We’ve tackled all the complicated stuff, the walls and mudding are about to begin. First coat of mud will be on tonight.

Does Canada Post know how to protect itself from domain spoofing?

Recently I received a Delivery Notice in my email from deliver4@canadapost.ca, a few days passed and nothing was delivered as promised by the note. Attached to the notice was a PDF that consisted of only one page simply stating “this page is intentionally left blank”.

A call to Canada Post customer service quickly sorted the problem out, the rep informed me that it was a virus going around. Given the spat of PDF embedded viruses that were used to attack Gmail Customers in the high profile Chinese Google hacking case the blank PDF now made perfect sense, thank god I was on a Mac and not a Windows system. How many thousands of calls have they gotten and how many people are now compromised?

Part of what made this virus email look so legitimate was that the  sender successfully used the actual canadapost.ca email address. This ability to spoof a domain ( like canadapost.ca ) in email was identified years ago as a hole in email security. To plug that hole the industry introduced a technically simple way for email providers to protect themselves. It’s called SPF, it’s free, and it’s simple and Canada Post is not doing it.

dig txt canadapost.ca

; <<>> DiG 9.6.1-P2 <<>> txt canadapost.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14041
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;canadapost.ca.            IN    TXT

SPF is simply a list you publish as a DNS records. Using SPF tells the world what mail servers in the world are allowed to send mail from canadapost.ca and what a receiving provider should do if mail saying it’s canadapost.ca comes from server that’s not on that authorized list. Should that mail server reject the mail outright or should it just submit it to more intensive scrutiny, like an invasive virus scan.

Our mail servers here at Green-Light Communications look for an SPF record when receiving email, as many reputable mail provider do. When a domain owner does not publish an SPF we don’t have enough information to know when email coming from that domain is being sent illegally.

CanadaPost.ca, should publish an SPF record to protect its domain and to protect everyday netcitizens. This is a serious matter, canadapost.ca reputation has hijacked and used to help scammers steal peoples life savings. The cost to stop a re-occurrence is practically nil.

You, Canada Post, Government Corporation Extraordinary have a responsibility to act with diligence.

Keith Page
CIO, Green-Light Communications Inc.

Just wanted to give a sneak peak at the space we’re renovating to bring our team under one roof.  With studio space as it is in Nelson we’re going to renovating a good basement workshop, adding office space and making room for an open work area.

We’re slated to be fully completed and moved in by May 1st, 2010, before and after pictures will hopefully be posted shortly after.

Data presentation is critically important in todays world. Choosing the right graph for the right audience is an art that even I can’t say I’m master of. Even so this presentation of w3cschools.org’s browser stats for the last 7 years is impressively beauitful. Take a look.

On the heels of last nights surprise announcement from google. Hilary Clinton has called publicly for answers from China.

Surprised by the expediency of the reaction from the official channels of the US government? Don’t be, Eric Schmidt  a founder of Google was involved in the Obama Campaign, power and money  buy influence.

Regardless the next few days will prove to be interesting regardless. With the US Government involved we stand to hear alot more about the details of the infraction, details I would love to pour over . FOI will no doubt be flying by tomorrow morning.

The BBC  Tech blog has more translated Baidu’s response on it’s blog.

On Google Quitting China 2010-01-13 13:20

“Google claims it will quit China. What it’s proved is not what the Google fans have claimed, that Google is a ‘Human Rights fighter’. Just the contrary. It’s proved that Google is a hypocrite.

“What the Google Chief Legal Adviser said makes me sick. To quit for the sake of financial interest, then just say it. To beauty itself up and ostensibly mention that Google comes under attack by the Chinese, and that Gmail boxes of Chinese dissidents have been breached, and to use all these as a pretext for quitting China, such tone is insulting the intelligence of the ordinary Chinese people. However, it may well satisfy the imagination of those Westerners who have never been to China and understood nothing of China but still like to point fingers at China.

“Let’s put forward one supposition: Would Google top executives still proclaim that they would ‘do no evil’ and quit China, if Google has now taken 80% of China’s search market?

“The only feeling the whole episode has left me is nausea.”

So you want to do something simple like monitor your hard drives S.M.A.R.T status. You go to install the smartmontools package on Ubuntu and your prompted to install Postfix, and your faced with having to setup a mail relay, what a drag.

This is a simple walkthrough on the changes you need to make after Postfix is installed relay all mail generated on your system to an external mail server that requires SMTP Authentication.

When your prompted by the postfix package configuration choose Local Only, the wizard won’t let you setup authentication so we’re going to add the rest manually. Choosing Local Only will only create a basic main.cf for you. Once the install is complete do the following.

Assume Ubuntu 9.04

Add the following lines to /etc/postfix/main.cf

relayhost = [host3.green-light.ca]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Create a new file called /etc/postfix/sasl_passwd

[host3.green-light.ca]:587  user:password

Give that file proper permissions

sudo chown root:root /etc/postfix/sasl_passwd; sudo chmod 0600 /etc/postfix/sasl_passwd

Create the hash database from your sasl_passwd file.

sudo postmap hash:/etc/postfix/sasl_passwd

Reload postfix with your new settings

sudo postfix reload

Thunderbird turned 3 this month and has definitely matured. We’ve been recommending Thunderbird 2 for years and have been using the developer release of 3  internally for over a year now. It’s great!

If your using Outlook or god forbid Outlook Express (OE is a non stop virus smorgasbord, switch to anything else, today) you’ll want to download Thunderbird 3 and give it a try see the difference. It auto imports all your mail, contacts and settings for you during the setup. It does however take a different approach to “features”.  For instance, if you want a calendar visit the Mozilla Lightening Project to download the necessary add-on.

1. Download and install Thunderbird 3, run through the import wizard to get your mail, address book and settings from Outlook.
2. Visit the Mozilla Lightning Project in your favorite browser, from the nightly section choose which your Operating System, Right click and SAVE the lighning.xpi file to your desktop.
3. Going back to Thunderbird click Tools > Add-ons > Click the “install” button and select the lightning.xpi file.
4. Once the file is loaded you will be asked to restart, when Thunerbird is started back up you will have a calendar built right in.

If you would like an expert to help please call our support line @ 14036689184, support for Thunderbird is free for our hosting customers. For everyone else Remote Desktop Support is only $1.00 a minute, so take advantage of it. If it’s your a first time the first 10 minutes are free

Those of us who work in the Technology field daily see the value of mature Open Source projects every day. They are better designed, with tighter engineering and more robust frameworks and underpinnings.

The French Military seems to agree. When they encountered the need to build additional secure components for use internally Microsoft Outlook just didn’t cut it. I would assume their lack of transparency and the shear manageability of the Outlook/Office bloat had the French Military Software Engineers pulling their stockings up and running straight for the hills.

After branching their own version of Thunderbird into TrustedBird some of the advancements they made have worked their way back into Thunderbird 3, making it better for everyone.

If your using Thunderbird 2 today, you’ll most likely want to upgrade to 3.

1. From Thunderbird Click “Help” > “Check for Update…”  you’ll be prompted through the update process.

Google has opened up their OS project to developers. Clearly they’re not at a release stage since you have to download and compile the source code yourself. Come a year you might start seeing devices loaded with Chromium coming out the door of your local electronic shop.

This is however the  first peak at what Google is going to be offering, and it’s quite interesting I have to admit.  Instead of an outright assault on Microsoft and it OS, Google has instead decided to go after the Operating System as a Concept. They’re instead offering us a Browser with a built in Operating System.

Interesting enough Google has already said they won’t be releasing Chronium to the Consumer Public. You will only be able to obtain it through a Hardware Vendor,  pre-installed as an option on a purchased device. They are initially targeting the netbook market with this project.   It should be interesting to see what kind of traction this takes in with Mom and Grandma.