The Script Kiddie Cookbook

Abstract:

Computer Security
for Everyday Users

Copyright 2005
by
Matthew J. Basham

1
The Script Kiddie Cookbook: Computer Security for Everyday Users

Matthew J. Basham

Copyright ©2005

Published by:
Lulu Press (http://www.lulu.com)

All rights reserved. No part of this book may be reproduced or transmitted in any form or
by any means electronic or mechanical, including photocopying, recording, or by any
information storage and retrieval system, without written permission from the publisher
or the author, except for the inclusion of brief quotations in a review. Any reproductions
for learning purposes should be reported to authors for accounting purposes
(Basham.Matt@spcollege.edu)

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0

This manuscript was supplied camera-ready by the author.

2
Table of Contents of the Script Kiddie Cookbook available at http://www.lulu.com

Chapter 1 Introduction ……………………………………………… 5

Unit I: Legal Stuff ……………………………………………………… 10

Chapter 2: Legal system basics ……………………………………… 11
Chapter 3: Cases of Interest ……………………………………… 42
Chapter 4: Acceptable Use Policies ……………………………… 94

Unit 2: Hacking History and Foundational Stuff ……………………… 105

Chapter 5: History and Psychology of Hacking ……………………… 106
Chapter 6: Networking Frameworks ……………………………… 115
Chapter 7: Logic Problem Fundamentals/Cryptography Fundamentals 119
Chapter 8: The “Anatomy of a Hack” ……………………………… 132

Unit 3: Tools of the Trade ……………………………………………… 135

Chapter 9: Downloading stuff from the web ……………………… 137
Chapter 10: DOS ……………………………………………………… 147
Chapter 11: Password Protection ……………………………………… 202
Chapter 12: Protocol Inspectors ……………………………………… 215
Chapter 13: Port Scanners ……………………………………… 235
Chapter 14: Having fun on the Internet…or not ……………………… 252
Chapter 15: E-mail and SPAM ……………………………………… 264
Chapter 16: H4xor 5p34k ……………………………………………… 286
Chapter 17: How to stop those frigging pop-up ads ……………… 289
Chapter 18: Knoppix STD: an introduction ……………………… 296

Unit 4: Putting it all together ……………………………………………… 335

Chapter 19: Case Studies in Hacking ……………………………… 336
Chapter 20: Prologue ……………………………………………… 341

Cool email from “Phantom” ……………………………………………… 345

3
 Chapter 9:
Downloading stuff from the web
• Introduction
• What about when I need to download things for work?
• Geek Stuff: Virus basics
• Summary
• Exercises

One of the biggest problems with letting people use the web is the apparent isolation
of each user. Just because you are relatively alone while you are using the Internet
does not mean you are not being watched. Many times people forget their computer
is part of a bigger mesh of computers. At any given point monitoring can and usually
is taking place. EVERYTHING in a school network passes through multiple
monitoring devices. Are you using an instant messenger (AOL©, MSN©, Yahoo!©,
ICQ©, et. al)? Everything can be recorded with monitoring devices. I know it all
sounds Orwellian, but in today’s litigious society schools need to monitor everything
very carefully. What most schools are not doing is following up on those huge logs
and policing the activities of its users…at least not yet.

4
 Several years ago there was a couple of websites that were being touted as being very
funny. The first one is called the “frog in the blender” or the “fish bowl blender” of
the same vein. In short you could push a button that blended the fish or frog into a
frothy little puree. Why? Some people thought it was a lot of fun. The other site was
called the “Hamster Dance” website.
All that site contained was a mesmerizing little flock of hamsters doing a simple
little dance with this catchy little tune that you could not get out of your head for days
upon end. This website, like the frog in the blender, also spawned bunches of other
sites like the “cow dance,” “fish dance,” and others.1

You would not believe how many people have seen many of these sites. Why am I
bringing them up here? I am bringing them up because the “frog in the blender” and
“fish bowl blender” websites were made for purely malicious activities. The
everyday user has no idea, which site is innocent and which is not innocent.
Depending upon which sites you may have visited one iteration of the “frog in the
blender” was set up by hackers to become a Trojan horse. In everyday terms, by you
merely pushing the button to make the frog or fish shake you had inadvertently turned
your computer into a computer that the hacker could control at any time. Oh I know,
your school has firewalls and other safety measures. But the problem is: SECURITY
IS ONLY AS GOOD AS IT’S WEAKEST LINK. By you activating this blender you
have created a hole, from the inside of the network to the outside of the network, for
the hacker to use…they basically have by-passed all of your security. We call them
Trojan’s in reference to the Trojan Horse in Greek History…“Beware Greeks bearing
gifts.”
The other incarnation of these blenders (hackers are big-time copy-cats) starts the
same way: you press the blend button. Only this time you have unknowingly
downloaded a virus on to your computer. When you have this virus it will sit in
hiding until May 28th and then become “active” and erase everything on your hard
drive. How do you know it is there? You can search for these files: blender.exe or

1
Frog picture retrieved May 16, 2003 from http://allaboutfrogs.org/gallery/mystuff/doodles4.html

5
 fish.exe.2 Even the cutest little sites can be dangerous to your files and the school
network in general.
A good overall rule is to never download anything or “execute” or “play any
games” with your work computer. If you want to download a game, or to visit a
funny site then do it at home. It is not worth losing your job over something like
this…it may seem trivial to you but when just visiting one cute little site you usually
cannot help but send it to your friends. And then they “activate” it and send it to their
friends. Next thing you know an epidemic is on hand. Who looked at it first? We
can find out from our logs and pinpoint them. Again, do this stuff at home because it
does not belong at work.

What About When I do need to Download Things for Work?

There are times (just as I did with the frog picture) that you cannot avoid having
to download things from the Internet on to your computer. The rule is simple: be
knowledgeable enough to know where you can download things and where you
cannot. In general sites that exist solely for the purposes of uploading and
downloading like download.com or cnet.com should not be used at work. If you must
download then I generally will “sort-of” trust other educational or not-for-profit sites.
Notice how the frog picture was downloaded from a not-for-profit site. I still used
my virus checker for that little extra bit of protection too. Even by doing that you still
just never really can be certain but at least you have done everything you can possibly
do.
What’s that? You don’t know how to use your virus scanner? Well then let’s just
spend some time and show you how to do it with our frog picture. First open a
browser window using Internet Explorer (or Netscape Navigator). Then put
http://allaboutfrogs.org/gallery/mystuff/doodles4.html into your navigation/address bar and hit
enter. You should see a window like in figure 1 on the next page. Next you will see
that same frog that appeared on the last page. Now, in this step you may be tempted
to just copy and paste the frog into your document. Sure it is the quickest and easiest
thing to do but we really need to go the “extra” mile and scan it for viruses just in
case. In figure 2 we can see what menu “pops up” when we use the right mouse
button (a.k.a. “right-click”) on the picture. Then we can select the “Save Picture As”
option and put the picture into a folder. I would suggest saving the picture in a folder
in the “my pictures” folder so you can more easily find it when we start using the
virus scanner. In addition, when you go to insert the file later most programs start at
or very near the “my pictures” folder.

2
From http://vil.mcafee.com/dispVirus.asp?virus_k=10172

6
Figure 1—IE page for frog picture download.

Figure 2—Right click on the frog and select “Save Picture As.”

7
Figure 3—Saving the picture in a folder on my computer.

I saved the picture in a folder called “downloads” in the “my pictures” folder as
shown in figure 3 above. Next we need to start the virus scanner. St. Petersburg
College has chosen Mcaffee’s Virus Scanner and the tool of choice. To start the
process use the “start” button on your taskbar (usually the lower left-hand side of the
screen), find the “Network Associates” link, then “Virus Scan” (see figure 4).

Figure 4—Finding the Mcaffee console.

8
Figure 5—Mcaffee Virus Scan “On demand” console.

Once the pop-up “on-demand” window comes up then use the “browse” button to
navigate to your folder with the frog picture in it. Usually you should be able to just
select “my documents” then “my pictures” and you are there. I also added a
“downloads” folder as shown in figure 6 below.

Figure 6—Navigate to the folder where you put the file.

Next look at figure 6 on the options on the lower left-hand side of this window. You
can select “default files,” “all files,” or “user specified files.” Since I am only putting
things in here that I download (and is thus a very small number) then I will switch it
to “all files” as shown in figure 7 on the next page. Then you just need to click on the
“scan now” button on the upper right hand corner and Mcaffee will scan everything in
that folder. When Mcaffee is finished you will see a window like in figure 8 on the
next page.

9
Figure 7—Switching the scan to “all files.”

Figure 8—Results of scanning the folder where the frog picture was placed.

Ok. So you are out of the woods. There appears to be no problem with viruses, at
this time, for the frog picture. In figure 9 I am showing you a screen shot of what
happens when you have viruses of some sort on your computer. Should I be worried?
Only if I did not know what I was doing. Being a computer guy I know those
“infected” files are actually programs for testing network security and that they show
up as “Trojans” because that is the very nature of the program.

10
 Figure 9—Output from scanner showing “infected” files.

Furthermore, during the scan if you have an infected file the scanning will stop and
ask you if you wish to delete the file. In most cases I would say “most definitely” to
delete the file. Being an inquisitive computer guy I usually save the file off on
diskette first, then re-scan a couple of times to make certain the file is gone. I have a
couple of diskette storage bins full of viruses that I use in classes where I teach
students how to remove them. There are even sites that sell CD-roms with thousands
of viruses on them.3 Usually teenagers are out there buying these things and bringing
them in to school on floppy disks or CD’s and they will sometimes have viruses right
on the same one they turn their assignments into you with. To keep it simple I would
always ask for paper copies of assignments.
As our classrooms move to being more technologically savvy we will have to
ever more vigilant about our use of virus scanners. At some schools, like the
University of Florida, students come into the classroom, hook their laptop into an
Ethernet jack in the seat, download their homework assignments and then upload
their next assignments right onto their laptop. There has been considerable debate
about implementing this style of classroom in community college settings. On one
hand, having students purchase laptops would save considerable resources for other
projects. Since budgets are being hacked and slashed at an alarming rate this would
seem like a good idea. On the other hand, by putting the burden of purchasing
computers on the students in a community college setting we may be inadvertently
segregating our educational facilities into the people who can afford laptops and those

3
See, for example, http://www.ameaglepubs.com/store/index.html

11
 who cannot. Those who cannot would not be able to attend. Alas the debate will
rage on for quite some time I am sure.

Viruses in a Nutshell
Computer viruses were started back in the mid-1960s as an attempt at creating
artificial intelligence. The early writers wanted to create a computer program that
could learn from its mistakes and become better. Biological viruses work in the same
fashion, they replicate and usually become stronger with every iteration. We have yet
to create a program capable of “thinking” for itself but with every new generation of
super-computer we are coming closer to the day this will happen.
There are many good anti-virus packages out there like Norton, F-Prot, PC-Cillin, Dr.
Solomon, and others but I happen to like Norton for home use and Mcaffee on a
corporate-style network. Basically all virus scanners work the same way: they use a
“test” pattern4 to compare against files. There is a rumor that virus companies are
responsible for creating and releasing many viruses onto the network. How else can
they have “fixes” (also known as patches) for them within hours after the new strain
of virus is first discovered?
While you may be shopping for virus protection packages you may encounter
claims of “will detect 97%” of all viruses or “will detect 98% of all viruses.” If, like
me, you are a mathematically minded person you will probably be tempted to buy
several hoping to raise that detection up to almost 100%. I can urge you now to only
use ONE anti-virus package. The test pattern in one virus checker will cause a “false
positive” reading when another virus checker is running. In short, you will be
chasing many “ghost” viruses that do not exist and may even end up causing damage
to your system.

Summary
In this chapter you learned downloading things from the Internet onto your work
computer can cause you to inadvertently put viruses on your computer if not done
properly. It can even cause you to lose your job in some circumstances. The bottom
line is to only download things on the Internet for work-related purposes only and to
virus scan them thoroughly using the latest version of scanning software. You cannot
avoid viruses but you can severely reduce the chances of being infected by one.
Since most user policies are written to put the burden on the user you need to know
this stuff (it’s a technical term).

Exercise 1
1. Go out to the web and find some pictures or icons to use in creating a
powerpoint presentation for your class.
2. Save the pictures to a folder on your hard drive.
3. Virus scan the folder and all of its contents.

Exercise 2
1. Ok, now let’s have you try to run a virus scan on a diskette. Your instructor
should be giving you a diskette for you to use.
4
Commonly called the “EICAR” test pattern.

12
2. If your diskette has a virus on it then what procedures would you take to remove
the virus?

Exercise 3
1. From time to time you should check on the version of virus scanner your
computer is using. More importantly you should check that the latest virus
update files have been applied. Remember its your computer and your
responsibility to check this…you will need to notify the help desk for any
updates if needed.
2. What are your procedures for putting in a work order for your computer?

13
 Chapter 14
Having fun on the Internet…or not
• Introduction
• History files
• Favorites
• Daemons
• Geek stuff: Cookies basics
• Summary

There are times when you might be out on the Internet looking for something for
work and you might start to stray. Maybe it is a pop-up ad that gets your attention or
maybe you accidentally went to the wrong site…in either case there are several things
that happen on your computer and the network that “record” where you have been. In
this chapter we will look at how this information is recorded on your computer and
how it is removed. How it is recorded and removed on the network is out of your
control so, again, the best thing to do is keep your surfing habits to work-related sites
only (even if you are on a break).

History files
Just like Hansel and Grettle did in the Hans Christian Anderson story when you
go out on the Internet you leave a little trail behind you of everyplace you go. To the
lay person you can easily clear out your “trail” by clearing your history files. The
history file was created to actually save you time when traveling over the Internet.
Have you ever wanted to return to a website by starting to type it in only to have your
computer finish the address for you? This happens because the computer matched
what you typing to the addresses stored in your history file.
By clearing out your history file you can already see plusses and minuses. A plus:
no one can usually come behind you and see what sites you have visited. A minus:
you will have to re-type every website again. Let’s go see what dirty little sites that I
have been to on my computer. Since I have been using Internet Explorer (IE) lately,
as most people seem to do we’ll use IE. First let’s open up IE and then click on the
little down arrow to “see” some of the past sites visited (see figure 15-1).
So it’s a bit nice to see all of those sites sometimes, especially if you visit them
often (for work, of course). But that is why we have a “favorites” folder to hold that
information. Let’s actually clear out your history file. At the toolbars in IE click on
the “Tools” pull down menu and select “Internet Options.” You should see a pop-up
window similar to figure 15-2.

14
Figure 15-1—Looking at your history file.

Figure 15-2—The “Internet Options” pop up window.

Next, look down near the lower right-hand corner in the “History” box. Y will see a
button named “Clear history.” Another pop-up window will ask you if you really
want to clear your history files (which you do) so click “yes.” Next click on the “ok”
button on the Internet Options window to make it close out. Now let’s look at our
“history” again (see figure 15-3).

15
Figure 15-3—Cleared history file.

It does not take very long to do but you also have to remember the next time you visit
a site you are generating more entries in your history file. How do you think you
could set your computer to never keep anything in your history file? This way you
will not have to keep clearing all those sites every now and then? You just pulled up
that Internet Options window a second ago and cleared the history file (figure 15-2).
If you look to the left of that clear history button you will see an option for keeping
those files in your history file. By default it is set to keep them for 20 days. If you
set that to keep them for 0 days you will not see anything ever appear in there.

Favorites
You may be diligent in removing those history files or have even set it to not
contain any at all but there are other ways to find information on your computer. One
easy tell-tale place is within your “favorites” list. Here you may have “bookmarked”
an Internet site for easy return. This one is really easy to see. In IE just click on the
“favorites” pull down menu (see figure 15-4). As we have said all through this
manual it is easy when you know how.

16
 Figure 15-4—Looking at the “favorites” pull down menu.

So another good tip is: if you do not want anyone to see where you have been on the
computer do not keep history and do not book mark a site. Of course you still have to
remember if you computer is on a network at school your websites visited are also
recorded at possible several high power computers.

Daemons
Privacy tab in Internet Options settings (accept or deny cookies).

Geek Stuff: Cookies Lab

The Internet is a wonderful place. There are millions of different sites for you to
visit and even more new ones being added everyday. The websites you visit usually do
not have any real way of keeping track of all of the specifics of each visitor to their site
and what they did while they were there. This would require an enormous amount of
resources for every single website. Instead website programmers use something called a
“cookie” to keep track of your access. Instead of putting it on their website, they keep it
on your workstation. When you visit the site again the website accesses that cookie from
your computer and can even use that information to “greet you by name” upon the second
visit to their website.
The term “cookie,” as it relates to computer technology, is not that new. In fact
the term “cookie” is a descendent of the UNIX operating system (written in 1969)
function called “magic cookie.” Magic cookies, in UNIX, are used for transferring small
“tokens” of information between two computers. In fact, Macintosh computers do not
use the name “cookies” but sticks with the UNIX name “MagicCookies.” It performs
very much the same function as Windows-based cookies.
Like we said, a cookie is a text file full of information about you, the pages you
visited, any usernames and passwords (usually encrypted), and information about

17
anything you have downloaded from their site. As with everything else we have rules
that apply to cookies to which website programmers try to adhere:

1. Usually there is one cookie (or more) “set” per website that you visit.
2. Cookies are to be no more than 4 kilobytes in size.
3. No more than 20 cookies per website, server, or domain, SHOULD be set
on your workstation.
4. No more than 300 cookies should exist on your computer at any time. If
this limit is exceeded then the newer cookies should be written over the
oldest cookies.

Hmm…sounds like a good simple transparent virus-type code…change the cookies

setting with programming so that no cookies are ever deleted and eventually the hard
drive fills up, the workstation begins running slow and crashes. Best of all, it could take
weeks or months before it happens and you will probably not be able to trace it back to
where you got it from…pure evil.
So why do you think this may be important for us in a security class? Think
outside the rules. How can this be perverted into someone else’s advantage? That’s
right. They could upload all of the cookies instead of just their cookie. Now they can get
a profile of you, your web habits, and, possibly, your shopping habits. We know those
passwords are encrypted but those are easy to reverse engineer too. Someone could be
out there using your username and password right now. Think about someone planting a
Trojan deamon that periodically sends your cookies, IP address, username, etc. back to a
central source. Talk about damage incorporated.
Luckily for us cookies can be viewed, edited, and even turned off on our
computers. In this lab you will learn how to find cookies, view source code in cookies,
use a protocol inspector to see hexadecimal code for cookies, and learn how to turn off
the cookies feature in both Netscape Navigator and Internet Explorer.

Finding and Viewing Cookies on Your Computer

Let’s start off with one of the more popular browsers: Internet Explorer. To find
the cookies in Windows 2000:

1. Open Windows Explorer.

2. Then navigate to “documents and settings”, your user name (if it
is attached to a network), and you should find a folder, easily enough,
called “cookies.”
3. Open it up and you will see all of your current cookies.
4. In that folder you will find a file called “index.dat.” Even if you
delete your cookies this file will still contain an entry about your cookies.
Ahh…the smoking gun.

Let’s open one up! What? Don’t have any? Let’s make some! Open Internet Explorer
and go to www.disney.com. You should see a cookie appear with the Disney name in
there somewhere (in your cookie folder) along with several other cookies (we’ll get to
those in a moment). Then open it up. You should see a line like this:

18
CPnull*disney.go.com/01726192353620305785659078873856214783567367

An interesting thing is to copy that line from word pad (it will open in word pad by
default) and then copy it to Windows 2000…that one line of text breaks into several lines

CP
null*
disney.go.com/
0
017261923536
20305785
6590788738
56214783
567367
*

with line breaks (a.k.a “carriage returns”). Hmmm…looks like another opportunity for
reverse engineering with a decompiler. (Before you try it on my data I changed it…nice
try). Sometimes the cookies will even include usernames, passwords, machine ID
numbers, IP addresses, ISP from which the request originated, etc. In short, they are
some mighty powerful little things.

Let’s try this again for Netscape Navigator on a Windows 95/98/2000 machine:
1. Open up Windows Explorer.
2. Navigate to “C:\” drive.
3. Then “Program Files.”
4. Then “Netscape.”
5. Then open the “users” folder.
6. If you do not have one for your id then open the “default” folder
7. You should find a file called “cookie.txt.” Here all cookie information
is kept in one file.

Ok…now how about Windows 95/98 (with IE):

1. Open up Windows Explorer
2. Navigate to C:\” drive
3. Then to the “windows” folder.
4. Then open the “cookies” folder.

What’s that? You see cookies from sites in there like doubleclick.com, hitbox.com,
focallink.com, Globaltrack.com, ADSmart.com, and other websites even though you
know you have never been there? That is one of the growing legal issues surrounding the
use of cookies. It generally falls under the “privacy” category in law because most of this
is taking place without your knowledge. Basically your information stored in your
cookies is being “harvested” and sent to central database clearinghouses and then resold
to direct marketing companies when you visit some websites. These things are

19
“transparent” to you, as the user, whether you like it or not. Wait until we get to the lab
on SPAM! Ever wonder how that junk mail shows up in your email box even though
your company has a (seemingly) strict anti-spam policy? Yup…these transparent cookies
are the culprits.

Viewing Source Code for Cookies

The syntax of a cookie is fairly simple. Most of them are written in http as a CGI
script. Here is the syntax to cookies during transmission…you can see this when you
capture packets with a protocol inspector. I am quoting the Netscape site on the syntax of
cookies for your information (emphasis added):

Syntax of the Set-Cookie HTTP Response Header

This is the format a CGI script would use to add to the HTTP headers a
new piece of data which is to be stored by the client for later
retrieval.
Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure
NAME=VALUE
This string is a sequence of characters excluding semi-colon,
comma and white space. If there is a need to place such data in
the name or value, some encoding method such as URL style %XX
encoding is recommended, though no encoding is defined or
required.
This is the only required attribute on the Set-Cookie header.
expires=DATE
The expires attribute specifies a date string that defines the
valid life time of that cookie. Once the expiration date has been
reached, the cookie will no longer be stored or given out.

The date string is formatted as:

Wdy, DD-Mon-YYYY HH:MM:SS GMT
This is based on RFC 822, RFC 850, RFC 1036, and RFC 1123, with
the variations that the only legal time zone is GMT and the
separators between the elements of the date must be dashes.
expires is an optional attribute. If not specified, the cookie

will expire when the user's session ends.

Note: There is a bug in Netscape Navigator version 1.1 and

earlier. Only cookies whose path attribute is set explicitly to

"/" will be properly saved between sessions if they have an

expires attribute.
domain=DOMAIN_NAME
When searching the cookie list for valid cookies, a comparison of
the domain attributes of the cookie is made with the Internet
domain name of the host from which the URL will be fetched. If
there is a tail match, then the cookie will go through path
matching to see if it should be sent. "Tail matching" means that
domain attribute is matched against the tail of the fully
qualified domain name of the host. A domain attribute of
"acme.com" would match host names "anvil.acme.com" as well as
"shipping.crate.acme.com".

Only hosts within the specified domain can set a cookie for a

domain and domains must have at least two (2) or three (3) periods

20
 in them to prevent domains of the form: ".com", ".edu", and

"va.us". Any domain that fails within one of the seven special top

level domains listed below only require two periods. Any other

domain requires at least three. The seven special top level

domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
The default value of domain is the host name of the server which

generated the cookie response.

path=PATH
The path attribute is used to specify the subset of URLs in a
domain for which the cookie is valid. If a cookie has already
passed domain matching, then the pathname component of the URL is
compared with the path attribute, and if there is a match, the
cookie is considered valid and is sent along with the URL request.
The path "/foo" would match "/foobar" and "/foo/bar.html". The
path "/" is the most general path.
If the path is not specified, it as assumed to be the same path as

the document being described by the header which contains the

cookie.
secure
If a cookie is marked secure, it will only be transmitted if the
communications channel with the host is a secure one. Currently
this means that secure cookies will only be sent to HTTPS (HTTP
over SSL) servers.
If secure is not specified, a cookie is considered safe to be sent

in the clear over unsecured channels.

Syntax of the Cookie HTTP Request Header
When requesting a URL from an HTTP server, the browser will match the URL
against all cookies and if any of them match, a line containing the
name/value pairs of all matching cookies will be included in the HTTP
request. Here is the format of that line:
Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2 ...

Source: http://wp.netscape.com/newsref/std/cookie_spec.html 14 June 2002

Remember: this is the code for transmission…not source code of cookies. Don’t get
them confused. We’ll look at the transmission code in the next section. Before we move
on to protocol inspectors let’s look at HTML source code a bit.
Ok. You can even compare it with the source programming code if you want. The
easiest way is to view the source code of a website that places cookies on your computer.
Then copy and paste the source code into a blank Front Page document. Now you can
“reverse engineer” html code live (without any legal repercussions). Be sure to copy the
source code, then disconnect from the web before editing the code. Never try to “upload”
your source code to anything connected to the Internet. Talk about being in deep-
kimchee. Front Page even changes the colors of some of the words to show which ones
are tags, attributes, comments and scripts, etc. Ok. So now let’s look at a sample script
for placing cookies onto your computer. Here is one I found on the AOL website
(emphasis added):

21
 <html><head>
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript"
SRC="http://www.aol.com/popups/script/postvisit_e.js"></SCRIPT><script language =
"javascript">
this.name="parentWindow";

function rdc(rUrl) {
location.href='http://dynamic.aol.com/cgi/redir-complex?url=' + rUrl;
}
function popWin(url){
var popWin=
open(url,"windowName",'nostatus,resizable=no,width=360,height=240,top=250,left=250')
;
}
function doSubmit() {
document.cookie = "cookietest=yes; path=/; domain=.aol.com";
var testCookie = document.cookie;
if (testCookie.indexOf("cookietest=yes") == -1) {
alert('Please turn your cookies on.');
} else {
var sn = document.loginform.screenname.value;
var isEmail = sn.indexOf('@');
if (isEmail > -1) {
makeSN= sn.substring(0,isEmail);
document.loginform.screenname.value=makeSN;
}
document.forms.loginform.submit();
}
}
Source: http://www.aol.com 14 June 2002.

I got that code by opening up the AOL web page and then looking at the source code
(view> source). Then I copied it into Front Page, disconnected from the web, and pasted
it into a new Front Page web (use the HTML tab). This is one easy way to determine if a
website is placing cookies on your computer. The only problem is, though, once you
open up the page the cookies are already downloaded to your computer (unless you
disable them). From this example we can see AOL is placing cookies on our computer.
Heck they even have a test to see if we have cookies enabled, then they ask us to turn
them on!
Want to learn more about the programming side of cookies? Here is a great link
on how to do that! (If it doesn’t work or changes then start with
www.cookiecentral.com):
http://www.cookiecentral.com/content.phtml?area=2&id=7

Assignment #1:
1. What programming language is being used for the AOL code? Be as specific
as possible.
2. Can you reverse engineer the code above to determine exactly what is being
done line-by-line? Use Front Page to test your hypotheses.
3. Find 5 websites not mentioned within this lab and reverse engineer their code
to determine the programming syntax for placing cookies.

Disabling Cookies on Your Computer

The best way to protect your privacy on the Internet is to not get on the Internet.
But if you want to access the Internet then you should disable your cookies. If you are
using a program that requires cookies like certain software sites (hotmail, quicktime, et

22
al.), certain E-commerce sites (U.S. Plastic, cajonshoppe.com, et. al.), and educational
sites (space.edu, certain links at the University of Michigan, iteslj.org, et. al.) then you can
still disable them and install a program like the “anonymizer” (http://www.anonymizer.com).
Before we start disabling our cookies let’s go out and delete our cookies/cookie
entries. Once we are finished then double-check they are still enabled by going to
Disney.com. If you received cookies, then great! Delete the entries/the cookies and
follow these instructions to disable cookies from being received on your computer:

Disabling cookies in Internet Explorer:

1. Open the browser window.
2. Select Tools>Internet Options.
3. Select the “security” tab.
4. Click on the button near the bottom of the window called “custom level.”
5. Scroll down to the cookies section (about half way down).
6. Select the “disable” radio button. It should look like this when you are finished:

23
Disabling the cookies in Netscape Navigator:
1. Open the browser.
2. Select edit>preferences.
3. Then click on the “advanced” button.
4. Click on the “disabled” radio button. It should look like this:

Now let’s verify they are not working by going out to Disney.com again. Check your
cookies file/folder and there should be no entries/new cookies there. Bingo! That’s what
we wanted.

So What Have I Learned Here?

In this lab you learned about the basics of cookies on your computer. Using this
information will not cover your tracks on the Internet, but it will, however, keep your
cookie-based information from being retrieved when you visit websites. There are other
things you will have to do to “erase” your tracks like using history files, proxy servers,
recycling bins, etc. But those are other labs too. You received some good entry-level
security tips here but should have also realized how much of an important role
programming plays in computer security administration. Don’t worry, it will keep
becoming more prominent as we move along.

24
 Chapter 17:
How to stop those frigging pop-up ads
Ok so in this chapter let me take some time to talk about something that can really
tick some people off: pop-up ads. Just when people were learning about filtering and
stopping access to some sites someone smarter came up with a way to get their ads for
enlarging your penis or maximizing your profits through in such a way that had people
baffled for a while.
The bottom line to any event is that it involves some aspect of programming. We
saw it back in the chapter on passwords and how things are stored in the user.dat file; we
saw it in the port scanning chapter; we saw it in the section on cookies. Geeze, does it
ever end? Apparently not.
What a pop-up ad does is just what it sounds like: it pops-up when you open an
Internet window. The real annoyance is that it usually doesn’t open just one window,
you usually get many windows opening usually when you try to close your other
windows.
Some people used their knowledge of DOS to run a list of active network
connections to identify from “where” the IP addresses of these ads were coming. No
good, because the addresses were spoofed (fake). Still others tried to “up” the security
levels of their Internet Explorer window and all this did was make it difficult to do
anything on the Internet.
By now, if you have gone through this book a bit at a time, you will have realized
things on the Internet are not what it seems and there are usually work arounds for
anything.

The “Ultimate” way to stop Pop-up ads

Obviously by not going on the Internet you will not have any pop up ads, but that
probably will not be so. What we need to do instead is first start off with how pop up ads
work…from a hacker’s perspective.
Actually pop-up ads are not really pop-up ads they are actually “mini” programs
that are activated from settings in your registry. How the instructions get into your
registry varies upon where you were first “infected” by the “pop-up” program(s). The
addresses that appear are fake and are actually randomly generated within your own
computer and that is why “filtering” the address (which is fake) does no good. Sure, they
look real, they seem real, and if you click on any of their links they will take you to actual
websites, but they are just programs running on your own computer designed to take you
to a place where you can buy something.
Before I get into the actual registry settings let’s go over a few other things. First,
if you have been “infected” by a pop-up ad you can go and “restore” your computer
which just cleans up your registry. Without creating a restoration point can really suck.
First of all it means you will go all the way back to having your computer restored to the
day it was bought, meaning everything will have to be re-customized and re-installed.
That can really suck, especially if you have software that was registered on line with a
company that is now legally shut down (like DVD Xcopy).

25
So, lets show you how to make a system restore point. First using your start button pull
up the help menu:

Then, you can see under the “Pick a task” section the third selection “undo changes to
your computer with system restore.”

26
Then on the next screen you can give your “new” restoration point a name:

Then, later you can select your restore point later. I would recommend loading all of
your stuff on your new computer, creating a restore point and then going and playing on
the Internet. Basically what you are doing is creating a new copy of your registry that has
all of your modifications on it. If you start running into pop-up ads then all you have to
do is restore your registry and the pop-up ads will disappear. That, is the easiest way to
stop pop-up ads.
Let’s take a second and talk about the “alternatives.” Many people like to
recommend using Adaware, Spybot, or some other program for removing pop-up ads.
All those programs are nothing more than utilities that modify your registry. If you know
a bit about computers then you know that any time you modify your registry you run the
risk of things not working. I was playing around with them for this chapter and Adaware
actually stopped the pop-up ads but also removed all of my drivers for my CD-rom and
DVD burners. So, I had to restore my registry again to get my drivers back. Once again,
this seems to be the easiest way to fix the problem.
Ok, now let’s dig a bit into those registry settings to see exactly which ones are
changed. Unless you know what you are doing you should never get into the registry,
even to look. Murphy’s Law really applies to the registry: what can go wrong usually
will.

27
 If you have never gone into the registry the easiest way is to use the start button
on the taskbar and select run the “regedit.”

Then your registry will open up in its own little window:

What we have here in the left panel is sort of the “folder” that the “setting” is contained
within (the right panel). ON the right side you can add a value, its type, and set the data.
Please keep in mind that each pop-up ad program is unique and may be in one or several
places. What I am about to give you is an example of on style of pop-up ads when
someone uses Internet Explorer AND this pop up ad program tailors the ads towards the
URL’s used in IE to increase the likelihood of purchase through communication with an
off-site server. This program is called “Apropos/media5” which can be installed by a
program called “wildmedia.” This one, unlike others, can be seen in the add/remove

5
From http://www.doxdesk.com/parasite/AproposMedia.html

28
programs window. It will be called something like “AM Server,” “SysAL,” or “CtxPls.”
That should take care of removing it but I want to give you the registry stuff. First, after
opening the registry navigate to the following folder:

HKEY_CLASSES_ROOT/CLSID

Under there will be several folders that need to be deleted:

{655FD3BC-C314-4F7A-9D2E-64D62AOFDD78}
{65C8C1F5-230E-4DC9-9AOD-F3159A5E7778}
{823A3E7-AB95-4C23-8313-OBE9842CC7OE}
{976C4E11-B9C5-4B2B-97EF-F7DO6BA4242F}
{B3BE5046-8197-48FB-B89F-7C767316D03C}

Then open this folder:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Add delete these folders:

AutoUpdater
POP

Finally you have to delete some folders:

HKEY_CLASSES_ROOT\POP.Server[.1]
HKEY_CLASSES_ROOT\PopAd.Server[.1]
HKEY_LOCAL_MACHINE\Software\POP
HKEY_CURRENT_USER\Software\POP

There also are some variants for this particular pop up ad generator but you can go to the
website to find out more instructions. These pop up ads are nothing more than programs
that are installed on your computer. It’s just up to you to make sure they are cleaned off
properly. I prefer the system restore option for best results.
One last point about the registry: I tried to make my registry read-only and it
creates many problems. I thought if no one could write into my registry then it would be
an easy way to stop pop-up ads for everyone. The only problem is the registry is a work-
place for the operating system and it really needs to be accessible. Oh, and before you try
it I also tried changing the directory to a “hidden” directory and it didn’t work either.

29
Mozilla
Let’s think this thing through a bit…hackers hate Microsoft. Microsoft is used on
the majority of computers. Hackers write programs to take advantage of exploits in
Microsoft. The answer is seemingly simple: ditch using Microsoft. Ok, so most people
will not want to do that, so what you can do instead is ditch Microsoft Internet Explorer.
Most pop-up ads are written to be used and enabled through Microsoft Internet Explorer.
Instead we can download and use another browser. I would say use Netscape Navigator
but that is too popular too. Same problems, different channel. Instead I like to use the
Mozilla FoxFire browser on the computer for my wife. It is very similar in appearance
and usage to IE. Heck, she really doesn’t know the difference.
Interestingly enough when I picked up the paper this morning it contained an
article about one of the primary developers of Mozilla. You just got to try it. See? It
even looks like IE but without any of the problems. Plus, it is open source so that is good
too.

If you select tools>options you will see some of the options available to you in Mozilla:

30
31
 Chapter 15:
E-mail and SPAM
• Introduction
• E-mail etiquette
• Acceptable use of e-mail at work
• What to do with SPAM once you receive it
• What about using my home e-mail account on the school network?
• Geek stuff: SPAM basics
• Summary

I would bet you would be very hard pressed to find someone in a school, who deals
directly with students, that does not use e-mail in some fashion. Oh sure some of the
facilities people may not, but we are still dealing with a very small number. Even still
proper use of e-mail has never really been taught. Just like you may have been instructed
on how to answer the phone, how to transfer phone calls, or how to use voice mail you
need to learn how to use e-mail. The case I am trying to make is that most people have
never been instructed on e-mail etiquette and proper use in the work place. In this
chapter we will be discussing e-mail etiquette, using e-mail at home and work, and finish
with some geek stuff on e-mail (Spam).

E-mail etiquette
As a youngster you were taught many etiquette basics like closing your mouth
when you chew, not to slurp your soup, and keeping your elbows off the table. Similarly
we will now look at some e-mail etiquette. Your typically etiquette basics apply when
you are writing e-mail. The one I find most people not following is TO NEVER USE
ALL CAPITAL LETTERS WHEN WRITING E-MAILS BECAUSE IT SEEMS LIKE
YOU ARE SHOUTING AT THE RECIPIENT. Ok, so there may be some times when
you need to use capitalization but that is ok when it used sparingly.
When writing an e-mail you should try to keep everything in a business like
fashion. Try not to abbreviate or be too informal. Just remember at some point someone
may be printing any e-mail you write out for a file someplace. As always when you are
writing an e-mail to your boss or higher up remember to keep your e-mails short,
professional, and to the point.
Let’s look at a couple of examples:

Bad email
HEY! LET”S GO OUT AFTER WORK AND GET SOME BEERTH! THIS
FRIGGIN CASE IS JUST CHAPPING MY BUTT BIG TIME.
SNOOGINS

32
 Good email (rewritten)
Your presence is requested for a case overview meeting after work tonight. Please
R.S.V.P.
Mr. Lovelace

When to use BCC

As a general rule you want to almost never use the BCC feature except in very
select cases. By using it frequently you will build layers of mistrust between you and
your fellow co-workers, so you should only use it in very select circumstances. For
example, when my boss has told me to communicate something in private to a faculty
member I will use BCC to my boss just to let them know the task was completed. Of the
several thousand e-mails I have sent in the past two years I probably only used the BCC
feature about 10 to 20 times.

Hippa
In the health industry they have adopted some legislation regarding privacy of
medical records, including proper use of e-mail. I think all educators and not just the
ones in the medical fields should follow some of these policies. For example, one of the
provisions in Hippa (the Health Insurance Privacy Portability Act) tells us that we are not
to send out e-mails to a bulk list. This is because any one of the recipients could then
have a “target” mailing list ready to go. Therefore they have to send out e-mail’s one at a
time. There are software companies who are making programs that will still let you send
out e-mail in bulk while still concealing the entire mailing list that we will probably see
really soon.
Computer hackers commonly use network tools that allow them to capture e-mail
packets as they travel across the Internet. With a massive carbon copy list (CC:) attached
they can get a large amount of information in a short time. Hippa helps make this more
difficult. Once the hackers have this information they usually re-sell the information to
companies who, in turn, send you unsolicited e-mail or SPAM. We will look at SPAM in
our geek stuff section later in this chapter.

Acceptable use of e-mail at work

It’s almost a common theme throughout this manual: keep “play time” stuff at
home and work stuff at work. I know it is all to easy to get a chuckle out of some funny
joke that someone has forwarded to you but you need to break that chain. Tell people to
not send you those jokes to your work e-mail account. If they must send them, then have
them send them to your home e-mail account. I know it sounds harmless but think of
what we just talked about…hackers using software to gather e-mails to generate target
mailing lists. Have you ever looked at the list of people those jokes have come from?
Talk about an easy mailing list. When you forward an e-mail you have just added your
name to a list of good e-mail addresses that can be used for unsolicited e-mail or SPAM.
Let’s look at one now.

33
 If, by chance you do happen to get some advertisements or SPAM then you
should NEVER click on the link “remove your name from the list.” Many times these
bulk mailers are used to send out e-mails and by clicking to remove your name from the
list only validates that a live address exists. This will only bring you more advertising
and SPAM. In fact, some companies have written software to probe websites and gather
e-mail addresses. Think about our website…we have a directory of all employees and
their e-mail addresses. It wouldn’t take much to get all that information and start sending
bunches of advertisements or SPAM.

What is SPAM?
Ok, so there exist many different pseudo-definitions of spam. Yet, in my opinion
no one really has the balls to come right out and define spam succinctly. They all seem
to be worried about how their definition may interfere with their business or future
business dealings. So, with out further ado, let’s take a bit of time to look at spam a bit.
Networking geek types have thought about spam-like problems since before they
even became problematic. In fact, RFC1234 discussed the problems of mass solicitations
using electronic communications and how they may be able to prevent them from
becoming problems.
Later, as the Internet started to become more prevalent and commercialized an
attempt was made to “regulate” (if you will) electronic mail. First, the government
thought about perhaps placing a tax on electronic transmissions, much like a stamp is
required for a letter. The reason was simple: the government thought they were going to
lose a bunch of money from people not sending letters anymore and, thus, the post office
system would be shut down. However, quite the opposite occurred. In fact, the business
of the post office grew from the amounts of people buying stuff on the Internet and
shipping it through the post office.
The next big “push” was to create second level domain names (SLD’s). The
primary domain names were the *.com (for commercial enterprises), *.net (for
networking companies), *.org (for not-for-profits), *.gov (for governments), *.mil (for
military), and *.edu (for schools). We quickly saw us running out of room in the primary
domain names and wanted to give the world more flexibility. Therefore, some second
level domain names like *.biz (for businesses), *.adv (for advertisers), *.porn (for adult-
oriented pornography), *.rec (for recreational sites), *.mus (for museums, *.arts (for arts)
and others. The logic was simple: to re-organize the naming system to make it more easy
to find things and to make it more efficient for network administrators to manage. One
such problem they hoped to solve was to give network administrators manageable tools
for filtering, especially emails on the border of the network. For example, early “spam”
could be controlled by placing a simple filter to stop all electronic communications with
*.adv or *.porn. A couple of easy steps and the problem is solved, right? Wrong. You
see the advertisers and pornographers argued that they are businesses too and, thus,
eligible for *.com status. Whammo, great idea…poor execution. Somebody needed the
nuts to make a naming system that was mutually exclusive and exhaustive and I think it is
too late to do it now.
With this background in mind spam has become a major headache for users and
network administrators with no logical conclusion in sight. Oh sure, we have seen states
enact anti-spam laws and even the government coming out with a “canned-spam” act that

34
will probably accomplish very little. Where I think the problem lies is with forming a
concrete definition of spam and forming legislation and partnerships between industry,
citizens, and the government. No one has defined spam and electronic communications,
they just loosely talk about it and then build legislation and arguments on shaky
foundations. In my opinion I think electronic communications should be separated into
two categories:

(1) Non commercial electronic communications—this would include emails from

person to person not of a commercial nature
(2) Commercial electronic communications—this would include emails with
respect to a commercial enterprise, offering, or solicitation for business
(a) “Legitimate” commercial electronic communications—this would be
the commercial enterprises who, following a set of standards, would
make it easier for network administrators to control at the border by
filtering. By following a set of standards they would be immune from
prosecution for spamming. Including “ADV” or “PORN” in the
subject line may be two such examples of standards.
(b) “Illegitimate” commercial electronic communications—this would be
those enterprises, commercial or otherwise, that use falsified
information in electronic communications in anticipation of receiving
responses or business. This is what I believe is “spam” not the other
categories.

I really think this is THE definition we have been needing. During the course of this
chapter you will learn more about spam and what I mean by falsified information. I will
talk more about this definition in the conclusion of this chapter.

What to do with SPAM once you get it

At home? Just delete it. At work? Just forward it to the network administrator of your
company. They, in turn, can possibly filter it out on the border and send it on to the FTC
if necessary. If you are at home, then the Federal Trade Commission also would like to
have unsolicited advertisements (SPAM or otherwise) sent to them (uce@ftc.gov). There
are also anti-SPAM websites. Try searching for some of these.
There has been some legal discussions about how much spam is costing
businesses. Some have been saying it is chewing up as much as 25% of someone’s
workday deleting spam. I think they are way off base. I only delete about 10-15 spam’s
everyday and I am kind of “out there” in the public eye. I do get my share of virus-
ladden emails and trojan’s shipped over to me, but I just shoot them off to a CD. I know,
you were expecting me to say I delete them, but I like to keep the little buggers and pull
them apart to see how they work. Unless of course you are a prosecutor for the
government working on DMCA cases…then I just delete them.

What about using my home e-mail account on the school network?

There exists a gray area in the legal realm about using a private e-mail account on
a school (or businesses) network. This issue becomes even murkier when you toss in
using the private account during your non-working hours like over lunch or on your

35
designated “break” time. I would highly suggest, given the proclivities and innuendos in
variations of the laws, that you do not use your private email account at any time while at
work.
In some instances the courts have ruled in favor of the employer being able to
read your email, since it travels over the employer-owned network. In other cases the
courts have ruled in favor of the employee, for invasion of privacy reasons, when an
instance occurs. Most of these rulings hinge upon the acceptable use policy, the training
mechanisms, and the interpretations of the laws in place. Since you are in a training
course about acceptable use of network resources I would say reasonable effort has been
made towards letting you know not to use your private email account on the employer
network. If you do use the private email account over the employer network then you are
accepting the fact the employer has the right to monitor all transmissions on their
network. Does this make you mad? Well there is one simple thing you can do to prevent
it: Don’t use your private email account at work!

Geek Stuff: SPAM Lab

What is SPAM?
SPAM has many different definitions depending upon which source you are
using. If you are using Hormel Foods as your source, then SPAM is a pork-related food
product. If you are in the theatre then SPAM is the theme of a broad way play. If you
are a television aficionado then you know about SPAM from the Monty Python skit. As
network administrators, however, SPAM can more accurately defined, in my opinion, as
the reception or transmission of an unwanted or unsolicited electronic message or
messages that use falsified information that prevent filtering or replies. Usually the
return address in a SPAM message is spoofed (faked) or undeliverable which is what
helped create the negative attitude towards SPAM. Like so many other computer-related
innovations SPAM had good intentions that were perverted by malicious users.
The exact origination of SPAM has been the subject of many debates over the
years. Generally most will agree that SPAM, or a closely-related version of SPAM,
really “hit the scene” in on April 12, 1994 when two lawyers hired a programmer to write
a program that would advertise their services on every news group on the Internet. Leave
it to lawyers, huh? From this incidence people quickly started calling unwanted emails or
postings “SPAM.” The lawyers, in turn, were flooded with nasty phone calls, fax’s, and
emails denouncing their soiling of their particular news group. Oh, did I mention they
went through disbarment proceedings too? Notice again how the “roots” of computer
security involve programmers.
One of the reasons SPAM has gotten a bad wrap is that SPAM is predominantly
used in con-artist scams. The SPAMmers go to great extents to make their SPAMs look
legitimate, even using legitimate-sounding return e-mail addresses (which are actually
spoofed (faked)). Oh sure, you have seen them: “Make money fast,” “Get rich quick,”
“Lose 20 pounds in 20 days,” “Earn $3,000 a week by working at home,” and the ever-
popular chain letter “send this to 10 people within 10 minutes or else blah, blah, blah.”
SPAM really does not hurt the average user too much. It does, however, affect
the ISP’s. We can quickly delete two or three SPAM messages from our in-box. But
think about an ISP like AOL with its millions of users. Multiply each user by 2 or 3

36
SPAMmed messages and you can see that the SPAM can quickly sap the resources of an
ISP.
Let’s take a few minutes to look at the legal side of SPAM. “Is sending SPAM
illegal?” This question is really churning up the discussion groups in legal circles
because of the shear number of topics to which SPAM is applicable: trespass to chattels
(a legal term related to denial of service), privacy, freedom of speech, jurisdiction,
censorship, and intellectual property. Most defense attorneys use comparisons to other
forms of advertising when attempting to defend what their client did. They talk about
television and broadcast advertising, acceptable use policy loopholes, or even use the
phrase “target marketing” or “telemarketing. For some lawyers it is not about right or
wrong but about winning the case at all costs and they will search for any loophole or
angle that may give them that chance of winning. In general most advertisers agree that
using SPAM is unethical and immoral. But some advertisers still use it.
Cyberpromotions, Inc. seems to be keeping the lawyers busy to no end at Internet Service
Providers like AOL, Compuserve, Prodigy, Earthlink and others. I counted over a couple
dozen lawsuits with different ISP’s against Cyberpromotions Inc. alone.
Now, armed with a bit of background knowledge about SPAM, let’s start up some
labs to more fully understand about SPAM and what we can do about it as network
administrators.

How can I get some SPAM to play with?

Unfortunately this is very easy to do. In fact, just about everyone with Internet
access can just wait a couple of days and they will probably find you eventually. But we
can be impatient folks so let’s find out how to force SPAM to come to us and, in the
process, we will learn what not to do when roaming around the Internet.
SPAMmers do have some definite playgrounds upon which they hunt for their
prey. USEnet groups, message boards, and websites where people enter information
about themselves (including credit card numbers) are the favorites. This brings us to:

SPAM Rule: Never use a real e-mail address or real names in USEnet groups,
message boards or on websites.

If you will be chatting in these rooms then you should consider setting up a “dummy”
account to use. This way the SPAM will come to that account not to your real account. I
am not saying you should lie on the Internet, but that you have things you can do to
minimize your chances of being exploited on the Internet. Usually ISP’s give you more
than one account or you can create one with the free email services like hotmail, Yahoo,
or Netzero. In earlier labs I taught you to never believe anything until you see it…so let’s
test out our rule by making a dummy account and seeing just how fast our in-box fills up
with SPAM.

37
Assignment #1:
1. Open an IE or NN browser window.
2. (optional) Go out to a search engine and search for “free email accounts.”
These sites change everyday so you may have to be creative.
3. Navigate to www.hotmail.com and set up a “dummy account” for yourself.
Make it something catchy if you would like. Now is a good time to think of a
nifty little alias or nickname to use. Imagine being zerocool@hotmail.com.
4. Now we probably could wait a few days and we would start seeing some
SPAM come in…but let’s force it a bit.
a. The best way to start the SPAM rolling in is to buy something on-line but
we don’t want to have to go to that extreme. Let’s go out to a message
board…
b. Ok…if you are over 18 you can go to a porn site and then you will receive
more SPAM than you want in your account. Just remember that because
you created a dummy account doesn’t mean you have cookies and settings
in your computer that give your true identity away.
c. Or you can try going to a website and registering for some free stuff…let’s
get something for free and useful while we are at it.
5. In a couple of days (if not sooner) the SPAM should start rolling in.

Click on remove me from the list.

Examining the SPAM…what’s all that stuff?

Ok, so this is the part of the chapter where I am going to show off some of my
collection of spam and interesting emails. The first thing to do with a message that
appears to be SPAM is examine the headers. There are many different ways to do it.
With AOL click on the “details” button under the “to” window.

Subj: Internet Millionaire Guarantees Your Success!

Date: Tue, 18 Jun 2002 1:51:52 PM Eastern Daylight Time
From: Shawn Casey<TuesdayFun@yourbigvote.com>
To: *******@aol.COM
Sent from the Internet (Details)

Next you should see a window appear with all of the details. I copied and pasted the text
into a word document for reverse engineering from a slightly different email:

Return-Path: <ThursdayFun@yourbigvote.com>
Received: from rly-xc03.mx.aol.com (rly-xc03.mail.aol.com [172.20.105.136]) by air-
xc02.mail.aol.com (v86_r1.13) with ESMTP id MAILINXC24-0620122229; Thu, 20 Jun 2002
12:22:29 -0400
Received: from MAILER119.yourbigvote.com
(mailer119.yourbigvote.com [216.162.101.119]) by rly-
xc03.mx.aol.com (v86_r1.13) with ESMTP id MAILRELAYINXC310-
0620122218; Thu, 20 Jun 2002 12:22:18 -0400

38
 Received: by MAILER119.yourbigvote.com (PowerMTA(TM) v1.5); Thu,
20 Jun 2002 09:19:15 -0700 (envelope-from
<ThursdayFun@yourbigvote.com>)
Subject: You Can Buy This Life Insurance - As Low As $10 a Month!
From: Insurance For Less<ThursdayFun@yourbigvote.com>
To: *********@aol.com
MIME-Version: 1.0
Content-Type: text/plain
Date: Thu, 20 Jun 2002 09:19:15 -0700
Message-ID: 200206201222.10MnNQRa14720@rly-xc03.mx.aol.com

This message, while it may be SPAM, appears to be a legitimate ad. Many times when
you go out to the web and sign up for things you neglect to de-select those little boxes
“send me information” or “keep me informed…” According to the headers above I
would not hesitate to send an email back to this vendor to be removed from their email
list.
Why? Well…just like a detective…we have clues that tip us off about the
message. One of the dead give-aways about an email that comes from “questionable”
sources is the time zone listed in the headers. We are looking for matches with time
zones as they relate to Greenwich Mean Time (GMT). For example, Eastern Standard
Time (EST) is 5 hours less than GMT (denoted as –0500). During daylight savings time
EST becomes EDT (-0400). Fake addresses in SPAM’s are usually slightly different.
You may see something like EST (-0600) or EDT (-0500). Obviously this is
wrong. Let’s look at a good one first (that is a good tip when trying to figure out when
something goes bad….compare the probable bad one with a known good one…):

Return-Path: <ThursdayFun@yourbigvote.com>
Received: from rly-xc03.mx.aol.com (rly-xc03.mail.aol.com
[172.20.105.136]) by air-xc02.mail.aol.com (v86_r1.13) with ESMTP
id MAILINXC24-0620122229; Thu, 20 Jun 2002 12:22:29 -0400

Notice how it does not necessarily include time zone information. Same one that I
changed to look like a bad time zone:

Return-Path: <ThursdayFun@yourbigvote.com>
Received: from rly-xc03.mx.aol.com (rly-xc03.mail.aol.com
[172.20.105.136]) by air-xc02.mail.aol.com (v86_r1.13) with ESMTP
id MAILINXC24-0620122229; Thu, 20 Jun 2002 12:22:29 EST (-0600)

The “Received: from” field lists who the email comes from, what firewall device you
may have that may have re-directed it to you, and the program used to send the email to
you (from the destination). In the example above this email came from someone who has
an AOL account, through the AOL mail server to my AOL account. The stuff about the
time? That’s next.
Also be sure to check for corroboration with the SMTP time stamp. Any SMTP
program had a message id number that starts with a letter. If your email was sent
between midnight and 12:59 am then the first letter should be an “A.” If it is not then it
is a good bet the email has been spoofed (faked). Here are the rest:
12-12:59 am A 12-12:59 pm M
1-1:59 B 1-1:59 N

39
 2-2:59 C 2-2:59 O
3-3:59 D 3-3:59 P
4-4:59 E 4-4:59 Q
5-5:59 F 5-5:59 R
6-6:59 G 6-6:59 S
7-7:59 H 7-7:59 T
8-8:59 I 8-8:59 U
9-9:59 J 9-9:59 V
10-10:59 K 10-10:59 W
11-11:59 am L 11-11:59 pm X

Another good tip off this is a “good” SPAM is the return address. Many times they are
“spoofed” (faked). You may see just numbers or a name instead of an actual return
address. If you are feeling particularly gutsy you can click on reply, then send, and see if
it is sent or returned as undeliverable.
You can also check the return address for validity. Make sure it looks like a good
address. Fake ones tend to use bizarre combinations. Look at this one and you can see a
really bizarre address. It does not come from Farmgirl31272@port.net but has that
addition of <MAILER-DAEMON28812. Good tip off. We can also see the X-Set
address is weird: edvkdppCvsmf1hgx@5536.

Return-Path: <MAILER-DAEMON15427@port.net>
Received: from acfw2 ([192.168.255.4]) by voyager.spjc.edu
(Netscape Messaging Server 4.15) with SMTP id
GXWM7T00.0T4 for
<bashamm@spjc.edu>; Tue, 18 Jun 2002 09:45:29 -0400
Received: from aslan.spjc.edu ([198.76.188.39]) by acfw2; Tue, 18
Jun 2002 09:27:29 -0400 (EDT)
Received: from port.net (unknown [212.68.208.66])
by aslan.spjc.edu (Postfix) with SMTP id 0697D26494
for <******@spjc.edu>; Tue, 18 Jun 2002 09:44:59 -0400
(EDT)
From: "Farmgirl31272" <MAILER-DAEMON28812@port.net>
To: <bashamm@spjc.edu>
Subject: Real ZOO web site, welcome! ID<edvkdppCvsmf1hgx>
X-Priority: 3
X-Mailer: The Bat! (v1.53d)
Date: Tue, 18 Jun 2002 17:48:15 +0400
Mime-Version: 1.0
Content-Type: text/html;
charset="ISO-8859-2"
Status: R
X-Status: N
X-Set: edvkdppCvsmf1hgx@5536
Message-Id: 20020618134459.0697D26494@aslan.spjc.edu

Addressing can even be taken to another step…in fact those malicious hackers even
laugh about how “ignorant” we can be about addressing. Look for IP numbers that are

40
not “useable” IP addresses: network numbers, subnet numbers, reserved numbers,
numbers greater than 254. Here is an example:

Return-Path: <TuesdayFun@yourbigvote.com>
Received: from rly-xf03.mx.aol.com (rly-xf03.mail.aol.com
[172.20.105.0) by air-xf02.mail.aol.com (v86_r1.13) with ESMTP id
MAILINXF23-0618135152; Tue, 18 Jun 2002 13:51:52 -0400
Received: from MAILER121.yourbigvote.com (mailer121.yourbigvote.com [216.162.101.121])
by rly-xf03.mx.aol.com (v86_r1.13) with ESMTP id MAILRELAYINXF34-0618135138; Tue, 18 Jun
2002 13:51:38 2000
Received: by MAILER121.yourbigvote.com (PowerMTA(TM) v1.5); Tue, 18 Jun 2002 11:53:44
-0700 (envelope-from <TuesdayFun@yourbigvote.com>)
Subject: Internet Millionaire Guarantees Your Success!
From: Shawn Casey<TuesdayFun@yourbigvote.com>
To: amaffew@aol.com
MIME-Version: 1.0
Content-Type: text/plain
Date: Tue, 18 Jun 2002 11:53:44 -0700
Message-ID: 200206181351.04NoPUEa29212@rly-xf03.mx.aol.com

Sometimes addressing information is contained within parenthesis. You can find reverse-
DNS information here that can be looked up to determine if the stated originator is really
the originator. Just use that IP address and do a WHOIS lookup. If the address and the
results of the WHOIS seem to match then rest easy because you are getting legitimate ads
sent to you (better than scams).

Assignment #2:
1. What would you determine about this email based upon what you see here?

Subj: Check this out! 4763y

Date: Tue, 4 Jun 2002 8:43:50 PM Eastern Daylight Time
From: Eveirv
Bcc: Amaffew

Message text:
Hello, It's me Kira, I finally got my pictures online, come check
it out.<BR>You should see me i am so hot in these clothes.<BR>No
Credit Card required. Come Try it.<BR>It's worth a try! Click <a
href="http://kirasite.da.ru/">Here</a> To see me in action!
<BR><BR> <BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>To
be removed from all future mailings and be unsubscribed from our
list, click <a href="http://unsubscribenow.da.ru">here</a>. <P>
<P> <P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P> <P>
<P><P><P><P><P><P>< P>9491h

2. Ok. I did not respond and got this one a bit later:

41
 Subj: Hey 4827n
Date: Sat, 15 Jun 2002 8:52:13 PM Eastern Daylight Time
From: Ferinos
Bcc: Amaffew

Hello, This is Kira from the chat room.<BR>Guess what! I got my

camera up finally.<BR>I want you to see it, all you need to do is
<a href="http://adults.to/kirashot">download</a> this
software.<BR>It's free, come try it.<a href=
"http://adults.to/kirashot" >I get a little naughty at times :)
tehe. /a><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P><P>
<P><P><P><P><P><P><P><P><P><P><P>5793s

This is not a SPAM e-mail:

SANS is proud to announce two new discount programs for our Teaching
Kits and Awareness Training, available only to educational
institutions. The Intro to Information Security Teaching Kit helps an
entry level person get up to speed and meet the training requirements
for the GIAC Security Fundamentals certification (GISF) and CompTIA's
Security+. Intro to Information Security is available for purchase as
part of our new series of licensed course materials called GIAC Prep. A
starter kit costs $999 (discounted from $3600) and includes six sets of
books, practice exams, rights to use the GIAC Prep Course logo, and a
set of instructor slides. You can purchase additional kits and practice
tests for $250 per student (discounted from $550), making it easy to
benefit from time proven training materials with our simple licensing
program - pay per student/per course. For more information on the
teaching kits for GIAC Prep's Intro to Information Security, please
register at https://store.sans.org/store_item.php?item=106

SANS Security Awareness Training is new on-line training program to

inform your general user population about the risks that they face and
the simple countermeasures that they can take, regardless of their
technical skills and abilities. Real-life stories illustrate the do's
and don'ts of basic security awareness, and quiz questions are
integrated to reinforce key concepts. A special discount has been put
together just for educational institutions of 500 or more students and
faculty. This discount is being offered to provide an opportunity for
students to learn SANS Security Awareness Training before entering the
job market, and for the faculty who will be teaching our future leaders
of the world. SANS is offering a special rate of $1 per user, a
significant savings from the regular price of $10-$50 per user. To
purchase Awareness Training at the special discounted rate, please
write to securityawareness@sans.org with the number of users you are
looking to train in this program.

Please note that this discount is non-transferable and all of the users
must be from an .edu address.

Any abuse of this discount will be cause for termination of this

special offer and non-refundable automatic termination of the accounts.

Brian Correia
Director, Business Development & Venue Planning

42
SANS Institute
www.sans.org / brian@sans.org
703-968-0103 (Phone/EST)
703-830-0520 (Fax)

Some more examples from my file O’ Spam (yeah, I collect

them…I keep them with my viruses…tee-hee-hee)

Dear friend,
I am contacting you to front as a co-owner and beneficiary of
funds (US$25,000,000.00) due for an executed contract here in South
africa. I am currently a high ranking government official in the ruling
cabinet of President Thabo Mbeki (South Africa).
This funds are a result of over-invoiced proceeds of a contract I
helped a South African based company secure and is yet to be paid out
by the Reserve Bank of South Africa.
This funds emanated as a result of an over-invoiced contract
which Sentech (Pty)Ltd., a communications company executed with the
Government of South Africa. I am afraid that the government of South
Africa might start to investigate on contracts awarded from 2000 to
date. If they discover this money yet unclaimed with my name linked to
it, the government will confiscate the money and this will definitely
affect my political career in Government.
I want your assistance to front as a co-owner of this company
(SENTECH [PTY] LTD) to facilitate the release of the funds. I will
introduce a very good attorney to assist us with the transfer process
without any hitch but he will not be told my interest in the
transaction as I play a very sensitive role in my government. As the
contract was executed in my present government department, be rest
assured that I will use my position to approve the immediate release of
the entitlement. As soon as the funds is release to your name, you are
expected to move it immediately into your personal bank account in your
country. As soon as you have confirmed receipt of the funds into your
account, I will arrange to meet with you.
If you agree to my proposal, please endeavour to send me an
urgent reply to; sepeivy@k.ro Due to my sensitive position in the
South African Government, I would not want you to phone or fax me.
The lawyer I will recommend to assist us will be representing our
interest at the Reserve Bank of South Africa and all necessary
quarters. All future correspondence must be made either to the attorney
or myself. I am reposing huge trust on you regardless of your being a
total stranger. Upon your reply, we shall discuss your percentage for
your assistance.
Because of my sensitive position as serving government official,
I will only give you more details of myself when we proceed further and
I am sure of your sincerity.

Thank you.
Dr. Ivy Matsepe-Casaburri
MINISTER OF COMMUNICATIONS
Honesty and transparency, they are my best work tools

43
-----------------------------------------------------------------------
---------------------------------------------------------------------
Confidentiality Notice: The information in this e-mail is confidential
and may also be the subject of legal privilege. It is intended solely
for the addressee. If you are not the intended recipient, please notify
me immediately. You are hereby placed on notice that any copying,
publication or any other form of dissemination of this e-mail or its
contents is prohibited.This footnote also confirms that this email
message has been swept by MIMEsweeper for the presence of computer
viruses.
-----------------------------------------------------------------------
----------------------------------------------------------------------

What a total crock! Sure, it looks legit but one thing you can count on with a good chunk
of SPAM is it will contain spelling errors, grammar errors, etc. Since when does a high
ranking government official not capitalize “africa” anyways? Let’s look at another…

Dear valued customer Help

It has come to our attention that your eBay Billing Information records are out of date. That
requires you to update the Billing Information If you could please take 5-10 minutes out of
your online experience and update your billing records, you will not run into any future
problems with eBay's online service. However, failure to update your records will result in
account termination. Please update your records in maximum 24 hours. Once you have
updated your account records, your eBay session will not be interrupted and will continue as
normal. Failure to update will result in cancellation of service, Terms of Service (TOS)
violations or future billing problems.
Please click here to update your billing records.
http://billing.ebay.com

Thank you for your time!

Marry Kimmel,
eBay Billing Department team.
As outlined in our User Agreement, eBay will periodically send you information
about site changes and enhancements. Visit our Privacy Policy and User Agreement
if you have any questions.

Copyright 2004 eBay Inc. All Rights Reserved.

Designated trademarks and brands are the property of their respective owners.

44
eBay and the eBay logo are trademarks of eBay Inc

Copyright © 1995-2004 eBay Inc. All Rights Reserved. Designated

trademarks and brands are the property of their respective owners. Use
of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.

eBay official time

Yeah…ok…it looks legitimate enough, except I don’t use E-Bay. There are some other
hints here that this is a SPAM…let’s look in the headers (In Outlook double-click on the
message, then View>Options):

Microsoft Mail Internet Headers Version 2.0

Received: from SPCollege.edu ([172.16.1.12]) by EXVS1.SPCollege.edu
with Microsoft SMTPSVC(6.0.3790.0);
Mon, 10 Jan 2005 09:09:12 -0500
Received: from aslan.spcollege.edu ([66.194.104.39]) by SPCollege.edu
with Microsoft SMTPSVC(6.0.3790.211);
Mon, 10 Jan 2005 09:09:12 -0500
Received: by aslan.spcollege.edu (Postfix, from userid 501)
id 9713270187; Mon, 10 Jan 2005 09:08:01 -0500 (EST)
Received: from mailrelay.megawebservers.com (mailrelay1-
2.megawebservers.com [216.251.35.241])
by aslan.spcollege.edu (Postfix) with ESMTP id DF0A770185
for <bashamm@spcollege.edu>; Mon, 10 Jan 2005 09:08:00 -0500
(EST)
Received: from web152.megawebservers.com (web152.megawebservers.com
[216.251.35.152])
by mailrelay.megawebservers.com (8.13.1/8.13.1) with ESMTP id
j0AE9AT6012437
for <bashamm@spcollege.edu>; Mon, 10 Jan 2005 09:09:10 -0500
Received: from web152.megawebservers.com (localhost [127.0.0.1])
by web152.megawebservers.com (8.12.10/8.12.6/SuSE Linux 0.6) with
ESMTP id j0AE9AVE004618
for <bashamm@spcollege.edu>; Mon, 10 Jan 2005 09:09:10 -0500
Received: (from Unknown UID 30500@localhost)
by web152.megawebservers.com (8.12.10/8.12.6/Submit) id
j0AE9Avf004617;
Mon, 10 Jan 2005 09:09:10 -0500
Date: Mon, 10 Jan 2005 09:09:10 -0500
Message-Id: <200501101409.j0AE9Avf004617@web152.megawebservers.com>
To: bashamm@spcollege.edu
Subject: update your credit /debit card information on your eBay
account

45
From: eBay <aw-confirm@ebay.com>
Reply-To: aw-confirm@ebay.com
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
aslan.spcollege.edu
X-Spam-Level: ***
X-Spam-Status: No, hits=3.2 required=20.0
tests=AWL,CLICK_BELOW,HTML_70_80,
HTML_MESSAGE,HTML_TAG_BALANCE_A,HTML_TAG_BALANCE_BODY,
MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,SUBJ_YOUR_DEBT autolearn=no
version=2.63
Return-Path: vip-newsletterz.com@megawebservers.com
X-OriginalArrivalTime: 10 Jan 2005 14:09:12.0364 (UTC)
FILETIME=[F5D3FEC0:01C4F71D]

Where the heck is the E-Bay dot com part? Sure, they may use megawebservers but it
would be highly unlikely E-Bay would not use the correct return path. Let’s “test” our
theory by sending an email to E-Bay and see what the return headers “say.” I navigated
through their help system to find something that would send me an email response…to
here: http://pages.ebay.com/help/newtoebay/customer-support.html Then I sent an email
requesting instructions on how to use Ebay…they should send me the link with
instructions or at least send me an email telling me they received the email and I would
be getting an answer soon. Then we can check the headers to see if the return path’s
match. Oh sure, you probably won’t have to go through all of this but it is fun all the
same. If you don’t know who it is, what it is, or if it sounds to “good” to be true then
delete it. This is becoming a classic SPAM email using a technique known as
“Phishing.” The SPAMMERS/Hackers are fishing for your information to steal your
stuff. Never use the personal stuff over the net…enough said? Sure enough in about 5
minutes I got a reply…here is the headers:

Microsoft Mail Internet Headers Version 2.0

Received: from SPCollege.edu ([172.16.1.12]) by EXVS1.SPCollege.edu
with Microsoft SMTPSVC(6.0.3790.0);
Thu, 13 Jan 2005 12:52:06 -0500
Received: from aslan.spcollege.edu ([66.194.104.39]) by SPCollege.edu
with Microsoft SMTPSVC(6.0.3790.211);
Thu, 13 Jan 2005 12:52:06 -0500
Received: by aslan.spcollege.edu (Postfix, from userid 501)
id 4BDE77008E; Thu, 13 Jan 2005 12:50:51 -0500 (EST)
Received: from smf-klm-02.corp.ebay.com (outbound1.smf.ebay.com
[66.135.215.134])
by aslan.spcollege.edu (Postfix) with ESMTP id A70DA7008D
for <Basham.Matt@spcollege.edu>; Thu, 13 Jan 2005 12:50:50 -0500
(EST)
Received: from [10.112.115.41] (HELO rhv-kas-11.kana.corp.ebay.com)
by smf-klm-02.corp.ebay.com (CommuniGate Pro SMTP 4.1.5)
with SMTP id 49834794 for Basham.Matt@spcollege.edu; Thu, 13 Jan 2005
09:48:29 -0800
Precedence: bulk
Auto-Submitted: auto-replied

46
Date: Thu, 13 Jan 2005 09:48:30 -0800
To: <Basham.Matt@spcollege.edu>
Subject: Thank you for writing to eBay's Support Team
(KMM26135441V38508L0KM)
From: eBay Customer Support <cswebhelp@ebay.com>
Reply-To: eBay Customer Support <cswebhelp@ebay.com>
MIME-Version: 1.0
Content-Type: text/plain; charset = "us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: KANA Response 6.5.0.309
Message-ID: <auto-000049834794@smf-klm-02.corp.ebay.com>
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
aslan.spcollege.edu
X-Spam-Level:
X-Spam-Status: No, hits=0.3 required=20.0 tests=AWL,SUBJ_HAS_UNIQ_ID
autolearn=no version=2.63
Return-Path: cswebhelp@ebay.com
X-OriginalArrivalTime: 13 Jan 2005 17:52:06.0271 (UTC)
FILETIME=[988980F0:01C4F998]

Yup…we have mostly confirmed the first email was not a legitimate email…oh sure
maybe EBAY used a mass mailer to ask everyone for their information but they know
better after all the phishing scams that are out there…Here is another golden oldie to get
you to a site and steal or coax stuff out of you:

Browsing through the CNN website I came across this CNN article which
seems to be about you:

http://www.cnn.com:USArticle1840@www.liquidshirts.com/

Yours,
Jennifer Hawkings

47
Here is an example of an email that was stopped at the firewall as suspected SPAM.
Certain words or phrases are assigned “points” and once you pass the pre-set threshold it
is flagged as possible SPAM:

Spam detection software, running on the system "aslan.spcollege.edu",

has identified this incoming email as possible spam. The original
message has been attached to this so you can view it (if it isn't spam)
or block similar future email. If you have any questions, see
spamd@aslan.spcollege.edu for details.

Content preview: DEAR FRIEND: DO YOU WANT SOME EXTRA CASH? This is an
UPDATED and IMPROVED version of a highly successful marketing program
that is making people WEALTHY. It can easily make you many thousands
of $$$ in the next few months. I know you have seen claims like that
before, but do not just dismiss the idea. Give it a chance, and take
the time to carefully read this ENTIRE letter. After you have read it
all, if you still think it is nonsense, throw it away and you will
have lost nothing. But I think you will keep it once you realize its
potential. If you would enjoy honestly making big money from home,
act on this offer today! [...]

Content analysis details: (37.5 points, 20.0 required)

pts rule name description

---- ---------------------- -------------------------------------------
1.1 EARN_MONEY BODY: Message talks about earning money
2.8 NO_INVESTMENT BODY: No Investment
2.2 MLM BODY: Multi Level Marketing mentioned
2.8 ORDER_REPORT BODY: Order a report from someone
0.7 RISK_FREE BODY: Risk free. Suuurreeee....
2.8 INVALUABLE_MARKETING BODY: Invaluable marketing information
0.9 BANG_MONEY BODY: Talks about money with an
exclamation!
1.9 AS_SEEN_ON BODY: As seen on national TV!
1.1 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.2 REMOVE_IN_QUOTES BODY: List removal information
0.7 FOR_FREE BODY: No such thing as a free lunch (1)
2.5 EXTRA_CASH BODY: Offers Extra Cash
1.6 OPPORTUNITY BODY: Gives information about an
opportunity
2.1 FINANCIAL BODY: Financial Freedom
2.8 INITIAL_INVEST BODY: Requires Initial Investment
2.3 ONE_TIME_MAILING BODY: one time mailing doesn't mean it
isn't spam
2.8 COPY_ACCURATELY BODY: Common pyramid scheme phrase (1)
0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED
0.1 LINES_OF_YELLING_2 BODY: 2 WHOLE LINES OF YELLING DETECTED
3.3 MSGID_FROM_MTA_SHORT Message-Id was added by a relay
2.8 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
0.0 CASHCASHCASH Contains at least 3 dollar signs in a row

Heck from a “hacker” perspective I now know what phrases to avoid to be detected as
SPAM, but we want to be good, right?

48
 • Make a plan of attack for how you would research this email.
• Is it or is it not SPAM?
• Where does it come from?
• How could you stop it from coming?

Where does it come from?

Hackers typically look for vulnerable e-mail servers by scanning for openings on port 25
(see scanning lab for more instructions). Once they find one they must first determine if
the email server can relay email by looking at the version number of the sendmail
program. Earlier versions typically do not work as well…it just depends on the email
program. Do your research.

SendMail v8.x instructions:

1. Telnet to smtp port (25)
2. type help to view available commands
3. type HELO hacker.com then hit <return>. This is the name (hacker.com) that
will appear just after the “Received: from:” header in the email.
4. Now you have to type the address from which it is coming from…yeah
sure…go ahead and put a fake one in…the mail program doesn’t know
any better: MAIL FROM: 1.1.1.0
5. Then you have to tell the program where to send the email to…RCPT TO:
your@bad.com
6. Then just add some text if you would like: DATA SUBJ: Crap
blah, blah, blah
7. Add a period at the beginning of a line and hit <return>
8. If the message “accepted for delivery” appears then it worked!

Remember doing this over the net is a jailable offense…you probably don’t want to
spend 10-20 years showering with convicts.

E-mail harvesting programs

There are a couple of ways those SPAMmers get your email address: pure guessing and
e-mail harvesting. Those harvesting programs , like Target 2001 (by Microsys
Technologies… http://www.1-bulk-email.com/on-target-2001.html) is like a worm that
crawls through the web (without permissions) and “harvests” emails from websites,
cookies, and databases. The results are sent back to the originator. How easy is that? On
that website you will see many programs for harvesting e-mail…chilling. Take a look
sometime “behind the scenes of a webpage.” Try to figure out where all those
advertisements link back too. There are really only a couple of companies doing them:
doubleclick.com and akamai.net. Bet they have great databases that people would love to
get their hands on. Since akamai.net does not charge for controlling their advertisements
then they obviously get money from somewhere…hmmm selling databases?

Using a SPAM filter

Now on your computer you can change some of your settings once you have received
SPAM. Microsoft Outlook is a client-based email system that transfers email from the

49
email server (sometimes called a POP or POP3 server) to the workstation and then
deletes the email from the email server. This is one of the most widely-used email
systems in the world and thus is the most vulnerable to hackers and exploits from
hackers. Later we will discuss pop-up ads in the same vein. Being a client based has
some advantages and disadvantages.

Overall good rules for keeping away from SPAM

There are many good things you can do with emails you receive that you were not
expecting. Never, ever, flame the SPAMmer. It could be an innocent reflector. Be nice
now. Use that “anonymous” hotmail account address in newsgroups. Use a SPAM filter
if you can. Never send a reply to be “removed from a mailing list.” This only confirms
they have reached a valid address and you will be inundated with even more SPAM. Try
not to use your email or web address if at all possible. Use that dummy account. Heck,
once it fills up then no more can be received. Enough said…no more problem.

What to do with SPAM once you get it…

At home? Just delete it. At work? Just forward it to the network administrator of your
company. That is you? Do your research you learned here in this lab and write an ACL
for your router, tweak your firewall, or just delete it and do not worry about it right now.
Besides, you have enough to worry about with all those cookies out there. If you are an
administrator then you should have something about SPAM reception in your Acceptable
Use Policy (AUP)…but that is another lab. The Federal Trade Commission also would

50
like to have unsolicited advertisements (SPAM or otherwise) sent to them (uce@ftc.gov).
There are also anti-SPAM websites. Try searching for some of these.

Using a SPAM filter in MS-Outlook (SPC Helpdesk Instructions)

These are basic instructions for setting up a SPAM filter in your Outlook email. These
filters can be very effective, but you should also be aware that they may occasionally
filter valid email, therefore, it is not recommended that you set the filter to send the email
directly to your “Deleted Items” folder. Instead, you should send it to a separate folder,
where you can scan the contents to make sure there are no valid emails mixed in with the
SPAM, and from there you can delete the messages. Depending on your version of
Outlook, you may already have a “Junk E-mail” folder that can be used for this purpose.
If you do not already have a “Junk E-mail” folder, you can right click on your Mailbox
folder (Mailbox – User Name), and select “New Folder”. You can name this folder
whatever you wish.

Creating your SPAM Filter:

From the Outlook Menu, select “Tools” then “Rules and Alerts”
Click on “New Rule”
Select “Start from a blank rule”
With “Check Messages When They Arrive” highlighted, click “Next”

51
Under Step 1 – Select the box next to “with specific words in the message header”
Under Step 2 – Click on the link “specific words”, and in the box that opens up, type X-
Spam-Level: * then click on “Add”, which will move the asterisk(s) to the search list,
surrounded by quote marks. Click “OK”

52
(NOTE: You can type from 1 to 5 asterisks in this box *****. The more you type,
the higher the chances of getting SPAM in your Inbox. The fewer you type, the
higher the chances of moving valid email to your SPAM mailbox.)
Click “Next”.
Under Step 1 – Select the box next to “move it to the specified folder”
Under Step 2 – Click on the link “specified”, and in the box that opens up, highlight
(select) the folder that you have created for your SPAM Mail, and click “OK”.

53
Click “Next”. Click “Next” again. Make sure that there is a check mark in the box next
to “Turn on this rule”, and click “Finish”.

54
Click “Apply” and click “OK”

So What Did I Learn Here?

Boy…who knew there was so much to learn about SPAM? In this lab you learned about
SPAM in general, how to read those headers, about e-mail harvesting, how to use a
SPAM filter, and some things to do with SPAM once you get them. Go ahead and try
some of the supplemental labs and check out some of these websites if you have some
time.

Supplemental Lab or Challenge Activity:

1. Go out and research RFC 821 and 822. Good SPAM reading. Look at those
numbers? It really has been around for a while huh?

55
 2. Go out and research the email package “Sendmail.” You should be able to get
many tutorials and operating manuals on it. Hackers are only as good as their
research.

So What Did I Learn Here?

In the short term I feel you have learned a bit more about SPAM and should not
be as afraid to deal with them. If nothing else you have learned more about my definition
of SPAM:

(1) Non commercial electronic communications—this would include emails from

person to person not of a commercial nature. This I would call “email.”
(2) Commercial electronic communications—this would include emails with respect
to a commercial enterprise, offering, or solicitation for business
(a) “Legitimate” commercial electronic communications—this would be the
commercial enterprises who, following a set of standards, would make it
easier for network administrators to control at the border by filtering. By
following a set of standards they would be immune from prosecution for
spamming. Including “ADV” or “PORN” in the subject line may be two
such examples of standards. This I would call “email advertisements”
(b) “Illegitimate” commercial electronic communications—this would be
those enterprises, commercial or otherwise, that use falsified
information in electronic communications in anticipation of receiving
responses or business. This is what I would call “SPAM.”

By having those other categories will encourage much cooperation between the
government, legal authorities, and commercial entities. You see, much discussion about
“pink slip” deals has surrounded SPAM. On the one hand, ISP’s loathe SPAM in public
documents, yet on the backside they cut these side deals with the SPAMMERs,
sometimes called “pink slips” or “pink contracts” to allow them use of their band width
for x amount of dollars. It actually makes very good business sense. I say “why not?”
“God bless America.” By defining SPAM in this fashion we have also opened up a
legitimate channel for advertisers that also make it easy for network administrators to
control. Plus, now we have a method for, more or less, taxing commercial solicitations
(at least the legitimate ones) through sales taxes at the ISP’s for the bandwidth. As it
currently exists we all know we can “skirt” sales taxes over the Internet in most respects.
For example, living in Michigan I can buy something over the Internet from a company
in Florida. There are no sales taxes assessed in Florida because the purchase comes from
an out-of-state buyer. I would argue that we need to change this loophole because when I
visit Disney in Orlando I still get charged sales tax on my tickets, food, and souvenirs.
Why one but not the other? Ok, now I am sure to get people screaming at me for “why
am I arguing for more taxes?” Trust me, I don’t like to pay more than I should, however,
we are talking about the context of curbing SPAM by changing a few legislative rules
and procedures. In addition, I do not buy things over the Internet because it allows
tracking of my information. Should there be a “tax” or an “Internet stamp” on emails? I
do not think so because the Internet should be free. It will continue to be how business is

56
done and business can bear the burden of paying taxes so that citizens do not have to
directly pay them.
Boy…who knew there was so much to learn about SPAM? In this lab you
learned about SPAM in general, how to read those headers, about e-mail harvesting, how
to use a SPAM filter, and some things to do with SPAM once you get them.

57
 Chapter 11
Password Protection
• Introduction
• Creating passwords
• Where to record your password
• Geek stuff: Password cracking basics
• Summary

Many people take password protection for granted yet, at the same time they are very
protective of their car keys and locking their house. There is no difference when
discussing password protection. Imagine a time not so long ago when tests were
stored as hard copies in a locked filing cabinet. If someone broke into the cabinet by
picking the lock or some other method and stole a test, then the teacher would usually
not be negligent. On the other hand, if a test file was left open or the test was left on
a desk in a public area then the teacher would surely have been reprimanded for poor
security. By not protecting your passwords or creating them well enough you are
leaving your tests out on the table. In this chapter we will examine general password
creation guidelines, where to record your passwords, and a quick bit on computer
geek stuff for passwords.

Creating Passwords
All kinds of books go into the mathematics of password creation and involve huge
numbers and how long it will take to “crack” a password of “x” length. It is not my
intention to do that here. Instead, from my experiences with computer security I
wanted to share with you some of my insight.
A couple of years back I was hired by a company in Ybor City as a consultant.
The president had fired his network administrator earlier in the day for whatever
reasons and he gave that person until the end of the day to clear out his desk and go
home. BIG MISTAKE! Not only did the guy go home but he changed the passwords
all over the network equipment and did not inform any one that he did so. So the new
network administrator comes in the next day and cannot access anything on the
network. First of all this is a violation of many laws and secondly it is not very nice.
Fortunately this person was not very smart because using some general psychology
and knowing about passwords in general I was able to “crack” through all but one of
the passwords within an hour. The only one I could not “guess” I used a password
cracker and obtained the password in a couple more hours. As I said earlier there is
always someone smarter and better so it’s not even worth risking jail time over this.
If you ever find your self in a position like that network administrator always give a
copy of all of your passwords to your now former employer and document the receipt
of them for your own protection.
So how did I figure out his passwords? Simple. Most people are very lazy with
their passwords. They tend to use things that are familiar to them when creating
them. They will use their names, middle names, spouses names, children’s names,
their favorite Disney character, their pet’s names, the names associated with their

58
favorite hobby, the name of their favorite color, nicknames, the names of their parents
(especially mother’s maiden name), characters from their favorite movies or
something very prominent from a theme in their office. For example, this guy had a
lot of Star Trek stuff hanging around so I guessed and hit two of them right off the
bat: captainkirk and enterprise. People also use numbers like anniversaries, birth
days, graduation days, and other ones.
The best passwords use a combination of numbers, letters, and special characters.
I would also recommend the use of a combination of upper and lower case letters
when creating them. How long should they be? You will be told for your specific
network. Most require between 6 and 8 characters minimum. Let’s take a second
and look at some good and bad passwords in table 1.

Bad Passwords Good Passwords

mike Mi8cH*aEl
anna AN^n@Na
goofy B3++3r
rover H4XorZ*
beth 3ll1T3*5Io34K
surfer $r52Much
green 5+4Ow+
daddy 8o4w4Y
momma 1<3wL5t\/f
silentbob +ooH4rD3

Table 1—Good and Bad Passwords

It’s not rocket science…its creating a password for you to use. Unfortunately many
networks require you to change your password periodically (usually every 30 days).
If that is not enough then they usually require unique passwords every time. So at
some point most people write them down somewhere and that is what we will discuss
in our next section.

Where to Record Your Passwords

Another dead give away when figuring out passwords is when they write them
down. You would be surprised how many people put a sticky note on the monitor
with their passwords in plain site. What good is having passwords then? It doesn’t
stop there…stop me if you do these…people put them under their keyboards, on the
little pull-out drawer in their desk, on the side of a garbage can, on a bulletin board, or
even in a notebook (they think they are being cute by putting it on the last page, but I
know better). Many people write them down and keep them in a purse or wallet too
which is not bad but they forget about the imprint that is made on the subsequent
pages below that top sticky note. I got one of that guy’s passwords in just that
manner. The last thing he did was write one down on a sticky note but the imprint
was still left on the pad on his desk.

59
 The best thing I can suggest if you are going to write them down to make sure no
imprint is being made and to keep them in your purse or wallet. You would be
surprised how many people are keeping them in a manila file folder called
“passwords.”
There is a newer technology that is starting to spread which allows you to write
down your password in a secured manner. This file uses very strong coding to
prevent people from being able to read the contents of the file. In this file you will be
keeping track of all of your passwords and will only be required to remember the
password into this file. Whenever a password is required the program is executed and
each password within the file is tried until the “magic” one (the one needed) allows
access to whatever you needed. It still has a lot of problems (like maximum log in
attempts) but the point is: someone is trying to make it easier for you.
In our next section we will talk about how hackers can use software to “crack”
passwords. It is my hope you will see how easy cracking passwords can be and, in
turn, you will take greater care in creating your passwords.

60
Preface: Why do they do it?
Microsoft is the most popular
operating system in the
world. The “hackers” of the
world for years have known
that (1) Microsoft has refused
to make their programs open
source and (2) that they can
profit by the security holes in
Microsoft, since they refuse
to comply with the terms set
in the “Hacker Manifesto.”
Thus, hackers are in this for
the profit, through referral
payments from visitors.
Part I: Legal Stuff
Maine Public Utilities
Commission v. Verizon
[Docket no. 2002-543]
www.state.me.us/mpuc/order
s/2002/2002-543oai.pdf
The gist: worms, viruses and
other deeds are predictable
and therefore preventable.
Cobell v. Norton 240 F.3d
1081 (DC Cir. 2001) 274 F.
Supp. 2d 111 (DDC 2003)
http://www.indiantrust.com/
The gist: Courts can step in to
decide security procedures.
City of Clearwater v. Times
Publishing Co. 27 Fla. L.
Weekly D1544a. (Fla. 2d
DCA July 3, 2002
The gist: not everything on
your computer is for the
public to see, but you must
use due diligence and set up
your computer appropriately.
See also “Courts make users
liable for security glitches”
www.cio.com/archive/02010
4/tl_litigation.html
Part 2: Having fun on the
Internet…or not?
Trojans are programs or files
that are executed on your
computer…usually without
your knowledge.
Trojans can be:
• Games
• Videos
• Audio Clips
• Photographs
• Advertisements
The key for you is to NOT
use the Internet whenever
possible…let discretion be
your better guide. Save the
fun surfing for at home.
How to use your virus
scanner:
First of all make sure your
technician has your computer
set up to automatically
download any patches or
“updates” automatically.
Also, I would have them set
up your scanner to check files
before downloading or
copying from a disk or thumb
drive.
1. Click on your Start button,
then Programs, then on
Network Associates and
finally on Virus Scan on-
demand
2. To check your entire
computer select “Start.”
To check only a certain
folder click on “Add” then
“drive or folder” then
select the location of that
folder, then “ok” and then
select “start.”
3. Hopefully your check will
be clean. Contact CSS if
needed.
Instant Messengers
I don’t recommend using
Instant Messengers (AOL,
MSN, ICQ, Yahoo, etc)
because most of them are
built on the Internet Explorer
engine, allowing the IM
companies (or hackers) to
have full access to your
computer and its documents.
In their user policy you may
see this line:
“You waive all rights to
privacy…” (enough said)
Part 3: The four food
groups of the Internet
Java-Applets-Cookies-Spam
Cookies can be disabled by:
1. Opening IE
2. Click on Tools, Internet
Options, Privacy (tab),
Advanced, Over-ride
Automatic Cookie
Handling and then
3. Switching both party’s to
“prompt” for cookies
I don’t recommend this…you
will go nuts with all of the
prompts at the various
websites.
Pop-up ads and spyware are
simply avoided by switching
from IE to using Mozilla
Firefox as a browser (it is
free and easy to use).
http://www.mozilla.org
It works with Peoplesoft,
Crystal Reports, MS Outlook
and other programs. If your
application is video-intensive
you may encounter slight
problems.
SPYWARE AND POPUPs
To “clean out” spyware and
pop up ads you can use
system restore points
(XP/ME) in 2000 call your
CSS technician:
Creating a System Restore:
1. Click on Start, help, pick a
task, Create a restore point
2. Then name it (I do this
once a month).
To restore to an earlier point:
1. Click on Start, help, pick a
task, Restore my computer
to an earlier time
2. And the computer will
“fix” itself. Your
documents will be saved,
but your programs will be
reset to the state they were
in at the restore point. If
you installed any new
software since then, you
will have to do it again.
Part 4: Email Stuff
1. Proper “netiquette” dictates
that YOU SHOULD NOT
TYPE WITH ALL CAPITAL
LETTERS TO AVOID THE
APPEARANCE OF
SCREAMING!
2. Try not to use a font that
will be difficult to
read or to put in a lot of
color or graphics.
3. Never be afraid to use the
phone first, and email
second. “Tone” can be
greatly misconstrued with
email. Also, in a Sunshine
Law state think of any
email as having the
possibility of winding up in
the newspaper.
4. Very sparingly use BCC.
5. Be careful not to “reply to
all” and use “reply.”
6. You can request receipts
for emails if needed. They
can be blind requests or
regular requests.
MS Outlook Email Stuff
To request a regular receipt:
1. After typing the email,
click on “options”(on the
standard toolbar).
2. Click on “request a
delivery receipt for this
message.
3. And then “close.”
The “recipient” will then
permit/deny a receipt to be
sent to the sender.
To request a blind receipt:
1. After typing the email,
click on “options”(on the
standard toolbar).
2. Click on “request a read
receipt for this message.
3. And then “close.”
The “recipient” will send a
“read” receipt (without their
knowledge) to the sender.
Have replies sent to:
Sometimes you want to send
out a bulk email for someone
else but do not want replies
sent to you:
1. After typing the email,
click on “options”(on the
standard toolbar).
2. Click on “have replies sent
to”
3. Select a recipient.
4. And then “close.”
“Delayed email”
1. After typing the email,
click on “options” (on the
standard toolbar.
2. Click on “do not deliver
before” and then select the
date and time.
3. And then “close.”
Viewing Email Headers:
1. In MS outlook, open the
email
2. Click on “View” and then
3. “Header and Footer.”
SPAM usually has time zones
of -0400 and –0600 instead
of -0500 EDT.
Quick check for SPAM:
When viewing the headers,
does the “return-path” match
the sender? For example, is
the email from E-Bay being
sent to the return-path
address of ebay.com?
Setting up a SPAM filter
Windows 2000
1. Select “tools”
2. Select “rules wizard”
3. Select “new”
4. Select “check messages
when they arrive”
5. Choose your “options”
6. Select the word or phrase
7. Select an action (like move
it to a folder or delete it)
8. Add any exceptions
9. Give the rule a name
10. Click on finish.
Then you can add more rules
if you like. I prefer to not do
this because you never know
when you might “miss” an
important email.
Part 5: Passwords
It is very important that you
select good passwords and do
not write them down on post-
it notes, put them under your
keyboard or in notebooks.
Choose one with a
combination of letters,
numbers, and symbols that
will be easy to remember.
Example: “Linda” becomes
“1in0|400o1” (Linda 0001)
Part 6: Backing up your
data
It is vital to have your
technician set up your
computer to back up your
emails to another server or
show you how to back them
up to a CD at least once a
month. Test them too!
727-341-3010
Basham.Matt@spcollege.edu
Staying one step ahead of the
hackers: Computer security
tips for the everyday user
Matthew J. Basham, Ph.D. (a.b.d.)

(c) 2005 Matthew J. Basham

 copyright laws of the United States
of America. All rights reserved. No
part of this slide show or manual, or
derivatives thereof, can be
reproduced or transmitted in any
form or by any means electronic or
mechanical, including photocopying,
recording, or by any information
storage and retrieval system, without
explicit written permission from the
author, except for the brief
(c) 2005 Matthew J. Basham

t ti i i A
 Some ground rules
♦ Please turn your cell phones, beepers,
pagers, blackberries to not make any noise
♦ Feel free to go to the restroom whenever
♦ Food and drink are not allowed in the room
♦ Call me “Matt”

(c) 2005 Matthew J. Basham

 Today’s Agenda
1. Legal stuff for you to know…
2. Having fun on the Internet…or not!
3. The four food groups of the Internet
4. Email stuff
5. Passwords: You got’em, I can get’em!
6. Backing up your data
♦ QNA

(c) 2005 Matthew J. Basham

 The World would be better off
without Microsoft…or would it?
♦ Microsoft is the most popular (by default)
operating system.
♦ As such, it is the target of frequent criticism
and hackers.
♦ If you use Microsoft then you stand “in
between” the hackers and Microsoft, as
such, you may have “problems” with your
computer from time to time.

(c) 2005 Matthew J. Basham

 “It won’t happen here…”
♦ “Hackers cripple SPC Internet Classes”
St. Petersburg Times; St. Petersburg, Fla.; Feb. 11, 2004;
ADRIENNE P. SAMUELS;
♦ “Hackers pilfer eighth-grade science
exam” St. Petersburg Times; St. Petersburg, Fla.; Dec
14, 2000; LINDA GIBSON;
♦ “Boy, 14, charged with hacking”
St. Petersburg Times; St. Petersburg, Fla.; Feb 19, 2000;
Bill Varian (the boy hacked into a server in which grades
were stored at Crystal River High School)

(c) 2005 Matthew J. Basham

Legal Stuff for you to Know

Part 1

(c) 2005 Matthew J. Basham

 Legal Stuff for you to Know…
♦ Maine Public Utilities v. Verizon
– “The gist:” Worms, viruses, and other deeds are
predictable and therefore preventable
– You get’em…it’s your own fault
♦ Cobell v. Norton
– “The gist:” Courts can step in to determine
adequate security procedures

(c) 2005 Matthew J. Basham

 Legal Stuff for you to Know…
♦ City of Clearwater v. Times Publishing Co.
– “The gist: not everything on your computer is
for the public to see…”
♦ The “key phrase” for you to remember is:
– “Due diligence”

(c) 2005 Matthew J. Basham

Having fun on the Internet…
or not!

Part 2

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?
♦ Hackers now use programs called “trojans”
that are downloaded onto your computer,
usually without your knowledge.
♦ This can be done simply by an “executable”
program being run from your computer to
the website and depositing “stuff” onto your
computer.

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?
♦ Trojan programs can be:
– Games
– Videos
– Audio clips
– Photographs
– Advertisements

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?
♦ Why do hackers do this?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?
♦ The key phrase here is “avoidance.”
♦ Most of the time you do not need to be
using the web…the less you use it the less
likely you are to “cause problems.”
♦ Has anyone seen the commercial for the
“pink slip” virus?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?
♦ Be sure to learn how to use your virus
checker to “scan” documents for viruses

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?

(c) 2005 Matthew J. Basham

Having fun on the Internet…or not?
♦ Final note here about Instant Messengers
(AOL, MSN, Yahoo, ICQ, etc)
♦ Using them might create a security breach
for your computer and you…do you want to
possibly cause having student data released
onto the Internet?

(c) 2005 Matthew J. Basham

The four food groups
of the Internet

Part 3

(c) 2005 Matthew J. Basham

 The “Four Food groups
of the Internet”
♦ We all know about food groups:

Nutrition Internet
Meat SPAM
Fruits Applets
Breads Cookies
Dairy Java

♦ The key phrase for you is the four food groups can
create “problems for you.”

(c) 2005 Matthew J. Basham

 How does IE work?
♦ When you are on the Internet files are
“downloaded” to your computer and
“uploaded” from your computer.
♦ Some of these files are called “cookies” and
“applets.”
♦ There are security settings you can change
to notify you every time these things happen
but they would be a pain in the keister.

(c) 2005 Matthew J. Basham

How does IE work?

(c) 2005 Matthew J. Basham

 Why not IE?
♦ “Spyware” and “Pop-up Ads” work on the
same premise…
♦ You are using IE…and “they” know that IE
MUST allow files to be uploaded and
downloaded at will.
♦ Thus, it is very easy to “download” trojans
onto your computer and make your life
“interesting” when you use your computer.

(c) 2005 Matthew J. Basham

 What else is there?
♦ Mozilla’s Firefox program is very, very
similar to IE, except that the “code” was
written completely differently.
♦ Thus, any problems with hacker, trojans,
spyware, and pop-up ads are “eliminated”
by simply switching to Firefox.
♦ Mozilla Firefox is a free program.

(c) 2005 Matthew J. Basham

Mozilla Firefox Browser

(c) 2005 Matthew J. Basham

Some “issues” with Firefox
♦ There are some, not many, websites that
encounter “problems” with Firefox.
♦ Usually it is those sites that require Flash
players, or advanced graphics tools.
♦ Firefox works ok with Peoplesoft, Crystal
Reports, and MS Outlook.

(c) 2005 Matthew J. Basham

How can I get Firefox?
♦ Simple, just pick your favorite web
searching engine…put it “mozilla firefox”
and you should be pointed right to the
website.
♦ Then, just download it and you are ready to
go!
♦ P.S. I don’t get any money for suggesting
Firefox

(c) 2005 Matthew J. Basham

What if I have a bunch of Pop-ups?
♦ Pop up ads are nothing more than trojans
that have been downloaded to your
computer that have “altered” the main core
of the Windows operating system known as
“the registry.”
♦ To fix any problems you need to do a
system restore (which is beyond this class
but included in the on-line course).

(c) 2005 Matthew J. Basham

Email stuff

Part 4

(c) 2005 Matthew J. Basham

 E-mail Stuff
♦ Netiquette:
– You should try to refrain from using all capital
letters SO YOU DON’T SEEM TO BE
SCREAMING AT ME.
– Also, try to use an “acceptable” font…nothing
too big, nor too difficult to read
– Try not to use the “BCC” option too
much…people will be afraid to open your
emails

(c) 2005 Matthew J. Basham

 E-mail Stuff
♦ Be careful to chose
“reply” and not “reply
to all”
♦ You can request a
“receipt” or physical
acknowledgement by
the recipient

(c) 2005 Matthew J. Basham

(c) 2005 Matthew J. Basham
 SPAM
♦ What is SPAM?
♦ A “bunch” of what you receive is not
SPAM, it was “farmed” or “mined”
information and “target marketed.”
♦ Most advertisements are generated from
these methods and from you asking “to be
kept informed of special events, discounts,
etc.”

(c) 2005 Matthew J. Basham

 Which ones are SPAM?
♦ Huntington Bank: Your account information needs
to be updated.
♦ EBAY/PAYPAL: Your account has been
suspended.
♦ St. Petersburg College: Your access may be
discontinued.
♦ Internet Millionaire Guarantees your success!
♦ I am a Nigerian official trying to get money out of
Africa.

(c) 2005 Matthew J. Basham

How to tell if an email is SPAM.
♦ In MS Outlook View>Header and Footer
♦ We are in the Eastern Time Zone five hours
behind GMT which is -0500 in computer speak.

(c) 2005 Matthew J. Basham

How to tell if an email is SPAM.
♦ A quick check is to look for the return
address.

(c) 2005 Matthew J. Basham

 SPAM filters
♦ They work by looking for “keywords”
♦ Each keyword is assigned a “point.”
(Everything is mathematical in computers)
♦ Enlarger=1; sex=1; cheating housewife=1;
pornography=1; huntington bank=20, etc.
♦ If too high a total is reached for an
incoming email it is “flagged” as possible
SPAM.
♦ You can set your own keywords too.

(c) 2005 Matthew J. Basham

MS Outlook SPAM filter setup

(c) 2005 Matthew J. Basham

MS Outlook SPAM filter setup

(c) 2005 Matthew J. Basham

MS Outlook SPAM filter setup

(c) 2005 Matthew J. Basham

MS Outlook SPAM filter setup

(c) 2005 Matthew J. Basham

MS Outlook SPAM filter setup

(c) 2005 Matthew J. Basham

Passwords: You got’em,
I can get’em!

Part 5

(c) 2005 Matthew J. Basham

 Passwords: You got’em,
I can get’em!
♦ People are lazy with their
passwords...
– On a lamp
– post-it note
– desk top
– side of monitor
– pull-out drawer
– garbage can
– under a keyboard
– in a rolodex
– or in a notebook

(c) 2005 Matthew J. Basham

Backing up your data

Part 6

(c) 2005 Matthew J. Basham

 Backing up Data
♦ Set up your computer so an archive copy of
your emails are sent to another computer or
server.
♦ If you do not know how, then submit a
work order to your CSS through the help
desk to accomplish this task.
♦ Periodically “spot check” and test the
validity of the back up.

(c) 2005 Matthew J. Basham

 SPC Rules and Procedures
♦ You are responsible for everything on your
computer and the college can look at
anything at any time, private or not
(6Hx23.6.900)
♦ You are responsible for the security of your
data and your passwords (P6Hx23-1.8104)

(c) 2005 Matthew J. Basham

Summary of “Key Phrases”

“Due Diligence”
“Avoids”
“Problems for you”

(c) 2005 Matthew J. Basham

 What is next?
♦ Normally there is a handout with step-by-
step instructions on each subject discussed
here, but funds prohibit reproducing it.
♦ You can go to
http://www.lulu.com/learningbydoing and
download it for free.

(c) 2005 Matthew J. Basham

Question and Answer session

Feel free to contact me

341-3010
Basham.Matt@spcollege.edu

(c) 2005 Matthew J. Basham

 copyright laws of the United States
of America. All rights reserved. No
part of this slide show or manual, or
derivatives thereof, can be
reproduced or transmitted in any
form or by any means electronic or
mechanical, including photocopying,
recording, or by any information
storage and retrieval system, without
explicit written permission from the
author, except for the brief
(c) 2005 Matthew J. Basham

t ti i i A