@plyuriweek day 5 - messages

didn’t have much time but wanted to do at least one day! saw this prompt and immediately knew who i wanted to draw

im a little deranged about greymail rn :3

(CW: PLvsPW spoilers and bright colors)

jean greyerl and lettie mailer were the blueprint for susarei in this essay I will--

FRIEND ON THE DASH HIII

I am seeing this after too long but HIIII FRIEND HOW ARE YOU

Viruses are not the only "bad" thing

Once upon a time, about the only "bad" thing for a computer (aside from hardware problems or dumb users) was a virus. I'm going to let you in on a little secret here ... virus detection has not changed since the 80's when the first computer viruses started to be prolific; essentially you look at the SHA hash of a file, and if it matches a known virus ... it's a virus.

No matter what Symantec and Kasperski and McAfee tell you, that's really all that's behind their magic. Oh, sure, they look at anything that's OS executable and have a reputation on it, but that's still based on hash.

So what's the big deal, then, if you have virus scanning on your email server, workstation, and everywhere else? Well, viruses are not the only bad thing. "Bad" email comes in a lot of different categories:

Spam Phishing Malware BEC (Business Email Compromise, aka "Impostor") Adult (aka "porn") Virus Greymail Spoofed

So let's go over those categories. A lot of people call anything bad in email "spam" but most filtering companies consider spam to just be cold-contact marketing email that doesn't adhere to the CANSPAM act/law of 2003 (geeze, has it been that long?). Spam is not malicious, it's just unwanted garbage trying to get you to buy something, and in modern times that something is often pornographic.

So next up is Phishing. Phishing emails typically fall under 2 categories; 1) emails trying to get you to respond directly with your username and password (I.E. "This is your helpdesk, there's a problem with your account, we need your username and password ASAP") - these are usually unsophisticated attacks that rely on volume more than being targeted. The other is 2) emails with links to websites are essentially a mock-up of a legitimate website, and once you put in your credentials, they can access your account. These are often very sophisticated and will use look-alike domains and very cleverly rendered websites to fool people. Phishing can get really bad if they manage to get access to your phone account and do a sim swap; think about it, where is all your 2-factor auth coming from?

Next up is malware. While malware is almost certainly a file of some sorts, it differs from viruses in that it's usually code execution on the browser side that's gonna damage your computer (think keystroke loggers or redirects). You can't virus scan for ever-changing code, so malware is often identified by the websites hosting it.

Now we have BEC; that's where a Threat Actor is pretending to be someone in your organization for the purpose of screwing you out of your money. One of the most common ones isl "Hi, this is your CEO, I'm schmoozing a bunch of clients right now and I forgot to bring freebies to hand out, could you go purchase $400 in $20 iTunes gift cards and scratch off the numbers and send them to me ASAP?" Yup, sounds insane. Guess what? It works.

Next up is Adult. Porn email, but it's just so darn prolific. I've seen "Canadian Pharmacy" emails get flagged as adult, though, because they so often push generic Viagra.

Ok, so I've already covered viruses at the beginning of this post, the only other thing to say on that is in order to scan for viruses, email attachments have to be scannable. There are a lot of organizations that use password protected attachments in emails with a pre-determined password; guess what? Virus scanners can't scan that. It's like Schrödinger's cat - until we can peek in the box (or the attachment), we can't determine if the cat is dead or alive (if there's a virus or not).

Next we have Greymail; not unlike spam, but it typically does adhere to the CANSPAM act in that 1) you have a prior business relationship with the sender and 2) they have and honor unsubscribe requests. This is your JC Penny weekly deals, ESPN Monday morning NFL scores, and Reddit summary updates.

Finally, we have Spoofing. This is where the sender is pretending to be someone they're not, either in real name or email address. We've already addressed how to detect spoofing with SPF/DKIM/DMARC in an earlier post, so I won't go into that much here, but I will tell you that pretty much every organization I've ever worked with (and that's many hundreds at this point), has "legitimate" email coming in that fails those protocols, so they're certainly not perfect.

Ahhh, I remember in the old days when you just had to worry about viruses.

💘💐 send this to the twelve nicest people you know or who seem to have a good heart and if you get five back you must be pretty awesome 💐💘 hello thanks for putting amazing spn content on my dash

Thank you Pooja, ily so much😭😭❤

WORD OF THE DAY Wed, November 17, 2021 OED Word of the Day: greymail, n. A mild form of blackmail without demands for money; exercise of power over a person through possession of compromising information.

"Political blackmail is becoming..a commonplace... Perhaps there should be gradations of the term..‘white–mail’ and ‘graymail’, for starters." - 1964, Newsweek 24 Aug. 32

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

See the original post on Instagram! Watch WGS on Twitch and YouTube!

I refuse to acknowledge that this looks like an off brand philza minecraft

I just really think Sam Axe is the character of all time. he was a Navy SEAL, his wardrobe is 90% Hawaiian shirts, he’s a lowkey functioning alcoholic, he jumps from sugar mommy to sugar mommy, he’s so fucking horny and canonically so good at sex that women spoil him for it, he’s so friendly he’s got buddies in almost every government agency, the CIA fucking hates him, he’s been a hostage multiple times and one of those times he critiqued how the kidnapper hit him, he pays for 1 out of every 10 dinners with his lady friend because he’s poor but he cares, he’s Michael and Madeline Westen’s best friend, he’s pretended to be Fiona’s partner undercover more than Michael has, he refuses to change his cover ID, he’s skilled at forgery, surveillance, wiretapping, hand to hand combat, marksmanship, throwing a fit in public, and wearing suspenders, he consistently breaks the law for good reasons, he was forced to retire for doing the right thing and he greymailed his way into keeping his pension, the whole situation started because he accidentally fucked a superior’s wife, he has a 12-3:30 PM nap time, he’s a grown man who once told someone he was trying to explode them with his mind, he’s still legally married, he brags about being a boy toy and is genuinely a caring, affectionate, helpful boyfriend despite going after rich women, he loves snacks and mojitos and strung a bunch of FBI agents along to do his best to protect Michael while protecting his own pension, and was like “they buy me lunch when they think they’re getting something good : )”. he is simply the perfect man!!

SINCE YOU HAPPENED TO MENTION ALLEIRAT I was wondering what the government system looks like? You've mentioned lords, who seem to have a pretty solid grip on their domains, so I'm guessing something vaguely feudal? Is there a monarchy? A parliament? An oligarchical council of the major nobility? A mix? How does the reigning body feel about Brenneth's return? How do they react to her grabbing Crispin and running for the hills shortly after arriving?

AHHHH ALL VERY GOOD AND HELPFUL QUESTIONS TBH.

Me, upon receiving this ask: Wait Jesus Christ did I ever figure out how power is passed on.

Turns out the answer was “I half-assed the fuck out of it” so anyway now I have a real answer.

Right, so, it’s important to know why Alleirat politics works the way it does, so buckle up for a real fast history lesson.  Alleirat, way back in their ancient history, operated as a bunch of city-states run by variably decent lordlings who were perpetually at war with each other–think of Germany during the waning Holy Roman Empire (circa ~1630), not Renaissance Italy.  Each city state was centered around the largest local city, and the immediate countryside was allied closely with the city in question.  So, once Alleirat exhausted their armies (literally, like, okay, when you’re throwing armies of magic users around like snowballs there’s a huge death toll, they literally started to run out of armies), they drew up unification treaties as a way to solve the Gordian knot of blood feuds and bitterness they’d landed themselves in.  This is their version of BC/AD, by the way, things are measured before/after unification, which was some four thousand years before Brenneth and Crispin came for the first time (this number may be subject to change later if I feel like it).  In order to protect the newly unified country (named after the continent so as not to give preference), they mostly did away with the hereditary title thing, but they ran into an issue: smaller villages and farms had depended on the protection and help of the bigger cities, which relied on the villages and farms for food and raw materials.  Not to mention that the old alliances between city and country ran bone-deep–colorism had a pretty short life in Alleirat, but they’re still working on the very real prejudices against people from other cities–so they couldn’t be gotten rid of entirely.

The balance they struck was the protectorate system, which largely preserved the pre-unification lines of alliance by formally denoting protectorate lands of each sizable city, but also protected the citizenry by laying down clear responsibilities that each has to the other.  For example, the great eastern city Dase has a sizable protectorate that pays taxes to the Dase coffers and generates a majority of the farmed food (Dase being…like 90% rock), while Dase provides the farms with protection from both natural and human threats with her city guards as well as manufacturing that the smaller villages wouldn’t be able to do.  Dase, like all other cities holding their own protectorates, is run by a gothed, which literally means ‘city servant’, an office subject to reelection by popular vote every eight years and falling somewhere between a prince and a governor as far as power goes.  The gothed appoints a given number of advisors (there are ten in Dase, five from the city and five from the protectorate) who represent the interests of their district–if the district feels ill-represented, they can petition the gothed to remove the advisor in question from office and appoint a new one.  The gothed is also responsible for selecting a representative to the Unified Council, which is sort of like a senate and which makes the small handful of decisions pertinent to the country at large.  The list of things the Unified Council is responsible for is significantly shorter than, say, our Congress because the protectorates have much more hands-on management from their gothedan.

Incidentally, if the gothed dies while in office things can get real interesting.  In theory, a new gothed can be promoted out of the ranks of the advisors, but if proof of corruption is revealed in the chaos, all of the advisors are required to be removed from office.  The guards in each city (more like a small occupying army, called the lathan) take loyalty oaths to the city and citizens, not to the political figures of power, which means that technically they have the power to arrest any sitting politician as long as they have evidence.  Furthermore, there are several functioning criminal bodies in any given Alleirai city, most pertinently the White Touch, a dubiously legal organization of flesh workers whose work covers everything from facial reconstruction (illegal) to assassination for hire (SUPER illegal).  The Touch has been known to work in tandem with lathan before, in order to take down politicians.  It’s a risky business, being a corrupt politician in Alleirat, far more so than on Earth.

There are some capital P Problems with this system, among them that it takes approximately forever to get things done and also it’s not very adaptable to a crisis–the logical issues you run into when a goodly percentage of your population might be looking at a several century lifespan.  Also, money talks, as in our world, also a problem.  That being said, the only real requirement to be gothed or to be appointed as such is literacy, and Alleirat has decent literacy rates, so there are and have been plenty of gothedan who were craftspeople, soldiers, farmers, or even minor criminals (the definition of ‘criminal’ is flexible and also Alleirat doesn’t believe in incarceration pretty much at all) before their election to office.

And as for the response to Brenneth ‘Worst Plan Ever’ Fireheart and her highly terrible plan, well.

inspired by @brambletakato 's polling. one of these things is not like the others lmao

Hey, can u recommend me some good books by Indian authors? ( It can be of any genre btw ) 💕

Oh god I have been putting off answering this for so long, I am so sorry but i really rarely read any fiction books by Indian authors. It is a lot of academic texts and non-fiction up here anon but I will still try aaaah

1. Any book written by Ruskin Bond

2. Everyone loves a good draught - P Sainath

3. A train to Pakistan - Khushwant Singh

4. Annihilation of Caste - Babasaheb Ambedkar (I have never made a list of important Indian books w/o this)

5. A Suitable Boy - Vikram Seth

** If you read Hindi novels then Devdas, Kitne Pakistan, Kurukshetra and Madhushala

How to tell if an email is bad

I’ve worked with email for a while. I’ve worked for an email filtering company for a while. I’m not going to give away trade secrets, but I just want to go over the ways that the different vendors (Mimecast, Proofpoint, Cisco, Microsoft, Barracuda, etc) use to see if an email is “bad” or “good”.

If you boil it down, the ways you can look at an email are basically Content (what’s in it, including links and attachments), Who it came from (Message header from and envelope sender), and Where it came from (the connecting IP or FQDN)

So let’s talk about content first. When I mean content, I don’t JUST mean the words in the subject or body. Modern email allows attachments, and URLs, and embedded images and lots of crazy things that were never designed to be in an email. Content most commonly comes in the form of words in the subject or body of an email. If you’ve worked with email for a while, you can identify spam/bulk/greymail; “Don’t miss out on your free reward!” “You’ve earned $45!” “Use this one weird trick to lose 10 lbs in a week” (In my personal opinion, any email containing an emoji in the subject should automatically be considered spam)

Content can also be URLs; it seems like almost every email these days has a link that goes somewhere, whether it’s an ad going to a website or an email HREF allowing you to send a message to a different recipient.

Finally, content can include attachments. Word docs, Excel files, PDFs, viruses.

Most email filters will look at all of these things, sometimes in conjunction, to determine if a message is bad or good. Obviously if a message has a malicious URL or a virus, you’ll want to block it right off, but what about emails that have none of those things and are trying to get the recipient to do something dumb, financially?

More on that next week.

as you are a spn fan hope ure okaY

As a person, i am okay, hon. As an spn fan, i am ✨thriving✨. Honestly, all of today i was feeling v giddy and euphoric ❤️

Anyway, thanks for asking, means a lot <3

#greymail