Hi, Netters:
In recent times I have received, as I am sure you have as well, emails
that are either ours but sent by third outside parties such as for
survey's, etc., or from us but have links imbedded. It occurs to me, as
a novice nobody, that even if the emails are legitimate sending them out
with links makes it impossible to determine with reasonableness whether
they are real or memorax. I often, out of security and caution since I
access servers for my work and link to external drives for work just
delete them even when I send them to security for evaluation and
validation. It is just too easy to make them look so legit, so real, and
so possibly dangerous that it is not worth it to just take a campus
survey or some other prompt by campus management or the nefarious
predators lurking around and waiting patiently for just one of us to
"click that link."
The issue from my desk is exacerbated by, first security often defers to
the originator such as HR for surveys, etc. and second when often I make
contact the response is so ambiguous I still just delete the thing.
Yes, I am a bit more security conscious or paranoid especially after
reading up, I do this often, on future crimes in the electronic world
titled, "Future Crimes", by Marc Goodman but even it his predictions are
only half or one-third accurate it exposes us to grave harm, etc.
Example: Today a security notice was sent regarding the Locky Ransomware
but it was filled with links to click. Now, it really is legit but then
again, "Is it?" I often recommend to folks who I work with and ask,
"Don't embed the links, remove the https:// and just put in the address
with a parens saying, (Copy and Paste the link into your browser to
view, don't click it), because as good as the predators out there are
getting and the sneaky way they work it is very reasonable and possible
that such emails are spoofed or can be spoofed making those of us who
access servers remotely and connect to external drives opens the door to
bad, bad things.
Is this reasonable or am I just paranoid? Why do we, the most advanced
and intelligent IT professionals around, still use spoof-able emails to
convey information and take surveys and provide security
recommendations, etc., using the very same processes the predators use,
we should be able to do better, right? I really want to know.
Respectfully Submitted,
Charles
p.s. If you click-it, they will come!
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Charles E. James
IST - Administrative IT Solutions
Wk: 510-642-8440
ASG Deputy Email: calnet_asg-deput...@lists.berkeley.edu
-----------------------------------------
Once upon a time, I, Chung Tzu, dreamt I was a butterfly,
fluttering hither and thither, to all intents and purposes a
butterfly. I was conscious only of following my fancies as
a butterfly, and was unconscious of my individuality as
a man. Suddenly, I awoke, and there I lay, myself again.
Now I do not know whether I was then a man dreaming
I was a butterfly, or whether I am now a butterfly
dreaming that I am a man. - Chung Tzu
-----------------------------------------
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from
its mailing list and how to find out about upcoming meetings, please visit the
Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the
list's archives can be browsed and searched on the Internet. This means these
messages can be viewed by (among others) your bosses, prospective employers,
and people who have known you in the past.
ANNOUNCEMENTS: To send announcements to the Micronet list, please use the
micronet-annou...@lists.berkeley.edu list.
