On the face of it, this looks like a perfectly reasonable message with a perfectly reasonable URL from a perfectly reasonable address:
Dear Workopolis member,
Workopolis Technical Department requests you to complete Online Employer
This procedure is obligatory for all clients of Workopolis.
Please select the hyperlink and visit the address listed to access
Online Employer Form.
These instructions are to be sent to all Workopolis members.
Copyright � 2007 workopolis.com. All Rights Reserved.
In reality, its HTML mail that is used to hide the real URL.
What I've shown in plain text above reads like this in HTML:
Please select the hyperlink and visit the address listed to access Online Employer Form. http://www.workopolis.com/database/employer_form?
What's really there is http://www.workopolis.com.ieooo2.xz.cn/database/employer_form?session==79414285156108018779442998768454048168113142102426838
As you see, what you see and what you get aren't the same.
My spam detector, spamassassin, is smart enough to spot this.
Its really crude spam!
X-Spam-Report: * 1.7 HOST_EQ_D_D_D_D HOST_EQ_D_D_D_D * 2.9 RM_hm_EmtyMsgid Message ID is empty, or just spaces - probable spamsign * 0.1 SPOOF_OURI URI: URI has items in odd places * 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com * 2.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: ieooo2.xz.cn] * 1.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
But the really important thing is that a HTML message can hide reality.
Why do I mention this? For most of us its obvious.
Well at a recent ISSA meeting I spoke with another CISSP, a security manager with a local organization that has an operating budget of over 200 Million dollars. All their internal mail is "HTML" - he says that's the standard, so the MUAs read mail as HTML by default. Mail from his is in proper MIME format, the text part as well as the HTML part. I pointed out that this means his organization is paying extra for storage and that it gets multiplied when mail is cc'd. He just said "well its the corporate standard".
Now the corporation may not care that its paying extra for all that storage, after all, storage is cheap.
But humans have always been the weak link. Someone might get mail like this and click on the URL. We've been telling users for years not to open unsolicited attachments, but they still do. Why would we think they won't click on URLs in mail messages.
The reasons my colleague at the ISSA offered included "HTML offers formatting options that our users require. Plain Text does not." But that was with no explanation of why they might need those options.
Personally I think that's a specious answer. For EVERY message? We do fine here with plain text.
HTML mail represents a risk. User's need to be educated to realize that. A baseline policy of "all mail should be html" also means all readers default to html and so can hide what's really in the message. Not least of all, there have been bugs in the html rendering code in the past that have led to exploits. Does anyone really think that users won't click on the URLs in mail from the outside?
Perhaps you also need a front-end 'sanitizer' like http://www.impsec.org/email-tools/procmail-security.html
or http://mailtools.anomy.net/ which is the one I recommend.
Perhaps you need to be wary about MIME e-mail in general, both HTML mail and attachments.
[ viagra fun | natural viagra | viagra available in india | cialis soft | drink alcohol with viagra | generic viagra lowest prices | pfizer viagra 50mg | indian cialis canada | herbal vigor | viagra discount codes | indian cialis canada | indian sildenafil citrate | pfizer mexico viagra | viagra professional | pfizer viagra 50mg | viagra femele | viagra deaths | buying generic cialis mexico rx | levitra vs viagra | young men taking viagra | get viagra | is viagra legal | generic money order viagra | what if i take too much viagra | viagra prescription drug | when do i take viagra | viagra femele | levitra versus cialis | female ingestion viagra | can teens take viagra | map | obtain viagra without prescription | viagra uit india | when was viagra released | prescription viagra | viagra order | cheap generic overnight viagra | indian sildenafil citrate | overnight delivery cialis | viagra soft tabs | uk alternative viagra | buy viagra pill | how to make viagra | viagra tablet weight | fake generic viagra | cialis dose | cialis and diarrhea | cialis brand | how to make your own viagra | overnight viagra | viagra cheap prescription | generic supplier viagra | pfizer viagra 50mg | viagra experiences ]
The Australian Government is wasting over $100 million on "free" "Internet content filtering" software for home computers (http://www.netalert.gov.au/), and in the latest move, the opposition - which stands a very good chance of becoming the government after Saturday's election - is now taking advice from a 16-year-old kid on its Internet policy (see
Security theater of the highest order. Words fail me.
[ who makes viagra | buy viagra alternative | viagra online pharmacy | viagra buy now | viagra prescription label | viagra buy | derph generic tablet viagra | buy gel viagra | canada viagra pharmacies scam | canada meds viagra | herbal vigor | obtain viagra without prescription | cialis and diarrhea | archive blog buy inurl viagra | cialis arterial fibrillation | viagra blister 4 | viagra stores | viagra 25mg | generic viagra canada | cialis angioplasty | female equivalent of viagra | buy real viagra without prescription | bio viagra herbal | canada online pharmacy viagra | viagra money order | buy levitra viagra | search herbal viagra | viagra in canada | viagra suppliers in the uk | discount generic viagra | picture viagra pill | viagra sales | buying viagra with no prescription | express viagra delivery | adviser finance order viagra | cialis dosagem | free viagra | alternate to viagra | how does viagra work | viagra brand | viagra prescription | viagra purchase by phone | real viagra pharmacy prescription | viagra online stores | viagra joke | is viagra legal | viagra sales u.k | what is cialis | viagra prescription drug | cialis dose | canada cheap viagra | pfizer viagra 50 mg online | selling viagra | truth about cialis ]
Indeed. But not yet.
You can run 64-bit Linux or Windows but many drivers aer not there yet. If we are talking about servers then its probably not a problem, and if your server has 64-bit hardware then you should be running a 64-bit OS; but for the desktop thinks like Adobe Flash and man video and audio codecs aren't here yet.
While on the whole I'm happy with my 17" Compaq X6050 (I wish it were lighter, though!) it and my tower server both have this limit on the number of slots for RAM. The thing here is that I want a large screen and disk, this is a 'desktop replacement'. Yes, there are plenty of small and light machines out there. The Asus EEE PC come in at under a kilogram but it has 7" TFT LCD with LED backlight @ 800×480. It is is a subnotebook, about the size of a hardback book. That's great, as a 'pocket book', if you work that way. But I'll stick with paper and pen or my trusty old Newton. When I want a computer I want a proper computer, and that means a proper display. Perhaps one day we will have display that are 'smart paper' and can unfold.
This limit on memory represents some serous brain damage on the part of the designers.
As this article points out, RAM is cheap and getting cheaper. Tiger Direct in the USA have been selling 512 megabyte DDR2 for US$9.99 recently. Even here in the Great White North where prices are marked up astronomically and
retailers don't care that the loonie is stronger than the greenback I can get a 1 gigabyte DDR2 for C$29.99 on the high-street with no shopping around. The same for my laptop is a little over twice the price at the same outlet. If I got down to the Computer Strip at College and Spadina in Toronto I can find 512M DDR2 for C$12.
When memory and address space was expensive we had to be parsimonious and ended up with virtual memory (and other) systems. We also had the phrase "virtual memory means virtual performance".
The "56k limit" of DOS running on an 8088 (or a Z-80 if you remember CP/M) and roll-in-roll out memory management fitted in with the economics back then. Even if you were willing to shell out for more memory the hardware wouldn't support it, the chips simply couldn't address it.
So what has changed? Well the chips can address it, but if I were to shell out for 16 gigabytes of memory ... the hardware won't support it. The motherboards don't have enough slots.
Well, sort of. In one sense motherbaords are just another commodity, but that also means most of the are clustered in capability and performacne. Oh, there are exceptions! Here's a "monster truck" that supports 16Gbytes of RAM. And you can add to that whatever memory is on the video card.
Great for your server; great for your desktop. But what about the laptop? And lets not forget that more and more individuals and corporations are moving to laptops. The lure of mobility, of wireless networking, of telecomuting and much else is very strong.
I suppose this might be yet another example of the "failure of imagination" syndrome that has always beset this and other industries, the designers and policy wonks simply can't imagine why anyone would want to do "THAT!" It seems only time and a slow evolution of the marketplace brings about change.
But what we have here is, as this article describes, an economic force. I can easily afford to buy large disks and large amounts of memory, more than my cabinet and motherboard can cope with. While I can always run a SCSI cable to another chassis, there is really no simple way I can add more memory than the motherboard has slots for. And with the laptop I am even more constrained.
More and more applications are using large memory spaces. Perhaps applications will drive development of hardware. Consider these statistics. Half of the machines are 2G or more. When the hardware developers will be able to tout more slots as a way to sell more gear, it will happen.
Even so, it may well be an iterative a re-run of the old 1950s attitude towards automobiles:- planned obsolescence. Many people think so, but items that last tend to become cultural icons - classic automobiles and of course the Newton.
[ viagra sales | cialis pharmacy generic | buy cheap online viagra viagra | how to buy viagra | overnight canadian viagra | viagra young men | viagra by online | viagra stamina | pfizer mexico viagra | when do i use cialis | cheap generic overnight viagra | sildenafil citrate voltammetry | how much does viagra cost | stores that sell viagra | cialis alternatives | where to buy viagra | the truth about cialis | viagra premature | viagra young men | viagra soft tablets | viagra good morning | buying viagra in canada | viagra prices | generic viagra canada | viagra success stories | online order url viagra | low cost cialis | canadian pharmacy viagra | how to make your own viagra | best price for generic viagra | cialis woman | ordering cialis gel | how to make your own viagra | viagra alternative | how strong is 5 mg of cialis | canadian viagra | sildenafil plant | mail order viagra | viagra dosage | generic viagra india | viagra britain | double dose of cialis | online doctor viagra | viagra chinese medicine | viagra gay | cream female viagra vigorelle | female male viagra | online viagra gel to buy | viagra prices | who can take viagra | cialis delivered overnight | herbal viagra affiliate | viagra u.k | what is better viagra or levitra ]
I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity