Re: Phishing site - Warnings from Google: Are YOU warned?

Discussion in 'Computer Security' started by Mike Easter, Dec 2, 2009.

  1. Mike Easter

    Mike Easter Guest

    ~BD~ wrote:
    > This is an email delivered by Hotmail:-


    Do not allow spam into your inbox. Do not open spam.

    If you are inclined to be a spam investigator instead of just deleting
    it, then you should inspect the spam by examining its 'properties' or
    the message source, which reveals the complete headers and the
    unrendered html.

    When you examine its headers, you can learn to determine the message
    source and you can also learn how to see the bogosity in the headers.
    From inspecting the headers before you inspect the message body, you
    will already know that you are examining spam with bogus information in
    such as the From and sourced from someplace other than the From
    indicates.

    That inspection will also demonstrate to you that the payload URL which
    is displayed by rendering the html is not the 'real' payload url; that
    is, the html causes the thaisuzuki.co.th to look like hsbc.co.uk

    > Visit our Privacy Policy and User Agreement if you have any questions.
    > http://www.hsbc.co.uk/1/2/
    >
    > ******************************************************************
    >
    > ** This is the URL to which one is directed above:
    > http://www.thaisuzuki.co.th/pic_news/IBlogin.html
    >
    > Using Safari - I get a vibrant Warning about the site being a Phishing
    > site.


    It is not even necessary to do the exercise.

    If you are allowing spam into your inbox, you are misconfigured. It
    should be recognized by your spamfilter and directed into a Junk folder
    so that it is not 'handled' in the same manner as real mail.

    Spam is designed to try to evade filters and get into the inbox. It is
    the duty of the filter to prevent that. Spam which gets into the inbox
    is designed to 'trick' the human eyeballs into being curious or
    interested and to open the spam to see what it is or if it is real or to
    get a laugh or to get a good deal or to get something for nothing or to
    buy something that you need for a good price.

    All of that 'business' that spam is designed to do is how spam works.
    It is the duty of the spam recipient to abort the spam process at every
    step of the way.

    According to my scorecard, you lose points if you open a spam and click
    on its links. When you do that you are a spammee who is either
    potentially or actually profiting the spam process.

    Such spammees are what makes the spamworld go round.

    --
    Mike Easter
     
    Mike Easter, Dec 2, 2009
    #1
    1. Advertising

  2. Mike Easter

    Mike Easter Guest

    ~BD~ wrote:

    > Regrettably, you have failed to answer my question!


    That is because we completely disagree about what you are attempting to
    illustrate and I am positing my arguments about the many things you are
    doing wrong and how you are doing them all wrong.

    You are saying - I let spam into my inbox. I read my spam's subject and
    from, then I open my spam and then I click on my spam links.

    I am saying - do not let spam into your inbox - do not read your spam's
    subject or from receptively as you do when you look at realmail
    subject/from, do *not* open your spam and render its html and **DO NOT**
    click on your spam links.

    I do *not* want to read your html-rendered spambody and I do *NOT* want
    to lick on your spamlinks and I do not recommend that other people do
    what you are doing and I'm trying to guide you and them and 'disrupt'
    your efforts to misguide them.

    You are profiting the spam process by what you do. Stop doing that.
    The fact that you (the ubiquitous you spammees who handle spam as you
    do) make spam profitable is why we all get so much spam.



    --
    Mike Easter
     
    Mike Easter, Dec 2, 2009
    #2
    1. Advertising

  3. Mike Easter

    Mike Easter Guest

    ~BD~ wrote:
    > <my cite>
    >> That is because we completely disagree about what you are attempting

    to
    >> illustrate and I am positing my arguments about the many things you

    are
    >> doing wrong and how you are doing them all wrong.


    > If you can explain how anything in an email can 'infect' my OS X box,

    I
    > will pay careful attention.


    You are missing the thrust of my argument. I did not use the word or
    say 'infect'.

    I said your behavior handling your spam is bad and you are elaborating/
    emphasizing the absolute worst part of the behavior, the one which
    profits spam processes and potentially endangers the spam handler, which
    is opening spam, rendering html, and clicking on spam links.

    > Hahaha! I do understand your (cautious) position, Mike. I simply

    hope(d)
    > that someone here would have a VM/Sandbox facility which they could

    use
    > without risk to their machines.


    You don't understand at all. You are exhibiting bad behavior by playing
    with your spamlinks. You want to encourage others to play with your
    spam links and you want others to approach the spamlink in the same way
    that you did.

    I am saying - don't do any of that. I am not saying that I 'can't'
    investigate whether or not the legitimate thaisuzuki.co.th website is
    compromised.

    > As I get a 'WARNING' and do not actually go to the URL in question, I
    > cannot understand the point you are trying to make here.


    I am saying that almost every time you open a spam and click a spamlink
    you are (potentially) profiting the spam process and that you should
    stop behaving that way every step of the way.

    Don't let the spam in; don't read the spam subject/from receptively;
    don't open the spam and read it receptively; don't click the link to
    (try to) go there.

    And incidentally, don't encourage others to click on links that you
    don't know what is there because you have not done the necessary
    research to find out what it there. It has nothing to do with
    sandboxes. It has to do with your ill-advised behavior.

    The name of this group says 'computer.security' and your spamhandling is
    not wise computer security and it is not wise netizenship because you
    are aiding the bad guys who profit from the spam processes.

    --
    Mike Easter
     
    Mike Easter, Dec 2, 2009
    #3
  4. Mike Easter

    kristlebawl Guest

    ~BD~ expressed an opinion:
    > I'm not at all interested in reading the body of any SPAM message. I
    > want to know if other folk are being warned of Phishing sites in the
    > same way as I am. That's all! :)
    >
    > As I get a 'WARNING' and do not actually go to the URL in question, I
    > cannot understand the point you are trying to make here.


    Your curiosity is reasonable, but your test is not. Less experienced
    hacker hopefuls have tried to trick people into "checking" security with
    websites that attempt to bypass security and install malware, as a way
    to test their hacking ability.

    Most reasonably experienced Usenet users are not going to click that
    link, especially here. Those that will, though, are probably not
    interested in satisfying your curiosity, so they are unlikely to reply,
    except to tell you what is wrong with your inquiry.

    --
    KristleBawl
    If you tell the truth, you don't have to remember anything. - Mark Twain
    Taglines by http://tagzilla.mozdev.org
     
    kristlebawl, Dec 2, 2009
    #4
  5. Mike Easter

    Mike Easter Guest

    ~BD~ wrote:

    > Whilst here, if one looks at *this* thread - on Google Groups -
    >

    http://groups.google.com/group/alt.computer.security/browse_thread/threa
    d/888250bb7d11d20e?hl=en#
    >
    >
    > The first two posts are 'missing' from the thread. Any clue as to why
    > that might be?


    Your message is html which may have caused it to be filtered. Or
    perhaps it may have looked like spam to some filter. My message is
    plaintext and looks less like spam, so that explanation doesn't work for
    the 2nd post.

    GG is a very very flawed archiver of usenet. It 'generously' archives
    tons and tons of spam - see the spam which appears in the listing of
    this groups topics for the same timeframe
    http://groups.google.com/group/alt.computer.security/topics?hl=en

    .... while 'incompetently' failing to archive all of the thread you have
    referenced.

    While posts are fresh, they can be accessed faster/better by using the
    message id in a capable newsagent - some agents can only access the
    individual messages by mid, while others can access all of the thread
    given an mid of one of the thread.

    Both posts missing in the GG system are individually accessible via
    Howard Knight's mid system.



    --
    Mike Easter
     
    Mike Easter, Dec 2, 2009
    #5
  6. On Wed, 02 Dec 2009 12:51:57 +0000, ~BD~ wrote:

    > I appreciate and understand you detailed and helpful reply, for which I
    > thank you.
    >
    > Regrettably, you have failed to answer my question!
    >
    > Do the security features on *your* machine give you any sort of warning?


    Don't need to, I have a built in Idiot/Troll Meter which is going off
    like a fooken air raid siren right now.
    --
    A fireside chat not with Ari!
    http://tr.im/holj
    Motto: Live To Spooge It!
     
    ♥Ari♥, Dec 4, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Easter
    Replies:
    0
    Views:
    1,253
    Mike Easter
    Dec 2, 2009
  2. Jim Watt
    Replies:
    8
    Views:
    1,596
    Mike Easter
    Dec 6, 2009
  3. anders
    Replies:
    2
    Views:
    1,305
    anders
    Dec 5, 2009
  4. Mike Easter
    Replies:
    0
    Views:
    1,223
    Mike Easter
    Dec 3, 2009
  5. RichA
    Replies:
    2
    Views:
    200
    Sandman
    Sep 2, 2013
Loading...

Share This Page