UPS phishing email with subject Fw: your package is ready to ship!

For the record, this is a UPS phishing email attempt that is recently going around, with subject "Fw: your package is ready to ship!"

What to do?  Report them, goto bottom of page. 

From : U-P-S-Express <noreply@mytable.sa> Subject : Fw: your package is ready to ship!

PHISHING LINKs;

1. http://url1137.mytable.sa/ls/click?upn=xxxxxxxx

How to tell this is a Phishing email ?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over images and all links in email, if it's not from the company's website then forget it. 

How to examine Email Message Source?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from apple.com.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have received this email take further 

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Create Direct Download Link for OneDrive Files: 2023

Microsoft OneDrive Direct File Download URL Maker

I get asked all the time to by my clients to provide a way to direct download URL to a file and NOT preview the file, especially if the file is large. It's often very confusing for novice users to have preview mode of file, such as PDF files which launch a separate user interface. Moreover, if the file is over 100Mb, the preview appears too slowly for most users, and they'll abandon the file.

So I came up with this mini "App", it takes a OneDrive Share Link and returns the direct download URL for that file.

Enjoy! The original download maker since 2014.

Microsoft OneDrive Direct File Download URL Maker

1. Right-click on item in Onedrive, Choose Embed.

For images, this does NOT work. Embed gives you the direct URL of the image (see below).

2. Click Generate button

3. Get Embed code from Onedrive as in picture above. i.e.: <iframe src="https://onedrive.live.com/embed?cid=8F99649728BEB2F3&resid=8F99649728BEB2F3%211010&authkey=AFo8ZQ_-qj84DEQ" width="98" height="120" frameborder="0" scrolling="no"></iframe>  see instructions below, if you don't know how. NOTE : For images there an extra step below.

Copy Embed Code (red arrow 3) and paste into text-box below. Click Get embed link button. This will fill 3.1, then click Get Download Link.

This will produce, extract the File Embed Link which looks like: https://onedrive.live.com/embed?cid=8F99649728BEB2F3&resid=8F99649728BEB2F3%211010&authkey=AFo8ZQ_-qj84DEQ and populate the text-box below. To proceed click "Get Download Link" button.

3.1 Alternatively, you can paste (ctrl-v) your OneDrive File Embed Link in text-box below and click "Get Download Link" button below


4. Now, Click on Get Download Link button.

Text-box will be highlighted so you can copy the full link. To copy, right-click and choose  "Copy" or simply (ctrl-c) to copy link. Note: Entire URL is automatic selected for your convenience.

 


Now you can Paste (ctrl-v) and share the OneDrive Direct Download Link in your email ;)

For Images, you get a direct url

1. Right-click on image and select Embed. The Copy the URL to embed image now gives you direct download URL, but is super long.
   
   So you do not need to do the above! 

You can also remove everything after the ? 

https://wyztwg.by.files.1drv.com/y4mucnXH4ZIfty_kXg9nYvgjHKJMw-XkCLfcBvI7ipNMNidsCjSMyNcw4cFyNlB0WKO9M-VNquASIbFp9DlTJPrjpqk2ex4GmzoVcA_2OOAp1G1ZiGK_U_UPjmfTj_hmtd41HascgLLyjTbEKJlDzXfFhyOXPngJ_ovCRPxL14pt1B0er3HaJvRxjkpru0z85Wiua9JhMP-BvbADeKnISGTqQ?width=1082&height=539&cropmode=none

to

https://wyztwg.by.files.1drv.com/y4mucnXH4ZIfty_kXg9nYvgjHKJMw-XkCLfcBvI7ipNMNidsCjSMyNcw4cFyNlB0WKO9M-VNquASIbFp9DlTJPrjpqk2ex4GmzoVcA_2OOAp1G1ZiGK_U_UPjmfTj_hmtd41HascgLLyjTbEKJlDzXfFhyOXPngJ_ovCRPxL14pt1B0er3HaJvRxjkpru0z85Wiua9JhMP-BvbADeKnISGTqQ

Using OneDrive as a CDN

Bonus : For images, read Using OneDrive as a Content Delivery Network (CDN)  plausibility post.

How to Get Direct or Permanent Link for OneDrive Files?

No change for 2023

Microsoft OneDrive Direct File Download URL Maker

I get asked all the time to by my clients to provide a way to direct download URL to a file and NOT preview the file, especially if the file is large. It's often very confusing for novice users to have preview mode of file, such as PDF files which launch a separate user interface. Moreover, if the file is over 100Mb, the preview appears too slowly for most users, and they'll abandon the file.

So I came up with this mini "App", it takes a OneDrive Share Link and returns the direct download URL for that file.

Enjoy! The original download maker since 2014.

Microsoft OneDrive Direct File Download URL Maker

1. Right-click on item in Onedrive, Choose Embed.

For images, this does NOT work. Embed gives you the direct URL of the image (see below).

2. Click Generate button

3. Get Embed code from Onedrive as in picture above. i.e.: <iframe src="https://onedrive.live.com/embed?cid=8F99649728BEB2F3&resid=8F99649728BEB2F3%211010&authkey=AFo8ZQ_-qj84DEQ" width="98" height="120" frameborder="0" scrolling="no"></iframe>  see instructions below, if you don't know how. NOTE : For images there an extra step below.

Copy Embed Code (red arrow 3) and paste into text-box below. Click Get embed link button. This will fill 3.1, then click Get Download Link.

This will produce, extract the File Embed Link which looks like: https://onedrive.live.com/embed?cid=8F99649728BEB2F3&resid=8F99649728BEB2F3%211010&authkey=AFo8ZQ_-qj84DEQ and populate the text-box below. To proceed click "Get Download Link" button.

3.1 Alternatively, you can paste (ctrl-v) your OneDrive File Embed Link in text-box below and click "Get Download Link" button below


4. Now, Click on Get Download Link button.

Text-box will be highlighted so you can copy the full link. To copy, right-click and choose  "Copy" or simply (ctrl-c) to copy link. Note: Entire URL is automatic selected for your convenience.

 


Now you can Paste (ctrl-v) and share the OneDrive Direct Download Link in your email ;)

For Images, you get a direct url

1. Right-click on image and select Embed. The Copy the URL to embed image now gives you direct download URL, but is super long.
   
   So you do not need to do the above! 

You can also remove everything after the ? 

https://wyztwg.by.files.1drv.com/y4mucnXH4ZIfty_kXg9nYvgjHKJMw-XkCLfcBvI7ipNMNidsCjSMyNcw4cFyNlB0WKO9M-VNquASIbFp9DlTJPrjpqk2ex4GmzoVcA_2OOAp1G1ZiGK_U_UPjmfTj_hmtd41HascgLLyjTbEKJlDzXfFhyOXPngJ_ovCRPxL14pt1B0er3HaJvRxjkpru0z85Wiua9JhMP-BvbADeKnISGTqQ?width=1082&height=539&cropmode=none

to

https://wyztwg.by.files.1drv.com/y4mucnXH4ZIfty_kXg9nYvgjHKJMw-XkCLfcBvI7ipNMNidsCjSMyNcw4cFyNlB0WKO9M-VNquASIbFp9DlTJPrjpqk2ex4GmzoVcA_2OOAp1G1ZiGK_U_UPjmfTj_hmtd41HascgLLyjTbEKJlDzXfFhyOXPngJ_ovCRPxL14pt1B0er3HaJvRxjkpru0z85Wiua9JhMP-BvbADeKnISGTqQ

Using OneDrive as a CDN

Bonus : For images, read Using OneDrive as a Content Delivery Network (CDN)  plausibility post.

Open-source software (OSS) journey by an individual developer

This is an open-sourcing software development journey by Bruno Lowagie the developer of The Leading PDF Library for Developers | iText, used by Deutche Bank, Wacom and Citrix. 

Microsoft PowerShell Gallery getting fake malicious packages

This a warning worth repeating. Microsoft’s PowerShell Gallery (https://www.powershellgallery.com/) is being overrun with fake packages. 

Spot the fake package

Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.

PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes.

Source: Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks (bleepingcomputer.com)

Zoom can you use your data in anyway it sees fit - sneaky rewording of AI training

A new AI focused user agreement was released by Zoom.

What raises alarm is the explicit mention of the company's right to use this data for machine learning and artificial intelligence, including training and tuning of algorithms and models. This effectively allows Zoom to train its AI on customer content without providing an opt-out option, a decision that is likely to spark significant debate about user privacy and consent but the added consent by default if you use the service. 

Unless I missed it, the Zoom lawyers apparently forgot to include the full rights to your firstborn. (They’ll get to it.) They then added that:

“Zoom may redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content: You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content as may be necessary for Zoom to provide the Services to you, including to support the Services; (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof; and (iii) for any other purpose relating to any use or other act permitted in accordance with Section 10.3.” 

Zoom justifies these actions as necessary for providing services to customers, supporting the services, and improving its services, software, or other products. However, the implications of such terms are far-reaching, particularly as they appear to permit Zoom to use customer data for any purpose relating to the uses or acts described in section 10.3.

After outrage - https://explore.zoom.us/en/terms/

10.2 Permitted Uses and Customer License Grant. Zoom will only access, process or use Customer Content for the following reasons (the “Permitted Uses”): (i) consistent with this Agreement and as required to perform our obligations and provide the Services; (ii) in accordance with our Privacy Statement; (iii) as authorized or instructed by you; (iv) as required by Law; or (v) for legal, safety or security purposes, including enforcing our Acceptable Use Guidelines. You grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary for the Permitted Use.

Permitted Use, another rabbit hole.

Source: Zoom goes for a blatant genAI data grab; enterprises, beware | Computerworld

Using icacls for long paths

Here's a tip using icalcs for long paths (>260), use "\\?\" to prefix your mapped drive.

icalcs "\\?\N:\Books\_ePubs\Tao Te Ching _ Annotated & Explained.pdf" /T

Official Documentation here
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls