Misunderstanding Computers

Why do we insist on seeing the computer as a magic box for controlling other people?
Why do we want so much to control others when we won't control ourselves?

Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
コンピュータの記憶というものはただ改良した紙ですし、CPU 何て特長ある筆に特殊の消しゴムがついたものにすぎないし、ネットワークそのものは裏庭の塀が少し拡大されたものぐらいです。

(original post/元の投稿 -- defining computers site/コンピュータを定義しようのサイト)

Thursday, October 20, 2016

People Can Write Pretty Much Anything in an E-mail Message

Remember that it doesn't take a lot of effort to write all sorts of lies in an e-mail message.

For example, I just got this e-mail message:
Molly Angel has shared OneDrive files with you. To view them, click the links or images below. 
My thoughts went something like this: 
OneDrive. Oh, yeah. Google's file sharing stuff that allows you to store thinggs on their servers and say who gets to look at them and download them. (Pushing the security feelings button.)

Cool. No, wait. Onedrive is not Google, Google's service is Google Drive.

Look up Onedrive. Onedrive is Microsoft's wannabee service.

And wait a minute. I don't know any Molly Angel. I know a song called "Johnny Angel" that Shelley Fabares made a hit record with. (Pushing the good feelings buttons, there.) But why would a Molly Angel be sharing files with me? (Very likely intending to push the prurient interest button, there.)
The first thing you should do when you receive a message from someone you don't know is doubt it. Doubt everything about it. Even if it gets through your mail filters, doubt it.

Especially if it seems to be trying to push your buttons, doubt it.

Look at the return address. mollyangel24@hotmail.com? Other than that I do not recognize the address, and the potential button pushing, not a lot of clues there.

Look at the subject. No subject. Unfortunately, a lot of my good friends fail to use the subject line any more. Sometimes I even forget. Not a lot of clues there.

Look at the "To:" line. Ah hah! Lots of addresses in there, several that have my first name in them. I know none of them. Several red flags here:
  • Sending to more than one address is convenient, but it exposes potentially private information.
  • Especially when it is people you don't know, it's exposing addresses people may not want you to know. Breech of internet courtesy.
  • Some of those have names in common with me. (icardjoel@something.2ld, etc.) 
Spammers used to put ten or twenty variations of one name in the To: field, to save money or time as they tried to find addresses of suckers, I suppose. Now it may be more of a ploy to fool your filters.

There are images in this. You don't allow images to be automatically displayed, do you?
  • First, if the images are naked or near-naked images, that's more button pushing. Get you excited enough that you forget your caution. 
  • Second, if the images are included in the message, sometimes (especially Microsoft's) mail browsers can get fooled into executing bad programs hidden in them -- virus, backdoor, trojan, keylogger, etc.
  • Third, if the image is a link to an image on some private server, the image can be monitored and, with clever tricks in the link, tell the sender that you looked at the image. If they were just guessing, they now know they have a live address that someone (you) might look at. And you didn't even click anything. (And then they send you more of this stuff.)
You can always enable images on a per-message basis if you know who sent them to you. Keep them disabled.

Unless you like to have people send you such things.

Are you that desperate for attention? That is not a good thing. If you are desperate for attention, you are going to do stupid and dangerous things.

Join a club, service organization, or even a church, where you can get face time with real people.

People you know can also do bad things to you, but they are less likely to do so. Getting to know people is an investment that they don't want to casually waste. Making new friends when they have a bad reputation gets hard for them, too.

Moving on, showing the source text for the message reveals more red flags.

The "To:" field actually does have something like fifty addresses in it.

You can see where the spammers are spoofing the dkim, spf, dmarc that are supposed to reassure you that the sender is valid.

(Of course that stuff is easy to spoof. You can write what you want in a header if you control the sending server.)

It also reveals some weaknesses in Microsoft's OneDrive.

The key to remember is that computers are just fancy paper and fancy pens. They person who controls the pen can write pretty much anything. Doubt first. Check.

Don't automatically display images.

Don't click on links unless you know the sender and are expecting him or her to send you a link, and then only if it's the kind of link you're expecting.

Other posts I've put up demonstrating the ways people try to fool you:

No comments:

Post a Comment