To our customers,

At Apple, we strive to make world-class products that deliver the best experience possible to our customers. With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.

We launched Maps initially with the first version of iOS. As time progressed, we have wanted to provided our customers with even better Maps including features such as turn-by-turn directions, voice integration, Flyover and vector-based maps. In order to do this, we had to create a new version of Maps from the ground up.

There are already more than 100 million iOS devices using the new Apple Maps, with more and more joining us every day. In just over a week, iOS users with the new Maps have already searched for nearly half a billion locations. The more our customers use our Maps the better it will get and we greatly appreciate all of the feedback we have received from you.

While we’re improving Maps, you can try alternatives by downloading map apps from the App Store like Bing, MapQuest and Waze, or use Google or Nokia maps by going to their websites and creating an icon on your home screen to their web app.

Everything we do at Apple is aimed at making our products the best in the world. We know that you expect that from us, and we will keep working non-stop until Maps lives up to the same incredibly high standard.

Tim Cook Steve Jobs
Apple’s CEO

tl;dr: I love your idea. I want to hear about your idea. Please, do not interpret this post as me stifling your idea. But an idea without a commitment to execution is useless… at best an interesting conversation over a beer or a coffee. Don’t let that be your idea. Commit yourself to executing well.

Your idea sucks.

It’s just not that great.

I’m sorry.

Someone, somewhere has already had it, and someone, somewhere is probably already working on it.

Most VC firms and angels WILL NOT SIGN AN NDA until a term sheet is seriously being considered.

Why?

Because they’ve already heard your idea that day, and they don’t want to give you the ability to come after them legally when they fund the other guy and not you.

Ideas are fun. I love them. I really, really, really love them… But if the pursuit of ideas comes at the expense of a commitment to execution you have ceased being an entrepreneur. You are a hobbyist.

Entrepreneurship is about actualising ideas into successful enterprises. For an enterprise to be successful it needs to be self sustaining, otherwise the enterprise (and thus the underpinning idea) will fail. Don’t be that guy/girl.

Some thoughts:

• Get a partner. Don’t do it on your own. Note: As a general rule, single founder start-ups DO NOT get funded. That’s because they are riskier. Ponder this.
• Make a plan. Not a big, long, scary business plan that ties you down and stifles your ability to be creative or pivot, but at least one that marks out your next waypoint.
• Work on one, maximum two, start-ups at a time. This is key, and probably the thing I find hardest. If you are working on two, make sure that they are in the same domain and can cross-pollinate.
• Seek out people who’ve MADE IT and buy them lunch. Not people with ideas. People who have achieved the end game you’re aiming for – successful exit, successful lifestyle business, disrupted market, successful social/altruistic enterprise, etc. Listen to them. Accept their criticism. Stay close to them
• Commit to excellence. Lean is good, but don’t ship shit. The marketplace has started to wise up to this whole “trick ‘em into being test guinea pigs” thing. Make it good or stop. (To be fair, you can probably get away with ignoring this one… It’s more of a personal ethic. Note the use of “probably”.)
• Make yourself accountable. Ideally to your business partner, but also to your spouse,  significant other, best friend, etc. Keep them close to what you are doing. Let them tap you on the shoulder if they think you’ve lost your vision (I hate this, but it’s key).

Thoughts?

First impressions on iPhone 5:

• Fast. Like really, really fast. Super fluid and responsive. Apps open instantly.
• Taller, thinner and lighter. It’s actually a bit awkward and foreign handling one for the first time, but you get used to it very quickly.
• Lightning connector is SUPER fast. I copied 12 albums from my laptop in to the iPhone 5 in 30 seconds or so. It used to take several minutes.
• The new earphones are awesome. Really good. Comfortable, stable in the ear, and the response is fantastic top to bottom.
• Do Not Disturb is set to become a heavily used feature on my iPhone 5.
• Increased Privacy options. I’ll delve into these a bit more and blog it separately, but I like what Apple have done here. The options focus on ensuring users understand what applications are doing with your data. Notably absent in Mail (I’m not sure about the developer API for email…).
• iOS 6 maps are as bad as everyone says they are. I’m looking forward to version 2, or Google bringing out the iOS 3rd party version of their maps app (not holding my breath for this though… Apple and Google are kind of arch rivals now).
• 3D maps are neat but useless in my opinion. Tracking and guessing on location searches (e.g. Red Square… C’mon…) is pretty poor.
• There is enough difference between iOS 5 and iOS 6 to make the user experience a bit junted…

So, there you go. Should you get one?

• If you’re in the middle of a contract you’d need to pay out in order to upgrade – No, not worth it.
• If you have a working iPhone 4 or 4S that’s got life left in it – No, wait a few months for Apple to iron out any hardware bugs. As a rule, this is how I usually purchase technology… let the early adopters beta test the product and then go for it once the initial broken things are sorted. I broke that rule this time around because I lost my iPhone 4 about a month and a half ago.
• Otherwise, yes – Go for it. So far I’m quite happy with it, and I’m not easily impressed by gadgets.

Overall I’m very happy with it – It’s a very nicely designed phone – but to be honest, had I not been at the end of my mobile contract, I probably would have stuck with my iPhone 4 for longer. In the end the timing was just right.

What do you think of the iPhone 5?

Can anyone tell me How To Disconnect On LinkedIn?

I get the feeling that LinkedIn make it deliberately difficult to find, which sort of makes sense… A bigger and better connected social graph means more people within your “three degrees of separation” which roughly equates to a higher perceived value…

Right? Probably…

From issues of verbosity, to disagreement, to flat out not wanting to be professionally associated with a person anymore – There are lots of reasons one might want to disconnect from a fellow LinkedIn user. I can tell you now that the “normal” method via the LinkedIn website requires patience, a map, and an iron will.

Here’s the easier way:

1. Make sure you’re logged into LinkedIn.
2. View the profile of the person from which you wish to part company. Your URL bar should look something like the picture below. The arrow is pointing to the spot where the LinkedIn ID should be (I’ve removed the ID to protect the innocent).
   

   How To Disconnect On LinkedIn

3. Paste their LinkedIn ID into the following link – replacing the “000000000″: http://www.linkedin.com/connections?breakConnections=&connectionChooser=000000000
4. Click enter on the link and you’re done!

That’s How To Disconnect On LinkedIn. Leave a comment if this helps.

Scam text:

With almost $70 billion revenue in 2011, we at Target have decided to give away Free Vouchers to our loyal customers.

How does this work? Follow these steps:

Step 1: Click on “Join” at the top of the page.
… …
Step 2: Click “Invite Friends” at the top of the page and select your friends and click SUBMIT. Voucher Price depends upon amount of friends you invite.

Invite 50 Friends = $50 Voucher
Invite 100 Friends = $75 Voucher
Invite 200 Friends = $100 Voucher
Invite 500 Friends = $250 Voucher

[NOTE: To select friends faster, press TAB and SPACE repeatedly.]

Step 3 : http:// bit.ly/ LLYkRh < Go here after completing above two steps to get your Gift Card

Some interesting stats:

• Since I first started looking at the scam about 30 minutes ago the number of attendees to the fake event has gone from 60 to 250.
• More interestingly, in this time the number of people invited by those who’ve fallen for the scam has jumped from 3,000 to over 15,000.
• The click rate on the “take page” (i.e. the page when the scammers actually start to make some money) is has roughly tracked Australian AEST working hours. I’ve included a picture below.

• 

  Targets Voucher Giveaway (Limited Offer) – Clicks to the take page of the scam.

• 53% of clicks to the “take page” are from Australia, indicating that the scam was seeded here.

• 

  Targets Voucher Giveaway (Limited Offer) – Click geography breakdown

I’ll update this post as I find out more.

UPDATE 1pm AEST: There are now 412 going to the “event” and 18,090 invited to the “event”.

UPDATE 1.05pm AEST: Tracing back through the bit.ly link indicates that this guy http://bitly.com/u/jeress is the one who first shortened the link to the “take page”.

UPDATE 2pm AEST: There are now 919 going to the “event” and 34,462 invited to the “event”.

This part of the hoax turns out to be fairly benign. Clicking the link will take you to a Facebook community page which has been set up. That’s it.

There were no surveys or download with this particular hoax when we went through it… That said, once you “Like” a Facebook page you give the owner of that page the ability to contact you so there is always the possibility that this may evolve over time.

Have you seen any other version of this scam? Share them on the Scamvids.com Facebook page or in the comments below and we’ll check them out.

NOTE: We do NOT recommend following scams or hoaxes to find out where they lead unless you are a security professional working in a controlled environment.

I recommend doing it a few times. This is the proper way to deal with this issue.

Now… for those of you who are the “direct action” type…

Here’s a few things I’ve noticed about the recent SMS scam circulating Australia (and I’ve no doubt the world)…

• The domain hosting the initial spam SMS link has always been recently registered – The Macbook Air SMS spam domain used today in Australia was bkadn.com which was registered on the 22 May 2012.
• The domains are registered with privacy enabled – bkadn.com was protected by protecteddomainservices.com.
• The domain is difficult to link to the legitimate content provider with whom a victim ends up signing up – In todays case the content provider was Yamoja aka Txt-services.com aka TMG.
• The Terms & Conditions used by the Yamoja appear legally discouraging enough to dissuade telcos from pursuing a refund.
• Txt-services.com, which is either the same as or a service provider to Yamoja, reference two service desk numbers in the Yamoja signup page Terms & Conditions - 1800057154 and 1300650521 – and a service email address of support@txt-services.com.

So, based on what we can find out, a few reasonably strong presumptions can be made…

• The financial motive for the SMS spam campaign is an affiliate payment or other kickback from Yamoja to the spammer – otherwise there would be no spam.
• Whoever has this SMS spam campaign set up WOULD KNOW that it’s illegal – otherwise it’s less likely they’d use a nonsensical domain name registered 2 weeks ago with privacy protection…
• Yamoja would DEFINITELY KNOW that it’s illegal but, I assume, still pay the spammer – otherwise the spam would stop.
• Despite the implications of this hypothesis, Yamoja have taken efforts to run a legally defensible business – they can’t be proven as the ones directly responsible for running the campaign and have T&C’s set up to protect their take.
• If Txt-services.com is a service provider to Yamoja then they PROBABLY KNOW that all of this dodgy-ness is going… OR DO THEY?

So how do we either…

1. Get Txt-services.com’s attention that illegal, intrusive and predatory spamming is going on or
2. Reduce the profitability of the scam to the point where they are forced to reconsider if paying dodgy affiliates is a good idea…?

AN IDEA…

Their support number, 1800057154, is a toll-free number. This means that THEY PAY FOR THE CALL. If it’s long distance THEY PAY A BIT MORE. Their other support number, 1300650521, is partial pay… i.e. THEY PAY FOR SOME OF THE CALL.

• Call either of the two numbers between 9 and 5 AEST and ask for an operator. Complain about the spam you and you friends have been receiving. Tell them their little SMS scam is all over the Internet. Keep the operator on the line for as long as possible. The goal is to stretch out the call as long as possible and INCREASE THE COST of being the named support channel for this scam.
• When the call ends pick up the phone and call again.
• Lather rinse repeat.

They make $10 a month off every person scammed by these SMS messages… I reckon it would not be too hard to at least make them pay some attention.

The scammer’s endgame is for you to subscribe to a premium SMS service with wallpapers, ringtones and such… Except they tell you that you’re going in the draw for a Macbook Air. Is there a Macbook Air draw? There could be… Except they DON’T tell you that they’ll charge you $10 a week for their content until you opt-out. Don’t know how to opt out? Not their problem…

The URL they are asking people to visit is http://www.apple.com.au.bkadn.com. Note how it LOOKS like an Apple URL… That last part is behind a dot, but a dot is the same as a slash, right? (Answer: No. Very much no.)

Also interesting – if the URL is visited with a non-mobile browser, redirects you to survey and ad sites. Nice to see the scammers covering all of their bases.

Here’s a video walkthrough of the scam through the trusty iPhone simulator:

Here’s the fine print of the scam:

Subscription, 2msgs/wk, $10/wk + $5 to join Cancel: text STOP to 194422, Helpdesk: 1800057154 Data fees may apply
YAMOJA content includes 4 games, 4 ringtones, 4 wallpapers, 4 funny sounds and 1 fun quiz | Age: 15+ only – Persons under the age of 18 years must ask for bill payer’s permission before using this service | Competition ends: 30-06-2012, Prize draw: 01-07-2012 | This service operates according to the Australian code of conduct for SMS services. By sending a sms to 194422, you acknowledge that you have read and understood and agree to be bound by these ‘Terms & Conditions’.

 

Notice that the STOP number in the above text (194422) is A DIFFERENT NUMBER to the STOP number in the below text (194433). Mistake? On purpose? Not sure… But it looks suss.

Contact & FAQs Yamoja is a service of TMG 1 B.V. Address: Singel 540, 1017 AZ Amsterdam, The Netherlands 1. How to enter this service To subscribe to the service send the service keyword to the shortcode. You will then receive a free message explaining the price and frequency of the service and a description of how to opt out of the service.  Once subscribed to the service you will then receive mobile content messages at a subscription charge of $10/week plus $5 one off joining fee. 2. I did not send the keyword of the service after filling in my mobile number. Please send the keyword to the service number in order to activate your subscription. 3. What are the costs of the subscription service? This is a subscription-based mobile content service. You will be charged a $5 one off joining fee plus $10 per week incl. GST The costs will be charged directly to your mobile phone account as you send and receive each SMS text message. For further details, please read the full Terms & Conditions listed on this website. 4. How do I unsubscribe from the service? There are three ways to stop the service: 1: Via text/sms: You can opt-out at any time by sending ‘STOP’ to 194433. You will be unsubscribed immediately. 2: Via e-mail: You can send an e-mail containing the mobile number that needs to be unsubscribed to support@txt-services.com. You will be unsubscribed within 24-hours (between business hours, otherwise on Monday after the weekend). 3: Via telephone: You can call the live help line number 1300 650 521 (standard rate, during business hours). You will be unsubscribed within 24-hours (on business days). 4: Via the unsubscription form 5. How long will I be subscribed? This is a subscription service. You can end this subscription at any time by sending STOP to 194433. 6. I have never subscribed myself to your service, but I do receive text messages. The only way to subscribe to our service, is by sending in a confirmation text message to 194433. After you have confirmed your subscription, the service will be activated. 7. According to which legislation do you work? This is a premium text service, and is regulated via the Premium Services Determination of the Australian Communications and Media Authority. 8. I receive Spam, how can I stop this? Yamoja does not send out emails. Our affiliate networks refer to our products in their promotional material, which are distributed through various mediums including email. If you have signed up with such a network to receive promotional material via email, you could therefore receive a Yamoja offer. If you do not wish to receive these emails, you should contact the sender of the email and state your request. In most cases, there will be an unsubscription button within these emails that will allow you to block further communication from a particular party. Alternatively, you can block the sender of this email with a function within your own email application (Hotmail, Outlook, Gmail etc). 9. How can I stop pop-ups? Some computer software is offered free of charge and comes with integrated advertising. Such advertising allow the software developers to offer the software for free, and can be present in many applications including download accelerators, weather forecast tools, and music download applications. Our affiliate networks can promote Yamoja services via these applications, which will appear as a pop-up in screen. Also, some websites generate their own pop-ups. Most of the time, this is done to enable them to continue to offer their products/information free of charge. Your can compare this situation to free to air television, where commercials are broadcasted during shows to cover the cost of broadcasting those shows. Pop-ups are harmless and can be closed in the same way as every other window. If however, you wish to stop these pop-ups, you can either uninstall the application causing them, or install a pop-up blocker such as AdAware. 10. Contact If you have any further questions, please contact us. The best way to contact us is via email. The e-mail address for 194433 services is: support@txt-services.com Alternatively, you can call us on our helpline on: 1300 650 521. Please don’t forget to mention your mobile phone number.

Let it be said first up that I think this site is awesome. I lol’d hard, visited it again, lol’d hard again, and so on.

As one of the guys behind http://rdpcheck.com (a legit site and I suspect one of the butts of the joke made by MySQLCheck) I’d like to offer a brief counterpoint… I’m going to assume that this post will mostly get read by security folks so that is my intended audience (although I encourage your to read on even if you’re not…):

Here’s the deal… If your daemon/service/vulnerable-thingy is exposed to the public Internet the bad guys and their evil bots already know it’s there.

If for some reason the bad guys don’t know its there they are able to (and going to, especially after a juicy vulnerability like CVE-2012-2122 comes out) find it – and that without going to the hassle of building a malicious “test-thyself” website to harvest details. Sure, there is extra data that can be harvested and used to prfioritize targeting (think: a correlated .mil email with a vulnerability might receive special attention), but with it comes the extra effort of the build and a greatly multiplied risk of being caught.

There are much quicker way to collect targets… and you’ve saved yourself the hassle of marketing your damn website which you’ve built but no-one seems to be visiting.

If you have MySQL open to the public Internet you’ve automatically failed Infrastructure Security 101 and by extension you are likely not to fare too well in Patching 101.  If, as an admin, you hear about a bug like this and your first response is to visit an untrusted third party website that you saw someone tweet about to assess your security posture then you are probably in need of some help… Right?

That’s why I think these types of self-serve security audit sites are useful and have their place for ‘getting the word out to the admin who has no idea how big his problem is’.

These sites generate publicity around an issue that would otherwise stay inside the security echo chamber… mostly because they offer something for nothing (which, not coincidentally, is the same social phenomenon that scammers have learnt to leverage with great effect).

THAT SAID… I absolutely agree with Mark that there needs to be a better way to get this information into the hands of people who need it. RDPCheck was helped along with ‘attributed trust’ from the the spruiking it got from the tech media in .au and some reasonably credible Twitter types – but the simple fact is we could have been doing ANYTHING with that data…

Food for thought. Any suggestions on how to better this are welcomed.

Trackback: http://blog.offensivecoder.com/2012/06/11/mysqlcheck-com-its-so-wrong-but-so-right/

UPDATE 18th JUNE 2012: I’ve posted a new video and walkthrough of the current Macbook Air scam going around in Australia here and some ideas on how citizens can combat the scammers here.

This one comes courtesy of my mum who received this SMS message today, became suspicious, and forwarded it through to me.

Congratulations! You are Australia’s WINNER OF THE DAY! Go to http://www.apple.au.mobilegiveawayinsanity.com to claim your prize. Must claim within 24 hrs.

Sure enough, it is a Premium SMS scam. I ran through the scam on an iPhone simulator and recorded it for your curiosity abatement.

The message was sent from +1 (516) 448-0749, which is probably some poor schmuck’s internet enabled PABX that has been compromised – they’re in for a bad time when the phone bill rolls around next month.

Here’s the breakdown:

• If you visit the link via an iPhone or other mobile platform it will take you through to an iPhone 4S giveaway page.
• There you will be asked for your mobile phone number.
• If you provide your number a confirmation message will be sent to your mobile.
• If you respond to this message you’ll “go in the draw” for an iPhone 4S.

The bit that gets left to the fine print is that you’ll ALSO be subscribed to a premium SMS service for an initial charge of $13.20 then $13.20 every 2 days until you opt-out. Note that when you get to the “ooo shiny free iPhone” screen these details are conveniently hidden from view…

Here is said fine print…

© 2012 WOW Interactive all rights reserved Terms & Conditions, Info & Costs and Privacy Policy * Terms and conditions: By signing up for this service and replying with a confirmation message sent to your mobile handset, you acknowledge that you are subscribing to our service. Telstra, Optus, Vodafone and Virgin users will receive billed messages from 19712121 every 2 days. Hutchison users will receive billed messages from 19712121 every 7 days. By opting in, Telstra, Optus, Vodafone and Virgin users agree to join a subscription service charged at $13.20 every 2days + $13.20 to join. 25c per message sent. Hutchinson users will be charged $13.20 every 7 days + $13.20 to join.. Data charges may apply based on the mobile plan. Please check with the carriers for data charges. You may stop this subscription and optout from marketing messages send stop to 19900321 or 19712121. Alternatively you can call the Helpline number 1300366702. You must be the owner of this device and be at least 18 years old. Standard/other text messaging rates may apply. Service promoted by WOW Interactive.Please check if your handset is Compatible before subscribing.

Note that the monthly cost of this service works out to be about $211.20… You might as well sign up for a new iPhone on a mobile plan like normal people…

Crooks. Trying to scam my mum with this bollocks.

IF THIS IS HELPFUL TO YOU PLEASE SHARE AND LIKE THE VIDEO AND THE POST. IT HELPS GET THE WORD OUT. THANKS!