Blog
Caught Dead In The Water
September 13, 2018
The Situation
Even though I love reading every security blog that I can find, I got tired of checking every single blog every day! With blogs like the googleprojectzeroday only posting once every couple of weeks, it made sense. So, I created a piece of software that automates this process of checking the blogs then sends me an email about my updated blogs of the day! I currently have an easy to use CLI to add, remove and format the definition of 'updated'. Anyone who wants to use the script can find it at https://github.com/mdulin2/security-blog-updates. I find it very useful and I hope everyone else does.
Dead In The Water
This morning, I checked my email box to see that my automatic morning email had not been sent for my blogs. So, I checked my server to see what had happened. However, I found something that was terrifying; a file, that I had not created called dead.letter.
Crazy thoughts started running through my mind! Who would want to hack me? How did they get in? Why did I not make this more secure? What a clever name... Dead.letter; probably telling me I am dead in the water, holding my website ransom! So, after a while, I decided it was best to look into what the damage was. But, all the letter said was "UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 13: ordinal not in range(128)".
At that point, I realized that my code had a mistake in it! Yipeee! My site had not been hijacked; dead.letter was just a log for sending email with SMTP. The error was caused by my script writing to a file with the current unicode encoding, without converting to a ascii character set for the text file. This ending up being a trivial fix.
Conclusion
You are likely not being hacked, most of the time. However, it is good to be cautious! In the era of Ransomware and botnets, every computer has a large price tag on it. I also learned what dead.letter was today; I can guarantee that I will never forget what it is either.
