Category Archives: Spam

透過 DNS TXT 傳遞指令的惡意程式

看到「New Fileless Malware Uses DNS Queries To Receive PowerShell Commands」這篇,所以是有人開始這樣惡搞了... Distributed through an email phishing campaign, the DNSMessenger attack is completely Fileless, as it does not involve writing files to the targeted system; instead, it uses DNS TXT messaging capabilities … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, Spam | Tagged , , , , , , , | Leave a comment

用 Google 的 Speech Recognition API 破 Google 的 reCAPTCHA

就是「以子之矛,攻子之盾」的概念,用 Speech Recognition API 破 reCAPTCHA:「ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google」。 就算 Google 在 reCAPTCHA 的聲音裡面加入 watermark,讓自家的 Speech Recognition API 拒絕分析,還是有其他家的可以用 (像是 Amazon Lex 或是 Bing Speech API),所以這樣做不是什麼好解法。

Posted in Computer, Murmuring, Network, Spam | Tagged , , , , , , , , , , | Leave a comment

Amazon EC2 會對 Port 25 的連線數量限制

起因於一台 ap-northeast-1 的機器 (東京) 會使用 us-west-2 的 SES (美西,奧勒岡),然後發現信延遲的有點嚴重,看 mail log 發現是因為連線 timeout。 查了以後發現在「Amazon SES SMTP Issues」這邊就有提到 EC2 instance 對 port 25 有限制: You are sending to Amazon SES from an Amazon EC2 instance via port 25 and you cannot … Continue reading

Posted in AWS, Cloud, Computer, Mail, Murmuring, Network, Spam | Tagged , , , , , , , | Leave a comment

Gmail 要開始導入 SMTP Strict Transport Security 了

SMTP MTA Strict Transport Security 算是 SMTP STARTTLS 裡的 HSTS 機制,而 Google 的人在 RSA Conference 上提出要開始用了:「SMTP STS Coming Soon to Gmail, Other Webmail Providers」。 Elie Bursztein, the head of Google’s anti-abuse research team, said at RSA Conference that SMTP STS … Continue reading

Posted in Computer, Mail, Murmuring, Network, Security, Spam | Tagged , , , , , , , , , , | Leave a comment

Amazon SES 的固定 IP 服務

怎麼這麼多消息啊... 這次是 Amazon SES 宣佈提供固定 IP 服務:「Amazon SES Now Offers Dedicated IP Addresses」。 這樣可以減少被其他人影響到 reputation,提昇穩定度: Amazon Simple Email Service (Amazon SES) now offers dedicated IP addresses, which enable you to manage the reputation of the IP addresses that Amazon SES … Continue reading

Posted in AWS, Cloud, Computer, Mail, Murmuring, Network, Spam | Tagged , , , , , , , , , , , | Leave a comment

uBlock Origin 支援的 :has()

查資料的時候發現 uBlock Origin 的「Static filter syntax」已經自己實作 :has() 了 (雖然有一些限制)。 這個 CSS4 (draft) 的特性目前還沒有瀏覽器支援,所以 uBlock Origin 決定自己來: This is a planned CSS4 operator, but no browser supports it yet. I decided to go ahead and implement it so that it can … Continue reading

Posted in Browser, Computer, CSS, Murmuring, Network, Programming, Software, Spam, WWW | Tagged , , , , , , | Leave a comment

Adblock Plus 的公司開始賣網路廣告了...

哈哈,果然開始不擇手段了:「Adblock Plus now sells ads」,Adblock Plus 官方的說明在「New Acceptable Ads Platform launches, will redefine RTB and help small websites」這邊。 繼續用「uBlock Origin」,沒有虛偽的「Acceptable Ads」,只有速度更快,效果更好... Firefox 版在「uBlock Origin」這邊可以安裝。 Chrome 版則是在「uBlock Origin」這邊可以安裝。

Posted in Computer, Murmuring, Network, Software, Spam, WWW | Tagged , , , , | Leave a comment

自建 Mail System 的難度

在 Hacker News 上的「Ask HN: Is it possible to run your own mail server for personal use?」這篇道出了現在自建 mail system 的難度。作者遇到信件常常被各大 mail 服務歸類成 spam: The problem is making sure my mail is not marked as spam by the major MTAs out … Continue reading

Posted in Computer, Mail, Murmuring, Network, Spam | Tagged , , , , , , , , , , , , | 2 Comments

用 hosts 搞出來的 Adblock...

在「Amalgamated hosts file」這邊看到超大包的 hosts,拿來擋廣告: This repo consolidates several reputable hosts files and merges them into a single amalgamated hosts file with duplicates removed. Currently this amalgamated hosts file contains 27,148 unique entries. 一包 hosts 有兩萬七千筆資料會不會太多了點... 話說不知道能不能 import 進 BIND 或是 … Continue reading

Posted in Browser, Computer, DNS, Murmuring, Network, Software, Spam, WWW | Tagged , , , | 2 Comments

追蹤開信的能力

追蹤開信的能力是廣告信經常會用到的能力,為了要看「成效」而要追蹤開信率之類的數字。 在「Email Privacy Tester」這邊看到有趣的工具,介紹了「Email Privacy Tester」這個網站可以拿來測試各種 mail client 上可被追蹤的功能。 依照作者測試,Gmail 完美的擋下目前所有追蹤技巧: 而 Apple Mail 還很慘,有一堆方式可以被追蹤開信: 不知道其他家 (像是 Yahoo) 的情況...

Posted in Computer, Mail, Murmuring, Network, Security, Spam, WWW | Tagged , , , , , , , | Leave a comment