Skip to content
August 1, 2017 / Jim Fenton

The gaping hole allowing email spoofing

Bogus email messageIn today’s news there was a report that Anthony Scaramucci, the outgoing White House communications director, got “punked” by an email he thought was from Reince Priebus, the former chief of staff and his apparent rival. The messages actually came from a account.

Although not nearly as consequential, This sort of thing is commonplace. I have gotten several messages claiming to come from Facebook and other social media contacts, but actually from impostors using their names. Presumably the impostors mined the names from social media.

The email industry bears some responsibility for making this possible. Despite the enormous effort put into development and deployment of email authentication and anti-phishing technologies such as SPF, DKIM, and DMARC, there is a gaping hole: it isn’t readily possible to distinguish a message from someone at their expected email address from a message posing as them from a different email address entirely.

Email clients used to routinely display the email address as well as the “friendly name” when they displayed a message. They used to typically display:

From: John Doe <>

That isn’t all that pretty, and in this case a little redundant. It also takes more precious space on mobile devices. So today many clients simply display:

From: John Doe

But suppose someone wanted to pose as Mr. Doe? They could very easily send a message with a From header field like this (of course, substituting with their own email domain):

From: John Doe <>

On many email clients, this will display exactly like an actual message from the real John Doe.

What could be done about it? Obviously, this is an area that warrants some real usability research and a lot of users will need to be trained. But here are a few possibilities:

  1. Verify the address against the user’s address book. If it doesn’t match, display the sender’s name in a distinctive way, e.g. in red, with a big X, etc. Obviously there would be issues with someone in the address book as John Doe sending a message as Johnny Doe, but that can be handled too.
  2. Do the same as #1 but do something like the blue checkmark on Twitter: display something distinctive saying the message came from an address you recognize. The problem here is that meaning of the checkmark would be different: not verified by some central authority, but by one’s own address book.
  3. Display the email address, either with or instead of the friendly name, if it doesn’t match.

There is some risk of just “kicking the problem down the road”, however. If this becomes really effective, address book attacks would become useful. Attackers would try to trick you into accept address book entries (typically .vcf files) from them, and these might enable them to more plausibly pose as a trusted (or at least known) contact.

No matter what we do, some users will ignore it, and we can’t fix that. But we can, and should, give users the tools to easily spot messages that they should treat with more suspicion.

June 20, 2017 / Jim Fenton

Twitter threads: wrong medium

Spool of threadSince Twitter’s inception, users have been bumping up against the 140-character limit on tweet length. With support for images in tweets came images of text blocks — pictures of media articles (OK), but also pictures of text written for the tweet, which misses the point of Twitter as a short-form medium. These images also defeat the ability to search for the text, which limits its distribution and the ability to find it again when you want to cite it.

Twitter has been relatively faithful to the 140-character limit. Early rumors that Twitter might offer a paid premium service allowing longer tweets has not materialized. They have budged a bit, however, by shortening URLs and hostnames (which of course is useful to Twitter as a way to collect analytics) and recently by allowing reply tweets not to count the Twitter handles of the user(s) being replied to in the character count.

The current fad is Twitter threads; most Twitter users have seen these. These usually start with “Thread” and a series of numbered tweets immediately following. These are often one sentence, or one idea, per tweet that fit together. Sometimes, but not always, these are arranged as a string of replies to the initial tweet, so that a reader can follow them by following the replies.

Some composers of threads create them skillfully: they put each idea in its own tweet and it reads like very short installments of a serial. There is value in this; it’s a way of organizing thoughts, keeping points concise, and so forth. Others just write something and break it up into <140 character chunks. There’s even an site ( that will do this for you. The result is a tweet thread that has to be read together to make any sense and doesn’t require any particular composition effort.

Regardless of the composition of the thread, they can be hard to use. Perhaps I’m using the wrong tools, but when I encounter a thread that looks interesting (usually as a result of a retweet of either the thread header or some tweet in the middle), I usually have to go find the account of the writer of the thread and scroll back through their tweets so I can see the entire thread. This requires considerable effort, and limits their audience to people having the patience and time to do this.

There’s a better answer: use a long-form medium like this (remember blogs?). Tweet a link to the post. It’s much easier to read, it’s easy to add pictures, links, and other media if desired, and is much easier to read. It also respects Twitter’s value as a short-form medium, by not requiring one’s followers to scroll through a long tweet thread that they’re not interested in.

November 17, 2016 / Jim Fenton

Facebook is not a news source

NewspapersThere has been a lot of press about fake news stories appearing on Facebook and other social media. But what really shocks me is that, according to Pew Research Center, 44% of the US population gets its news from Facebook.

Read more…

August 21, 2016 / Jim Fenton

DNSSEC Signing Revisited

signingA couple of years ago, I signed the DNS records of my personal domain with DNSSEC, and wrote a blog post on the experience. Since then, life has been generally good, although there have been a couple of hiccups where the signatures expired and my domain became briefly unavailable to resolvers that verify DNSSEC. I figured out how to make the re-signing of the domain happen automatically, and those problems for the most part went away.

I recently upgraded my DNS server from the Debian “squeeze” release to the “jessie” release to ensure that I continue to get security updates. A month or so later, I got a notification that my DNS was broken again. I figured that the process that re-signed and published my DNS records had failed to start; quite a few things like that broke in the upgrade.

But it was worse than that: the dnssec-tools package that I have been using for signing (described in that blog post) is no longer available from Debian for jessie, apparently because of some unresolved bugs. I needed to quickly find another way to sign my domain.

BIND to the rescue

Looking around for alternatives, I found out that BIND 9.9, which is available as a jessie package, supports inline signing. I have always used BIND as my DNS server, and I welcome the prospect of signing without a lot of external dependencies. ISC provides a good (but incomplete – see below) how-to guide on turning on DNSSEC signing, so I followed those instructions.

My first problem was the keys themselves. Dnssec-tools seems to have used a different format for the public/private keypairs used by DNSSEC than BIND, so I needed to generate new keys. I started to do this, but it was taking forever! It turns out that dnssec-keygen needs a fair amount of cryptographic entropy to generate a keypair, and I was running it on a virtual private server that doesn’t get much entropy. So, despite my aversion to transferring private keys, I generated keys on my home Linux (Ubuntu) machine. This took long enough, even with me banging on keys and doing every other random thing I could think of.

Having transferred the keys (two keypairs, a Zone Signing Key and a Key Signing Key) back to the name server, I went ahead and signed the zone. But I realized something was missing: the ISC how-to guide doesn’t talk about publishing the DS records at the parent domain that are necessary to link my keys to the global DNS trust chain.

Fortunately, I found the instructions for this in a different ISC how-to guide. The dnssec-dsfromkey utility converts the public keys into the necessary format for the DS records. I then logged into my domain registrar’s website and added the necessary DS records.

Everything looked pretty good, and I was able to look up my records using my verifying resolver. But I also checked an online utility to see if it saw any errors. It said my DNSSEC was still broken. I thought maybe there were some old records in a cache somewhere so I waited a day or two.

Time didn’t help here, and I couldn’t figure out why it was still reporting an error. So I consulted a very knowledgeable friend – thank you Patrik! – who introduced me to a different tool, DNSViz, that showed that my slave DNS server, running on a different host, was returning different data. Specifically, it was showing several DNSKEY records from my old configuration that shouldn’t have been there.

I looked at the primary zone file, both the unsigned one I maintain and the one signed by BIND (using the named-checkzone utility, since the file is in a binary format). Everything looked fine; the extra DNSKEY records weren’t there. I re-transferred the zone to the secondary, but the extra records remained.

Finally, somewhat in desperation, I deleted the zone file and the associated .jnl file (not sure where the latter came from). Restarted BIND and everything was fine. I’m guessing that the .jnl (journal) file was telling BIND to make only incremental changes to the zone, and therefore the old DNSKEY records were untouched.

I will, of course, need to continue to watch to make sure that the signatures don’t expire since I don’t understand the key rollover methodology yet. But module a couple of problems getting started here, I’m optimistic that inline signing with BIND will be much easier than what I had been doing.

August 13, 2016 / Jim Fenton

Home is where you don’t have to accept the Wi-Fi terms and conditions

2445601775_958aa5afbf_mYou arrive at your hotel after a long day of travel. Hungry and tired, you pick up the phone to call room service. There’s no dial tone, but after about 10 seconds, a recorded announcement starts to play:

Important! Please listen carefully before using. Your use of this telephone is your acknowledgement and agreement that you agree with the terms set forth as follows: By using this telephone, you agree to all terms, conditions, and notices contained herein. The Hotel reserves the right, in its sole discretion, to terminate your access to all or part of the telephone system, with or without notice.

All materials, information, and services available through this telephone are provided “as is”. The Hotel accepts no liability for your use of the telephone, including but not limited to damage to your ears, hearing assistance devices, or other equipment. Under no circumstances shall the hotel, its subsidiaries, affiliates, owner, or representatives be liable for any direct, indirect, punitive, incidental, special, or consequential damages that result from the use of, or inability to use, the telephone.

Press 1 to indicate your acceptance of these terms and conditions.

Silly? Infuriating? Yes. But this is exactly what the vast majority of hotel and other quasi-public Wi-Fi networks put us through.

What’s the justification for this? A frequently cited reason is that it’s important to make the acceptable use policy for the use of the network clear: you must not use the network to send spam, spread malware, and such. But don’t many of the same concerns apply to telephones, where you similarly must not use the phone to make telephone threats, harass people, and so forth? We don’t seem to need an explicit display of the acceptable use policy there.

Much of the language in these agreements doesn’t have to do with acceptable use so much as protecting the operator of the network if, for some reason, the network doesn’t perform as desired. This might be of some concern if the user is paying for the service, but increasingly Wi-Fi service is provided for free. Are there any documented cases where the operator of a Wi-Fi network has been sued for damages over the use of the network?

There are other user experience issues as well. These networks often spontaneously forget that you have accepted the terms and conditions. Having to re-accept the terms once each day is typical, but it can happen as often as each time a device connects. Moving from one location to another, such as from a hotel room to the lobby or convention area, or from one Starbucks location to another, often requires reacceptance of the terms as well.

For some reason the systems that implement this operate very slowly. Often the enforcement is done centrally (in the cloud), and perhaps there isn’t a business justification for providing enough capacity to handle requests quickly enough. Regardless, this makes the user experience worse yet.

Requiring acceptance of Wi-Fi terms and conditions causes other problems as well: it prevents some functions from working as intended. If one loses a Wi-Fi-only Apple iPad, that iPad’s Find Device feature may not work at all, even if it had been previously connected to the network. Acceptance requirements can also interfere with cellular/Wi-Fi devices that connect to a Wi-Fi network, making that the preferred route for data traffic, even though communication is blocked via that route.

We’re wasting lots of time trying to get connected to Wi-Fi networks. What does it take to get Wi-Fi connections to work the way they’re supposed to, other than on our home networks?

Skaneanteles_Hotel_room” by Skaneanteles Suites is licensed under CC BY-SA 2.0

July 24, 2016 / Jim Fenton

Great Lakes Day 15: Home from Toronto

July 3, 2016

Our ride home

Our flight home was again at a “civilized” time, 12:25 pm. We were told to expect long lines at customs, so we checked in early, but were rewarded with very short lines everywhere. We had hoped to do some last minute shopping, but unfortunately there wasn’t a great deal to shop for after customs. The selection of stores was limited and we’re just not into the typical “duty free” merchandise, such as liquor, perfume, and oversized Toblerone bars. So we had coffee and tea and grabbed sandwiches to take on the flight.

This article is the final installment in a series about our recent vacation in the Great Lakes area. To see the introductory article in the series, click here.

July 23, 2016 / Jim Fenton

Great Lakes Day 14: Fenelon Falls to Toronto

July 2, 2016

Kenna, with Doug driving, on Cameron Lake

Kenna, with Doug driving, on Cameron Lake

The weather is beautiful again, so we began with some things we weren’t able to do yesterday. Cousin Stan and his son Doug took us for a short boat ride on Cameron Lake. The lake was quite a bit smoother than it had looked from the shore. Everything was so serene, and as we had remembered it, that we hated to leave. On our way out of town, we stopped to pay our respects to my grandparents and many other relatives at the Fenelon Falls cemetery.

Our next stop was in Oshawa, where a cousin (Mom’s cousin’s daughter Jill) and her husband live. We had a nice visit with them, traded many stories, and collected a little more information on the family genealogy. We then drove to Mississauga, on the other side of Toronto and close to Pearson International Airport, where we are staying for the night in preparation for our flight home tomorrow.

 This article is part of a series about our recent vacation in the Great Lakes area. To see the introductory article in the series, click here.

July 22, 2016 / Jim Fenton

Great Lakes Day 13: Canada Day in Fenelon Falls

July 1, 2016

Celeste and Laura making cookies

Today is Canada Day, and the second time we have celebrated it in Fenelon Falls. This time, however, it is stormy — the first really stormy day of the trip.

It was a good day to stay in and read. A rainy day is a real treat for us Californians with our dry summers. Kenna and Celeste went along on a trip to a nearby Mennonite bakery, where they bought yummy-looking cinnamon rolls for tomorrow’s breakfast and strawberry-rhubarb pie for tonight. Celeste and cousin Laura also made chocolate cookies, as if we need more delicious food to eat.

We went over to one of the neighbors’ cottages for an informal party, then had dinner with the extended family. Although the rain had stopped, the town fireworks show was unfortunately postponed because it was too windy. So back to the neighbors for another party. The people of Fenelon Falls are so welcoming.

 This article is part of a series about our recent vacation in the Great Lakes area. To see the introductory article in the series, click here.

July 21, 2016 / Jim Fenton

Great Lakes Day 12: Ottawa to Fenelon Falls

June 30, 2016

Today was largely a driving day, about 225 miles from Ottawa to the Fenelon Falls, Ontario, where we are staying with my cousin at his cottage.

Peterborough Lift Lock

Peterborough Lift Lock

We got a relatively early start from Ottawa. One wrong turn coming out of the hotel, coupled with nearby construction work, made our departure unexpectedly challenging but we found our way. Once we got out of metropolitan Ottawa, the surroundings were quite rural; it appeared that much of the area is wetlands. We stopped in Peterborough, the largest city in the area, to see a notable lift lock, one of two in North America and the largest in the world. The Peterborough lift lock is part of the Trent-Severn Waterway system, which runs through much of this area, extending from Lake Ontario to Georgian Bay off Lake Huron. We continued through Peterborough and grabbed some lunch along the way. Traffic was quite heavy, probably because tomorrow is Canada Day.

After lunch, we drove to the town of Lindsay, stopping to show Celeste the ruins of the former flour mill where my grandmother had worked about 100 years ago. Lindsay traffic was also heavy, but soon we were on our final leg of the trip to the cottage.

Sunset over Cameron Lake

Sunset over Cameron Lake

Fenelon Falls, Ontario is a village on the Trent-Severn waterway that is primarily a tourist destination for people in the Toronto area. My mother’s family came from Fenelon Falls, and my cousin has a cottage on Cameron Lake that I have been visiting since my childhood.

It was wonderful to return to the cottage, visit family, and decompress. After a couple of weeks of shuttling from place to place, primarily in cities, we all needed a breath of fresh air.

This article is part of a series about our recent vacation in the Great Lakes area. To see the introductory article in the series, click here.

July 20, 2016 / Jim Fenton

Great Lakes Day 11: Ottawa

June 29, 2016

Centre Block — from a distance

Today we had planned to visit the Canadian Parliament and the Mint. However, President Barack Obama also planned to visit the Canadian Parliament, and to have a meeting near the Mint. Guess whose plans prevailed?

After breakfast, we took a walk toward the Parliament Buildings to see if we could at least see them. A few blocks from the hotel, we were stopped by barricades; the street had been closed in anticipation of President Obama’s arrival, and there were police everywhere. We (and quite a few others) waited a while under close supervision by the police, who even required that we back up 3 feet from the barricades. After all that, the motorcade didn’t even pass close to us — it was about one (short) block away. Nevertheless, we did get to see the President’s limo, ever so briefly.

After the motorcade passed, we were able to walk in front of the Parliament building known locally as “Centre Block”, at a considerable distance of course. There was also quite a bit of preparation for Canada Day celebrations the day after tomorrow.

Canadian Aviation and Space Museum

Canadian Aviation and Space Museum

We stopped in at the tourist information across from the parliament building, then bought bus tickets to take us somewhat close to the Canada Aviation and Space Museum. After a bit of a walk there, we enjoyed a well-presented museum highlighting Canada’s contributions to aviation and space exploration. Besides the many exhibits of old planes, there was an informative section on the International Space Station, highlighting what living there is like. It featured videos of Chris Hadfield, the Canadian known for his active social media presence from the ISS. We agreed this was the high point of the museum.

After returning on the bus and relaxing a bit, we set out for dinner, again in the direction of the Parliament buildings. While it was clear that there was no motorcade about to pass by, the police presence was heavy and there was a helicopter hovering overhead, signaling that the President had not yet left. By the time we finished our dinner, the police presence had all but evaporated.

One last treat for the day was a stop at a “beaver tail” stand for dessert. A beaver tail is a flat fried pastry about the size and shape of a beaver’s tail, to which various confections are added on top. We decided on the apple/cinnamon beaver tail, which we brought back to the hotel and split 3 ways. It was highly decadent — and recommended.

This article is part of a series about our recent vacation in the Great Lakes area. To see the introductory article in the series, click here.