hertenberger.co.za

If you’ve ever wanted to get to SAP’s Service MarketPlace on the iPad, you’ll no doubt have been rather frustrated by the constant, repetitive requests for you to enter your user name and password. Whilst you may already have memorized your S-user ID, it’s unlikely you’ll take kindly to constant prompts to enter that and your password over and over again.

The same is true for a web browser on a desktop and the answer is simple: install the single sign-on certificate provided by SAP. You can find that on the Service MarketPlace by logging on and navigating to your profile. Download the certificate from there. It is likely that you’ll need to do this using Firefox on the Mac. Once downloaded and installed, restart the browser.

The default certificate needs to be exported for use by Safari, both on the Mac and iPad. The best way to do this is to use Firefox, navigate to Preferences. From there, select Advanced, then Encryption and click the View Certificates button.

Select the certificate, then click the Backup button. Enter a name and place to keep the exported certificate. Be sure to select PKCS12 as the format.

If you need to access SDN or Service MarketPlace using Safari, double-click the exported file and allow the content to be placed into your keychain. For use on the iPad, add the exported certificate file into a mail message and send it to an account you can access using your iPad. On the iPad, open the mail message.

Tap on the certificate embedded in the mail message. You will be prompted to install it.

Tap on Install and accept the message indicating the certificate’s status.

When prompted, enter the password for your S-user ID.

The profile should be installed now.

I recommend restarting Safari on the iPad and trying to log on to the Service MarketPlace again. You should find the convenience of the single sign on quite appealing.

Another one in the “good enough to believe” department. Take care not to click on this link, and if you do, DO NOT enter any of your Google account details.

The mail is purportedly sent from the Google accounts team, wishing to inform you that they will be doing some routine server maintenance.

The link provided in the mail looks valid, as does the sender account (Gmail Team) As with other scams of this kind, the frontend interface is increasingly sophisticated and copied from the actual Google accounts page.

The actual URL of the page points to supplyurdemand.com/catalog/images/gmail.services/Login.htm. Clicking on any of the links takes you to the actual Google link. Entering your account details will undoubtedly capture them in the database of the phisher an provide easy access to your mail and other private information. A test with a dummy account shows that you may not even know that you’ve been had: if your browser has stored the cookie associated with your last succesful logon to Google‘s mail, for example, you’ll simply be transferred there without a hitch. And none the wiser.

Again: never provide log on details regardless how convinced you may be that you should provide log on details for the benefit of any institution. If you haven’t changed your Google accounts password in some time, now’s a good time to do that. If you’ve accidentally fallen for this trick, you may be able to save yourself by having your password changed through actual verification with Google.

Simply because this has been running on CNN all day and I find it absolutely fascinating that the individual driving survived.

Apparently unscathed.

Here’s the link to the YouTube video.

Anything laying around for a while without receiving attention attracts grime and dust. In the world of the blog that kind of neglect implies digital dust. Digital dust is an outdated look, comments from spammers and ratings that have dropped.

Thankfully, the digital realm is reasonably easy to sort out. First off, I monitor all comments and mail messages that are sent here. In the past few months, I’ve simply not been in the mood to respond or mark them according to their status. Of all messages coming in, a huge percentage is obviously spam and is caught by Akismet. There are a number of comments that masquerade as something useful. Those make it into the comments queue, ready for tagging by web spiders and inclusion into search engine results. Those need to be marked individually and deleted.

First off, I helped out the ailing WordPress installation by updating it to the latest version, currently 3.0.1. It’s incredible how easy the entire upgrade process has become, not that it’s ever been hugely difficult. A single click in the dashboard view of WordPress is the only action required once a good backup of the database has been generated. Even the update of plug-ins is hugely simplified, requiring a single click to update all plug-ins that are presently installed and active.

As an aside, WordPress is still a fantastic platform regardless what advantages a solution like SquareSpace provides.

With the update out of the way, I had a look at some of the comments and incoming links. The banality of these surprises me every time I see them.

I spend little time worrying – click and mark as spam…

Last, but not least, is the installation of a new theme to at least make it seem as though things are once again happening. The design is of my own making and still requires quite a few tweaks and improvements.

And there we have it. Back up and running with new software, a new look and a cleaned-up comments queue.

The latest version of the popular blogging and content management platform, WordPress has been released. Version 2.9 is a significant update that introduces a fair number of interesting and useful features. Whilst much has been made of recent attacks against WordPress-based blogs, I’m still firmly of the opinion that WordPress is a great piece of software that performs incredibly well – not caring to update software should not be the basis of an argument against deficiencies that have been eradicated in newer versions. There’s little sympathy for those users of operating systems running afoul of virus attacks and bugs that have been sorted out in service packs or updates. The same should be true of all software. If a platform is important to you, you’ll make sure you keep it up to date for performance and accessibility reasons. That’s my point of view. As a last argument, the update procedure for WordPress is as simple as a single click in the newer versions – hardly requiring a huge amount of work or effort…

Back to Carmen. WordPress 2.9 introduces the following features that should make posting entries a bit easier and more convenient:

• global undo to provide a way of retrieving entries deleted by mistake
• a built-in image editor to crop, rotate and manipulate images directly in WordPress without the requirement for a desktop solution
  
• update of plugins by way of batch instead of individually

The software is available for download here, or should already be flagged as an update in your existing WordPress installation. I’ll need to back things up around here, then get going with the update. For a full list of fhe 500+ fixes and enhancements, see the WordPress blog.

The Google team has finally released a version of the Chrome browser for Mac and Linux. Chrome is lightweight and fast – that experience was previously the sole privilege of Windows users. With Chrome available on both Macintosh and Linux platforms, an addition to the existing fanbase may occur.

The greatest advantage of Chrome is its speed and its isolation of individual web pages to prevent a crash in one of them taking down content opened in other tabs.

In contrast to Firefox, Chrome is not yet burdened by users loading tons of extensions to perform a variety of tasks not necessarily related directly to web browsing. Extensions are available, but the primary reason for using Chrome is simply to enjoy fast, trouble-free browsing. Excellent support for Ajax, CSS 3 and HTML 5 mean good stability and, should I say it again, high speed. The import of bookmarks and assorted other settings is easy and quick – just be sure to shut down Firefox before attempting the import.

Get Google Chrome for the Mac here. The DMG file is roughly 19MB in size. If you’re running Linux, the installer may be downloaded here. Default support is provided for Debian, Ubuntu, Fedora and openSUSE.

I join a long list of Twitter users whose accounts have been compromised. In the past few hours, I have seemingly been recommending a source of cool ringtones to all and sundry.

Pardon the intrusion…my password has been set to a more secure one and I trust that’ll be the end of that.

Brief tip: if you need ringtones, make your own

With three big South African banks already the target of online phishing scams I’ve come across in my spam mail, Standard Bank rounds out the collection of four banks whose customers are requested to log in and update personal details.

Of the four scam sites I’ve seen, the spoof of the ABSA Internet banking site is without doubt the most convincing, with only the URL a giveaway. For the rest, it looks identical and would fool a vast majority of unwary users. The fake Standard Bank runs a close second, though some careless HTML breaks some of the design and damages some of the graphics on the site. For the rest, it looks very convincing.

The ridiculous URL, http://www.tigerbasketball.org/templates/madeyourweb/signonmenu.htm, relates in no way to Standard Bank and may indicate how brazen and confident scammers are becoming – it takes only a few victims to make a phishing attack worthwhile.

Attempting to dupe Internet banking users out of their account numbers, PIN numbers and passwords seems to have become the latest hotbed of criminal activity. The attempt to catch unsuspecting FNB customers seemed amateurish – the fake website looked just that: fake, and unlikely to be taken seriously. The ABSA scam had me convinced after I had a look at the exact replica of the actual ABSA Internet banking site hosted at an obviously wrong location. In that case, the URL was the only giveaway.

Now, I’ve received a request to log on to a fake Nedbank Internet banking site. Scammers are taking advantage of the fact that Nedbank has indicated that some changes will be made to the official site and that additional services will be offered soon. The fake site lives at this URL: http://netbankonlinebanking.9hz.com and looks similar to the actual site.

Curiously, Nedbank refers to its own Internet banking service as Netbank, which I don’t fully understand. In any case, at first glance the fake website is quite convincing and mimics the style and layout of the actual site very well. All it takes is the entry of the Profile ID, PIN and password – don’t simply click on links and enter any details before you haven’t verified that you’re on the site you’re intending to be.

Call the institution if you suspect that something is awry and check the URL carefully before you do anything.  At the time of writing, Firefox doesn’t yet block the URL as one that is dubious.

Google has quietly launched an interesting website related to all the services it provides. The Google dashboard shows a quick overview of all data associated with a Google account, all the way from GMail to the Google Calendar and including such services as Picasa. Basically, the dashboard is a springboard to all Google services you’re already using (and some you may have forgotten you signed up for). Summary information is displayed for the content those services contain and links are provided to quickly access the relevant information.

The page shows all of your data that Google is the custodian of. Scared yet? Time for a backup and a plan to fail-over to some other solutions in case Google ever goes pop, methinks…