Posted on
by

I’ve dealt with a couple of companies that try to plug the general lack of security in email by using a “secure email” service. The way this works is:

  1. The company sends you an email with a link to a third-party or co-branded website, asking you to click on it in order to read important information about your financial/insurance/whatever account. (Or better yet, the third party site sends you the mail on the company’s behalf.)
  2. You click on the link and open the site in your web browser.
  3. You register for the site (which usually involves entering your name, choosing a password, and possibly entering other personal detail like a reminder question.)
  4. You log into the site and actually read the message.

Can you see what the problem is?

That’s right: Steps 1-3 are exactly what you see in a phishing attack. Only in a phishing attack, the third-party site is a fake that’s trying to collect account information (like your login and password) or personal information (like your SSN).

So while they may be solving the immediate problem of “someone might intercept this message,” they’re perpetuating a broader problem by training people to fall for phishing attacks.

Sadly, this is not new.

Update 2022: A decade later, they’re still doing it.

Posted on
by

Posted on
by

In clearing out my spam folder today, I found the following message:

Bad Link on hyperborea.org

Dear webmaster,

There was a link that didn’t work for me on this page of your website, http://www.hyperborea.org/flash/flashpoint.html. It points to a Constitution Day page that doesn’t seem to be there any more, [link removed].

We published a great resource on the U.S. Constitution Day on Online Law School.Net: [link removed]. It would make a great addition to your resources and replacement for the page that no longer works.

Sincerely,

Maddie Bryant
[email removed]

On the surface, it sounds like a reasonable message. If you’ve got a broken link, then you want to know, and hey, if they’ve got an alternative, so much the better, right?

But here’s the thing: The broken link isn’t on the page. I don’t think I link to that page anywhere on my site. There is a reference to the 22nd Amendment, but not to anything about Constitution Day.

In short, it’s another form of link swap spam based on automatic keyword matches with no real intelligence to it.

That’s not really something I want to be linking to.

Posted on
by

Book cover featuring a sketch of a room inside a spaceship.I stumbled on “Crusade: What the Hell Happened? vol.1” (released last August) while packing, and wondered what happened to book 2. Apparently I’m not the only one wondering that, because it turns out that the website just posted an update last week, saying:

Volume 2 is still a work-in-progress. We will send out a news alert the moment it is released.

Now there’s timing!

Posted on
by

Microsoft has jumped on the ditch-IE6 bandwagon with IE6Countdown.com, following in the footsteps of such campaigns as Browse Happy, End 6, and Save the Developers.

Of course, since it’s a Microsoft-sponsored campaign, it’s only promoting upgrades, rather than promoting an upgrade-or-switch message.

Static HTML points out why you might want to put your effort into some other campaign instead. Because IE6 Countdown is only an upgrade campaign, and IE6 users are all on Windows XP or below (Vista ships with IE7), they can only ever upgrade as far as IE8. Given the huge gap between IE8 and IE9 in terms of standards support, HTML5, CSS3, and so forth, IE8 will soon become the new millstone around the web’s neck.

So instead of plugging IE, consider plugging your own favorite browser, be it Firefox, Chrome or Opera. Or perhaps plug another switch campaign. After all, there are quite a few alternative web browsers out there!