• Rootsweb clickjacking?

    From Steve Hayes@21:1/5 to All on Sun Sep 2 11:35:57 2018
    XPost: soc.genealogy.misc

    The Rootsweb mailing lists seem to be working again, sort of, but they
    have a disturbing new feature.

    I usually put my contact information in my sig, in the form of a straightforward link to my family history blog, but recently Rootsweb
    has started substituting something quite unreadable, which looks
    suspiciously like clickjacking.

    My family history blog is at:

    https://hayesgreene.wordpress.com

    But Rootsweb substitutes this:

    https://urldefense.proofpoint.com/v2/url?u=http-3A__hayesgreene.wordpress. com&d=DwICAg&c=kKqjBR9KKWaWpMhASkPbOg&r=S1T1XWZTxt1pl5GPV4RRnQMqH_u2LotdGC DXZy821fA&m=w5cvVd44dxQXv5b-EWup0vh-rSHu1AL0Pv76XWNm2Ic&s=gkZE46xSRdijM25X 6rxwEw2-3pcV09RhFW3SWoIAsQ4&e=
    Web:
    https://urldefense.proofpoint.com/v2/url?u=http-3A__www.khanya.org.za _famhist1.htm&d=DwICAg&c=kKqjBR9KKWaWpMhASkPbOg&r=S1T1XWZTxt1pl5GPV4RRnQMq H_u2LotdGCDXZy821fA&m=w5cvVd44dxQXv5b-EWup0vh-rSHu1AL0Pv76XWNm2Ic&s=A4BNoP 0zgz6Lqt_dSBp2T4-LFQAiBG7r5ZzMIWRDGcw&e= E-mail:

    Now I suppose I could copy that and paste it into my browser, but what
    does it mean?

    How do I know that that isn't malicuious code that is going to format
    my hard disk or something?



    '
    --
    Ignore the following - it's spammers for spambot fodder.

    lucymartin161994@gmail.com
    finddatingmen@gmail.com
    searchdatingsingle@gmail.com
    tomandrus4@gmail.com
    adultsinglesdating@gmail.com
    gburdine57@gmail.com
    datingpersonalssites@gmail.com
    girlsdating170@gmail.com
    adultfriendclubs@gmail.com
    casualxdating@gmail.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Fred McKenzie@21:1/5 to Steve Hayes on Sun Sep 2 11:51:04 2018
    XPost: soc.genealogy.misc

    In article <r7bnodlnm6dqkju141fl1fd33ehcgje4id@4ax.com>,
    Steve Hayes <hayesstw@telkomsa.net> wrote:

    My family history blog is at:

    https://hayesgreene.wordpress.com

    But Rootsweb substitutes this:

    https://urldefense.proofpoint.com/v2/url?u=http-3A__hayesgreene.wordpress. com&d=DwICAg&c=kKqjBR9KKWaWpMhASkPbOg&r=S1T1XWZTxt1pl5GPV4RRnQMqH_u2LotdGC DXZy821fA&m=w5cvVd44dxQXv5b-EWup0vh-rSHu1AL0Pv76XWNm2Ic&s=gkZE46xSRdijM25X 6rxwEw2-3pcV09RhFW3SWoIAsQ4&e=

    Steve-

    I share your concern, but this is the world we live in. Rootsweb is
    most likely doing this to protect itself.

    I entered "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.khanya.org.za"
    into Safari, and got a reply from Proofpoint that states, "This domain
    is part of the cybersecurity system that protects enterprise users from targeted phishing email and threats."

    When I entered the longer "urldefense" URL Rootsweb substituted, it
    transferred to your original "hayesgreene" URL.

    Fred

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steve Hayes@21:1/5 to All on Sun Sep 2 21:07:41 2018
    XPost: soc.genealogy.misc

    On Sun, 02 Sep 2018 11:51:04 -0400, Fred McKenzie <fmmck@aol.com>
    wrote:

    I share your concern, but this is the world we live in. Rootsweb is
    most likely doing this to protect itself.

    I entered >"https://urldefense.proofpoint.com/v2/url?u=http-3A__www.khanya.org.za"
    into Safari, and got a reply from Proofpoint that states, "This domain
    is part of the cybersecurity system that protects enterprise users from >targeted phishing email and threats."

    When I entered the longer "urldefense" URL Rootsweb substituted, it >transferred to your original "hayesgreene" URL.

    I'm glad to hear it, but it looks a bit like "hasir of the dog that
    bit you" to me -- make legitimate URLs look like malware to protect
    against malware? The logic escapes me.


    --
    Ignore the following - it's spammers for spambot fodder.

    lucymartin161994@gmail.com
    finddatingmen@gmail.com
    searchdatingsingle@gmail.com
    tomandrus4@gmail.com
    adultsinglesdating@gmail.com
    gburdine57@gmail.com
    datingpersonalssites@gmail.com
    girlsdating170@gmail.com
    adultfriendclubs@gmail.com
    casualxdating@gmail.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Damon@21:1/5 to Steve Hayes on Sun Sep 2 22:02:52 2018
    On 9/2/18 3:07 PM, Steve Hayes wrote:
    On Sun, 02 Sep 2018 11:51:04 -0400, Fred McKenzie <fmmck@aol.com>
    wrote:

    I share your concern, but this is the world we live in. Rootsweb is
    most likely doing this to protect itself.

    I entered
    "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.khanya.org.za"
    into Safari, and got a reply from Proofpoint that states, "This domain
    is part of the cybersecurity system that protects enterprise users from
    targeted phishing email and threats."

    When I entered the longer "urldefense" URL Rootsweb substituted, it
    transferred to your original "hayesgreene" URL.

    I'm glad to hear it, but it looks a bit like "hasir of the dog that
    bit you" to me -- make legitimate URLs look like malware to protect
    against malware? The logic escapes me.



    Things like proofpoint work as long as you know about it, and work best
    when ALL your mail goes through it. Once you know about it, you can spot
    check the link, and if it is proofpoint (and you expect this mail to
    have come through a proofpoint protected network) then you can look at
    the reference domain which is fairly clear, and see if it makes sense to follow.

    Of course one issue with Rootsweb here is that it doesn't seem to have
    been well explained, and one danger with this sort of thing is if only a
    small part of your mail gets such protections, then it is easier to fall
    for other unprotected mail to use something similar to disguise
    something dangerous.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Steve Hayes@21:1/5 to Richard@Damon-Family.org on Wed Sep 5 04:29:06 2018
    On Sun, 2 Sep 2018 22:02:52 -0400, Richard Damon
    <Richard@Damon-Family.org> wrote:

    Of course one issue with Rootsweb here is that it doesn't seem to have
    been well explained, and one danger with this sort of thing is if only a >small part of your mail gets such protections, then it is easier to fall
    for other unprotected mail to use something similar to disguise
    something dangerous.

    Yes. One gets used to spammers trying to make spam look like
    legitimate mail, but trying to make legitimate mail look like spam can
    be very misleading.


    --
    Ignore the following - it's spammers for spambot fodder.

    lucymartin161994@gmail.com
    finddatingmen@gmail.com
    searchdatingsingle@gmail.com
    tomandrus4@gmail.com
    adultsinglesdating@gmail.com
    gburdine57@gmail.com
    datingpersonalssites@gmail.com
    girlsdating170@gmail.com
    adultfriendclubs@gmail.com
    casualxdating@gmail.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Denis Beauregard@21:1/5 to hayesstw@telkomsa.net on Fri Sep 28 10:17:08 2018
    XPost: soc.genealogy.misc

    On Sun, 02 Sep 2018 11:35:57 +0200, Steve Hayes
    <hayesstw@telkomsa.net> wrote in soc.genealogy.computing:

    Now I suppose I could copy that and paste it into my browser, but what
    does it mean?

    How do I know that that isn't malicuious code that is going to format
    my hard disk or something?

    I don't think that by visiting a web site, your hard disk will be
    formatted. If this was possible, there would be millions of people
    saying this happened to their friend because there are millions of
    people who will follow blindly any link.

    If you don't trust a link, you can use a proxy to visit it. There
    is also some sites that will show you an image of the result of
    your link (to see how this or that browser is rendering your site).


    Denis

    --
    Denis Beauregard - généalogiste émérite (FQSG)
    Les Français d'Amérique du Nord - www.francogene.com/genealogie--quebec/ French in North America before 1722 - www.francogene.com/quebec--genealogy/
    Sur cédérom à 1785 - On CD-ROM to 1785

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)