I got e-mail the other day from Turbotax saying someone had filed my taxes for me. Obviously a cause for concern, right? Here’s how I determined the message was fake in about three minutes. You can spot phishing e-mails with Outlook the same way.
Some people will tell you not to even open a message like this, but if you’re a computer professional, at some point someone is going to want you to prove the message was fake. I think this is something every e-mail administrator, desktop support professional, security professional, and frankly, every helpdesk professional ought to be able to do.
So here’s how you can get the proof. And generally speaking, Outlook 2010’s default configuration is paranoid enough that this procedure will be safe to do. If you want an extra layer of protection, make sure you have EMET installed and protecting Outlook.
The other day, this showed up in my e-mail:
A file change was detected on your system for site URL http://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am
A summary of the scan results is shown below:
The following files were removed from your host:
/var/www/wordpress/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
The following files were changed on your host:
/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
Login to your site to view the scan details.
I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.
The best ebooks site I’ve found, by far, is the archive at the University of Adelaide in Australia. The selection is outstanding, but the presentation is even better.
Steve Thomas, the curator, takes tremendous care to ensure Adelaide’s e-books display their best on any device. Most e-books, even commercial books, pay little to no attention to formatting, and the result all too often is books that are difficult to read.
Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.
That’s why Adobe is having a bad month.
In many security job interviews, the interviewer will ask about cross-site scripting, also known as XSS. Most descriptions of it are overly complex, however. The best description of it that I’ve ever heard is just five words long: Code execution in the browser.
That succinctly sums up the problem: You don’t want someone to be able to inject their code into your site.
Here’s some stuff I’ve found in recent weeks that I never got around to posting, so I’ll just round it all up briefly. Read more
Yesterday an interesting question popped up on Slashdot, asking for an alternative to a computer science degree for an aspiring web developer. He complained that what he’s learning in class doesn’t relate to what he wants to do in the field.
If you want to quickly and easily calculate the pixels per inch of a display, here’s a useful tool:
Microsoft is sniveling that mobile web sites are written with Webkit browsers in mind, because Webkit has 90% market share on tablets and phones.
For those who are over 30, the irony is nauseating. Read more
There’s a crazy rumor going around saying that the government didn’t do much of anything to create the Internet, and that private industry did it all.
I remember the Internet before the private sector got involved in it. I was there.