<div dir="ltr"><p>Dear SG'ers </p>
<p>A security note, particularly to those of you using Windows OS systems. Please exercise caution when working RT tickets that (typically) have short messages and also contain attachments or links. This is a common "social-engineering" technique employed to get you to "invite" malware into your system by opening the file or following the link. </p>
<p>I encountered a ticket earlier today that had a very short message and a zip file. I was somewhat suspicious of it and sure enough, clicking on the zip file link set off my antivirus alert system and informed me that the zip file contained a damaged version of the Netsky worm (sometimes damaged versions of malware can actually be worse than "good" versions). Be aware that many attachment types can potentially be vectors of malware including PDF and many MSOffice filetypes.</p>
<p>A Linux or Mac system would not have been susceptible to this particular Netsky worm variant which targets Windows systems specifically; however, such systems are not immune to other sorts of malware attacks. While somewhat more secure than Windows (what isn't), part of the equation is that they just are not as frequently targeted. </p>
<p>The ticket in question has been "taken" and pointed out to hhardy. It will be disposed of in a suitable manner when his investigation is complete.</p>
<p>I have genuine concerns about the adequacy of the spam filtering on RT (these are not just the usual gripes), but my considered opinion as a professional with such responsibilities at my own company. Over the past few months, 4 out of every 10 messages has been spam. I have been sharing these concerns and some in depth analysis with OLPC and I can only hope that it will not take too many more "near misses" like this one before spam is taken seriously as a security issue (placing OLPC and SG'ers at risk) as well as a significant cost-drain on precious resources, both internal and volunteer. </p>
<p>The best malware protection is an informed user (plus current patches and a good AV tool), so be careful out there, the internetz has some dark alleys you don't want to walk down alone.</p>
<p>cjl</p></div>