Greeting VSNers,
Wow! We really touched a nerve last week regarding the sending of mass emails to
friends, relatives, associates, etc. and folks not using CC and not BCC. We
received numerous emails about how annoying this is and not only that it creates
clogged inboxes because recipients when writing back hit reply all. But aside
from this annoyance there are security issues. We discuss this in Operations
(scroll below). We also show you how to send BCC from a variety of email clients
and providers. BCC may not be perfect but it can make you feel a little bit more
secure.
Reader Tim believes that the BCC problem lies with the email clients themselves
that do not make BCC the default method of sending. He says: “If they would
just reverse the order and make bcc the default and make people have to work to
do a cc (or even better just eliminate the cc altogether) then most of the
problem would be fixed.” TechRepublic has an interesting article on this
subject.
>>Read the TechRepublic Article Here
We have some very interesting items in Dirty Tricks and the Zone this week. Be
sure to check them out.
Please take a few moments to answer a 3 question survey for us.
https://www.surveymonkey.com/s/VX8VPV3
Enjoy the latest issue of VIPRESecurityNews. And remember stay safe out there.
Best,
Larry Jaffe
Editor VIPRESecurityNews
P.S. You can write to me at any time, I want to know how you feel about Internet
security and if you have any ideas for articles or subjects you would like us to
cover. Email me feedback@SunbeltSecurityNews.com
Did you know that VIPRESecurityNews has three sister publications that arrive once-a-week?
If you run Windows XP, subscribe to WXPnews and get the latest on keeping XP up
& running, hints, tips and techniques to keep it fast and secure. You can
subscribe here, and tell your friends: >>Subscribe Here
If you run Vista or Windows 7, subscribe to Win7News and get the latest on
keeping Win7 up & running, hints, tips and techniques to keep it fast and
secure. >>Subscribe Here
Run Windows Server? WServerNews is the world’s largest newsletter focused on
system admin and security issues for Microsoft Windows Servers. Subscribe here,
and tell your admin friends: >>Subscribe Here
Eyes Only Your Viewpoint on Security Issues
Phone Scam
Someone tried to scam me on the phone, so I thought I’d write it up briefly,
though I’m sure it’s a common story. A guy with an Indian accent phoned and told
me that his organization had noticed that when my computer connects to the
internet it generates a lot of errors. I knew it was some kind of scam but
instead of hanging up I stayed on the line to see what he’d ask me to do.
He asked me to press my windows key and R and start event viewer. Then he asked
me to double click on “Applications”. Next he asked me to scroll down that list
and tell him approximately how many red flagged error lines there were in the
list. I told him about 20 and he said “Oh my god!” Then he transferred me to
his “Supervisor” who asked me to double click on “System” and count the red
flagged lines there. I must have sounded unimpressed because he asked me a
couple of times if I understood what the errors actually were. Their story was
that the yellow warnings meant that my computer could be infected with a virus
at any time. At any time!
I told him that I never looked at that screen and did not know what anything and
then he put my on to someone else to talk to me about my warranty. I was
offered 2 year’s warranty for only $170. What a bargain. Then I hung up. Next
time I’ll have a conversation with them about their scam. That could be fun. -
SA
Who to Contact
Editor’s Note: Reader Jim has performed a good deed for all of us by compiling a
list of both government and corporate email addresses to send incidents of fraud
and/or phishing. Thanks Jim!
In reference to the article below in the July 27th edition of the VIPRE Security
News, I also received this a few times. I have some addresses I forward such
emails to, which I am pasting below. I also have quite a few bank, and business
addresses for reporting phishing and scam emails. When I get a phishing email
and I don’t have an address to report it to the business organization, etc. I do
a search to find if they have a website and if so I try to find if they have a
department to report same to. I figure the more places they are reported to the
better the chances of them being caught. I sure would like to be able to
determine their punishment when they are caught!!!!!!!!!!! – JR
US CERT (US Computer Emergency Response Team) phishing-report@us-cert.gov
Federal Trade Commission spam@uce.gov
EarthLink Fraud fraud@abuse.earthlink.net
Anti-Phishing Working Group reportphishing@antiphishing.org
Fraud Watch International fraudwatch@fraudwatchinternational.com
Phish Tank phish@phishtank.com
Chase Bank abuse@chase.com
Zenith Bank ebusiness@zenithbank.com
Oceanic Bank customercare@oceanicbank.com
Abbey National Bank customerservices@abbey.com
Union Bank PLC customerservice@unionbankng.com
Lloyds TSB Banking emailscams@lloydstsb.co.uk
South Western Federal Credit Union contactus@swfcu.org
Federal Express abuse@fedex.com
DHL Express Fraud.alert@dhl.com
Wells Fargo reportphish@wellsfargo.com
Publishers Clearing House PCHabuse@pch.com
Capitol One abuse@capitalone.com
Pay Pal spoof@paypal.com
Bank of America abuse@bankofamerica.com
USAA Bank abuse@usaa.com
HSBC Bank usphishing@us.hsbc.com
NatWest Bank phishing@natwest.com
What CC and BCC really mean
I recently learned (from New Scientist magazine) that the terms CC and BCC have
nothing to do with carbon copies. It turns out that CC was in use centuries
before carbon paper was invented!
CC means “copies”, this being an ancient custom (adopted from Latin) of using
two of the same letter to represent the plural of a common word that begins with
that letter. You see the same convention when people write 200 pp to mean 200
pages and in LLB to mean the Bachelor of Laws degree. So CC is just “copies”.
BCC is a modern variant and does mean “blind copies”, but the word carbon isn’t
in it. – AC
Editor’s Note: Although you cannot access the full article unless you are
a subscriber, you can see a portion of the article he refers to:
>>Read Article Here
Operations: What You Need To Know
BCC and Security
Sending emails to your friends and associates by BCC does not expose their
address to the rest of your list. There are a couple of issues from a security
standpoint BCC benefits.
- Privacy is the first point, because by sending BCC you are hiding your
recipients email addresses and not exposing them to everyone (yes you can look
at the source code but that is usually not a problem). What is a problem is when
someone clicks reply all and you get this never-ending deluge of emails usually
about something you don’t in the least care about. By putting your recipients
in BCC you do eliminate that problem. In essence you are keeping your list of
recipients confidential. It is not perfect but is the best we have. - R-E-S-P-E-C-T: In our most intrusive world, it has become more and more
important to have good manners and respect your friends and associates. CCing
them opens their addresses to being harvested by the bad guys who always love a
good list to spam. Encourage your friends to use BCC; the address you protect
may be your own.
How to BCC
Many of you wrote to me asking about how to send emails through BCC. About.com
has a series of tutorials on how to use BCC in a variety of email clients and
providers. So whether you are using Outlook or Thunderbird or Gmail, Hotmail or
Yahoo, they have how-to’s for you.
Outlook:
>>Read the Outlook Tutorial Here
Thunderbird:
>>Read the Thunderbird Tutorial Here
Gmail:
>>Read the Gmail Tutorial Here
Yahoo:
>>Read the Yahoo Tutorial Here
Hotmail:
>>Read the Hotmail Tutorial Here
Free Malware Removal
Malicious software is tricky and sometimes, these critters get through all your
layers of protection. However, did you know that we will remove malware that has
gotten into your computer for free? All you need is a valid subscription to
VIPRE and our team of malware removal specialists will get the bad guys out. Our
team will assist any customer that becomes infected while under VIPRE’s
protection. Just go online and fill out the support form and a member of our
Malware Removal Team will get back to you right away. You don’t have to pay for
this incredible service.
>>GFI Support Form
Free Support
Like our Malware Removal Team above our Support Team is also at your service.
You don’t have to call in or send emails or wait in line, just fill out our
support page and you will automatically create a support “case”. So should you
be experiencing technical issues with your GFI product please feel free to fill
out a support request and a technician will be happy to assist you.
>>GFI Support Form
Stay on top of all the real-time threats: >>GFI Malware Labs
Dirty Tricks
Ten Computer Viruses That Changed the World
It’s almost 25 years since the first PC computer virus left users looking at
corrupted floppies, lost work and perplexing messages. In that time, the state
of the art in automated malfeasance has progressed to the point that it’s part
of the armory of international geopolitics.
>>Read Article Here
Bug-Squashing Tools Offered to Improve Network Security
Editor’s Note: The below is a positive move by the Department of Homeland
Security to shore up our cyber-defenses.
After a spate of hacking attacks, the Department of Homeland Security is
promoting ways to make software more trustworthy. The Department of Homeland
Security has announced an initiative to shore up security by squashing software
bugs. This follows a slew of high-profile attacks on government and corporate
computer systems that have led to sensitive information being stolen.
>>Read Article Here
Michaels Breach: 4 Suspects Sought
Editor’s Note: I try to always run my debit card as a credit card, so I don’t
have to disclose my pin number.
In a new twist to the Michaels point-of-sale breach, a police department in
Oregon is asking the public to help nab suspects believed to be involved in the
card skimming scheme. Police in Beaverton, Ore., are investigating 50 fraud
reports related to the breach, which Michaels has confirmed likely compromised
debit accounts in 20 states. The breach, which at first was suspected of only
affecting a select group of Chicagoans, quickly grew to become one of the most
widespread incidents of POS PIN pad swapping the U.S. payments industry has ever
seen.
>>Read Article Here
2011 CWE/SANS Top 25 Most Dangerous Software Errors
The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most
widespread and critical errors that can lead to serious vulnerabilities in
software. They are often easy to find, and easy to exploit. They are dangerous
because they will frequently allow attackers to completely take over the
software, steal data, or prevent the software from working at all.
>>Read Article Here
Bing ads lead to more malware; new Mac Trojan in the wild
Malware authors will do just about anything to fool you into installing their
software. A popular target is search engine advertising, which one gang is using
on Microsoft’s search results. In a separate attack, Mac users are being
targeted by a Trojan that mimics a Flash installer.
>>Read Article Here
Zone – Cool Products & Other Stuff
I am always looking for some hot stuff to share with our readers maybe you are
too. Hit me back at feedback@sunbeltsecuritynews.com.
No Parking
Mayor of Vilnius “solves” Illegal parking problem with a tank:
>>Watch Video Here
Bali Diving
Amazingly stunning, beautiful and unusual underwater creatures you never knew
existed:
>>Watch Video Here
Ride Your Passion
There are people doing crazy stuff on their motorcycles and then there is Jorian
Ponomareff from Montpelier, France. Dang, he is good:
>>Watch Video Here
World’s Tallest Buildings
I thought you might enjoy this graphic showing off the tallest buildings in the
world, including the soon to be built Kingdom Tower which will be over 3,280
feet (1,000 meters) tall.
>>See Image Here
People Are Awesome
People Are Awesome: A compilation of awesome people doing incredible things.
Music: Mecha Love by Hadouken.
>>Watch Video Here
What’s the Fastest Web Browser in the “Real World?” Chrome.
Compuware’s benchmarks division, Gomez, has just released new data from a
website measurement project whose goal was to determine what the fastest web
browser is in the “real world” of desktop users. The project only measured load
times of users on broadband connections.
>>Read Article Here
29 comments
Kevin Stocker says:
August 11, 2011 at 8:09 pm (UTC 0)
I see you are offering free tuneup utilities for new subscribers. I just joined a few months ago and would like that offer extended to me as well for my two laptops. Is that possible? Thanks, then I can try it out and see if it is a product I would later purchase.
larryj says:
August 12, 2011 at 3:09 pm (UTC 0)
Kevin, send me an email with your request to larryj@sunbelt-software.com
Simon Walker says:
August 11, 2011 at 8:41 pm (UTC 0)
Your correspondent referring to the Indian phone scam rings lots of bells in places as far afield as the UK, New Zealand and Australia – I came across a forum the other day with postings from all of these places, and then some.
We have been getting these calls here in the UK on and off for at least six years, although they have been getting more frequent recently. The routine is invariably the same: the man, occasionally a woman, will introduce themselves with an English name, such as Jim, or Paul, or Max, although the accent is an immediate giveaway. They also ask for the telephone account holder by name, although sometimes they do get given and surnames mixed up. The most common approach is “We are from windows and we know that your computer is not working properly”.
There are a number of ways of dealing with this, all of which have been used at various times, depending on how mischievous or otherwise I am feeling at the time. These include:
1 – put the phone down right away;
2 – use basic Anglo-Saxon and then put the phone down. However, there is a downside to this, as one of them obviously had learned some of this, and used it when speaking to my wife on the phone, when she wouldn’t play ball with their request;
3 – Say ‘please hold on’, put the phone down and carry on with what you are doing. It takes a while for them to twig, but then they ring off. The advantage of this is that they can’t mither anyone else while you are blocking their phone line;
4 – Talk to them in a very authoritative way about something completely different. An example would be to confuse windows with double glazing. This can lead to increasing levels of confusion at the other end, and they then ring off;
5 – and this should only be attempted when you have the time and inclination – Say a few times ‘please hold the line while your call is being transferred’, and then start talking to them as though you are from the security services. As I can do a pretty good South African accent, I invariably “transfer” them to the Bureau of State Security down there. Now, the BOSS were not very nice people when the organisation was active in the 1960s to the 1990s, and you can play on this to great advantage. It confuses the hell out of the Indians, who not only cannot understand why their phone call has been transferred in the first place, but can get pretty edgy about having to speak with what they believe are the local equivalent of the KGB.
6 – make sure your phone number is not listed in the phone book in the first place, but that’s not nearly as much fun.
Simon Walker
larryj says:
August 12, 2011 at 3:09 pm (UTC 0)
Thanks Simon
George Rezac says:
August 11, 2011 at 8:47 pm (UTC 0)
Re your 3-question survey: your logo isn’t bad, but I think the snake should be flipped so it’s looking into the logo, rather than away from it. Right now he looks like he’s trying to get away. Just my opinion.
larryj says:
August 12, 2011 at 3:10 pm (UTC 0)
Thanks George.
Daniel Berres says:
August 11, 2011 at 9:01 pm (UTC 0)
I already have Viper
Bruce Kennedy says:
August 11, 2011 at 9:17 pm (UTC 0)
I always use BCC when sending to a group. I do not find it inconvenient or awkord any more because I am used to it.
I use Thunderbird. I select my names from my address list then I select BCC and they all go in at the same time. I could accept to or CC just as easily.
I do agree that BCC should be the default and you would have to work at it to get To or CC.
Bruce
larryj says:
August 12, 2011 at 3:10 pm (UTC 0)
Thanks so much Bruce.
Richard says:
August 11, 2011 at 11:09 pm (UTC 0)
OK so what is good about bcc and what is bad about bcc I always use bcc and to workIf I get an email and they say do not send to My office email send to personal email I hit reply to all sends + the personal so all is out in the open to forward is easy hit forward and delete all headers and send bcc so what so bad about bcc
Kind regards
Richard
Maurice says:
August 11, 2011 at 11:20 pm (UTC 0)
Here’s what I often use when ending a msg:
If you forward this correspondence, please delete the forwarding history, which includes my email address, as a courtesy to me and others who may not wish to have their email addresses sent all over the world. Erasing the history and using BCC helps prevent Spammers from mining addresses and viruses from being propagated.
larryj says:
August 12, 2011 at 3:10 pm (UTC 0)
Excellent Idea!
morromid says:
August 11, 2011 at 11:55 pm (UTC 0)
Fastest web Browser article
What a joke. Comparing 3 versions of chrome, 3 versions of Firefox, 2 Safari and 3 Internet Explorer. My favorite number one browser is Opera and it wasn’t even on the list. It’s obvious they only chose popular browsers. If any of these were not in the top 5 list they probably wouldn’t even measure them.
I doubt if any browser is slower than the previous version, so I missed the point entirely of why multiple versions of browsers are even listed.
– Morro
larryj says:
August 12, 2011 at 3:13 pm (UTC 0)
I hear ya Morro
Paul Friswold says:
August 12, 2011 at 12:23 am (UTC 0)
re: cc & bcc issue. I agree that should be the norm. If we could ever get there then this next comment wouldn’t be necessary.
I’ve got way too many less than savvy computer contacts that forward an e-mail that has been forwarded many times and therefore have tons of e-mail addresses in the forwarded notes. I’ve tried to explain to them how to drill down to the original message and only forward that (using bcc) e-mail and deleting the original string of addresses, but to no avail. Can you spread the word on that issue and maybe put it in to “forwarding for dummies” format that they might be able to understand? It would be another great service to many users. Thanks
larryj says:
August 12, 2011 at 3:14 pm (UTC 0)
Good Point Paul!
Bob Walter says:
August 12, 2011 at 12:32 am (UTC 0)
In reference to the CC vs BCC problem, I have found that some people that forward email to me do not remove the information about the people who have sent it to them. Another problem is of course, the people who put all of the addresses in the To: field. I use Outlook Express and I find that at times these other people’s addresses wind up in my email address book. Then I have the job of removing all these extranious names, etc.
cecil says:
August 12, 2011 at 4:51 am (UTC 0)
I suspect BCC is responsible for me receiving email that is not addressed to me. I immediately delete them without reading.
steve gitelis says:
August 12, 2011 at 6:29 am (UTC 0)
I am sending a post about cc:
I totally disagree about eliminating the use of this function, though I completely agree about the careless practice of “reply all”. I would say that the problem is “reply all”, not “cc”.
larryj says:
August 12, 2011 at 3:14 pm (UTC 0)
Yes I have suffered from that button time and time again.
Barb V. says:
August 12, 2011 at 2:27 pm (UTC 0)
Thanks for pointing out that we should all be doing that. There are probably others like me, who didn’t even think about using bcc for large emailings, but I sure will now! Instead of getting mad about it, why not gently make the suggestion. It’s more likely ignorance than laziness.
larryj says:
August 12, 2011 at 3:15 pm (UTC 0)
I hear ya Barb. I think I was pretty gentle.
Sherman Baggett says:
August 13, 2011 at 12:18 am (UTC 0)
I do not like to be a spoil sport, but the “Awesome People” video included the “man walking on water” clip. This “stunt” was proven to be false and then admitted by the authors to be false. No “water walking” occurred — all smoke and mirrors. So take the clips with a skeptical eye, good entertainment but might be some visual deception.
larryj says:
August 23, 2011 at 3:41 am (UTC 0)
Yep
Bruce says:
August 13, 2011 at 9:05 pm (UTC 0)
May it be that the BCC could be set in the registry? Thus a .reg file could be applied.
Bob Howlett says:
August 14, 2011 at 3:09 pm (UTC 0)
With regard to the use of BCC, i understand where some people are going on this subject, but when you are part of a organization that needs everyone on your email list to know that all others are getting the same message, the use of CC is necessary.
The suggestion to do away with it, does not solve the problem.
The suggestion to rearrange the order does make some sense.
larryj says:
August 23, 2011 at 3:40 am (UTC 0)
You got that right.
Lanny Bender says:
August 19, 2011 at 5:44 pm (UTC 0)
I’d like to add an Email address to Jim’s list. It is:
Phishing Cox (phishingreport@cox.net)
Thanks,
Lanny
larryj says:
August 23, 2011 at 3:40 am (UTC 0)
Great and thanks!