Attack Targets LinkedIn Users With Fake Contact Requests

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."

NoScript FTW

[robot256]

NoScript FTW. Seriously.

Re:NoScript FTW

I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

Re:NoScript FTW

Yeah, belts are the same way, I can't stand how they always keep my pants *up* when they might fall down otherwise.

Re:NoScript FTW

[aekafan]

That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.

Re:NoScript FTW

[Gordonjcp]

The thing is, noscript doesn'HEY YOU JUST TYPED AN APOSTROPHE, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t offer much in the way of proHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)tection and an awful loHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t of annoyance.HEY YOU JUST TYPED A FULL STOP, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)

Re:NoScript FTW

[greyline]

You could always buy smaller sized pants.

Re:NoScript FTW

[BitZtream]

NoScript is an absolute must have for anyone who knows what they are doing

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

Re:NoScript FTW

[HelloKitty2]

It can be a-bit annoying as some sites stuff their pages with js from different sources so you're not sure which you must allow for the video to start playing etc.. But most of the time you end up visiting sites that you've already allowed and the rest of the 90% of the time you don't want to add an allow rule. I've been using it for a long time.

The obnoxious part must be the default setup, maybe people don't know that you're supposed to hide that bar that pops up on each site saying that it has blocked js, and only use the small icon at the corner of the window to allow/disallow, this is just another case of a developer that doesn't give a s***t about fixing annoyances.

Re:NoScript FTW

[Abcd1234]

Eh, it works fine for me. Enable second-level domain scripts, and explicitly allow a few others (disqus, Google (a lot of people use their copies of jquery, etc), and a few others), and it works pretty well for the most part. Yeah, you occasionally come across a site that you have to "temporarily allow" a bunch of stuff to get it working, but those are the exception, IME.

Re:NoScript FTW

I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

It's not just that; I tried it for a few days, but couldn't figure out where the setting was to disable the "become a smug self-important jackass who has to constantly brag about NoScript in every possible online venue" mode. Since I have this attachment to my dignity and don't go clicking links from random people (and frequently not even from trusted people), I uninstalled it.

Re:NoScript FTW

[bhcompy]

Slashdot uses doubleclick.net, NoScript blocks that inherently. Thus, no one is tracking my habits without having to modify anything and I don't have to worry about completely disabling cookies so I don't need to re-login to every website I peruse.

And that doesn't mention the XSS protection

Re:NoScript FTW

[ObsessiveMathsFreak]

I don't think NoScipt works in IE.

Re:NoScript FTW

[pixelpusher220]

lets see the rankings:

1. noob
2. user
3. 'expert' who *knows* they won't get busted
4. actual expert who knows that any precaution is not fool proof and it's best not to proclaim how much better they are than others.

See the bold mirror moron

Re:NoScript FTW

You could always buy smaller sized pants.

Is this still a metaphor for computer security, because I think I got lost somewhere. This never happens with car analogies.

Re:NoScript FTW

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

Exactly. NoScript is for the sort of person who visits LinkedIn.

Re:NoScript FTW

[MrSenile]

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

As various ad sites that legitimate businesses use have had repeated reports of malware embedded in their flash, graphical, or other payloads, I wish you the best of luck, and promise not to say I told you so when you become one of the millions of zombies out there that help infect the rest of the world.

Sadly enough, it's people like you who tend to be the highest point of people who get infected. You know, the ones who say 'it won't be me'.

Arrogance tends to be the easiest weakness for virus attacks.

Re:NoScript FTW

[interkin3tic]

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

Users who know what they are doing never visit porn sites?

Wow. So I don't know what I'm doing and am also more perverted than the average slashdot user. That's... unexpected...

Re:NoScript FTW

[srodden]

Now who's feeling superior?

By limiting yourself to the 50 web sites produced by trusted large firms, you're missing out on 99%+ of the internet. It's like listening to Clear Channel but only on the timeslots where the particular DJ comes personally recommended to you by a Justice of the Peace. Then again, some trusted firms are known for doing not-entirely-squeaky-clean things too. Sony rootkit anyone?

Do you also forego antivirus on you computer on the grounds that you only visit non-shitty websites and you're smart enough to not open attachments?

Life is full of uncertainty. To say that you'll never visit a shitty site is like saying you'll never walk down a street where you'll get mugged or you'll never sleep with a person that has an STD. Street lights, mace, vaccine and condoms are parts of a broad set of tools that we have to protect our person in meatspace. Tools like a decent browser, antivirus, firewall and script blocker are just parts of a broad set of tools that we have to protect us in cyberspace.

After 20 years in computing, I like to think that I'm one of the people "that know what they're doing" but never the less, I practice safe computing. I've never been hit by a virus or identity theft to the best of my knowledge. Is that because of my good habits or my precautions? I don't know but I don't claim to be perfect so I'm glad I have these helper apps.

Re:NoScript FTW

[houghi]

Why do you need NoScript when you get an email? I do not have NoScript enabled, yet I notice it when I get an email in my text-only email client if I want to click on the link or not. What I do in my email client has nothing to do what I do in my browser untill I click on the URL

Yes, I understand that a lot of people use their browser as an everything, including email and gmail and Usenet and what not. I just like to use the correct tool so I do not have to turn off everything just to be safe.

Re:NoScript FTW

[oldspewey]

Maybe I'm an anomaly, but I actually refuse to click tinyurl links.

Re:NoScript FTW

[oldspewey]

What sort of person visits LinkedIn?

(and FWIW, I got my current job through LinkedIn)

Re:NoScript FTW

[asylumx]

People who don't have jobs?

I mean... In Soviet Russia, LinkedIn visits YOU

Yeah... that's it...

Re:NoScript FTW

[Knackered]

Just how did this get modded insightful?

Yes, you can often tell the shitty sites from the URL, and you can avoid obvious phishing messages. But there are plenty of moderately reputable sites that have been compromised at one time or another. All it requires is one of these to have a drive-by download on it when you visit it, and you've got the lurgi.

Also, who hasn't accidentally clicked the wrong link at some time? Either by being a bit quick and missing, poor hit boxes on sites, or an RSS feed updating just as you click?

NoScript is a very valuable tool to prevent all the crap that goes along with the web nowadays, whilst allowing it to work in exceptional circumstances. It does need a certain level of sophistication to use effectively. In fact, I think I'll go and donate to its continuing development.

Re:NoScript FTW

[Iggyhopper]

Yeah.

1. I know what I'm doing so I get an anti-virus program. A good one.

2. "as the malware first runs a series of browser exploits"

I know what I'm doing so I get a different browser. Poor IE.

Re:NoScript FTW

[Stray7Xi]

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

You're right here's a simple checklist:
-no sites that present user content (webmail, social networking, wikipedia, blogs or forums) because someone might sneak XSS past filters
-no sites without SSL, otherwise you're vulnerable to MITM injection of scripts
-no sites that use third-party analytics or advertising that could inject scripts
-no URL shortners or sites that redirect to third-party sites.

That narrows it down to sites you can trust without noscript. Unless they get hacked.

Exercise for the reader, tell me if they're safe or not:
www.papajohnsonline.com
www.toyotarecall.com
www.lady-gaga.com
www.metacritic.com

If you loaded them to check, it's too late to protect from a drive-by but they're all potentially risky. Papa johns redirects to third party advertiser after ordering (or at least they used to, either way you won't know until after it happens.) Next two aren't real pages. Metacritic loads scripts from at least 7 different domains (probably more once you start allowing those scripts)

Re:NoScript FTW

[Cylix]

That is just trolling.

It's not as if LinkdIn or other high profile sites routinely feature drive by downloads.

In fact, there is no such thing as a "safe" browsing habit simply because there are a number of ways to introduce malware into an otherwise secure website.

Thus understanding the inherit dangers in using a web browser and applying relatively good practices you can be a bit more safer then you were before.

Re:NoScript FTW

[WidgetGuy]

NoScript Rocks! I provide a rules.abe file with each of my Web sites. All Web developers should.

Users should enable ABE rule pushing. Click the Options button, select the Advanced tab, select the ABE tab and check Allow sites to push their own rulesets (instructions based on NoScript v2.0.3.2). You'll be glad you did.

Re:NoScript FTW

[crow_t_robot]

How did parent get modded as flamebait?

Re:NoScript FTW

[tunapez]

Ditto. If the nav bar isn't telling me where I'm going, I'm not.

Re:NoScript FTW

[daveime]

Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

Much better everyone gets to punch the monkey !

Seriously, what is your problem with targeted ads ?

When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

Oh wait, a bar is outside the safety of the basement isn't it ?

Re:NoScript FTW

[pixelpusher220]

how in the fsck is this flamebait? lol

Re:NoScript FTW

[daveime]

Haven't you worked it out yet ?

Whenever a textarea tag is found on a page, NoScript is automatically adding in the glowing references to NoScript, and hitting the submit button.

No user interaction required. How smart is that ?

Re:NoScript FTW

[robot256]

Congratulations, you are immune to malicious links sent to you in email. What about the other millions of links presented to you on web pages? Besides, it's not links that I use NoScript against. It's tracking scripts, pop-up ads, flash junk, and the occasional -- yes -- honest mistake while trying to find something new and interesting. There is an awful lot more to the Internet than just email, and it tends not to be as squeaky-clean as some people make it out to be.

Re:NoScript FTW

[ultranova]

Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

Exactly. I might be tempted to waste my money if I did.

Seriously, what is your problem with targeted ads ?

They are potentially harder to ignore.

When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

People go to a bar to buy drinks, and interact with the barman openly. They don't go to Slashdot to buy whatever crap the ads on it are peddling, nor are they necessarily aware that doubleclick or other parasites are tracking them.

Re:NoScript FTW

[mwvdlee]

Exercise for the reader, tell me if they're safe or not:
www.lady-gaga.com

Unsafe. Regardless of whether it's the real site or a fake one. In fact, the fake one is probably safer.

Re:NoScript FTW

[knarf]

Slashdot uses doubleclick.net

$ host doubleclick.net
doubleclick.net has address 0.0.0.0

Let them.

Re:NoScript FTW

[Joebert]

More like "chastity belt".

Re:NoScript FTW

[Jurily]

The thing is, noscript doesn'HEY YOU JUST TYPED AN APOSTROPHE, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t offer much in the way of proHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)tection and an awful loHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t of annoyance.HEY YOU JUST TYPED A FULL STOP, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)

Stop using Vista then.

Re:NoScript FTW

[Quirkz]

Well, if strangers on the internet are exactly identical to people you willingly interact with on a regular basis, and punching someone is exactly identical to withholding personal information they want to take without asking you first, then I'd say your analogy is perfectly apt.

Re:NoScript FTW

[tehcyder]

When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

But how would you feel if your local sex shop rang your wife by mistake at home to say they had a special offer on "Anal Teenage Lesbian Farmyard Scat Lovers 15" as you'd enjoyed its predecessors so much?

Ha, not quite so keen now, are we, Mr "I Have nothing To Hide"?

Re:NoScript FTW

[GameboyRMH]

This is why you're supposed to lock your computer when you step away from your desk!

Re:NoScript FTW

[asdf7890]

NoScript is an absolute must have for anyone who knows what they are doing

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

You obviously don't have friends who are less careful and send you links to iffy sites in amongst links to ones you are actually interested in. You've obviously never visited an otherwise legitimate and safe site who was using an advertising network that either went bad of their own accord or were somehow exploited by a malicious entity. And so on. While it certainly isn't for everyone, NoScript is something I find particularly useful. White-listing the sites you need to run code from is easy and once you've been using it for a short while all your regular trusted sites are trusted by default and cause you no hassle.

Re:NoScript FTW

[LiMikeTnux]

It's not as if LinkdIn or other high profile sites routinely feature drive by downloads.

Not only that, the attack in question targets LinkedIn users with a fake link via email. The attack isnt even hosted on the service's website.

LinkedIn spam - but I repeat myself

[wowbagger]

" sending massive volumes of spam email messages targeting LinkedIn users."

To paraphrase Mark Twain:

Imagine you receive a message from LinkedIn. And imagine that it is spam. But I repeat myself.

Linkedin are just spammers anyway.

[schon]

Linkedin are just a bunch of spammers anyway.

I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.

Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.

Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

Re:Linkedin are just spammers anyway.

[clampolo]

Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

That's not enough. Headhunters are going to continue to call you at work. They see where you are working and then just call your company's operator asking for you. Once you put your information on Linkedin it is for sale to anyone that pays them for it.

Re:Linkedin are just spammers anyway.

[BitZtream]

I blocked all email from their domain since.

You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?

Ban their domains 18 ways to sunday, you'll still get the messages.

Re:Linkedin are just spammers anyway.

[postbigbang]

You mean you clicked on something without checking the message header? I get all kinds of bogus phishing and adware site spam-- but I've yet to see them successfully forge a header from a real site.

Re:Linkedin are just spammers anyway.

[Zorque]

I got this probably about the same time you did, some Liu Chang or something wanting me to join. The fact that the site itself keeps sending reminders to join is the worst part, the site itself is spamming you. It's obnoxious.

Re:Linkedin are just spammers anyway.

[whoever57]

I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

Are you sure that LinkedIn actually sent the emails and i the weren't just a spam emails? The spam emails that look to be from LinkedIn are quite good forgeries and I don't recall ever seeing real LinkedIn emails refer to a "custom message".

Re:Linkedin are just spammers anyway.

[Inda]

Same here but customer service was a little more helpful for me.

Email abuse@linkedin.com asking them to block your email address and you'll never see them again.

Of course, if Gmail treated them as spam, there wouldn't have been a problem.

Started earlier

[whoever57]

I got a spam email which looked like a LinkedIn request last week.

It was immediately obvious that it was fake because it was sent to sales@

It's 2010. Why are browsers not properly sandboxed

Why do these "drive by download" vulnerabilities exists? Web browsers should be sandboxed to disallow execution of malicious code. Clicking on a hyperlink should just not execute code that runs outside of the browser sandbox. That's jus

Started before monday, today is the netflix spam

[BitZtream]

LinkedIn spamming started before today, I know as we've got several from last week.

Today we started getting the netflix emails about 'lost in mail' disks for movies that haven't been requested and/or to users without netflix accounts.

Way to notice whats going on guys.

What I get

[oldmac31310]

I get REAL contact requests from Linked In occasionally. What a pain!

Re:What I get

[MichaelSmith]

The only real contact requests I got on Linked In were spam, just slightly more sophisticated than this. I have never seen that site do anything useful.

Re:What I get

[Bigbutt]

That and fricking headhunters who sent me a request for a one day a week, $20 an hour job in Austin Texas.

Idiots.

[John]

Is there a real exploit here?

[gad_zuki!]

Or is another "Download gdggdsf.exe" and moronic users click on Run?

So far I've only see "drive by download" which is 100% meaningless. Would it kill them to tell us what exploit, if any is being used?

Bad Grammar

[bokmann]

Why is it no matter how short the message involved in a scam, somehow the English is mangled? It seems like a good malware defense is simply a good understanding of the English language. Please WAITING?

No kidding

[Sycraft-fu]

I mean maybe it uses a real exploit, like say the hole in Acrobat Reader. That's been patched now but it is recent so people are probably still vulnerable. Would be nice to know what it is so we know what to look for if a user gets hit.

Re:No kidding

[GIL_Dude]

Actually only some of the exploits in Acrobat Reader have been patched. According to the latest security bulletin from Adobe, reader 9.3.4 has critical vulnerabilities and they will release a patch the week of Oct. 4th. So unfortunately you can still get hit with certain Reader/PDF exploits by visiting a site.

Re:Started before monday, today is the netflix spa

[marsu_k]

We had hundreds of these per day a couple of weeks back at work - somehow they got past our spam filter (perhaps LinkedIn was whitelisted), although they were obviously spam. What was odd was the fact that I've registered to LinkedIn with my @gmail address, but the spam came to @work. The part before @ is the same though.

But does it run on Linux??!

[mspohr]

I assume that this is a Windows only malware but as usual, no mention is made of platform.

Strike up the band!

[Chris+Tucker]

Botnets, worldwide botnets.
What kind of boxes are on on botnets?

Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too.

Are boxes, found on botnets.
All running Windows. FOO!

I get thousands of these

[MichaelSmith]

...but I don't think the have anything to do with my non-neglected linkedin account. Its just normal phishing.

What I did get yesterday was a telephone spam phishing attempt. They called told me they had detected malware from my system and tried to get me to load a remote administration tool from their web site. Take a look at the language on that site "Blue Screen To Death Error", etc. Its hilarious.

Re:I get thousands of these

[!eopard]

I had a phone call claiming to be from the "Microsoft Certified Technical Department" :o, apparently this IRS group had identified my computer as being ridden with viruses. I was only able to keep them on the phone for 7 mins, but it was sorta funny considering how hard they were trying to get me to open this website. Asking how they obtained my phone number from my IP address seemed to be the clincher in her hanging up. I wish I'd thought to boot a Windows VM box, might've been able to waste more of their time (it was a weekend and I was lazing on the couch, no skin off my nose).

I reported the website and phone # I was given to scamwatch.com.au

Oh - check out the Live Support link (top right) - an executable?!?

Re:I get thousands of these

[MichaelSmith]

Yeah thats the call I got, about 24 hours ago. I am in Australia. I wish I had let the call go longer. Could be good for endless minutes of lulz.

Execute the Bastards

[Nom+du+Keyboard]

I'm ready to execute all malware writers. Put them up against the wall and remove the problem forever. They contribute absolutely nothing of use to society.

Re:Execute the Bastards

[Yvan256]

And how do you feel about the source of all these problems? Is there someone named B.G. at the top of your list?

Re:Execute the Bastards

[feufeu]

Jesus christ, are you completely crazy ? Of course it's lots of use to the whole computer-security industry which probably wouldn't even exist if someone didn't take the time to write a new virus/worm/whatever every now and then !

The more i think the more i cannot exclude that the industry writes the malware on their own...

Re:Execute the Bastards

[houghi]

Need they be shot before or after the Marketing Division of the Sirius Cybernetics Corporation?

Re:Execute the Bastards

[davidshewitt]

Execute those who execute malicious remote code? What goes around comes around I guess. ;)

Re:Execute the Bastards

[hellop2]

I'd line them all up and thank them... for providing me with an endless source of income, in the form of poor, helpless clients.

Re:Just disable JavaScript, Java applets and plugi

[Grishnakh]

Lots of sites seem to use Javascript for their menus.

And while Java applets are indeed mostly dead, Paypal uses one if you purchase postage online, which is a handy feature. Yeah, Paypal sucks and all, but I don't know any other place that lets you purchase USPS First Class postage so easily (USPS's own site only lets you buy Priority and Express, which are overpriced). (And don't mention encidia; Paypal at least doesn't require a monthly fee.)

Re:It's 2010. Why are browsers not properly sandbo

[Yvan256]

I would think the answer if obvious. Sand, you see, is extremely small and could get everywhere inside the computer. That's why companies don't sandbox their products.

If you want sand, bring your laptop to the beach.

Re:It's 2010. Why are browsers not properly sandbo

[Yvan256]

P.S.: Slashdot really needs a "smartass" moderation option. Like funny, wouldn't count toward the karma.

Don't use Windows

[kelsey.grammer]

Problem solved.

Re:Don't use Windows

[Scorch_Mechanic]

Phew, I feel a lot better now. My basement doesn't have any.

Re:Don't use Windows

Thanks for your useful and astute knowledge of the situation. Everybody should just drop their operating system and use a different one, because nobody relies on certain features of that OS or software exclusive to it. You've really done us all a favor.

So what's new

[mariushm]

I got 114 spams for Linkedin on two email accounts from the 24th 11:18 pm GMT+2 to 27th 11:50 GMT +2.... 80% of these were blocked automatically by simple rules like checking for Reverse DNS and checking if the sender IP is blacklisted.

Funny enough, all websites used in the messages point to a file 1.html - I guess they used some bots and some vulnerability of those websites to upload the html file with that particular name.

Re:It's 2010. Why are browsers not properly sandbo

[MichaelSmith]

Sure, browsers can run java applets which are sandboxed. Probably why phishers don't use java.

PLEASE take linkedin.com SPF out of softfail mode

[Linux_ho]

Changing one tilde to a dash would solve this problem for 90% or more of the phishing targets.

$ dig txt linkedin.com

;; ANSWER SECTION:
linkedin.com.        21600    IN    TXT    "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"

My phoney LinkedIn messages started last Friday

[grandpa-geek]

I had a few each Friday and Saturday and several on Monday. The URL's of the links varied. None of them were linkedin.com.

Engage brain before clicking.

Re:PLEASE take linkedin.com SPF out of softfail mo

[ls671]

Of course because 90% of routers, firewalls and mail servers have SPF built-in into them and hardwired in a way that it is impossible to disable.

Seriously about 50% of all domains use SPF.

On my small domains with a few machines, I do publish SPF records with a "-all" (dash) record but I do not use SPF directly to filter email. I give a small weight when SPF records do not match amongst a lot of other factors in order to make a decision whether an email is spam or not but I never block an email based only on SPF.

For big domains with multiple machines and customers who access the net in many different ways. Having an SPF record with "-all" is a guaranteed way to have your legitimate customer emails blocked at some point.

http://en.wikipedia.org/wiki/Sender_Policy_Framework

Re:arrogance or practicality, stupidity is worse.

[lpq]

NoScript blocks 'flash' and other payloads -- even fonts (which I know of no exploits for). As for graphical vectors -- I can count the number of those on 1 hand in the past 10-15 years, actually, 1 finger now that I think about it. But you can block
those if that's where your tolerance is.

You have to draw lines somewhere. Technologies that allow some program, written by someone else to run on your machine, just by visiting a website, are where I get uncomfortable. I permit them on reasonable sites and don't worry about them again. I can't see anyone complaining about such -- you can even default to permitting the main site by default which would protect most people from 3rd-party website-hosted scripts -- at least then you just have to trust the websites you visit and not all the websites they or someone else might include.

You are very naive or stupid if you think that 'imperfect protection' == no protection, since no protection is perfect and all protection is 'imperfect', save complete isolation, but then you wouldn't be reading this. This isn't to say that NoScript is a solution to everything, but it would be to the original problem -- a drive-by script load from a noname site. Problem solved. Next?

I must be special.

[Jane+Q.+Public]

I've been getting these for several days, at least.

I just now deleted one from two days ago. And they started before then. But I must admit they have been getting more common. I had like 12 just today.

Re:arrogance or practicality, stupidity is worse.

[arivanov]

Fonts had a couple of exploits. I am too lazy to trawl my BUGTRAQ archive at the moment, but I can recall at least a few.

In any case, noscript helps, but it is not enough. You can still get nailed by a payload on a site which is in the whitelist. In addition to that, most sites nowdays make such heavy use of Javascript and Flash that you end up tweaking settings for half an hour before you can browse a site.

Well at least it isn't a car analogy

[syousef]

That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.

Well at least it isn't a car analogy

Re:arrogance or practicality, stupidity is worse.

[lpq]

What are you taking about?

I rarely have to tweak more than the main page for most stuff. If I'm actually using the site to post or buy or interact, I sometimes have to enable a static and a script site in addition to the main -- usually a total of 3, _tops_ for full use of most sites -- and those are ones that are not on my white list. I spend far less time on NoScript config/week than I do waiting on the internet in a single day: the same would be true of anyone who knows what they are doing. So your statement doesn't begin to hold water under any circumstance.

I've been infection free since before the internet went public in the early 80's, so I'm not too concerned about doom-sayers, no matter how misinformed they are.

Re:PLEASE take linkedin.com SPF out of softfail mo

[Linux_ho]

For big domains with multiple machines and customers who access the net in many different ways. Having an SPF record with "-all" is a guaranteed way to have your legitimate customer emails blocked at some point.

I don't see why, if it's correctly configured. The domain I run has hundreds of machines. There are bigger domains out there, but I don't see how they would be significantly different. "Having an SPF record with -all" simply means you're confident that you know what IP addresses your domain's outgoing mail mail will be sent from. Do you not think most organizations will know the IP addresses of their own outgoing MTAs? Is it so difficult to set up all of an organizations' mail clients so they ALWAYS relay mail through one of those servers?