“Delivered-To: beckerfamily@floridabeckers.us
Received: by 10.229.14.201 with SMTP id h9csp502473qca;
Sat, 20 Sep 2014 00:04:35 -0700 (PDT)
X-Received: by 10.180.211.208 with SMTP id ne16mr1532381wic.71.1411196675222;
Sat, 20 Sep 2014 00:04:35 -0700 (PDT)
Return-Path:
Received: from mx-out.facebook.com (outmail016.ash2.facebook.com. [66.220.155.150])
by mx.google.com with ESMTPS id v14si4512206wie.3.2014.09.20.00.04.34
for
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 20 Sep 2014 00:04:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of password+h_i3dki_@facebookmail.com designates 66.220.155.150 as permitted sender) client-ip=66.220.155.150;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of password+h_i3dki_@facebookmail.com designates 66.220.155.150 as permitted sender) smtp.mail=password+h_i3dki_@facebookmail.com;
dkim=pass header.i=@facebookmail.com;
dmarc=pass (p=REJECT dis=NONE) header.from=facebookmail.com
Received: from facebook.com (CB2uJzaEr7FAP9Z3NNj8E9uO4ydVsDyZ8ttuyabo2wEjYbPxtGSfri+xd3E5hhYV 10.158.104.67)
by facebook.com with Thrift id 6079b0ec409411e494110002c9550d78-2a1eb3f0;
Sat, 20 Sep 2014 00:04:34 -0700
X-Facebook: from 2401:db00:3010:3018:face:0:4f:0 ([MTI3LjAuMC4x])
by m.facebook.com with HTTP (ZuckMail);
Date: Sat, 20 Sep 2014 00:04:34 -0700
Return-Path: password+h_i3dki_@facebookmail.com
To: Nicole Beasley-Becker
From: “Facebook”
Reply-to: noreply
Subject: Somebody requested a new password for your Facebook account
Message-ID: <7833a8c7c38f65544e5ddf3b132fa1f0@m.facebook.com>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
Errors-To: password+h_i3dki_@facebookmail.com
X-Facebook-Notify: password_reset; mailid=a872430G30a5e9d3G0G178G29129f32
X-FACEBOOK-PRIORITY: 1
X-Auto-Response-Suppress: All
Require-Recipient-Valid-Since: beckerfamily@floridabeckers.us; Wednesday, 4 Aug 2010 15:07:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”b1_7833a8c7c38f65544e5ddf3b132fa1f0”
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=facebookmail.com;
s=s1024-2013-q3; t=1411196674;
bh=KsNcsnOLkT3p6hrtXpRx5uiG7l2rqzTocgLbQUUAQFg=;
h=Date:To:From:Subject:MIME-Version:Content-Type;
b=iP4aprX0sCUXj9yWvddNp0ssj/zYj0X67/XpWm4pgxg73tbc5qbrsa03koq2Qo0+s
5kJzurtEhZ1l012QgYM0f3xOMmztwwBzQfxQ03ZXSRRhlBM0xZcseQ9iHdeXxiHugh
VEOgxGnS25a6LTFHVrV+joWxnURGx11qEgdhFcjo=


—b1_7833a8c7c38f65544e5ddf3b132fa1f0
Content-Type: text/plain; charset=”UTF-8”
Content-Transfer-Encoding: quoted-printable

Hi Nicole,

Somebody recently asked to reset your Facebook password.

Click here to change your password.[https://www.facebook.com/recover/code?=
u=3D816179667&n=3D654156]=20

Alternatively, you can enter the following password reset code:

654156

Didn’t request this change?

If you didn’t request a new password, let us know immediately.

Change Password
https://www.facebook.com/recover/code?u=3D816179667&n=3D654156


Thanks,
The Facebook Team



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This message was sent to nicole@floridabeckers.us at your request.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA =
94303


—b1_7833a8c7c38f65544e5ddf3b132fa1f0
Content-Type: text/html; charset=”UTF-8”
Content-Transfer-Encoding: quoted-printable

//EN”>content=3D”text/html; charset=3Dutf-8” =
/>style=3D”margin:0;padding:0;” dir=3D”ltr”>cellpadding=3D”0” id=3D”email_table” =
style=3D”border-collapse:collapse;width:98%;” border=3D”0”>

id=3D”email_content” style=3D”font-family:'lucida = grande',tahoma,verdana,arial,sans-serif;font-size:12px;padding:0px;ba= ckground:#e0e1e5;”>width=3D”100%” border=3D”0” = style=3D”border-collapse:collapse;width:100%;”> style=3D”font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,sans= -serif;padding:0;border-left:none;border-right:none;border-top:none;border= -bottom:none;”>style=3D”border-collapse:collapse;”> style=3D”padding:0;width:100%;”>!important;font-size:1px;”>Somebody recently asked to reset your Facebook = password. Click here to change your password. Alternatively, you can enter = the following password reset code: 654156 Didn't request this change? = If you didn't request a new password, let us know immediately . = =C2=A0 =C2=A0 Change=C2=A0Password =C2=A0 =C2=A0 style=3D”padding:0;width:100%;”>width=3D”100%” bgcolor=3D”#435E9C” style=3D”border-collapse:collapse;width= :100%;background:#435E9C;background-image:-webkit-linear-gradient(top, = #5c77b5, #435e9c);border-color:#0A1F4F;border-style:solid;border-width:0px = 0px 1px 0px;box-shadow:0 1px 1px rgba(0, 0, 0, 0.25);height:47px;” = id=3D”header”> cellpadding=3D”0” width=3D”610” height=3D”44” = style=3D”border-collapse:collapse;”> id=3D”header_title” style=3D”width:100%;line-height:47px;”>cellspacing=3D”0” cellpadding=3D”0” = style=3D”border-collapse:collapse;”> href=3D”https://www.facebook.com/recover/code?u=3D816179667&n=3D654156= ” style=3D”color:#FFFFFF;text-decoration:none;font-weight:bold;font-family= :lucida grande,tahoma,verdana,arial,sans-serif;vertical-align:baseline;fon= t-size:20px;letter-spacing:-0.03em;text-align:left;text-shadow:0 1px 0 = rgba(0, 0, 0, 0.24);”> facebook style=3D”width:10px;”> size=3D”3”>style=3D”color:#ffffff;text-decoration:none;font-family:Helvetica = Neue,Helvetica,Lucida Grande,tahoma,verdana,arial,sans-serif;font-size:16p= x;font-weight:bold;text-shadow:0 -1px rgba(34, 59, 115, = 0.85);vertical-align:middle;” href=3D”https://www.facebook.com/recover/cod= e?u=3D816179667&n=3D654156”> = style=3D”padding:0;width:100%;”>width=3D”100%” bgcolor=3D”#e0e1e5” id=3D”table_color” = style=3D”border-collapse:collapse;”> cellspacing=3D”0” cellpadding=3D”0” width=3D”100%” id=3D”email_filler” = style=3D”border-collapse:collapse;”> style=3D””>  cellpadding=3D”0” width=3D”610” = style=3D”border-collapse:collapse;”>able><= /tr> id=3D”body_container” style=3D”background-color:#ffffff;border-color:#c1c2= c4;border-style:solid;display:block;border-width:1px;border-radius:5px;-we= bkit-border-radius:5px;-moz-border-radius:5px;box-shadow:0 1px 1px rgba(0, = 0, 0, 0.10);overflow:hidden;”>width=3D”100%” style=3D”border-collapse:collapse;”> style=3D”padding:15px;”>style=3D”border-collapse:collapse;width:100%;”> style=3D”font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,sans= -serif;padding-bottom:6px;”> Somebody recently asked to reset your = Facebook password. =3D816179667&n=3D654156” = style=3D”color:#3b5998;text-decoration:none;”>Click here to change your = password. rande,tahoma,verdana,arial,sans-serif;padding-top:6px;padding-bottom:6px;”= >Alternatively, you can enter the following password reset = code: homa,verdana,arial,sans-serif;padding-top:6px;padding-bottom:6px;”>>style=3D”border-collapse:collapse;”> amily:LucidaGrande,tahoma,verdana,arial,sans-serif;padding:10px;background= -color:#f2f2f2;border-left:1px solid #ccc;border-right:1px solid = #ccc;border-top:1px solid #ccc;border-bottom:1px solid = #ccc;”>654156 style=3D”font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,sans= -serif;padding-top:6px;padding-bottom:6px;”> style=3D”color:#333333;font-weight:bold;”>Didn't request this = change? If you didn't request a new password, href=3D”https://www.facebook.com/login/recover/disavow_reset_email.php?n= =3D654156&id=3D816179667” = style=3D”color:#3b5998;text-decoration:none;”>let us know = immediately. daGrande,tahoma,verdana,arial,sans-serif;padding-top:6px;”>href=3D”https://www.facebook.com/recover/code?u=3D816179667&n=3D654156= ” style=3D”color:#3b5998;text-decoration:none;”>cellpadding=3D”0” width=3D”100%” bgcolor=3D”#4c649b” style=3D”border-colla= pse:collapse;border-width:1px;border-style:solid;display:block;font-weight= :bold;border-radius:3px;-webkit-border-radius:3px;-moz-border-radius:3px;f= ont-size:14px;background:-webkit-gradient(linear, left top, left = bottom,color-stop(0%, rgba(99,123,178,1)),color-stop(64%, = rgba(76,100,155,1)));border-color:#485a83;box-shadow:inset 0 1px 0 = rgba(255, 255, 255, 0.2),0 1px 2px rgba(0, 0, 0, 0.08);text-align:center;” = class=3D”btn_confirm”>ble> style=3D”line-height:7px;”>  style=3D”display:block;width:16px;”>  style=3D”text-align:center;”>ode?u=3D816179667&n=3D654156” = style=3D”color:#3b5998;text-decoration:none;display:block;”>size=3D”3”>Grande,tahoma,verdana,arial,sans-serif;font-weight:bold;font-size:14px;col= or:#ffffff;text-shadow:0 1px 0 = #415686;”>Change Password width=3D”16” style=3D”display:block;width:16px;”>  height=3D”7” colspan=3D”3” style=3D”line-height:7px;”>  cellspacing=3D”0” cellpadding=3D”0” width=3D”100%” = style=3D”border-collapse:collapse;” id=3D”footer_table”> style=3D””>width=3D”610” style=3D”border-collapse:collapse;”> style=3D””>border=3D”0” id=3D”footer” style=3D”border-collapse:collapse;”> style=3D”font-size:12px;font-family:Helvetica Neue,Helvetica,Lucida = Grande,tahoma,verdana,arial,sans-serif;padding:18px 0;border-left:none;bor= der-right:none;border-top:none;border-bottom:none;color:#6a7180;font-weigh= t:300;line-height:16px;text-align:center;border:none;”>This message was = sent to style=3D”color:#6a7180;text-decoration:none;font-family:Helvetica = Neue,Helvetica,Lucida Grande,tahoma,verdana,arial,sans-serif;font-weight:b= old;”>beckerfamily@floridabeckers.us at your request. Facebook, = Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA = 94303 src=3D”https://www.facebook.com/email_open_log_pic.php?mid=3Da872430G30a5e= 9d3G0G178G29129f32” style=3D”border:0;width:1px;height:1px;” = /> —b1_7833a8c7c38f65544e5ddf3b132fa1f0— ” Hmm...it looks to be legitimate.  No links are connecting to or directing to any place other than Facebook,  Bringing up the virtual machine and opening the link shows nothing but a legitimate Facebook page.... So what is really going on?  I check on my wife's email to see if she received the same email since it listed her name on the email.  Sure enough, identical email there too.  It looks like that someone did try to log reset her password and Facebook was trying to protect.  Sometimes link laden email is legitimate.  Time to tune those Spidey Senses again..... Comment Comment So, about that order I "placed"... June 27, 2014 Since we run multiple filters at work that do a good job that block spam and malware infested email, I am always interested in what makes it through the defenses as opportunites for improvement. Take, for instance, an email I received tonight about a supposed order I made. Hmmmm...I ordered something today with my VISA with email containing my email from a .ru email address (for those not familiar, .ru is Russia).  They are so kind to send me an invoice of my order in an attachment, which happens to be a .html file (web page code, again if you are not familiar).   Okay.  I know, suspicious file....must send it over to virustotal.com and see if it detects anything in the file. Suspicious email, suspicious attachment, but comes up clean...what gives? Let's open up the html code in a text editor and see what is going on.... Fortunately, we have other tools to try to get a better handle of what is going on.  Submitting the file to malwr.com (run by the ShadowServer folks), we see there is really more than meets the eye. There is definitely something malicious about this email.  Time to throw it into a virtual machine and try to analyze safely.  In my linux machine, opening the .html file opens this up.... Double extensions....PDF to make the end user believe he is downloading a copy of the invoice to read in Adobe, but is it?  .scr extensions are often used for Screen Savers in the Windows world, or as an extension for a script. Let's pop the URL that we downloaded the file from and see if protection is up to date? Moral of the story is if it waddles like a duck and quacks like a duck, it is probably a duck, and this duck will make your system sick.  Never click on unexpected attachments or links in email without verifying from source. If you have questions about a file, don't hesitate to use tools like VirusTotal and Malwr for them to analyze and help security companies improve their tools with malware samples. Comment Comment Data breaches galore January 25, 2014 Over the past 40 days, we have seen a lot of information regarding data breaches.  Starting with the announcement of the Target breach, the following breaches have been confirmed. Target - 40 million cars plus up to another 70 million ids/emails, etc. Neiman Marcus - 1.1 million cards Michaels? Snapchat (I know, not card related, but still affects 4.6 million users) There is also a report from January 13 that this may be the tip of the iceberg, as 3 more may yet to be announced, and the FBI on January 23 indicated that many more may be coming. What does this mean?   First of all, if you shopped at any of these stores during the time that each store had announced, then watch your bank statements for unauthorized transactions.  Work with your financial institution to replace as needed. As for after the breach, I believe that this may be a tipping point with regards to EMV in the United States, and perhaps debit cards in general.  EMV (also known as Chip and PIN) is a standard where each card has a chip on it in addition to the magnetic stripe.  The card is swiped and a PIN is entered that needs to match the chip within the card 3 times or the card is locked.  This method is used in Europe primarily and has been recently introduced in Canada, but is not foolproof either (add the fact that it migrates the liability from the financial institution to the end user). Secondarily, I believe that the use of debit cards will decline (with an equivalent increase in credit cards and/or cash based on the consumer) as people's fear increases that a compromised debit card will lead to a lengthy personal situation as the financial institution works through the fraud and eventually restores the consumers money.  People have already moved to a cashless society, but they will need a platform they have trust in. Comment Comment So what is really wrong with Windows 8? March 30, 2013 See the logic flaws as mentioned in this video by Brian Boyko on why Windows 8 has problems.   Comment