Tuesday, December 05, 2006

Windows Routing on VPN Connectivity

Having installed a serious amount of VPN systems (Virtual Private Networks) over the last 6 years, I still get asked about the fact that when some users are connected to the VPN - normal Internet access goes extremely slow to non-existent.

The reason for this is because the default routing tables in Windows sends 'all' traffic down the VPN link and to the remote Internet Gateway. Essentially you are surfing the Internet through the VPN link and via the Internet connection at your office/work!

However, this is simply fixed in Windows by going to the properties of the VPN connection (right click, select Properties).

Now select the Networking Tab from the Top and then double click 'Internet Protocol (TCP/IP)'.

From this next window, select 'Advanced' and simply remove the tick from the box which says 'Use default gateway on remote network'.

Now click on OK to everything until you get back to your desktop and then run your VPN connection again - hey presto, all traffic destined for the remote network will go down the VPN, but everything else will use your normal internet gateway connection.


Read more!

Tuesday, October 31, 2006

Browser Sizes != Screen Resolution

It is a common misconception that to build a website in 1024px x 768px, thats the size to set your workspace in Photoshop or Fireworks.

However, there are a number of misconceptions that this has - including:

Browsers maximised on a screen of 1024px x 768px aren't actually that size.

  • Screen sizes take into account the size from 'edge' to 'edge' of the screen. That includes your taskbar and any other bars you may have running. When you maximise a browser window at 1024px x 768px - the 'viewable area' maybe be considerably less depending on how many toolbars you have (address bar, google bar, yahoo! bar, links etc), whether you have any scrollbars and also how large your taskbar is.

Users don't always view websites maximised

  • Just because your web-stats tell you that 80% of your visitors are running 1024px x 768px or above, how many of them are running their browsers in a fully maximised state? It's virtually impossible to tell and therefore, building a site which is fixed to work for these settings may significantly impact on the message you are trying to put across.

Then of course, we have mac users who's screen dimensions may also differ and doesn't include as many toolbars etc as Windows users.

So, when designing a website - work to 'browser' sizes and not 'desktop' sizes. To reach out to the maximum number of visitors possible (95%+) - you should design at 765px x 420px



Read more!

Saturday, August 19, 2006

How to deal with spam

In this second article regarding spam, phishing and Joe-Jobbing, I am going to look into ways of handling spam prevention by employing some simple techniques.

Do not respond to Chain Letters.
Do not forward the various chain letters you receive since they simply contribute to a list of forwarded users for future harvesting.

Do not reply/bounce spam messages
It is rare, if ever, that a spammer will use his own email address to spam you with - therefore, never reply to the email or use one of the various auto-bouncing programs to send the spammer a 'go away' email. You are simply then spamming some poor Internet user who happens to have been used as the sender email address.

Report spamming IP addresses
It is a fairly simple process to report a spammer's IP address to the appropriate ISP. Firstly, you need to view the 'headers' of the email. Within each email there is hidden information which identifies where the email really came from, these are the headers, and look something like this:

Received: from mail1.abc.com (mail1.abc.com [124.211.3.78]) by mailhost.abc.com (8.8.5/8.7.2) with ESMTP id LAA20869 for ; Tue, 18 Mar 1997 14:39:24 -0800 (PST)Received: from alpha.abc.com (alpha.abc.com [124.211.3.11]) by mail1.abc.com (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)From: rth@abc.com (R.T. Hood)To: mailto:tmh@abc.com Date Date: Tue, Mar 18 1997 14:36:14 PSTMessage-Id: X-Mailer: Loris v2.32Subject: Lunch today?

The lines all mean something:

  • Received: from mail1.abc.com (mail1.abc.com [124.211.3.78]) by mailhost.abc.com (8.8.5/8.7.2) with ESMTP id LAA20869 for ; Tue, 18 Mar 1997 14:39:24 -0800 (PST)

This identifies that an email is sent from mail1.abc.com at IP address 124.211.3.78 and was received by mailhost.abc.com with and internal id of LAA20869 for user tmh@abc.com.com on Tuesday 18th March 1997 at 14:39:24 -0800.

  • Received: from alpha.abc.com (alpha.abc.com [124.211.3.11]) by mail1.abc.com (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)

This identifies that the mail was sent by alpha.abc.com at IP 124.211.3.11 to mail1.abc.com which gave it an ID of 004A21 on Tuesday March 18th 1997 at 14:36:17

The mail was sent by rth@abc.com whose real name is R. T. Hood

The mail is addressed to tmh@abc.com

  • Date: Tue, Mar 18 1997 14:36:14 PST

The mail was sent at 14:36:14 on March 18th 1997

This is the global Message ID that is assigned to the message as it travels around the Internet. Local ID's, such as the ones above, are specific to the mail servers that it travels through prior to getting to it's destination.

  • X-Mailer: Loris v2.32

This identifies that the mail was sent using program Loris version 2.32

  • Subject: Lunch today?

The subject of the email is 'Lunch today?'

You can view email headers yourself by right clicking on an email message in Outlook and selecting 'Options'.

From Outlook Express, open the email, select File > Properties. When the Properties option opens up, select 'Details' and then the 'Message Source' button.

In the above sample, the lowest entry in the header information (i.e. the first) is the originating IP address and with this information, you will be able to report the spammer.

The next step is to simply copy all of the email header information into a new email and send it to your ISP (for example abuse@cwcrawley.co.uk). Be warned however, ISP's that I have had dealings with in the past, generally ignore these emails unless you are persistent.

If that's the case and spam starts to become a serious problem for your business, there are other prevention systems that can be employed to dramatically reduce it. Simply get in touch with me for further information.



Read more!

Friday, March 03, 2006

Spam, Phishing and Joe Jobbing

Email is a widely accepted way of communicating these days and as with the traditional method of postal mail ('snail mail') - a lot of what they deliver is junk!

However, the days of 'Readers Digest' leaflets and 'Congratulations! You've won £1 million on the lottery' letters, promising everything and delivering nothing, seem tame compared to the sinister undertone the Internet has brought to the whole subject of 'junk mail'.

So how do you identify what is spam and what isn't? To use its correct name, Unsolicited Commercial Email (UCE), spam is a commercial email which has been sent to you unsolicited (i.e. you didn't ask for it) and it is trying to sell you something.

The concept has been muddied in recent times with the American 'Can-Spam' Act doing more damage than good in the campaign to stamp down on Email misuse. Many people refer to spam as 'anything I didn't ask for'. On that basis, if I were to email you without first initiating the communication, am I spamming?

In reality, no I'm not. However, if I was to send that same email out to 10 different people, it could be argued that I am spamming.

Unfortunately, Spam has a number of different guises that make it equally more difficult to identify. These types of emails include:

  • Blatant attempts to sell Viagra, breast enlargements, potions, mortgages or so-called 'herbal remedies'
  • Attempts to entice you into subscribing and paying into dubious pyramid schemes and/or reselling techniques
  • Dubious emails trying to get you to subscribe to supposed 'free pornographic sites' or other illegal adult oriented content.

While the three above are quite obviously the result of spamming techniques, there are a couple of others that may not at first be classed as spam, but almost certainly fall into that category:
The 'You are my friend, please forward this on to 10 of your friends' emails.

  • The 'AOL and Microsoft are paying $1 to the relief fund for every email that's forwarded on' approach.
  • The Jokes and funny riddle emails that are sent to you, but are also copied to 30 other people in the sender's address book.

Let's look at the above 3 and explain why they should be classified as spam:

Next time you get a chain letter email asking you to send it on, take a look at the whole message. Scroll through and take a look at the numbers of email addresses that are quoted in the email as the message has been orwarded all around the world. This method makes for perfect pickings for any unscrupulous person looking to 'harvest' all those email addresses and use them to peddle their own spam.

There is absolutely no way that Microsoft, AOL, or anyone else for that matter, can track and trace who forwards emails let alone where they will all end up. This is simply a 'harvesting' technique, another way to achieve item number 1 above.

While jokes and riddles may be funny and amusing, they contribute further to anyone looking to fulfill item number 1. Yes, one more method of 'harvesting'. If you do insist on forwarding these emails, ensure that you delete all previous email addresses from the body text before you do and further ensure that you forward only to people using the blind carbon copy option (BCC) of your email client.

Email harvesting is big business. It was recently discovered that a spammer who sends 15 Million emails per month selling his $50 herbal remedy (which he/she purchases for $5), gets upto 7% return. In this case, you're looking at a profit of $472,500 per month!
Likwise, a spammer may resell your email addresses onto other spammers for up to $100 for 100,000 addresses.

One of the largest spamming techniques over recent years is what's called the 'Nigeria 419' or 'advance feed fraud' scheme. This is where an email is received from supposed dignatories of South African, Dutch, UAE parliaments, etc., requesting assistance to transfer millions of US dollars out of their country. In return for your help (and upto £30,000 advance payment) you are promised 10ASP - 20ASP of the money.

'Nigeria 419' is called such because it is believed to have originated in Nigeria and violates code 419 of the Nigerian Criminal Code.


Wikipedia contains a lot of information on 'advance fee fraud'.


'Phishing', on the other hand, is more of a targetted way of extorting money and/or stealing your identity.

The most common 'phishing' techniques often appear in your mailbox posing as official email from banking organisations and/or finance companies, such as PayPal, Mastercard or Visa. These are cleverly styled and look as if they are genuine. Often these emails have official logos and images attached to them.

The point of these types of emails are to dupe the recipient into clicking the link in the email (which again is made to look like it's directing you to the official website), and then persuading the user to submit confidential information, such as your bank account details, usernames, passwords and pin codes. Once the 'phisher' has this information, he/she can log into the real site and transfer/withdraw your funds as well as potentially stealing your identity and obtaining loans and hire purchases in your name.

Finally 'Joe-Jobbing' is more of an irritation than a targetted attack - however, in some cases it can be carried out in a malicious way to detrimentally affect a business or personal reputation.
The term 'Joe-Jobbing' actually comes from a hosting company, joes.com, who in 1996 was subject to an attack whereby a spammer sent millions of emails forging the return address to make it look like the owner (Joe Doll) had sent the spamming email. This was done in response to 'joe.com' suspending their account for an original spamming offence.

Since then, the term 'joe-job' has referred to anyone emulating the original scam.

Most 'Joe-Job' exercises go un-noticed until the affected innocent target becomes flooded with bounces to emails which don't exist.

In its true sense, a 'Joe-Jobbing' exercise should only be called such when it is attempting to attach blame to an innocent party. For example, sending an email that suggests it has come from mail@barneysbait.com in an attempt to sell the recipient a dubious product could certainly do Barney and his business some harm and potentially get him disconnected by his ISP - however, common spamming techniques these days rarely use the real 'from address' and forge them to look like they are being sent from an innocent party.



Read more!