Phish-ish Legit Email

Part of the problem of getting people not to succumb to phishing attempts is the poor practices used in legitimate emails.

Google sent me an email saying something was going to expire in a month because of inactivity. I needed to click on a link and verify my information. You know, exactly the same kind of things a phisher would wrote.

I spent half an hour looking at the HTML to verify the links and the headers to see if there was anything suspicious. Eventually, I decided it was legitimate. But even then I was still very careful. Few people I know would be this careful because they would not know how.

Sadly, in the many years where phishing attempts have become so common, few people care enough about changing their bad email practices that contribute to end users becoming victims.


So, I need to install software on a couple servers which don’t exist. They are virtual: VMWare ESX. I can see and login to the web site. However, its frustrating to consistently get a working console. I get a partial page with “Error on page.” Going to the error reveals:

Browser#ResponseReceived(): invalid content type text/html (status 200) while processing

What I have tried so far.

  1. Firefox 2.x is unsupported. I tried it; it didn’t work.
  2. So I tried IE6. That worked fine. Over a week later it doesn’t. Oh…kay…
  3. Figured iehttpheaders could have been the culprit. It was the last thing changed, so I removed it. Didn’t help.
  4. I tried Firefox 2.x again. No good.
  5. I tried Netscape 7.2. No good.
  6. Called workstation support, works for him, I removed IE6 and added it back. It worked! For a day.
  7. So I removed IE6 again and put it back. It didn’t help.
  8. Checked McAfee Buffer Overflow Protection. Still disabled.
  9. So I installed IE7. Still doesn’t completely load the page.
  10. So, I tried PortableApps Firefox 1.0.8 (which is on the supported list). No dice.
  11. I noticed I have multiple version of Java, I removed all but the next to latest, Java 1.6.0. No good.
  12. I removed all the versions of Java. No help.
  13. Figured out there is a VMWare plugin.
  14. Disabled the plugin in IE7. Nothing.
  15. Found where the plugin is installed. Uninstalled it. Now when I visit, I don’t get a request to install it.
  16. So I don’t have the plugin. Nor can I install it.

For you Apple Switchers who read this. Macs are not on the supported list. Though, Linux is!

I’ve wasted most of two afternoons on this.

Live HTTP Headers Equivalent for IE

UPDATED: The below content is outdated due to being ancient. This post will stick around to help people get to the new version: Live HTTP Headers Equivalent for IE or Edge 2016

I looove the Live HTTP Headers extension for Firefox. (Yes, I will marry it some day.) It works beautifully and always gives me what I want.

So we have this issue of people experiencing an issue of downloading office files from Vista. From the conversation we know the problem occurs with:

  1. Microsoft Windows XP and Vista
  2. Microsoft Internet Explorer 6 and 7
  3. Microsoft Office 2007 and maybe 2003

So Firefox is unaffected and behaves as expected (a Microsoft Engineer told us because Firefox is less secure?). The Live HTTP Headers will not help diagnose because Firefox works. Oh… And the solution of “Use Firefox” has been rejected by the affected parties. So, we need an equivalent for MS IE to get our users to install.

There are a couple equivalents for Live HTTP Headers for Internet Explorer:

  1. iehttpheaders has major issues with anti-virus software. I’ve never gotten iehttpheaders to install and or run with McAfee installed (even disabled). I don’t know market share of anti-virus vendors, but I’d bet McAfee is pretty common.
  2. IEWatch is more for web designers and gives way more info than just the headers because it has a broader purpose. Plus its not free. I don’t feel comfortable telling people to install something they are going to have to eventually buy even if they only need it for a couple days.

I don’t think either will meet my needs. 🙁

One of the reasons I want the headers is because I am biased. I trust what the browsers say more than I trust end user recollections. Probably its because I read web logs too much.