Spot phishing e-mails with Outlook

I got e-mail the other day from Turbotax saying someone had filed my taxes for me. Obviously a cause for concern, right? Here’s how I determined the message was fake in about three minutes. You can spot phishing e-mails with Outlook the same way.

Some people will tell you not to even open a message like this, but if you’re a computer professional, at some point someone is going to want you to prove the message was fake. I think this is something every e-mail administrator, desktop support professional, security professional, and frankly, every helpdesk professional ought to be able to do.

So here’s how you can get the proof. And generally speaking, Outlook 2010’s default configuration is paranoid enough that this procedure will be safe to do. If you want an extra layer of protection, make sure you have EMET installed and protecting Outlook.

Read more

I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL http://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wordpress/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Read more

The best e-book site I’ve found

The best ebooks site I’ve found, by far, is the archive at the University of Adelaide in Australia. The selection is outstanding, but the presentation is even better.

Steve Thomas, the curator, takes tremendous care to ensure Adelaide’s e-books display their best on any device. Most e-books, even commercial books, pay little to no attention to formatting, and the result all too often is books that are difficult to read.

Read more

Expect a rough road ahead for Flash

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.

That’s why Adobe is having a bad month.

Read more

What cross-site scripting is and how to recognize it

In many security job interviews, the interviewer will ask about cross-site scripting, also known as XSS. Most descriptions of it are overly complex, however. The best description of it that I’ve ever heard is just five words long: Code execution in the browser.

That succinctly sums up the problem: You don’t want someone to be able to inject their code into your site.

Read more

How to maximize a Computer Science degree

Yesterday an interesting question popped up on Slashdot, asking for an alternative to a computer science degree for an aspiring web developer. He complained that what he’s learning in class doesn’t relate to what he wants to do in the field.

Assuming that by “web developer” he means someone who can code stuff in ASP and/or PHP with a database backend and do stuff in Javascript–as opposed to a designer who just does HTML and CSS–I think he’s best off staying where he is and asking better questions.
Read more

Do as we say, not as we did: Microsoft and standards

Microsoft is sniveling that mobile web sites are written with Webkit browsers in mind, because Webkit has 90% market share on tablets and phones.

For those who are over 30, the irony is nauseating. Read more

There’s plenty of credit for the Internet to go around

There’s a crazy rumor going around saying that the government didn’t do much of anything to create the Internet, and that private industry did it all.

I remember the Internet before the private sector got involved in it. I was there.
Read more