[Previous entry: "Your Bank Account, Your Liberties"] [Main Index] [Next entry: "Pop-ups and cookies and ads, oh my!"]

01/07/2004 Archived Entry: "more email scams"

I see that I've missed an anniversary: the GNU free-software project is now 20 years and 2 days old. Congratulations to Richard Stallman, who has seen his idealistic dream grow to become a driving force.

Security updates: Don't say I didn't warn you. Yesterday a new email scam was circulating. It turns out that it exploited the URL spoofing bug that I reported a few weeks ago. And now that vulnerability is being exploited by a phony "Microsoft" email. Aren't you glad you resolved this year not to click on links in email without verifying where they send you?

(This, incidentally, is one reason we send the ifeminists.com Insider Update -- including links -- in plain text format.)

As a rule, I never supply any credit card information, account information, or passwords to a site unless I have typed the URL myself or I have used my own bookmark to access the site. When I get an email ostensibly from eBay, I don't use the link they provide; I navigate to the site on my own. And I never click on a link with embedded percent signs (%). These are hexadecimal character codes -- an old dodge to conceal the "real" destination of a link, while purporting to go somewhere else. (One exception is the code %20 -- the space character -- which occasionally appears in a URL. This character by itself is harmless, though I do wish sites wouldn't use it. But watch out for strings like %72%69%70%6F%66%66%2E%63%6F%6D inside a URL.)

More security news: yet another "moderately critical" security flaw in Internet Explorer. This affects even the latest patched versions of IE. Secunia suggests three possible remedies; I like the third.

And a vulnerability has been found in all 2.2, 2.4, and 2.6 series Linux kernels. This allows a local user to get root privilege. This is not an Internet vulnerability, and shouldn't be a worry on single-user desktop systems.

As many predicted, the "You Can Spam" Act hasn't accomplished a thing; the flood of spam email continues unabated. But I'm pleased to report that, since changing over my email address, I've gone from receiving almost 300 spams a day to only about a dozen. These dozen are coming through my two email addresses that still appear on web pages. Someday I'll put those through an autoresponder and filter as well, but for now the problem is easily manageable with Mozilla's Bayesian filter. See? You can make a difference.

brad

Powered By Greymatter