On Mon, Sep 21, 2020 at 04:00:04PM +0200, R.S. wrote: [...] > But seriously: > 1. Anyone can put any name in the "sender" field. There are even > free web services for kiddies who want to be "hackers". However > hacked (hijacked) email account means access to address database. I > do not expect any email from Tony, however Tony's customer or his > brother will not be surprised by email from Tony.
... and will probably not feel any need to look under the hood, or know there is a hood to look under. I wonder, how many people out there know there is such thing as email headers? How many click to view, more than once a week? Every few days? Once a day? Well, I do not click, I have a key for this. > 2. Attachments can be dangerous ...or not. It strongly depend on > what do you do with the attachment and if you are using Windows or > not. For non-Windows OS (read: Linux) vast majority of malware will > not work. Very popular malicious PDF attachments are not malicious > when opened by some freeware viewers. For doubtful cases one may use > isolated virtual machine and delete/refresh it just after use. Of > course the simplest method is to delete it. I am afraid it is only a matter of time. Linux is changing in certain direction and at the same time gaining more users. Besides, I suspect majority is using webmail, thus they are exposing themselves to clever html hacks, regardless of OS. I have been, for years, maybe for more than a decade, switching off font loading in a browser. Only one, maybe three fonts allowed in browser, all installed and loaded from disk. I routinely use browser which cannot do Javascript and can have loading of CSS disabled, by design (dillo). When I have to use firefox, I block all Javascript by default (well, I suspect, not really, but close), and unlock only so much so I can view the page - one lock after another, until it loads. It takes few tens seconds, would be faster if page can load with JS disabled. But quite often I decide that "scre wit" and close tab before I go too far. Thanks to my interests, I do not depend on websites which cannot load in dillo. And I do not webmail. But the 99 percent are just sitting ducks. They are free meal for kraxors, digging coinbits in users' browsers and maybe doing even more funny things. How many people out there actually look at their cpu load more often than once per hour, noticing if the browser is moving too much? But they do not care. And I have so many interesting books to read... > 3. Puzzle: why Nigerian scam emails are so horribly written? I mean > a lot of language mistakes. The answer is this is intentional. This > is a method to filter out bright people and leave only the fools. > Only fool people are good candidates to further steps of scam, which > are expensive because that require manwork. > Conclusion: answering to every scam by clever volunteers would blow > up this trick. Hackers would be unable to manually cheat everyone, > with only very small percentage of potential victims. ;-) I am afraid the ratio of clever volunteers to idiots is too small. Idiots have already bent the internet to their wishes, disregarding possible harm that can be done to them, because "*I* have to shine". When millions of buffalos are running to the cliff, the only clever thing one can do is run off their way. Just MHO... -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com ** ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
