Friday, 7 June 2013

Good afternoon


Ever had an email from an old friend with this title, containing an attached hyperlink to an unknown site? Ever opened the site by clicking on it?

Then you will know - too late - that your friend's email account has been hacked and you have imported an advertising cookie which contains a bug which takes over your entire machine so that the only way you can get rid of it is to literally pull the plug out, if your computer does not allow itself to be switched off.

H.I. received just such a message the other day, and I said that it looked a bit dodgy - uncharacteristic of her friend's wording - and it should be binned without opening. Sadly, she persuaded me to open it, and I found myself looking at an advert for weight-loss products which was probably just a scam to get your credit card details in any event.

I could not get rid of it - it even disguised itself as a message from Safari, asking me if I was sure I did not want to take advantage of this offer from the 'weight-loss' company, and for the whole time it took me to get rid of it, an American salesman was droning on in a video which I also could not stop. I dread to think what would have happened if I had clicked on the fake 'OK' button from Safari - that would have thrown the doors wide open.

As it was, I kicked myself for clicking on the fucking thing, and shut the machine down manually using the 'off' button. If I had any other important stuff on the screen at the time, this would have been lost forever. Luckily, Macs are fairly resistant to this sort of attack, but they are by no means immune.

I called up the friend to see if they knew they had been hi-jacked, and the husband wearily apologised, saying that ALL of the people on their address list who had been as foolish as me and clicked on the link, had their machines buggered up by it. I don't know how easy these things are to get rid of on a Windows P.C. so I don't know how much damage was done to all their friends.

The trouble is that about half of the stuff on the net does not work when 'cookies' are disabled, so you sort of need to keep them going - especially for Google. Google explains that 'cookies' are a small piece of text which contains hidden codes which 'help them to improve their services' - by which they mean that it helps them to improve their services to their advertisers, by telling them all of your preferences in, say, fashion/shopping in general/sexual inclinations as observed by watching which sites you most visit, etc. etc.

Moral: Beef up your email security, not just for your sake, but for the sake of all your friends in your address book, all over the world!

11 comments:

  1. I had one recently that was supposed to have been sent by a friend in London. I opened it, but didn't click on the dangerous bit. She later told me that, like with you, everyone on her mailing list had received the same bloody thing. It pays to be vigilant.

    ReplyDelete
    Replies
    1. My point exactly. It also pays to disable remote access to your emails, although this can be a bit inconvenient if you are travelling away from home.

      Delete
  2. Dare I say Tom that really I have no idea what a cookie is. Sometimes I get something flash up about cookies being disabled but I just do not know what it means. Can you possibly enlighten me in words of one syllable please?

    ReplyDelete
    Replies
    1. Not one syllable, but the best I can do from Wikipedia:

      A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie is sent back to the website by the browser to notify the website of the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember the state of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in, or a record of which pages were visited by the user even months or years ago.
      Although cookies cannot carry viruses, and cannot install malware on the host computer,[2] tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories—a major privacy concern that prompted European and US law makers to take action in 2011.[3][4] Cookies can also store passwords and forms a user has previously entered, such as a credit card number or an address. When a user accesses a website with a cookie function for the first time, a cookie is sent from server to the browser and stored with the browser in the local computer. Later when that user goes back to the same website, the website will recognize the user because of the stored cookie with the user's information.[5]
      Other kinds of cookies perform essential functions in the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in under. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate himself by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples).[6]

      Delete
    2. Great reply master Tom alternatively the lady can paste this into her browser for more info

      http://www.allaboutcookies.org

      Delete
    3. Thanks, Heron - I hope that will help. I for one need all I can get. It's been a steep learning curve, as they say, and the bastards are always ahead.

      Delete
  3. Spam mail is awful - till now I managed to tame my curiosity and follow my instinct - twice I had emails which used the name of British friends, but suspiciously I asked them before (not) opening it. What I also hate are those comments by "Anonymous": 'Hey, I read your fabulous blog, how do you write such awsome stuff? Go to my webadress..." - what do they expect???

    ReplyDelete
    Replies
    1. I do not allow anonymous comments on this blog - it's bad enough actually knowing who writes the shitty comments!

      Delete
    2. I don't know how you slipped through the dragnet.

      Delete