Michaels’, a large arts and crafts retailer in the US, may have been the victim to unknown hackers.

The company has published a warning to customers that it might have experienced a “data security attack”, raising concerns that the retailer is yet another victim in a long line of retailers that suffered a major data breech recently, following Neiman Marcus and Target. It is believed that all of these retailers become casualties to RAM-scraping malware targeting point-of-sale machines (also known as POS or cash registers).

A PDF statement linked from the homepage of the Michaels’ website warns of “possible fraudulent behaviour” seen on credit cards used by customers at the store.

If you shopped at Michaels, keep a close eye on your credit card statements and follow up on any suspected unauthorised transactions. The company says it will offer identity protection and credit monitoring services at no cost to any customer at risk.

It’s bad news for Michaels as well as its customers, as questions will be asked as to whether the company learnt any lessons after suffering a damaging attack at its cash registers a couple of years ago. Back in 2011, the retailer replaced thousands of PIN pads used by customers to type in their secret codes when making purchases, after it was discovered hackers had replaced them at a small number of stores. That security breach resulted in the theft of about 94,000 payment card details.

Michaels said federal investigators and an outside forensics firm were investigating to determine if there had been a breach. The company said it decided to warn the public and launch a probe into the matter after hearing that there had been an increase in fraud involving cards of customers who had shopped at its stores. Currently there are no figures for how many cards may have been put at risk by the latest security incident, but it would seem prudent for all Michaels customers to be on their guard.

For more details of the possible data breach at Michaels, check out this post by Brian Krebs.

  • Filed under: Security
  • Chrome bug

    Tal Ater, an Israeli developer may have exposed an exploit that allows attackers to listen to your conversations – And “listen” means literally listening to the audio around your computer via it’s microphone. This means that any desktop running Chrome can be compromised by the exploit which lets malicious sites turn Google Chrome into a listening device, one that can record anything said in your office or your home, as long as Chrome is still running.

    Tal writes “I discovered this exploit while working on annyang, a popular JavaScript Speech Recognition library. My work has allowed me the insight to find multiple bugs in Chrome, and to come up with this exploit which combines all of them together. Wanting speech recognition to succeed, I of course decided to do the right thing… I reported this exploit to Google’s security team in private on September 13. By September 19, their engineers have identified the bugs and suggested fixes.”

    The fix by Google’s engineers indeed solved the problem, but a month and a half later, Tal found that the fix wasn’t released to the general public. It was stuck “within the Standards group” and the status was “Nothing is decided yet.” – Four months passed since the exploit was fixed and Google is still waiting for the Standards group to agree on the best course of action. The problem is: our browsers are still vulnerable.

    To find out how the vulnerability works and see the exploit in action visit Tal Ater’s blog at:

  • 1 Comment
  • Filed under: Security
  • Lock your Windows transparently


    If you are security concious on any level, you probably lock your workstation at the office whenever you step away from it. For most, that means pressing CTR-ALT-DEL and clicking the “Lock this Computer” option or using the Windows logo key +L shortcut. And yet, for some, the standard Windows lock screen is too boring.

    For anyone who is bored by the standard Windows lock screen, there’s Clearlock – A windows utility that is solely used for locking your screen, without it appearing locked. It means that you are locking your screen without actually hiding what’s presented on it, regardless of the programs running at the time.

    This tiny Windows utility will lock your system by adding a transparent layer to your screen. This layer acts like a glass top so the underlying screen will be visible, but mouse movements or keyboard clicks get blocked. So anyone will be able to view what is happening on the screen, but can’t use it unless unlocked with the password. This utility may become handy if you are running presentation in a public place and you don’t want anyone to intervene or sabotage by using the keyboard or mouse.

    ClearLock comes as a small standalone executable. To use it, all you have to do is run it, set your password and click the ClearLock icon whenever you want to lock your screen. To reset your password, simply delete the .ini file that was created in the same folder.

    It’s important to remember, that though this utility is intended to lock the desktop’s screen, it is not a security application and probably can be bypassed easily (though I haven’t tried myself). So it is more useful in a home environments (around the children) or for short office break, and not for system holding important information in vulnerable environments.

    On setback of Clearlock is that it works only on the default screen, meaning, if you are running in a dual monitor set up, it will lock only the main one, and the secondary screen will stay open.

  • Filed under: Software
  • Disable Skype click to call in chrome logo

    I became annoyed with Skype’s click to call Chrome extension lately, not only because I never use it, but it feels very intrusive most times. The Skype Click and Call function highlights phone and contact numbers on webpages and emails, and a Skype call can be initiated by clicking the highlighted number. The situation got unbearable after a Skype upgrade, when Chrome started to freeze occasionally, obviously, the immediate suspect was Skype’s click to call function.

    Disable Skype click to call in chrome greyed out

    When I first turned to disable click to call in Chrome’s extension menu, to my surprise, the enable check box was checked and greyed out – No disabling possible. No matter how I played with Chrome, I couldn’t un-grey the enable check box, and it was impossible to disable the extension. Playing with Chrome, I realized this unnecessary extension and plug-in are taking up Chrome resources that have been ever climbing more and more. The solution had to be less conventional. As it turns out, click to call is an independent application and not merely a Skype chrome extension extending Skype’s functions.

    Disable Skype click to call in chrome - tasks

    So the easiest way to disable click to call is to uninstall it via Control Panel’s Add or Remove Programs. Well, not always. In some cases, during the uninstall process, the installer requires the user to close all Chrome windows even when they are all closed and no Chrome processes are running. To resolve that, we will need to disable Chrome’s applications running in the background, as follows:

    1. Open Chrome.
    2. Go to settings and click “Show advanced settings”, if it’s not already open.
    3. Scroll down to System section
    4. Uncheck the Continue running background apps when Google Chrome is closed check box.
    5. Exit chrome and make sure no Chrome process is running in the Task Manager.
    6. Try to uninstall Skype click to call again.

    Disable Skype click to call in chrome

    Once click to call is uninstalled, open Chrome’s settings again and enable the Continue running background apps when Google Chrome is closed check box again – It enables some pretty useful apps.

    I’m very disappointed (though not surprised) with Skype (Microsoft Skype Division) for this unsolicited stealth install of click to call.

    If following this uninstall you wish to re-enable the click-to-call function in Chrome, download and install the Click and Call plugin again separately.

    Daily Friction #375

    It’s been more than two years since the last Daily Friction, I’m not sure it’s going to be back in it’s old form, it’s certainly not going to be a daily post. But it’s back for now with new and interesting articles and information. Some of the articles in this particulate issue are somewhat old but nevertheless interesting.

    Read the rest of this entry »

  • Filed under: Daily Friction
  • Google Reader Logo

    Following up on yesterday’s post about various alternative RSS feed reading services to the shutting down Google Reader, it’s time to transfer all your feeds to the new service of your choice. If you didn’t choose a new service it’s high time to do so.

    You can add all your feeds one by one – but that will be tedious and unnecessary. Instead, you can transfer them from Google Reader (before it’s officially dead) by exporting it. It sounds complicated, but it’s not.

    • Go to the Reader’s settings window.
    • Choose the Import/Export tab
    • Select the option to download data through Takeout. And press the Create Archive button
    • It will start building a file with all your feeds. Let the compression finish.
    • Once it’s finished building, download the resulting .zip file
    • Open up the ZIP file you just downloaded. You will find an .xml file inside.
    • Import the .xml file to the feed reader you decided to go with.

    That’s it. You’re done!

    Google reader alternatives

    Google Reader Logo

    It was a bit of a surprise to hear Google’s announcement about the closure of the Google Reader service on July 1, 2013. It is surprising for two main reasons. First, It’s a very popular service and considered one of the more successful offerings of the entire Google plethora, and it’s the most popular RSS reader on the market, by a huge margin. Second, Google is not offering any alternative. Historically, Google closes down a service for one of two reasons, it’s either failing in popularity (by Google’s standards) or there is a different service which is either more advanced or already covering the same functionality with a clear and easy migration path. There were a few hints of a replacement of some form under Google+, but I haven’t seen any indication of it.

    Since the question of why Google is shutting down Reader is not fully answered, at the time RSS feeds are still popular and not going away any time soon, I would like to look at the available alternatives.

    Standard readers and aggregators:

    Cream (Paid):
    Platform: Mac
    If you’re a Mac user, Cream might be for you. Cream is a feature-rich feed reader, but what makes it special is that the application knows which stories are the best and most worthwhile reading and floats them to the top so you can go through them first.
    It offers one-click import from Google Reader, and its method for determining which articles and feeds are better suited for you is impressive: the application “learns” as you read, scan or ignore stories, within a particular feed or in general. That means that Cream not only pushes stories to the top but also entire feeds based on your actions.

    Platform: Windows
    FeedDemon is a windows only RSS reader which offers a high level of customization. In this application you can enable keyword triggers to send an alert when any of the set keywords appear in the feed, regardless of whether you’re subscribed to the feed they appear in. Another useful feature is podcasts subscriptions with automatic downloads to a specified directory where they can be listened to or transferred to your mobile device.

    Feedly Screen

    Platform: Firefox | Chrome | Safari | Androd | iOS | Web
    Feedly is a very popular reader and had many users long before Google announced it was shuttering Reader. It is both a browser add-on and an Android and iOS app. Feedly takes your feeds and presents them in a magazine-like view. It also has integrated sharing and integration features with many social networks. In addition to having a rich news suggestion algorithm that makes it easy to surface articles that you’ll find most interesting, it’s a rich social tool that lets you share stories with your friends and post them to your favorite social networks. Feedly has the ability to save stories for future reading, and offers layout choices that let you read the news in the manner you choose — whether it’s straight headlines from top to bottom, full articles, neatly arranged tiles, or images all laid out on a page.
    Currently, Feedly uses Google Reader as its backend and there is no word whether Google will be keeping the Reader APIs online for developers. As of yet, I don’t know if Google will break the functionality of third-party application when it integrates Reader with Google+. But Feedly are not waiting to find out as it is building a new syncing engine so it’s users can seamlessly continue using the service long after Google Reader turns off the lights.

    FeedsAnywhere Screen

    Platform: Web
    FeedsAnywhere is a browser-based reader, and while it doesn’t have a mobile app it does offer a website that is focused on the mobile user. It can handle a huge number of feeds pretty easily and has a smooth user experience. It can sync with Google Reader to get the user’s current feeds and allows the user to look at either single folders, a single feed, or all the feeds in one streamline. Setting up FeedsAnywhere is VERY simple. All you have to do is go to the FeedsAnywhere website and create an account. There are occasional quirks with the service, but it is a feature rich news reader.

    Flipboard Screen

    Platform: Android | iOS
    Flipboard is an immensely popular newsreader, and this is while not having any desktop or browser-based component. While Flipboard is considered mainly a newsreader and less useful RSS reader, it still have the capabilities and a very attractive and comfortable interface. Flipboard is an excellent option because it allows you to organize the articles you want to look at and then flip through it like a magazine. Flipboard presents you with an intuitive layout of your feeds and a few default news categories to browse. Touching a panel lets you browse through any of the default categories; touching and holding a panel lets you delete it and replace it with whatever RSS feed you might want. You can customize your Flipboard by browsing through several categories like News, Technology, Business, and Entertainment and more.

    Netvibes Screen

    Platform: Web
    Historically Netvibes was a refuge for long iGoogle users since apart from supporting RSS feeds, it is mainly a personalized homepage service, a fact that may deter some hardcore RSS users who are looking for the RSS reader to be a centric feature. Netvibes can become somewhat similar to Google Reader once you switch it out of the default widgets mode. The service has moved beyond Web page personalization to provide online dashboards and business intelligence to companies, but still allows consumers to create personalized Web pages while augmenting its free service with business-centric paid options, such as brand monitoring, analytics, and enterprise portal services. Basic accounts at Netvibes are free, and are all you really need to keep track of your feeds. You can take the suggested feeds they start you off with, or you can import your own via OPML. After choosing Netvibes as a replacement, importing the Reader OPML file into Netvibes is as simple as clicking “Add content” and then “Import.”

    NewsBlur Screen

    Platform: Web | Android | iOS
    NewsBlur has a well-built, beautiful, slick and fast-paced interface that’s somewhat similar to Google Reader, but with some additional bells and whistles that make using it a little more fun. For example, you can toggle the original view and display articles the way they show up on their respective sites, or read them the way they’re presented in their RSS feeds, or view them text-only to get rid of the images and other fluff. It has some social feature we’ve all got used to, you can share stories with friends, save them for future reading, star them, and start your own “blurblog” of featured stories you want to share.
    The bad news here is that there is a big restriction, free accounts are capped at 64 blogs, 10 stories at a time, and public sharing options. Premium users ($US24/year) can subscribe to as many sites as they want, get all the latest stories at one time, get faster site refreshes, and can share publicly or privately.

    PageFlakes Screen

    Platform: Web
    Remember the days when everyone went crazy about personalized home page? Pageflakes was one of the runner ups, having been beat out by the likes of iGoogle and Netvibes. PageFlakes is still around, and you can use it to subscribe and manage your RSS feeds.

    Platform: Linux
    Here’s something for the Linux crowd. There are many news readers that are pretty, with nice and slick layouts, good graphics, and pictures. And then there is Newsbeuter. This app isn’t old-school so much as it is a creative anachronism. It only works on Linux, and it only runs from the command line – Yes, good old fashioned Linux.

    Pulse Screen

    Platform: Web | Android | iOS
    Pulse is a news aggregator that has built in RSS capabilities with an intuitive interface for touch screens. News sites are laid out vertically so you can swipe up and down to the latest news from all sites quickly, or you can swipe horizontally to read more stories from the same site. It relies heavily on its own news filtering algorithms to help you find the stories that they think you’ll want to read. You can use it as a way to keep with latest news and stories from the blogs you already like. Your Pulse home screen is completely customizable, and you can easily save stories for later, share with friends, filter by category, and pick up where you left off on a new device without losing your place.

    Taptu Screen

    Platform: Web | Android | iOS
    Taptu gives you a visual interface for browsing news feeds and also lets you add your personal social network and RSS feeds for easy access. The app comes with several premade Taptu-curated news categories, but it’s very easy to set up your own categories with the feeds you already love. Build a stream from scratch using the Add Streams button, where you’ll find many suggested feeds from popular publications. You also can search by category, or simply perform a search to gather all the feeds that relate to a specific keyword.

    The Old Reader:
    The Old Reader is still in beta, but is designed to be an exact Google Reader replacement for. This does not intended to be a Google Reader copy but the older Google Reader that offered more tools for sharing and organization. The log in is done via Google or Facebook, and it is possible import your feeds from Google Reader or any other RSS service via OPML. The interface looks very much like Google Reader, complete with folders down the left side, your list of stories in the main pane, and one-click subscription to new feeds. You get all the same keyboard shortcuts, and even get the ability to follow other Old Reader users and share interesting stories, the way you used to be able to with Google Reader. There are no mobile apps yet, but the web version works well on mobile devices, and the developers behind it note that they are working on mobile versions of it, though there are Chrome and Safari extensions already available.

    Other options:

    Most web browsers have a built in RSS reader that allows you to follow up on feeds directly from the comfort of your familiar browser. There are plenty of plug-ins or extensions enabling this option in browsers that do not support it as part of their basic install. The disadvantage of this approach is the same as of a PC installed application, you can’t take the feeds with you and they will stay in the computer where the browser is installed.

    Google Currents Screen

    Google Currents:
    Platform: iOS | Android
    Google Currents was officially unveiled in December 2011 on both Android and iOS, and was framed as a sort of hybrid magazine viewer and RSS reader in one. Not many users used it when it started, and still today it has yet to gain widespread traction on either mobile platform. Regardless of its usage statistics, though, Google Currents is still useful, especially now that Google Reader will be going away.
    Similar to other news aggregators, Google Currents employs a magazine-style interface with large images and paginated posts. It may not be most intuitive, but it looks sleek and works well. It lets you subscribe to and download app-optimized editions of publications, and you can subscribe to any RSS-enabled sites you like, just like Google Reader. The problem here is, there is no knowing if Google will ever decide to shut this service down as well.

    TinyTinyRSS Screen

    Platform: Web | Android
    TinyTinyRSS is not exactly an RSS reader but rather self-hosted RSS service. It is a free open source self-hosted RSS reading platform that allows you to grab your feeds on any system, as long as you have a web host and you’re comfortable installing and setting it up. It also has a Tiny Tiny RSS Android app for comfortably accessing and reading your own feeds. With this hosted on your own web server you now it won’t shut down on you.

    Fortunately, Reader has always had the ability to export your RSS subscriptions and feed groups in the widely-accepted OPML format, which not only includes your feeds, but also your shared items, friends, likes, and starred items. To export your data from Reader, click the Cog button > Reader Settings > Import/Export. Make a backup of the OPML file while you’re at it, too. Now, pick one of the RSS reader replacements and import the OPML file.

    While Google Reader is not shutting down right now, there is still some time until July 1, which gives plenty of time for new options to emerge. Many of the popular apps will roll their own syncing agent and try to stay alive in a post Google Reader-universe. But it is important to remember grabbing your feeds before the shutdown date.

  • Filed under: Internet
  • Plug and play cloud from Nebula

    Nebula Logo

    Don’t you love it when you switch something on and it instantly works? No installation, no deployment, no mocking around with manuals or calling a consultant to help you set everything up. How about having your own private instantly on plug and play cloud? Ok, maybe not you and me, but any company that wishes to have their services on their own private cloud without needing the services of Amazon or Rackspace. This is exactly the solution Nebula are providing.

    Based in Mountain View, Calif., Nebula claims to have an answer for any company that has ever wanted to build its own private cloud system and not rely on outside vendors, may it be for security, privacy or other reasons. Their solution is called Nebula One. And the setup is very simple, actually, it’s as simple as it can get. Plug the servers into the Nebula One, then you turn it on, and it boots up cloud. That’s it. All of the provisioning and management that service providers charge customers for has been created on a hardware device. There are no services to buy, no consultants to pay to set it up, and no technical stuff to fuss around. “Turn on the power switch, and an hour later you have a petascale cloud running on your premise,” says Chris Kemp, CEO and founder of Nebula

    The Nebula One is a hardware device sitting at the top of a rack of servers. on the device’s back are 48 Ethernet ports to where you plug in your cloud server. It runs an operating system called Cosmos that grabs all the memory, CPU and storage capacity from every server in the rack and makes them part of a single cloud. It doesn’t matter who made the servers (Dell, Hewlett-Packard, IBM, or the corner shop down the road) or how much memory and storage each one has.

    Nebula’s technology is based on OpenStack, an open source cloud computing platform, designed by Anso Labs – A NASA startup. Not surprisingly many of Nebula’s team members came from Anso Labs, which was acquired by Rackspace. OpenStack consists of a series of interrelated projects that controls large pools of processing, storage, and networking resources shared between a pool of physical servers, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. OpenStack is free open source software released under the terms of the Apache License. The project is managed by the OpenStack Foundation, a non-profit corporate to promote, protect and empower OpenStack software and its community. Nebula is the only startup company that is a platinum member of the OpenStack Foundation, Others are IBM, HP, Rackspace, RedHat and AT&T, among others.

    With several high profile customers (Xerox among them) and investments from Kleiner Perkins, Highland Capital, and Comcast Ventures, Nebula is on the high road to the cloud.

  • Filed under: Corporate, Systems
  • Google Chrome may add audio indicators on tabs

    Ubuntu Logo

    We’re all familiar with the mystery sounds spurting out of our speakers just at the wrong time. Frantically, we try to locate the offending origin before attracting the attention of the sleeping baby/manager/partner/zombies outside the door. Most times, it ends up being one of our browser’s tabs, after opening several links in new tab windows.

    A new Chrome feature (Issue 12328027) may put an end to the heart attack inducing race to find the culprit. A feature being tried out in test versions of Chrome would place a visual indicator in each tab that is generating audio. It is already incorporated into the latest Chromium and Canary test builds for Chrome, giving it a decent shot of reaching the masses in the public Chrome releases.

    The feature is largely intended to help Chrome keep track of tabs that are actively being used for playing or recording audio, mostly in the background.

    There is no release date for this feature yet, but it is possible to follow up on the development. A short video presenting how the audio indicator should look like has been released as well.

  • Filed under: Internet, Software
  • Acrobat Reader Logo

    I’ve came across the mysterious message “file does not begin %PDF” when trying to open pdf files. What seems to be an enigmatic message, is actually a very simple one. It isn’t complaining about the file name, but about the contents of the file. PDF files will always start with %PDF, on the very first line. The Acrobat message means, in effect: “this is not a PDF file” so there is no way to display it. There isn’t much more Acrobat can do, but you may be able to work out why this is happening.

    - Check if the file is indeed a PDF file. Maybe it’s a different file saved with the pdf extension. Maybe Adobe Reader was mistakenly associated with a different file extension causing it to open a file of a different type. If the file isn’t a PDF file and Acrobat Reader is starting, (this can happen on both Mac and Windows) you will get the “file does not begin %PDF” message. Check whoever provided the file about it’s real content, don’t be fooled by the Acrobat icon.

    - Is this a PDF file you viewed in Microsoft Internet Explorer? If so, be careful when using the “save as” function to save a copy of the file. In many cases Internet Explorer will not save a copy but something useless instead. To save a PDF file in Internet Explorer, look at the page with the link (before or after viewing the PDF). Right click on the link, a menu will appear and from it select “save target as”. On the Mac, press and hold the mouse instead of right clicking.

    - Was this file e-mailed to you? Unfortunately, e-mail programs don’t always pass pdf file correctly. Sometimes attached PDF file are not sent correctly and a corrupted file is received. If you are using Windows, and the file was sent from a Mac, the file may be “binhexed”. You may try to play with your mail setting or ask the sender to compress the PDF document before sending it again.

    One of the solutions above should solve this issue. Essentially, this is a very simple message, Acrobat Reader is letting you know the file it’s trying to open, does not start with %PDF, which indicates a PDF file. If nothing of the above worked, you can try opening the file in a text editor and view the first few characters of the file yourself, it should look like this:

    PDF header

    PDF header

    If the file does start with %PDF and you still get the “file does not begin %PDF” error message, it might be a problem on the Adobe Acrobat side.

  • 1 Comment
  • Filed under: Software, Systems
  • Recent Comments