Misunderstanding Computers

Why do we insist on seeing the computer as a magic box for controlling other people?
人はどうしてコンピュータを、人を制する魔法の箱として考えたいのですか?
Why do we want so much to control others when we won't control ourselves?
どうしてそれほど、自分を制しないのに、人をコントロールしたいのですか?

Computer memory is just fancy paper, CPUs are just fancy pens with fancy erasers, and the network is just a fancy backyard fence.
コンピュータの記憶というものはただ改良した紙ですし、CPU 何て特長ある筆に特殊の消しゴムがついたものにすぎないし、ネットワークそのものは裏庭の塀が少し拡大されたものぐらいです。

(original post/元の投稿 -- defining computers site/コンピュータを定義しようのサイト)

Friday, July 29, 2016

SPAM: ROFL (Computer Memory iIs Fancy Paper, the CPU a Fancy Pen)

Clearing out my Unsolicited folder always gives me a few chuckles.

This one was a bit more than a chuckle:

Your Mailbox (debian-user@lists.debian.org) usage is above 100MB, prior to the general system update, CLICK HERE to Upgrade your E-mail account to avoid any blockage or deactivation.

NMSU Help desk
Copyright  2016 © New Mexico State University. All rights Reserved.
Why? you ask. What is so interesting about it? 

Here are the headers that Google shows for it when you ask for the simple display of the headers (the triangle beside the from name):


from:helpdesk@nmsu.edu <[****P]@csufresno.edu> via lists.debian.org 
to:debian-user@lists.debian.org
date:Thu, Jul 28, 2016 at 1:14 AM
subject:Mailbox is almost full
mailing list:debian-user@lists.debian.org Filter messages from this mailing list
mailed-by:lists.debian.org
encryption:Standard (TLS) Learn more


Wow! The general user mailing list for the Debian/Linux family of computer operating systems has a mailbox at New Mexico State University!

Oh, but wait. The "from" address is deliberately miss-labeled (spoofed). It claims to be the helpdesk at NMSU, but it's really a professor at Fresno State (California State University, Fresno)!

Why would a professor at Fresno State be working the help desk at NMSU? Or even pretending to be?

Beginning to see the humor here?

Let's get a better look at the headers. Over to the right of the upper reply button, there's another triangle for a pop-up menu. Click that, and select "Show original":



                                                                                                                                                                                                                                                              
Delivered-To: [****B]@gmail.com
Received: by 10.36.98.147 with SMTP id d141csp352457itc;
        Wed, 27 Jul 2016 08:36:20 -0700 (PDT)
X-Received: by 10.28.194.195 with SMTP id s186mr34931549wmf.48.1469633777622;
        Wed, 27 Jul 2016 08:36:17 -0700 (PDT)
[...]
Received-SPF: pass (google.com: manual fallback record for domain of bounce-debian-user=[****B]=gmail.com@lists.debian.org designates 2001:41b8:202:deb:216:36ff:fe40:4002 as permitted sender) client-ip=2001:41b8:202:deb:216:36ff:fe40:4002;
Authentication-Results: mx.google.com;
       spf=pass (google.com: manual fallback record for domain of bounce-debian-user=[****B]=gmail.com@lists.debian.org designates 2001:41b8:202:deb:216:36ff:fe40:4002 as permitted sender) smtp.mailfrom=bounce-debian-user=[****B]=gmail.com@lists.debian.org
[...]
Received: from [10.32.215.48] (unknown [197.211.57.1])
    by fresno-p02.merit.edu (Postfix) with ESMTPSA id AA5C670072A1
    for <debian-user@lists.debian.org>; Wed, 27 Jul 2016 11:13:22 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============1054991032=="
[...]
Resent-Date: Wed, 27 Jul 2016 15:36:11 +0000 (UTC)

You will not see this in a MIME-aware mail reader.
--===============1054991032==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body

Your Mailbox (debian-user@lists.debian.org) usage is above 100MB, prior to =
the general system update, CLICK HERE to Upgrade your E-mail account to avo=
id any blockage or deactivation.

 NMSU Help desk
Copyright  2016 =A9 New Mexico State University. All rights Reserved.

--===============1054991032==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body

<HTML><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3Diso-8859-1"/></head><BODY><P style=3D"WHITE-SPACE: normal; WORD-SPACING:=
 0px; TEXT-TRANSFORM: none; COLOR: rgb(34,34,34); FONT: small arial, sans-s=
erif; WIDOWS: 1; LETTER-SPACING: normal; TEXT-INDENT: 0px; -webkit-text-str=
oke-width: 0px"><SPAN style=3D"FONT-SIZE: 16px; FONT-FAMILY: calibri, arial=
, helvetica, sans-serif; COLOR: rgb(0,0,0); font-stretch: normal">Your&nbsp=
;Mailbox (debian-user@lists.debian.org) usage is above 100MB, prior to the =
general system update,&nbsp;</SPAN><A style=3D"FONT-SIZE: 16px; TEXT-DECORA=
TION: none; FONT-FAMILY: calibri, arial, helvetica, sans-serif; COLOR: rgb(=
17,85,204); font-stretch: normal" href=3D"http://akkartec.com/images/upgrad=
e/
" target=3D_blank>CLICK HERE</A><SPAN style=3D"FONT-SIZE: 16px; FONT-FAMI=
LY: calibri, arial, helvetica, sans-serif; COLOR: rgb(0,0,0); font-stretch:=
 normal">&nbsp;to Upgrade your E-mail account to avoid any blockage or deac=
tivation.</SPAN><BR style=3D"FONT-SIZE: 16px; FONT-FAMILY: calibri, arial, =
helvetica, sans-serif; COLOR: rgb(0,0,0); font-stretch: normal"></P>
<P style=3D"WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; C=
OLOR: rgb(34,34,34); FONT: small arial, sans-serif; WIDOWS: 1; LETTER-SPACI=
NG: normal; TEXT-INDENT: 0px; -webkit-text-stroke-width: 0px"><SPAN style=
=3D"FONT-SIZE: 16px; FONT-FAMILY: calibri, arial, helvetica, sans-serif; CO=
LOR: rgb(0,0,0); font-stretch: normal">NMSU Help desk<BR>Copyright &nbsp;</=
SPAN><SPAN style=3D"FONT-SIZE: 16px; FONT-FAMILY: calibri, arial, helvetica=
, sans-serif; COLOR: rgb(0,0,0)">2016</SPAN><SPAN style=3D"FONT-SIZE: 16px;=
 FONT-FAMILY: calibri, arial, helvetica, sans-serif; COLOR: rgb(0,0,0)">&nb=
sp;</SPAN><SPAN style=3D"FONT-SIZE: 16px; FONT-FAMILY: calibri, arial, helv=
etica, sans-serif; COLOR: rgb(0,0,0)">=A9 New Mexico State University. All =
rights Reserved.</SPAN></P></BODY></HTML>
--===============1054991032==--




I ripped out a bunch of stuff that gets in the way of seeing the interesting stuff, but it looks like (maybe) an open mail relay somewhere on merit.edu networks is picking up stuff from a bot or zombie-ized PC somewhere in the same network.

And the headers are very carefully crafted to sneak this through the SPF pseudo-validation system, but I clipped most of that. (You did know that SPF leaks like a sieve, right?)

I highlighted what appears to be the business end of this, a link to an "image" (probably not a benign image, at any rate) on akkartec.com.

Anyway, hi, Professor [Name Elided]. I am sure you are not working at NMSU's help desk. (I didn't really quite Roll On the Floor Laughing.) But it does raise an eyebrow.

And it allows me to show one example of why you should never trust e-mail without some good external reason to do so. (And maybe not even then.)


Rule for Safe Mail Use -- Don't Click the Linkies-linkies

This is the first rule that should be taught everyone using e-mail:

NEVER CLICK THE LINKS!

Who knows where that link leads to?

You want to believe it leads to where the mail message text says it does. Like, maybe to your bank or workplace.

The way links work, unless you know how to take precautions, you may never know where it took you to.

Here is a link to a Visible Link.

Here's what the above link looks like when you look at the HTML source:
<a href="http://real-link.bad/">Visible Link</a>
(I hope there is never a ".bad" top-level-domain. But then, your browser might decide to add ".com" to it, too. Browsers really should not do that. Oh, yeah, I left out the target declaration, so it is a little easier to look at.)

That link could take your web browser to they guys who want to steal your money from your bank

Or it could take you to a rogue server put together by your worst nightmare competitors to steal your company secrets.

Did you click the links?

Did you look at the error messages and the URLs in your browser window? (You haven't given your browser permission to hide the URL, have you?)

Not that rogue html code isn't able to overwrite what's in the URL field, anyway. (What? it can? Woops. That's right. It can. Oh, dear.)

I guess you should never let anyone you don't trust write you an e-mail message in anything but plain text.
 
======

Yes, it's an inconvenient rule. 

Wearing clothes when you leave the house may sometimes feel like an inconvenient rule, too. Or refraining from sex with complete strangers, if you want a better metaphor.

======

There was a time when it was a rule for banks and financial institutions to never put links in e-mail. Unfortunately, convenience won out and practically "everybody" is doing it these days.

So, what should you do?

One thing that might help, if you are not into trying to read e-mail raw source text:
  1. Right-click the link and copy it. (Select "copy URL" or "copy link" from the pop-up menu.)
  2. Launch a text editor.
  3. Paste the URL into the text editor and look at it. 
  4. Does it looks like it should? 
  5. If you don't know what the URL should look like, look up the company or bank with your favorite search engine (google, or whatever).
  6. If it looks like a valid URL, paste it into the URL field in your web browser, and hit enter.
Here are some typical URLs, for reference:
  • web.mit.edu  Massachusetts Institute of Technolgy's main pages
  • home.byu.edu/home  Brigham Young University's front door
  • www.citi.com  Citibank's primary pages
  • www.paypal.com  Pay Pal's primary pages
But you shouldn't take my word for it. (My information might become old. Or, hey, unless you know me, you have no guarantee that I am not deliberately lying about those.)

Look up the companies you work with. Pay attention to their URLs.

And never directly click the links in e-mail.

[JMR201704211122: addendum]

There are other problems with URLS that I didn't discuss above. You will want to read this, as well: