB file size limitations.
>
> If your videos are larger, consider using Dropbox:
>
> https://www.dropbox.com/
>
> Your friends can retrieve the files directly from your Mac (or so appears,
> for simplicity).
>

[Non-text portions of this message have been removed]

GROUP FOOTER MESSAGE