More Zonkyness

Diagnosing A Phishing Scam

Dec 042023

Just for fun (I have admittedly a very weird sense of fun), I thought I’d have a look at one of the phishing emails that came into me. I’ll go through this bit by bit, picking out bits that first occurred to me …

Subject: LastPass : Required action needed regarding your account

Eh? Do I even have a LastPass account? I keep my passwords stored somewhere else, but it’s not impossible – I’ve been known to sign up to things just to test them out. Including cloud-based password managers.

But all the same, let’s give it a point on the suspicion scale. Running total: 1.

From: LastPass <yoji-okugawa1975@tg8.so-net.ne.jp>

Well LastPass certainly use a funny looking email domain (the bit to the right of the “@”), but Marketing departments sometimes aren’t aware of how important that email domain really is. On the other hand, “tg8.so-net.net.jp” does look particularly uncorporate, so let us give it a suspicion point.

Running total: 2

On the other hand, it is too easy to fake domains – I could very easily send you an email from the-management@lástpáss.com (and even more subtle equivalents of “a” – “а”, “ạ”, “ą”, “ä”, “à”, “á”, “ą”). And just to demonstrate something that looks identical can actually be quite different :-

In [8]: print(ord('а'))
1072

In [9]: print(ord('a'))
97

Now this isn’t to suggest that you should run your email headers through some Python code, but just that because something looks like lastpass.com doesn’t mean it really is. The next thing that jumped out at me was the body of the email – I may be well trained, but something new and shiny is still distracting :-

Now the first thing that jumps out at me is that red “Confirm my information” box. Screams “click here” doesn’t it? Well don’t click on it! In my email client (something you’re quite likely not using – claws-mail), if I hold the mouse pointed above a link, it’ll tell me where that link goes in the status bar of the client. In this case it shows up as https://tg8.benchurl.com/…. doesn’t look very much like lastpass.com does it? That’s sufficiently suspicious that I’ll award it 3 suspicion points.

Running total: 5

Notice how they don’t add a “Dear ${name}” to the top of the email? Not personally addressing email is ever so convenient to scammers that want to get your details – because they don’t necessarily know your name. That’s a suspicion point all on its own.

Running total: 6

Next note how it tries to rush you … “log in before January 16, 2024”. It’s subtler than many phishing scams, but it’s still trying to rush you. Add another suspicion point.

Running total: 7

There’s further details we could dig into, but that’s more than enough that the Delete button is the only thing this email should attract. That running total? It was just for fun, it’s not intended as a guideline for when to count something as a phishing email.

In the case of doubt, contact the company via other means.

Tactical Voting: Compromise, But That’s Okay

Politics No Responses »

Nov 192023

Some of us who are anti-Tory are encouraging the use of tactical voting – voting not necessarily for the party you would most like to represent you, but instead voting for the party most likely to defeat the Tories. The Tory government has been so inept, corrupt, morally bankrupt, and generally icky, that giving them a total hammering is only right.

But there are plenty of people out there who don’t feel that Labour (or one of the others in certain areas) really represent their views. Labour has moved too far to the right – which is something I would agree with.

But politics is about compromise and with first-past-the-post system, we have to compromise more than other systems of voting. There will never be a political party that exactly represents my views, so I have to select the one that closest matches my views. In an ideal world anyway.

In a less than idea world, we have to compromise more and vote for the candidate in our constituency that is most likely to defeat the Tories. There is no point in voting for the Green party in a constituency where they typically get 2-3% of the vote when switching to the Liberal-Democrats are in second place and most likely to defeat the Tories.

The left in Britain is somewhat more fractured than the right (although if we give the Tories a bloody enough nose that might just change) which with the FPTP system gives the Tories an inherent advantage. We need to overcome that advantage and without a change in the voting system, tactical voting is the way to do that.

Give the Tories a bloody nose and vote tactically.

Why Abolishing The ECHR Would Be Catastrophic

Politics No Responses »

Nov 112023

The frothing-at-the-mouth loons on the far-right are trying to get the country to rip up the ECHR and reject the ECHR. That’s two different things – the European Convention on Human Rights, and the European Court of Human Rights. Essentially the first is an agreement on what rights we should all have, and the second is how those rights are enforced.

We’ve all heard about (thanks to right-wing propaganda media) ridiculous stories about some inane judgements of the ECHR (although not a few are complete fiction), but before we listen too long to lying scum-bags with hidden agendas should we consider whether throwing out the baby with the bathwater is a good idea?

In the wake of World War II, the nations of Western Europe founded the Council of Europe to adopt measures that would stop that sort of war even occurring again (and to combat the rise of Communism). A time when Britain’s influence in Europe was at a zenith – the British lawyer David Maxwell Fyfe was probably the biggest single influence on the new convention of human rights. In normal circumstances it would be churlish to suggest it, but there is an argument to say it should be called the British Convention on Human Rights for Europe.

Ripping up the convention on human rights also requires us to leave the Council of Europe. Which would horrify the hero of the far-right – Winston Churchill who was the biggest single proponent of the post-war Council of Europe. And have a similar catastrophic effect on Britain as the disastrous Brexit that we have undergone.

But let us look at what the ECHR actually does – it can force governments to admit they’ve gone too far and make them step back. Now the propagandists for abolishing the ECHR will quite rightly point out that this is not democratic.

Indeed.

But imagine a situation where a democratically elected government is of a flavour you despise – perhaps a far left government that intends to take away your company because you haven’t “shared” enough with the workers, or because you pay yourself more than 20 times the pay of the lowest paid worker.

Doesn’t sound fair does it?

And if the ECHR forced that government to stop its plans? Doesn’t sound quite so bad now does it?

It is all too easy to look at the “bad” the ECHR does – when it stops a government you like doing what it thinks is right. But that’s not how to examine something like the ECHR – you have to imagine the ECHR stopping a government you despise doing something awful.

And always remember – those talking about ripping up the ECHR are all spitting on Winston Churchill’s grave. Do you still want to join them?

The Remembrance Poppy

General, Politics No Responses »

Nov 112023

I don’t usually wear one of those red poppies – not out of a lack of respect for the war dead or veterans of wars, but because of “poppy fascism“. It’s all very well choosing to wear the red poppy, but it should also be fine to choose not to wear the red poppy – even the Royal British Legion supports those who don’t choose to wear it: “If the poppy became compulsory it would lose its meaning and significance.”

Just look at the abuse those in the public eye who choose not to wear it receive.

And some of the reasons for not wearing it are perfectly reasonable – some politicians do use it as a means of promoting war and nationalism. Distasteful in the extreme. And very much associated with the far-right – the very kind of people many of the war dead were fighting against.

On the other hand, some of the reasons for not wearing it can sometimes seem inappropriate. It’s all very well being against some of Britain’s wars and even against some of the actions of British soldiers (such as Bloody Sunday), but the poppy is about remembering the war dead and veterans. A group who very rarely had any choice about where they were sent.

Was IBM Right All Along?

Computing No Responses »

Oct 132023

Do you have a disk in your computer to keep data on? Really? It must be quite old then. Most of us are switching to solid-state devices.

And even if your hard disk really is spinning rust, it technically isn’t one disk; it’s a number of them (individually called platters).

IBM terms all appropriate storage devices DASDs (direct-access storage device) which because it refers to what the storage device does rather than describes how it is constructed. Except for the difficulty pronouncing it, it makes a far better name.

How about cheating and referring to them as DASes?

Older Entries