INFORMATION SERVICES
JUNE 2003
return
to Information Services
Announcements from the Bulletin, Today, Notification-L
06/27/03, Admin Server to be Upgraded this Sunday
On Sunday, June 29, the Admin server will be upgraded to Novell Netware 6. The
upgrade will begin at 9:00 AM, and should take no more than three hours.
Admin and any files on it will be unavailable during this time. Other
network functions, such as e-mail, Internet access and printing, do not
rely on Admin and will not be affected by this upgrade.
Once the upgrade is complete, users will not notice any difference when
logging in or accessing files. Netware 6 has a number of enhancements
which will be made available to the Macalester community at a later
date. [Notification-L]
06/27/03, Dig We Must
Summertime is the least worst period for server upgrades and the like.
With the understanding that we may have to change it, here is the
schedule of anticipated interruptions. The first two should go quickly
(hours), the last two are major projects (perhaps a day but precise
prediction is not possible).
06/27/03, E-Mail In The Summer
You can forward all your messages to another e-mail account that you
will be using over the summer, or you can set a vacation message to let
people know that you aren't reading your e-mail. Either of these
options can be set on a web page at http://mail.macalester.edu. If
you set a forwarding address, messages are not saved in
your Macalester e-mail account, and any vacation message you set will
not be in effect. [Bulletin]
06/27/03, E-Mail Anytime
You can read your Macalester e-mail from off-campus by either installing
Mulberry on your home computer, or by using Silkymail to read e-mail
through a web browser. Mulberry can be downloaded from
http://www.macalester.edu/cit/services/software/index.htm if you have
a Macalester username and password. The Silkymail web interface can be
reached at http://webmail.macalester.edu. [Bulletin]
06/24/03, Academic Server Upgrade Thursday
This Thursday, June 26, the Academic server will be upgraded to Novell Netware
6. The upgrade will begin after normal working hours, at 5:00 PM. The
upgrade should take about an hour or two. Academic and any files on it
will be unavailable during this time. Other network functions, such as
e-mail, Internet access and printing, do not rely on Academic and will
not be affected by this upgrade.
Once the upgrade is complete, users will not notice any difference when
logging in or accessing files. Netware 6 has a number of enhancements
which will be made available to the Macalester community at a later
date. [Notification-L]
06/13/03, Your E-Mail and Spam
To fight spam (unwanted junk e-mail), CIT is testing various anti-spam
programs and we ask for your input. Details and a feedback link are found
at http://www.macalester.edu/cit/bulletin/antispam.htm.
We subject
everyone's e-mail to the test programs to ensure thorough evaluation but
provide you the choice of opting out, should you wish.
The antispam program currently running, PureMessage, inserts the
"[PMX:XXXXI]" tag in the subject line of suspected spam. Our evaluation
copy will expire before the end of June and we would appreciate hearing
your reaction before then. Note that gaining full effectiveness of this
program means setting a filtering rule on your e-mail client, such as
Mulberry. Guidance is available via the URL. We will keep you posted
about other evaluations later in the summer.
Thanks for your cooperation! [Bulletin]
06/10/03, How to Determine Whether an E-Mail is Bogus
I just received an e-mail, purporting to be sent by Microsoft, and also
purporting to have an important new security patch for me. We always
get questions about e-mails like this, so I thought I'd run through the
steps I use to determine whether an e-mail is bogus.
What follows are excerpts taken from the full text of the e-mail, which
is included at the end of this message. I walk through the problems
with each part of the text.
(0) "update916.exe"
This attachment is a program. Microsoft would not e-mail this to people
en masse. They know that many schools/companies/people are wary of
attached program files. Many companies filter them out and delete them
automatically before they reach a user's mailbox.
(1) "this is the latest version of security update"
First, for all of Microsoft's faults, they do know how to capitalize
initial words of sentences. Second, Microsoft doesn't e-mail security
updates to anybody. Microsoft has about a gazillion customers.
E-mailing all of them would be too impractical even for Microsoft.
That's why they made 'Windows Update' to fetch and install updates for
Windows.
(2) "...the most serious of which could allow an attacker to run executable on your..."
Microsoft uses better grammar than this.
(3) "System requirements: Win 9x/Me/2000/NT/XP"
Microsoft End-of-Lifed Windows 95 with the end of 2002. They would not
list "Win 9x" as a supported system for this patch.
(4) "How to install: Run attached file. Click Yes on displayed dialog box."
Microsoft doesn't have you click on anything until they ask whether
you've read their license agreement. Their instructions would have
mentioned the license agreement.
(5) "How to use: You don't need to do anything after installing this item."
The wording is just wrong here. Also, throughout this e-mail, the
supposed attached fix is referred to as an update, a patch, and now an
item. Microsoft writes more professionally than this. Microsoft would
also not state 'you don't need to do anything...' They would state
whether you had to reboot your computer.
The rest of the body of the message is just about the best I've seen.
It makes sense, and their Microsoft Web URLs are real. Usually these
bogus e-mails are written by someone whose first language is clearly not
English.
But that's just the body. Let's look at other characteristics of the
message that are tip-offs. [Editor's note: for the remainder of this
posting, angle brackets (<, >) have
been replaced with curly brackets ({, }) so that this page may be mounted on the Web.]
(6) The 'From' address is "Microsoft {evqpkkvppdkf@wpmGUnluk.com}".
It's hard to know where to begin, this is so wrong in so many ways. In
mass-mailings when a company does not want replies, they'll list the
'From' address as something like 'Companyname
{do-not-reply@companyname.com}.' This sender let squirrels play on the
keyboard, then used that as the 'From' address.
(7) The headers.
The headers are what's under the hood of an e-mail message, and are the
most revealing part of a message. The 'From' address is meaningless.
To really see where something came from, look at the headers. To see
the headers of any e-mail in Mulberry, open it up, then from the
'Message' menu, select 'Show Header.' To view headers using other mail
clients, this link might help:
http://www.macalester.edu/cit/reference/non_mulberry_headers.htm.
Here are the interesting headers from that e-mail:
(a) Return-Path: {bernieboy@optushome.com.au}
.au indicates an Internet host in Australia. Right. This doesn't
exactly scream 'Microsoft, Redmond, WA, USA.'
(b) Received: from mail021.syd.optusnet.com.au (mail021.syd.optusnet.com.au [210.49.20.161]) by localhost.localdomain (8.12.9/8.12.9) with ESMTP id h5AMvRqK012734
I got curious as to what 'optusnet.com.au' is, or even if it was real.
I typed it into my web browser. Optusnet is just an Internet provider
in Australia. 'optushome.com.au' is their broadband division.
'Bernieboy' from (a) above is probably the dope sending this e-mail. To
be fair to Bernieboy, this e-mail was probably automatically sent by a
virus on his computer.
(c) Received: from LdClAbi (c16773.rivrw2.nsw.optusnet.com.au [211.28.50.139])by mail021.syd.optusnet.com.au
211.28.50.139 will be Bernieboy's IP address when he sent this e-mail.
He may not have the same address now, though. But Optusnet ought to be
able to find out. I have personally never had any luck getting an ISP
to check into a possibly abusive user. I don't even try, unless the
abuse is a crime or personal. With non-U.S. providers, I really don't
even try.
So in summary, Microsoft is either a multibillion dollar corporation run
by a semi-literate Australian guy named 'Bernieboy,' or this e-mail is
fake. Using similar criteria (some common sense, some more technical)
may help you manage your suspicious e-mail.
Here's the whole e-mail:
MS Customer this is the latest version of security update, the "June 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches. System requirements: Win 9x/Me/2000/NT/XP This update applies to: Microsoft Internet Explorer, version 4.01 and later Microsoft Outlook, version 8.00 and later Microsoft Outlook Express, version 4.01 and later Recommendation: Customers should install the patch at the earliest opportunity. How to install: Run attached file. Click Yes on displayed dialog box. How to use: You don't need to do anything after installing this item. Microsoft Technical Support is available at http://support.microsoft.com/ For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security Contact us at http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. Thank you for using Microsoft products. With friendly greetings, Microsoft Internet Technical Services ________________________________________ ©2003 Microsoft Corporation. All rights reserved. The names of the actual companies and products mentioned herein may be the trademarks of their respective owners.
06/04/03, Taking a Slice Out of Spam
We've started testing an anti-spam product called PureMessage. Spam, as
you know, is unwanted junk e-mail.
PureMessage will tag any message it thinks is spam by modifying the
subject line of a spam message. For example, a spam message with the
subject of
"Great Summer Reading For Your Children"
would have its subject changed to
"[PMX:XXXXXXXXXI] Great Summer Reading For Your Children"
The 9s and 1 'I' actually mean that PureMessage is 91% sure this is spam.
With the way PureMessage marks spam, it will be extremely easy for any
user to have Mulberry automatically deal with spam. For instance, a
Mulberry rule could be created to just automatically delete SPAM, or a
Mulberry rule could automatically move suspected SPAM into a certain
folder. Mulberry would only need a single rule to look for "[PMX:" in
the subject line to deal with all spam! See
http://www.macalester.edu/cit/docs/xplatform/mulberry3/mulberry3filters.pdf for more info.
Alternatively, we could have PureMessage automatically do something with
the spam other than just tag the Subject line. As said before, we're
just testing it now, but it looks to be a promising and effective
product. Any feedback on PureMessage's accuracy is more than welcome,
it is necessary! Does it tag legitimate e-mail as SPAM? Does it
not tag real spam? We need to know!
Please send an e-mail to fines@macalester.edu with any comments on PureMessage. [Notification-L]
06/02/03, Virus Alert
Be wary of attachments in emails!
I hope you're not getting jaded to these virus alerts. Please don't be.
New viruses come out all the time!
A number of people have received an email virus going around that has as
its subject line something like , "Re: Your application" or "Re:
Application." As a college, many employees probably get many legitimate
messages with a similar subject. But this message has a file attached,
named 'approved.pif' or something similar.
Attachments with filenames that end in ".pif,"
".exe," ".bat,"
".scr," and ".com" are likely to be
viruses. These extensions mean the attachment is a program which can
run on your computer. Normally, people don't send you these kinds of
files. They send ".jpg" (picture) files, or
".doc" (word processing) or ".xls"
spreadsheet files.
A quick e-mail or voice mail back to the sender, asking whether they
intentionally sent you the message and attachment can save you from a
world of hurt. [Notification-L]
[return to Information Services ] [CIT homepage] [Library homepage] [Media Services homepage]