April 19, 2017 · 5:35 am

Port Nine Papeete — Out Nanuu Bay and into the Pacific


Sailing into the Sun

The Crown Princess continued through Nanuu Bay and into the South Pacific Ocean for the return home, but not before I managed to snag a few more photos.  From this vantage we saw the slopes leading up to Mont Orohena beyond Papeete:

Protestant Church of Papeete

As noted on Monday we sailed past Pā’ōfa’i Gardens, and also had great views of Place Jacques Chirac:

Outriggers for rent

Pā’ōfa’i Gardens

Place Jacques Chirac

Beyond this area, with which we were already familiar, other heretofore unseen areas of Papeete came into view:

Plage Hōkūleʻa

Around this time I was stunned to see a magnificent wall of reflective glass that offered up a truly bizarre mosaic of the Crown Princess:

Reflections in a Glass Wall

Speeding to keep up with the Crown Princess was a delightfully colorful pilot boat and people paddling their outriggers:

Pilot Boat Approaches

Outriggers

A lone fishing boat headed out to sea alongside the Crown Princess toward open waters:

Fishing boat

Turning north away from Nanuu Bay and toward open water we passed Fa’a’ā International Airport’s Runway 04/22.  Here you can see an ATR-72 on landing rollout on Runway 04:

ATR-72 landing rollout at Fa’a’ā International Airport

Because of the lighting and numerous photo subjects this was one of the best sail-aways I’d yet experienced, but the best was right around the corner.  As we headed out to sea we were treated to a spectacular sunset, more of which you’ll seen on this week’s Fun Photo Friday:

Tahitian Sunset

2 Comments

Filed under Photography, R. Doug Wicker, travel, vacation

Tagged as , , , , , , , , , ,

April 18, 2017 · 5:06 pm

Readers Beware! — A particularly clever Phishing Attack


Now here’s a nifty little phishing attack that targeted me over a two-day period, and this one is both unique and, if you’re not careful, very effective.

On Monday my iPad informed me that I needed to log into my Apple ID account, which I attempted using my Apple ID and password.  That attempt was rewarded with an admonition, “This Apple ID has been locked for security reasons,” or something similar to that wording.  Apparently, someone attempted multiple logins with my Apple ID and an incorrect password, and Apple took the precaution of locking my account after too many such attempts.  I managed to log in my iPad using other contingencies employed by Apple.

It never occurred to me that the actual objective was not to break into my account, but rather to intentionally lock the account for the follow-up attack the next day.  Clever.

The next morning I received a security alert email from Apple advising me that my Apple ID account had been logged onto from an I.P. address from Indonesia.  Included in the email was a link to verify machines from which my account had recently been accessed.  I tapped the link and was taken to an HTTPS site with what appeared to be the Apple ID login page.  HTTPS normally means that you’re safe, right?  Well, not really.  It just means that the communications between your computer and that specific site are encrypted to discourage electronic “eavesdropping” of the conversation between the two computers.  Clever.

What I had failed to do was hover over the email link before clicking on it, which if I had would have revealed a bitsy URL link, meaning the real address was hidden behind a URL totally unrelated to Apple.  Not clever, but for some reason I fell for it.

At what appeared to be the Apple ID login screen I entered my Apple ID and password, but instead of being logged into my Apple ID account I was instead directed to another screen that asked for my name, address, and other information.  By now the phishing scum would have my Apple ID and the associated password, but I now was onto the game when the site also asked for credit card information, date of birth, Social Security Number (oh, come on now . . . really?), etc.

I immediately closed out that window, logged into my Apple ID account, and reset my password since I had just compromised my previous password.  I then reported as a phishing scam the offending email with the bogus link.

So, to recap, here’s how this rather ingenious phishing attack works using against Apple its requirement to pair the user’s Apple ID with a functioning email address:

  • Day 1:  The phisher obtains an email address and checks if that email address is linked to an existing Apple ID account
  • Once that link is established, the phisher intentionally makes numerous attempts to log into that Apple ID account until Apple freezes any further attempts
  • The account owner is now wary because, obviously, someone made multiple attempts to log into the account until it was locked; this sets up the user for the follow up email the next day
  • Day 2:  The phisher sends a “security warning” email that appears to be from Apple; the “warning” advises the account owner that his account has been logged into from a foreign I.P. address
  • The account owner then lets his suspicions from the previous day override his normal caution, and he “logs into” his Apple ID account through the bogus link supplied in the “security warning” email.
  • The phisher then captures the account owner’s password and, if the account owner continues to fall for the phishing attack, other even more critical personal information

This is by far the most sophisticated phishing attack I’ve yet seen, or at least it appears so to me because it’s the only one that’s ever duped me into revealing anything.  It’s an extremely fine piece of social engineering that uses a two-pronged con deliberately tailored to instill suspicion on Day 1 of the attack in order to override caution on Day 2 of the attack.

Do not fall for this attack.  Just because your Apple ID account was locked does not mean that the attacker managed to break in later.  Indeed, the chances are that he has not, and that your account is still secure.  Just report as a phishing scam the follow-up email and delete it.  If you’re paranoid after the initial Day 1 attack, just check your Apple ID account over the next several days and make sure you still have access.  If you do, the phisher has not taken over and changed your password to transfer to him control of your account.

Please help spread the word by linking this article to your friends and family members, as I suspect this is going to be the next big scam.

© 2017 R. Doug Wicker (RDougWicker.com)

Comments Off on Readers Beware! — A particularly clever Phishing Attack

Filed under R. Doug Wicker, Social Networking, Technology/New Stuff

Tagged as , , , ,

April 17, 2017 · 5:35 am

Port 9 Papeete — Sailing out of Nanuu Bay


Papeete

On November 5, 2015, the Crown Princess left our last port of call for the long voyage back to Los Angeles.  The time of day was perfect, not only for the front-lighted views of Papeete and Nanuu Bay, but also for the magnificent sunset you’ll see on Wednesday, and again on Friday.

Yachts of Nanuu Bay

Nanuu Bay’s marina offered up some really fun yachts to photograph, and the angle of the sun left shimmering reflections on those yachts dancing upon the water:

Nanuu Bay

Looking back into town we could see the Notre-Dame Cathedral of Papeete, and later the Protestant Church of Papeete:

Notre-Dame de Papeete and Nauu Bay

Protestant Church

We also sailed past Pā’ōfa’i Gardens, as well as that colorful Pā’ōfa’i Gardens-based outrigger rental business featured last week in some photo:

Pā’ōfa’i Gardens

Pā’ōfa’i Gardens

Also on display in the cooling afternoon breeze were people paddling about in outriggers:

Outriggers

We’ll continue our sail away on Wednesday, but until then here is today’s photo gallery and slide show:

Nanuu Bay
Yachts of Nanuu Bay
Nanuu Bay
Pā’ōfa’i Gardens
Yachts of Nanuu Bay

Comments Off on Port 9 Papeete — Sailing out of Nanuu Bay

Filed under Photography, R. Doug Wicker, travel, vacation

Tagged as , , , , , , , , , ,