Anti-phishing idea

More or less the only ‘spam’ that reaches my inbox, is the occasional phishing mail, made to appear to be sent from a Dutch bank, trying to find out my online banking credentials. I want to get rid of those.

Now, the solution that I came up with, is somewhat crude, but I wonder if it will result in any false positives. I don’t think I have ever received a legitimate mail from a bank I do business, but I have been told by friends, and by ABN AMRO bank itself, that they do sometimes send out mail to (potential) customers. The question is: do theses mails originate from the Netherlands?

What I did was the following. My MTA is Exim, and it is already configured to identify the originating country for a given email, using a GeoIP lookup. Every mail coming in through my MTA has headers like these:

X-GeoIP-Code: US
X-GeoIP-Country: United States

So, if I want to block mails from a certain sender (and I want to be looking at the From: header rather than the envelope sender here), unless it came from inside the Netherlands, I can just implement a simple SpamAssassin check:

# Phishing from Dutch banks
header    __GEO_FROM_NL          X-GeoIP-Code =~ /^NL$/
header    __FROM_DUTCH_BANK      From =~ /(ING Bank|Rabobank|ABN AMRO)/i
meta      DUTCH_BANK_FOREIGN_IP  (__FROM_DUTCH_BANK && !__GEO_FROM_NL)
describe  DUTCH_BANK_FOREIGN_IP  Dutch bank mailed from a foreign IP
score     DUTCH_BANK_FOREIGN_IP  2.5

Anything with a score of 3.1 or higher is considered SPAM, so adding 2.5 points can still get the message through, if nothing else is wrong with it. However, this is hardly ever the case. If necessary, I could raise the score a little, but in the mean time, it’s nice to know that a legitimate mail, even if it came from abroad, could still have a chance to come through.

Is this a good idea, or would this result in false positives for sure?

Firefox’s back button drop-down

Just getting used to working with new Firefox 4, I noticed something was missing: the small drop-down menu that used to be next to the back/forward buttons, which allowed you to go back in your history faster than one page at a time. Apparently, the presence of this menu was considered a bug, hence it was removed.

I use that quite a lot, so I was just a little bit upset that it was gone, but as always in the land of open software, someone has come up with a solution. This cute little add-on restores the history drop-down menu. Nice!

(And yes, I know a right-click on the back button does exactly the same thing, but on my laptop, when my right hand is over the touchpad, having to click the right-side button is just not convenient.)

My essential Firefox add-ons

Firefox 4 has been released today. I would love to upgrade, but I’m afraid I will lose some of my add-ons, because they’re not compatible yet. Time for a little research. And I’ll review my favorite add-ons while I’m at it. A disclaimer upfront: if my review says: ‘compatible with Firefox 4’, it says so on addons.mozilla.org. I didn’t test it, yet.

1. LastPass. The most important add-on that I have. It is the interface to LastPass.com, the password manager that I have been using for the last year or so. It has plugins for Firefox, Chrome and MSIE, so I have my passwords at hand, no matter what browser I use. I wouldn’t know what to do without it. Compatible with Firefox 4.
2. Yoono. A sidebar that connects to your social networks. For me, it is a nice and efficient Twitter client, which shows my timeline as it updates in any browser window. It supports Facebook, MySpace, Twitter (multiple accounts), Flickr, LinkedIn, YouTube, Foursquare and more. Best distinguishing feature: groups. Compatible with Firefox 4.
3. Firebug. No explanation necessary, right? The DOM at your fingertips. Should work with FF4.
4. NoScript. Blocks Javascript on untrusted websites. There is no excuse for not using it. Compatible with FF4.
5. Web Developer. Adds a toolbar to Firefox or Chrome with many essential tools for web developers. Version 1.1.9 is compatible with Firefox 4.
6. ShowIP. A small, but incredibly handy tool, that displays the IP address(es) of the site you are visiting in the toolbar. Great if you are testing sites on different servers and want to see where you ended up. Also good to see if you’re connected over IPv6, for example, and do whois lookups straight from the toolbar. Compatible with FF4.
7. Shorten URL. Shortens the URL of the current website, using one of over 100 services for URL shortening (bit.ly, is.gd, tinyurl.com, etc.). Great if you use Twitter directly from your browser, or with Yoono. According to its homepage, it doesn’t work with FF4 yet. Comments on addons.mozilla.org suggest that this extension has been abandoned, and people seem to use Cutyfox nowadays. I’ll check that one out!
8. Server Spy: indicates what webserver is serving the current website. Works with FF4.

So… it seems I should be fine! Maybe I’ll give Firefox 4 a go one of these days. Well, there’s one extension that I didn’t mention, which is the Garmin Communicator plugin. Owners of Garmin devices like myself need this to update the maps on the device. The plugin reportedly works with FF versions up to 3.6. However, my Garmin Zumo is severely broken at the moment, so I can do without their crappy plugin for now 😉

Great. Now all I have to do, is find the time!

New & improved

Zo… zat je even niet op te letten? 🙂

Sinds afgelopen vrijdag staat de nieuwe versie (versie 6, denk ik) van Grendelman.net online. Al enige tijd was ik bezig om de site om te bouwen naar WordPress, maar de performance liet zoveel te wensen over, dat ik er eigenlijk niet mee door durfde te gaan. Echter, vorige week heb ik wat beter kennis gemaakt met mod_pagespeed, Google’s oplossing om websites sneller te maken, van onder de motorkap van de webserver. Mod_pagespeed verkleint de gemiddelde laadtijd van een pagina op deze site met zo’n 50%. Daarmee wordt de zaak acceptabel.

Zoals het een goed systeembeheerder betaamt, heb ik de site op vrijdagmiddag live gezet, en ben direct daarna een weekend in een hutje op de hei gaan zitten, zonder computer. Lekker rustig hoor 🙂

In principe is alle content (inclusief blog-posts en reacties) van de oude site meeverhuisd, maar de site is nog niet helemaal af. Met name het foto-archief is nog verre van compleet. Foto’s van 2010 en deels van 2009 zijn geimporteerd, maar alles wat ouder is, moet nog. Dit zal in de komende maanden allemaal worden aangevuld. Tot die tijd zijn de oude foto’s nog via het oude fotoboek te bekijken. Series zullen een voor een worden overgezet. Oude URLs zullen dan automatisch verwijzen naar de nieuwe lokatie.

Om het oude fotoboek te bekijken, log je, zoals vanouds, in met je oude Grendelman.net account. Echter: voor de nieuwe site is een nieuw account benodigd. Registreren doe je hier. Na het aanmelden kun je ook op de nieuwe site de foto’s bekijken.

Veel plezier op de nieuwe website!

Martijn.

Rabobank phishing: bijna net zo grappig

To: martijn grendelman net
Subject: Internetbankieren Bericht
From: Rabobank <notification@email.rabobank.nl>
Date: Sat, 01 May 2010 10:17:55 -0500

Customer Services Update

Houdt u er rekening mee dat uw Rabobank internetbankieren toegang te vervallen. Om het actief te blijven, gebruik dan de onderstaande verwijzing voor de reactivering en uw account te openen.

ALERT – Als u uw kaart niet te verwijderen van uw kaartlezer machine om ons in staat stellen te verifiëren uw informatie wanneer u uw gegevens bijwerken en niet ondertekenen van uw kaartlezer of de rekening wordt u automatisch afmelden. Onze excuses voor het ongemak

Om te beginnen de reactivering proces, gelieve de verwijzing onderstaande link te zien. klikken *hier*

Yours sincerely
Francesca Brazier
E-Communicatie-eenheid
Rabobank.