Virus

What’s Stuck In My Head – 24 April

Coronavirus Edition Part 5

So just yesterday, or maybe the day before, or was it last week, son-the-younger hit me up with one of his questions. It was a very good question. 

Would Jimi Hendrix be just as famous if he had had a lead singer?”

In my (not so humble) opinion, no he would not have been as famous.  Generally speaking only the front man of the band get’s the headlines. Without “googling” it, name the lead guitar player for The Doors, Jefferson Airplane, or The Animals.  See?  Not that easy.  (Robby Krieger (The Doors), Jorma Kaukonen (Jefferson Airplane), and The Animals was a trick question, they had more guitarists wander in and out you’d have to read the Wikipedia page for all the names).

Not that Jimi didn’t deserve his fame.  He was a brilliant musician, and is a member of my “Guitar Gods” list (I really, really need to actually put that list in writing).  My thought was since he died so young (a founding member of the 27 Club), he would not have had enough time to get out of the shadow of a really good front man.  Of course, we’ll never know.  Feel free to leave your response to the question as a comment!

Before you go thinking that this is a Hendrix post, read on.

The next (semi) logical step in our conversation was who else fit in this category.  We threw lots of names around.  Naturally, the whole discussion started looking for a rabbit hole.  As we were on our second Tequila drink (not sure exactly what we were drinking, something from son-the-younger’s warped mind) it didn’t take long to find said rabbit hole. 

We ended up discussing front men that really couldn’t sing.  Sometime during the course of the back and forth of throwing out names and laughing, I mentioned Roger McGuinn.  Since Earth Day and Arbor Day is right around now, this song has been getting a bit more airplay.  And when I played it for the boy, he had never heard it.  But we both agreed that Roger is not a singer.  A great song writer and guitar player, but we’ll leave it at that.

Enjoy!

Peace,
B

Twitter Instagram FaceBook

What’s Stuck In My Head – 18 April

Coronavirus Edition Part 4

Reading the news now-a-days makes it seem like we are living in a world without love.  This enforced isolation/quarantine is definitely messing with people’s heads. I have not seen any weird, outrageous, or cruel acts here in #Floriduh, which is surprising when you consider how moronic our “governor” is.  I won’t go into that here; I don’t want to spoil my good mood.

How are you dealing with all this time stuck somewhere?  For those that know me, it’s not surprising that for me it’s food and booze.  Son-the-younger and his girls are doing their best to cook up new things for us.  Of course, they’re focusing on the sweets, which I don’t eat too much.

My problem is different.  There are not enough salty snacks in the house.  My cardiologist may think that’s a good thing, but he is dead wrong.

But, our little pation garden is doing well. So we have that going for us!

Here’s one of only two songs credited to Lennon & McCartney to reach number one that are not Beatles recordings.  The other is Elton John’s cover of Lucy In The Sky.

Peter (of Peter and Gordon) and Paul McCartney are childhood friends.  And Paul was engaged to Peter’s sister, Jane. Of course, when Jane walked in on Paul in bed with another woman, the engagement was terminated.

Enjoy!

Peace,
B

Twitter Instagram FaceBook

What’s Stuck In My Head – 12 April

Coronavirus Edition Part 3

Here’s one you may not know. I had mostly forgotten about it until Alton Brown mentioned it on an episode of his YouTube show Quarantine Quitchen. I immediately went to find a video of it.

Sadly this single didn’t chart, but it was the “B” side to Run Straight Down which made it to #30 in 1989. The late Mr. Zevon is not on my “Guitar God” list. I guess I’ll have make another list for him. Yeah, he’ll rank very high on my singer/songwriter list.

I picked this video because it also has Neil Young who played on the original, and it’s live!

Enjoy!

Peace,
B

Twitter Instagram FaceBook

What’s Stuck In My Head – 10 April

Coronavirus Edition Part 2

I had to do the grocery shopping the other day. We’re doing our best to not go too often, but as I’ve mentioned before the shelves are so low of everything it requires multiple trips over several days to get everything we need. I have gone from having to feed just me and Wifey (with son-the-younger on his days off) to feeding all three of us plus the wee bonnie lasses. From two to five mouths.

While our liquor store will deliver to us, the grocery store we prefer does not offer delivery nor pickup.  So, one of us has to go shopping.

And that leads me to today’s song.  Most folks that were shopping along with me were very good about maintaining that social distance.  But not all.

I think Sting says it best.

Enjoy!

Peace,
B

Twitter Instagram FaceBook

What’s Stuck In My Head – 6 April

I ha

So, this one I know why it’s stuck.  Son-the-younger started singing it while we were making breakfast this morning.  And now it’s stuck.  But I don’t mind, I love this song.  I tried to find the live version that George Harrison cameos in but can’t seem to find it right now. 

Wifey says the song goes well with our “lumberjack” breakfast. Breakfast burritos don’t seem very lumberjackish to me, but whatev’

Enjoy!

Peace,
B

Twitter Instagram FaceBook

What’s Stuck In My Head – 2 April

Coronavirus Edition

I do hope each and everyone out there are handling this health crisis well.  We are having no issues here.  I have been closely monitoring everyone’s temperature daily (me twice a day – I’m a high-risk guy).  I also check my blood oxygen level several times a day, just for good measure.

And since I live in #Floriduh and our good-for-nothing governor was following along with our national Dear Leader, it’s been crazy here.  Yesterday I had two guys come door-to-door trying to sell something. I have no idea what as I wouldn’t open the door and just yelled at them to go away.  We do, finally, have a “stay-at-home” order. It goes into effect at midnight tonight.

And that brings me to today’s tune.  I think it fits quite nicely with everything that’s going on ‘round here. Plus, it needs no introduction.

Enjoy!

Peace,
B

Twitter Instagram FaceBook

The Trouble With Spam

(And no, I’m not talking about that bouncy, pink, pseudo-meat stuff..)

I’m talking about unsolicited, junk, probably virus & malware-laden, email. You get them, I get them, and to paraphrase Oprah, “everybody gets them!!”.

Combating SPAM, and it’s more evil cousin PHISH, emails is a major part of my job. I’ve talked about Phish emails before, so this time I want to concentrate on Spam.  I’ve given you a basic definition of just what Spam is in the opening of this post. So let’s talk a bit more about what the differences are between Spam and a Phish.

Spam may be benign. It doesn’t always have a malicious intent. It usually does, but not always. Phish emails, on the other hand, will always be malicious. The main job of a Phish email is to get you to click on a link or open an attachment with the express intent of infecting your PC (doesn’t matter if you have Windows, Mac, ChromeOS, or even Linux – you can be infected).

Most Spam you see are nothing more than advertisements trying to get you buy something. Consider an email from the retail giant Amazon. Now I do buy a lot, and I do mean A LOT, of stuff from Amazon. But, unless you specifically set your preferences not to send you marketing emails, you will get email after email from them with something similar to whatever you just bought or even just browsed. While this is not considered “Spam” outright, it very well could be. Did you ask Amazon to send you recommendations? Probably not. But if you didn’t opt-out of their marketing emails when you created an account, they are legitimate emails. However, any commercial emails that you didn’t ask for are completely Spam. Unfortunately, you cannot claim emails from your Grandmother with her award-winning Tuna Casserole recipe, that you didn’t ask for as Spam.  Or in my case, emails from family members asking computer questions. I’m usually the one sending them recipes. But not for Tuna Casserole. That stuff is vile, and if it’s not already outlawed by the Geneva Convention, it should be!

Now here’s a sticking point. Emails that you have not signed up for (Spam), but come from a “reputable” source, a store you frequent, or a website you visit regularly. Do you use the “unsubscribe” link or button in the email?  NO!  If you’ve never given this entity your email address NEVER click the unsubscribe link or button.  This only tells the scammer behind the Spam that this is a valid email address. Plus, since this is a directed email (it has now become a Phish, or even a SpearPhish, email), the link to unsubscribe most likely will take you to a malicious website or even go so far as to download something to your PC without your knowledge or permission!

Here’s an example for you. Last summer my family spent a week at Disney World. Since we did all the reservations and set up stuff via their website, I was added to many, many of Disney’s email lists. I expected it (although not quite as many as I ended up with – the sheer volume of unsolicited emails was staggering!). For those emails, it was safe to unsubscribe.

Now here’s a more troubling example. For this, I will use my work email. As I mentioned before, one of my main duties is PC Security. For this task, I have several tools at my disposal. I can Phish my end users with templates that are very realistic. But for the purpose of this post, let’s talk about the Spam I receive.

Every day I receive, on average, about 5 Spam emails. These are not any mailing lists that I’ve signed up for, nor are they any company I’ve ever had any dealings with (I think my email address was sold to some advertising/marketing company, sadly). It appears that the rest of the world seems to think that I am the compliance manager for the city I work for. Or at the very least, they hope I will forward on the constant emails about software and/or websites that can make my compliance work so much easier. Add to that, the emails from “LinkedIn” that somebody wants me to join their network (Hint: my work email, nor my personal email is not on LinkedIn!) and I could spend much of my day just adding folks to my junk sender list. Thankfully Outlook takes care of most of it for me. The ones that are not already added to my list just take a simple right click and blocked!

So, how can you avoid Spam emails? The easy answer is, you can’t. But you can cut out a lot of it. Think about all the emails you get every day. How many are from stores you visit? Do you really need to know what is on sale every damn day? They all have websites you can visit when you need or want a specific item. All these emails are trying to do is entice you to buy something you probably don’t need or really want, but they have too many in stock.  Mainly because nobody needs or wants it in the first place! Save your money and go buy a good book or go to the movies!

When you create an account on a website, hopefully for something important, look at each step of the creation.  There will be (or at least there will be IF the site is legitimate) boxes to check to either opt-in or opt-out of various offers, email lists, etc. This also is important if you ever download and install a program from the web. One great example of this is the free Adobe Acrobat Reader. This is a very good legitimate program, considered the “standard” for reading PDF (Portable Document Format) files. But, on the install page, there is always a bonus free program. Sometimes it’s Google Chrome (my favorite web browser), and sometimes it’s an anti-virus program (McAfee seems to be the favorite). While both of those examples are basically fine to download, there are somewhat more nefarious downloads that hide malicious programs, masquerading as something else, hoping to infect your system.  So, “Think Before You Click”!  That’s good advice for anything internet related.

And just so you know, Spam is not a new thing. This image shows a capture of a letter-to-the-editor from the May 30th, 1864 edition of The Times of London.

Victorian_Spam

Sir,—On my arrival home late yesterday evening a “telegram,” by “London District Telegraph,” addressed in full to me, was put into my hands. It was as follows:—”Messrs. Gabriel, dentists, 27, Harley-street, Cavendish-square. Until October Messrs. Gabriel’s professional attendance at 27, Harley-street, will be 10 till 5.” I have never had any dealings with Messrs. Gabriel, and beg to ask by what right do they disturb me by a telegram which is evidently simply the medium of advertisement? A word from you would, I feel sure, put a stop to this intolerable nuisance. I enclose the telegram, and am,  Your faithful servant, M.P.  Upper Grosvenor-street, May 30.
~ The Times Of London, 30 May 1864
Source: Stu Sjouwerman (@StuAllard) CEO KnowBe4 (@Knowbe4)

I think I’ve taken enough of your time with this post.  Please ask any questions or leave a comment below (not on the various social media sites this will be linked to). I will be happy to give any resources I have to help you be safe.

Thanks, and happy (and safe) interneting!!

 

Peace,
B

Twitter  FaceBook

Apologies

Seems the Russian Cialis bots have found this blog. To the tune of about 500 spam comments over the last week or so. Luckily the WordPress hosts blocked them all. But it has taken me about 3 days to adjust settings and clear them all out. But I didn’t want any of readers to inadvertently click on a link in a bogus comment and infect their PC/Smart Phone/what have you.

So if you left a comment in the last week or so, and it’s not posted, sorry, it probably got caught up in the mass deletions I’ve had to do.  Please repost your comment if you desire.

In the meantime, here’s a wonderful video for you to enjoy!

Peace,
B

Twitter  FaceBook

Scary Email Phish

(In case you are not aware of what a “phish” is, in broad terms, it is an email designed to make you click on a link, or open an infected attachment. Once the link is clicked or that infected attachment opened, your machine (and this works on Windows, Apple, and Linux) will become a “host” for a variety of nefarious activities.)

This information came from one of the vendors we use at the city, KnowBe4. We use the tools they provide to send simulated phishing attacks to all our employees. It’s one of the fun aspects of my job. Here is a very specific phish threat they sent a notice about. I felt it important enough to pass along.

I was alerted by a customer about a really difficult scenario that’s becoming all the more frequent. While there’s probably little that can be done in terms of tuning your spam filters and endpoint security tools, new-school security awareness training can make a difference. Here is the story:

“Over the past few months, we have been hit with increasing frequency with an attack that follows this 5-step pattern;

  • A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
  • They start by changing the password, so that the victim no longer has control.
  • They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
  • Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
  • The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.

Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”

What To Do About This Threat

Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.

However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?

If they did not, before the attachment is opened, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent . There is little else that can be done.

Yes, that is a little more work. But also, better safe than sorry. You have to constantly work on and reinforce your security culture, anywhere in the world.

As you can see, this is very scary. Especially in a corporate environment. The biggest thing to take away from this is if you get an email with an attachment THAT YOU DIDN’T REQUEST, DO NOT OPEN THE ATTACHMENT! This holds true even if you recognize the sender. The sender field on an email can be spoofed very easily.

So, as I’ve said before, keep your antivirus/antimalware up-to-date, and scan your machine on a regular basis. One of the catchphrases of KnowBe4 is “Think Before You Click”. Wise words to live by.

Happy and safe interneting my friends.

Peace,
B

Twitter  Facebook