Friday, December 22, 2006

A Web Security RANT!

I have a friend who refuses to follow directions. I have been stalked and have learned the hard way about security in all its forms. Security issues prevent me from allowing email on this blog. You can comment, until the cows come home, but I have to contact YOU. I realize that ninety-nine percent of my readers are great people, but it only takes one trouble maker to ruin it for everyone.

So, when a friend started sending me those obnoxious chain-letter-email things, I politely told her to stop sending them. I will never send on something that smacks of magic, or "luck". It goes in the trash, period. I was polite, as this person didn't know my feelings and didn't deserve my pent-up rage over all things unethical. Being the dedicated and untreated co-dependent she is, she informed me that she didn't like those things either (? - then why are you sending them out to the tune of several per day?!) She seemed a bit hurt, but for awhile, I didn't hear from her over the Internet very much.

Somehow, I've gotten back into her Internet good graces and again started receiving forwarded information. Stuff from newspapers, her mother and newsletters. As I always check out security on email, my address was not passed on. But TODAY I got something called a "Hug Certificate". (Rage Alert!)

To: CyberGal (and fifteen others with complete names email addresses!)
Subject: Fw: Hug Certificate

A Hug Certificate for You!

This poem is very sweet. It will be interesting to see who sends it back.
Forward this on and back. Thanks!

If I could catch a rainbow
I would do it just for you
and share with you its beauty
On the days you're feeling blue.

If I could build a mountain
You could call your very own;
A place to find serenity,
A place to be alone.

If I could take your troubles
I would toss them in the sea,
But all these things I'm finding
are impossible for me.

I cannot build a mountain
Or catch a rainbow fair,
But let me be what I know best,
A friend who's always there.

Love, Anonymous
Eight .gif attachments were included!

CyberGal's response:

I do enjoy your friendship -
a quiet joy for me,
but I am scared about Web security.

I scanned the flock of receivers,
quite a curious list
If these names got mis-used, someone would get pissed.

I do not forward things ahead
with personal ID's
I learned a painful lesson - from someone stalking me.

You may trust these people
but I'm distressed to say:
Please don't forward me along in any email chain.

Happy holidays, my dear. A hug for you to!

Please don't include me in a list of forwarded email. It is not that
hard to delete "sender" info. from a forwarded email. If you want to
send one email to three people, put the first address on the "To:" line.
Put the other receivers on the "BCC" line. This stands for "Blind
Carbon Copy". Please do not send my info. out where anyone can
harvest my name and email address. Thanks allot.

Love Cybe
Now, let me explain the problem with an email with open names and addresses. Of course you trust your friends and business associates and family members! Like me, anyone who is obviously causing your computer to be attacked by Spam, or worse, is quickly gone from your address book and most likely your life. But, there is a very bad problem out there on the Internet with PCs especially.

A nasty person can "trick" your computer into doing things without your knowledge or permission. The first thing these hacking, spying and Trojan Horse programs do, is to go into your address book and use all that information! So, I get an email from "Phillip". I know him, and normally wouldn't hesitate to open something from him. These days I check the subject line to see if it "feels" right. If Phillip is suddenly trying to "pitch" me, I KNOW there is something wrong. Once I scan the subject line, I look to see if there are attachments. This in itself isn't necessarily a problem, but it can be.

I open the email and read the content. If the content checks out, I view the associated attachment, to make sure it is what it purports to be and all is fine. One of the newer developments in the world of malware is burying secret code in pictures. They look like cartoons, or photos, but they have "hidden" programming code for turning your machine into a spam factory, or worse.

My friend's email had sixteen recipients. When I requested "more information" from Firefox, my full same and complete email address popped up along with fifteen other names! Oh My God! I then read the (to me) smarmy poetry. I was already angry with the line: Let's see who reads their email... I hate having to re-tell someone something more then twice. I know I've politely written and spoken to this gal about these darn chain-letter emails. Now, I was going to give her a smarmy poem back, along with explicit directions on how to send duplicate emails without screwing around with people's personal information.

I haven't heard back. Her computer may be having a problem. The last time she had a problem, she was totally virus-ridden and it took almost a week for the technical firm to "clean" her system.

Please, folks. We have to be more careful now. This goofy email had eight .gif attachments. All o them containing some kind of script command. We have to be careful with our name and address information. Malware is getting more and more sophisticated, even a protected machine may get "tricked". Don't use the "To: field for a bulk mailing of your address book buddies! Address it to one person and put everyone else in the BCC field. PLEASE.

Yes, I have made this error. I bulkemailed everyone in my address book with a change of email address. I quickly heard from a small business man making the speech of this blog. The days of innocence have to come to an end. Not all is roses out on the Information Highway.

No comments: