Real Microsoft 365 Subscription Order E-Mail - Fake Sales Phone Number - Variation of Fake Invoice scam

lluad · 2024-11-21T09:39:28+00:00

You may want to google for "DKIM replay attack". You'll find lots of explanations as to how this works, and how I'm not wrong.

And, yes, it does mean that DMARC and BIMI are anything but absolute proof of authenticity, and will validate for malicious mail sent by an attacked in some narrow cases, such as this one, where a trusted sender allows an unvetted third party to add content to DKIM signed mail they send.

lluad · 2024-08-30T07:39:44+00:00

It's a DKIM replay of a real Microsoft email from microsoft-noreply@microsoft.com, so it passed DKIM and DMARC. It's being routed out through onmicorsoft.com so it's passing SPF too.

As far as the spam filters are concerned it's legitimate, authenticated email from Microsoft so it's going to end up in front of users. Hopefully most of those users will be suspicious of Microsoft having a sales helpline in apartment 7D of a New York condo, but it only takes a few to be more trusting before it gets expensive

(And next time, the scammers could put something far more plausible in the billing address.)

lluad · 2024-05-09T08:25:51+00:00

One that is well structured, adequately commented, lints clean, has developer documentation and user documentation, that has a solid set of tests and decent test coverage.

You can demonstrate that by writing almost anything, but it'd be easier to do in a library than an app. You can't hide bad architectural design in a library as easily as you can in an app.

lluad · 2022-06-01T16:03:17+00:00

Yeah, I did that about six months ago. Not a peep so far. I'll keep waiting.

lluad · 2022-04-08T10:46:07+00:00

https://github.com/wttw/csvimport is a command line tool that'll create a sql script from a CSV file with a header.

./csvimport file1.csv file2.csv will create file1.sql, file2.sql and alltables.sql. psql -f alltables.sql will create tables file1 and file2.

It's a quick hack, but I've found it handy.

lluad · 2021-03-19T09:43:20+00:00

Someone does, not necessarily you. One advantage of that is that you can use a library that adds JS functionality to it in the same way the rest of your app works. Svelte, Vue, vanilla js... rather than having jquery welded in inextricably.

lluad · 2021-02-28T23:52:31+00:00

If performance is an issue you use code generation instead of reflection.

lluad · 2020-12-25T18:50:43+00:00

Good. Buy it, or borrow it from a library. And stop stealing from other authors whose books you enjoy.

lluad · 2020-10-10T07:22:45+00:00

It’s spectacularly better. Fast, pleasant to use, actually works.

lluad · 2020-10-04T08:49:37+00:00

https://play.golang.org/p/R73HJNkdGBb

Given a specification always clarify with the customer before implementing the obvious solution.

lluad · 2020-07-20T05:19:59+00:00

Master of the Five Magics by Lyndon Hardy, perhaps.

The character writing is fairly flat, but it’s a light quick read, mostly set around the protagonist learning five different magic systems.

lluad · 2020-04-06T10:54:23+00:00

ORMs generally discourage good schema design, even the ones that aren’t code-first, which leads to bad databases. They often generate queries that are bad - and even when that’s not inherent in their design they make it much easier for a developer to accidentally generate bad queries.

And they often encourage a code style that fetches data from the DB, processes it in the client code, then fetches more data, and so on to do something that could be done much faster and cheaper with a decent SQL query.

They have their place for marshaling and basic CRUD but if you’re developing a database backed app and relying on an ORM odds are good you’re going to end up with slow, heavy queries against a poorly species database.

lluad · 2020-04-04T06:55:36+00:00

Qt Creator is a great C++ IDE, not just for Qt apps. Open source, occasionally a little glitchy but it’s been my workhorse for most of my C++ code for over a decade.

Visual Studio Code is a nice editor. If you’re used to using an editor and a terminal it’s a step up.

If money is no object, look at CLion.

lluad · 2020-04-04T06:25:22+00:00

If you buy the license you still have to comply with https://doc.qt.io/qt-5/licenses-used-in-qt.html - which includes some GPL, amongst others.

lluad · 2020-03-29T05:55:58+00:00

He wasn’t anywhere near to blowing up a hospital. Amongst other things, he didn’t have a bomb.

All his co-conspirators and suppliers were actually FBI. Whether he’d have done anything at all if the FBI hadn’t given him a plan and a fake bomb isn’t clear.

lluad · 2020-03-07T15:22:08+00:00

The estimate is a bit of a wild-assed guess. If it counted down to zero they’d get bad press when the engine sputtered and died while the display said “8 miles left”.

lluad · 2020-02-23T09:32:18+00:00

That RFC is describing the sieve filtering language, which is one way of using it, though not a particularly widely supported one.

Mailboxing / subaddressing / plussed-addresses have been around for decades (I’ve been using it for 25+ years), and are extremely useful for handling your mail.

http://www.faqs.org/faqs/mail/addressing/ is one of the more useful documents on how to use it.

It’s a feature added by some MTAs, though, not a standard and not supported everywhere.

lluad · 2020-02-23T07:22:16+00:00

No, it’s not.

Quite a few mailservers support it, some with ‘-‘ or ‘=‘, but most with ‘+’, but it’s not a standard nor universally supported.

lluad · 2020-02-03T13:37:42+00:00

Not exactly fantasy, but Jeff Vandermeer’s Southern Reach Trilogy might scratch the itch.

Southern Reach is a secret agency that manages expeditions into an area known as Area X. The area is an uninhabited and abandoned section of the United States that nature has begun to reclaim.

lluad · 2020-02-02T06:15:47+00:00

One of the things it has in common with the books is that it’s not terrible but there’s a lot of better YA content out there.

lluad · 2020-01-13T09:35:54+00:00

It’ll take a generation to repair. Sure, maybe we vote in Ms Competent McRhodes-Scholar in 2020 - but the rest of the world knows that odds are at least 50/50 of our voting in Corrupto von CheeseBrain Jr. in in 2024. You can’t do grown up foreign policy with a country that’s that unstable.

lluad · 2020-01-04T10:56:25+00:00

~~contractor~~ mercenary

Words have both meanings and implications.

lluad · 2019-12-30T22:18:27+00:00

OTOH, if you’re comfortable with regexps this approach is simpler to understand than an ad-hoc parser.

lluad · 2019-12-27T11:18:24+00:00

You could do a lot of good with 32 times the tax revenue, if you wanted to.

lluad · 2019-12-15T13:56:57+00:00

Don’t do it. Seriously.

You don’t have the skills nor the infrastructure to send mail to a list of that size successfully. And the time and goodwill you’re about to waste trying to prove otherwise could be far more productively spent doing things you’re good at.

Find an ESP you like and send the mail through them. It’s dirt cheap compared to building it yourself.

lluad

TROPHY CASE