Following up on my recent post about computer security (and my comment about phishing scams being cross-platform), Bruce Schneier has posted an entry about “Drive-By Pharming”. It has a stupid name, and it’s nothing to do with wireless access; there is also some doubt about how feasible the attack vector actually is. Still, it’s worth reading about, because the general principle is important.
Since my email address is public, I get a lot of spam: typically 100 messages per day. The Outlook 2003 Junk E-mail filter does a decent job of catching most of it, but there are still some that slip through; I also keep an eye on the spam folder itself, in case of false positives. Generally speaking, these messages fall into three categories:
a) Direct sales for dodgy stuff, e.g. pirate software and viagra pills. (I have no idea whether they actually send the relevant goods to people who type in their credit card details, or just take the money and run.)
b) Phishing sites, e.g. “this is your bank/PayPal/Ebay, please log in via this link to confirm your details”. (If you log into their fake site, they can then impersonate you at the real site.)
c) Viruses, typically either an attachment or a link to a website with dodgy pop-ups. Sometimes there are messages which try to exploit security bugs (by effectively being a web page themselves), but these seem to be rarer.
Today I’ve been copying a database from one SQL Server machine to another: specifically from SQL 2000 to SQL 2005, for testing purposes. Unfortunately this didn’t go as smoothly as I would have liked, so here are a few notes for anyone else who does this (e.g. my future self).