Replies

The fingerprint reader needs a bit of oil on your fingertip in order to “see” what’s on the other side of the glass; a washed and dried fingertip is nearly invisible. Rub your fingertip along the side of your nose, and you’ll find that it works just fine.

You have to boot the Mac from the SL installer disk; the installer itself will put up a “Utilities” menu item.

Are you running some sort of anti-malware or anti-phishing “protection” software? Norton was (is?) notorious for sticking its fingers into the gears when you click on a link in an email, causing exactly this behavior.

On a 6,1 iMac (a.k.a. “late 2006”), Lion is the highest officially-supported OS.
You can get Mountain Lion to run, with a bit of hacking: http://forums.macrumors.com/archive/index.php/t-1325709.html
Mavericks requires a lot of hacking: http://forums.macrumors.com/showthread/?t=1593194

There’s one surfire way to keep your security questions safe from educated guesses: lie.
I’ve never had a pet, which makes the name of my beloved first puppy quite a challenge to a would-be hacker.
And not even my parents know the city of my birth.

For folks who don’t have it / can’t find it, Fred’s original article is here:
http://www.informationweek.com/software/operating-systems/langa-letter-xps-no-reformat-nondestructive-total-rebuild-option/d/d-id/1044226

I wish the electronics industry would get its act together and standardize on just a few plug and voltage combinations. Everyone I know has a boatload of wall warts and transformers siting in a box somewhere; there must be billions of these things lying around uselessly by now, a huge waste of resources (and a waste disposal nightmare.) It would be nice to be able to buy a gadget without having to also buy my 124th wall wart. Let the package indicate that I need a “Type K” or whatever, and I can buy one only if I need one.

The “power user” “pseudo-start” menu shows that the geeks in Redmond still don’t get it:
Separate menu items for Command Prompt and Command Prompt (Admin) — really? — while the schlubs (a.k.a. “every last one of our freakin’ users”) have to mouse over to yet another menu to distinguish “restart” from “shut down“. And this might be the most valuable Win8.1 enhancement of all.??? Face-palm, head-desk . . . and resolve to stick with XP for another year.

It’s no wonder that Mac OS-X keeps nibbling away at their market share.

I store my passwords in my contacts folder — using fake names that I recognize as fake.

Thus:
Sidney Banque
2380 Westlake Blvd Apt #14J
Los Angeles CA 91335

Immerse this in your contacts list, and only you will know that your CitiBank password is 2380WestlakeBlvdApt#14j
You can, in most contact lists, add comments, so as an alternative to the address, your list might have a comment, like “Birthday April 28th” (or “Wife Cathy, Son Charles @ U. Michigan”) which is your password, Birthday_April_28th (or WifeCathySonCharles@U.Michigan).

For complete camouflage, you could use the actual contact information of actual people, and adopt their actual addresses or comments as passwords. Use defunct contacts, or random strangers from the phone book, so you won’t inadvertently change the entry. You can look up people named “C. Banker” or “M. Card” (or enter fake comments like “Knows Frank from Citicorp Dallas office”) to provide cues to the relevant accounts.

The memory chips might bring a few dollars on eBay, and they’re light and thin enough for first class mail. The hard drive, unless it’s so small as to be useless, can be installed in an inexpensive external case (again, eBay is your friend) and used for back-up or archiving. (You don’t want it leaving the house in any event, unless you wipe it clean or destroy the platters.) The rest of the carcass is either too obsolete (processor and motherboard) or too heavy (power supply) to be sold online. Offer it on Craigslist, free to the first caller (likely a hobbyist or a scrapper), or wait for your municipal trash department’s next “e-waste day” and ditch it.

… if you have a Mac or Linux machine handy, you can safely pop in a PC (FAT) formatted USB stick, see everything that’s on it, and delete what doesn’t belong, because any .exe files on the stick won’t run.

The local Kinko’s consistently left malware on my USB sticks, and although I told them about it repeatedly, either they didn’t care or they were clueless. 😡 Taking a precautionary peek with my old MacBook became my routine whenever I came back from using their print services.

The only reason to spoof a return email address is if the spammer wants the recipient to recognize the sender, and therefore trust the message. Otherwise, there’s no reason to find and use your email address — the spammer can just make one up. This happened to me recently, and I recognized some of the targeted addresses. Turned out that a spammer in India had hacked into my Yahoo email account (now just a junk account, but I had used it on occasion a couple of years ago), and although there’s no address book, they did harvest about 20 addresses from the 2-year-old “sent mail” list. My guess is that they brute-forced the password (Yahoo allows a million failed logon attempts; they just don’t care), so I upgraded from a 9-character password to 12 characters. (Anyone using Yahoo should do the same.)
It’s also possible that the spammers just made up a random, bogus email address, and happened to hit upon yours, in which case you might be getting this junk for a while. They’ll invent a new one eventually, but if they keep using it, you may find your own email blocked by filters that “recognize” your address as a source of spam.

DrWho (#8 above) has the ticket: GMail has an excellent filter (what used to be Postini, I believe), and if you combine that with a nonsensical and sufficiently long user name that incorporates a couple of hyphens, periods, or underscores (something that brute force address generators aren’t going to produce) you’re pretty much golden.;) (Needless to say, you want to maintain a “garbage” @yahoo.com or @hotmail.com account exclusively for posting to blogs and other web sites.)

The only spam I’ve seen, since going that route, is from friends whose address books have been hijacked. That crap is rare, and easy to spot (when in doubt, a look at the header erases any doubt.)

Retaliation is tempting, but the chances of actually identifying your target are slim — and even if you succeed, at best you’re going to succeed in annoying a scumbag criminal.:mellow: If you get to that point, it’s wiser to advise the relevant authorities, hope they aren’t part of the problem, and get on with your life.

The take-home lesson is that an all-purpose password is only as secure as the least secure site you’ve ever used it at.

Email and social media accounts are not “throwaway” accounts by any means, and should be taken as seriously as financial accounts. I use strong passwords (actually an easy-to-remember multi-word phrase) that I don’t use elsewhere. Passphrases like Im@igersfan and mysonsnameis$am, for example, are secure yet easily memorized. For each site, I systematically add a digit and a few extra symbols, in a manner that’s easy to recall (but impossible to deduce, even if one password does get compromised.)

It’s worth mentioning that the massive vhd file gets changed every time you run the virtual machine. It might be an insignificant change, but it’s a change, and your backup software is likely to notice it and try to back up the “new” version. That’s time-consuming, and thrashes your drives pretty hard, and if it’s also saving “old” versions, you’ll run out of disk space in a hurry. Be sure you set your backup program to ignore the vhd file, or to back it up only rarely.

You will want to back it up, by the way … if the vhd file gets corrupted, it’s the equivalent of a hard drive crash as far as XP is concerned. Without a backup, you’ll have to go back to square 1, downloading and installing XP, and all the installed applications, all over again.